npm - @wrongstack/core - Versions diffs - 0.54.1 → 0.63.4 - Mend

@wrongstack/core 0.54.1 → 0.63.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (54) hide show

package/dist/{agent-bridge-Dnhw4tnM.d.ts → agent-bridge-B5rxWrg3.d.ts} +1 -1
package/dist/{agent-subagent-runner-By7jruZ_.d.ts → agent-subagent-runner-Zc3f37Sg.d.ts} +3 -3
package/dist/{compactor-Duhsf0ge.d.ts → compactor-0vjZ8KTk.d.ts} +1 -1
package/dist/{config-bht0txXS.d.ts → config-BdDuaZmB.d.ts} +112 -2
package/dist/{context-DtPKqKYV.d.ts → context-iFMEO2rN.d.ts} +8 -8
package/dist/coordination/index.d.ts +12 -12
package/dist/defaults/index.d.ts +21 -21
package/dist/defaults/index.js +254 -92
package/dist/defaults/index.js.map +1 -1
package/dist/{events-CbHTS4ZZ.d.ts → events-k8CHjcrN.d.ts} +20 -1
package/dist/execution/index.d.ts +14 -14
package/dist/execution/index.js +70 -10
package/dist/execution/index.js.map +1 -1
package/dist/extension/index.d.ts +7 -7
package/dist/{goal-store-DwcTDDiX.d.ts → goal-store-iHltMi5n.d.ts} +1 -1
package/dist/{index-CI271MjL.d.ts → index-Bc6BiP5q.d.ts} +77 -6
package/dist/{index-ge5F2dnc.d.ts → index-CWdW_CJt.d.ts} +10 -8
package/dist/index.d.ts +56 -32
package/dist/index.js +520 -85
package/dist/index.js.map +1 -1
package/dist/infrastructure/index.d.ts +6 -6
package/dist/infrastructure/index.js +1 -1
package/dist/infrastructure/index.js.map +1 -1
package/dist/kernel/index.d.ts +9 -9
package/dist/kernel/index.js +3 -1
package/dist/kernel/index.js.map +1 -1
package/dist/{mcp-servers-DE6gzBry.d.ts → mcp-servers-CwqQDMYy.d.ts} +3 -3
package/dist/models/index.d.ts +2 -2
package/dist/{multi-agent-BmC_xiog.d.ts → multi-agent-SASYOrWA.d.ts} +2 -2
package/dist/{multi-agent-coordinator-CjNX4uBD.d.ts → multi-agent-coordinator-CNUJYq7U.d.ts} +2 -2
package/dist/{null-fleet-bus-BNiSlTna.d.ts → null-fleet-bus-DRoJ0uOY.d.ts} +7 -7
package/dist/observability/index.d.ts +2 -2
package/dist/{path-resolver-Bax85amb.d.ts → path-resolver-C5sPVne8.d.ts} +2 -2
package/dist/{permission-Drm7LpPo.d.ts → permission-Ld-i5ugf.d.ts} +13 -1
package/dist/{permission-policy-CU6sqWxF.d.ts → permission-policy-CL-mPufp.d.ts} +14 -7
package/dist/{plan-templates-CLRcurWN.d.ts → plan-templates-ThBHOjaM.d.ts} +4 -4
package/dist/{provider-runner-BikCxGCx.d.ts → provider-runner-DJQa211J.d.ts} +3 -3
package/dist/{retry-policy-Chtlvr5b.d.ts → retry-policy-BfBScewS.d.ts} +1 -1
package/dist/sdd/index.d.ts +9 -9
package/dist/sdd/index.js +1 -1
package/dist/sdd/index.js.map +1 -1
package/dist/security/index.d.ts +3 -3
package/dist/security/index.js +115 -13
package/dist/security/index.js.map +1 -1
package/dist/{selector-BvSPdJj6.d.ts → selector-DxhW7ML3.d.ts} +1 -1
package/dist/{session-reader-BGhzMir4.d.ts → session-reader-q2ThszgG.d.ts} +1 -1
package/dist/storage/index.d.ts +6 -6
package/dist/{system-prompt-dtzV_mLm.d.ts → system-prompt-7LHyBbIf.d.ts} +32 -2
package/dist/{tool-executor-CgU0yWpB.d.ts → tool-executor-CIjpGaRA.d.ts} +5 -4
package/dist/types/index.d.ts +14 -14
package/dist/types/index.js +62 -6
package/dist/types/index.js.map +1 -1
package/dist/utils/index.d.ts +2 -2
package/package.json +1 -1

package/dist/defaults/index.js CHANGED Viewed

@@ -1,7 +1,7 @@
 import * as crypto2 from 'crypto';
 import { randomBytes, randomUUID, createCipheriv, createDecipheriv, createHash } from 'crypto';
 import * as fsp from 'fs/promises';
-import * as path15 from 'path';
+import * as path16 from 'path';
 import { isAbsolute, resolve } from 'path';
 import * as fs5 from 'fs';
 import * as os from 'os';
@@ -32,9 +32,9 @@ __export(atomic_write_exports, {
   ensureDir: () => ensureDir
 });
 async function atomicWrite(targetPath, content, opts = {}) {
-  const dir = path15.dirname(targetPath);
+  const dir = path16.dirname(targetPath);
   await fsp.mkdir(dir, { recursive: true });
-  const tmp = path15.join(dir, `.${path15.basename(targetPath)}.${randomBytes(6).toString("hex")}.tmp`);
+  const tmp = path16.join(dir, `.${path16.basename(targetPath)}.${randomBytes(6).toString("hex")}.tmp`);
