@wrongstack/tools 0.250.0 → 0.256.0

package/dist/pack.js

@@ -1,11 +1,11 @@
 import { spawn, execFileSync, spawnSync } from 'node:child_process';
 import * as Core from '@wrongstack/core';
-import { buildChildEnv, detectNewlineStyle, normalizeToLf, toStyle, atomicWrite, unifiedDiff, compileGlob, expectDefined, recordPackageAction, detectPackageEcosystem, mutatePlan, clearPlan, getPlanTemplate, addPlanItem, deriveTodosFromPlanItem, removePlanItem, setPlanItemStatus, loadTasks, emptyTaskFile, saveTasks, formatTaskList, formatPlan, mutateTasks, loadPlan, emptyPlan, savePlan, computeTaskItemProgress, resolveWstackPaths, truncate } from '@wrongstack/core';
+import { buildChildEnv, detectNewlineStyle, normalizeToLf, toStyle, atomicWrite, unifiedDiff, compileGlob, expectDefined, recordPackageAction, detectPackageEcosystem, mutatePlan, clearPlan, getPlanTemplate, addPlanItem, deriveTodosFromPlanItem, removePlanItem, setPlanItemStatus, loadTasks, emptyTaskFile, saveTasks, formatTaskList, formatPlan, mutateTasks, loadPlan, emptyPlan, savePlan, computeTaskItemProgress, wstackGlobalRoot, resolveWstackPaths, truncate } from '@wrongstack/core';
 import * as fs from 'node:fs';
-import { statSync, writeFileSync, mkdirSync } from 'node:fs';
-import * as path2 from 'node:path';
-import { resolve, sep, dirname, join } from 'node:path';
+import { statSync, mkdirSync, createWriteStream, writeFileSync } from 'node:fs';
 import * as fs14 from 'node:fs/promises';
+import * as path3 from 'node:path';
+import { resolve, sep, dirname, join } from 'node:path';
 import * as os from 'node:os';
 import { createRequire } from 'node:module';
 import { fileURLToPath } from 'node:url';
@@ -14,373 +14,109 @@ import * as ts from 'typescript';
 import * as dns from 'node:dns/promises';
 import * as net from 'node:net';
 import { Agent } from 'undici';
-import { randomUUID } from 'node:crypto';
-
-// src/_spawn-stream.ts
-function resolveWin32Command(cmd) {
-  if (process.platform !== "win32") return cmd;
-  if (cmd.includes("/") || cmd.includes("\\") || path2.extname(cmd)) {
-    return cmd;
-  }
-  const pathext = (process.env["PATHEXT"] ?? ".COM;.EXE;.BAT;.CMD;.VBS;.JS;.WS;.MSC").toLowerCase().split(";");
-  const pathDirs = (process.env["PATH"] ?? "").split(path2.delimiter);
-  for (const dir of pathDirs) {
-    const base = path2.join(dir, cmd);
-    for (const ext of pathext) {
-      const full = `${base}${ext}`;
-      try {
-        fs.accessSync(full, fs.constants.X_OK);
-        return full;
-      } catch {
-      }
-    }
-  }
-  return cmd;
-}
-
-// src/_spawn-stream.ts
-async function* spawnStream(opts) {
-  const max = opts.maxBytes ?? 2e5;
-  const flushAt = opts.flushBytes ?? 4 * 1024;
-  const maxQueue = opts.maxQueueSize ?? 500;
-  let stdout = "";
-  let stderr = "";
-  let pending2 = "";
-  let error;
-  const cmd = resolveWin32Command(opts.cmd);
-  const needsShell = process.platform === "win32" && (cmd.endsWith(".cmd") || cmd.endsWith(".bat"));
-  const child = spawn(cmd, opts.args, {
-    cwd: opts.cwd,
-    signal: opts.signal,
-    env: buildChildEnv(),
-    stdio: ["ignore", "pipe", "pipe"],
-    windowsHide: true,
-    ...needsShell ? { shell: true, windowsVerbatimArguments: true } : {}
-  });
-  const queue = [];
-  let waiter;
-  let paused = false;
-  const wake = () => {
-    if (waiter) {
-      const w = waiter;
-      waiter = void 0;
-      w();
-    }
-  };
-  const resume = () => {
-    if (paused && queue.length < maxQueue) {
-      paused = false;
-      child.stdout?.resume();
-      child.stderr?.resume();
-    }
-  };
-  child.stdout?.on("data", (c) => {
-    const s = c.toString();
-    if (stdout.length < max) stdout += s;
-    queue.push({ kind: "out", data: s });
-    wake();
-    if (!paused && queue.length >= maxQueue) {
-      paused = true;
-      child.stdout?.pause();
-      child.stderr?.pause();
-    }
-  });
-  child.stderr?.on("data", (c) => {
-    const s = c.toString();
-    if (stderr.length < max) stderr += s;
-    queue.push({ kind: "err", data: s });
-    wake();
-    if (!paused && queue.length >= maxQueue) {
-      paused = true;
-      child.stdout?.pause();
-      child.stderr?.pause();
-    }
-  });
-  child.on("error", (e) => {
-    error = e.message;
-    queue.push({ kind: "error", data: e.message });
-    wake();
-  });
-  child.on("close", (code) => {
-    queue.push({ kind: "close", data: "", code: code ?? 0 });
-    wake();
-  });
-  let exitCode = 0;
-  let spawnFailed = false;
-  for (; ; ) {
-    while (queue.length === 0) {
-      await new Promise((resolve7) => {
-        waiter = resolve7;
-      });
-    }
-    const chunk = queue.shift();
-    resume();
-    if (chunk.kind === "close") {
-      if (!spawnFailed) exitCode = chunk.code ?? 0;
-      break;
-    }
-    if (chunk.kind === "error") {
-      spawnFailed = true;
-      exitCode = 1;
-      continue;
-    }
-    pending2 += chunk.data;
-    if (pending2.length >= flushAt) {
-      yield { type: "partial_output", text: pending2 };
-      pending2 = "";
-    }
-  }
-  if (pending2.length > 0) {
-    yield { type: "partial_output", text: pending2 };
-  }
-  return {
-    stdout,
-    stderr,
-    exitCode,
-    truncated: stdout.length >= max || stderr.length >= max,
-    error
-  };
-}
-async function detectPackageManager(cwd) {
-  const { stat: stat10 } = await import('node:fs/promises');
-  try {
-    await stat10(`${cwd}/pnpm-lock.yaml`);
-    return "pnpm";
-  } catch {
-  }
-  try {
-    await stat10(`${cwd}/yarn.lock`);
-    return "yarn";
-  } catch {
-  }
-  return "npm";
-}
-function resolvePath(input, ctx) {
-  return path2.isAbsolute(input) ? path2.normalize(input) : path2.resolve(ctx.workingDir ?? ctx.cwd, input);
-}
-function ensureInsideRoot(absPath, ctx) {
-  const root = path2.resolve(ctx.projectRoot);
-  const target = path2.resolve(absPath);
-  const rel = path2.relative(root, target);
-  if (rel.startsWith("..") || path2.isAbsolute(rel)) {
-    throw new Error(`Path "${absPath}" is outside project root "${root}"`);
-  }
-  return target;
-}
-function safeResolve(input, ctx) {
-  return ensureInsideRoot(resolvePath(input, ctx), ctx);
-}
-async function assertRealInsideRoot(absPath, ctx) {
-  const realRoot = await fs14.realpath(ctx.projectRoot).catch(() => path2.resolve(ctx.projectRoot));
-  let probe = absPath;
-  for (; ; ) {
-    let real;
-    try {
-      real = await fs14.realpath(probe);
-    } catch (err) {
-      if (err.code === "ENOENT") {
-        const parent = path2.dirname(probe);
-        if (parent === probe) return;
-        probe = parent;
-        continue;
-      }
-      throw err;
-    }
-    const rel = path2.relative(realRoot, real);
-    if (rel.startsWith("..") || path2.isAbsolute(rel)) {
-      throw new Error(
-        `Path "${absPath}" resolves through a symlink outside project root "${realRoot}"`
-      );
-    }
-    return;
-  }
-}
-async function safeResolveReal(input, ctx) {
-  const abs = safeResolve(input, ctx);
-  await assertRealInsideRoot(abs, ctx);
-  return abs;
-}
-function truncateMiddle(s, max) {
-  if (Buffer.byteLength(s, "utf8") <= max) return s;
-  const half = Math.floor(max / 2);
-  return s.slice(0, half) + `
-\u2026[truncated ${Buffer.byteLength(s, "utf8") - max} bytes from middle]\u2026
-` + s.slice(-half);
-}
-function isBinaryBuffer(buf) {
-  const len = Math.min(buf.length, 8192);
-  for (let i = 0; i < len; i++) {
-    if (buf[i] === 0) return true;
-  }
-  return false;
-}
-var COMMAND_OUTPUT_MAX_BYTES = 32768;
-var REPEAT_RUN_THRESHOLD = 3;
-function collapseCarriageReturns(text) {
-  const lf = text.replace(/\r\n/g, "\n");
-  if (!lf.includes("\r")) return lf;
-  return lf.split("\n").map((line) => line.includes("\r") ? line.slice(line.lastIndexOf("\r") + 1) : line).join("\n");
-}
-function collapseConsecutiveDuplicates(text, minRun = REPEAT_RUN_THRESHOLD) {
-  const lines = text.split("\n");
-  const out = [];
-  let i = 0;
-  while (i < lines.length) {
-    let j = i + 1;
-    while (j < lines.length && lines[j] === lines[i]) j++;
-    const run = j - i;
-    if (run >= minRun) {
-      out.push(lines[i], `\u2026 \u27E8repeated ${run}\xD7\u27E9`);
-    } else {
-      for (let k = i; k < j; k++) out.push(lines[k]);
-    }
-    i = j;
-  }
-  return out.join("\n");
-}
-function takeHeadBytes(s, maxBytes) {
-  if (maxBytes <= 0) return "";
-  if (Buffer.byteLength(s, "utf8") <= maxBytes) return s;
-  let lo = 0;
-  let hi = s.length;
