@wrongstack/core 0.3.4 → 0.3.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (48) hide show
  1. package/dist/{agent-bridge-C3DUGjSb.d.ts → agent-bridge-DaOnnHNW.d.ts} +1 -1
  2. package/dist/{compactor-DpJBI1YH.d.ts → compactor-CFky6JKM.d.ts} +1 -1
  3. package/dist/{config-DgE3JslD.d.ts → config-RlhKLjme.d.ts} +1 -1
  4. package/dist/{context-IovtuTf8.d.ts → context-B1kBj1lY.d.ts} +4 -3
  5. package/dist/coordination/index.d.ts +10 -10
  6. package/dist/coordination/index.js +12 -1
  7. package/dist/coordination/index.js.map +1 -1
  8. package/dist/defaults/index.d.ts +16 -16
  9. package/dist/defaults/index.js +119 -6
  10. package/dist/defaults/index.js.map +1 -1
  11. package/dist/{events-BHIQs4o1.d.ts → events-BBaKeMfb.d.ts} +11 -1
  12. package/dist/execution/index.d.ts +11 -11
  13. package/dist/execution/index.js +9 -0
  14. package/dist/execution/index.js.map +1 -1
  15. package/dist/extension/index.d.ts +6 -6
  16. package/dist/{index-DedY4Euf.d.ts → index-meJRuQtc.d.ts} +20 -5
  17. package/dist/index.d.ts +25 -25
  18. package/dist/index.js +211 -27
  19. package/dist/index.js.map +1 -1
  20. package/dist/infrastructure/index.d.ts +6 -6
  21. package/dist/kernel/index.d.ts +9 -9
  22. package/dist/kernel/index.js.map +1 -1
  23. package/dist/{mcp-servers-zGiC1lQc.d.ts → mcp-servers-Cf4-bJnd.d.ts} +3 -3
  24. package/dist/models/index.d.ts +2 -2
  25. package/dist/{multi-agent-B9a6sflH.d.ts → multi-agent-D5m66hzB.d.ts} +1 -1
  26. package/dist/observability/index.d.ts +2 -2
  27. package/dist/{path-resolver--59rCou3.d.ts → path-resolver-Bg4OP5fi.d.ts} +2 -2
  28. package/dist/{provider-runner-B39miKRw.d.ts → provider-runner-CU9gnU2E.d.ts} +3 -3
  29. package/dist/sdd/index.d.ts +3 -3
  30. package/dist/secret-scrubber-DyUAWS09.d.ts +54 -0
  31. package/dist/{secret-scrubber-Cuy5afaQ.d.ts → secret-scrubber-Dyh5LVYL.d.ts} +1 -1
  32. package/dist/security/index.d.ts +58 -5
  33. package/dist/security/index.js +90 -5
  34. package/dist/security/index.js.map +1 -1
  35. package/dist/{selector-wT2fv9Fg.d.ts → selector-DBEiwXBk.d.ts} +1 -1
  36. package/dist/{session-reader-CcPi4BQ8.d.ts → session-reader-D-z0AgHs.d.ts} +1 -1
  37. package/dist/{skill-C_7znCIC.d.ts → skill-DayhFUBb.d.ts} +1 -1
  38. package/dist/storage/index.d.ts +5 -5
  39. package/dist/storage/index.js +12 -0
  40. package/dist/storage/index.js.map +1 -1
  41. package/dist/{system-prompt-Dk1qm8ey.d.ts → system-prompt-DNetCecu.d.ts} +1 -1
  42. package/dist/{tool-executor-DY0iSXYf.d.ts → tool-executor-B5bgmEgE.d.ts} +12 -5
  43. package/dist/types/index.d.ts +15 -15
  44. package/dist/types/index.js +16 -0
  45. package/dist/types/index.js.map +1 -1
  46. package/dist/utils/index.d.ts +1 -1
  47. package/package.json +1 -1
  48. package/dist/secret-scrubber-CgG2tV2B.d.ts +0 -31
@@ -1,9 +1,9 @@
1
- export { A as AfterIterationHook, p as AfterRunHook, q as AfterToolExecutionHook, s as AgentExtension, B as BeforeIterationHook, w as BeforeRunHook, x as BeforeToolExecutionHook, E as ExtensionRegistry, O as OnErrorHook, G as ProviderRunnerFn, z as ProviderRunnerWrapper } from '../index-DedY4Euf.js';
2
- import '../context-IovtuTf8.js';
1
+ export { A as AfterIterationHook, p as AfterRunHook, q as AfterToolExecutionHook, s as AgentExtension, B as BeforeIterationHook, w as BeforeRunHook, x as BeforeToolExecutionHook, E as ExtensionRegistry, O as OnErrorHook, G as ProviderRunnerFn, z as ProviderRunnerWrapper } from '../index-meJRuQtc.js';
2
+ import '../context-B1kBj1lY.js';
3
3
  import '../logger-BMQgxvdy.js';
4
- import '../system-prompt-Dk1qm8ey.js';
4
+ import '../system-prompt-DNetCecu.js';
5
5
  import '../observability-BhnVLBLS.js';
6
- import '../events-BHIQs4o1.js';
7
- import '../secret-scrubber-CgG2tV2B.js';
8
- import '../config-DgE3JslD.js';
6
+ import '../events-BBaKeMfb.js';
7
+ import '../secret-scrubber-DyUAWS09.js';
8
+ import '../config-RlhKLjme.js';
9
9
  import '../models-registry-Y2xbog0E.js';
@@ -1,10 +1,10 @@
1
- import { u as Tool, z as ToolResultBlock, T as TextBlock, a0 as Context, R as Request, j as Response, D as ToolUseBlock, g as Provider, W as WrongStackError, b as ContentBlock, a7 as RunOptions, J as JSONSchema } from './context-IovtuTf8.js';
1
+ import { u as Tool, z as ToolResultBlock, T as TextBlock, a0 as Context, R as Request, j as Response, D as ToolUseBlock, g as Provider, W as WrongStackError, b as ContentBlock, a7 as RunOptions, J as JSONSchema } from './context-B1kBj1lY.js';
2
2
  import { L as Logger } from './logger-BMQgxvdy.js';
3
- import { R as Renderer, B as BuildContext, C as Container, P as Pipeline, e as ReadonlyPipeline } from './system-prompt-Dk1qm8ey.js';
3
+ import { R as Renderer, B as BuildContext, C as Container, P as Pipeline, e as ReadonlyPipeline } from './system-prompt-DNetCecu.js';
4
4
  import { T as Tracer } from './observability-BhnVLBLS.js';
5
- import { E as EventBus, a as EventName, L as Listener } from './events-BHIQs4o1.js';
6
- import { a as PermissionPolicy, S as SecretScrubber } from './secret-scrubber-CgG2tV2B.js';
7
- import { l as ProviderConfig, a as Config } from './config-DgE3JslD.js';
5
+ import { E as EventBus, a as EventName, L as Listener } from './events-BBaKeMfb.js';
6
+ import { a as PermissionPolicy, S as SecretScrubber } from './secret-scrubber-DyUAWS09.js';
7
+ import { l as ProviderConfig, a as Config } from './config-RlhKLjme.js';
8
8
  import { W as WireFamily } from './models-registry-Y2xbog0E.js';
9
9
 
10
10
  /**
@@ -516,8 +516,23 @@ declare class Agent {
516
516
  private get permission();
517
517
  private get scrubber();
518
518
  private get renderer();
519
+ /**
520
+ * Switch from inline CLI prompts to event-driven confirmation.