   try {
     if (typeof content === "string") {
       await fsp.writeFile(tmp, content, { flag: "wx", encoding: opts.encoding ?? "utf8" });
@@ -89,7 +89,7 @@ async function renameWithRetry(from, to) {
       if (!code || !TRANSIENT_RENAME_CODES.has(code) || i === delays.length) {
         throw err;
       }
-      await new Promise((resolve4) => setTimeout(resolve4, delays[i]));
+      await new Promise((resolve5) => setTimeout(resolve5, delays[i]));
     }
   }
   throw lastErr;
@@ -169,7 +169,7 @@ var DefaultLogger = class _DefaultLogger {
     this.pretty = opts.pretty ?? true;
     if (this.file) {
       try {
-        fs5.mkdirSync(path15.dirname(this.file), { recursive: true });
+        fs5.mkdirSync(path16.dirname(this.file), { recursive: true });
       } catch {
       }
     }
@@ -342,7 +342,7 @@ var DefaultSessionStore = class {
   }
   /** Join session ID to its absolute path within the store directory. */
   sessionPath(id, ext) {
-    return path15.join(this.dir, `${id}${ext}`);
+    return path16.join(this.dir, `${id}${ext}`);
   }
   async ensureShardDir(_id) {
     await ensureDir(this.dir);
@@ -352,7 +352,7 @@ var DefaultSessionStore = class {
     const startedAt = (/* @__PURE__ */ new Date()).toISOString();
     const id = meta.id ?? `${startedAt.replace(/[:.]/g, "-")}-${randomBytes(2).toString("hex")}`;
     const shardDir = await this.ensureShardDir(id);
-    const file = path15.join(shardDir, `${id}.jsonl`);
+    const file = path16.join(shardDir, `${id}.jsonl`);
     let handle;
     try {
       handle = await fsp.open(file, "a", 384);
@@ -445,7 +445,7 @@ var DefaultSessionStore = class {
     const ids = [];
     const entries = await fsp.readdir(dir, { withFileTypes: true });
     for (const entry of entries) {
-      const full = path15.join(dir, entry.name);
+      const full = path16.join(dir, entry.name);
       if (entry.isDirectory()) {
         ids.push(...await this.collectSessionIds(full));
       } else if (entry.isFile() && entry.name.endsWith(".jsonl")) {
@@ -601,7 +601,7 @@ var FileSessionWriter = class {
     this.meta = meta;
     this.events = events;
     this.resumed = opts.resumed ?? false;
-    this.manifestFile = opts.dir ? path15.join(opts.dir, `${id}.summary.json`) : "";
+    this.manifestFile = opts.dir ? path16.join(opts.dir, `${id}.summary.json`) : "";
     this.filePath = opts.filePath ?? "";
     this.secretScrubber = opts.secretScrubber;
     this.summary = {
@@ -883,7 +883,7 @@ init_atomic_write();
 var QueueStore = class {
   file;
   constructor(opts) {
-    this.file = path15.join(opts.dir, "queue.json");
+    this.file = path16.join(opts.dir, "queue.json");
   }
   async write(items) {
     if (items.length === 0) {
@@ -953,7 +953,7 @@ var DefaultAttachmentStore = class {
     let data = input.data;
     if (this.spoolDir && bytes >= this.spoolThreshold) {
       await fsp.mkdir(this.spoolDir, { recursive: true });
-      spooledPath = path15.join(this.spoolDir, `${id}.bin`);
+      spooledPath = path16.join(this.spoolDir, `${id}.bin`);
       await atomicWrite(spooledPath, input.data, {
         encoding: input.kind === "image" ? "base64" : "utf8"
       });
@@ -1141,7 +1141,7 @@ ${body.trim()}`);
   async remember(text, scope = "project-memory") {
     return this.runSerialized(scope, async () => {
       const file = this.files[scope];
-      await ensureDir(path15.dirname(file));
+      await ensureDir(path16.dirname(file));
       let existing = "";
       try {
         existing = await fsp.readFile(file, "utf8");
@@ -1765,7 +1765,7 @@ var RecoveryLock = class {
   sessionStore;
   probe;
   constructor(opts) {
-    this.file = path15.join(opts.dir, LOCK_FILE);
+    this.file = path16.join(opts.dir, LOCK_FILE);
     this.pid = opts.pid ?? process.pid;
     this.hostname = opts.hostname ?? os.hostname();
     this.maxAgeMs = opts.maxAgeMs ?? DEFAULT_MAX_AGE_MS;
@@ -1823,7 +1823,7 @@ var RecoveryLock = class {
    * null return before calling this.
