@wrongstack/tools 0.264.0 → 0.265.1

package/dist/patch.js

@@ -2,21 +2,27 @@ import { spawn } from 'node:child_process';
 import * as fs from 'node:fs/promises';
 import * as os from 'node:os';
 import * as path from 'node:path';
+import * as Core from '@wrongstack/core';
 import { buildChildEnv } from '@wrongstack/core';
 
 // src/patch.ts
 function resolvePath(input, ctx) {
   return path.isAbsolute(input) ? path.normalize(input) : path.resolve(ctx.workingDir ?? ctx.cwd, input);
 }
+function allowedRoots(ctx) {
+  return [path.resolve(ctx.projectRoot), path.resolve(Core.wstackGlobalRoot())];
+}
+function isInsideAny(target, roots) {
+  return roots.some((root) => {
+    const rel = path.relative(root, target);
+    return rel === "" || !rel.startsWith("..") && !path.isAbsolute(rel);
+  });
+}
 function ensureInsideRoot(absPath, ctx) {
-  if (ctx.allowOutsideProjectRoot) return path.resolve(absPath);
-  const root = path.resolve(ctx.projectRoot);
   const target = path.resolve(absPath);
-  const rel = path.relative(root, target);
-  if (rel.startsWith("..") || path.isAbsolute(rel)) {
-    throw new Error(`Path "${absPath}" is outside project root "${root}"`);
-  }
-  return target;
+  if (ctx.allowOutsideProjectRoot) return target;
+  if (isInsideAny(target, allowedRoots(ctx))) return target;
+  throw new Error(`Path "${absPath}" is outside project root "${path.resolve(ctx.projectRoot)}"`);
 }
 function safeResolve(input, ctx) {
   return ensureInsideRoot(resolvePath(input, ctx), ctx);
@@ -31,6 +37,7 @@ var patchTool = {
   permission: "confirm",
   mutating: true,
   capabilities: ["fs.write"],
+  icon: "edit",
   timeoutMs: 3e4,
   inputSchema: {
     type: "object",

package/dist/patch.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../src/_util.ts","../src/patch.ts"],"names":["path2","resolve"],"mappings":";;;;;;;AA8BO,SAAS,WAAA,CAAY,OAAe,GAAA,EAAsB;AAC/D,EAAA,OAAY,IAAA,CAAA,UAAA,CAAW,KAAK,CAAA,GAAS,IAAA,CAAA,SAAA,CAAU,KAAK,CAAA,GAAS,IAAA,CAAA,OAAA,CAAQ,GAAA,CAAI,UAAA,IAAc,GAAA,CAAI,GAAA,EAAK,KAAK,CAAA;AACvG;AAEO,SAAS,gBAAA,CAAiB,SAAiB,GAAA,EAAsB;AAEtE,EAAA,IAAI,GAAA,CAAI,uBAAA,EAAyB,OAAY,IAAA,CAAA,OAAA,CAAQ,OAAO,CAAA;AAC5D,EAAA,MAAM,IAAA,GAAY,IAAA,CAAA,OAAA,CAAQ,GAAA,CAAI,WAAW,CAAA;AACzC,EAAA,MAAM,MAAA,GAAc,aAAQ,OAAO,CAAA;AACnC,EAAA,MAAM,GAAA,GAAW,IAAA,CAAA,QAAA,CAAS,IAAA,EAAM,MAAM,CAAA;AACtC,EAAA,IAAI,IAAI,UAAA,CAAW,IAAI,CAAA,IAAU,IAAA,CAAA,UAAA,CAAW,GAAG,CAAA,EAAG;AAChD,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,MAAA,EAAS,OAAO,CAAA,2BAAA,EAA8B,IAAI,CAAA,CAAA,CAAG,CAAA;AAAA,EACvE;AACA,EAAA,OAAO,MAAA;AACT;AAEO,SAAS,WAAA,CAAY,OAAe,GAAA,EAAsB;AAC/D,EAAA,OAAO,gBAAA,CAAiB,WAAA,CAAY,KAAA,EAAO,GAAG,GAAG,GAAG,CAAA;AACtD;;;ACzBO,IAAM,SAAA,GAA2C;AAAA,EACtD,IAAA,EAAM,OAAA;AAAA,EACN,QAAA,EAAU,YAAA;AAAA,EACV,WAAA,EACE,+JAAA;AAAA,EACF,SAAA,EACE,6SAAA;AAAA,EAIF,UAAA,EAAY,SAAA;AAAA,EACZ,QAAA,EAAU,IAAA;AAAA,EACV,YAAA,EAAc,CAAC,UAAU,CAAA;AAAA,EACzB,SAAA,EAAW,GAAA;AAAA,EACX,WAAA,EAAa;AAAA,IACX,IAAA,EAAM,QAAA;AAAA,IACN,UAAA,EAAY;AAAA,MACV,KAAA,EAAO,EAAE,IAAA,EAAM,QAAA,EAAU,aAAa,4BAAA,EAA6B;AAAA,MACnE,SAAA,EAAW,EAAE,IAAA,EAAM,QAAA,EAAU,aAAa,yCAAA,EAA0C;AAAA,MACpF,KAAA,EAAO,EAAE,IAAA,EAAM,SAAA,EAAW,aAAa,4CAAA,EAA6C;AAAA,MACpF,OAAA,EAAS,EAAE,IAAA,EAAM,SAAA,EAAW,aAAa,0BAAA;AAA2B,KACtE;AAAA,IACA,QAAA,EAAU,CAAC,OAAO;AAAA,GACpB;AAAA,EACA,MAAM,OAAA,CAAQ,KAAA,EAAO,GAAA,EAAK,IAAA,EAAM;AAC9B,IAAA,IAAI,CAAC,KAAA,EAAO,KAAA,EAAO,MAAM,IAAI,MAAM,kCAAkC,CAAA;AAErE,IAAA,MAAM,GAAA,GAAM,MAAM,SAAA,GAAY,WAAA,CAAY,MAAM,SAAA,EAAW,GAAG,IAAI,GAAA,CAAI,GAAA;AAGtE,IAAA,MAAM,QAAQ,IAAA,CAAK,GAAA,CAAI,CAAA,EAAG,KAAA,CAAM,SAAS,CAAC,CAAA;AAC1C,IAAA,MAAM,MAAA,GAAS,MAAM,OAAA,IAAW,KAAA;AAKhC,IAAA,MAAM,OAAA,GAAU,kBAAA,CAAmB,KAAA,CAAM,KAAK,CAAA;AAC9C,IAAA,KAAA,MAAW,KAAK,OAAA,EAAS;AACvB,MAAA,MAAM,QAAA,GAAW,mBAAA,CAAoB,CAAA,EAAG,KAAK,CAAA;AAC7C,MAAA,IAAI,CAAC,QAAA,EAAU;AACf,MAAA,MAAM,SAAA,GAAiBA,IAAA,CAAA,OAAA,CAAQ,GAAA,EAAK,QAAQ,CAAA;AAC5C,MAAA,MAAM,GAAA,GAAWA,IAAA,CAAA,QAAA,CAAS,GAAA,CAAI,WAAA,EAAa,SAAS,CAAA;AACpD,MAAA,IAAI,IAAI,UAAA,CAAW,IAAI,CAAA,IAAUA,IAAA,CAAA,UAAA,CAAW,GAAG,CAAA,EAAG;AAChD,QAAA,OAAO;AAAA,UACL,OAAA,EAAS,CAAA;AAAA,UACT,QAAA,EAAU,CAAA;AAAA,UACV,OAAO,EAAC;AAAA,UACR,OAAA,EAAS,MAAA;AAAA,UACT,OAAA,EAAS,0BAA0B,CAAC,CAAA,+BAAA;AAAA,SACtC;AAAA,MACF;AAAA,IACF;AAKA,IAAA,MAAM,SAAS,MAAS,EAAA,CAAA,OAAA,CAAaA,UAAQ,EAAA,CAAA,MAAA,EAAO,EAAG,gBAAgB,CAAC,CAAA;AACxE,IAAA,IAAI;AACF,MAAA,MAAS,EAAA,CAAA,KAAA,CAAM,MAAA,EAAQ,GAAK,CAAA,CAAE,MAAM,MAAM;AAAA,MAE1C,CAAC,CAAA;AACD,MAAA,MAAM,SAAA,GAAiBA,IAAA,CAAA,IAAA,CAAK,MAAA,EAAQ,SAAS,CAAA;AAC7C,MAAA,MAAS,aAAU,SAAA,EAAW,KAAA,CAAM,OAAO,EAAE,IAAA,EAAM,KAAO,CAAA;AAE1D,MAAA,MAAM,IAAA,GAAO,CAAC,CAAA,EAAA,EAAK,KAAK,IAAI,SAAA,EAAW,GAAI,MAAA,GAAS,CAAC,WAAW,CAAA,GAAI,EAAC,EAAI,MAAM,SAAS,CAAA;AAExF,MAAA,MAAM,SAAS,MAAM,QAAA,CAAS,IAAA,EAAM,GAAA,EAAK,KAAK,MAAM,CAAA;AAEpD,MAAA,IAAI,MAAA,CAAO,QAAA,KAAa,CAAA,IAAK,CAAC,MAAA,EAAQ;AACpC,QAAA,OAAO;AAAA,UACL,OAAA,EAAS,CAAA;AAAA,UACT,QAAA,EAAU,CAAA;AAAA,UACV,OAAO,EAAC;AAAA,UACR,OAAA,EAAS,MAAA;AAAA,UACT,OAAA,EAAS,CAAA,cAAA,EAAiB,MAAA,CAAO,MAAA,IAAU,OAAO,MAAM,CAAA;AAAA,SAC1D;AAAA,MACF;AAEA,MAAA,MAAM,OAAA,GAAU,mBAAA,CAAoB,MAAA,CAAO,MAAM,CAAA;AACjD,MAAA,OAAO;AAAA,QACL,SAAS,OAAA,CAAQ,MAAA;AAAA,QACjB,QAAA,EAAU,CAAA;AAAA,QACV,KAAA,EAAO,OAAA;AAAA,QACP,OAAA,EAAS,MAAA;AAAA,QACT,OAAA,EAAS,OAAO,MAAA,IAAU;AAAA,OAC5B;AAAA,IACF,CAAA,SAAE;AACA,MAAA,MAAS,EAAA,CAAA,EAAA,CAAG,MAAA,EAAQ,EAAE,SAAA,EAAW,IAAA,EAAM,OAAO,IAAA,EAAM,CAAA,CAAE,KAAA,CAAM,MAAM;AAAA,MAAC,CAAC,CAAA;AAAA,IACtE;AAAA,EACF;AACF;AAGA,SAAS,mBAAmB,KAAA,EAAyB;AACnD,EAAA,MAAM,MAAgB,EAAC;AAKvB,EAAA,MAAM,EAAA,GAAK,0BAAA;AACX,EAAA,KAAA,MAAW,CAAA,IAAK,KAAA,CAAM,QAAA,CAAS,EAAE,CAAA,EAAG;AAClC,IAAA,MAAM,GAAA,GAAM,EAAE,CAAC,CAAA;AACf,IAAA,IAAI,CAAC,GAAA,EAAK;AACV,IAAA,MAAM,MAAA,GAAS,GAAA,CAAI,MAAA,GAAS,IAAA,GAAO,GAAA,CAAI,KAAA,CAAM,CAAA,EAAG,IAAI,CAAA,CAAE,IAAA,EAAK,GAAI,GAAA,CAAI,IAAA,EAAK;AACxE,IAAA,IAAI,CAAC,MAAA,IAAU,MAAA,KAAW,WAAA,EAAa;AACvC,IAAA,GAAA,CAAI,KAAK,MAAM,CAAA;AAAA,EACjB;AACA,EAAA,OAAO,GAAA;AACT;AAIA,SAAS,mBAAA,CAAoB,GAAW,KAAA,EAAmC;AAIzE,EAAA,MAAM,KAAA,GAAQ,CAAA,CAAE,OAAA,CAAQ,KAAA,EAAO,GAAG,CAAA,CAAE,KAAA,CAAM,GAAG,CAAA,CAAE,OAAO,CAAC,CAAA,KAAM,CAAA,KAAM,EAAA,IAAM,MAAM,GAAG,CAAA;AAClF,EAAA,IAAI,KAAA,CAAM,MAAA,IAAU,KAAA,EAAO,OAAO,MAAA;AAClC,EAAA,OAAO,KAAA,CAAM,KAAA,CAAM,KAAK,CAAA,CAAE,KAAK,GAAG,CAAA;AACpC;AAEA,SAAS,QAAA,CACP,IAAA,EACA,GAAA,EACA,MAAA,EAC+D;AAC/D,EAAA,OAAO,IAAI,OAAA,CAAQ,CAACC,QAAAA,KAAY;AAC9B,IAAA,IAAI,MAAA,GAAS,EAAA;AACb,IAAA,IAAI,MAAA,GAAS,EAAA;AAMb,IAAA,MAAM,GAAA,GAAM,EAAE,GAAG,aAAA,IAAiB,IAAA,EAAM,GAAA,EAAK,QAAQ,GAAA,EAAI;AACzD,IAAA,MAAM,QAAQ,KAAA,CAAM,OAAA,EAAS,IAAA,EAAM,EAAE,KAAK,MAAA,EAAQ,GAAA,EAAK,KAAA,EAAO,CAAC,QAAQ,MAAA,EAAQ,MAAM,CAAA,EAAG,WAAA,EAAa,MAAM,CAAA;AAC3G,IAAA,KAAA,CAAM,MAAA,EAAQ,EAAA,CAAG,MAAA,EAAQ,CAAC,CAAA,KAAM;AAC9B,MAAA,MAAA,IAAU,EAAE,QAAA,EAAS;AAAA,IACvB,CAAC,CAAA;AACD,IAAA,KAAA,CAAM,MAAA,EAAQ,EAAA,CAAG,MAAA,EAAQ,CAAC,CAAA,KAAM;AAC9B,MAAA,MAAA,IAAU,EAAE,QAAA,EAAS;AAAA,IACvB,CAAC,CAAA;AACD,IAAA,KAAA,CAAM,EAAA,CAAG,OAAA,EAAS,CAAC,IAAA,KAASA,QAAAA,CAAQ,EAAE,QAAA,EAAU,IAAA,IAAQ,CAAA,EAAG,MAAA,EAAQ,MAAA,EAAQ,CAAC,CAAA;AAC5E,IAAA,KAAA,CAAM,EAAA,CAAG,OAAA,EAAS,CAAC,CAAA,KAAMA,SAAQ,EAAE,QAAA,EAAU,CAAA,EAAG,MAAA,EAAQ,EAAA,EAAI,MAAA,EAAQ,CAAA,CAAE,OAAA,EAAS,CAAC,CAAA;AAAA,EAClF,CAAC,CAAA;AACH;AAEA,SAAS,oBAAoB,MAAA,EAA0B;AACrD,EAAA,MAAM,QAAkB,EAAC;AACzB,EAAA,MAAM,EAAA,GAAK,sBAAA;AACX,EAAA,KAAA,MAAW,CAAA,IAAK,MAAA,CAAO,QAAA,CAAS,EAAE,CAAA,EAAG;AACnC,IAAA,IAAI,EAAE,CAAC,CAAA,QAAS,IAAA,CAAK,CAAA,CAAE,CAAC,CAAC,CAAA;AAAA,EAC3B;AACA,EAAA,OAAO,KAAA;AACT","file":"patch.js","sourcesContent":["import * as fsp from 'node:fs/promises';\nimport * as path from 'node:path';\nimport * as Core from '@wrongstack/core';\nimport type { Context } from '@wrongstack/core';\n/** Detected package manager for a project directory. */\nexport type PackageManager = 'pnpm' | 'yarn' | 'npm';\n\n/**\n * Detect the project's package manager by inspecting lockfiles in `cwd`.\n * Order: pnpm → yarn → npm (default). Missing or unreadable directories fall\n * back to `npm` rather than throwing, so a `safeResolve`-checked cwd that\n * happens to be empty never aborts the tool.\n */\nexport async function detectPackageManager(cwd: string): Promise<PackageManager> {\n  const { stat } = await import('node:fs/promises');\n  try {\n    await stat(`${cwd}/pnpm-lock.yaml`);\n    return 'pnpm';\n  } catch {\n    /* not pnpm */\n  }\n  try {\n    await stat(`${cwd}/yarn.lock`);\n    return 'yarn';\n  } catch {\n    /* not yarn */\n  }\n  return 'npm';\n}\n\nexport function resolvePath(input: string, ctx: Context): string {\n  return path.isAbsolute(input) ? path.normalize(input) : path.resolve(ctx.workingDir ?? ctx.cwd, input);\n}\n\nexport function ensureInsideRoot(absPath: string, ctx: Context): string {\n  // If allowOutsideProjectRoot is true, skip the project-root restriction.\n  if (ctx.allowOutsideProjectRoot) return path.resolve(absPath);\n  const root = path.resolve(ctx.projectRoot);\n  const target = path.resolve(absPath);\n  const rel = path.relative(root, target);\n  if (rel.startsWith('..') || path.isAbsolute(rel)) {\n    throw new Error(`Path \"${absPath}\" is outside project root \"${root}\"`);\n  }\n  return target;\n}\n\nexport function safeResolve(input: string, ctx: Context): string {\n  return ensureInsideRoot(resolvePath(input, ctx), ctx);\n}\n\n/**\n * Defense against in-root→out-of-root symlink escape (CWE-59). `safeResolve`\n * only does a syntactic `../` check, so a symlink that lives *inside* the\n * project root but points outside still passes it. This resolves the path\n * through `fs.realpath` and re-verifies containment against the realpath of\n * the project root (comparing like-for-like, since the root itself may be a\n * symlink — macOS `/var`→`/private/var`, Windows 8.3 short names). For a path\n * that does not exist yet (e.g. a `write` to a new file) the nearest existing\n * ancestor directory is checked instead. Throws if the real target escapes.\n *\n * Mirrors the per-file guard already used in `replace.ts`/`grep.ts`; applied\n * to single-file `read`/`edit`/`write` it throws (rather than skips) because\n * the caller named exactly one file.\n */\nexport async function assertRealInsideRoot(absPath: string, ctx: Context): Promise<void> {\n  // If allowOutsideProjectRoot is true, skip the symlink-escape check.\n  if (ctx.allowOutsideProjectRoot) return;\n  const realRoot = await fsp.realpath(ctx.projectRoot).catch(() => path.resolve(ctx.projectRoot));\n  let probe = absPath;\n  for (;;) {\n    let real: string;\n    try {\n      real = await fsp.realpath(probe);\n    } catch (err) {\n      if ((err as NodeJS.ErrnoException).code === 'ENOENT') {\n        const parent = path.dirname(probe);\n        if (parent === probe) return; // reached fs root without escaping\n        probe = parent;\n        continue;\n      }\n      throw err;\n    }\n    const rel = path.relative(realRoot, real);\n    if (rel.startsWith('..') || path.isAbsolute(rel)) {\n      throw new Error(\n        `Path \"${absPath}\" resolves through a symlink outside project root \"${realRoot}\"`,\n      );\n    }\n    return;\n  }\n}\n\n/** `safeResolve` + symlink realpath containment check. Async. */\nexport async function safeResolveReal(input: string, ctx: Context): Promise<string> {\n  const abs = safeResolve(input, ctx);\n  await assertRealInsideRoot(abs, ctx);\n  return abs;\n}\n\nexport function truncateMiddle(s: string, max: number): string {\n  if (Buffer.byteLength(s, 'utf8') <= max) return s;\n  const half = Math.floor(max / 2);\n  return (\n    s.slice(0, half) +\n    `\\n…[truncated ${Buffer.byteLength(s, 'utf8') - max} bytes from middle]…\\n` +\n    s.slice(-half)\n  );\n}\n\nexport function isBinaryBuffer(buf: Buffer): boolean {\n  const len = Math.min(buf.length, 8192);\n  for (let i = 0; i < len; i++) {\n    if (buf[i] === 0) return true;\n  }\n  return false;\n}\n\n// ─── Command-output normalization (token-saving) ────────────────────────────\n//\n// Raw process output is full of tokens the model gains nothing from: ANSI\n// escapes, carriage-return progress spam, runs of identical warning lines, and\n// huge tails of build noise. These helpers strip that noise before the output\n// reaches the LLM. They are scoped to COMMAND tools (bash/git/exec and the\n// _spawn-stream consumers) — never applied to structured/code outputs.\n\n/** Unified byte cap for all command tool output fed to the model. */\nexport const COMMAND_OUTPUT_MAX_BYTES = 32_768;\n\n/** Runs of >= this many identical consecutive lines are collapsed. */\nconst REPEAT_RUN_THRESHOLD = 3;\n\n/**\n * Collapse carriage-return overwrites the way a terminal would: `\\r\\n` becomes\n * `\\n`, and a bare `\\r` (progress redraw) keeps only the text after the LAST\n * `\\r` on its physical line. Without this, a single progress bar that redraws\n * 200 times explodes into 200 lines.\n */\nexport function collapseCarriageReturns(text: string): string {\n  const lf = text.replace(/\\r\\n/g, '\\n');\n  if (!lf.includes('\\r')) return lf;\n  return lf\n    .split('\\n')\n    .map((line) => (line.includes('\\r') ? line.slice(line.lastIndexOf('\\r') + 1) : line))\n    .join('\\n');\n}\n\n/**\n * Collapse a run of `minRun`+ identical consecutive lines into the line once\n * plus a marker. Consecutive-only — it never reorders or dedups non-adjacent\n * lines, so diffs/source stay intact.