521
+ * Clears both the ToolExecutor's confirmAwaiter (so it returns
522
+ * `ToolConfirmPendingResult`) and the permission policy's
523
+ * promptDelegate (so `evaluate()` returns `confirm`).
524
+ *
525
+ * Call this before entering TUI or any mode where stdin is owned
526
+ * by a UI framework (Ink, WebUI WS bridge). Without this, the
527
+ * inline prompt writes to stdout and blocks on stdin — both of
528
+ * which are owned by the framework — making the prompt invisible
529
+ * and the input deadlocked.
530
+ */
531
+ disableInteractiveConfirmation(): void;
519
532
  register(tool: Tool): void;
520
533
  use(plugin: Plugin, api: PluginAPI): Promise<void>;
534
+ /** Tear down all plugins in reverse order, calling their teardown hooks. */
535
+ teardown(): Promise<void>;
521
536
  run(userInput: AgentInput, opts?: RunOptions): Promise<RunResult>;
522
537
  private runInner;
523
538
  /**
package/dist/index.d.ts CHANGED
@@ -1,33 +1,33 @@
1
- import { S as SystemPromptBuilder, M as ModelCapabilities, B as BuildContext, C as Container } from './system-prompt-Dk1qm8ey.js';
2
- export { a as BindOptions, D as Decorator, F as Factory, b as Middleware, c as MiddlewareHandler, N as NextFn, P as Pipeline, d as PipelineOptions, R as Renderer, T as Token } from './system-prompt-Dk1qm8ey.js';
3
- import { E as EventBus, a as EventName, L as Listener } from './events-BHIQs4o1.js';
4
- export { b as EventLogger, c as EventMap } from './events-BHIQs4o1.js';
1
+ import { S as SystemPromptBuilder, M as ModelCapabilities, B as BuildContext, C as Container } from './system-prompt-DNetCecu.js';
2
+ export { a as BindOptions, D as Decorator, F as Factory, b as Middleware, c as MiddlewareHandler, N as NextFn, P as Pipeline, d as PipelineOptions, R as Renderer, T as Token } from './system-prompt-DNetCecu.js';
3
+ import { E as EventBus, a as EventName, L as Listener } from './events-BBaKeMfb.js';
4
+ export { b as EventLogger, c as EventMap } from './events-BBaKeMfb.js';
5
5
  export { RunController, RunControllerOptions, TOKENS } from './kernel/index.js';
6
- import { b as ContentBlock, T as TextBlock, a0 as Context } from './context-IovtuTf8.js';
7
- export { A as AgentError, C as Capabilities, a as ConfigError, a3 as ContextInit, a4 as ConversationState, E as ErrorCode, c as ErrorSeverity, d as ErrorSubsystem, I as ImageBlock, J as JSONSchema, M as Message, e as MessageRole, P as Permission, f as PluginError, g as Provider, h as ProviderError, i as ProviderErrorBody, a5 as ReadonlyConversationState, R as Request, j as Response, k as ResumedSession, a6 as RunEnv, a7 as RunOptions, S as SessionData, l as SessionError, m as SessionEvent, n as SessionMetadata, o as SessionStore, p as SessionSummary, q as SessionWriter, a8 as StateChange, a9 as StateChangeHandler, r as StopReason, s as StreamEvent, t as ThinkingBlock, aa as TodoItem, a1 as TokenCounter, u as Tool, v as ToolCallContext, w as ToolError, x as ToolFinalEvent, y as ToolProgressEvent, z as ToolResultBlock, B as ToolStreamEvent, D as ToolUseBlock, U as Usage, W as WrongStackError, F as asBlocks, G as asText, ab as extractRunEnv, H as isAgentError, K as isConfigError, L as isImageBlock, N as isPluginError, O as isSessionError, Q as isTextBlock, V as isThinkingBlock, X as isToolError, Y as isToolResultBlock, Z as isToolUseBlock, _ as isWrongStackError, $ as toWrongStackError, ac as wrapAsState } from './context-IovtuTf8.js';
8
- export { P as ProviderRunner, R as RunProviderOptions } from './provider-runner-B39miKRw.js';
9
- import { a as Config } from './config-DgE3JslD.js';
10
- export { C as CONTEXT_WINDOW_MODES, b as ConfigLoader, c as ConfigStore, d as ContextConfig, e as ContextWindowAggressiveOn, f as ContextWindowConfigLike, g as ContextWindowMode, h as ContextWindowModeId, i as ContextWindowPolicy, j as ContextWindowThresholds, D as DEFAULT_CONTEXT_WINDOW_MODE_ID, F as FeaturesConfig, L as LogConfig, M as MCPServerConfig, P as PluginConfig, k as ProviderApiKey, l as ProviderConfig, T as ToolsConfig, m as formatContextWindowModeList, n as getContextWindowMode, o as isContextWindowModeId, p as listContextWindowModes, r as resolveContextWindowPolicy } from './config-DgE3JslD.js';
11
- export { C as CompactReport, a as Compactor } from './compactor-DpJBI1YH.js';
12
- export { P as PermissionDecision, a as PermissionPolicy, T as TrustPolicy } from './secret-scrubber-CgG2tV2B.js';
13
- import { e as AttachmentStore, d as AttachmentRef, A as AddAttachmentInput } from './session-reader-CcPi4BQ8.js';
14
- export { a as Attachment, b as AttachmentKind, c as AttachmentMeta, D as DefaultSessionReader } from './session-reader-CcPi4BQ8.js';
15
- export { D as DefaultSecretScrubber, a as DefaultSecretVault, S as SecretVaultOptions, d as decryptConfigSecrets, e as encryptConfigSecrets, m as migratePlaintextSecrets, r as rewriteConfigEncrypted } from './secret-scrubber-Cuy5afaQ.js';
6
+ import { b as ContentBlock, T as TextBlock, a0 as Context } from './context-B1kBj1lY.js';
7
+ export { A as AgentError, C as Capabilities, a as ConfigError, a3 as ContextInit, a4 as ConversationState, E as ErrorCode, c as ErrorSeverity, d as ErrorSubsystem, I as ImageBlock, J as JSONSchema, M as Message, e as MessageRole, P as Permission, f as PluginError, g as Provider, h as ProviderError, i as ProviderErrorBody, a5 as ReadonlyConversationState, R as Request, j as Response, k as ResumedSession, a6 as RunEnv, a7 as RunOptions, S as SessionData, l as SessionError, m as SessionEvent, n as SessionMetadata, o as SessionStore, p as SessionSummary, q as SessionWriter, a8 as StateChange, a9 as StateChangeHandler, r as StopReason, s as StreamEvent, t as ThinkingBlock, aa as TodoItem, a1 as TokenCounter, u as Tool, v as ToolCallContext, w as ToolError, x as ToolFinalEvent, y as ToolProgressEvent, z as ToolResultBlock, B as ToolStreamEvent, D as ToolUseBlock, U as Usage, W as WrongStackError, F as asBlocks, G as asText, ab as extractRunEnv, H as isAgentError, K as isConfigError, L as isImageBlock, N as isPluginError, O as isSessionError, Q as isTextBlock, V as isThinkingBlock, X as isToolError, Y as isToolResultBlock, Z as isToolUseBlock, _ as isWrongStackError, $ as toWrongStackError, ac as wrapAsState } from './context-B1kBj1lY.js';