-  while (lo < hi) {
-    const mid = Math.ceil((lo + hi) / 2);
-    if (Buffer.byteLength(s.slice(0, mid), "utf8") <= maxBytes) lo = mid;
-    else hi = mid - 1;
-  }
-  return s.slice(0, lo);
-}
-function takeTailBytes(s, maxBytes) {
-  if (maxBytes <= 0) return "";
-  if (Buffer.byteLength(s, "utf8") <= maxBytes) return s;
-  let lo = 0;
-  let hi = s.length;
-  while (lo < hi) {
-    const mid = Math.ceil((lo + hi) / 2);
-    if (Buffer.byteLength(s.slice(s.length - mid), "utf8") <= maxBytes) lo = mid;
-    else hi = mid - 1;
-  }
-  return s.slice(s.length - lo);
-}
-function truncateHeadTail(s, maxBytes) {
-  const total = Buffer.byteLength(s, "utf8");
-  if (total <= maxBytes) return s;
-  const MARKER_RESERVE = 64;
-  const avail = Math.max(0, maxBytes - MARKER_RESERVE);
-  const headBudget = Math.floor(avail * 0.45);
-  const head = takeHeadBytes(s, headBudget);
-  const tail = takeTailBytes(s, avail - Buffer.byteLength(head, "utf8"));
-  const kept = Buffer.byteLength(head, "utf8") + Buffer.byteLength(tail, "utf8");
-  return `${head}
-\u2026[truncated ${total - kept} bytes]\u2026
-${tail}`;
-}
-function normalizeCommandOutput(raw, opts = {}) {
-  if (!raw) return raw;
-  let text = Core.stripAnsi(raw);
-  text = collapseCarriageReturns(text);
-  text = text.replace(/[ \t]+$/gm, "");
-  text = collapseConsecutiveDuplicates(text);
-  text = text.replace(/\n{3,}/g, "\n\n");
-  return truncateHeadTail(text, opts.maxBytes ?? COMMAND_OUTPUT_MAX_BYTES);
-}
-
-// src/audit.ts
-var auditTool = {
-  name: "audit",
-  category: "Package Management",
-  description: "Run a security audit against project dependencies (using pnpm/npm audit). Reports known vulnerabilities with severity.",
-  usageHint: "CRITICAL SECURITY TOOL:\n\n- Run regularly and especially before any release.\n- Use `level` to focus on high/critical issues.\n- `fix` can attempt automatic remediation for some vulnerabilities.\nThis is one of the most important tools for supply chain security.",
-  permission: "confirm",
-  mutating: false,
-  timeoutMs: 6e4,
-  inputSchema: {
-    type: "object",
-    properties: {
-      cwd: { type: "string", description: "Working directory (default: cwd)" },
-      level: {
-        type: "string",
-        enum: ["low", "moderate", "high", "critical"],
-        description: "Minimum severity level to report"
-      },
-      fix: { type: "boolean", description: "Attempt to fix vulnerabilities (default: false)" },
-      packages: { type: "string", description: "Specific package(s) to audit (comma-separated)" }
-    }
-  },
-  async execute(input, ctx, opts) {
-    let final;
-    const executeStream = auditTool.executeStream;
-    if (!executeStream) throw new Error("auditTool: stream execution unavailable");
-    for await (const ev of executeStream(input, ctx, opts)) {
-      if (ev.type === "final") final = ev.output;
-    }
-    if (!final) throw new Error("audit: stream ended without final event");
-    return final;
-  },
-  async *executeStream(input, ctx, opts) {
-    const cwd = input.cwd ? safeResolve(input.cwd, ctx) : ctx.cwd;
-    const manager = await detectPackageManager(cwd);
-    yield { type: "log", text: `Auditing with ${manager}\u2026`, data: { manager } };
-    const args = ["audit", "--json"];
-    if (input.fix) args.push("--fix");
-    if (input.packages) {
-      const pkgs = Array.isArray(input.packages) ? input.packages : input.packages.split(",");
-      args.push(...pkgs.map((p) => p.trim()));
+import { randomUUID } from 'node:crypto';
+
+// src/_spawn-stream.ts
+var SPOOL_RETENTION_MS = 7 * 24 * 60 * 60 * 1e3;
+var SPOOL_WRITE_HWM_BYTES = 4 * 1024 * 1024;
+var sweepStarted = false;
+function toolOutputDir() {
+  return path3.join(wstackGlobalRoot(), "tool-output");
+}
+function sweepOldSpoolFiles(dir) {
+  if (sweepStarted) return;
+  sweepStarted = true;
+  void (async () => {
+    try {
+      const now = Date.now();
+      for (const name of await fs14.readdir(dir)) {
+        if (!name.endsWith(".log")) continue;
+        const p = path3.join(dir, name);
+        try {
+          const st = await fs14.stat(p);
+          if (now - st.mtimeMs > SPOOL_RETENTION_MS) await fs14.unlink(p);
+        } catch {
+        }
+      }
+    } catch {
     }
-    const result = yield* spawnStream({
-      cmd: manager,
-      args,
-      cwd,
-      signal: opts.signal,
-      maxBytes: 1e5
-    });
-    yield { type: "final", output: parseAuditOutput(result.stdout, result.exitCode) };
-  }
-};
-function parseAuditOutput(json, exitCode) {
-  if (!json) {
-    return {
-      exit_code: exitCode,
-      vulnerabilities: [],
-      total: 0,
-      summary: exitCode === 0 ? "No vulnerabilities found" : "Audit failed",
-      output: "",
-      truncated: false
-    };
-  }
-  try {
-    const data = JSON.parse(json);
-    const advisories = [];
-    const ads = data.advisories ?? {};
-    for (const id of Object.keys(ads)) {
-      const adv = ads[id];
-      advisories.push({
-        severity: adv.severity ?? "unknown",
-        package: adv.module_name ?? id,
-        title: adv.title ?? "Unknown vulnerability",
-        url: adv.url ?? ""
+  })();
+}
+function spoolNote(info) {
+  const dropped = info.droppedBytes > 0 ? `, ~${info.droppedBytes} bytes dropped under backpressure` : "";
+  return `
+[output truncated \u2014 full ${info.bytes} bytes at ${info.path}${dropped}; read/grep that file selectively instead of re-running with more output]`;
+}
+function createOutputSpool(opts) {
+  const threshold = opts.thresholdBytes ?? 32768;
+  const safeTool = opts.tool.replace(/[^a-zA-Z0-9._-]+/g, "_").slice(0, 40) || "tool";
+  let head = "";
+  let headBytes = 0;
+  let totalBytes = 0;
+  let droppedBytes = 0;
+  let stream = null;
+  let filePath = null;
+  let failed = false;
+  let finalized = false;
+  const open = () => {
+    if (stream || failed) return;
+    try {
+      const dir = toolOutputDir();
+      mkdirSync(dir, { recursive: true });
+      sweepOldSpoolFiles(dir);
+      const stamp = (/* @__PURE__ */ new Date()).toISOString().replace(/[:.]/g, "-");
+      const rand = Math.random().toString(36).slice(2, 6);
+      filePath = path3.join(dir, `${stamp}-${safeTool}-${rand}.log`);
+      stream = createWriteStream(filePath, { flags: "w", encoding: "utf8" });
+      stream.on("error", () => {
+        failed = true;
+        stream = null;
+        filePath = null;
       });
+      stream.write(head);
+    } catch {
+      failed = true;
+      stream = null;
+      filePath = null;
     }
-    const total = advisories.length;
-    const summary = total === 0 ? "No vulnerabilities found" : `Found ${total} vulnerabilities: ${advisories.filter((a) => a.severity === "critical").length} critical, ${advisories.filter((a) => a.severity === "high").length} high`;
-    return {
-      exit_code: exitCode,
-      vulnerabilities: advisories,
-      total,
-      summary,
-      output: json,
-      truncated: json.length >= 1e5
-    };
-  } catch {
-    return {
-      exit_code: exitCode,
-      vulnerabilities: [],
-      total: 0,
-      summary: "Could not parse audit output",
-      output: json,
-      truncated: false
-    };
-  }
+  };
+  return {
+    write(text) {
+      if (finalized || !text) return;
+      totalBytes += Buffer.byteLength(text, "utf8");
+      if (!stream && !failed) {
+        if (headBytes + text.length <= threshold) {
+          head += text;
+          headBytes += text.length;
+          return;
+        }
+        head += text;
+        open();
+        head = "";
+        return;
+      }
+      if (stream) {
+        if (stream.writableLength > SPOOL_WRITE_HWM_BYTES) {
+          droppedBytes += Buffer.byteLength(text, "utf8");
+          return;
+        }
+        stream.write(text);
+      }
+    },
+    finalize() {
+      if (finalized) {
+        return filePath ? { path: filePath, bytes: totalBytes, droppedBytes } : null;
+      }
+      finalized = true;
+      head = "";
+      if (!stream || !filePath) return null;
+      try {
+        stream.end();
+      } catch {
+      }
+      return { path: filePath, bytes: totalBytes, droppedBytes };
+    }
+  };
 }
 
 // src/circuit-breaker.ts
@@ -726,43 +462,465 @@ var ProcessRegistryImpl = class {
         }, graceMs);
         timer.unref?.();
       }
-    } catch {
+    } catch {
+    }
+    p.killed = true;
+    return true;
+  }
+  /**
+   * Kill all tracked processes.
+   * Returns the PIDs that were kill()ed.