\n */\nexport function collapseConsecutiveDuplicates(text: string, minRun = REPEAT_RUN_THRESHOLD): string {\n  const lines = text.split('\\n');\n  const out: string[] = [];\n  let i = 0;\n  while (i < lines.length) {\n    let j = i + 1;\n    while (j < lines.length && lines[j] === lines[i]) j++;\n    const run = j - i;\n    if (run >= minRun) {\n      out.push(lines[i]!, `… ⟨repeated ${run}×⟩`);\n    } else {\n      for (let k = i; k < j; k++) out.push(lines[k]!);\n    }\n    i = j;\n  }\n  return out.join('\\n');\n}\n\n/** Largest prefix of `s` whose UTF-8 byte length is <= `maxBytes`. */\nfunction takeHeadBytes(s: string, maxBytes: number): string {\n  if (maxBytes <= 0) return '';\n  /* v8 ignore next -- only caller (truncateHeadTail) passes a budget smaller than s; defensive. */\n  if (Buffer.byteLength(s, 'utf8') <= maxBytes) return s;\n  let lo = 0;\n  let hi = s.length;\n  while (lo < hi) {\n    const mid = Math.ceil((lo + hi) / 2);\n    if (Buffer.byteLength(s.slice(0, mid), 'utf8') <= maxBytes) lo = mid;\n    else hi = mid - 1;\n  }\n  return s.slice(0, lo);\n}\n\n/** Largest suffix of `s` whose UTF-8 byte length is <= `maxBytes`. */\nfunction takeTailBytes(s: string, maxBytes: number): string {\n  if (maxBytes <= 0) return '';\n  /* v8 ignore next -- only caller (truncateHeadTail) passes a budget smaller than s; defensive. */\n  if (Buffer.byteLength(s, 'utf8') <= maxBytes) return s;\n  let lo = 0;\n  let hi = s.length;\n  while (lo < hi) {\n    const mid = Math.ceil((lo + hi) / 2);\n    if (Buffer.byteLength(s.slice(s.length - mid), 'utf8') <= maxBytes) lo = mid;\n    else hi = mid - 1;\n  }\n  return s.slice(s.length - lo);\n}\n\n/**\n * Truncate to `maxBytes` keeping BOTH ends — the head (what ran / early context)\n * and the tail (errors and summaries usually land last), biased ~45/55 toward\n * the tail. The result never exceeds `maxBytes`.\n */\nexport function truncateHeadTail(s: string, maxBytes: number): string {\n  const total = Buffer.byteLength(s, 'utf8');\n  if (total <= maxBytes) return s;\n  // Reserve a fixed allowance for the marker so the final string can't exceed\n  // the cap even though the dropped-byte count's digit width varies.\n  const MARKER_RESERVE = 64;\n  const avail = Math.max(0, maxBytes - MARKER_RESERVE);\n  const headBudget = Math.floor(avail * 0.45);\n  const head = takeHeadBytes(s, headBudget);\n  const tail = takeTailBytes(s, avail - Buffer.byteLength(head, 'utf8'));\n  const kept = Buffer.byteLength(head, 'utf8') + Buffer.byteLength(tail, 'utf8');\n  return `${head}\\n…[truncated ${total - kept} bytes]…\\n${tail}`;\n}\n\n/**\n * Full token-saving pipeline for command tool output: strip ANSI → collapse\n * carriage-return progress → trim trailing whitespace → collapse identical\n * consecutive lines → squeeze blank-line runs → head+tail truncate to the cap.\n */\nexport function normalizeCommandOutput(\n  raw: string,\n  opts: { maxBytes?: number | undefined } = {},\n): string {\n  if (!raw) return raw;\n  let text = Core.stripAnsi(raw);\n  text = collapseCarriageReturns(text);\n  text = text.replace(/[ \\t]+$/gm, ''); // trailing whitespace per line\n  text = collapseConsecutiveDuplicates(text);\n  text = text.replace(/\\n{3,}/g, '\\n\\n'); // >=2 blank lines → 1\n  return truncateHeadTail(text, opts.maxBytes ?? COMMAND_OUTPUT_MAX_BYTES);\n}\n","import { spawn } from 'node:child_process';\nimport * as fs from 'node:fs/promises';\nimport * as os from 'node:os';\nimport * as path from 'node:path';\nimport { buildChildEnv } from '@wrongstack/core';\nimport type { Tool } from '@wrongstack/core';\nimport { safeResolve } from './_util.js';\n\ninterface PatchInput {\n  patch: string;\n  directory?: string | undefined;\n  strip?: number | undefined;\n  dry_run?: boolean | undefined;\n}\n\ninterface PatchOutput {\n  applied: number;\n  rejected: number;\n  files: string[];\n  dry_run: boolean;\n  message: string;\n}\n\nexport const patchTool: Tool<PatchInput, PatchOutput> = {\n  name: 'patch',\n  category: 'Filesystem',\n  description:\n    'Apply a unified diff (patch) to the project. This is the correct tool when you have a diff that needs to be applied precisely, including handling of rejects.',\n  usageHint:\n    'Best used when you already have a diff (from generation, external source, or previous step).\\n' +\n    '- Use `dry_run: true` to see what would happen without modifying files.\\n' +\n    '- On failure it creates .rej and .orig files for manual review.\\n' +\n    'Often cleaner than many small `edit` operations for larger changes.',\n  permission: 'confirm',\n  mutating: true,\n  capabilities: ['fs.write'],\n  timeoutMs: 30_000,\n  inputSchema: {\n    type: 'object',\n    properties: {\n      patch: { type: 'string', description: 'Unified diff patch content' },\n      directory: { type: 'string', description: 'Root directory for patch (default: cwd)' },\n      strip: { type: 'integer', description: 'Strip leading path components (default: 1)' },\n      dry_run: { type: 'boolean', description: 'Preview without applying' },\n    },\n    required: ['patch'],\n  },\n  async execute(input, ctx, opts) {\n    if (!input?.patch) throw new Error('patch: patch content is required');\n\n    const dir = input.directory ? safeResolve(input.directory, ctx) : ctx.cwd;\n    // strip=0 lets a diff address absolute paths like /etc/passwd and\n    // escape the project root entirely. Force >= 1.\n    const strip = Math.max(1, input.strip ?? 1);\n    const dryRun = input.dry_run ?? false;\n\n    // Pre-flight: scan diff target paths and reject any that resolve outside\n    // the project root. This catches `../../../etc/passwd`-style escapes\n    // before we hand the diff to GNU patch.\n    const targets = extractDiffTargets(input.patch);\n    for (const t of targets) {\n      const stripped = stripPathComponents(t, strip);\n      if (!stripped) continue;\n      const candidate = path.resolve(dir, stripped);\n      const rel = path.relative(ctx.projectRoot, candidate);\n      if (rel.startsWith('..') || path.isAbsolute(rel)) {\n        return {\n          applied: 0,\n          rejected: 1,\n          files: [],\n          dry_run: dryRun,\n          message: `patch refused: target \"${t}\" resolves outside project root`,\n        };\n      }\n    }\n\n    // Write the diff into a private 0700 temp directory rather than into\n    // the user-controlled `dir` with a predictable timestamp name. Avoids\n    // symlink-bait races on shared work trees.\n    const tmpDir = await fs.mkdtemp(path.join(os.tmpdir(), '.wstack_patch_'));\n    try {\n      await fs.chmod(tmpDir, 0o700).catch(() => {\n        /* best-effort on Windows */\n      });\n      const patchFile = path.join(tmpDir, 'in.diff');\n      await fs.writeFile(patchFile, input.patch, { mode: 0o600 });\n\n      const args = [`-p${strip}`, '--merge', ...(dryRun ? ['--dry-run'] : []), '-i', patchFile];\n\n      const result = await runPatch(args, dir, opts.signal);\n\n      if (result.exitCode !== 0 && !dryRun) {\n        return {\n          applied: 0,\n          rejected: 1,\n          files: [],\n          dry_run: dryRun,\n          message: `patch failed: ${result.stderr || result.stdout}`,\n        };\n      }\n\n      const patched = extractPatchedFiles(result.stdout);\n      return {\n        applied: patched.length,\n        rejected: 0,\n        files: patched,\n        dry_run: dryRun,\n        message: result.stdout || 'patch applied',\n      };\n    } finally {\n      await fs.rm(tmpDir, { recursive: true, force: true }).catch(() => {});\n    }\n  },\n};\n\n/** Extract every `+++ <path>` target from a unified diff. */\nfunction extractDiffTargets(patch: string): string[] {\n  const out: string[] = [];\n  // Matches `+++ path/to/file` and `+++ b/path/to/file` (also `a/`). Strips\n  // optional tab-prefixed timestamp suffixes that some diff tools emit.\n  // Cap each line at 4096 chars to prevent maliciously long lines from\n  // causing regex backtracking issues in large patches.\n  const re = /^\\+\\+\\+\\s+([^\\t\\r\\n]+)/gm;\n  for (const m of patch.matchAll(re)) {\n    const raw = m[1];\n    if (!raw) continue;\n    const target = raw.length > 4096 ? raw.slice(0, 4096).trim() : raw.trim();\n    if (!target || target === '/dev/null') continue;\n    out.push(target);\n  }\n  return out;\n}\n\n/** Mimic `patch -pN` path stripping on a single target. Returns undefined\n *  if the path has fewer segments than `strip`. */\nfunction stripPathComponents(p: string, strip: number): string | undefined {\n  // Normalize separators so the count works on both POSIX and Windows-style\n  // paths embedded in LLM-generated diffs. Filter out empty segments (e.g.\n  // from trailing slashes or `//` sequences) before counting.\n  const parts = p.replace(/\\\\/g, '/').split('/').filter((s) => s !== '' && s !== '.');\n  if (parts.length <= strip) return undefined;\n  return parts.slice(strip).join('/');\n}\n\nfunction runPatch(\n  args: string[],\n  cwd: string,\n  signal: AbortSignal,\n): Promise<{ exitCode: number; stdout: string; stderr: string }> {\n  return new Promise((resolve) => {\n    let stdout = '';\n    let stderr = '';\n\n    // Force C locale so `extractPatchedFiles` (which greps for the English\n    // \"patching file\" prefix) doesn't silently miss-count on systems with\n    // localized GNU patch output (fr/de/es etc.). Use buildChildEnv to\n    // strip API keys and other secrets from the parent environment.\n    const env = { ...buildChildEnv(), LANG: 'C', LC_ALL: 'C' };\n    const child = spawn('patch', args, { cwd, signal, env, stdio: ['pipe', 'pipe', 'pipe'], windowsHide: true });\n    child.stdout?.on('data', (c) => {\n      stdout += c.toString();\n    });\n    child.stderr?.on('data', (c) => {\n      stderr += c.toString();\n    });\n    child.on('close', (code) => resolve({ exitCode: code ?? 1, stdout, stderr }));\n    child.on('error', (e) => resolve({ exitCode: 1, stdout: '', stderr: e.message }));\n  });\n}\n\nfunction extractPatchedFiles(output: string): string[] {\n  const files: string[] = [];\n  const re = /patching file (.+)/gi;\n  for (const m of output.matchAll(re)) {\n    if (m[1]) files.push(m[1]);\n  }\n  return files;\n}\n"]}
+{"version":3,"sources":["../src/_util.ts","../src/patch.ts"],"names":["path2","resolve"],"mappings":";;;;;;;;AA8BO,SAAS,WAAA,CAAY,OAAe,GAAA,EAAsB;AAC/D,EAAA,OAAY,IAAA,CAAA,UAAA,CAAW,KAAK,CAAA,GAAS,IAAA,CAAA,SAAA,CAAU,KAAK,CAAA,GAAS,IAAA,CAAA,OAAA,CAAQ,GAAA,CAAI,UAAA,IAAc,GAAA,CAAI,GAAA,EAAK,KAAK,CAAA;AACvG;AAOA,SAAS,aAAa,GAAA,EAAwB;AAC5C,EAAA,OAAO,CAAM,aAAQ,GAAA,CAAI,WAAW,GAAQ,IAAA,CAAA,OAAA,CAAa,IAAA,CAAA,gBAAA,EAAkB,CAAC,CAAA;AAC9E;AAGA,SAAS,WAAA,CAAY,QAAgB,KAAA,EAA0B;AAC7D,EAAA,OAAO,KAAA,CAAM,IAAA,CAAK,CAAC,IAAA,KAAS;AAC1B,IAAA,MAAM,GAAA,GAAW,IAAA,CAAA,QAAA,CAAS,IAAA,EAAM,MAAM,CAAA;AACtC,IAAA,OAAO,GAAA,KAAQ,MAAO,CAAC,GAAA,CAAI,WAAW,IAAI,CAAA,IAAK,CAAM,IAAA,CAAA,UAAA,CAAW,GAAG,CAAA;AAAA,EACrE,CAAC,CAAA;AACH;AAEO,SAAS,gBAAA,CAAiB,SAAiB,GAAA,EAAsB;AACtE,EAAA,MAAM,MAAA,GAAc,aAAQ,OAAO,CAAA;AAEnC,EAAA,IAAI,GAAA,CAAI,yBAAyB,OAAO,MAAA;AACxC,EAAA,IAAI,YAAY,MAAA,EAAQ,YAAA,CAAa,GAAG,CAAC,GAAG,OAAO,MAAA;AACnD,EAAA,MAAM,IAAI,MAAM,CAAA,MAAA,EAAS,OAAO,8BAAmC,IAAA,CAAA,OAAA,CAAQ,GAAA,CAAI,WAAW,CAAC,CAAA,CAAA,CAAG,CAAA;AAChG;AAEO,SAAS,WAAA,CAAY,OAAe,GAAA,EAAsB;AAC/D,EAAA,OAAO,gBAAA,CAAiB,WAAA,CAAY,KAAA,EAAO,GAAG,GAAG,GAAG,CAAA;AACtD;;;ACtCO,IAAM,SAAA,GAA2C;AAAA,EACtD,IAAA,EAAM,OAAA;AAAA,EACN,QAAA,EAAU,YAAA;AAAA,EACV,WAAA,EACE,+JAAA;AAAA,EACF,SAAA,EACE,6SAAA;AAAA,EAIF,UAAA,EAAY,SAAA;AAAA,EACZ,QAAA,EAAU,IAAA;AAAA,EACV,YAAA,EAAc,CAAC,UAAU,CAAA;AAAA,EACzB,IAAA,EAAM,MAAA;AAAA,EACN,SAAA,EAAW,GAAA;AAAA,EACX,WAAA,EAAa;AAAA,IACX,IAAA,EAAM,QAAA;AAAA,IACN,UAAA,EAAY;AAAA,MACV,KAAA,EAAO,EAAE,IAAA,EAAM,QAAA,EAAU,aAAa,4BAAA,EAA6B;AAAA,MACnE,SAAA,EAAW,EAAE,IAAA,EAAM,QAAA,EAAU,aAAa,yCAAA,EAA0C;AAAA,MACpF,KAAA,EAAO,EAAE,IAAA,EAAM,SAAA,EAAW,aAAa,4CAAA,EAA6C;AAAA,MACpF,OAAA,EAAS,EAAE,IAAA,EAAM,SAAA,EAAW,aAAa,0BAAA;AAA2B,KACtE;AAAA,IACA,QAAA,EAAU,CAAC,OAAO;AAAA,GACpB;AAAA,EACA,MAAM,OAAA,CAAQ,KAAA,EAAO,GAAA,EAAK,IAAA,EAAM;AAC9B,IAAA,IAAI,CAAC,KAAA,EAAO,KAAA,EAAO,MAAM,IAAI,MAAM,kCAAkC,CAAA;AAErE,IAAA,MAAM,GAAA,GAAM,MAAM,SAAA,GAAY,WAAA,CAAY,MAAM,SAAA,EAAW,GAAG,IAAI,GAAA,CAAI,GAAA;AAGtE,IAAA,MAAM,QAAQ,IAAA,CAAK,GAAA,CAAI,CAAA,EAAG,KAAA,CAAM,SAAS,CAAC,CAAA;AAC1C,IAAA,MAAM,MAAA,GAAS,MAAM,OAAA,IAAW,KAAA;AAKhC,IAAA,MAAM,OAAA,GAAU,kBAAA,CAAmB,KAAA,CAAM,KAAK,CAAA;AAC9C,IAAA,KAAA,MAAW,KAAK,OAAA,EAAS;AACvB,MAAA,MAAM,QAAA,GAAW,mBAAA,CAAoB,CAAA,EAAG,KAAK,CAAA;AAC7C,MAAA,IAAI,CAAC,QAAA,EAAU;AACf,MAAA,MAAM,SAAA,GAAiBA,IAAA,CAAA,OAAA,CAAQ,GAAA,EAAK,QAAQ,CAAA;AAC5C,MAAA,MAAM,GAAA,GAAWA,IAAA,CAAA,QAAA,CAAS,GAAA,CAAI,WAAA,EAAa,SAAS,CAAA;AACpD,MAAA,IAAI,IAAI,UAAA,CAAW,IAAI,CAAA,IAAUA,IAAA,CAAA,UAAA,CAAW,GAAG,CAAA,EAAG;AAChD,QAAA,OAAO;AAAA,UACL,OAAA,EAAS,CAAA;AAAA,UACT,QAAA,EAAU,CAAA;AAAA,UACV,OAAO,EAAC;AAAA,UACR,OAAA,EAAS,MAAA;AAAA,UACT,OAAA,EAAS,0BAA0B,CAAC,CAAA,+BAAA;AAAA,SACtC;AAAA,MACF;AAAA,IACF;AAKA,IAAA,MAAM,SAAS,MAAS,EAAA,CAAA,OAAA,CAAaA,UAAQ,EAAA,CAAA,MAAA,EAAO,EAAG,gBAAgB,CAAC,CAAA;AACxE,IAAA,IAAI;AACF,MAAA,MAAS,EAAA,CAAA,KAAA,CAAM,MAAA,EAAQ,GAAK,CAAA,CAAE,MAAM,MAAM;AAAA,MAE1C,CAAC,CAAA;AACD,MAAA,MAAM,SAAA,GAAiBA,IAAA,CAAA,IAAA,CAAK,MAAA,EAAQ,SAAS,CAAA;AAC7C,MAAA,MAAS,aAAU,SAAA,EAAW,KAAA,CAAM,OAAO,EAAE,IAAA,EAAM,KAAO,CAAA;AAE1D,MAAA,MAAM,IAAA,GAAO,CAAC,CAAA,EAAA,EAAK,KAAK,IAAI,SAAA,EAAW,GAAI,MAAA,GAAS,CAAC,WAAW,CAAA,GAAI,EAAC,EAAI,MAAM,SAAS,CAAA;AAExF,MAAA,MAAM,SAAS,MAAM,QAAA,CAAS,IAAA,EAAM,GAAA,EAAK,KAAK,MAAM,CAAA;AAEpD,MAAA,IAAI,MAAA,CAAO,QAAA,KAAa,CAAA,IAAK,CAAC,MAAA,EAAQ;AACpC,QAAA,OAAO;AAAA,UACL,OAAA,EAAS,CAAA;AAAA,UACT,QAAA,EAAU,CAAA;AAAA,UACV,OAAO,EAAC;AAAA,UACR,OAAA,EAAS,MAAA;AAAA,UACT,OAAA,EAAS,CAAA,cAAA,EAAiB,MAAA,CAAO,MAAA,IAAU,OAAO,MAAM,CAAA;AAAA,SAC1D;AAAA,MACF;AAEA,MAAA,MAAM,OAAA,GAAU,mBAAA,CAAoB,MAAA,CAAO,MAAM,CAAA;AACjD,MAAA,OAAO;AAAA,QACL,SAAS,OAAA,CAAQ,MAAA;AAAA,QACjB,QAAA,EAAU,CAAA;AAAA,QACV,KAAA,EAAO,OAAA;AAAA,QACP,OAAA,EAAS,MAAA;AAAA,QACT,OAAA,EAAS,OAAO,MAAA,IAAU;AAAA,OAC5B;AAAA,IACF,CAAA,SAAE;AACA,MAAA,MAAS,EAAA,CAAA,EAAA,CAAG,MAAA,EAAQ,EAAE,SAAA,EAAW,IAAA,EAAM,OAAO,IAAA,EAAM,CAAA,CAAE,KAAA,CAAM,MAAM;AAAA,MAAC,CAAC,CAAA;AAAA,IACtE;AAAA,EACF;AACF;AAGA,SAAS,mBAAmB,KAAA,EAAyB;AACnD,EAAA,MAAM,MAAgB,EAAC;AAKvB,EAAA,MAAM,EAAA,GAAK,0BAAA;AACX,EAAA,KAAA,MAAW,CAAA,IAAK,KAAA,CAAM,QAAA,CAAS,EAAE,CAAA,EAAG;AAClC,IAAA,MAAM,GAAA,GAAM,EAAE,CAAC,CAAA;AACf,IAAA,IAAI,CAAC,GAAA,EAAK;AACV,IAAA,MAAM,MAAA,GAAS,GAAA,CAAI,MAAA,GAAS,IAAA,GAAO,GAAA,CAAI,KAAA,CAAM,CAAA,EAAG,IAAI,CAAA,CAAE,IAAA,EAAK,GAAI,GAAA,CAAI,IAAA,EAAK;AACxE,IAAA,IAAI,CAAC,MAAA,IAAU,MAAA,KAAW,WAAA,EAAa;AACvC,IAAA,GAAA,CAAI,KAAK,MAAM,CAAA;AAAA,EACjB;AACA,EAAA,OAAO,GAAA;AACT;AAIA,SAAS,mBAAA,CAAoB,GAAW,KAAA,EAAmC;AAIzE,EAAA,MAAM,KAAA,GAAQ,CAAA,CAAE,OAAA,CAAQ,KAAA,EAAO,GAAG,CAAA,CAAE,KAAA,CAAM,GAAG,CAAA,CAAE,OAAO,CAAC,CAAA,KAAM,CAAA,KAAM,EAAA,IAAM,MAAM,GAAG,CAAA;AAClF,EAAA,IAAI,KAAA,CAAM,MAAA,IAAU,KAAA,EAAO,OAAO,MAAA;AAClC,EAAA,OAAO,KAAA,CAAM,KAAA,CAAM,KAAK,CAAA,CAAE,KAAK,GAAG,CAAA;AACpC;AAEA,SAAS,QAAA,CACP,IAAA,EACA,GAAA,EACA,MAAA,EAC+D;AAC/D,EAAA,OAAO,IAAI,OAAA,CAAQ,CAACC,QAAAA,KAAY;AAC9B,IAAA,IAAI,MAAA,GAAS,EAAA;AACb,IAAA,IAAI,MAAA,GAAS,EAAA;AAMb,IAAA,MAAM,GAAA,GAAM,EAAE,GAAG,aAAA,IAAiB,IAAA,EAAM,GAAA,EAAK,QAAQ,GAAA,EAAI;AACzD,IAAA,MAAM,QAAQ,KAAA,CAAM,OAAA,EAAS,IAAA,EAAM,EAAE,KAAK,MAAA,EAAQ,GAAA,EAAK,KAAA,EAAO,CAAC,QAAQ,MAAA,EAAQ,MAAM,CAAA,EAAG,WAAA,EAAa,MAAM,CAAA;AAC3G,IAAA,KAAA,CAAM,MAAA,EAAQ,EAAA,CAAG,MAAA,EAAQ,CAAC,CAAA,KAAM;AAC9B,MAAA,MAAA,IAAU,EAAE,QAAA,EAAS;AAAA,IACvB,CAAC,CAAA;AACD,IAAA,KAAA,CAAM,MAAA,EAAQ,EAAA,CAAG,MAAA,EAAQ,CAAC,CAAA,KAAM;AAC9B,MAAA,MAAA,IAAU,EAAE,QAAA,EAAS;AAAA,IACvB,CAAC,CAAA;AACD,IAAA,KAAA,CAAM,EAAA,CAAG,OAAA,EAAS,CAAC,IAAA,KAASA,QAAAA,CAAQ,EAAE,QAAA,EAAU,IAAA,IAAQ,CAAA,EAAG,MAAA,EAAQ,MAAA,EAAQ,CAAC,CAAA;AAC5E,IAAA,KAAA,CAAM,EAAA,CAAG,OAAA,EAAS,CAAC,CAAA,KAAMA,SAAQ,EAAE,QAAA,EAAU,CAAA,EAAG,MAAA,EAAQ,EAAA,EAAI,MAAA,EAAQ,CAAA,CAAE,OAAA,EAAS,CAAC,CAAA;AAAA,EAClF,CAAC,CAAA;AACH;AAEA,SAAS,oBAAoB,MAAA,EAA0B;AACrD,EAAA,MAAM,QAAkB,EAAC;AACzB,EAAA,MAAM,EAAA,GAAK,sBAAA;AACX,EAAA,KAAA,MAAW,CAAA,IAAK,MAAA,CAAO,QAAA,CAAS,EAAE,CAAA,EAAG;AACnC,IAAA,IAAI,EAAE,CAAC,CAAA,QAAS,IAAA,CAAK,CAAA,CAAE,CAAC,CAAC,CAAA;AAAA,EAC3B;AACA,EAAA,OAAO,KAAA;AACT","file":"patch.js","sourcesContent":["import * as fsp from 'node:fs/promises';\nimport * as path from 'node:path';\nimport * as Core from '@wrongstack/core';\nimport type { Context } from '@wrongstack/core';\n/** Detected package manager for a project directory. */\nexport type PackageManager = 'pnpm' | 'yarn' | 'npm';\n\n/**\n * Detect the project's package manager by inspecting lockfiles in `cwd`.\n * Order: pnpm → yarn → npm (default). Missing or unreadable directories fall\n * back to `npm` rather than throwing, so a `safeResolve`-checked cwd that\n * happens to be empty never aborts the tool.\n */\nexport async function detectPackageManager(cwd: string): Promise<PackageManager> {\n  const { stat } = await import('node:fs/promises');\n  try {\n    await stat(`${cwd}/pnpm-lock.yaml`);\n    return 'pnpm';\n  } catch {\n    /* not pnpm */\n  }\n  try {\n    await stat(`${cwd}/yarn.lock`);\n    return 'yarn';\n  } catch {\n    /* not yarn */\n  }\n  return 'npm';\n}\n\nexport function resolvePath(input: string, ctx: Context): string {\n  return path.isAbsolute(input) ? path.normalize(input) : path.resolve(ctx.workingDir ?? ctx.cwd, input);\n}\n\n/**\n * Roots every file tool may always reach, even in restricted mode: the\n * project root and the user-global `~/.wrongstack` directory (config, memory,\n * sessions, skills). `~/.wrongstack` honors the `WRONGSTACK_HOME` override.\n */\nfunction allowedRoots(ctx: Context): string[] {\n  return [path.resolve(ctx.projectRoot), path.resolve(Core.wstackGlobalRoot())];\n}\n\n/** True if `target` is `root` itself or nested inside any of `roots`. */\nfunction isInsideAny(target: string, roots: string[]): boolean {\n  return roots.some((root) => {\n    const rel = path.relative(root, target);\n    return rel === '' || (!rel.startsWith('..') && !path.isAbsolute(rel));\n  });\n}\n\nexport function ensureInsideRoot(absPath: string, ctx: Context): string {\n  const target = path.resolve(absPath);\n  // Unrestricted filesystem access: skip the project-root containment check.\n  if (ctx.allowOutsideProjectRoot) return target;\n  if (isInsideAny(target, allowedRoots(ctx))) return target;\n  throw new Error(`Path \"${absPath}\" is outside project root \"${path.resolve(ctx.projectRoot)}\"`);\n}\n\nexport function safeResolve(input: string, ctx: Context): string {\n  return ensureInsideRoot(resolvePath(input, ctx), ctx);\n}\n\n/**\n * Defense against in-root→out-of-root symlink escape (CWE-59). `safeResolve`\n * only does a syntactic `../` check, so a symlink that lives *inside* the\n * project root but points outside still passes it. This resolves the path\n * through `fs.realpath` and re-verifies containment against the realpath of\n * the project root (comparing like-for-like, since the root itself may be a\n * symlink — macOS `/var`→`/private/var`, Windows 8.3 short names). For a path\n * that does not exist yet (e.g. a `write` to a new file) the nearest existing\n * ancestor directory is checked instead. Throws if the real target escapes.\n *\n * Mirrors the per-file guard already used in `replace.ts`/`grep.ts`; applied\n * to single-file `read`/`edit`/`write` it throws (rather than skips) because\n * the caller named exactly one file.\n */\nexport async function assertRealInsideRoot(absPath: string, ctx: Context): Promise<void> {\n  // Unrestricted filesystem access: no symlink-escape check to perform.\n  if (ctx.allowOutsideProjectRoot) return;\n  // Compare like-for-like against the realpath of each always-allowed root\n  // (project root + ~/.wrongstack), since a root may itself be a symlink.\n  const realRoots = await Promise.all(\n    allowedRoots(ctx).map((r) => fsp.realpath(r).catch(() => path.resolve(r))),\n  );\n  let probe = absPath;\n  for (;;) {\n    let real: string;\n    try {\n      real = await fsp.realpath(probe);\n    } catch (err) {\n      if ((err as NodeJS.ErrnoException).code === 'ENOENT') {\n        const parent = path.dirname(probe);\n        if (parent === probe) return; // reached fs root without escaping\n        probe = parent;\n        continue;\n      }\n      throw err;\n    }\n    if (isInsideAny(real, realRoots)) return;\n    throw new Error(\n      `Path \"${absPath}\" resolves through a symlink outside project root \"${realRoots[0]}\"`,\n    );\n  }\n}\n\n/** `safeResolve` + symlink realpath containment check. Async. */\nexport async function safeResolveReal(input: string, ctx: Context): Promise<string> {\n  const abs = safeResolve(input, ctx);\n  await assertRealInsideRoot(abs, ctx);\n  return abs;\n}\n\nexport function truncateMiddle(s: string, max: number): string {\n  if (Buffer.byteLength(s, 'utf8') <= max) return s;\n  const half = Math.floor(max / 2);\n  return (\n    s.slice(0, half) +\n    `\\n…[truncated ${Buffer.byteLength(s, 'utf8') - max} bytes from middle]…\\n` +\n    s.slice(-half)\n  );\n}\n\nexport function isBinaryBuffer(buf: Buffer): boolean {\n  const len = Math.min(buf.length, 8192);\n  for (let i = 0; i < len; i++) {\n    if (buf[i] === 0) return true;\n  }\n  return false;\n}\n\n// ─── Command-output normalization (token-saving) ────────────────────────────\n//\n// Raw process output is full of tokens the model gains nothing from: ANSI\n// escapes, carriage-return progress spam, runs of identical warning lines, and\n// huge tails of build noise. These helpers strip that noise before the output\n// reaches the LLM. They are scoped to COMMAND tools (bash/git/exec and the\n// _spawn-stream consumers) — never applied to structured/code outputs.\n\n/** Unified byte cap for all command tool output fed to the model. */\nexport const COMMAND_OUTPUT_MAX_BYTES = 32_768;\n\n/** Runs of >= this many identical consecutive lines are collapsed. */\nconst REPEAT_RUN_THRESHOLD = 3;\n\n/**\n * Collapse carriage-return overwrites the way a terminal would: `\\r\\n` becomes\n * `\\n`, and a bare `\\r` (progress redraw) keeps only the text after the LAST\n * `\\r` on its physical line. Without this, a single progress bar that redraws\n * 200 times explodes into 200 lines.\n */\nexport function collapseCarriageReturns(text: string): string {\n  const lf = text.replace(/\\r\\n/g, '\\n');\n  if (!lf.includes('\\r')) return lf;\n  return lf\n    .split('\\n')\n    .map((line) => (line.includes('\\r') ? line.slice(line.lastIndexOf('\\r') + 1) : line))\n    .join('\\n');\n}\n\n/**\n * Collapse a run of `minRun`+ identical consecutive lines into the line once\n * plus a marker. Consecutive-only — it never reorders or dedups non-adjacent\n * lines, so diffs/source stay intact.\n */\nexport function collapseConsecutiveDuplicates(text: string, minRun = REPEAT_RUN_THRESHOLD): string {\n  const lines = text.split('\\n');\n  const out: string[] = [];\n  let i = 0;\n  while (i < lines.length) {\n    let j = i + 1;\n    while (j < lines.length && lines[j] === lines[i]) j++;\n    const run = j - i;\n    if (run >= minRun) {\n      out.push(lines[i]!, `… ⟨repeated ${run}×⟩`);\n    } else {\n      for (let k = i; k < j; k++) out.push(lines[k]!);\n    }\n    i = j;\n  }\n  return out.join('\\n');\n}\n\n/** Largest prefix of `s` whose UTF-8 byte length is <= `maxBytes`. */\nfunction takeHeadBytes(s: string, maxBytes: number): string {\n  if (maxBytes <= 0) return '';\n  /* v8 ignore next -- only caller (truncateHeadTail) passes a budget smaller than s; defensive. */\n  if (Buffer.byteLength(s, 'utf8') <= maxBytes) return s;\n  let lo = 0;\n  let hi = s.length;\n  while (lo < hi) {\n    const mid = Math.ceil((lo + hi) / 2);\n    if (Buffer.byteLength(s.slice(0, mid), 'utf8') <= maxBytes) lo = mid;\n    else hi = mid - 1;\n  }\n  return s.slice(0, lo);\n}\n\n/** Largest suffix of `s` whose UTF-8 byte length is <= `maxBytes`. */\nfunction takeTailBytes(s: string, maxBytes: number): string {\n  if (maxBytes <= 0) return '';\n  /* v8 ignore next -- only caller (truncateHeadTail) passes a budget smaller than s; defensive. */\n  if (Buffer.byteLength(s, 'utf8') <= maxBytes) return s;\n  let lo = 0;\n  let hi = s.length;\n  while (lo < hi) {\n    const mid = Math.ceil((lo + hi) / 2);\n    if (Buffer.byteLength(s.slice(s.length - mid), 'utf8') <= maxBytes) lo = mid;\n    else hi = mid - 1;\n  }\n  return s.slice(s.length - lo);\n}\n\n/**\n * Truncate to `maxBytes` keeping BOTH ends — the head (what ran / early context)\n * and the tail (errors and summaries usually land last), biased ~45/55 toward\n * the tail. The result never exceeds `maxBytes`.\n */\nexport function truncateHeadTail(s: string, maxBytes: number): string {\n  const total = Buffer.byteLength(s, 'utf8');\n  if (total <= maxBytes) return s;\n  // Reserve a fixed allowance for the marker so the final string can't exceed\n  // the cap even though the dropped-byte count's digit width varies.\n  const MARKER_RESERVE = 64;\n  const avail = Math.max(0, maxBytes - MARKER_RESERVE);\n  const headBudget = Math.floor(avail * 0.45);\n  const head = takeHeadBytes(s, headBudget);\n  const tail = takeTailBytes(s, avail - Buffer.byteLength(head, 'utf8'));\n  const kept = Buffer.byteLength(head, 'utf8') + Buffer.byteLength(tail, 'utf8');\n  return `${head}\\n…[truncated ${total - kept} bytes]…\\n${tail}`;\n}\n\n/**\n * Full token-saving pipeline for command tool output: strip ANSI → collapse\n * carriage-return progress → trim trailing whitespace → collapse identical\n * consecutive lines → squeeze blank-line runs → head+tail truncate to the cap.\n */\nexport function normalizeCommandOutput(\n  raw: string,\n  opts: { maxBytes?: number | undefined } = {},\n): string {\n  if (!raw) return raw;\n  let text = Core.stripAnsi(raw);\n  text = collapseCarriageReturns(text);\n  text = text.replace(/[ \\t]+$/gm, ''); // trailing whitespace per line\n  text = collapseConsecutiveDuplicates(text);\n  text = text.replace(/\\n{3,}/g, '\\n\\n'); // >=2 blank lines → 1\n  return truncateHeadTail(text, opts.maxBytes ?? COMMAND_OUTPUT_MAX_BYTES);\n}\n","import { spawn } from 'node:child_process';\nimport * as fs from 'node:fs/promises';\nimport * as os from 'node:os';\nimport * as path from 'node:path';\nimport { buildChildEnv } from '@wrongstack/core';\nimport type { Tool } from '@wrongstack/core';\nimport { safeResolve } from './_util.js';\n\ninterface PatchInput {\n  patch: string;\n  directory?: string | undefined;\n  strip?: number | undefined;\n  dry_run?: boolean | undefined;\n}\n\ninterface PatchOutput {\n  applied: number;\n  rejected: number;\n  files: string[];\n  dry_run: boolean;\n  message: string;\n}\n\nexport const patchTool: Tool<PatchInput, PatchOutput> = {\n  name: 'patch',\n  category: 'Filesystem',\n  description:\n    'Apply a unified diff (patch) to the project. This is the correct tool when you have a diff that needs to be applied precisely, including handling of rejects.',\n  usageHint:\n    'Best used when you already have a diff (from generation, external source, or previous step).\\n' +\n    '- Use `dry_run: true` to see what would happen without modifying files.\\n' +\n    '- On failure it creates .rej and .orig files for manual review.\\n' +\n    'Often cleaner than many small `edit` operations for larger changes.',\n  permission: 'confirm',\n  mutating: true,\n  capabilities: ['fs.write'],\n  icon: 'edit',\n  timeoutMs: 30_000,\n  inputSchema: {\n    type: 'object',\n    properties: {\n      patch: { type: 'string', description: 'Unified diff patch content' },\n      directory: { type: 'string', description: 'Root directory for patch (default: cwd)' },\n      strip: { type: 'integer', description: 'Strip leading path components (default: 1)' },\n      dry_run: { type: 'boolean', description: 'Preview without applying' },\n    },\n    required: ['patch'],\n  },\n  async execute(input, ctx, opts) {\n    if (!input?.patch) throw new Error('patch: patch content is required');\n\n    const dir = input.directory ? safeResolve(input.directory, ctx) : ctx.cwd;\n    // strip=0 lets a diff address absolute paths like /etc/passwd and\n    // escape the project root entirely. Force >= 1.