8
+ export { P as ProviderRunner, R as RunProviderOptions } from './provider-runner-CU9gnU2E.js';
9
+ import { a as Config } from './config-RlhKLjme.js';
10
+ export { C as CONTEXT_WINDOW_MODES, b as ConfigLoader, c as ConfigStore, d as ContextConfig, e as ContextWindowAggressiveOn, f as ContextWindowConfigLike, g as ContextWindowMode, h as ContextWindowModeId, i as ContextWindowPolicy, j as ContextWindowThresholds, D as DEFAULT_CONTEXT_WINDOW_MODE_ID, F as FeaturesConfig, L as LogConfig, M as MCPServerConfig, P as PluginConfig, k as ProviderApiKey, l as ProviderConfig, T as ToolsConfig, m as formatContextWindowModeList, n as getContextWindowMode, o as isContextWindowModeId, p as listContextWindowModes, r as resolveContextWindowPolicy } from './config-RlhKLjme.js';
11
+ export { C as CompactReport, a as Compactor } from './compactor-CFky6JKM.js';
12
+ export { P as PermissionDecision, a as PermissionPolicy, T as TrustPolicy } from './secret-scrubber-DyUAWS09.js';
13
+ import { e as AttachmentStore, d as AttachmentRef, A as AddAttachmentInput } from './session-reader-D-z0AgHs.js';
14
+ export { a as Attachment, b as AttachmentKind, c as AttachmentMeta, D as DefaultSessionReader } from './session-reader-D-z0AgHs.js';
15
+ export { D as DefaultSecretScrubber, a as DefaultSecretVault, S as SecretVaultOptions, d as decryptConfigSecrets, e as encryptConfigSecrets, m as migratePlaintextSecrets, r as rewriteConfigEncrypted } from './secret-scrubber-Dyh5LVYL.js';
16
16
  export { D as DefaultLogger, a as DefaultLoggerOptions } from './logger-BH6AE0W9.js';
17
- export { D as DefaultPathResolver, a as DefaultTokenCounter } from './path-resolver--59rCou3.js';
17
+ export { D as DefaultPathResolver, a as DefaultTokenCounter } from './path-resolver-Bg4OP5fi.js';
18
18
  import { b as MemoryStore } from './memory-CEXuo7sz.js';
19
19
  export { M as MemoryEntry, a as MemoryScope } from './memory-CEXuo7sz.js';
20
- export { C as CompactorOptions, D as DEFAULT_RECOVERY_STRATEGIES, a as DefaultErrorHandler, b as DefaultRetryPolicy, H as HybridCompactor, R as RecoveryStrategy, T as ToolExecutor, c as buildRecoveryStrategies } from './tool-executor-DY0iSXYf.js';
21
- import { a as SkillLoader } from './skill-C_7znCIC.js';
22
- export { S as SkillEntry, b as SkillManifest } from './skill-C_7znCIC.js';
20
+ export { C as CompactorOptions, D as DEFAULT_RECOVERY_STRATEGIES, a as DefaultErrorHandler, b as DefaultRetryPolicy, H as HybridCompactor, R as RecoveryStrategy, T as ToolExecutor, c as buildRecoveryStrategies } from './tool-executor-B5bgmEgE.js';
21
+ import { a as SkillLoader } from './skill-DayhFUBb.js';
22
+ export { S as SkillEntry, b as SkillManifest } from './skill-DayhFUBb.js';
23
23
  export { I as InputReader, P as PromptOption } from './input-reader-E-ffP2ee.js';
24
- import { j as SystemPromptContributor, h as SlashCommand, b as PluginAPI, e as PluginPipelines, T as ToolRegistryView, g as ProviderRegistryView, M as MCPRegistryView, i as SlashCommandRegistryView, E as ExtensionRegistry, S as SessionWriterView, a as MetricsSinkView, n as ToolRegistry, o as ProviderRegistry, P as Plugin } from './index-DedY4Euf.js';
25
- export { A as AfterIterationHook, p as AfterRunHook, q as AfterToolExecutionHook, r as Agent, s as AgentExtension, t as AgentInit, u as AgentInput, v as AgentPipelines, B as BeforeIterationHook, w as BeforeRunHook, x as BeforeToolExecutionHook, D as DEFAULT_MAX_ITERATIONS, O as OnErrorHook, c as PluginCapabilities, d as PluginDependency, y as ProviderFactory, z as ProviderRunnerWrapper, R as RunResult, C as ToolWrapper, U as UserInputPayload, F as createDefaultPipelines } from './index-DedY4Euf.js';
24
+ import { j as SystemPromptContributor, h as SlashCommand, b as PluginAPI, e as PluginPipelines, T as ToolRegistryView, g as ProviderRegistryView, M as MCPRegistryView, i as SlashCommandRegistryView, E as ExtensionRegistry, S as SessionWriterView, a as MetricsSinkView, n as ToolRegistry, o as ProviderRegistry, P as Plugin } from './index-meJRuQtc.js';
25
+ export { A as AfterIterationHook, p as AfterRunHook, q as AfterToolExecutionHook, r as Agent, s as AgentExtension, t as AgentInit, u as AgentInput, v as AgentPipelines, B as BeforeIterationHook, w as BeforeRunHook, x as BeforeToolExecutionHook, D as DEFAULT_MAX_ITERATIONS, O as OnErrorHook, c as PluginCapabilities, d as PluginDependency, y as ProviderFactory, z as ProviderRunnerWrapper, R as RunResult, C as ToolWrapper, U as UserInputPayload, F as createDefaultPipelines } from './index-meJRuQtc.js';
26
26
  export { D as DefaultModelsRegistry, a as DefaultModelsRegistryOptions, c as classifyFamily } from './models-registry-DqzwpBQy.js';
27
27
  import { c as ModeStore } from './mode-CV077NjV.js';
28
28
  export { D as DEFAULT_MODES, M as Mode, a as ModeConfig, b as ModeManifest } from './mode-CV077NjV.js';
29
- export { I as InMemoryAgentBridge, a as InMemoryBridgeTransport, c as createMessage } from './agent-bridge-C3DUGjSb.js';
30
- export { n as BudgetExceededError, o as BudgetKind, p as BudgetLimits, q as BudgetUsage, C as CoordinatorEvents, a as CoordinatorStatus, D as DoneCondition, M as MultiAgentConfig, b as MultiAgentCoordinator, S as SpawnResult, r as SubagentBudget, c as SubagentConfig, d as SubagentContext, e as SubagentError, f as SubagentErrorKind, g as SubagentRunContext, h as SubagentRunOutcome, i as SubagentRunner, T as TaskDelegation, j as TaskResult, k as TaskSpec } from './multi-agent-B9a6sflH.js';
29
+ export { I as InMemoryAgentBridge, a as InMemoryBridgeTransport, c as createMessage } from './agent-bridge-DaOnnHNW.js';
30
+ export { n as BudgetExceededError, o as BudgetKind, p as BudgetLimits, q as BudgetUsage, C as CoordinatorEvents, a as CoordinatorStatus, D as DoneCondition, M as MultiAgentConfig, b as MultiAgentCoordinator, S as SpawnResult, r as SubagentBudget, c as SubagentConfig, d as SubagentContext, e as SubagentError, f as SubagentErrorKind, g as SubagentRunContext, h as SubagentRunOutcome, i as SubagentRunner, T as TaskDelegation, j as TaskResult, k as TaskSpec } from './multi-agent-D5m66hzB.js';