    */
   async write(sessionId) {
-    await ensureDir(path15.dirname(this.file));
+    await ensureDir(path16.dirname(this.file));
     const lock = {
       v: 1,
       sessionId,
@@ -3050,7 +3050,7 @@ var DefaultSecretVault = class {
     } catch (err) {
       if (err.code !== "ENOENT") throw err;
     }
-    fs5.mkdirSync(path15.dirname(this.keyFile), { recursive: true });
+    fs5.mkdirSync(path16.dirname(this.keyFile), { recursive: true });
     const key = randomBytes(KEY_BYTES);
     try {
       fs5.writeFileSync(this.keyFile, key, { mode: 384, flag: "wx" });
@@ -3119,7 +3119,7 @@ async function rewriteConfigEncrypted(configPath, vault, patch) {
   }
   const merged = deepMerge2(current, patch ?? {});
   const encrypted = encryptConfigSecrets(merged, vault);
-  await fsp.mkdir(path15.dirname(configPath), { recursive: true });
+  await fsp.mkdir(path16.dirname(configPath), { recursive: true });
   await atomicWrite(configPath, JSON.stringify(encrypted, null, 2), { mode: 384 });
   await restrictFilePermissions(configPath);
 }
@@ -3321,6 +3321,87 @@ function matchGlob(pattern, input) {
 function matchAny(patterns, input) {
   return patterns.some((p) => matchGlob(p, input));
 }
+var DESTRUCTIVE_BASH_PATTERNS = [
+  /\bgit\s+(?:clean\s+-[^\s]*[xdf]|reset\s+--hard)\b/i,
+  /\b(?:drop|truncate)\s+(?:table|database|schema)\b/i,
+  /\bdelete\s+from\b/i,
+  /\b(?:mkfs|format|diskpart|shutdown|reboot)\b/i,
+  /\bchmod\s+-R\s+777\b/i,
+  /\bchown\s+-R\b/i,
+  /\b(?:curl|wget)\b.*\|\s*(?:sh|bash|zsh|pwsh|powershell)\b/i,
+  /\b(?:powershell|pwsh)\b.*(?:-encodedcommand|-enc)\b/i,
+  /:\(\)\s*\{\s*:\|:&\s*}\s*;/
+];
+var PROJECT_ESCAPE_PATTERN = /(?:^|[\s"'])\.\.(?:[\\/]|$)/;
+var ABSOLUTE_PATH_PATTERN = /(?:^|[\s"'])(?:~[\\/]|\/[A-Za-z0-9_.-]|[A-Za-z]:[\\/])/;
+var SHELL_OPERATORS = /* @__PURE__ */ new Set(["&&", "||", "|", ";", ">", ">>", "<", "2>", "2>>"]);
+function getInputString(input, key) {
+  if (!input || typeof input !== "object") return void 0;
+  const value = input[key];
+  return typeof value === "string" ? value : void 0;
+}
+function pathLooksInsideProject(rawPath, projectRoot) {
+  if (!projectRoot) return false;
+  if (rawPath === "~" || rawPath.startsWith("~/") || rawPath.startsWith("~\\")) return false;
+  const resolved = path16.resolve(projectRoot, rawPath);
+  const relative2 = path16.relative(projectRoot, resolved);
+  return !!relative2 && !relative2.startsWith("..") && !path16.isAbsolute(relative2);
+}
+function tokenizeShell(command) {
+  return command.match(/"[^"]*"|'[^']*'|\S+/g)?.map((token) => token.replace(/^['"]|['"]$/g, "")) ?? [];
+}
+function pathTokenIsOutsideProject(token, projectRoot) {
+  if (!token || SHELL_OPERATORS.has(token) || token.startsWith("-")) return false;
+  if (token === "/" || token === "~" || token === "." || token === "..") return token !== ".";
+  if (token.includes("*")) return true;
+  if (token.startsWith("..") || token.includes("../") || token.includes("..\\")) return true;
+  if (path16.isAbsolute(token) || token.startsWith("~/")) return !pathLooksInsideProject(token, projectRoot);
+  return false;
+}
+function hasDangerousDeleteTarget(tokens, start, projectRoot) {
+  const targets = tokens.slice(start).filter((token) => !token.startsWith("-") && !SHELL_OPERATORS.has(token));
+  if (targets.length === 0) return true;
+  return targets.some((target) => pathTokenIsOutsideProject(target, projectRoot));
+}
+function hasDestructiveDelete(command, projectRoot) {
+  const tokens = tokenizeShell(command);
+  for (let i = 0; i < tokens.length; i++) {
+    const token = tokens[i]?.toLowerCase();
+    if (!token) continue;
+    if (token === "rm") {
+      const args = tokens.slice(i + 1);
+      const recursiveOrForce = args.some(
+        (arg) => /^-[^-]*[rf]/i.test(arg) || arg === "--recursive" || arg === "--force"
+      );
+      if (recursiveOrForce && hasDangerousDeleteTarget(tokens, i + 1, projectRoot)) return true;
+    }
+    if (token === "rmdir" || token === "rd") {
+      const args = tokens.slice(i + 1);
+      const recursive = args.some((arg) => arg.toLowerCase() === "/s");
+      if (recursive && hasDangerousDeleteTarget(tokens, i + 1, projectRoot)) return true;
+    }
+    if (token === "del" || token === "erase") {
+      if (hasDangerousDeleteTarget(tokens, i + 1, projectRoot)) return true;
+    }
+    if (token === "remove-item") {
+      const args = tokens.slice(i + 1).map((arg) => arg.toLowerCase());
+      const recursiveOrForce = args.includes("-recurse") || args.includes("-force");
+      if (recursiveOrForce && hasDangerousDeleteTarget(tokens, i + 1, projectRoot)) return true;
+    }
+  }
+  return false;
+}
+function isClearlyDestructiveBashCommand(command, projectRoot) {
+  const trimmed = command.trim();
+  if (!trimmed) return false;
+  if (hasDestructiveDelete(trimmed, projectRoot)) return true;
+  if (DESTRUCTIVE_BASH_PATTERNS.some((pattern) => pattern.test(trimmed))) return true;
+  if (/\bcd\s+(?:\.\.|~|\/|[A-Za-z]:[\\/])/i.test(trimmed)) return true;
+  if (PROJECT_ESCAPE_PATTERN.test(trimmed)) return true;
+  const absolute = trimmed.match(ABSOLUTE_PATH_PATTERN)?.[0]?.trim().replace(/^['"]|['"]$/g, "");
+  if (absolute && !pathLooksInsideProject(absolute, projectRoot)) return true;
+  return false;
+}
 // src/security/permission-policy.ts
 var DefaultPermissionPolicy = class {
@@ -3328,7 +3409,7 @@ var DefaultPermissionPolicy = class {
   loaded = false;
   trustFile;
   yolo;
-  forceAllYolo;
+  yoloDestructive;
   /**
    * Session-scoped "soft deny" map. When the user presses 'n' (block once),
    * the tool+pattern is added here. If the LLM retries in the same session,
@@ -3361,7 +3442,7 @@ var DefaultPermissionPolicy = class {