\n    const strip = Math.max(1, input.strip ?? 1);\n    const dryRun = input.dry_run ?? false;\n\n    // Pre-flight: scan diff target paths and reject any that resolve outside\n    // the project root. This catches `../../../etc/passwd`-style escapes\n    // before we hand the diff to GNU patch.\n    const targets = extractDiffTargets(input.patch);\n    for (const t of targets) {\n      const stripped = stripPathComponents(t, strip);\n      if (!stripped) continue;\n      const candidate = path.resolve(dir, stripped);\n      const rel = path.relative(ctx.projectRoot, candidate);\n      if (rel.startsWith('..') || path.isAbsolute(rel)) {\n        return {\n          applied: 0,\n          rejected: 1,\n          files: [],\n          dry_run: dryRun,\n          message: `patch refused: target \"${t}\" resolves outside project root`,\n        };\n      }\n    }\n\n    // Write the diff into a private 0700 temp directory rather than into\n    // the user-controlled `dir` with a predictable timestamp name. Avoids\n    // symlink-bait races on shared work trees.\n    const tmpDir = await fs.mkdtemp(path.join(os.tmpdir(), '.wstack_patch_'));\n    try {\n      await fs.chmod(tmpDir, 0o700).catch(() => {\n        /* best-effort on Windows */\n      });\n      const patchFile = path.join(tmpDir, 'in.diff');\n      await fs.writeFile(patchFile, input.patch, { mode: 0o600 });\n\n      const args = [`-p${strip}`, '--merge', ...(dryRun ? ['--dry-run'] : []), '-i', patchFile];\n\n      const result = await runPatch(args, dir, opts.signal);\n\n      if (result.exitCode !== 0 && !dryRun) {\n        return {\n          applied: 0,\n          rejected: 1,\n          files: [],\n          dry_run: dryRun,\n          message: `patch failed: ${result.stderr || result.stdout}`,\n        };\n      }\n\n      const patched = extractPatchedFiles(result.stdout);\n      return {\n        applied: patched.length,\n        rejected: 0,\n        files: patched,\n        dry_run: dryRun,\n        message: result.stdout || 'patch applied',\n      };\n    } finally {\n      await fs.rm(tmpDir, { recursive: true, force: true }).catch(() => {});\n    }\n  },\n};\n\n/** Extract every `+++ <path>` target from a unified diff. */\nfunction extractDiffTargets(patch: string): string[] {\n  const out: string[] = [];\n  // Matches `+++ path/to/file` and `+++ b/path/to/file` (also `a/`). Strips\n  // optional tab-prefixed timestamp suffixes that some diff tools emit.\n  // Cap each line at 4096 chars to prevent maliciously long lines from\n  // causing regex backtracking issues in large patches.\n  const re = /^\\+\\+\\+\\s+([^\\t\\r\\n]+)/gm;\n  for (const m of patch.matchAll(re)) {\n    const raw = m[1];\n    if (!raw) continue;\n    const target = raw.length > 4096 ? raw.slice(0, 4096).trim() : raw.trim();\n    if (!target || target === '/dev/null') continue;\n    out.push(target);\n  }\n  return out;\n}\n\n/** Mimic `patch -pN` path stripping on a single target. Returns undefined\n *  if the path has fewer segments than `strip`. */\nfunction stripPathComponents(p: string, strip: number): string | undefined {\n  // Normalize separators so the count works on both POSIX and Windows-style\n  // paths embedded in LLM-generated diffs. Filter out empty segments (e.g.\n  // from trailing slashes or `//` sequences) before counting.\n  const parts = p.replace(/\\\\/g, '/').split('/').filter((s) => s !== '' && s !== '.');\n  if (parts.length <= strip) return undefined;\n  return parts.slice(strip).join('/');\n}\n\nfunction runPatch(\n  args: string[],\n  cwd: string,\n  signal: AbortSignal,\n): Promise<{ exitCode: number; stdout: string; stderr: string }> {\n  return new Promise((resolve) => {\n    let stdout = '';\n    let stderr = '';\n\n    // Force C locale so `extractPatchedFiles` (which greps for the English\n    // \"patching file\" prefix) doesn't silently miss-count on systems with\n    // localized GNU patch output (fr/de/es etc.). Use buildChildEnv to\n    // strip API keys and other secrets from the parent environment.\n    const env = { ...buildChildEnv(), LANG: 'C', LC_ALL: 'C' };\n    const child = spawn('patch', args, { cwd, signal, env, stdio: ['pipe', 'pipe', 'pipe'], windowsHide: true });\n    child.stdout?.on('data', (c) => {\n      stdout += c.toString();\n    });\n    child.stderr?.on('data', (c) => {\n      stderr += c.toString();\n    });\n    child.on('close', (code) => resolve({ exitCode: code ?? 1, stdout, stderr }));\n    child.on('error', (e) => resolve({ exitCode: 1, stdout: '', stderr: e.message }));\n  });\n}\n\nfunction extractPatchedFiles(output: string): string[] {\n  const files: string[] = [];\n  const re = /patching file (.+)/gi;\n  for (const m of output.matchAll(re)) {\n    if (m[1]) files.push(m[1]);\n  }\n  return files;\n}\n"]}

package/dist/process-registry.d.ts

@@ -1,5 +1,5 @@
 import { ChildProcess } from 'node:child_process';
-import { CircuitBreakerSnapshot, CircuitBreakerConfig } from './circuit-breaker.js';
+import { CircuitBreakerConfig, CircuitBreakerSnapshot } from './circuit-breaker.js';
 
 interface TrackedProcess {
     pid: number;
@@ -33,6 +33,15 @@ interface KillOpts {
     /** MS to wait between SIGTERM and SIGKILL on POSIX. Default: 2000. */
     graceMs?: number | undefined;
 }
+/**
+ * Snapshot of the armed auto kill/reset countdown, or null when nothing is
+ * armed. `remainingMs` ticks down in real time; the TUI statusline renders it.
+ */
+interface BreakerCountdown {
+    remainingMs: number;
+    totalMs: number;
+}
+type BreakerCountdownListener = (snapshot: BreakerCountdown | null) => void;
 interface RegistryStats {
     activeCount: number;
     totalCount: number;
@@ -55,6 +64,16 @@ declare function killWin32Tree(pid: number): boolean;
 declare class ProcessRegistryImpl {
     private readonly processes;
     private readonly breaker;
+    /**
+     * Auto kill/reset config. When the breaker trips and `autoKillResetMs > 0`,
+     * a countdown is armed; on expiry all tracked processes are killed and the
+     * breaker is reset to closed (forced recovery). Zero means manual recovery
+     * only (`/kill reset`).
+     */
+    private autoKillResetMs;
+    private autoKillTimer;
+    private autoKillArmedAt;
+    private breakerCountdownListeners;
     constructor(breakerConfig?: CircuitBreakerConfig);
     register(info: Omit<TrackedProcess, 'killed' | 'protected'> & {
         protected?: boolean | undefined;
@@ -98,6 +117,41 @@ declare class ProcessRegistryImpl {
     forceBreakerOpen(): void;
     /** Force-reset the circuit breaker to closed (/kill reset). */
     forceBreakerReset(): void;
+    /**
+     * Configure circuit-breaker protection at runtime. Called from `/settings`
+     * (instant, all modes) and on TUI mount (applies persisted config).
+     *
+     * - `enabled` toggles whether the breaker gates `bash`/`exec`.
+     * - `autoKillResetMs` arms the auto kill/reset countdown when the breaker
+     *   trips (0 = manual recovery only).
+     *
+     * Re-applies cleanly on every call: cancels a pending countdown when the
+     * timeout is cleared or protection disabled, and re-arms if the breaker is
+     * currently open under the new settings.
+     */
+    setBreakerConfig(cfg: {
+        enabled?: boolean | undefined;
+        autoKillResetMs?: number | undefined;
+    }): void;
+    /**
+     * Live countdown to the next auto kill/reset, or null when nothing is armed.
+     * The TUI polls this on a 1s tick while armed so the statusline decrements.
+     */
+    getBreakerCountdown(): BreakerCountdown | null;
+    /**
+     * Subscribe to countdown arm/cancel events. Returns an unsubscribe function.
+     * Use {@link getBreakerCountdown} for the live ticking value between events.
+     */
+    onBreakerCountdownChange(listener: BreakerCountdownListener): () => void;
+    private _emitBreakerCountdown;
+    /**
+     * Arm the auto kill/reset countdown. Idempotent: re-arming resets the window
+     * (a fresh trip after a failed half-open probe restarts the clock). No-op
+     * when protection is off or no timeout is configured.
+     */
+    private _armAutoKillReset;
+    private _cancelAutoKillReset;
+    private _clearAutoKillTimer;
     /** Kill a single process by PID.
      *
      *  On POSIX: sends SIGTERM to the *process group* (-pid) so that
@@ -127,4 +181,4 @@ declare function getProcessRegistry(): ProcessRegistryImpl;
 /** Reset for tests. */
 declare function _resetProcessRegistry(): void;
 
-export { CircuitBreakerConfig, CircuitBreakerSnapshot, type KillOpts, type RegistryStats, type TrackedProcess, _resetProcessRegistry, getProcessRegistry, killWin32Tree, redactCommand };
+export { type BreakerCountdown, CircuitBreakerConfig, CircuitBreakerSnapshot, type KillOpts, ProcessRegistryImpl, type RegistryStats, type TrackedProcess, _resetProcessRegistry, getProcessRegistry, killWin32Tree, redactCommand };

package/dist/process-registry.js

@@ -25,6 +25,23 @@ var CircuitBreaker = class {
   lastSlowAt = null;
   /** Timestamp when the breaker was opened (for cooldown calculation). */
   openedAt = null;
+  /**
+   * Master enable flag. When false the breaker is bypassed: `beforeCall`
+   * always returns true and `afterCall` records nothing. The class itself
+   * defaults to enabled (so the standalone unit tests exercise tripping); the
+   * ProcessRegistry flips this off until the user opts in via `/settings`.
+   */
+  enabled = true;
+  /**
+   * Fired (best-effort) when the breaker transitions into the `open` state.
+   * The registry uses this to arm its auto kill/reset countdown.
+   */
+  onTrip;
+  /**
+   * Fired (best-effort) when the breaker returns to `closed` after having been
+   * open/half-open. The registry uses this to cancel a pending kill/reset.
+   */
+  onReset;
   constructor(config = {}) {
     this.maxConsecutiveFailures = config.maxConsecutiveFailures ?? DEFAULT_MAX_CONSECUTIVE_FAILURES;
     this.slowCallThresholdMs = config.slowCallThresholdMs ?? DEFAULT_SLOW_CALL_THRESHOLD_MS;
@@ -33,12 +50,22 @@ var CircuitBreaker = class {
     this.maxCallsPerWindow = config.maxCallsPerWindow ?? DEFAULT_MAX_CALLS_PER_WINDOW;
     this.cooldownMs = config.cooldownMs ?? DEFAULT_COOLDOWN_MS;
   }
+  /** Toggle the master enable. Disabling resets to a clean `closed` state. */
+  setEnabled(enabled) {
+    if (this.enabled === enabled) return;
+    this.enabled = enabled;
+    if (!enabled) this._reset();
+  }
+  get isEnabled() {
+    return this.enabled;
+  }
   /**
    * Returns true if the circuit allows a new call to proceed.
    * When false, callers should abort the tool call and return a
    * circuit-breaker error instead of spawning a process.
    */
   get canProceed() {
+    if (!this.enabled) return true;
     this._checkStateTransition();
     return this.state !== "open";
   }
@@ -74,7 +101,7 @@ var CircuitBreaker = class {
    *                  not affect breaker state.
    */
   beforeCall(bypass = false) {
-    if (bypass) return true;
+    if (bypass || !this.enabled) return true;
     this._checkStateTransition();
     if (this.state === "open") return false;
     return true;
@@ -89,7 +116,7 @@ var CircuitBreaker = class {
    *                  Use for background/fire-and-forget processes.
    */
   afterCall(durationMs, failed, bypass = false) {
-    if (bypass) return;
+    if (bypass || !this.enabled) return;
     const now = Date.now();
     if (this.state === "half-open") {
       if (failed) {
@@ -135,12 +162,23 @@ var CircuitBreaker = class {
     if (this.state === "open") return;
     this.state = "open";
     this.openedAt = Date.now();
+    try {
+      this.onTrip?.();
+    } catch {
+    }
   }
   _reset() {
+    const wasRecovering = this.state !== "closed";
     this.state = "closed";
     this.consecutiveFailures = 0;
     this.window = [];
     this.openedAt = null;
+    if (wasRecovering) {
+      try {
+        this.onReset?.();
+      } catch {
+      }
+    }
   }
   /** Transition from open → half-open when cooldown elapses. */
   _checkStateTransition() {
@@ -202,8 +240,21 @@ function killWin32Tree(pid) {
 var ProcessRegistryImpl = class {
   processes = /* @__PURE__ */ new Map();
   breaker;
+  /**
+   * Auto kill/reset config. When the breaker trips and `autoKillResetMs > 0`,
+   * a countdown is armed; on expiry all tracked processes are killed and the
+   * breaker is reset to closed (forced recovery). Zero means manual recovery
+   * only (`/kill reset`).
+   */
+  autoKillResetMs = 0;
+  autoKillTimer = null;
+  autoKillArmedAt = null;
+  breakerCountdownListeners = [];
   constructor(breakerConfig) {
     this.breaker = new CircuitBreaker(breakerConfig);
+    this.breaker.onTrip = () => this._armAutoKillReset();
+    this.breaker.onReset = () => this._cancelAutoKillReset();
+    this.breaker.setEnabled(false);
   }
   register(info) {
     this.processes.set(info.pid, { ...info, killed: false, protected: info.protected ?? false });
@@ -279,6 +330,90 @@ var ProcessRegistryImpl = class {
   forceBreakerReset() {
     this.breaker.forceReset();
   }
+  /**
+   * Configure circuit-breaker protection at runtime. Called from `/settings`
+   * (instant, all modes) and on TUI mount (applies persisted config).
+   *
+   * - `enabled` toggles whether the breaker gates `bash`/`exec`.
+   * - `autoKillResetMs` arms the auto kill/reset countdown when the breaker
+   *   trips (0 = manual recovery only).
+   *
+   * Re-applies cleanly on every call: cancels a pending countdown when the
+   * timeout is cleared or protection disabled, and re-arms if the breaker is
+   * currently open under the new settings.