31
31
  export { C as CriticalPathResult, D as DEFAULT_SPEC_TEMPLATE, S as SpecAnalysis, a as SpecApiEndpoint, b as SpecRequirement, c as SpecSection, d as SpecSectionType, e as SpecStatus, f as SpecTemplate, g as SpecValidationResult, h as Specification, T as TaskAssignment, i as TaskDependency, j as TaskEdge, k as TaskFilter, l as TaskGraph, m as TaskNode, n as TaskPriority, o as TaskProgress, p as TaskSort, q as TaskStatus, r as TaskType, s as computeTaskProgress, t as findCriticalPath, u as topologicalSort } from './task-graph-BITvWt4t.js';
32
32
  export { A as AggregateHealth, H as HealthCheck, a as HealthCheckResult, b as HealthRegistry, c as HealthStatus, M as MetricLabels, d as MetricSeries, e as MetricsSink, f as MetricsSnapshot, S as Span, T as Tracer } from './observability-BhnVLBLS.js';
33
33
  export { AtomicWriteOptions, BuildChildEnvOptions, CompileFail, CompileResult, MessageRepairReport, MessageRepairResult, NewlineStyle, SafeParseResult, ToolOutputSerializerOptions, UnifiedDiffOptions, ValidationError, ValidationResult, atomicWrite, buildChildEnv, color, compileGlob, compileUserRegex, createToolOutputSerializer, detectNewlineStyle, ensureDir, estimateTextTokens, estimateToolInputTokens, estimateToolResultTokens, formatTodosList, matchAny, matchGlob, normalizeToLf, repairToolUseAdjacency, safeParse, safeStringify, sanitizeJsonString, stripAnsi, toStyle, unifiedDiff, validateAgainstSchema } from './utils/index.js';
@@ -40,13 +40,13 @@ export { ALL_FLEET_AGENTS, AUDIT_LOG_AGENT, AgentFactory, AgentFactoryResult, Ag
40
40
  export { DefaultModeStore, LLMSelector, LLMSelectorOptions, ModeLoaderOptions, loadProjectModes, loadUserModes } from './models/index.js';
41
41
  export { DefaultTaskStore, GeneratedTask, SpecDrivenDev, SpecDrivenDevOptions, SpecParser, TaskFlow, TaskFlowEventMap, TaskFlowEventName, TaskFlowExecutionContext, TaskFlowOptions, TaskFlowPhase, TaskGenerator, TaskGeneratorOptions, TaskStore, TaskTracker, TaskTrackerOptions, TaskTransition } from './sdd/index.js';
42
42
  export { DefaultHealthRegistry, InMemoryMetricsSink, MetricsServerHandle, MetricsServerOptions, NoopMetricsSink, NoopTracer, OTelTracer, OtlpMetricsExporterHandle, OtlpMetricsExporterOptions, OtlpTraceExporterHandle, OtlpTraceExporterOptions, PROMETHEUS_CONTENT_TYPE, buildOtlpMetricsRequest, buildOtlpTracesRequest, renderPrometheus, startMetricsServer, startOtlpMetricsExporter, startOtlpTraceExporter, wireMetricsToEvents } from './observability/index.js';
43
- export { C as ContextManagerAction, a as ContextManagerInput, b as ContextManagerResult, c as ContextManagerToolOptions, d as allServers, e as awsServer, f as blockServer, g as braveSearchServer, h as context7Server, i as contextManagerTool, j as createContextManagerTool, k as everArtServer, l as filesystemServer, m as githubServer, n as googleMapsServer, o as miniMaxVisionServer, s as sentinelServer, p as slackServer, z as zaiVisionServer } from './mcp-servers-zGiC1lQc.js';
43
+ export { C as ContextManagerAction, a as ContextManagerInput, b as ContextManagerResult, c as ContextManagerToolOptions, d as allServers, e as awsServer, f as blockServer, g as braveSearchServer, h as context7Server, i as contextManagerTool, j as createContextManagerTool, k as everArtServer, l as filesystemServer, m as githubServer, n as googleMapsServer, o as miniMaxVisionServer, s as sentinelServer, p as slackServer, z as zaiVisionServer } from './mcp-servers-Cf4-bJnd.js';
44
44
  import { L as Logger } from './logger-BMQgxvdy.js';
45
45
  export { a as LogLevel } from './logger-BMQgxvdy.js';
46
46
  export { a as ModelsDevPayload, c as ModelsDevProvider, M as ModelsRegistry, b as ResolvedModel, R as ResolvedProvider, W as WireFamily } from './models-registry-Y2xbog0E.js';
47
47
  export { S as SecretVault } from './secret-vault-DoISxaKO.js';
48
48
  import './path-resolver-CPRj4bFY.js';
49
- import './selector-wT2fv9Fg.js';
49
+ import './selector-DBEiwXBk.js';
50
50
  import 'node:events';
51
51
 
52
52
  interface InputBuilderOptions {
@@ -113,7 +113,7 @@ declare class InputBuilder {
113
113
  private shouldCollapse;
114
114
  }
115
115
 
116
- declare const LAYER_1_IDENTITY = "You are WrongStack, a command-line AI coding agent.\n\nYou operate inside the user's terminal with direct read and write access to their working directory, the ability to run shell commands, and access to the web. You assist a developer who knows what they're doing \u2014 your job is to accelerate them, not to second-guess them.\n\n## Core principles\n\n1. **Read before you write.** Always inspect the relevant files before proposing changes. Assumptions about code you haven't read are bugs in waiting.\n2. **Prefer surgical edits over rewrites.** When modifying existing files, use the edit tool with str_replace; only use write for new files or full replacements explicitly requested.\n3. **Show your work.** Before non-trivial changes, briefly state what you're about to do \u2014 one sentence, not a wall of text. After tool calls, summarize what happened, not what you did mechanically.\n4. **Be honest about limits.** If you don't know, say so. If something failed, say what failed and what you'll try next. Never fabricate file contents, API responses, or test results.\n5. **Be concise.** The user is a developer in a terminal. No marketing language, no \"great question!\", no bullet-point lists when prose works. If a one-liner answers, a one-liner is the answer.\n6. **Ask when blocked, proceed when not.** If the task is ambiguous in a way that meaningfully changes the approach, ask. If it's ambiguous in a way that doesn't, pick a reasonable default and proceed, stating the assumption.\n7. **Trust the tools.** If a permission prompt is shown, the user will answer. Do not preemptively explain that you \"would like to\" do something \u2014 call the tool, let the permission flow decide.\n8. **Format for scanability.** Use code blocks for code, backticks for file paths, bold for key terms. One-liners stay one line. Paragraphs max 3 sentences.\n9. **Recover explicitly.** When a tool fails, state: (1) what failed, (2) what you tried, (3) what you'll attempt next. Never silently skip.