   constructor(opts) {
     this.trustFile = opts.trustFile;
     this.yolo = opts.yolo ?? false;
-    this.forceAllYolo = opts.forceAllYolo ?? false;
+    this.yoloDestructive = opts.yoloDestructive ?? opts.forceAllYolo ?? false;
     this.promptDelegate = opts.promptDelegate;
   }
   /**
@@ -3381,13 +3462,21 @@ var DefaultPermissionPolicy = class {
   getYolo() {
     return this.yolo;
   }
-  /** Toggle force-all-YOLO at runtime. */
+  /** Toggle the destructive YOLO override at runtime. */
+  setYoloDestructive(enabled) {
+    this.yoloDestructive = enabled;
+  }
+  /** Check whether the destructive YOLO override is active. */
+  getYoloDestructive() {
+    return this.yoloDestructive;
+  }
+  /** @deprecated Use `setYoloDestructive`. */
   setForceAllYolo(enabled) {
-    this.forceAllYolo = enabled;
+    this.setYoloDestructive(enabled);
   }
-  /** Check whether force-all-YOLO is active. */
+  /** @deprecated Use `getYoloDestructive`. */
   getForceAllYolo() {
-    return this.forceAllYolo;
+    return this.getYoloDestructive();
   }
   async reload() {
     try {
@@ -3434,7 +3523,8 @@ var DefaultPermissionPolicy = class {
       return { permission: "auto", source: "trust" };
     }
     if (this.yolo) {
-      if (tool.riskTier === "destructive" && !this.forceAllYolo) {
+      const destructive = this.isDestructiveYoloCall(tool, input, ctx);
+      if (destructive && !this.yoloDestructive) {
         if (this.promptDelegate) {
           const decision = await this.promptDelegate(tool, input, subject ?? tool.name);
           if (decision === "always") {
@@ -3486,6 +3576,18 @@ var DefaultPermissionPolicy = class {
     }
     return { permission: "confirm", source: "default" };
   }
+  isDestructiveYoloCall(tool, input, ctx) {
+    if (tool.name === "bash") {
+      const command = getInputString(input, "command");
+      return command ? isClearlyDestructiveBashCommand(command, ctx.projectRoot) : true;
+    }
+    if (tool.name === "write" || tool.name === "edit" || tool.name === "replace" || tool.name === "patch") {
+      const targetPath = getInputString(input, "path") ?? getInputString(input, "file");
+      if (!targetPath || !ctx.projectRoot) return false;
+      return !pathLooksInsideProject(targetPath, ctx.projectRoot);
+    }
+    return tool.riskTier === "destructive";
+  }
   async trust(rule) {
     if (!this.loaded) await this.reload();
     const entry = this.policy[rule.tool] ?? {};
@@ -3803,7 +3905,7 @@ var DefaultRetryPolicy = class {
 };
 // src/execution/error-handler.ts
-var CONTEXT_OVERFLOW_RE = /context|too long|tokens/i;
+var CONTEXT_OVERFLOW_RE = /context|too long|tokens|exceeds the context window|context window/i;
 function buildRecoveryStrategies(opts) {
   return [
     {
@@ -3811,7 +3913,7 @@ function buildRecoveryStrategies(opts) {
       compactor: opts?.compactor,
       async attempt(err, ctx) {
         if (!(err instanceof ProviderError)) return null;
-        if (err.status !== 413 && !CONTEXT_OVERFLOW_RE.test(err.message)) return null;
+        if (err.status !== 413 && !isContextOverflowError(err)) return null;
         if (this.compactor) {
           try {
             const report = await this.compactor.compact(ctx, { aggressive: true });
@@ -3845,6 +3947,14 @@ function buildRecoveryStrategies(opts) {
   ];
 }
 var DEFAULT_RECOVERY_STRATEGIES = buildRecoveryStrategies();
+function isContextOverflowError(err) {
+  return CONTEXT_OVERFLOW_RE.test([
+    err.message,
+    err.body?.message,
+    err.body?.type,
+    err.body?.raw
+  ].filter(Boolean).join("\n"));
+}
 var DefaultErrorHandler = class {
   strategies;
   constructor(strategies = DEFAULT_RECOVERY_STRATEGIES) {
@@ -3861,7 +3971,7 @@ var DefaultErrorHandler = class {
       if (err.status === 429) return { kind: "rate_limit", retryable: true };
       if (err.status === 529) return { kind: "overloaded", retryable: true };
       if (err.status >= 500) return { kind: "server", retryable: true };
-      if (err.status === 413 || CONTEXT_OVERFLOW_RE.test(err.message)) {
+      if (err.status === 413 || isContextOverflowError(err)) {
         return { kind: "context_overflow", retryable: false };
       }
       if (err.status >= 400) return { kind: "client", retryable: false };
@@ -3900,7 +4010,7 @@ var DefaultSkillLoader = class {
         const entries = await fsp.readdir(dir, { withFileTypes: true });
         for (const e of entries) {
           if (!e.isDirectory()) continue;
-          const skillFile = path15.join(dir, e.name, "SKILL.md");
+          const skillFile = path16.join(dir, e.name, "SKILL.md");
           try {
             const raw = await fsp.readFile(skillFile, "utf8");
             const meta = parseFrontmatter(raw);
@@ -4312,8 +4422,8 @@ async function streamProviderToResponse(provider, req, signal, ctx, events) {
       try {
         await Promise.race([
           Promise.resolve(iter.return?.()),
-          new Promise((resolve4) => {
-            drainTimer = setTimeout(resolve4, 500);
+          new Promise((resolve5) => {
+            drainTimer = setTimeout(resolve5, 500);
           })
         ]);
       } finally {
@@ -4374,7 +4484,7 @@ async function runProviderWithRetry(opts) {
           description
         });
       }
-      await new Promise((resolve4, reject) => {
+      await new Promise((resolve5, reject) => {
         let settled = false;
         const onAbort = () => {
           if (settled) return;
@@ -4387,7 +4497,7 @@ async function runProviderWithRetry(opts) {
           settled = true;
           clearTimeout(t);
           signal.removeEventListener("abort", onAbort);
-          resolve4();
+          resolve5();
         }, delay);
         if (signal.aborted) {