+   */
+  setBreakerConfig(cfg) {
+    if (cfg.enabled !== void 0) this.breaker.setEnabled(cfg.enabled);
+    if (cfg.autoKillResetMs !== void 0) this.autoKillResetMs = Math.max(0, cfg.autoKillResetMs);
+    if (this.autoKillResetMs <= 0) {
+      this._cancelAutoKillReset();
+      return;
+    }
+    if (this.breaker.isEnabled && this.breaker.snapshot().state === "open") {
+      this._armAutoKillReset();
+    }
+  }
+  /**
+   * Live countdown to the next auto kill/reset, or null when nothing is armed.
+   * The TUI polls this on a 1s tick while armed so the statusline decrements.
+   */
+  getBreakerCountdown() {
+    if (this.autoKillArmedAt === null || this.autoKillResetMs <= 0) return null;
+    const elapsed = Date.now() - this.autoKillArmedAt;
+    return { remainingMs: Math.max(0, this.autoKillResetMs - elapsed), totalMs: this.autoKillResetMs };
+  }
+  /**
+   * Subscribe to countdown arm/cancel events. Returns an unsubscribe function.
+   * Use {@link getBreakerCountdown} for the live ticking value between events.
+   */
+  onBreakerCountdownChange(listener) {
+    this.breakerCountdownListeners.push(listener);
+    return () => {
+      this.breakerCountdownListeners = this.breakerCountdownListeners.filter((l) => l !== listener);
+    };
+  }
+  _emitBreakerCountdown() {
+    const snap = this.getBreakerCountdown();
+    for (const l of this.breakerCountdownListeners) {
+      try {
+        l(snap);
+      } catch {
+      }
+    }
+  }
+  /**
+   * Arm the auto kill/reset countdown. Idempotent: re-arming resets the window
+   * (a fresh trip after a failed half-open probe restarts the clock). No-op
+   * when protection is off or no timeout is configured.
+   */
+  _armAutoKillReset() {
+    if (this.autoKillResetMs <= 0 || !this.breaker.isEnabled) return;
+    this._clearAutoKillTimer();
+    this.autoKillArmedAt = Date.now();
+    this.autoKillTimer = setTimeout(() => {
+      this.autoKillTimer = null;
+      this.autoKillArmedAt = null;
+      this.killAll({ force: false });
+      this.breaker.forceReset();
+      this._emitBreakerCountdown();
+    }, this.autoKillResetMs);
+    this.autoKillTimer.unref?.();
+    this._emitBreakerCountdown();
+  }
+  _cancelAutoKillReset() {
+    const wasArmed = this.autoKillArmedAt !== null;
+    this._clearAutoKillTimer();
+    if (wasArmed) {
+      this.autoKillArmedAt = null;
+      this._emitBreakerCountdown();
+    }
+  }
+  _clearAutoKillTimer() {
+    if (this.autoKillTimer !== null) {
+      clearTimeout(this.autoKillTimer);
+      this.autoKillTimer = null;
+    }
+  }
   /** Kill a single process by PID.
    *
    *  On POSIX: sends SIGTERM to the *process group* (-pid) so that
@@ -389,6 +524,6 @@ function _resetProcessRegistry() {
   _registry = void 0;
 }
 
-export { _resetProcessRegistry, getProcessRegistry, killWin32Tree, redactCommand };
+export { ProcessRegistryImpl, _resetProcessRegistry, getProcessRegistry, killWin32Tree, redactCommand };
 //# sourceMappingURL=process-registry.js.map
 //# sourceMappingURL=process-registry.js.map

package/dist/process-registry.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../src/circuit-breaker.ts","../src/process-registry.ts"],"names":[],"mappings":";;;;;;;AA6DA,IAAM,gCAAA,GAAmC,CAAA;AACzC,IAAM,8BAAA,GAAiC,IAAA;AAIvC,IAAM,sBAAA,GAAyB,CAAA;AAC/B,IAAM,iBAAA,GAAoB,GAAA;AAC1B,IAAM,4BAAA,GAA+B,EAAA;AACrC,IAAM,mBAAA,GAAsB,GAAA;AAarB,IAAM,iBAAN,MAAqB;AAAA,EACT,sBAAA;AAAA,EACA,mBAAA;AAAA,EACA,YAAA;AAAA,EACA,QAAA;AAAA,EACA,iBAAA;AAAA,EACA,UAAA;AAAA,EAET,KAAA,GAAsB,QAAA;AAAA,EACtB,mBAAA,GAAsB,CAAA;AAAA,EACtB,SAAuB,EAAC;AAAA,EACxB,aAAA,GAA+B,IAAA;AAAA,EAC/B,UAAA,GAA4B,IAAA;AAAA;AAAA,EAE5B,QAAA,GAA0B,IAAA;AAAA,EAElC,WAAA,CAAY,MAAA,GAA+B,EAAC,EAAG;AAC7C,IAAA,IAAA,CAAK,sBAAA,GAAyB,OAAO,sBAAA,IAA0B,gCAAA;AAC/D,IAAA,IAAA,CAAK,mBAAA,GAAsB,OAAO,mBAAA,IAAuB,8BAAA;AACzD,IAAA,IAAA,CAAK,YAAA,GAAe,OAAO,YAAA,IAAgB,sBAAA;AAC3C,IAAA,IAAA,CAAK,QAAA,GAAW,OAAO,QAAA,IAAY,iBAAA;AACnC,IAAA,IAAA,CAAK,iBAAA,GAAoB,OAAO,iBAAA,IAAqB,4BAAA;AACrD,IAAA,IAAA,CAAK,UAAA,GAAa,OAAO,UAAA,IAAc,mBAAA;AAAA,EACzC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,IAAI,UAAA,GAAsB;AACxB,IAAA,IAAA,CAAK,qBAAA,EAAsB;AAC3B,IAAA,OAAO,KAAK,KAAA,KAAU,MAAA;AAAA,EACxB;AAAA;AAAA;AAAA;AAAA,EAKA,QAAA,GAAmC;AACjC,IAAA,IAAA,CAAK,qBAAA,EAAsB;AAC3B,IAAA,MAAM,GAAA,GAAM,KAAK,GAAA,EAAI;AACrB,IAAA,IAAI,iBAAA,GAAmC,IAAA;AACvC,IAAA,IAAI,IAAA,CAAK,QAAA,KAAa,IAAA,IAAQ,IAAA,CAAK,UAAU,MAAA,EAAQ;AACnD,MAAA,MAAM,OAAA,GAAU,MAAM,IAAA,CAAK,QAAA;AAC3B,MAAA,iBAAA,GAAoB,IAAA,CAAK,GAAA,CAAI,CAAA,EAAG,IAAA,CAAK,aAAa,OAAO,CAAA;AAAA,IAC3D;AACA,IAAA,OAAO;AAAA,MACL,OAAO,IAAA,CAAK,KAAA;AAAA,MACZ,qBAAqB,IAAA,CAAK,mBAAA;AAAA,MAC1B,iBAAA,EAAmB,KAAK,MAAA,CAAO,MAAA,CAAO,CAAC,CAAA,KAAM,CAAA,CAAE,IAAI,CAAA,CAAE,MAAA;AAAA,MACrD,aAAA,EAAe,KAAK,MAAA,CAAO,MAAA;AAAA,MAC3B,UAAU,IAAA,CAAK,QAAA;AAAA,MACf,mBAAA,EAAqB,iBAAA;AAAA,MACrB,eAAe,IAAA,CAAK,aAAA;AAAA,MACpB,YAAY,IAAA,CAAK;AAAA,KACnB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAWA,UAAA,CAAW,SAAS,KAAA,EAAgB;AAClC,IAAA,IAAI,QAAQ,OAAO,IAAA;AACnB,IAAA,IAAA,CAAK,qBAAA,EAAsB;AAC3B,IAAA,IAAI,IAAA,CAAK,KAAA,KAAU,MAAA,EAAQ,OAAO,KAAA;AAClC,IAAA,OAAO,IAAA;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAWA,SAAA,CAAU,UAAA,EAAoB,MAAA,EAAiB,MAAA,GAAS,KAAA,EAAa;AACnE,IAAA,IAAI,MAAA,EAAQ;AAEZ,IAAA,MAAM,GAAA,GAAM,KAAK,GAAA,EAAI;AAErB,IAAA,IAAI,IAAA,CAAK,UAAU,WAAA,EAAa;AAE9B,MAAA,IAAI,MAAA,EAAQ;AACV,QAAA,IAAA,CAAK,KAAA,EAAM;AACX,QAAA;AAAA,MACF;AAEA,MAAA,IAAA,CAAK,MAAA,EAAO;AACZ,MAAA;AAAA,IACF;AAGA,IAAA,IAAA,CAAK,aAAa,GAAG,CAAA;AAErB,IAAA,MAAM,IAAA,GAAO,cAAc,IAAA,CAAK,mBAAA;AAChC,IAAA,IAAA,CAAK,OAAO,IAAA,CAAK,EAAE,IAAI,GAAA,EAAK,MAAA,EAAQ,MAAM,CAAA;AAE1C,IAAA,IAAI,MAAA,EAAQ;AACV,MAAA,IAAA,CAAK,mBAAA,EAAA;AACL,MAAA,IAAA,CAAK,aAAA,GAAgB,GAAA;AACrB,MAAA,IAAI,IAAA,CAAK,mBAAA,IAAuB,IAAA,CAAK,sBAAA,EAAwB;AAC3D,QAAA,IAAA,CAAK,KAAA,EAAM;AAAA,MACb;AACA,MAAA;AAAA,IACF;AAGA,IAAA,IAAA,CAAK,mBAAA,GAAsB,CAAA;AAE3B,IAAA,IAAI,IAAA,EAAM;AACR,MAAA,IAAA,CAAK,UAAA,GAAa,GAAA;AAClB,MAAA,MAAM,SAAA,GAAY,KAAK,MAAA,CAAO,MAAA,CAAO,CAAC,CAAA,KAAM,CAAA,CAAE,IAAI,CAAA,CAAE,MAAA;AACpD,MAAA,IAAI,SAAA,IAAa,KAAK,YAAA,EAAc;AAClC,QAAA,IAAA,CAAK,KAAA,EAAM;AAAA,MACb;AAAA,IACF;AAEA,IAAA,MAAM,SAAA,GAAY,KAAK,MAAA,CAAO,MAAA;AAC9B,IAAA,IAAI,SAAA,IAAa,KAAK,iBAAA,EAAmB;AAIvC,MAAA,IAAA,CAAK,KAAA,EAAM;AAAA,IACb;AAAA,EACF;AAAA;AAAA,EAGA,SAAA,GAAkB;AAChB,IAAA,IAAA,CAAK,KAAA,EAAM;AAAA,EACb;AAAA;AAAA,EAGA,UAAA,GAAmB;AACjB,IAAA,IAAA,CAAK,MAAA,EAAO;AAAA,EACd;AAAA,EAEQ,KAAA,GAAc;AACpB,IAAA,IAAI,IAAA,CAAK,UAAU,MAAA,EAAQ;AAC3B,IAAA,IAAA,CAAK,KAAA,GAAQ,MAAA;AACb,IAAA,IAAA,CAAK,QAAA,GAAW,KAAK,GAAA,EAAI;AAAA,EAC3B;AAAA,EAEQ,MAAA,GAAe;AACrB,IAAA,IAAA,CAAK,KAAA,GAAQ,QAAA;AACb,IAAA,IAAA,CAAK,mBAAA,GAAsB,CAAA;AAC3B,IAAA,IAAA,CAAK,SAAS,EAAC;AACf,IAAA,IAAA,CAAK,QAAA,GAAW,IAAA;AAAA,EAClB;AAAA;AAAA,EAGQ,qBAAA,GAA8B;AACpC,IAAA,IAAI,IAAA,CAAK,KAAA,KAAU,MAAA,IAAU,IAAA,CAAK,aAAa,IAAA,EAAM;AACrD,IAAA,MAAM,OAAA,GAAU,IAAA,CAAK,GAAA,EAAI,GAAI,IAAA,CAAK,QAAA;AAClC,IAAA,IAAI,OAAA,IAAW,KAAK,UAAA,EAAY;AAC9B,MAAA,IAAA,CAAK,KAAA,GAAQ,WAAA;AACb,MAAA,IAAA,CAAK,QAAA,GAAW,IAAA;AAAA,IAClB;AAAA,EACF;AAAA,EAEQ,aAAa,GAAA,EAAmB;AACtC,IAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,QAAA;AAC1B,IAAA,IAAA,CAAK,MAAA,GAAS,KAAK,MAAA,CAAO,MAAA,CAAO,CAAC,CAAA,KAAM,CAAA,CAAE,MAAM,MAAM,CAAA;AAAA,EACxD;AACF,CAAA;;;AClNA,IAAM,uBAAA,GAAoC;AAAA;AAAA,EAExC,4NAAA;AAAA;AAAA,EAEA,iCAAA;AAAA,EACA,8CAAA;AAAA;AAAA,EAEA,iJAAA;AAAA;AAAA;AAAA,EAGA;AACF,CAAA;AAMO,SAAS,cAAc,GAAA,EAAqB;AACjD,EAAA,IAAI,MAAA,GAAS,GAAA;AACb,EAAA,KAAA,MAAW,WAAW,uBAAA,EAAyB;AAC7C,IAAA,MAAA,GAAS,MAAA,CAAO,OAAA,CAAQ,OAAA,EAAS,CAAC,KAAA,KAAU;AAG1C,MAAA,MAAM,EAAA,GAAK,KAAA,CAAM,OAAA,CAAQ,GAAG,CAAA;AAC5B,MAAA,MAAM,EAAA,GAAK,KAAA,CAAM,MAAA,CAAO,IAAI,CAAA;AAC5B,MAAA,MAAM,KAAA,GAAQ,OAAO,EAAA,GAAK,GAAA,GAAM,OAAO,EAAA,GAAK,KAAA,CAAM,EAAE,CAAA,GAAI,IAAA;AACxD,MAAA,IAAI,UAAU,IAAA,EAAM;AAClB,QAAA,MAAM,IAAA,GAAO,KAAA,CAAM,KAAA,CAAM,CAAA,EAAG,KAAA,CAAM,QAAQ,aAAA,CAAc,KAAK,CAAC,CAAA,GAAI,CAAC,CAAA;AACnE,QAAA,OAAO,GAAG,IAAI,CAAA,UAAA,CAAA;AAAA,MAChB;AAGA,MAAA,MAAM,UAAU,KAAA,CAAM,KAAA,CAAM,4BAA4B,CAAA,GAAI,CAAC,CAAA,IAAK,KAAA;AAClE,MAAA,OAAO,GAAG,OAAO,CAAA,aAAA,CAAA;AAAA,IACnB,CAAC,CAAA;AAAA,EACH;AACA,EAAA,OAAO,MAAA;AACT;AAeA,IAAM,gBAAA,GAAmB,GAAA;AAelB,SAAS,cAAc,GAAA,EAAsB;AAClD,EAAA,IAAI;AACF,IAAA,KAAA,CAAM,UAAA,EAAY,CAAC,MAAA,EAAQ,MAAA,CAAO,GAAG,CAAA,EAAG,IAAA,EAAM,IAAI,CAAA,EAAG;AAAA,MACnD,KAAA,EAAO,QAAA;AAAA,MACP,WAAA,EAAa;AAAA,KACd,EAAE,KAAA,EAAM;AACT,IAAA,OAAO,IAAA;AAAA,EACT,CAAA,CAAA,MAAQ;AACN,IAAA,OAAO,KAAA;AAAA,EACT;AACF;AAEA,IAAM,sBAAN,MAA0B;AAAA,EACP,SAAA,uBAAgB,GAAA,EAA4B;AAAA,EAC5C,OAAA;AAAA,EAEjB,YAAY,aAAA,EAAsC;AAChD,IAAA,IAAA,CAAK,OAAA,GAAU,IAAI,cAAA,CAAe,aAAa,CAAA;AAAA,EACjD;AAAA,EAEA,SAAS,IAAA,EAAgG;AACvG,IAAA,IAAA,CAAK,SAAA,CAAU,GAAA,CAAI,IAAA,CAAK,GAAA,EAAK,EAAE,GAAG,IAAA,EAAM,MAAA,EAAQ,KAAA,EAAO,SAAA,EAAW,IAAA,CAAK,SAAA,IAAa,OAAO,CAAA;AAAA,EAC7F;AAAA;AAAA,EAGA,WAAW,GAAA,EAAmB;AAC5B,IAAA,IAAA,CAAK,SAAA,CAAU,OAAO,GAAG,CAAA;AAAA,EAC3B;AAAA;AAAA,EAGA,IAAI,GAAA,EAAyC;AAC3C,IAAA,OAAO,IAAA,CAAK,SAAA,CAAU,GAAA,CAAI,GAAG,CAAA;AAAA,EAC/B;AAAA;AAAA,EAGA,IAAA,GAAyB;AACvB,IAAA,OAAO,KAAA,CAAM,IAAA,CAAK,IAAA,CAAK,SAAA,CAAU,QAAQ,CAAA;AAAA,EAC3C;AAAA;AAAA,EAGA,OAAO,IAAA,EAAgC;AACrC,IAAA,OAAO,IAAA,CAAK,MAAK,CAAE,MAAA,CAAO,CAAC,CAAA,KAAM,CAAA,CAAE,SAAS,IAAI,CAAA;AAAA,EAClD;AAAA;AAAA,EAGA,UAAU,SAAA,EAAqC;AAC7C,IAAA,OAAO,IAAA,CAAK,MAAK,CAAE,MAAA,CAAO,CAAC,CAAA,KAAM,CAAA,CAAE,cAAc,SAAS,CAAA;AAAA,EAC5D;AAAA;AAAA,EAGA,IAAI,WAAA,GAAsB;AACxB,IAAA,IAAI,CAAA,GAAI,CAAA;AACR,IAAA,KAAA,MAAW,CAAA,IAAK,IAAA,CAAK,SAAA,CAAU,MAAA,EAAO,EAAG;AACvC,MAAA,IAAI,CAAC,EAAE,MAAA,EAAQ,CAAA,EAAA;AAAA,IACjB;AACA,IAAA,OAAO,CAAA;AAAA,EACT;AAAA;AAAA;AAAA;AAAA,EAKA,KAAA,GAAuB;AACrB,IAAA,OAAO;AAAA,MACL,aAAa,IAAA,CAAK,WAAA;AAAA,MAClB,UAAA,EAAY,KAAK,SAAA,CAAU,IAAA;AAAA,MAC3B,OAAA,EAAS,IAAA,CAAK,OAAA,CAAQ,QAAA;AAAS,KACjC;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,IAAI,UAAA,GAAsB;AACxB,IAAA,OAAO,KAAK,OAAA,CAAQ,UAAA;AAAA,EACtB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,UAAA,CAAW,SAAS,KAAA,EAAgB;AAClC,IAAA,OAAO,IAAA,CAAK,OAAA,CAAQ,UAAA,CAAW,MAAM,CAAA;AAAA,EACvC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,SAAA,CAAU,UAAA,EAAoB,MAAA,EAAiB,MAAA,GAAS,KAAA,EAAa;AACnE,IAAA,IAAA,CAAK,OAAA,CAAQ,SAAA,CAAU,UAAA,EAAY,MAAA,EAAQ,MAAM,CAAA;AAAA,EACnD;AAAA;AAAA,EAGA,gBAAA,GAAyB;AACvB,IAAA,IAAA,CAAK,QAAQ,SAAA,EAAU;AAAA,EACzB;AAAA;AAAA,EAGA,iBAAA,GAA0B;AACxB,IAAA,IAAA,CAAK,QAAQ,UAAA,EAAW;AAAA,EAC1B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAeA,IAAA,CAAK,GAAA,EAAa,IAAA,GAAiB,EAAC,EAAY;AAC9C,IAAA,MAAM,CAAA,GAAI,IAAA,CAAK,SAAA,CAAU,GAAA,CAAI,GAAG,CAAA;AAChC,IAAA,IAAI,CAAC,GAAG,OAAO,KAAA;AACf,IAAA,IAAI,CAAA,CAAE,QAAQ,OAAO,IAAA;AACrB,IAAA,IAAI,CAAA,CAAE,WAAW,OAAO,KAAA;AAExB,IAAA,MAAM,EAAE,KAAA,GAAQ,KAAA,EAAO,OAAA,GAAU,kBAAiB,GAAI,IAAA;AACtD,IAAA,MAAM,KAAA,GAAW,aAAS,KAAM,OAAA;AAEhC,IAAA,IAAI,KAAA,EAAO;AAWT,MAAA,MAAM,aAAA,GAAgB,EAAE,KAAA,CAAM,QAAA,KAAa,QAAQ,OAAO,CAAA,CAAE,MAAM,GAAA,KAAQ,QAAA;AAC1E,MAAA,IAAI,aAAA,IAAiB,aAAA,CAAc,GAAG,CAAA,EAAG;AACvC,QAAA,MAAM,QAAA,GAAW,WAAW,MAAM;AAChC,UAAA,IAAI,CAAA,CAAE,KAAA,CAAM,QAAA,KAAa,IAAA,EAAM;AAC7B,YAAA,IAAI;AACF,cAAA,CAAA,CAAE,KAAA,CAAM,KAAK,SAAS,CAAA;AAAA,YACxB,CAAA,CAAA,MAAQ;AAAA,YAER;AAAA,UACF;AAAA,QACF,GAAG,OAAO,CAAA;AACV,QAAA,QAAA,CAAS,KAAA,IAAQ;AAAA,MACnB,CAAA,MAAO;AACL,QAAA,IAAI;AACF,UAAA,CAAA,CAAE,KAAA,CAAM,IAAA,CAAK,KAAA,GAAQ,SAAA,GAAY,SAAS,CAAA;AAAA,QAC5C,CAAA,CAAA,MAAQ;AAAA,QAER;AAAA,MACF;AACA,MAAA,CAAA,CAAE,MAAA,GAAS,IAAA;AACX,MAAA,OAAO,IAAA;AAAA,IACT;AAGA,IAAA,IAAI;AACF,MAAA,IAAI,KAAA,EAAO;AACT,QAAA,IAAI;AACF,UAAA,OAAA,CAAQ,IAAA,CAAK,CAAC,GAAA,EAAK,SAAS,CAAA;AAAA,QAC9B,CAAA,CAAA,MAAQ;AACN,UAAA,CAAA,CAAE,KAAA,CAAM,KAAK,SAAS,CAAA;AAAA,QACxB;AAAA,MACF,CAAA,MAAO;AACL,QAAA,IAAI;AACF,UAAA,OAAA,CAAQ,IAAA,CAAK,CAAC,GAAA,EAAK,SAAS,CAAA;AAAA,QAC9B,CAAA,CAAA,MAAQ;AACN,UAAA,CAAA,CAAE,KAAA,CAAM,KAAK,SAAS,CAAA;AAAA,QACxB;AAEA,QAAA,MAAM,KAAA,GAAQ,WAAW,MAAM;AAE7B,UAAA,IAAI,IAAA,CAAK,UAAU,GAAA,CAAI,GAAG,KAAK,CAAC,CAAA,CAAE,MAAM,MAAA,EAAQ;AAC9C,YAAA,IAAI;AACF,cAAA,OAAA,CAAQ,IAAA,CAAK,CAAC,GAAA,EAAK,SAAS,CAAA;AAAA,YAC9B,CAAA,CAAA,MAAQ;AACN,cAAA,IAAI;AACF,gBAAA,CAAA,CAAE,KAAA,CAAM,KAAK,SAAS,CAAA;AAAA,cACxB,CAAA,CAAA,MAAQ;AAAA,cAER;AAAA,YACF;AAAA,UACF;AAAA,QACF,GAAG,OAAO,CAAA;AACV,QAAA,KAAA,CAAM,KAAA,IAAQ;AAAA,MAChB;AAAA,IACF,CAAA,CAAA,MAAQ;AAAA,IAER;AACA,IAAA,CAAA,CAAE,MAAA,GAAS,IAAA;AACX,IAAA,OAAO,IAAA;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OAAA,CAAQ,IAAA,GAAiB,EAAC,EAAa;AACrC,IAAA,MAAM,OAAO,KAAA,CAAM,IAAA,CAAK,IAAA,CAAK,SAAA,CAAU,MAAM,CAAA;AAC7C,IAAA,MAAM,SAAmB,EAAC;AAC1B,IAAA,KAAA,MAAW,OAAO,IAAA,EAAM;AACtB,MAAA,MAAM,CAAA,GAAI,IAAA,CAAK,SAAA,CAAU,GAAA,CAAI,GAAG,CAAA;AAChC,MAAA,IAAI,CAAA,IAAK,CAAC,CAAA,CAAE,SAAA,IAAa,IAAA,CAAK,IAAA,CAAK,GAAA,EAAK,IAAI,CAAA,EAAG,MAAA,CAAO,IAAA,CAAK,GAAG,CAAA;AAAA,IAChE;AACA,IAAA,OAAO,MAAA;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,WAAA,CAAY,SAAA,EAAmB,IAAA,GAAiB,EAAC,EAAa;AAC5D,IAAA,MAAM,IAAA,GAAO,KAAK,SAAA,CAAU,SAAS,EAAE,GAAA,CAAI,CAAC,CAAA,KAAM,CAAA,CAAE,GAAG,CAAA;AACvD,IAAA,MAAM,SAAmB,EAAC;AAC1B,IAAA,KAAA,MAAW,OAAO,IAAA,EAAM;AACtB,MAAA,IAAI,KAAK,IAAA,CAAK,GAAA,EAAK,IAAI,CAAA,EAAG,MAAA,CAAO,KAAK,GAAG,CAAA;AAAA,IAC3C;AACA,IAAA,OAAO,MAAA;AAAA,EACT;AACF,CAAA;AAGA,IAAI,SAAA;AAEG,SAAS,kBAAA,GAA0C;AACxD,EAAA,IAAI,CAAC,SAAA,EAAW;AACd,IAAA,SAAA,GAAY,IAAI,mBAAA,EAAoB;AAAA,EACtC;AACA,EAAA,OAAO,SAAA;AACT;AAGO,SAAS,qBAAA,GAA8B;AAC5C,EAAA,SAAA,GAAY,MAAA;AACd","file":"process-registry.js","sourcesContent":["/**\n * CircuitBreaker — prevents runaway bash/exec tool chains by:\n *\n *   - Tripping on consecutive failures (models that keep repeating the\n *     same failing command, e.g. `npm install` with wrong args in a loop)\n *   - Tripping on slow call ratio (too many long-running commands suggest\n *     a hung subprocess that the model doesn't know how to kill)\n *   - Rate-limiting bursts (rapid succession of commands without reading\n *     output suggests the model isn't processing results)\n *   - Auto-recovering after a cooldown period so a fixed model can resume\n *\n * The breaker is owned by the ProcessRegistry so any tool that registers\n * a process participates in the same circuit. \"Per-tool\" isolation is\n * intentionally NOT implemented — the model treats bash/exec as one\n * resource pool; isolating them would let the model route around the\n * breaker by alternating which tool it uses.\n */\n\nexport interface CircuitBreakerConfig {\n  /**\n   * Consecutive failures before trip. Default: 5.\n   * A single success resets this counter to 0.\n   */\n  maxConsecutiveFailures?: number | undefined;\n  /**\n   * Slow-call threshold in ms. A call that runs longer than this is\n   * counted as \"slow\". Default: 60_000 (1 minute).\n   */\n  slowCallThresholdMs?: number | undefined;\n  /**\n   * Max slow calls before trip (within the sliding window). Default: 3.\n   */\n  maxSlowCalls?: number | undefined;\n  /**\n   * Sliding window for rate-limit and slow-call counting, in ms.\n   * Default: 60_000 (1 minute).\n   */\n  windowMs?: number | undefined;\n  /**\n   * Max calls within the sliding window. Default: 30.\n   * Burst exceeding this trips the breaker immediately.\n   */\n  maxCallsPerWindow?: number | undefined;\n  /**\n   * Cooldown before auto-recovery attempt, in ms. Default: 30_000 (30s).\n   * After this the breaker enters \"half-open\" state and allows one call\n   * through to test whether the problem is resolved.\n   */\n  cooldownMs?: number | undefined;\n}\n\ninterface CallRecord {\n  at: number;\n  /** True if the call threw or returned an is_error result. */\n  failed: boolean;\n  /** True if elapsed time exceeded slowCallThresholdMs. */\n  slow: boolean;\n}\n\ntype BreakerState = 'closed' | 'open' | 'half-open';\n\nconst DEFAULT_MAX_CONSECUTIVE_FAILURES = 5;\nconst DEFAULT_SLOW_CALL_THRESHOLD_MS = 180_000;\n// 3 minutes — balanced against the 5-minute bash timeout. Commands\n// running <3min are normal; 3-5min are \"slow\" and count toward the\n// breaker. 3 consecutive slow calls trip the circuit.\nconst DEFAULT_MAX_SLOW_CALLS = 3;\nconst DEFAULT_WINDOW_MS = 60_000;\nconst DEFAULT_MAX_CALLS_PER_WINDOW = 30;\nconst DEFAULT_COOLDOWN_MS = 30_000;\n\nexport interface CircuitBreakerSnapshot {\n  state: 'closed' | 'open' | 'half-open';\n  consecutiveFailures: number;\n  slowCallsInWindow: number;\n  callsInWindow: number;\n  windowMs: number;\n  cooldownRemainingMs: number | null;\n  lastFailureAt: number | null;\n  lastSlowAt: number | null;\n}\n\nexport class CircuitBreaker {\n  private readonly maxConsecutiveFailures: number;\n  private readonly slowCallThresholdMs: number;\n  private readonly maxSlowCalls: number;\n  private readonly windowMs: number;\n  private readonly maxCallsPerWindow: number;\n  private readonly cooldownMs: number;\n\n  private state: BreakerState = 'closed';\n  private consecutiveFailures = 0;\n  private window: CallRecord[] = [];\n  private lastFailureAt: number | null = null;\n  private lastSlowAt: number | null = null;\n  /** Timestamp when the breaker was opened (for cooldown calculation). */\n  private openedAt: number | null = null;\n\n  constructor(config: CircuitBreakerConfig = {}) {\n    this.maxConsecutiveFailures = config.maxConsecutiveFailures ?? DEFAULT_MAX_CONSECUTIVE_FAILURES;\n    this.slowCallThresholdMs = config.slowCallThresholdMs ?? DEFAULT_SLOW_CALL_THRESHOLD_MS;\n    this.maxSlowCalls = config.maxSlowCalls ?? DEFAULT_MAX_SLOW_CALLS;\n    this.windowMs = config.windowMs ?? DEFAULT_WINDOW_MS;\n    this.maxCallsPerWindow = config.maxCallsPerWindow ?? DEFAULT_MAX_CALLS_PER_WINDOW;\n    this.cooldownMs = config.cooldownMs ?? DEFAULT_COOLDOWN_MS;\n  }\n\n  /**\n   * Returns true if the circuit allows a new call to proceed.\n   * When false, callers should abort the tool call and return a\n   * circuit-breaker error instead of spawning a process.\n   */\n  get canProceed(): boolean {\n    this._checkStateTransition();\n    return this.state !== 'open';\n  }\n\n  /**\n   * Snapshot of the current breaker state for observability (`/kill`).\n   */\n  snapshot(): CircuitBreakerSnapshot {\n    this._checkStateTransition();\n    const now = Date.now();\n    let cooldownRemaining: number | null = null;\n    if (this.openedAt !== null && this.state === 'open') {\n      const elapsed = now - this.openedAt;\n      cooldownRemaining = Math.max(0, this.cooldownMs - elapsed);\n    }\n    return {\n      state: this.state,\n      consecutiveFailures: this.consecutiveFailures,\n      slowCallsInWindow: this.window.filter((c) => c.slow).length,\n      callsInWindow: this.window.length,\n      windowMs: this.windowMs,\n      cooldownRemainingMs: cooldownRemaining,\n      lastFailureAt: this.lastFailureAt,\n      lastSlowAt: this.lastSlowAt,\n    };\n  }\n\n  /**\n   * Call this BEFORE spawning a bash/exec process.\n   * Returns true if the call is allowed; false if the breaker is open.\n   * When false, callers MUST NOT spawn a process.\n   *\n   * @param bypass - If true, skip the circuit breaker check entirely.\n   *                  Use for background/fire-and-forget processes that should\n   *                  not affect breaker state.\n   */\n  beforeCall(bypass = false): boolean {\n    if (bypass) return true;\n    this._checkStateTransition();\n    if (this.state === 'open') return false;\n    return true;\n  }\n\n  /**\n   * Call this AFTER a bash/exec process finishes (success or failure).\n   * `durationMs` is the wall-clock time the process ran.\n   * `failed` is true when the process returned a non-zero exit code or\n   * threw an exception before spawning.\n   *\n   * @param bypass - If true, do not update breaker state.\n   *                  Use for background/fire-and-forget processes.\n   */\n  afterCall(durationMs: number, failed: boolean, bypass = false): void {\n    if (bypass) return;\n\n    const now = Date.now();\n\n    if (this.state === 'half-open') {\n      // First call through after cooldown — if it failed, go back to open.\n      if (failed) {\n        this._trip();\n        return;\n      }\n      // Success in half-open → reset to closed.\n      this._reset();\n      return;\n    }\n\n    // Prune old records outside the sliding window.\n    this._pruneWindow(now);\n\n    const slow = durationMs >= this.slowCallThresholdMs;\n    this.window.push({ at: now, failed, slow });\n\n    if (failed) {\n      this.consecutiveFailures++;\n      this.lastFailureAt = now;\n      if (this.consecutiveFailures >= this.maxConsecutiveFailures) {\n        this._trip();\n      }\n      return;\n    }\n\n    // Success: reset consecutive failure counter.\n    this.consecutiveFailures = 0;\n\n    if (slow) {\n      this.lastSlowAt = now;\n      const slowCount = this.window.filter((c) => c.slow).length;\n      if (slowCount >= this.maxSlowCalls) {\n        this._trip();\n      }\n    }\n\n    const callCount = this.window.length;\n    if (callCount >= this.maxCallsPerWindow) {\n      // Rate limit exceeded. This is a soft trip — we reset the window\n      // and let the next call try immediately (the caller will still see\n      // canProceed=false until the window drains naturally).\n      this._trip();\n    }\n  }\n\n  /** Force the breaker open. Used by /kill force and Ctrl+C. */\n  forceOpen(): void {\n    this._trip();\n  }\n\n  /** Force a reset to closed. Used by tests and /kill reset. */\n  forceReset(): void {\n    this._reset();\n  }\n\n  private _trip(): void {\n    if (this.state === 'open') return; // already open\n    this.state = 'open';\n    this.openedAt = Date.now();\n  }\n\n  private _reset(): void {\n    this.state = 'closed';\n    this.consecutiveFailures = 0;\n    this.window = [];\n    this.openedAt = null;\n  }\n\n  /** Transition from open → half-open when cooldown elapses. */\n  private _checkStateTransition(): void {\n    if (this.state !== 'open' || this.openedAt === null) return;\n    const elapsed = Date.now() - this.openedAt;\n    if (elapsed >= this.cooldownMs) {\n      this.state = 'half-open';\n      this.openedAt = null;\n    }\n  }\n\n  private _pruneWindow(now: number): void {\n    const cutoff = now - this.windowMs;\n    this.window = this.window.filter((c) => c.at >= cutoff);\n  }\n}","import { expectDefined } from '@wrongstack/core';\n/**\n * ProcessRegistry — global singleton that tracks all spawned child processes\n * from `bash` and `exec` tools. Enables:\n *\n *   - Listing active processes (for TUI status bar)\n *   - Killing individual processes or all processes (for Ctrl+C and /kill)\n *   - Detecting runaway processes (hung, looping)\n *   - Circuit breaker integration to prevent recursive/repeated failures\n *\n * Thread-safety: Node.js is single-threaded, but async callbacks can fire\n * in any order. All mutations go through synchronized Map methods.\n */\nimport { spawn } from 'node:child_process';\nimport type { ChildProcess } from 'node:child_process';\nimport * as os from 'node:os';\nimport { CircuitBreaker, type CircuitBreakerSnapshot, type CircuitBreakerConfig } from './circuit-breaker.js';\nexport type { CircuitBreakerSnapshot, CircuitBreakerConfig } from './circuit-breaker.js';\n\nexport interface TrackedProcess {\n  pid: number;\n  name: string;\n  /** Display-safe redacted command string — safe for logs, /ps, crash dumps.