\n\n## Decision heuristics\n\n- **Task is ambiguous** (unclear which file, conflicting requirements) \u2192 ask before proceeding\n- **Task is clear, approach is unknown** \u2192 try one approach, report what happened\n- **Tool fails** \u2192 retry once with adjusted params, then report failure\n- **Permission prompt shown** \u2192 wait for user, do not act unilaterally\n- **Context window filling up** \u2192 use context_manager proactively; don't wait to be told\n\n## How you work\n\n- **Stay focused.** When fixing a bug, fix only the bug \u2014 don't refactor neighboring code unless the user asks.\n- **Comment with purpose.** Add comments only when they explain why, not what. The code already says what.\n- **Own your output.** Never call work \"production-ready\" or \"fully tested\" \u2014 the user makes that call.\n- **Move on from mistakes.** When something fails, report what happened and what you'll do next. No apologies, no hand-wringing.\n- **Stay in your lane.** Don't lecture about software engineering principles unless explicitly asked \u2014 the user is the expert on their codebase.";
116
+ declare const LAYER_1_IDENTITY = "You are WrongStack, a command-line AI coding agent.\n\nYou operate inside the user's terminal with direct read and write access to their working directory, the ability to run shell commands, and access to the web. You assist a developer who knows what they're doing \u2014 your job is to accelerate them, not to second-guess them.\n\n## Core principles\n\n1. **Read before you write.** Always inspect the relevant files before proposing changes. Assumptions about code you haven't read are bugs in waiting.\n2. **Prefer surgical edits over rewrites.** When modifying existing files, use the edit tool with str_replace; only use write for new files or full replacements explicitly requested.\n3. **Show your work.** Before non-trivial changes, briefly state what you're about to do \u2014 one sentence, not a wall of text. After tool calls, summarize what happened, not what you did mechanically.\n4. **Be honest about limits.** If you don't know, say so. If something failed, say what failed and what you'll try next. Never fabricate file contents, API responses, or test results.\n5. **Be concise.** The user is a developer in a terminal. No marketing language, no \"great question!\", no bullet-point lists when prose works. If a one-liner answers, a one-liner is the answer.\n6. **Ask when blocked, proceed when not.** If the task is ambiguous in a way that meaningfully changes the approach, ask. If it's ambiguous in a way that doesn't, pick a reasonable default and proceed, stating the assumption.\n7. **Trust the tools.** If a permission prompt is shown, the user will answer. Do not preemptively explain that you \"would like to\" do something \u2014 call the tool, let the permission flow decide.\n8. **Format for scanability.** Use code blocks for code, backticks for file paths, bold for key terms. One-liners stay one line. Paragraphs max 3 sentences.\n9. **Recover explicitly.** When a tool fails, state: (1) what failed, (2) what you tried, (3) what you'll attempt next. Never silently skip.\n\n## Decision heuristics\n\n- **Task is ambiguous** (unclear which file, conflicting requirements) \u2192 ask before proceeding\n- **Task is clear, approach is unknown** \u2192 try one approach, report what happened\n- **Tool fails** \u2192 retry once with adjusted params, then report failure\n- **Permission prompt shown** \u2192 wait for user, do not act unilaterally\n- **Tool denied by user** \u2192 do NOT retry the same tool in the next iteration. If the user denies a write, bash, or any tool, respect that decision. The user's \"no\" is final \u2014 acknowledge it and ask if they'd like to clarify what they actually want.\n- **Context window filling up** \u2192 use context_manager proactively; don't wait to be told\n\n## How you work\n\n- **Stay focused.** When fixing a bug, fix only the bug \u2014 don't refactor neighboring code unless the user asks.\n- **Comment with purpose.** Add comments only when they explain why, not what. The code already says what.\n- **Own your output.** Never call work \"production-ready\" or \"fully tested\" \u2014 the user makes that call.\n- **Move on from mistakes.** When something fails, report what happened and what you'll do next. No apologies, no hand-wringing.\n- **Respect denied tools.** If the user denies a tool call (via permission prompt), do not retry that same operation in the next iteration. The user's \"no\" means \"find another way or ask\". Never re-attempt a denied tool unless the user explicitly asks you to try again.\n- **When denied, ask.** If the user refuses a tool call, do not attempt to work around it, do not suggest alternatives unprompted, and do not retry. Acknowledge the denial and explicitly ask: \"What would you like me to do instead?\"\n- **Stay in your lane.** Don't lecture about software engineering principles unless explicitly asked \u2014 the user is the expert on their codebase.";
117
117
  interface DefaultSystemPromptBuilderOptions {
118
118
  memoryStore?: MemoryStore;
119
119
  skillLoader?: SkillLoader;
package/dist/index.js CHANGED
@@ -2242,6 +2242,13 @@ var InMemoryAgentBridge = class {
2242
2242
  this.pendingRequests.delete(correlationId);
2243
2243
  reject(new Error(`Request ${correlationId} timed out after ${timeout}ms`));
2244
2244
  }, timeout);
2245
+ if (this.stopped) {
2246
+ clearTimeout(timer);
2247
+ this.inflightGuards.delete(correlationId);
2248
+ this.pendingRequests.delete(correlationId);
2249
+ reject(new Error("Bridge stopped"));
2250
+ return;
2251
+ }
2245
2252
  this.pendingRequests.set(correlationId, {
2246
2253
  resolve: resolve4,
2247
2254
  reject,
@@ -2445,6 +2452,15 @@ var ToolExecutor = class {
2445
2452
  opts;
2446
2453
  serializer;
2447
2454
  iterationTimeoutMs;
2455
+ /**
2456
+ * Clear the interactive confirm awaiter so the executor returns
2457
+ * `ToolConfirmPendingResult` instead of blocking on stdin. Used by
2458
+ * the CLI to switch from inline prompts (REPL) to event-driven
2459
+ * confirmation (TUI) at runtime.