           onAbort();
@@ -5488,11 +5598,11 @@ function validateAgainstSchema(value, schema) {
   walk3(value, schema, "", errors);
   return { ok: errors.length === 0, errors };
 }
-function walk3(value, schema, path18, errors) {
+function walk3(value, schema, path19, errors) {
   if (schema.enum !== void 0) {
     if (!schema.enum.some((e) => deepEqual(e, value))) {
       errors.push({
-        path: path18 || "<root>",
+        path: path19 || "<root>",
         message: `expected one of ${JSON.stringify(schema.enum)}, got ${JSON.stringify(value)}`
       });
       return;
@@ -5501,7 +5611,7 @@ function walk3(value, schema, path18, errors) {
   if (typeof schema.type === "string") {
     if (!checkType(value, schema.type)) {
       errors.push({
-        path: path18 || "<root>",
+        path: path19 || "<root>",
         message: `expected ${schema.type}, got ${describeType(value)}`
       });
       return;
@@ -5511,19 +5621,19 @@ function walk3(value, schema, path18, errors) {
     const obj = value;
     for (const req of schema.required ?? []) {
       if (!(req in obj)) {
-        errors.push({ path: joinPath(path18, req), message: "required property missing" });
+        errors.push({ path: joinPath(path19, req), message: "required property missing" });
       }
     }
     if (schema.properties) {
       for (const [key, subSchema] of Object.entries(schema.properties)) {
         if (key in obj) {
-          walk3(obj[key], subSchema, joinPath(path18, key), errors);
+          walk3(obj[key], subSchema, joinPath(path19, key), errors);
         }
       }
     }
   }
   if (schema.type === "array" && Array.isArray(value) && schema.items) {
-    value.forEach((item, i) => walk3(item, schema.items, `${path18}[${i}]`, errors));
+    value.forEach((item, i) => walk3(item, schema.items, `${path19}[${i}]`, errors));
   }
 }
 function checkType(value, type) {
@@ -5649,8 +5759,9 @@ var ToolExecutor = class {
    */
   async executeBatch(toolUses, ctx, strategy) {
     let budget = this.opts.perIterationOutputCapBytes ?? 1e5;
-    const runOne = async (use) => {
+    const runOne = async (use0) => {
       const start = Date.now();
+      let use = use0;
       const tool = this.registry.get(use.name);
       if (!tool) {
         const result = this.unknownToolResult(use, () => this.registry.list().map((t) => t.name));
@@ -5683,10 +5794,36 @@ Please call the tool again with arguments that match its inputSchema. You can us
         budget = this.decrementBudget(result, budget);
         return { result, tool, durationMs: Date.now() - start };
       }
+      if (this.opts.hookRunner?.has("PreToolUse")) {
+        const pre = await this.opts.hookRunner.preToolUse(tool.name, use.input, ctx);
+        if (pre.block) {
+          const result = this.blockedByHookResult(use, pre.reason);
+          budget = this.decrementBudget(result, budget);
+          return { result, tool, durationMs: Date.now() - start };
+        }
+        if (pre.input) {
+          const reval = validateAgainstSchema(pre.input, tool.inputSchema);
+          if (!reval.ok) {
+            const errorDetails = reval.errors.map((e) => `  - ${e.path || "input"}: ${e.message}`).join("\n");
+            const result = {
+              type: "tool_result",
+              tool_use_id: use.id,
+              content: `A PreToolUse hook rewrote the arguments for "${tool.name}" into an invalid shape.
+Validation errors:
+${errorDetails}`,
+              is_error: true
+            };
+            budget = this.decrementBudget(result, budget);
+            return { result, tool, durationMs: Date.now() - start };
+          }
+          use = { ...use, input: pre.input };
+        }
+      }
       const decision = await this.opts.permissionPolicy.evaluate(tool, use.input, ctx);
       let effectivePermission = decision.permission;
       const policy = this.opts.permissionPolicy;
-      const yolo = policy.getYolo?.() === true || policy.getForceAllYolo?.() === true;
+      const yolo = policy.getYolo?.() === true || policy.getYoloDestructive?.() === true || policy.getForceAllYolo?.() === true;
       if (toolDangerousCaps.length > 0 && effectivePermission === "auto" && !yolo) {
         effectivePermission = "confirm";
       }
@@ -5729,7 +5866,20 @@ Please call the tool again with arguments that match its inputSchema. You can us
         "tool.has_dangerous_capabilities": toolCapsForAudit.length > 0
       });
       try {
-        const result = await this.executeTool(tool, use, ctx, budget);
+        let result = await this.executeTool(tool, use, ctx, budget);
+        if (this.opts.hookRunner?.has("PostToolUse")) {
+          const post = await this.opts.hookRunner.postToolUse(
+            tool.name,
+            use.input,
+            { content: String(result.content), isError: !!result.is_error },
+            ctx
+          );
+          if (post.additionalContext) {
+            result = { ...result, content: `${result.content}
+${post.additionalContext}` };
+          }
+        }
         budget = this.decrementBudget(result, budget);
         span?.setAttribute("tool.is_error", !!result.is_error);
         span?.setAttribute(
@@ -5918,6 +6068,14 @@ ${excerpt}`;
       is_error: true
     };
   }
+  blockedByHookResult(use, reason) {
+    return {
+      type: "tool_result",
+      tool_use_id: use.id,
+      content: `Tool "${use.name}" was blocked by a PreToolUse hook: ${reason ?? "no reason given"}`,
+      is_error: true
+    };
+  }
   decrementBudget(result, budget) {
     const contentBytes = typeof result.content === "string" ? Buffer.byteLength(result.content, "utf8") : Buffer.byteLength(JSON.stringify(result.content), "utf8");