+   */
+  killAll(opts = {}) {
+    const pids = Array.from(this.processes.keys());
+    const killed = [];
+    for (const pid of pids) {
+      const p = this.processes.get(pid);
+      if (p && !p.protected && this.kill(pid, opts)) killed.push(pid);
+    }
+    return killed;
+  }
+  /**
+   * Kill all processes for a specific session.
+   * Returns the PIDs that were kill()ed.
+   */
+  killSession(sessionId, opts = {}) {
+    const pids = this.bySession(sessionId).map((p) => p.pid);
+    const killed = [];
+    for (const pid of pids) {
+      if (this.kill(pid, opts)) killed.push(pid);
+    }
+    return killed;
+  }
+};
+var _registry;
+function getProcessRegistry() {
+  if (!_registry) {
+    _registry = new ProcessRegistryImpl();
+  }
+  return _registry;
+}
+function resolveWin32Command(cmd) {
+  if (process.platform !== "win32") return cmd;
+  if (cmd.includes("/") || cmd.includes("\\") || path3.extname(cmd)) {
+    return cmd;
+  }
+  const pathext = (process.env["PATHEXT"] ?? ".COM;.EXE;.BAT;.CMD;.VBS;.JS;.WS;.MSC").toLowerCase().split(";");
+  const pathDirs = (process.env["PATH"] ?? "").split(path3.delimiter);
+  for (const dir of pathDirs) {
+    const base = path3.join(dir, cmd);
+    for (const ext of pathext) {
+      const full = `${base}${ext}`;
+      try {
+        fs.accessSync(full, fs.constants.X_OK);
+        return full;
+      } catch {
+      }
+    }
+  }
+  return cmd;
+}
+
+// src/_spawn-stream.ts
+async function* spawnStream(opts) {
+  const max = opts.maxBytes ?? 2e5;
+  const flushAt = opts.flushBytes ?? 4 * 1024;
+  const maxQueue = opts.maxQueueSize ?? 500;
+  let stdout = "";
+  let stderr = "";
+  let pending2 = "";
+  let error;
+  const spool = createOutputSpool({ tool: opts.cmd, thresholdBytes: max });
+  const cmd = resolveWin32Command(opts.cmd);
+  const isWin = process.platform === "win32";
+  const needsShell = isWin && (cmd.endsWith(".cmd") || cmd.endsWith(".bat"));
+  const child = spawn(cmd, opts.args, {
+    cwd: opts.cwd,
+    env: buildChildEnv(),
+    stdio: ["ignore", "pipe", "pipe"],
+    windowsHide: true,
+    ...isWin ? {} : { signal: opts.signal },
+    ...needsShell ? { shell: true, windowsVerbatimArguments: true } : {}
+  });
+  const registry = getProcessRegistry();
+  const pid = child.pid;
+  if (typeof pid === "number") {
+    registry.register({
+      pid,
+      name: opts.cmd,
+      command: redactCommand(`${opts.cmd} ${opts.args.join(" ")}`),
+      startedAt: Date.now(),
+      child
+    });
+  }
+  const queue = [];
+  let waiter;
+  let paused = false;
+  const wake = () => {
+    if (waiter) {
+      const w = waiter;
+      waiter = void 0;
+      w();
+    }
+  };
+  const resume = () => {
+    if (paused && queue.length < maxQueue) {
+      paused = false;
+      child.stdout?.resume();
+      child.stderr?.resume();
+    }
+  };
+  const onOut = (c) => {
+    const s = c.toString();
+    if (stdout.length < max) stdout += s;
+    spool.write(s);
+    queue.push({ kind: "out", data: s });
+    wake();
+    if (!paused && queue.length >= maxQueue) {
+      paused = true;
+      child.stdout?.pause();
+      child.stderr?.pause();
+    }
+  };
+  const onErr = (c) => {
+    const s = c.toString();
+    if (stderr.length < max) stderr += s;
+    spool.write(s);
+    queue.push({ kind: "err", data: s });
+    wake();
+    if (!paused && queue.length >= maxQueue) {
+      paused = true;
+      child.stdout?.pause();
+      child.stderr?.pause();
+    }
+  };
+  child.stdout?.on("data", onOut);
+  child.stderr?.on("data", onErr);
+  child.on("error", (e) => {
+    error = e.message;
+    queue.push({ kind: "error", data: e.message });
+    wake();
+  });
+  child.on("close", (code) => {
+    if (typeof pid === "number") registry.unregister(pid);
+    queue.push({ kind: "close", data: "", code: code ?? 0 });
+    wake();
+  });
+  const onAbort = () => {
+    if (typeof pid === "number") {
+      registry.kill(pid, { force: true });
+    } else {
+      try {
+        child.kill("SIGKILL");
+      } catch {
+      }
+    }
+    queue.push({ kind: "close", data: "", code: 124 });
+    wake();
+  };
+  if (opts.signal.aborted) onAbort();
+  else opts.signal.addEventListener("abort", onAbort, { once: true });
+  let exitCode = 0;
+  let spawnFailed = false;
+  try {
+    for (; ; ) {
+      while (queue.length === 0) {
+        await new Promise((resolve7) => {
+          waiter = resolve7;
+        });
+      }
+      const chunk = queue.shift();
+      resume();
+      if (chunk.kind === "close") {
+        if (!spawnFailed) exitCode = chunk.code ?? 0;
+        break;
+      }
+      if (chunk.kind === "error") {
+        spawnFailed = true;
+        exitCode = 1;
+        continue;
+      }
+      pending2 += chunk.data;
+      if (pending2.length >= flushAt) {
+        yield { type: "partial_output", text: pending2 };
+        pending2 = "";
+      }
+    }
+    if (pending2.length > 0) {
+      yield { type: "partial_output", text: pending2 };
+    }
+    const spooled = spool.finalize();
+    return {
+      // The marker rides on stdout's tail so every consumer's head+tail
+      // normalization keeps it without per-tool changes.
+      stdout: spooled ? stdout + spoolNote(spooled) : stdout,
+      stderr,
+      exitCode,
+      truncated: stdout.length >= max || stderr.length >= max,
+      error,
+      spoolPath: spooled?.path,
+      spoolBytes: spooled?.bytes
+    };
+  } finally {
+    spool.finalize();
+    opts.signal.removeEventListener("abort", onAbort);
+    child.stdout?.off("data", onOut);
+    child.stderr?.off("data", onErr);
+    child.stdout?.destroy();
+    child.stderr?.destroy();
+    if (child.exitCode === null && !child.killed) {
+      if (typeof pid === "number") {
+        registry.kill(pid, { force: true });
+      } else {
+        try {
+          child.kill("SIGKILL");
+        } catch {
+        }
+      }
+    }
+  }
+}
+async function detectPackageManager(cwd) {
+  const { stat: stat11 } = await import('node:fs/promises');
+  try {
+    await stat11(`${cwd}/pnpm-lock.yaml`);
+    return "pnpm";
+  } catch {
+  }
+  try {
+    await stat11(`${cwd}/yarn.lock`);
+    return "yarn";
+  } catch {
+  }
+  return "npm";
+}
+function resolvePath(input, ctx) {
+  return path3.isAbsolute(input) ? path3.normalize(input) : path3.resolve(ctx.workingDir ?? ctx.cwd, input);
+}
+function ensureInsideRoot(absPath, ctx) {
+  const root = path3.resolve(ctx.projectRoot);
+  const target = path3.resolve(absPath);
+  const rel = path3.relative(root, target);
+  if (rel.startsWith("..") || path3.isAbsolute(rel)) {
+    throw new Error(`Path "${absPath}" is outside project root "${root}"`);
+  }
+  return target;
+}
+function safeResolve(input, ctx) {
+  return ensureInsideRoot(resolvePath(input, ctx), ctx);
+}
+async function assertRealInsideRoot(absPath, ctx) {
+  const realRoot = await fs14.realpath(ctx.projectRoot).catch(() => path3.resolve(ctx.projectRoot));
+  let probe = absPath;
+  for (; ; ) {
+    let real;
+    try {
+      real = await fs14.realpath(probe);
+    } catch (err) {
+      if (err.code === "ENOENT") {
+        const parent = path3.dirname(probe);
+        if (parent === probe) return;
+        probe = parent;
+        continue;
+      }
+      throw err;
     }
-    p.killed = true;
-    return true;
+    const rel = path3.relative(realRoot, real);
+    if (rel.startsWith("..") || path3.isAbsolute(rel)) {
+      throw new Error(
+        `Path "${absPath}" resolves through a symlink outside project root "${realRoot}"`
+      );
+    }
+    return;
   }
-  /**
-   * Kill all tracked processes.
-   * Returns the PIDs that were kill()ed.
-   */
-  killAll(opts = {}) {
-    const pids = Array.from(this.processes.keys());
-    const killed = [];
-    for (const pid of pids) {
-      const p = this.processes.get(pid);
-      if (p && !p.protected && this.kill(pid, opts)) killed.push(pid);
+}
+async function safeResolveReal(input, ctx) {
+  const abs = safeResolve(input, ctx);
+  await assertRealInsideRoot(abs, ctx);
+  return abs;
+}
+function truncateMiddle(s, max) {
+  if (Buffer.byteLength(s, "utf8") <= max) return s;
+  const half = Math.floor(max / 2);
+  return s.slice(0, half) + `
+\u2026[truncated ${Buffer.byteLength(s, "utf8") - max} bytes from middle]\u2026
+` + s.slice(-half);
+}
+function isBinaryBuffer(buf) {
+  const len = Math.min(buf.length, 8192);
+  for (let i = 0; i < len; i++) {
+    if (buf[i] === 0) return true;
+  }
+  return false;
+}
+var COMMAND_OUTPUT_MAX_BYTES = 32768;
+var REPEAT_RUN_THRESHOLD = 3;
+function collapseCarriageReturns(text) {
+  const lf = text.replace(/\r\n/g, "\n");
+  if (!lf.includes("\r")) return lf;
+  return lf.split("\n").map((line) => line.includes("\r") ? line.slice(line.lastIndexOf("\r") + 1) : line).join("\n");
+}
+function collapseConsecutiveDuplicates(text, minRun = REPEAT_RUN_THRESHOLD) {
+  const lines = text.split("\n");
+  const out = [];
+  let i = 0;
+  while (i < lines.length) {
+    let j = i + 1;
+    while (j < lines.length && lines[j] === lines[i]) j++;
+    const run = j - i;
+    if (run >= minRun) {
+      out.push(lines[i], `\u2026 \u27E8repeated ${run}\xD7\u27E9`);
+    } else {
+      for (let k = i; k < j; k++) out.push(lines[k]);
     }
-    return killed;
+    i = j;
   }
-  /**
-   * Kill all processes for a specific session.