\n   *  Contains [REDACTED] in place of sensitive flag values. */\n  command: string;\n  startedAt: number;\n  sessionId?: string | undefined;\n  /** The raw ChildProcess handle. Never call .kill() directly on this —\n   *  use `kill()` below which handles process groups correctly on POSIX\n   *  and degrades gracefully on Windows. */\n  child: ChildProcess;\n  /** True once the process has been kill()ed but not yet exited.\n   *  We keep it in the registry until 'close' fires so callers can\n   *  distinguish \"still running\" from \"just exited\". */\n  killed: boolean;\n  /** If true, kill() and killAll() will refuse to kill this process.\n   *  Used for infrastructure processes (browser, dev servers, …) that\n   *  must outlive the agent session. */\n  protected: boolean;\n}\n\n// Sensitive CLI flag patterns that may appear in process command lines.\n// Redacted to [REDACTED] so crash dumps /ps output cannot leak secrets.\nconst SENSITIVE_FLAG_PATTERNS: RegExp[] = [\n  // --flag=value  or  --flag \"value\"  (value captured up to next space or comma)\n  /--(?:token|password|passwd|pwd|secret|api[-_]?key|api[-_]?secret|auth|credential|private[-_]?key|access[-_]?key|github[-_]?token|gh[-_]?token|bearer|jwt|oauth|pin|pincode|passphrase|access[-_]?token)(?:[=\\s,][^\\s]*)?/gi,\n  // -f \"value\" style short flags\n  /(?<!\\w)-t(?:\\s+|\\s*=\\s*)[^\\s,]+/,\n  /(?<!\\w)-p(?:ssword)?(?:\\s+|\\s*=\\s*)[^\\s,]+/gi,\n  // env var–style secrets: TOKEN=x, API_KEY=y, etc.\n  /(?:TOKEN|API_KEY|API_SECRET|AUTH_TOKEN|GITHUB_TOKEN|GH_TOKEN|BEARER|JWT|OAUTH|CREDENTIAL|SECRET|PRIVATE_KEY|PASSWORD|PASSWD)\\s*[=:]\\s*[^\\s,]+/gi,\n  // Generic high-entropy look: base64 strings >32 chars or hex strings >32 digits — but only\n  // when preceded by a flag name (e.g. --github-token=EyJ...).\n  /--\\w*(?:token|key|secret|password|passwd|auth|credential)\\w*[=\\s,][A-Za-z0-9+/=]{32,}/,\n];\n\n/**\n * Returns a display-safe copy of `cmd` with sensitive flag values replaced by [REDACTED].\n * The original string is unchanged; this is pure and has no side effects.\n */\nexport function redactCommand(cmd: string): string {\n  let result = cmd;\n  for (const pattern of SENSITIVE_FLAG_PATTERNS) {\n    result = result.replace(pattern, (match) => {\n      // Preserve the flag name portion; redact only the value part.\n      // e.g. \"--token=sekrit_abc\"  →  \"--token=[REDACTED]\"\n      const eq = match.indexOf('=');\n      const sp = match.search(/\\s/);\n      const delim = eq !== -1 ? '=' : sp !== -1 ? match[sp] : null;\n      if (delim !== null) {\n        const flag = match.slice(0, match.indexOf(expectDefined(delim)) + 1);\n        return `${flag}[REDACTED]`;\n      }\n      // Nothing delimitable found; replace the whole token silently.\n      // Short flags like -tVALUE are replaced entirely to avoid edge cases.\n      const flagEnd = match.match(/^--?[a-zA-Z][a-zA-Z0-9_-]*/)?.[0] ?? match;\n      return `${flagEnd}=**redacted**`;\n    });\n  }\n  return result;\n}\n\ninterface KillOpts {\n  /** SIGKILL instead of SIGTERM. Default: false (SIGTERM first). */\n  force?: boolean | undefined;\n  /** MS to wait between SIGTERM and SIGKILL on POSIX. Default: 2000. */\n  graceMs?: number | undefined;\n}\n\nexport interface RegistryStats {\n  activeCount: number;\n  totalCount: number;\n  breaker: CircuitBreakerSnapshot;\n}\n\nconst DEFAULT_GRACE_MS = 2000;\n\n/**\n * Kill an entire process tree on Windows via `taskkill /T /F`.\n *\n * TerminateProcess (what `child.kill()` maps to) has no process-group\n * semantics, so killing a shell wrapper (`cmd.exe /c …`) orphans its\n * grandchildren (node, vitest forks, dev servers). The orphans inherit the\n * parent's stdio pipe handles and can keep streaming into this process for\n * the rest of the session — which both prevents the child's 'close' event\n * from ever firing and grows in-memory output buffers without bound.\n *\n * Fire-and-forget: returns true if taskkill was spawned, false if spawning\n * it failed (caller should fall back to a direct `child.kill()`).\n */\nexport function killWin32Tree(pid: number): boolean {\n  try {\n    spawn('taskkill', ['/pid', String(pid), '/T', '/F'], {\n      stdio: 'ignore',\n      windowsHide: true,\n    }).unref();\n    return true;\n  } catch {\n    return false;\n  }\n}\n\nclass ProcessRegistryImpl {\n  private readonly processes = new Map<number, TrackedProcess>();\n  private readonly breaker: CircuitBreaker;\n\n  constructor(breakerConfig?: CircuitBreakerConfig) {\n    this.breaker = new CircuitBreaker(breakerConfig);\n  }\n\n  register(info: Omit<TrackedProcess, 'killed' | 'protected'> & { protected?: boolean | undefined }): void {\n    this.processes.set(info.pid, { ...info, killed: false, protected: info.protected ?? false });\n  }\n\n  /** Unregister a process by PID. Called on 'close' / 'exit' events. */\n  unregister(pid: number): void {\n    this.processes.delete(pid);\n  }\n\n  /** Get a single process by PID. */\n  get(pid: number): TrackedProcess | undefined {\n    return this.processes.get(pid);\n  }\n\n  /** Get all tracked processes. */\n  list(): TrackedProcess[] {\n    return Array.from(this.processes.values());\n  }\n\n  /** Get processes filtered by name (e.g. 'bash', 'exec'). */\n  byName(name: string): TrackedProcess[] {\n    return this.list().filter((p) => p.name === name);\n  }\n\n  /** Get processes filtered by session. */\n  bySession(sessionId: string): TrackedProcess[] {\n    return this.list().filter((p) => p.sessionId === sessionId);\n  }\n\n  /** Count of active (non-killed) processes. */\n  get activeCount(): number {\n    let n = 0;\n    for (const p of this.processes.values()) {\n      if (!p.killed) n++;\n    }\n    return n;\n  }\n\n  /**\n   * Combined stats for observability — used by /ps and the TUI status bar.\n   */\n  stats(): RegistryStats {\n    return {\n      activeCount: this.activeCount,\n      totalCount: this.processes.size,\n      breaker: this.breaker.snapshot(),\n    };\n  }\n\n  /**\n   * Returns true if the circuit allows a new bash/exec call to proceed.\n   * When false, callers MUST NOT spawn a process.\n   */\n  get canProceed(): boolean {\n    return this.breaker.canProceed;\n  }\n\n  /**\n   * Called before spawning a process. Returns true if allowed; false if\n   * the circuit breaker is open.\n   *\n   * @param bypass - If true, skip circuit breaker check (for background processes).\n   */\n  beforeCall(bypass = false): boolean {\n    return this.breaker.beforeCall(bypass);\n  }\n\n  /**\n   * Called after a process finishes. `durationMs` is wall-clock time;\n   * `failed` is true for non-zero exit codes.\n   *\n   * @param bypass - If true, do not update circuit breaker state (for background processes).\n   */\n  afterCall(durationMs: number, failed: boolean, bypass = false): void {\n    this.breaker.afterCall(durationMs, failed, bypass);\n  }\n\n  /** Force-open the circuit breaker (Ctrl+C, /kill force). */\n  forceBreakerOpen(): void {\n    this.breaker.forceOpen();\n  }\n\n  /** Force-reset the circuit breaker to closed (/kill reset). */\n  forceBreakerReset(): void {\n    this.breaker.forceReset();\n  }\n\n  /** Kill a single process by PID.\n   *\n   *  On POSIX: sends SIGTERM to the *process group* (-pid) so that\n   *  runaway grandchild processes (`sleep 9999 & disown`) are also killed.\n   *  After `graceMs` a SIGKILL is sent if the process hasn't exited.\n   *\n   *  On Windows: `child.kill()` maps to TerminateProcess — process groups\n   *  are not meaningfully supported. A second `force=true` call sends\n   *  SIGKILL (which maps to TerminateProcess again — the distinction is\n   *  in the exit code, not the signal).\n   *\n   *  Returns true if the process was found and kill was attempted.\n   */\n  kill(pid: number, opts: KillOpts = {}): boolean {\n    const p = this.processes.get(pid);\n    if (!p) return false;\n    if (p.killed) return true; // already kill()ed, don't double-send\n    if (p.protected) return false; // protected processes are never kill()ed\n\n    const { force = false, graceMs = DEFAULT_GRACE_MS } = opts;\n    const isWin = os.platform() === 'win32';\n\n    if (isWin) {\n      // Windows: no process group semantics. A direct kill terminates only\n      // the immediate child — shell-wrapped commands (cmd.exe /c …) leave\n      // grandchildren running that hold the inherited stdio pipes open and\n      // keep feeding output into this process indefinitely. Kill the whole\n      // tree via taskkill instead, but only for a real, still-running child\n      // (exitCode === null); test fakes and already-exited processes take\n      // the plain-kill path. The direct kill is deliberately NOT sent\n      // immediately alongside taskkill: killing the root first would break\n      // taskkill's parent-pid tree enumeration and orphan the grandchildren\n      // again — it runs as a delayed fallback instead.\n      const liveRealChild = p.child.exitCode === null && typeof p.child.pid === 'number';\n      if (liveRealChild && killWin32Tree(pid)) {\n        const fallback = setTimeout(() => {\n          if (p.child.exitCode === null) {\n            try {\n              p.child.kill('SIGKILL');\n            } catch {\n              // Process may have already exited.\n            }\n          }\n        }, graceMs);\n        fallback.unref?.();\n      } else {\n        try {\n          p.child.kill(force ? 'SIGKILL' : 'SIGTERM');\n        } catch {\n          // Process may have already exited.\n        }\n      }\n      p.killed = true;\n      return true;\n    }\n\n    // POSIX: kill the process group so grandchildren are cleaned up too.\n    try {\n      if (force) {\n        try {\n          process.kill(-pid, 'SIGKILL');\n        } catch {\n          p.child.kill('SIGKILL');\n        }\n      } else {\n        try {\n          process.kill(-pid, 'SIGTERM');\n        } catch {\n          p.child.kill('SIGTERM');\n        }\n        // Schedule SIGKILL as backup.\n        const timer = setTimeout(() => {\n          // Re-check: process may have exited on its own.\n          if (this.processes.has(pid) && !p.child.killed) {\n            try {\n              process.kill(-pid, 'SIGKILL');\n            } catch {\n              try {\n                p.child.kill('SIGKILL');\n              } catch {\n                /* already gone */\n              }\n            }\n          }\n        }, graceMs);\n        timer.unref?.(); // Don't keep event loop alive.\n      }\n    } catch {\n      // Process may have already exited.\n    }\n    p.killed = true;\n    return true;\n  }\n\n  /**\n   * Kill all tracked processes.\n   * Returns the PIDs that were kill()ed.\n   */\n  killAll(opts: KillOpts = {}): number[] {\n    const pids = Array.from(this.processes.keys());\n    const killed: number[] = [];\n    for (const pid of pids) {\n      const p = this.processes.get(pid);\n      if (p && !p.protected && this.kill(pid, opts)) killed.push(pid);\n    }\n    return killed;\n  }\n\n  /**\n   * Kill all processes for a specific session.\n   * Returns the PIDs that were kill()ed.\n   */\n  killSession(sessionId: string, opts: KillOpts = {}): number[] {\n    const pids = this.bySession(sessionId).map((p) => p.pid);\n    const killed: number[] = [];\n    for (const pid of pids) {\n      if (this.kill(pid, opts)) killed.push(pid);\n    }\n    return killed;\n  }\n}\n\n/** Module-level singleton. Initialized on first access. */\nlet _registry: ProcessRegistryImpl | undefined;\n\nexport function getProcessRegistry(): ProcessRegistryImpl {\n  if (!_registry) {\n    _registry = new ProcessRegistryImpl();\n  }\n  return _registry;\n}\n\n/** Reset for tests. */\nexport function _resetProcessRegistry(): void {\n  _registry = undefined;\n}\n\n// ── Convenience re-exports ────────────────────────────────────────────────────\n\nexport type { KillOpts };"]}