     return Math.max(0, budget - contentBytes);
@@ -6144,8 +6302,8 @@ var AutonomousRunner = class {
 init_atomic_write();
 var MAX_JOURNAL_ENTRIES = 500;
 function goalFilePath(projectRoot) {
-  const hash = createHash("sha256").update(path15.resolve(projectRoot)).digest("hex").slice(0, 12);
-  return path15.join(os.homedir(), ".wrongstack", "projects", hash, "goal.json");
+  const hash = createHash("sha256").update(path16.resolve(projectRoot)).digest("hex").slice(0, 12);
+  return path16.join(os.homedir(), ".wrongstack", "projects", hash, "goal.json");
 }
 async function loadGoal(filePath) {
   let raw;
@@ -6631,7 +6789,8 @@ ${recentJournal}` : "No prior iterations.",
       "   \u2022 When this iteration's Task is finished (real artifact / passing",
       "     test / applied diff / clean output), emit `[done]` on its own line.",
       "   \u2022 Do not stop on the first obstacle \u2014 try at least 3 distinct",
-      "     approaches before giving up. YOLO is active; no confirmations.",
+      "     approaches before giving up. YOLO is active for normal project work;",
+      "     destructive-gated confirmations still belong to the permission flow.",
       "",
       "2. UPDATE TODO STATE (when Source is `todo`)",
       "   \u2022 Mark this todo `in_progress` via the todos tool before tool work.",
@@ -6760,7 +6919,7 @@ ${recentJournal}` : "No prior iterations.",
   }
 };
 function sleep(ms) {
-  return new Promise((resolve4) => setTimeout(resolve4, ms));
+  return new Promise((resolve5) => setTimeout(resolve5, ms));
 }
 // src/coordination/subagent-budget.ts
@@ -6976,12 +7135,12 @@ var SubagentBudget = class _SubagentBudget {
           if (!bus || !bus.hasListenerFor("budget.threshold_reached")) {
             return Promise.resolve("stop");
           }
-          return new Promise((resolve4) => {
+          return new Promise((resolve5) => {
             let resolved = false;
             const respond = (d) => {
               if (resolved) return;
               resolved = true;
-              resolve4(d);
+              resolve5(d);
             };
             const fallback = setTimeout(
               () => respond("stop"),
@@ -10208,7 +10367,7 @@ var DefaultMultiAgentCoordinator = class _DefaultMultiAgentCoordinator extends E
       taskIds.map((id) => {
         const cached = this.completedResults.find((r) => r.taskId === id);
         if (cached) return cached;
-        return new Promise((resolve4, reject) => {
+        return new Promise((resolve5, reject) => {
           const timeout = setTimeout(() => {
             this.off("task.completed", handler);
             reject(new Error(`awaitTasks timed out waiting for task "${id}"`));
@@ -10217,7 +10376,7 @@ var DefaultMultiAgentCoordinator = class _DefaultMultiAgentCoordinator extends E
             if (result.taskId === id) {
               clearTimeout(timeout);
               this.off("task.completed", handler);
-              resolve4(result);
+              resolve5(result);
             }
           };
           this.on("task.completed", handler);
@@ -10720,7 +10879,7 @@ function providerErrorToSubagentError(err, message, cause) {
 // src/execution/parallel-eternal-engine.ts
 function sleep2(ms) {
-  return new Promise((resolve4) => setTimeout(resolve4, ms));
+  return new Promise((resolve5) => setTimeout(resolve5, ms));
 }
 var GOAL_COMPLETE_MARKER2 = /^\s*\[goal[_\s-]?complete\]\s*$/im;
 var ParallelEternalEngine = class {
@@ -10899,7 +11058,8 @@ ${recentJournal}` : "No prior iterations.",
       "\u2500\u2500 EXECUTION PROTOCOL \u2500\u2500",
       "\u2022 Execute the assigned task end-to-end using multiple tool calls.",
       "\u2022 Emit `[done]` on its own line when the task is complete.",
-      "\u2022 Do not ask for confirmation \u2014 YOLO is active.",
+      "\u2022 Do not ask before routine in-project tool use \u2014 YOLO is active for normal project work.",
+      "\u2022 If a destructive-gated confirmation appears, wait for the permission flow.",
       "\u2022 If the overall Mission is accomplished, emit `[GOAL_COMPLETE]` followed by a verification recipe.",
       "\u2022 Keep output concise \u2014 summarize findings, do not transcribe files."
     ].join("\n");
@@ -11156,8 +11316,10 @@ ${journalTail.join("\n")}` : "Recent journal: (none \u2014 this is the first ite
       "  decide.",
       "",
       "### Operating principles",
-      "- YOLO is active. Do NOT ask for confirmation, do NOT propose",
-      "  options. Pick the best path and execute it.",
+      "- YOLO is active for normal project work. Proceed with routine",
+      "  in-project tool use without pre-confirming; pick the best path and execute it.",
+      "  If the permission system raises a destructive-gated confirmation, wait",
+      "  for that flow instead of trying to bypass it.",
       "- Use tools freely; multiple calls per turn are normal and expected.",
       "- When working on a todo, mark it `in_progress` via the todos tool",
       "  before tool work and `completed` (or `cancelled` with a reason)",
@@ -11346,7 +11508,7 @@ var InMemoryAgentBridge = class {
       );
     }
     this.inflightGuards.add(correlationId);
-    return new Promise((resolve4, reject) => {
+    return new Promise((resolve5, reject) => {
       const timer = setTimeout(() => {
         this.inflightGuards.delete(correlationId);
         this.pendingRequests.delete(correlationId);
@@ -11358,7 +11520,7 @@ var InMemoryAgentBridge = class {
         return;
       }
       this.pendingRequests.set(correlationId, {
-        resolve: resolve4,
+        resolve: resolve5,
         reject,
         timer
       });
@@ -13658,7 +13820,7 @@ var Director = class _Director {