-   * Returns the PIDs that were kill()ed.
-   */
-  killSession(sessionId, opts = {}) {
-    const pids = this.bySession(sessionId).map((p) => p.pid);
-    const killed = [];
-    for (const pid of pids) {
-      if (this.kill(pid, opts)) killed.push(pid);
+  return out.join("\n");
+}
+function takeHeadBytes(s, maxBytes) {
+  if (maxBytes <= 0) return "";
+  if (Buffer.byteLength(s, "utf8") <= maxBytes) return s;
+  let lo = 0;
+  let hi = s.length;
+  while (lo < hi) {
+    const mid = Math.ceil((lo + hi) / 2);
+    if (Buffer.byteLength(s.slice(0, mid), "utf8") <= maxBytes) lo = mid;
+    else hi = mid - 1;
+  }
+  return s.slice(0, lo);
+}
+function takeTailBytes(s, maxBytes) {
+  if (maxBytes <= 0) return "";
+  if (Buffer.byteLength(s, "utf8") <= maxBytes) return s;
+  let lo = 0;
+  let hi = s.length;
+  while (lo < hi) {
+    const mid = Math.ceil((lo + hi) / 2);
+    if (Buffer.byteLength(s.slice(s.length - mid), "utf8") <= maxBytes) lo = mid;
+    else hi = mid - 1;
+  }
+  return s.slice(s.length - lo);
+}
+function truncateHeadTail(s, maxBytes) {
+  const total = Buffer.byteLength(s, "utf8");
+  if (total <= maxBytes) return s;
+  const MARKER_RESERVE = 64;
+  const avail = Math.max(0, maxBytes - MARKER_RESERVE);
+  const headBudget = Math.floor(avail * 0.45);
+  const head = takeHeadBytes(s, headBudget);
+  const tail = takeTailBytes(s, avail - Buffer.byteLength(head, "utf8"));
+  const kept = Buffer.byteLength(head, "utf8") + Buffer.byteLength(tail, "utf8");
+  return `${head}
+\u2026[truncated ${total - kept} bytes]\u2026
+${tail}`;
+}
+function normalizeCommandOutput(raw, opts = {}) {
+  if (!raw) return raw;
+  let text = Core.stripAnsi(raw);
+  text = collapseCarriageReturns(text);
+  text = text.replace(/[ \t]+$/gm, "");
+  text = collapseConsecutiveDuplicates(text);
+  text = text.replace(/\n{3,}/g, "\n\n");
+  return truncateHeadTail(text, opts.maxBytes ?? COMMAND_OUTPUT_MAX_BYTES);
+}
+
+// src/audit.ts
+var auditTool = {
+  name: "audit",
+  category: "Package Management",
+  description: "Run a security audit against project dependencies (using pnpm/npm audit). Reports known vulnerabilities with severity.",
+  usageHint: "CRITICAL SECURITY TOOL:\n\n- Run regularly and especially before any release.\n- Use `level` to focus on high/critical issues.\n- `fix` can attempt automatic remediation for some vulnerabilities.\nThis is one of the most important tools for supply chain security.",
+  permission: "confirm",
+  mutating: false,
+  capabilities: ["shell.restricted"],
+  timeoutMs: 6e4,
+  inputSchema: {
+    type: "object",
+    properties: {
+      cwd: { type: "string", description: "Working directory (default: cwd)" },
+      level: {
+        type: "string",
+        enum: ["low", "moderate", "high", "critical"],
+        description: "Minimum severity level to report"
+      },
+      fix: { type: "boolean", description: "Attempt to fix vulnerabilities (default: false)" },
+      packages: { type: "string", description: "Specific package(s) to audit (comma-separated)" }
     }
-    return killed;
+  },
+  async execute(input, ctx, opts) {
+    let final;
+    const executeStream = auditTool.executeStream;
+    if (!executeStream) throw new Error("auditTool: stream execution unavailable");
+    for await (const ev of executeStream(input, ctx, opts)) {
+      if (ev.type === "final") final = ev.output;
+    }
+    if (!final) throw new Error("audit: stream ended without final event");
+    return final;
+  },
+  async *executeStream(input, ctx, opts) {
+    const cwd = input.cwd ? safeResolve(input.cwd, ctx) : ctx.cwd;
+    const manager = await detectPackageManager(cwd);
+    yield { type: "log", text: `Auditing with ${manager}\u2026`, data: { manager } };
+    const args = ["audit", "--json"];
+    if (input.fix) args.push("--fix");
+    if (input.packages) {
+      const pkgs = Array.isArray(input.packages) ? input.packages : input.packages.split(",");
+      args.push(...pkgs.map((p) => p.trim()));
+    }
+    const result = yield* spawnStream({
+      cmd: manager,
+      args,
+      cwd,
+      signal: opts.signal,
+      maxBytes: 1e5
+    });
+    yield { type: "final", output: parseAuditOutput(result.stdout, result.exitCode) };
   }
 };
-var _registry;
-function getProcessRegistry() {
-  if (!_registry) {
-    _registry = new ProcessRegistryImpl();
+function parseAuditOutput(json, exitCode) {
+  if (!json) {
+    return {
+      exit_code: exitCode,
+      vulnerabilities: [],
+      total: 0,
+      summary: exitCode === 0 ? "No vulnerabilities found" : "Audit failed",
+      output: "",
+      truncated: false
+    };
+  }
+  try {
+    const data = JSON.parse(json);
+    const advisories = [];
+    const ads = data.advisories ?? {};
+    for (const id of Object.keys(ads)) {
+      const adv = ads[id];
+      advisories.push({
+        severity: adv.severity ?? "unknown",
+        package: adv.module_name ?? id,
+        title: adv.title ?? "Unknown vulnerability",
+        url: adv.url ?? ""
+      });
+    }
+    const total = advisories.length;
+    const summary = total === 0 ? "No vulnerabilities found" : `Found ${total} vulnerabilities: ${advisories.filter((a) => a.severity === "critical").length} critical, ${advisories.filter((a) => a.severity === "high").length} high`;
+    return {
+      exit_code: exitCode,
+      vulnerabilities: advisories,
+      total,
+      summary,
+      output: json,
+      truncated: json.length >= 1e5
+    };
+  } catch {
+    return {
+      exit_code: exitCode,
+      vulnerabilities: [],
+      total: 0,
+      summary: "Could not parse audit output",
+      output: json,
+      truncated: false
+    };
   }
-  return _registry;
 }
 
 // src/bash.ts
@@ -858,7 +1016,7 @@ var bashTool = {
     })();
     const args = isWin ? ["/c", input.command] : ["-c", input.command];
     const env = buildChildEnv(ctx.session?.id);
-    const detached = isWin ? !!input.background : true;
+    const detached = !isWin;
     const startedAt = Date.now();
     if (input.background) {
       let buf2 = "";
@@ -867,10 +1025,14 @@ var bashTool = {
         cwd: ctx.projectRoot,
         env,
         stdio: ["ignore", "pipe", "pipe"],
-        detached: true,
-        // Detached console children on Windows allocate their own VISIBLE
-        // console window (one per background command — test suites flash
-        // dozens). CREATE_NO_WINDOW suppresses it; no-op elsewhere.
+        // win32: CreateProcess IGNORES CREATE_NO_WINDOW (windowsHide) when
+        // DETACHED_PROCESS (detached: true) is set, so the console-less
+        // cmd.exe's grandchildren (node, dev servers) each allocate a fresh
+        // VISIBLE console window. detached: false lets CREATE_NO_WINDOW
+        // apply: the child gets a hidden console that grandchildren inherit.
+        // Windows children survive parent exit either way. POSIX keeps
+        // detached for the process-group kill semantics.