2460
+ */
2461
+ clearConfirmAwaiter() {
2462
+ this.opts.confirmAwaiter = void 0;
2463
+ }
2448
2464
  /**
2449
2465
  * Execute a batch of tool uses using the configured strategy.
2450
2466
  * Returns the execution results and the remaining output budget.
@@ -3887,6 +3903,7 @@ var QueueStore = class {
3887
3903
  } catch (err) {
3888
3904
  const code = err.code;
3889
3905
  if (code === "ENOENT") return [];
3906
+ console.warn(`[QueueStore] failed to read queue file "${this.file}":`, err instanceof Error ? err.message : String(err));
3890
3907
  return [];
3891
3908
  }
3892
3909
  let parsed;
@@ -3986,6 +4003,13 @@ var DefaultAttachmentStore = class {
3986
4003
  return mergeAdjacentText(blocks);
3987
4004
  }
3988
4005
  async clear() {
4006
+ if (this.spoolDir) {
4007
+ const toDelete = [];
4008
+ for (const att of this.items.values()) {
4009
+ if (att.path) toDelete.push(att.path);
4010
+ }
4011
+ await Promise.all(toDelete.map((p) => fsp2.unlink(p).catch(() => void 0)));
4012
+ }
3989
4013
  this.items.clear();
3990
4014
  this.refs.length = 0;
3991
4015
  this.nextSeq = { text: 0, image: 0, file: 0 };
@@ -5001,6 +5025,10 @@ var DirectorStateCheckpoint = class {
5001
5025
  this.timer = null;
5002
5026
  }
5003
5027
  await this.persist();
5028
+ if (this.rewriteRequested) {
5029
+ this.rewriteRequested = false;
5030
+ await this.persist();
5031
+ }
5004
5032
  }
5005
5033
  bumpUpdatedAt() {
5006
5034
  this.snapshot = { ...this.snapshot, updatedAt: (/* @__PURE__ */ new Date()).toISOString() };
@@ -5041,12 +5069,49 @@ var DefaultPermissionPolicy = class {
5041
5069
  loaded = false;
5042
5070
  trustFile;
5043
5071
  yolo;
5072
+ /**
5073
+ * Session-scoped "soft deny" map. When the user presses 'n' (block once),
5074
+ * the tool+pattern is added here. If the LLM retries in the same session,
5075
+ * we return deny directly without asking again.
5076
+ *
5077
+ * Cleared on reload() since reload = fresh trust file snapshot.
5078
+ */
5079
+ sessionDenied = /* @__PURE__ */ new Map();
5080
+ /**
5081
+ * Session-scoped "soft trust" map. When the user presses 'a' (allow once),
5082
+ * the tool+pattern is added here. If the LLM retries in the same session,
5083
+ * we return auto directly without asking again.
5084
+ *
5085
+ * Cleared on reload().
5086
+ */
5087
+ sessionAllowed = /* @__PURE__ */ new Map();
5088
+ /**
5089
+ * Interactive prompt delegate. When set, `evaluate()` calls it to get a
5090
+ * user decision synchronously (CLI REPL path). When cleared (TUI / WebUI),
5091
+ * `evaluate()` returns `confirm` so the caller can emit
5092
+ * `tool.confirm_needed` for the UI layer to handle.
5093
+ *
5094
+ * Mutable so the host can switch from CLI-prompt to event-driven
5095
+ * confirmation at runtime (e.g. when `--goal` forces TUI mode after
5096
+ * the agent was already constructed).
5097
+ */
5044
5098
  promptDelegate;
5099
+ /** Pre-compiled wildcard patterns — rebuilt on reload for O(1) lookup. */
5100
+ wildcardEntries = [];
5045
5101
  constructor(opts) {
5046
5102
  this.trustFile = opts.trustFile;
5047
5103
  this.yolo = opts.yolo ?? false;
5048
5104
  this.promptDelegate = opts.promptDelegate;
5049
5105
  }
5106
+ /**
5107
+ * Replace (or clear) the interactive prompt delegate at runtime.
5108
+ * Used by the CLI to switch from inline prompts (REPL) to event-driven
5109
+ * confirmation (TUI) when the run mode is determined after the policy
5110
+ * was constructed (e.g. `--goal` auto-flipping to TUI).