       })),
       usage: this.usage.snapshot()
     };
-    await fsp.mkdir(path15.dirname(this.manifestPath), { recursive: true });
+    await fsp.mkdir(path16.dirname(this.manifestPath), { recursive: true });
     await atomicWrite(this.manifestPath, JSON.stringify(manifest, null, 2), { mode: 384 });
     return this.manifestPath;
   }
@@ -13777,11 +13939,11 @@ var Director = class _Director {
         if (cached) return cached;
         const existing = this.taskWaiters.get(id);
         if (existing) return existing.promise;
-        let resolve4;
+        let resolve5;
         const promise = new Promise((res) => {
-          resolve4 = res;
+          resolve5 = res;
         });
-        this.taskWaiters.set(id, { promise, resolve: resolve4 });
+        this.taskWaiters.set(id, { promise, resolve: resolve5 });
         return promise;
       })
     );
@@ -13864,7 +14026,7 @@ var Director = class _Director {
    */
   async readSession(subagentId, tail) {
     if (!this.sessionsRoot) return null;
-    const filePath = path15.join(this.sessionsRoot, this.directorRunId, `${subagentId}.jsonl`);
+    const filePath = path16.join(this.sessionsRoot, this.directorRunId, `${subagentId}.jsonl`);
     let raw;
     try {
       raw = await fsp.readFile(filePath, "utf8");
@@ -14166,7 +14328,7 @@ function createDelegateTool(opts) {
           subagentId
         });
         const dir = director;
-        const result = await new Promise((resolve4) => {
+        const result = await new Promise((resolve5) => {
           let settled = false;
           let timer;
           const finish = (value) => {
@@ -14176,7 +14338,7 @@ function createDelegateTool(opts) {
             offTool();
             offIter();
             offProgress();
-            resolve4(value);
+            resolve5(value);
           };
           const arm = () => {
             if (timer) clearTimeout(timer);
@@ -14320,13 +14482,13 @@ async function readSubagentPartial(opts, subagentId) {
   if (!opts.sessionsRoot) return void 0;
   const candidates = [];
   if (opts.directorRunId) {
-    candidates.push(path15.join(opts.sessionsRoot, opts.directorRunId, `${subagentId}.jsonl`));
+    candidates.push(path16.join(opts.sessionsRoot, opts.directorRunId, `${subagentId}.jsonl`));
   } else {
     try {
       const entries = await fsp.readdir(opts.sessionsRoot, { withFileTypes: true });
       for (const entry of entries) {
         if (entry.isDirectory()) {
-          candidates.push(path15.join(opts.sessionsRoot, entry.name, `${subagentId}.jsonl`));
+          candidates.push(path16.join(opts.sessionsRoot, entry.name, `${subagentId}.jsonl`));
         }
       }
     } catch {
@@ -14373,9 +14535,9 @@ function makeDirectorSessionFactory(opts) {
   let dir;
   if (opts.store) {
     store = opts.store;
-    dir = opts.sessionsRoot ? path15.join(opts.sessionsRoot, runId) : "(caller-managed)";
+    dir = opts.sessionsRoot ? path16.join(opts.sessionsRoot, runId) : "(caller-managed)";
   } else if (opts.sessionsRoot) {
-    dir = path15.join(opts.sessionsRoot, runId);
+    dir = path16.join(opts.sessionsRoot, runId);
     store = new DefaultSessionStore({ dir });
   } else {
     throw new Error("makeDirectorSessionFactory requires either `store` or `sessionsRoot`");
@@ -14579,7 +14741,7 @@ var DefaultModelsRegistry = class {
     this.overlay = opts.overlay;
     this.overlayUrl = opts.overlayUrl;
     this.overlayFile = opts.overlayFile;
-    this.overlayCacheFile = opts.overlayCacheFile ?? (opts.overlayUrl ? path15.join(path15.dirname(opts.cacheFile), "models-overlay-cache.json") : void 0);
+    this.overlayCacheFile = opts.overlayCacheFile ?? (opts.overlayUrl ? path16.join(path16.dirname(opts.cacheFile), "models-overlay-cache.json") : void 0);
   }
   async load(opts = {}) {
     if (this.payload && !opts.force) return this.payload;
@@ -14792,7 +14954,7 @@ var DefaultModelsRegistry = class {
   }
   /** Used by `wstack models refresh` to expose where the cache lives. */
   cacheLocation() {
-    return path15.resolve(this.cacheFile);
+    return path16.resolve(this.cacheFile);
   }
 };
 function hasEntries(payload) {
@@ -15079,7 +15241,7 @@ var DefaultModeStore = class {
   }
   async loadActiveMode() {
     try {
-      const configPath = path15.join(this.configDir, "mode.json");
+      const configPath = path16.join(this.configDir, "mode.json");
       const content = await fsp.readFile(configPath, "utf8");
       const data = JSON.parse(content);
       this.activeModeId = data.activeMode ?? null;
@@ -15090,7 +15252,7 @@ var DefaultModeStore = class {
   async saveActiveMode() {
     try {
       await fsp.mkdir(this.configDir, { recursive: true });
-      const configPath = path15.join(this.configDir, "mode.json");
+      const configPath = path16.join(this.configDir, "mode.json");
       await atomicWrite(
         configPath,
         JSON.stringify({ activeMode: this.activeModeId }, null, 2)
@@ -15105,11 +15267,11 @@ async function loadProjectModes(modesDir) {
     const entries = await fsp.readdir(modesDir);
     for (const entry of entries) {
       if (!entry.endsWith(".md") && !entry.endsWith(".txt")) continue;
-      const filePath = path15.join(modesDir, entry);
+      const filePath = path16.join(modesDir, entry);
       const stat5 = await fsp.stat(filePath);
       if (!stat5.isFile()) continue;
       const content = await fsp.readFile(filePath, "utf8");
-      const id = path15.basename(entry, path15.extname(entry));
+      const id = path16.basename(entry, path16.extname(entry));
       modes.push({
         id,
         name: id.replace(/[-_]/g, " ").replace(/\b\w/g, (c) => c.toUpperCase()),
@@ -15125,7 +15287,7 @@ async function loadProjectModes(modesDir) {