+        detached: !isWin,
         windowsHide: true,
         signal: opts.signal
       });
@@ -886,24 +1048,22 @@ var bashTool = {
         });
         child2.on("close", () => registry.unregister(pid2));
       }
-      child2.stdout?.on("data", (chunk) => {
-        if (!truncated) {
-          const remain = MAX_OUTPUT - buf2.length;
-          if (remain > 0) {
-            buf2 += chunk.toString().slice(0, remain);
-          }
-          if (buf2.length >= MAX_OUTPUT) truncated = true;
+      const onBgData = (chunk) => {
+        if (truncated) return;
+        const remain = MAX_OUTPUT - buf2.length;
+        if (remain > 0) {
+          buf2 += chunk.toString().slice(0, remain);
         }
-      });
-      child2.stderr?.on("data", (chunk) => {
-        if (!truncated) {
-          const remain = MAX_OUTPUT - buf2.length;
-          if (remain > 0) {
-            buf2 += chunk.toString().slice(0, remain);
-          }
-          if (buf2.length >= MAX_OUTPUT) truncated = true;
+        if (buf2.length >= MAX_OUTPUT) {
+          truncated = true;
+          child2.stdout?.off("data", onBgData);
+          child2.stderr?.off("data", onBgData);
         }
-      });
+      };
+      child2.stdout?.on("data", onBgData);
+      child2.stderr?.on("data", onBgData);
+      child2.stdout?.unref?.();
+      child2.stderr?.unref?.();
       child2.on("close", () => {
         registry.afterCall(Date.now() - startedAt, false, bypassBreaker);
       });
@@ -942,6 +1102,7 @@ var bashTool = {
     let pending2 = "";
     let timedOut = false;
     const timers = [];
+    const spool = createOutputSpool({ tool: "bash", thresholdBytes: MAX_OUTPUT });
     function killWithTimeout(child2, timeoutMs2) {
       if (isWin) {
         if (typeof child2.pid === "number" && child2.exitCode === null && killWin32Tree(child2.pid)) {
@@ -1047,6 +1208,7 @@ var bashTool = {
       if (buf.length < MAX_OUTPUT) {
         buf += text.slice(0, MAX_OUTPUT - buf.length);
       }
+      spool.write(text);
       pending2 += text;
       push({ kind: "data", text });
       pauseIfFlooded();
@@ -1074,10 +1236,11 @@ var bashTool = {
           if (remainder !== null) {
             yield { type: "partial_output", text: remainder };
           }
+          const spooled = spool.finalize();
           yield {
             type: "final",
             output: {
-              output: normalizeCommandOutput(buf),
+              output: normalizeCommandOutput(buf) + (spooled ? spoolNote(spooled) : ""),
               exit_code: c.code,
               timed_out: timedOut
             }
@@ -1092,6 +1255,7 @@ var bashTool = {
       }
     } finally {
       for (const t of timers) clearTimeout(t);
+      spool.finalize();
       if (isWin) opts.signal.removeEventListener("abort", onAbort);
       child.stdout?.off("data", onData);
       child.stderr?.off("data", onData);
@@ -1114,6 +1278,7 @@ var batchToolUseTool = {
   permission: "confirm",
   mutating: true,
   timeoutMs: 12e4,
+  capabilities: ["tool.mutate.any"],
   inputSchema: {
     type: "object",
     properties: {
@@ -1515,7 +1680,7 @@ var IndexStore = class {
     this.indexDir = resolveIndexDir(projectRoot, opts.indexDir);
     fs.mkdirSync(this.indexDir, { recursive: true });
     const Database = loadDatabaseSync();
-    this.db = new Database(path2.join(this.indexDir, DB_FILE));
+    this.db = new Database(path3.join(this.indexDir, DB_FILE));
     try {
       this.db.exec("PRAGMA journal_mode = WAL");
       this.db.exec("PRAGMA busy_timeout = 5000");
@@ -1955,7 +2120,7 @@ var IndexStore = class {
     }));
   }
   sizeBytes() {
-    const dbPath = path2.join(this.indexDir, DB_FILE);
+    const dbPath = path3.join(this.indexDir, DB_FILE);
     try {
       return fs.statSync(dbPath).size;
     } catch {
@@ -2394,10 +2559,10 @@ func formatType(t ast.Expr) string {
 }
 `;
 function syncGoParse(filePath, content, lang) {
-  const tmpDir = path2.join(os.tmpdir(), "ws-go-parse");
+  const tmpDir = path3.join(os.tmpdir(), "ws-go-parse");
   try {
     mkdirSync(tmpDir, { recursive: true });
-    const scriptPath = path2.join(tmpDir, "parse.go");
+    const scriptPath = path3.join(tmpDir, "parse.go");
     writeFileSync(scriptPath, GO_PARSE_SCRIPT, "utf8");
     const stdout = execFileSync("go", ["run", scriptPath], {
       input: content,
@@ -2641,9 +2806,9 @@ print(json.dumps([s.to_dict() for s in syms]))
 `;
 function syncPyParse(filePath, lang) {
   try {
-    const tmpDir = path2.join(os.tmpdir(), "ws-py-parse");
+    const tmpDir = path3.join(os.tmpdir(), "ws-py-parse");
     mkdirSync(tmpDir, { recursive: true });
-    const scriptPath = path2.join(tmpDir, "parse.py");
+    const scriptPath = path3.join(tmpDir, "parse.py");
     writeFileSync(scriptPath, PY_PARSE_SCRIPT, "utf8");
     const stdout = execFileSync("python", [scriptPath, filePath], {
       timeout: 15e3,
@@ -2684,7 +2849,7 @@ function parseSymbols4(opts) {
 function checkNativeParser() {
   try {
     execFileSync("rustc", ["--version"], { stdio: "pipe", windowsHide: true });
-    const toolsDir = path2.join(process.cwd(), "tools");
+    const toolsDir = path3.join(process.cwd(), "tools");
     try {
       execFileSync(
         "cargo",
@@ -2694,7 +2859,7 @@ function checkNativeParser() {
           "--format-version",
           "1",
           "--manifest-path",
-          path2.join(toolsDir, "Cargo.toml")
+          path3.join(toolsDir, "Cargo.toml")
         ],
         { stdio: "pipe", windowsHide: true }
       );
@@ -2708,13 +2873,13 @@ function checkNativeParser() {
 }
 function tryNativeParse(file, content) {
   try {
-    const toolsDir = path2.join(process.cwd(), "tools");
-    const crateDir = path2.join(toolsDir, "syn-parser");
-    const tmpFile = path2.join(crateDir, "src", "input.rs");
+    const toolsDir = path3.join(process.cwd(), "tools");
+    const crateDir = path3.join(toolsDir, "syn-parser");
+    const tmpFile = path3.join(crateDir, "src", "input.rs");
     writeFileSync(tmpFile, content, "utf8");
     const result = spawnSync(
       "cargo",
-      ["run", "--manifest-path", path2.join(toolsDir, "Cargo.toml")],
+      ["run", "--manifest-path", path3.join(toolsDir, "Cargo.toml")],
       {
         cwd: process.cwd(),
         encoding: "utf8",
@@ -2813,7 +2978,7 @@ function parseSymbols5(opts) {
 function regexParse2(opts) {
   const { file, content, lang } = opts;
   const symbols = [];
-  const basename2 = path2.basename(file).toLowerCase();
+  const basename2 = path3.basename(file).toLowerCase();
   const isPackageJson = basename2 === "package.json";
   const isTsconfig = basename2 === "tsconfig.json" || basename2 === "tsconfig.build.json";
   const isJsonSchema = content.includes("$schema") || content.includes("$id") || content.includes("$ref");
@@ -2839,11 +3004,11 @@ function regexParse2(opts) {
     const line = lineFromOffset(offset);
     symbols.push(
       makeSymbol({
-        name: path2.basename(file),
+        name: path3.basename(file),
         kind: "object",
         line,
         col: 0,
-        signature: `"${path2.basename(file)}" = { ... }`,
+        signature: `"${path3.basename(file)}" = { ... }`,
         file,
         lang
       })
@@ -3193,7 +3358,7 @@ function compileGitignore(lines) {
 async function loadGitignoreMatcher(projectRoot) {
   let lines = [];
   try {
-    const raw = await fs14.readFile(path2.join(projectRoot, ".gitignore"), "utf8");
+    const raw = await fs14.readFile(path3.join(projectRoot, ".gitignore"), "utf8");
     lines = raw.split("\n");
   } catch {
   }
@@ -3257,14 +3422,14 @@ async function findSourceFiles(projectRoot, ignore, isGitIgnored, signal) {
     dirCount++;
     for (const e of entries) {
       if (ignoreSet.has(e.name)) continue;
-      const full = path2.join(dir, e.name);
-      const rel = path2.relative(projectRoot, full).replace(/\\/g, "/");
+      const full = path3.join(dir, e.name);
+      const rel = path3.relative(projectRoot, full).replace(/\\/g, "/");
       if (e.isDirectory()) {
         if (isGitIgnored(rel, true)) continue;
         await walk(full);
       } else if (e.isFile()) {
         if (isGitIgnored(rel, false)) continue;
-        const ext = path2.extname(e.name);
+        const ext = path3.extname(e.name);
         for (const { ext: extName, pat } of globs) {
           if (ext === extName && (pat.test(rel) || pat.test(e.name))) {
             results.push(full);
@@ -3319,7 +3484,7 @@ async function runIndexerWithStore(store, opts) {
   const isGitIgnored = await loadGitignoreMatcher(projectRoot);
   let files;
   if (opts.files && opts.files.length > 0) {
-    files = opts.files.map((f) => path2.resolve(projectRoot, f)).filter((f) => !isGitIgnored(path2.relative(projectRoot, f).replace(/\\/g, "/"), false));
+    files = opts.files.map((f) => path3.resolve(projectRoot, f)).filter((f) => !isGitIgnored(path3.relative(projectRoot, f).replace(/\\/g, "/"), false));
   } else {
     files = await findSourceFiles(projectRoot, ignore, isGitIgnored, signal);
   }
@@ -3342,20 +3507,20 @@ async function runIndexerWithStore(store, opts) {
       await yieldEventLoop();
       throwIfAborted(signal);
     }
-    let stat10;
+    let stat11;
     try {
       const statOpts = signal ? { signal } : {};
-      stat10 = await fs14.stat(file, statOpts);
+      stat11 = await fs14.stat(file, statOpts);
     } catch (e) {
       if (isAbortError(e)) throw e;
       store.deleteFile(file);
       continue;
     }
-    if (!stat10.isFile()) continue;
+    if (!stat11.isFile()) continue;
     const lang = detectLang(file);
     if (!lang) continue;
     const meta = existingMeta.get(file);
-    if (!force && meta && meta.mtimeMs === Math.floor(stat10.mtimeMs)) {
+    if (!force && meta && meta.mtimeMs === Math.floor(stat11.mtimeMs)) {
       langStats[lang] = (langStats[lang] ?? 0) + meta.symbolCount;
       symbolsIndexed += meta.symbolCount;
       filesIndexed++;
@@ -3382,7 +3547,7 @@ async function runIndexerWithStore(store, opts) {
       store.upsertFile({
         file,
         lang,
-        mtimeMs: Math.floor(stat10.mtimeMs),
+        mtimeMs: Math.floor(stat11.mtimeMs),
         symbolCount: 0,
         lastIndexed: Date.now()
       });
@@ -3408,7 +3573,7 @@ async function runIndexerWithStore(store, opts) {
     store.upsertFile({
       file,
       lang,
-      mtimeMs: Math.floor(stat10.mtimeMs),
+      mtimeMs: Math.floor(stat11.mtimeMs),
       symbolCount: count,
       lastIndexed: Date.now()
     });
@@ -3666,6 +3831,13 @@ function circuitOpenError() {
     "Codebase indexing is temporarily paused after repeated failures" + (c.lastFailure ? ` (last: ${c.lastFailure})` : "") + (c.cooldownRemainingMs > 0 ? `; auto-retry in ${Math.ceil(c.cooldownRemainingMs / 1e3)}s` : "") + ". Use /codebase-reindex to retry now."