5111
+ */
5112
+ setPromptDelegate(delegate) {
5113
+ this.promptDelegate = delegate;
5114
+ }
5050
5115
  async reload() {
5051
5116
  try {
5052
5117
  const raw = await fsp2.readFile(this.trustFile, "utf8");
@@ -5055,13 +5120,26 @@ var DefaultPermissionPolicy = class {
5055
5120
  } catch {
5056
5121
  this.policy = {};
5057
5122
  }
5123
+ this.wildcardEntries = [];
5124
+ for (const [key, val] of Object.entries(this.policy)) {
5125
+ if (key.includes("*")) this.wildcardEntries.push({ pattern: key, value: val });
5126
+ }
5127
+ this.sessionDenied.clear();
5128
+ this.sessionAllowed.clear();
5058
5129
  this.loaded = true;
5059
5130
  }
5060
- async evaluate(tool, input, _ctx) {
5131
+ async evaluate(tool, input, ctx) {
5061
5132
  if (!this.loaded) await this.reload();
5062
5133
  const namespaceEntry = this.findNamespaceEntry(tool.name);
5063
5134
  const entry = this.policy[tool.name] ?? namespaceEntry;
5064
5135
  const subject = this.subjectFor(tool.name, input, tool.subjectKey);
5136
+ const subjectKey = `${tool.name}::${subject ?? tool.name}`;
5137
+ if (this.sessionDenied.has(subjectKey)) {
5138
+ return { permission: "deny", source: "deny", reason: "session soft deny (user pressed no)" };
5139
+ }
5140
+ if (this.sessionAllowed.has(subjectKey)) {
5141
+ return { permission: "auto", source: "trust", reason: "session soft allow (user pressed yes)" };
5142
+ }
5065
5143
  if (entry?.deny && subject && matchAny(entry.deny, subject)) {
5066
5144
  return { permission: "deny", source: "deny", reason: "matched deny pattern" };
5067
5145
  }
@@ -5077,6 +5155,11 @@ var DefaultPermissionPolicy = class {
5077
5155
  if (this.yolo) {
5078
5156
  return { permission: "auto", source: "yolo" };
5079
5157
  }
5158
+ if (tool.name === "write" && subject) {
5159
+ if (ctx.hasRead(subject)) {
5160
+ return { permission: "auto", source: "context", reason: "file already read in this session" };
5161
+ }
5162
+ }
5080
5163
  if (tool.permission === "auto") {
5081
5164
  return { permission: "auto", source: "default" };
5082
5165
  }
@@ -5087,6 +5170,7 @@ var DefaultPermissionPolicy = class {
5087
5170
  return { permission: "auto", source: "user", reason: "user always-allowed" };
5088
5171
  }
5089
5172
  if (decision === "deny") {
5173
+ await this.deny({ tool: tool.name, pattern: subject ?? tool.name });
5090
5174
  return { permission: "deny", source: "user", reason: "user denied" };
5091
5175
  }
5092
5176
  return { permission: decision === "yes" ? "auto" : "deny", source: "user" };
@@ -5109,6 +5193,31 @@ var DefaultPermissionPolicy = class {
5109
5193
  throw err;
5110
5194
  }
5111
5195
  }
5196
+ /** Persist a deny rule — this tool+pattern pair is permanently blocked. */
5197
+ async deny(rule) {
5198
+ if (!this.loaded) await this.reload();
5199
+ const entry = this.policy[rule.tool] ?? {};
5200
+ entry.deny = Array.from(/* @__PURE__ */ new Set([...entry.deny ?? [], rule.pattern]));
5201
+ this.policy[rule.tool] = entry;
5202
+ try {
5203
+ await atomicWrite(this.trustFile, JSON.stringify(this.policy, null, 2));
5204
+ } catch (err) {
5205
+ const existing = this.policy[rule.tool];
5206
+ if (existing?.deny) {
5207
+ const idx = existing.deny.indexOf(rule.pattern);
5208
+ if (idx !== -1) existing.deny.splice(idx, 1);
5209
+ }
5210
+ throw err;
5211
+ }
5212
+ }
5213
+ /** Block this tool+pattern for the rest of this session (no trust file). */
5214
+ denyOnce(rule) {
5215
+ this.sessionDenied.set(`${rule.tool}::${rule.pattern}`, true);
5216
+ }
5217
+ /** Auto-approve this tool+pattern for the rest of this session (no trust file). */
5218
+ allowOnce(rule) {
5219
+ this.sessionAllowed.set(`${rule.tool}::${rule.pattern}`, true);
5220
+ }
5112
5221
  subjectFor(toolName, input, subjectKey) {
5113
5222
  if (!input || typeof input !== "object") return void 0;
5114
5223
  const obj = input;
@@ -5136,10 +5245,8 @@ var DefaultPermissionPolicy = class {
5136
5245
  return void 0;
5137
5246
  }
5138
5247
  findNamespaceEntry(toolName) {
5139
- for (const key of Object.keys(this.policy)) {
5140
- if (key.includes("*") && matchGlob(key, toolName)) {
5141
- return this.policy[key];
5142
- }
5248
+ for (const { pattern, value } of this.wildcardEntries) {
5249
+ if (matchGlob(pattern, toolName)) return value;
5143
5250
  }
5144
5251
  return void 0;
5145
5252
  }
@@ -5153,6 +5260,12 @@ var AutoApprovePermissionPolicy = class {
5153
5260
  }
5154
5261
  async trust() {
5155
5262
  }
5263
+ async deny() {
5264
+ }
5265
+ denyOnce() {
5266
+ }
5267
+ allowOnce() {
5268
+ }
5156
5269
  async reload() {
5157
5270
  }
5158
5271
  };
@@ -7592,8 +7705,8 @@ var Director = class {
7592
7705
  if (this.spawnCount >= this.maxSpawns) {
7593
7706
  throw new DirectorBudgetError("max_spawns", this.maxSpawns, this.spawnCount + 1);
7594
7707
  }
7595
- this.spawnCount += 1;
7596
7708
  const result = await this.coordinator.spawn(config);
7709
+ this.spawnCount += 1;
7597
7710
  this.subagentMeta.set(result.subagentId, {
7598
7711
  provider: config.provider,
7599
7712
  model: config.model
@@ -10699,12 +10812,14 @@ function requestLimitExtension(opts) {
10699
10812
  const { events, currentIterations, currentLimit, autoExtend, timeoutMs = 3e4 } = opts;
10700
10813
  return new Promise((resolve4) => {
10701
10814
  let resolved = false;
10702
- const timer = setTimeout(() => {
10815
+ const timerFired = () => {
10703
10816
  if (!resolved) {
10704
10817
  resolved = true;
10705
10818
  resolve4(0);
10706
10819
  }
10707
- }, timeoutMs);
10820
+ };
10821
+ const timer = setTimeout(timerFired, timeoutMs);
10822
+ timer.unref();
10708
10823
  const deny = () => {
10709
10824
  if (!resolved) {
10710
10825
  resolved = true;
@@ -10816,6 +10931,25 @@ var Agent = class {
10816
10931
  get renderer() {
10817
10932
  return this.container.has(TOKENS.Renderer) ? this.container.resolve(TOKENS.Renderer) : void 0;
10818
10933
  }
10934
+ /**
10935
+ * Switch from inline CLI prompts to event-driven confirmation.
10936
+ * Clears both the ToolExecutor's confirmAwaiter (so it returns
10937
+ * `ToolConfirmPendingResult`) and the permission policy's
10938
+ * promptDelegate (so `evaluate()` returns `confirm`).
10939
+ *
10940
+ * Call this before entering TUI or any mode where stdin is owned
10941
+ * by a UI framework (Ink, WebUI WS bridge). Without this, the
10942
+ * inline prompt writes to stdout and blocks on stdin — both of
10943
+ * which are owned by the framework — making the prompt invisible
10944
+ * and the input deadlocked.