 async function loadUserModes(modesDir) {
   const modes = [];
   try {
-    const manifestPath = path15.join(modesDir, "modes.json");
+    const manifestPath = path16.join(modesDir, "modes.json");
     const content = await fsp.readFile(manifestPath, "utf8");
     const manifest = JSON.parse(content);
     for (const mode of manifest.modes) {
@@ -16042,7 +16204,7 @@ var SpecStore = class {
   indexPath;
   constructor(opts) {
     this.baseDir = opts.baseDir;
-    this.indexPath = path15.join(this.baseDir, "_index.json");
+    this.indexPath = path16.join(this.baseDir, "_index.json");
   }
   async save(spec) {
     await ensureDir(this.baseDir);
@@ -16111,7 +16273,7 @@ var SpecStore = class {
     return updated;
   }
   filePath(id) {
-    return path15.join(this.baseDir, `${id}.json`);
+    return path16.join(this.baseDir, `${id}.json`);
   }
   async readIndex() {
     try {
@@ -16168,7 +16330,7 @@ var TaskGraphStore = class {
   indexPath;
   constructor(opts) {
     this.baseDir = opts.baseDir;
-    this.indexPath = path15.join(this.baseDir, "_index.json");
+    this.indexPath = path16.join(this.baseDir, "_index.json");
   }
   async save(graph) {
     await ensureDir(this.baseDir);
@@ -16206,7 +16368,7 @@ var TaskGraphStore = class {
     }
   }
   filePath(id) {
-    return path15.join(this.baseDir, `${id}.json`);
+    return path16.join(this.baseDir, `${id}.json`);
   }
   async readIndex() {
     try {
@@ -16451,9 +16613,9 @@ var AISpecBuilder = class {
     if (!this.sessionPath) return;
     try {
       const fsp16 = await import('fs/promises');
-      const path18 = await import('path');
+      const path19 = await import('path');
       const { atomicWrite: atomicWrite2 } = await Promise.resolve().then(() => (init_atomic_write(), atomic_write_exports));
-      await fsp16.mkdir(path18.dirname(this.sessionPath), { recursive: true });
+      await fsp16.mkdir(path19.dirname(this.sessionPath), { recursive: true });
       await atomicWrite2(this.sessionPath, JSON.stringify(this.session, null, 2));
     } catch {
     }
@@ -17163,15 +17325,15 @@ function computeCriticalPath(graph, _topoOrder, blockedByMap) {
       maxId = id;
     }
   }
-  const path18 = [];
+  const path19 = [];
   let current = maxId;
   const visited = /* @__PURE__ */ new Set();
   while (current && !visited.has(current)) {
     visited.add(current);
-    path18.unshift(current);
+    path19.unshift(current);
     current = prev.get(current) ?? null;
   }
-  return path18;
+  return path19;
 }
 function computeParallelGroups(graph, blockedByMap) {
   const groups = [];
@@ -17721,7 +17883,7 @@ var SddParallelRun = class {
       "\u2500\u2500 EXECUTION PROTOCOL \u2500\u2500",
       "\u2022 Execute the assigned SDD task end-to-end using multiple tool calls.",
       "\u2022 Mark the task [done] in the tracker when complete.",
-      "\u2022 Do not ask for confirmation.",
+      "\u2022 Do not ask before routine in-project tool use; if a permission gate appears, wait for that flow.",
       "\u2022 Keep output concise \u2014 summarize changes, do not transcribe files."
     ].join("\n");
     const spawns = subagentIds.map(
@@ -17964,9 +18126,9 @@ var DefaultHealthRegistry = class {
   }
   async runOne(check) {
     let timer = null;
-    const timeout = new Promise((resolve4) => {
+    const timeout = new Promise((resolve5) => {
       timer = setTimeout(
-        () => resolve4({ status: "unhealthy", detail: `timeout after ${this.timeoutMs}ms` }),
+        () => resolve5({ status: "unhealthy", detail: `timeout after ${this.timeoutMs}ms` }),
         this.timeoutMs
       );
     });
@@ -18149,7 +18311,7 @@ async function startMetricsServer(opts) {
   const tls = opts.tls;
   const useHttps = !!(tls?.cert && tls?.key);
   const host = opts.host ?? "127.0.0.1";
-  const path18 = opts.path ?? "/metrics";
+  const path19 = opts.path ?? "/metrics";
   const healthPath = opts.healthPath ?? "/healthz";
   const healthRegistry = opts.healthRegistry;
   const listener = (req, res) => {
@@ -18159,7 +18321,7 @@ async function startMetricsServer(opts) {
       return;
     }
     const url = req.url.split("?")[0];
-    if (url === path18) {
+    if (url === path19) {
       let body;
       try {
         body = renderPrometheus(opts.sink.snapshot());
@@ -18205,14 +18367,14 @@ async function startMetricsServer(opts) {
     const { createServer } = await import('http');
     server = createServer(listener);
   }
-  await new Promise((resolve4, reject) => {
+  await new Promise((resolve5, reject) => {
     const onError = (err) => {
       server.off("listening", onListening);
       reject(err);
     };
     const onListening = () => {
       server.off("error", onError);
-      resolve4();
+      resolve5();
     };
     server.once("error", onError);
     server.once("listening", onListening);
@@ -18223,9 +18385,9 @@ async function startMetricsServer(opts) {
   const protocol = useHttps ? "https" : "http";
   return {
     port: boundPort,
-    url: `${protocol}://${host}:${boundPort}${path18}`,
-    close: () => new Promise((resolve4, reject) => {
-      server.close((err) => err ? reject(err) : resolve4());
+    url: `${protocol}://${host}:${boundPort}${path19}`,
+    close: () => new Promise((resolve5, reject) => {
+      server.close((err) => err ? reject(err) : resolve5());
     })
   };
 }
@@ -18774,7 +18936,7 @@ var context7Server = () => ({
   name: "context7",
   description: "Codebase-aware documentation and Q&A (context7.ai)",
   transport: "streamable-http",
-  url: "https://server.context7.ai/mcp",
+  url: "https://mcp.context7.com/mcp",
   permission: "confirm"
 });
 var braveSearchServer = () => ({