   );
 }
+function isUniqueConstraintError(err) {
+  if (err instanceof Error) {
+    const msg = err.message.toLowerCase();
+    return msg.includes("unique constraint") || msg.includes("UNIQUE constraint");
+  }
+  return false;
+}
 async function runStartupIndex(opts) {
   if (!indexCircuitBreaker.allowRequest()) throw circuitOpenError();
   _indexing = true;
@@ -3695,6 +3867,15 @@ async function runStartupIndex(opts) {
     return result;
   } catch (err) {
     _lastError = err instanceof Error ? err.message : String(err);
+    if (isUniqueConstraintError(err) && !opts.force) {
+      _lastError = null;
+      const rebuildResult = await runStartupIndex({
+        ...opts,
+        force: true
+      });
+      _ready = true;
+      return rebuildResult;
+    }
     _ready = true;
     if (!opts.signal?.aborted) indexCircuitBreaker.recordFailure(err);
     throw err;
@@ -3997,11 +4178,11 @@ function findGitDir(cwd) {
   let dir = cwd;
   for (let i = 0; i < 20; i++) {
     try {
-      const stat10 = statSync(path2.join(dir, ".git"));
-      if (stat10.isDirectory()) return dir;
+      const stat11 = statSync(path3.join(dir, ".git"));
+      if (stat11.isDirectory()) return dir;
     } catch {
     }
-    const parent = path2.dirname(dir);
+    const parent = path3.dirname(dir);
     if (parent === dir) break;
     dir = parent;
   }
@@ -4042,8 +4223,8 @@ async function fileDiff(input, ctx, _signal) {
   const results = [];
   for (const file of files) {
     const absPath = safeResolve(file, ctx);
-    const stat10 = await fs14.stat(absPath).catch(() => null);
-    if (!stat10?.isFile()) continue;
+    const stat11 = await fs14.stat(absPath).catch(() => null);
+    if (!stat11?.isFile()) continue;
     const content = await fs14.readFile(absPath, "utf8");
     const lines = content.split(/\r?\n/);
     results.push(formatWithLineNumbers(file, lines));
@@ -4069,6 +4250,7 @@ var documentTool = {
   permission: "auto",
   mutating: false,
   timeoutMs: 3e4,
+  capabilities: ["fs.read"],
   inputSchema: {
     type: "object",
     properties: {
@@ -4142,8 +4324,8 @@ async function resolveFiles(filesInput, cwd) {
   for (const f of files) {
     const absPath = f.trim().startsWith("/") ? f.trim() : `${cwd}/${f.trim()}`;
     try {
-      const stat10 = await fs14.stat(absPath);
-      if (stat10.isFile()) resolved.push(absPath);
+      const stat11 = await fs14.stat(absPath);
+      if (stat11.isFile()) resolved.push(absPath);
     } catch {
     }
   }
@@ -4234,13 +4416,13 @@ var editTool = {
     if (input.new_string === void 0) throw new Error("edit: new_string is required");
     if (input.old_string === "") throw new Error("edit: old_string cannot be empty");
     const absPath = await safeResolveReal(input.path, ctx);
-    const stat10 = await fs14.stat(absPath).catch((err) => {
+    const stat11 = await fs14.stat(absPath).catch((err) => {
       if (err.code === "ENOENT") {
         throw new Error(`edit: file "${input.path}" does not exist. Use \`write\` instead.`);
       }
       throw err;
     });
-    if (!stat10.isFile()) throw new Error(`edit: "${input.path}" is not a regular file`);
+    if (!stat11.isFile()) throw new Error(`edit: "${input.path}" is not a regular file`);
     if (!ctx.hasRead(absPath)) {
       throw new Error(`edit: file "${input.path}" was not read in this session. Read it first.`);
     }
@@ -4510,9 +4692,9 @@ var execTool = {
         allowed: false
       };
     }
-    const requestedCwd = input.cwd ? path2.resolve(ctx.projectRoot, input.cwd) : ctx.cwd;
-    const rel = path2.relative(ctx.projectRoot, requestedCwd);
-    if (rel.startsWith("..") || path2.isAbsolute(rel)) {
+    const requestedCwd = input.cwd ? path3.resolve(ctx.projectRoot, input.cwd) : ctx.cwd;
+    const rel = path3.relative(ctx.projectRoot, requestedCwd);
+    if (rel.startsWith("..") || path3.isAbsolute(rel)) {
       return {
         command: cmd,
         args,
@@ -4534,6 +4716,7 @@ function runCommand(cmd, args, cwd, timeout, signal, sessionId) {
     let stderr = "";
     let killed = false;
     const startedAt = Date.now();
+    const spool = createOutputSpool({ tool: `exec-${cmd}`, thresholdBytes: MAX_OUTPUT2 });
     const resolved = resolveWin32Command(cmd);
     const isWin = process.platform === "win32";
     const needsShell = isWin && (resolved.endsWith(".cmd") || resolved.endsWith(".bat"));
@@ -4566,10 +4749,14 @@ function runCommand(cmd, args, cwd, timeout, signal, sessionId) {
       else signal.addEventListener("abort", onAbort, { once: true });
     }
     child.stdout?.on("data", (chunk) => {
-      if (stdout.length < MAX_OUTPUT2) stdout += chunk.toString();
+      const text = chunk.toString();
+      if (stdout.length < MAX_OUTPUT2) stdout += text;
+      spool.write(text);
     });
     child.stderr?.on("data", (chunk) => {
-      if (stderr.length < MAX_OUTPUT2) stderr += chunk.toString();
+      const text = chunk.toString();
+      if (stderr.length < MAX_OUTPUT2) stderr += text;
+      spool.write(text);
     });
     child.on("close", (code) => {
       clearTimeout(timer);
@@ -4578,10 +4765,11 @@ function runCommand(cmd, args, cwd, timeout, signal, sessionId) {
       const durationMs = Date.now() - startedAt;
       const exitCode = killed ? 124 : code ?? 1;
       registry.afterCall(durationMs, exitCode !== 0);
+      const spooled = spool.finalize();
       resolve7({
         command: cmd,
         args,
-        stdout: normalizeCommandOutput(stdout),
+        stdout: normalizeCommandOutput(stdout) + (spooled ? spoolNote(spooled) : ""),
         stderr: normalizeCommandOutput(stderr),
         exitCode,
         truncated: Buffer.byteLength(stdout, "utf8") > COMMAND_OUTPUT_MAX_BYTES || Buffer.byteLength(stderr, "utf8") > COMMAND_OUTPUT_MAX_BYTES,
@@ -4593,6 +4781,7 @@ function runCommand(cmd, args, cwd, timeout, signal, sessionId) {
       if (isWin) signal.removeEventListener("abort", onAbort);
       if (typeof pid === "number") registry.unregister(pid);
       registry.afterCall(Date.now() - startedAt, true);
+      spool.finalize();
       resolve7({
         command: cmd,
         args,
@@ -5023,13 +5212,13 @@ var formatTool = {
   }
 };
 async function detectFixer(cwd) {
-  const { stat: stat10 } = await import('node:fs/promises');
+  const { stat: stat11 } = await import('node:fs/promises');
   try {
-    await stat10(`${cwd}/biome.json`);
+    await stat11(`${cwd}/biome.json`);
     return "biome";
   } catch {
     try {
-      await stat10(`${cwd}/.prettierrc`);
+      await stat11(`${cwd}/.prettierrc`);
       return "prettier";
     } catch {
       return "biome";
@@ -5172,8 +5361,8 @@ function findGitDir2(cwd, projectRoot) {
   let dir = cwd;
   for (let i = 0; i < 20; i++) {
     try {
-      const stat10 = statSync(`${dir}/.git`);
-      if (stat10.isDirectory() || stat10.isFile()) return dir;
+      const stat11 = statSync(`${dir}/.git`);
+      if (stat11.isDirectory() || stat11.isFile()) return dir;
     } catch {
     }
     if (dir === root) break;
@@ -5347,7 +5536,7 @@ var globTool = {
         if (DEFAULT_IGNORE2.includes(name)) continue;
         if (ignored.includes(name)) continue;
         const rel = relPrefix ? `${relPrefix}/${name}` : name;
-        const full = path2.join(dir, name);
+        const full = path3.join(dir, name);
         if (e.isDirectory()) {
           await walk(full, rel);
           if (truncated) return;
@@ -5373,7 +5562,7 @@ var globTool = {
 };
 async function readGitignore(dir) {
   try {
-    const raw = await fs14.readFile(path2.join(dir, ".gitignore"), "utf8");
+    const raw = await fs14.readFile(path3.join(dir, ".gitignore"), "utf8");
     return raw.split("\n").map((l) => l.trim()).filter((l) => l && !l.startsWith("#"));
   } catch {
     return [];
@@ -5665,15 +5854,15 @@ async function runNative(input, base, mode, limit, signal) {
       if (stopped) return;
       if (DEFAULT_IGNORE3.includes(e.name)) continue;
       if (e.isSymbolicLink()) continue;
-      const full = path2.join(dir, e.name);
+      const full = path3.join(dir, e.name);
       if (e.isDirectory()) {
         await walk(full);
       } else if (e.isFile()) {
         if (globRe && !globRe.test(e.name) && !globRe.test(full)) continue;
         if (globRe) globRe.lastIndex = 0;
         try {
-          const stat10 = await fs14.stat(full);
-          if (stat10.size > 1e6) continue;
+          const stat11 = await fs14.stat(full);
+          if (stat11.size > 1e6) continue;
           const head = await fs14.readFile(full);
           if (isBinaryBuffer(head)) continue;