10945
+ */
10946
+ disableInteractiveConfirmation() {
10947
+ this.toolExecutor.clearConfirmAwaiter();
10948
+ const policy = this.permission;
10949
+ if (typeof policy.setPromptDelegate === "function") {
10950
+ policy.setPromptDelegate(void 0);
10951
+ }
10952
+ }
10819
10953
  register(tool) {
10820
10954
  this.tools.register(tool);
10821
10955
  }
@@ -10823,6 +10957,22 @@ var Agent = class {
10823
10957
  await plugin.setup(api);
10824
10958
  this.plugins.push({ plugin, api });
10825
10959
  }
10960
+ /** Tear down all plugins in reverse order, calling their teardown hooks. */
10961
+ async teardown() {
10962
+ const errors = [];
10963
+ for (const { plugin, api } of this.plugins.toReversed()) {
10964
+ if (typeof plugin.teardown !== "function") continue;
10965
+ try {
10966
+ await plugin.teardown(api);
10967
+ } catch (err) {
10968
+ errors.push(err);
10969
+ }
10970
+ }
10971
+ this.plugins.length = 0;
10972
+ if (errors.length > 0) {
10973
+ throw new Error(`Agent teardown failed: ${errors.map(String).join("; ")}`);
10974
+ }
10975
+ }
10826
10976
  async run(userInput, opts = {}) {
10827
10977
  const controller = new RunController({ parentSignal: opts.signal });
10828
10978
  const signal = controller.signal;
@@ -11090,11 +11240,52 @@ var Agent = class {
11090
11240
  toolUseId: result.toolUseId,
11091
11241
  suggestedPattern: result.suggestedPattern
11092
11242
  });
11093
- const reRunResult = await this.executeSingleWithDecision(
11243
+ if (decision === "always") {
11244
+ try {
11245
+ await this.permission.trust({
11246
+ tool: tool.name,
11247
+ pattern: result.suggestedPattern
11248
+ });
11249
+ this.events.emit("trust.persisted", {
11250
+ tool: tool.name,
11251
+ pattern: result.suggestedPattern,
11252
+ decision
11253
+ });
11254
+ } catch {
11255
+ }
11256
+ } else if (decision === "deny") {
11257
+ try {
11258
+ await this.permission.deny({
11259
+ tool: tool.name,
11260
+ pattern: result.suggestedPattern
11261
+ });
11262
+ this.events.emit("trust.persisted", {
11263
+ tool: tool.name,
11264
+ pattern: result.suggestedPattern,
11265
+ decision
11266
+ });
11267
+ } catch {
11268
+ }
11269
+ }
11270
+ if (decision === "yes") {
11271
+ const p = this.permission;
11272
+ p.allowOnce?.({ tool: tool.name, pattern: result.suggestedPattern });
11273
+ } else if (decision === "no") {
11274
+ const p = this.permission;
11275
+ p.denyOnce?.({ tool: tool.name, pattern: result.suggestedPattern });
11276
+ }
11277
+ const reRunResult = decision === "yes" || decision === "always" ? await this.executeSingleWithDecision(
11094
11278
  tool,
11095
- { id: result.toolUseId, name: tool.name, input: result.input },
11096
- decision
11097
- );
11279
+ { id: result.toolUseId, name: tool.name, input: result.input }
11280
+ ) : {
11281
+ result: {
11282
+ type: "tool_result",
11283
+ tool_use_id: result.toolUseId,
11284
+ content: decision === "deny" ? `Tool "${tool.name}" denied and blocked for this pattern.` : `Tool "${tool.name}" denied by user.`,
11285
+ is_error: true
11286
+ },
11287
+ durationMs: 0
11288
+ };
11098
11289
  const use2 = useById.get(reRunResult.result.tool_use_id);
11099
11290
  if (use2) {
11100
11291
  await this.pipelines.toolCall.run({
@@ -11174,19 +11365,8 @@ var Agent = class {
11174
11365
  });
11175
11366
  });
11176
11367
  }
11177
- async executeSingleWithDecision(tool, use, decision) {
11368
+ async executeSingleWithDecision(tool, use) {
11178
11369
  const start = Date.now();
11179
- if (decision === "no" || decision === "deny") {
11180
- return {
11181
- result: {
11182
- type: "tool_result",
11183
- tool_use_id: use.id,
11184
- content: `Tool "${tool.name}" denied by user.`,
11185
- is_error: true
11186
- },
11187
- durationMs: Date.now() - start
11188
- };
11189
- }
11190
11370
  try {
11191
11371
  const result = await this.toolExecutor.executeTool(
11192
11372
  tool,
@@ -11374,9 +11554,10 @@ var Context = class {
11374
11554
  }
11375
11555
  /**
11376
11556
  * Register a teardown hook tied to the current run's abort signal. The
11377
- * hook fires when the run aborts OR ends normally — Agent.run wires
11378
- * this through a RunController. When no run is active the hook fires
11379
- * immediately so callers don't leak resources.
11557
+ * hook fires when the run aborts or ends normally — Agent.run wires this
11558
+ * through a RunController. Hooks registered before a run starts are stored
11559
+ * and fired when the next run ends; there is no "immediate fire" when no
11560
+ * run is active.
11380
11561
  *
11381
11562
  * **Scope:** these hooks fire on the **whole agent run's** abort, not on
11382
11563
  * an individual tool call. For per-tool teardown of resources owned by
@@ -11546,6 +11727,7 @@ You operate inside the user's terminal with direct read and write access to thei
11546
11727
  - **Task is clear, approach is unknown** \u2192 try one approach, report what happened
11547
11728
  - **Tool fails** \u2192 retry once with adjusted params, then report failure
11548
11729
  - **Permission prompt shown** \u2192 wait for user, do not act unilaterally
11730
+ - **Tool denied by user** \u2192 do NOT retry the same tool in the next iteration. If the user denies a write, bash, or any tool, respect that decision. The user's "no" is final \u2014 acknowledge it and ask if they'd like to clarify what they actually want.
11549
11731
  - **Context window filling up** \u2192 use context_manager proactively; don't wait to be told
11550
11732
 
11551
11733
  ## How you work
@@ -11554,6 +11736,8 @@ You operate inside the user's terminal with direct read and write access to thei
11554
11736
  - **Comment with purpose.** Add comments only when they explain why, not what. The code already says what.
11555
11737
  - **Own your output.** Never call work "production-ready" or "fully tested" \u2014 the user makes that call.
11556
11738
  - **Move on from mistakes.** When something fails, report what happened and what you'll do next. No apologies, no hand-wringing.
11739
+ - **Respect denied tools.** If the user denies a tool call (via permission prompt), do not retry that same operation in the next iteration. The user's "no" means "find another way or ask". Never re-attempt a denied tool unless the user explicitly asks you to try again.
11740
+ - **When denied, ask.** If the user refuses a tool call, do not attempt to work around it, do not suggest alternatives unprompted, and do not retry. Acknowledge the denial and explicitly ask: "What would you like me to do instead?"
11557
11741
  - **Stay in your lane.** Don't lecture about software engineering principles unless explicitly asked \u2014 the user is the expert on their codebase.`;
11558
11742
  var DefaultSystemPromptBuilder = class {
11559
11743
  constructor(opts = {}) {