           const text = head.toString("utf8");
@@ -5857,6 +6046,7 @@ var jsonTool = {
   permission: "auto",
   mutating: false,
   timeoutMs: 5e3,
+  capabilities: ["fs.read"],
   inputSchema: {
     type: "object",
     properties: {
@@ -5921,8 +6111,8 @@ var jsonTool = {
     };
   }
 };
-function query(data, path20) {
-  const parts = path20.replace(/\[(\d+)\]/g, ".$1").split(".").filter(Boolean);
+function query(data, path21) {
+  const parts = path21.replace(/\[(\d+)\]/g, ".$1").split(".").filter(Boolean);
   let current = data;
   for (const part of parts) {
     if (current === null || current === void 0) return void 0;
@@ -5980,6 +6170,7 @@ var lintTool = {
   permission: "confirm",
   mutating: false,
   timeoutMs: 6e4,
+  capabilities: ["shell.restricted"],
   inputSchema: {
     type: "object",
     properties: {
@@ -6051,11 +6242,11 @@ var lintTool = {
   }
 };
 async function detectLinter(cwd) {
-  const { stat: stat10 } = await import('node:fs/promises');
+  const { stat: stat11 } = await import('node:fs/promises');
   const checks = ["biome.json", ".eslintrc.json", "tslint.json", ".eslintrc.js", "tsconfig.json"];
   for (const f of checks) {
     try {
-      await stat10(`${cwd}/${f}`);
+      await stat11(`${cwd}/${f}`);
       if (f.includes("biome")) return "biome";
       if (f.includes("eslint")) return "eslint";
       if (f.includes("tslint")) return "tslint";
@@ -6072,6 +6263,7 @@ var logsTool = {
   permission: "confirm",
   mutating: false,
   timeoutMs: 3e4,
+  capabilities: ["shell.restricted"],
   inputSchema: {
     type: "object",
     properties: {
@@ -6193,7 +6385,7 @@ async function dockerLogs(service, lines, filterRe, cwd, signal, since) {
 }
 var DOCKER_LOGS_TIMEOUT_MS = 3e3;
 var MAX_TAIL_LINES = 1e5;
-async function fileLogs(path20, lines, filterRe, stream) {
+async function fileLogs(path21, lines, filterRe, stream) {
   const { createInterface } = await import('node:readline');
   const { createReadStream } = await import('node:fs');
   const entries = [];
@@ -6202,7 +6394,7 @@ async function fileLogs(path20, lines, filterRe, stream) {
   let writeIdx = 0;
   let totalLines = 0;
   const rl = createInterface({
-    input: createReadStream(path20),
+    input: createReadStream(path21),
     crlfDelay: Number.POSITIVE_INFINITY
   });
   for await (const line of rl) {
@@ -6223,7 +6415,7 @@ async function fileLogs(path20, lines, filterRe, stream) {
     if (parsed) entries.push(parsed);
   }
   return {
-    source: path20,
+    source: path21,
     entries,
     total: entries.length,
     truncated: totalLines > effLines,
@@ -6269,9 +6461,23 @@ var outdatedTool = {
   name: "outdated",
   category: "Package Management",
   description: "Check for outdated dependencies in the project. Reports current, wanted (semver range), and latest versions available.",
-  usageHint: "MAINTENANCE & SECURITY TOOL:\n\n- Run periodically or before dependency-related work.\n- Helps surface packages that may need updates for security or features.\n- Safe, read-only operation.\nUse the output to decide on upgrades. Prefer this over manual shell commands for dependency hygiene.",
-  permission: "auto",
-  mutating: false,
+  usageHint: "MAINTENANCE & SECURITY TOOL:\n\n- Run periodically or before dependency-related work.\n- Helps surface packages that may need updates for security or features.\n- Hits the package registry over HTTP, so it is NOT purely local \u2014 flagged as mutating for the confirmation gate.\nUse the output to decide on upgrades. Prefer this over manual shell commands for dependency hygiene.",
+  permission: "confirm",
+  // Network side-effecting (registry HTTP). Pairs with `mutating: true`
+  // so the H7 invariant test (`no auto-permission tool declares
+  // mutating: true`) passes — a tool claiming `'auto'` must be purely
+  // read-only, but `outdated` makes outbound HTTP calls to the
+  // registry. The 'confirm' permission routes the call through the
+  // tool.confirm_needed flow on every invocation. M-1 originally
+  // fixed four sibling tools (mcp_control, shellcheck, shellcheck_scan,
+  // web_search) but missed this one; applying the same contract here.
+  mutating: true,
+  // Capability is just "network" — the tool only hits the package
+  // registry over HTTP, never touches the filesystem or runs shell.
+  // The H7 invariant test requires this array to be non-empty for
+  // any mutating:true tool (meta-tools whitelisted). See
+  // tests/permission-mutating-invariant.test.ts:92.
+  capabilities: ["network"],
   timeoutMs: 6e4,
   inputSchema: {
     type: "object",
@@ -6392,9 +6598,9 @@ var patchTool = {
     for (const t of targets) {
       const stripped = stripPathComponents(t, strip);
       if (!stripped) continue;
-      const candidate = path2.resolve(dir, stripped);
-      const rel = path2.relative(ctx.projectRoot, candidate);
-      if (rel.startsWith("..") || path2.isAbsolute(rel)) {
+      const candidate = path3.resolve(dir, stripped);
+      const rel = path3.relative(ctx.projectRoot, candidate);
+      if (rel.startsWith("..") || path3.isAbsolute(rel)) {
         return {
           applied: 0,
           rejected: 1,
@@ -6404,11 +6610,11 @@ var patchTool = {
         };
       }
     }
-    const tmpDir = await fs14.mkdtemp(path2.join(os.tmpdir(), ".wstack_patch_"));
+    const tmpDir = await fs14.mkdtemp(path3.join(os.tmpdir(), ".wstack_patch_"));
     try {
       await fs14.chmod(tmpDir, 448).catch(() => {
       });
-      const patchFile = path2.join(tmpDir, "in.diff");
+      const patchFile = path3.join(tmpDir, "in.diff");
       await fs14.writeFile(patchFile, input.patch, { mode: 384 });
       const args = [`-p${strip}`, "--merge", ...dryRun ? ["--dry-run"] : [], "-i", patchFile];
       const result = await runPatch(args, dir, opts.signal);
@@ -6730,9 +6936,9 @@ var readTool = {
   async execute(input, ctx) {
     if (!input?.path) throw new Error("read: path is required");
     const absPath = await safeResolveReal(input.path, ctx);
-    let stat10;
+    let stat11;
     try {
-      stat10 = await fs14.stat(absPath);
+      stat11 = await fs14.stat(absPath);
     } catch (err) {
       const code = err.code;
       if (code === "ENOENT") throw new Error(`read: file not found "${input.path}"`);
@@ -6740,9 +6946,9 @@ var readTool = {
         `read: failed to stat "${input.path}": ${err instanceof Error ? err.message : String(err)}`
       );
     }
-    if (!stat10.isFile()) throw new Error(`read: "${input.path}" is not a regular file`);
-    if (stat10.size > MAX_BYTES2) {
-      throw new Error(`read: file too large (${stat10.size} bytes, limit ${MAX_BYTES2})`);
+    if (!stat11.isFile()) throw new Error(`read: "${input.path}" is not a regular file`);
+    if (stat11.size > MAX_BYTES2) {
+      throw new Error(`read: file too large (${stat11.size} bytes, limit ${MAX_BYTES2})`);
     }
     const buf = await fs14.readFile(absPath);
     if (isBinaryBuffer(buf)) {
@@ -6754,14 +6960,14 @@ var readTool = {
     const offset = Math.max(1, input.offset ?? 1);
     const limit = Math.max(0, Math.min(input.limit ?? 2e3, 5e3));
     if (limit === 0) {
-      ctx.recordRead(absPath, stat10.mtimeMs);
+      ctx.recordRead(absPath, stat11.mtimeMs);
       return { text: "", total_lines: total, encoding: "utf8", truncated: total > 0 };
     }
     const slice = allLines.slice(offset - 1, offset - 1 + limit);
     const truncated = offset - 1 + slice.length < total;
     const width = String(offset + slice.length - 1).length;
     const numbered = slice.map((line, i) => `${String(offset + i).padStart(width, " ")}\u2192${line}`).join("\n");
-    ctx.recordRead(absPath, stat10.mtimeMs);
+    ctx.recordRead(absPath, stat11.mtimeMs);
     return {
       text: numbered,
       total_lines: total,
@@ -6828,10 +7034,10 @@ var replaceTool = {
       } catch {
         continue;
       }
-      const rel = path2.relative(realRoot, realPath);
-      if (rel.startsWith("..") || path2.isAbsolute(rel)) continue;
-      const stat10 = await fs14.stat(realPath).catch(() => null);
-      if (!stat10 || !stat10.isFile()) continue;
+      const rel = path3.relative(realRoot, realPath);
+      if (rel.startsWith("..") || path3.isAbsolute(rel)) continue;
+      const stat11 = await fs14.stat(realPath).catch(() => null);
+      if (!stat11 || !stat11.isFile()) continue;
       let content;
       try {
         const buf = await fs14.readFile(realPath);
@@ -6856,7 +7062,7 @@ var replaceTool = {
       totalReplacements += count;
       if (!dryRun) {
         const newContent = toStyle(newContentLf, style);
-        await atomicWrite(realPath, newContent, { mode: stat10.mode & 511 });
+        await atomicWrite(realPath, newContent, { mode: stat11.mode & 511 });
       }
       const diff = dryRun || matches.length > 0 ? unifiedDiff(content, toStyle(newContentLf, style), {
         fromFile: absPath,
@@ -6886,8 +7092,8 @@ async function resolveFiles2(filesInput, ctx, extraGlob) {
   const resolved = [];
   for (const p of parts) {
     const absPath = safeResolve(p, ctx);
-    const stat10 = await fs14.stat(absPath).catch(() => null);
-    if (stat10?.isFile()) {
+    const stat11 = await fs14.stat(absPath).catch(() => null);
+    if (stat11?.isFile()) {
       resolved.push(absPath);
     }
   }
@@ -6948,10 +7154,10 @@ async function globNative(pattern, base, extraGlob) {
     }
     for (const e of entries) {
       if (DEFAULT_IGNORE4.includes(e.name)) continue;
-      const full = path2.join(dir, e.name);
+      const full = path3.join(dir, e.name);
       try {
-        const stat10 = await fs14.lstat(full);
-        if (stat10.isSymbolicLink()) continue;
+        const stat11 = await fs14.lstat(full);
+        if (stat11.isSymbolicLink()) continue;
       } catch {
         continue;
       }
@@ -7118,16 +7324,16 @@ async function handleBuiltIn(name, templateFiles, cwd, ctx, dryRun, vars) {
   let filesCreated = 0;
   for (const [filePath, content] of Object.entries(templateFiles)) {
     const resolvedPath = substituteVars(filePath, name, vars);
-    const joinedPath = path2.join(cwd, resolvedPath);
-    const root = path2.resolve(ctx.projectRoot);
-    const target = path2.resolve(joinedPath);
-    const rel = path2.relative(root, target);
-    if (rel.startsWith("..") || path2.isAbsolute(rel)) {
+    const joinedPath = path3.join(cwd, resolvedPath);
+    const root = path3.resolve(ctx.projectRoot);
+    const target = path3.resolve(joinedPath);
+    const rel = path3.relative(root, target);
+    if (rel.startsWith("..") || path3.isAbsolute(rel)) {
       throw new Error(`scaffold: generated path "${resolvedPath}" would escape project root`);
     }
     const fullPath = target;
     if (!dryRun) {
-      await fs14.mkdir(path2.dirname(fullPath), { recursive: true });
+      await fs14.mkdir(path3.dirname(fullPath), { recursive: true });
       await atomicWrite(fullPath, substituteVars(content, name, vars));
     }
     files.push(resolvedPath);
@@ -7724,6 +7930,7 @@ var testTool = {
   permission: "confirm",
   mutating: false,
   timeoutMs: 12e4,
+  capabilities: ["shell.restricted"],
   inputSchema: {
     type: "object",
     properties: {
@@ -7740,7 +7947,11 @@ var testTool = {
       coverage: { type: "boolean", description: "Generate coverage report (default: false)" },
       cwd: { type: "string", description: "Working directory (default: cwd)" },
       grep: { type: "string", description: "Filter tests by name pattern (default: none)" },
-      timeout: { type: "integer", description: "Test timeout in ms (default: 30000)" }
+      timeout: { type: "integer", description: "Test timeout in ms (default: 30000)" },
+      verbose: {
+        type: "boolean",
+        description: "Per-test verbose reporter output (default: false \u2014 the summary reporter is used; full output is always saved to a log file referenced in the result)"
+      }
     }
   },
   async execute(input, ctx, opts) {
@@ -7788,11 +7999,11 @@ var testTool = {
   }
 };
 async function detectRunner(cwd) {
-  const { stat: stat10 } = await import('node:fs/promises');
+  const { stat: stat11 } = await import('node:fs/promises');
   const candidates = ["vitest.config.ts", "jest.config.js", ".mocharc.json"];
   for (const f of candidates) {
     try {
-      await stat10(path2.join(cwd, f));
+      await stat11(path3.join(cwd, f));
       if (f.includes("vitest")) return "vitest";
       if (f.includes("jest")) return "jest";
       if (f.includes("mocha")) return "mocha";
@@ -7806,17 +8017,14 @@ function buildArgs2(runner, input) {
   const timeout = input.timeout ?? 3e4;
   switch (runner) {
     case "vitest":
-      args.push("run", "--reporter=verbose");
-      if (input.watch) {
-        args[1] = "";
-        args.push("watch");
-      }
+      args.push(input.watch ? "watch" : "run");
+      if (input.verbose) args.push("--reporter=verbose");
       if (input.coverage) args.push("--coverage");
       if (input.grep) args.push("--testNamePattern", input.grep);
       args.push("--testTimeout", String(timeout));
       break;
     case "jest":
-      args.push("--verbose");
+      if (input.verbose) args.push("--verbose");
       if (input.watch) args.push("--watch");
       if (input.coverage) args.push("--coverage");
       if (input.grep) args.push("--testPathPattern", input.grep);
@@ -7860,7 +8068,13 @@ function parseResult(runner, result, duration) {
     passed,
     failed,
     duration_ms: duration,
-    output: normalizeCommandOutput(result.stdout || result.error || ""),
+    // A passing run only needs the tail summary in chat history — counts are
+    // already parsed above and the FULL log is on disk (spool marker rides
+    // the stdout tail). Failures keep the standard command-output cap so
+    // the agent sees the failure details inline.
+    output: normalizeCommandOutput(result.stdout || result.error || "", {
+      maxBytes: result.exitCode === 0 ? 4096 : void 0
+    }),
     truncated: result.truncated
   };
 }
@@ -7873,6 +8087,7 @@ var todoTool = {
   mutating: false,
   // mutates only conversation state (ctx.todos), not external state — no confirmation needed
   timeoutMs: 1e3,
+  capabilities: ["session.todo"],
   inputSchema: {
     type: "object",
     properties: {
@@ -7980,6 +8195,7 @@ var toolHelpTool = {
   permission: "auto",
   mutating: false,
   timeoutMs: 5e3,
+  capabilities: ["tool.meta"],
   inputSchema: {
     type: "object",
     properties: {
@@ -8102,6 +8318,7 @@ var toolSearchTool = {
   permission: "auto",
   mutating: false,
   timeoutMs: 1e3,
+  capabilities: ["tool.meta"],
   inputSchema: {
     type: "object",
     properties: {
@@ -8180,6 +8397,7 @@ var toolUseTool = {
   permission: "confirm",
   mutating: true,
   timeoutMs: 6e4,
+  capabilities: ["tool.mutate.any"],
   inputSchema: {
     type: "object",
     properties: {
@@ -8408,7 +8626,7 @@ async function walkDir(dir, depth, opts) {
     opts.lines.push(opts.prefix + branch + displayName);
     if (entry.isDirectory() && (opts.maxDepth === 0 || depth < opts.maxDepth)) {
       const childPrefix = opts.prefix + connector;
-      await walkDir(path2.join(dir, entry.name), depth + 1, {
+      await walkDir(path3.join(dir, entry.name), depth + 1, {
         ...opts,
         prefix: childPrefix,
         isLast
@@ -8424,6 +8642,7 @@ var typecheckTool = {
   permission: "confirm",
   mutating: false,
   timeoutMs: 12e4,
+  capabilities: ["shell.restricted"],
   inputSchema: {
     type: "object",
     properties: {
@@ -8487,12 +8706,12 @@ var typecheckTool = {
   }
 };
 async function findTsConfig(cwd) {
-  const { stat: stat10 } = await import('node:fs/promises');
+  const { stat: stat11 } = await import('node:fs/promises');
   const candidates = ["tsconfig.json", "tsconfig.base.json"];
   for (const f of candidates) {
     try {
-      const s = await stat10(path2.join(cwd, f));
-      if (s.isFile()) return path2.join(cwd, f);
+      const s = await stat11(path3.join(cwd, f));
+      if (s.isFile()) return path3.join(cwd, f);
     } catch {
     }
   }
@@ -8528,12 +8747,12 @@ var writeTool = {
     let existed = false;
     let prev = "";
     try {
-      const stat11 = await fs14.stat(absPath);
-      existed = stat11.isFile();
+      const stat12 = await fs14.stat(absPath);
+      existed = stat12.isFile();
       if (existed) {
         if (!ctx.hasRead(absPath)) {
           prev = await fs14.readFile(absPath, "utf8");
-          ctx.recordRead(absPath, stat11.mtimeMs);
+          ctx.recordRead(absPath, stat12.mtimeMs);
         } else {
           prev = await fs14.readFile(absPath, "utf8");
         }
@@ -8546,8 +8765,8 @@ var writeTool = {
     await atomicWrite(absPath, input.content);
     const diff = existed ? unifiedDiff(prev, input.content, { fromFile: input.path, toFile: input.path }) : `+++ ${input.path}
 + (new file, ${input.content.split("\n").length} lines)`;
-    const stat10 = await fs14.stat(absPath);
-    ctx.recordRead(absPath, stat10.mtimeMs);
+    const stat11 = await fs14.stat(absPath);
+    ctx.recordRead(absPath, stat11.mtimeMs);
     ctx.session.recordFileChange({
       path: absPath,
       action: existed ? "modified" : "created",