+{"version":3,"sources":["../src/circuit-breaker.ts","../src/process-registry.ts"],"names":[],"mappings":";;;;;;;AA6DA,IAAM,gCAAA,GAAmC,CAAA;AACzC,IAAM,8BAAA,GAAiC,IAAA;AAIvC,IAAM,sBAAA,GAAyB,CAAA;AAC/B,IAAM,iBAAA,GAAoB,GAAA;AAC1B,IAAM,4BAAA,GAA+B,EAAA;AACrC,IAAM,mBAAA,GAAsB,GAAA;AAarB,IAAM,iBAAN,MAAqB;AAAA,EACT,sBAAA;AAAA,EACA,mBAAA;AAAA,EACA,YAAA;AAAA,EACA,QAAA;AAAA,EACA,iBAAA;AAAA,EACA,UAAA;AAAA,EAET,KAAA,GAAsB,QAAA;AAAA,EACtB,mBAAA,GAAsB,CAAA;AAAA,EACtB,SAAuB,EAAC;AAAA,EACxB,aAAA,GAA+B,IAAA;AAAA,EAC/B,UAAA,GAA4B,IAAA;AAAA;AAAA,EAE5B,QAAA,GAA0B,IAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQ1B,OAAA,GAAU,IAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMlB,MAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAKA,OAAA;AAAA,EAEA,WAAA,CAAY,MAAA,GAA+B,EAAC,EAAG;AAC7C,IAAA,IAAA,CAAK,sBAAA,GAAyB,OAAO,sBAAA,IAA0B,gCAAA;AAC/D,IAAA,IAAA,CAAK,mBAAA,GAAsB,OAAO,mBAAA,IAAuB,8BAAA;AACzD,IAAA,IAAA,CAAK,YAAA,GAAe,OAAO,YAAA,IAAgB,sBAAA;AAC3C,IAAA,IAAA,CAAK,QAAA,GAAW,OAAO,QAAA,IAAY,iBAAA;AACnC,IAAA,IAAA,CAAK,iBAAA,GAAoB,OAAO,iBAAA,IAAqB,4BAAA;AACrD,IAAA,IAAA,CAAK,UAAA,GAAa,OAAO,UAAA,IAAc,mBAAA;AAAA,EACzC;AAAA;AAAA,EAGA,WAAW,OAAA,EAAwB;AACjC,IAAA,IAAI,IAAA,CAAK,YAAY,OAAA,EAAS;AAC9B,IAAA,IAAA,CAAK,OAAA,GAAU,OAAA;AACf,IAAA,IAAI,CAAC,OAAA,EAAS,IAAA,CAAK,MAAA,EAAO;AAAA,EAC5B;AAAA,EAEA,IAAI,SAAA,GAAqB;AACvB,IAAA,OAAO,IAAA,CAAK,OAAA;AAAA,EACd;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,IAAI,UAAA,GAAsB;AACxB,IAAA,IAAI,CAAC,IAAA,CAAK,OAAA,EAAS,OAAO,IAAA;AAC1B,IAAA,IAAA,CAAK,qBAAA,EAAsB;AAC3B,IAAA,OAAO,KAAK,KAAA,KAAU,MAAA;AAAA,EACxB;AAAA;AAAA;AAAA;AAAA,EAKA,QAAA,GAAmC;AACjC,IAAA,IAAA,CAAK,qBAAA,EAAsB;AAC3B,IAAA,MAAM,GAAA,GAAM,KAAK,GAAA,EAAI;AACrB,IAAA,IAAI,iBAAA,GAAmC,IAAA;AACvC,IAAA,IAAI,IAAA,CAAK,QAAA,KAAa,IAAA,IAAQ,IAAA,CAAK,UAAU,MAAA,EAAQ;AACnD,MAAA,MAAM,OAAA,GAAU,MAAM,IAAA,CAAK,QAAA;AAC3B,MAAA,iBAAA,GAAoB,IAAA,CAAK,GAAA,CAAI,CAAA,EAAG,IAAA,CAAK,aAAa,OAAO,CAAA;AAAA,IAC3D;AACA,IAAA,OAAO;AAAA,MACL,OAAO,IAAA,CAAK,KAAA;AAAA,MACZ,qBAAqB,IAAA,CAAK,mBAAA;AAAA,MAC1B,iBAAA,EAAmB,KAAK,MAAA,CAAO,MAAA,CAAO,CAAC,CAAA,KAAM,CAAA,CAAE,IAAI,CAAA,CAAE,MAAA;AAAA,MACrD,aAAA,EAAe,KAAK,MAAA,CAAO,MAAA;AAAA,MAC3B,UAAU,IAAA,CAAK,QAAA;AAAA,MACf,mBAAA,EAAqB,iBAAA;AAAA,MACrB,eAAe,IAAA,CAAK,aAAA;AAAA,MACpB,YAAY,IAAA,CAAK;AAAA,KACnB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAWA,UAAA,CAAW,SAAS,KAAA,EAAgB;AAClC,IAAA,IAAI,MAAA,IAAU,CAAC,IAAA,CAAK,OAAA,EAAS,OAAO,IAAA;AACpC,IAAA,IAAA,CAAK,qBAAA,EAAsB;AAC3B,IAAA,IAAI,IAAA,CAAK,KAAA,KAAU,MAAA,EAAQ,OAAO,KAAA;AAClC,IAAA,OAAO,IAAA;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAWA,SAAA,CAAU,UAAA,EAAoB,MAAA,EAAiB,MAAA,GAAS,KAAA,EAAa;AACnE,IAAA,IAAI,MAAA,IAAU,CAAC,IAAA,CAAK,OAAA,EAAS;AAE7B,IAAA,MAAM,GAAA,GAAM,KAAK,GAAA,EAAI;AAErB,IAAA,IAAI,IAAA,CAAK,UAAU,WAAA,EAAa;AAE9B,MAAA,IAAI,MAAA,EAAQ;AACV,QAAA,IAAA,CAAK,KAAA,EAAM;AACX,QAAA;AAAA,MACF;AAEA,MAAA,IAAA,CAAK,MAAA,EAAO;AACZ,MAAA;AAAA,IACF;AAGA,IAAA,IAAA,CAAK,aAAa,GAAG,CAAA;AAErB,IAAA,MAAM,IAAA,GAAO,cAAc,IAAA,CAAK,mBAAA;AAChC,IAAA,IAAA,CAAK,OAAO,IAAA,CAAK,EAAE,IAAI,GAAA,EAAK,MAAA,EAAQ,MAAM,CAAA;AAE1C,IAAA,IAAI,MAAA,EAAQ;AACV,MAAA,IAAA,CAAK,mBAAA,EAAA;AACL,MAAA,IAAA,CAAK,aAAA,GAAgB,GAAA;AACrB,MAAA,IAAI,IAAA,CAAK,mBAAA,IAAuB,IAAA,CAAK,sBAAA,EAAwB;AAC3D,QAAA,IAAA,CAAK,KAAA,EAAM;AAAA,MACb;AACA,MAAA;AAAA,IACF;AAGA,IAAA,IAAA,CAAK,mBAAA,GAAsB,CAAA;AAE3B,IAAA,IAAI,IAAA,EAAM;AACR,MAAA,IAAA,CAAK,UAAA,GAAa,GAAA;AAClB,MAAA,MAAM,SAAA,GAAY,KAAK,MAAA,CAAO,MAAA,CAAO,CAAC,CAAA,KAAM,CAAA,CAAE,IAAI,CAAA,CAAE,MAAA;AACpD,MAAA,IAAI,SAAA,IAAa,KAAK,YAAA,EAAc;AAClC,QAAA,IAAA,CAAK,KAAA,EAAM;AAAA,MACb;AAAA,IACF;AAEA,IAAA,MAAM,SAAA,GAAY,KAAK,MAAA,CAAO,MAAA;AAC9B,IAAA,IAAI,SAAA,IAAa,KAAK,iBAAA,EAAmB;AAIvC,MAAA,IAAA,CAAK,KAAA,EAAM;AAAA,IACb;AAAA,EACF;AAAA;AAAA,EAGA,SAAA,GAAkB;AAChB,IAAA,IAAA,CAAK,KAAA,EAAM;AAAA,EACb;AAAA;AAAA,EAGA,UAAA,GAAmB;AACjB,IAAA,IAAA,CAAK,MAAA,EAAO;AAAA,EACd;AAAA,EAEQ,KAAA,GAAc;AACpB,IAAA,IAAI,IAAA,CAAK,UAAU,MAAA,EAAQ;AAC3B,IAAA,IAAA,CAAK,KAAA,GAAQ,MAAA;AACb,IAAA,IAAA,CAAK,QAAA,GAAW,KAAK,GAAA,EAAI;AAEzB,IAAA,IAAI;AACF,MAAA,IAAA,CAAK,MAAA,IAAS;AAAA,IAChB,CAAA,CAAA,MAAQ;AAAA,IAER;AAAA,EACF;AAAA,EAEQ,MAAA,GAAe;AACrB,IAAA,MAAM,aAAA,GAAgB,KAAK,KAAA,KAAU,QAAA;AACrC,IAAA,IAAA,CAAK,KAAA,GAAQ,QAAA;AACb,IAAA,IAAA,CAAK,mBAAA,GAAsB,CAAA;AAC3B,IAAA,IAAA,CAAK,SAAS,EAAC;AACf,IAAA,IAAA,CAAK,QAAA,GAAW,IAAA;AAGhB,IAAA,IAAI,aAAA,EAAe;AACjB,MAAA,IAAI;AACF,QAAA,IAAA,CAAK,OAAA,IAAU;AAAA,MACjB,CAAA,CAAA,MAAQ;AAAA,MAER;AAAA,IACF;AAAA,EACF;AAAA;AAAA,EAGQ,qBAAA,GAA8B;AACpC,IAAA,IAAI,IAAA,CAAK,KAAA,KAAU,MAAA,IAAU,IAAA,CAAK,aAAa,IAAA,EAAM;AACrD,IAAA,MAAM,OAAA,GAAU,IAAA,CAAK,GAAA,EAAI,GAAI,IAAA,CAAK,QAAA;AAClC,IAAA,IAAI,OAAA,IAAW,KAAK,UAAA,EAAY;AAC9B,MAAA,IAAA,CAAK,KAAA,GAAQ,WAAA;AACb,MAAA,IAAA,CAAK,QAAA,GAAW,IAAA;AAAA,IAClB;AAAA,EACF;AAAA,EAEQ,aAAa,GAAA,EAAmB;AACtC,IAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,QAAA;AAC1B,IAAA,IAAA,CAAK,MAAA,GAAS,KAAK,MAAA,CAAO,MAAA,CAAO,CAAC,CAAA,KAAM,CAAA,CAAE,MAAM,MAAM,CAAA;AAAA,EACxD;AACF,CAAA;;;ACjQA,IAAM,uBAAA,GAAoC;AAAA;AAAA,EAExC,4NAAA;AAAA;AAAA,EAEA,iCAAA;AAAA,EACA,8CAAA;AAAA;AAAA,EAEA,iJAAA;AAAA;AAAA;AAAA,EAGA;AACF,CAAA;AAMO,SAAS,cAAc,GAAA,EAAqB;AACjD,EAAA,IAAI,MAAA,GAAS,GAAA;AACb,EAAA,KAAA,MAAW,WAAW,uBAAA,EAAyB;AAC7C,IAAA,MAAA,GAAS,MAAA,CAAO,OAAA,CAAQ,OAAA,EAAS,CAAC,KAAA,KAAU;AAG1C,MAAA,MAAM,EAAA,GAAK,KAAA,CAAM,OAAA,CAAQ,GAAG,CAAA;AAC5B,MAAA,MAAM,EAAA,GAAK,KAAA,CAAM,MAAA,CAAO,IAAI,CAAA;AAC5B,MAAA,MAAM,KAAA,GAAQ,OAAO,EAAA,GAAK,GAAA,GAAM,OAAO,EAAA,GAAK,KAAA,CAAM,EAAE,CAAA,GAAI,IAAA;AACxD,MAAA,IAAI,UAAU,IAAA,EAAM;AAClB,QAAA,MAAM,IAAA,GAAO,KAAA,CAAM,KAAA,CAAM,CAAA,EAAG,KAAA,CAAM,QAAQ,aAAA,CAAc,KAAK,CAAC,CAAA,GAAI,CAAC,CAAA;AACnE,QAAA,OAAO,GAAG,IAAI,CAAA,UAAA,CAAA;AAAA,MAChB;AAGA,MAAA,MAAM,UAAU,KAAA,CAAM,KAAA,CAAM,4BAA4B,CAAA,GAAI,CAAC,CAAA,IAAK,KAAA;AAClE,MAAA,OAAO,GAAG,OAAO,CAAA,aAAA,CAAA;AAAA,IACnB,CAAC,CAAA;AAAA,EACH;AACA,EAAA,OAAO,MAAA;AACT;AA0BA,IAAM,gBAAA,GAAmB,GAAA;AAelB,SAAS,cAAc,GAAA,EAAsB;AAClD,EAAA,IAAI;AACF,IAAA,KAAA,CAAM,UAAA,EAAY,CAAC,MAAA,EAAQ,MAAA,CAAO,GAAG,CAAA,EAAG,IAAA,EAAM,IAAI,CAAA,EAAG;AAAA,MACnD,KAAA,EAAO,QAAA;AAAA,MACP,WAAA,EAAa;AAAA,KACd,EAAE,KAAA,EAAM;AACT,IAAA,OAAO,IAAA;AAAA,EACT,CAAA,CAAA,MAAQ;AACN,IAAA,OAAO,KAAA;AAAA,EACT;AACF;AAEO,IAAM,sBAAN,MAA0B;AAAA,EACd,SAAA,uBAAgB,GAAA,EAA4B;AAAA,EAC5C,OAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQT,eAAA,GAAkB,CAAA;AAAA,EAClB,aAAA,GAAsD,IAAA;AAAA,EACtD,eAAA,GAAiC,IAAA;AAAA,EACjC,4BAAwD,EAAC;AAAA,EAEjE,YAAY,aAAA,EAAsC;AAChD,IAAA,IAAA,CAAK,OAAA,GAAU,IAAI,cAAA,CAAe,aAAa,CAAA;AAE/C,IAAA,IAAA,CAAK,OAAA,CAAQ,MAAA,GAAS,MAAM,IAAA,CAAK,iBAAA,EAAkB;AACnD,IAAA,IAAA,CAAK,OAAA,CAAQ,OAAA,GAAU,MAAM,IAAA,CAAK,oBAAA,EAAqB;AAEvD,IAAA,IAAA,CAAK,OAAA,CAAQ,WAAW,KAAK,CAAA;AAAA,EAC/B;AAAA,EAEA,SAAS,IAAA,EAAgG;AACvG,IAAA,IAAA,CAAK,SAAA,CAAU,GAAA,CAAI,IAAA,CAAK,GAAA,EAAK,EAAE,GAAG,IAAA,EAAM,MAAA,EAAQ,KAAA,EAAO,SAAA,EAAW,IAAA,CAAK,SAAA,IAAa,OAAO,CAAA;AAAA,EAC7F;AAAA;AAAA,EAGA,WAAW,GAAA,EAAmB;AAC5B,IAAA,IAAA,CAAK,SAAA,CAAU,OAAO,GAAG,CAAA;AAAA,EAC3B;AAAA;AAAA,EAGA,IAAI,GAAA,EAAyC;AAC3C,IAAA,OAAO,IAAA,CAAK,SAAA,CAAU,GAAA,CAAI,GAAG,CAAA;AAAA,EAC/B;AAAA;AAAA,EAGA,IAAA,GAAyB;AACvB,IAAA,OAAO,KAAA,CAAM,IAAA,CAAK,IAAA,CAAK,SAAA,CAAU,QAAQ,CAAA;AAAA,EAC3C;AAAA;AAAA,EAGA,OAAO,IAAA,EAAgC;AACrC,IAAA,OAAO,IAAA,CAAK,MAAK,CAAE,MAAA,CAAO,CAAC,CAAA,KAAM,CAAA,CAAE,SAAS,IAAI,CAAA;AAAA,EAClD;AAAA;AAAA,EAGA,UAAU,SAAA,EAAqC;AAC7C,IAAA,OAAO,IAAA,CAAK,MAAK,CAAE,MAAA,CAAO,CAAC,CAAA,KAAM,CAAA,CAAE,cAAc,SAAS,CAAA;AAAA,EAC5D;AAAA;AAAA,EAGA,IAAI,WAAA,GAAsB;AACxB,IAAA,IAAI,CAAA,GAAI,CAAA;AACR,IAAA,KAAA,MAAW,CAAA,IAAK,IAAA,CAAK,SAAA,CAAU,MAAA,EAAO,EAAG;AACvC,MAAA,IAAI,CAAC,EAAE,MAAA,EAAQ,CAAA,EAAA;AAAA,IACjB;AACA,IAAA,OAAO,CAAA;AAAA,EACT;AAAA;AAAA;AAAA;AAAA,EAKA,KAAA,GAAuB;AACrB,IAAA,OAAO;AAAA,MACL,aAAa,IAAA,CAAK,WAAA;AAAA,MAClB,UAAA,EAAY,KAAK,SAAA,CAAU,IAAA;AAAA,MAC3B,OAAA,EAAS,IAAA,CAAK,OAAA,CAAQ,QAAA;AAAS,KACjC;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,IAAI,UAAA,GAAsB;AACxB,IAAA,OAAO,KAAK,OAAA,CAAQ,UAAA;AAAA,EACtB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,UAAA,CAAW,SAAS,KAAA,EAAgB;AAClC,IAAA,OAAO,IAAA,CAAK,OAAA,CAAQ,UAAA,CAAW,MAAM,CAAA;AAAA,EACvC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,SAAA,CAAU,UAAA,EAAoB,MAAA,EAAiB,MAAA,GAAS,KAAA,EAAa;AACnE,IAAA,IAAA,CAAK,OAAA,CAAQ,SAAA,CAAU,UAAA,EAAY,MAAA,EAAQ,MAAM,CAAA;AAAA,EACnD;AAAA;AAAA,EAGA,gBAAA,GAAyB;AACvB,IAAA,IAAA,CAAK,QAAQ,SAAA,EAAU;AAAA,EACzB;AAAA;AAAA,EAGA,iBAAA,GAA0B;AACxB,IAAA,IAAA,CAAK,QAAQ,UAAA,EAAW;AAAA,EAC1B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAcA,iBAAiB,GAAA,EAAoF;AACnG,IAAA,IAAI,IAAI,OAAA,KAAY,MAAA,OAAgB,OAAA,CAAQ,UAAA,CAAW,IAAI,OAAO,CAAA;AAClE,IAAA,IAAI,GAAA,CAAI,oBAAoB,MAAA,EAAW,IAAA,CAAK,kBAAkB,IAAA,CAAK,GAAA,CAAI,CAAA,EAAG,GAAA,CAAI,eAAe,CAAA;AAE7F,IAAA,IAAI,IAAA,CAAK,mBAAmB,CAAA,EAAG;AAC7B,MAAA,IAAA,CAAK,oBAAA,EAAqB;AAC1B,MAAA;AAAA,IACF;AAIA,IAAA,IAAI,IAAA,CAAK,QAAQ,SAAA,IAAa,IAAA,CAAK,QAAQ,QAAA,EAAS,CAAE,UAAU,MAAA,EAAQ;AACtE,MAAA,IAAA,CAAK,iBAAA,EAAkB;AAAA,IACzB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,mBAAA,GAA+C;AAC7C,IAAA,IAAI,KAAK,eAAA,KAAoB,IAAA,IAAQ,IAAA,CAAK,eAAA,IAAmB,GAAG,OAAO,IAAA;AACvE,IAAA,MAAM,OAAA,GAAU,IAAA,CAAK,GAAA,EAAI,GAAI,IAAA,CAAK,eAAA;AAClC,IAAA,OAAO,EAAE,WAAA,EAAa,IAAA,CAAK,GAAA,CAAI,CAAA,EAAG,IAAA,CAAK,eAAA,GAAkB,OAAO,CAAA,EAAG,OAAA,EAAS,IAAA,CAAK,eAAA,EAAgB;AAAA,EACnG;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,yBAAyB,QAAA,EAAgD;AACvE,IAAA,IAAA,CAAK,yBAAA,CAA0B,KAAK,QAAQ,CAAA;AAC5C,IAAA,OAAO,MAAM;AACX,MAAA,IAAA,CAAK,4BAA4B,IAAA,CAAK,yBAAA,CAA0B,OAAO,CAAC,CAAA,KAAM,MAAM,QAAQ,CAAA;AAAA,IAC9F,CAAA;AAAA,EACF;AAAA,EAEQ,qBAAA,GAA8B;AACpC,IAAA,MAAM,IAAA,GAAO,KAAK,mBAAA,EAAoB;AACtC,IAAA,KAAA,MAAW,CAAA,IAAK,KAAK,yBAAA,EAA2B;AAC9C,MAAA,IAAI;AACF,QAAA,CAAA,CAAE,IAAI,CAAA;AAAA,MACR,CAAA,CAAA,MAAQ;AAAA,MAER;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOQ,iBAAA,GAA0B;AAChC,IAAA,IAAI,KAAK,eAAA,IAAmB,CAAA,IAAK,CAAC,IAAA,CAAK,QAAQ,SAAA,EAAW;AAC1D,IAAA,IAAA,CAAK,mBAAA,EAAoB;AACzB,IAAA,IAAA,CAAK,eAAA,GAAkB,KAAK,GAAA,EAAI;AAChC,IAAA,IAAA,CAAK,aAAA,GAAgB,WAAW,MAAM;AACpC,MAAA,IAAA,CAAK,aAAA,GAAgB,IAAA;AACrB,MAAA,IAAA,CAAK,eAAA,GAAkB,IAAA;AAEvB,MAAA,IAAA,CAAK,OAAA,CAAQ,EAAE,KAAA,EAAO,KAAA,EAAO,CAAA;AAC7B,MAAA,IAAA,CAAK,QAAQ,UAAA,EAAW;AACxB,MAAA,IAAA,CAAK,qBAAA,EAAsB;AAAA,IAC7B,CAAA,EAAG,KAAK,eAAe,CAAA;AAEvB,IAAA,IAAA,CAAK,cAAc,KAAA,IAAQ;AAC3B,IAAA,IAAA,CAAK,qBAAA,EAAsB;AAAA,EAC7B;AAAA,EAEQ,oBAAA,GAA6B;AACnC,IAAA,MAAM,QAAA,GAAW,KAAK,eAAA,KAAoB,IAAA;AAC1C,IAAA,IAAA,CAAK,mBAAA,EAAoB;AACzB,IAAA,IAAI,QAAA,EAAU;AACZ,MAAA,IAAA,CAAK,eAAA,GAAkB,IAAA;AACvB,MAAA,IAAA,CAAK,qBAAA,EAAsB;AAAA,IAC7B;AAAA,EACF;AAAA,EAEQ,mBAAA,GAA4B;AAClC,IAAA,IAAI,IAAA,CAAK,kBAAkB,IAAA,EAAM;AAC/B,MAAA,YAAA,CAAa,KAAK,aAAa,CAAA;AAC/B,MAAA,IAAA,CAAK,aAAA,GAAgB,IAAA;AAAA,IACvB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAeA,IAAA,CAAK,GAAA,EAAa,IAAA,GAAiB,EAAC,EAAY;AAC9C,IAAA,MAAM,CAAA,GAAI,IAAA,CAAK,SAAA,CAAU,GAAA,CAAI,GAAG,CAAA;AAChC,IAAA,IAAI,CAAC,GAAG,OAAO,KAAA;AACf,IAAA,IAAI,CAAA,CAAE,QAAQ,OAAO,IAAA;AACrB,IAAA,IAAI,CAAA,CAAE,WAAW,OAAO,KAAA;AAExB,IAAA,MAAM,EAAE,KAAA,GAAQ,KAAA,EAAO,OAAA,GAAU,kBAAiB,GAAI,IAAA;AACtD,IAAA,MAAM,KAAA,GAAW,aAAS,KAAM,OAAA;AAEhC,IAAA,IAAI,KAAA,EAAO;AAWT,MAAA,MAAM,aAAA,GAAgB,EAAE,KAAA,CAAM,QAAA,KAAa,QAAQ,OAAO,CAAA,CAAE,MAAM,GAAA,KAAQ,QAAA;AAC1E,MAAA,IAAI,aAAA,IAAiB,aAAA,CAAc,GAAG,CAAA,EAAG;AACvC,QAAA,MAAM,QAAA,GAAW,WAAW,MAAM;AAChC,UAAA,IAAI,CAAA,CAAE,KAAA,CAAM,QAAA,KAAa,IAAA,EAAM;AAC7B,YAAA,IAAI;AACF,cAAA,CAAA,CAAE,KAAA,CAAM,KAAK,SAAS,CAAA;AAAA,YACxB,CAAA,CAAA,MAAQ;AAAA,YAER;AAAA,UACF;AAAA,QACF,GAAG,OAAO,CAAA;AACV,QAAA,QAAA,CAAS,KAAA,IAAQ;AAAA,MACnB,CAAA,MAAO;AACL,QAAA,IAAI;AACF,UAAA,CAAA,CAAE,KAAA,CAAM,IAAA,CAAK,KAAA,GAAQ,SAAA,GAAY,SAAS,CAAA;AAAA,QAC5C,CAAA,CAAA,MAAQ;AAAA,QAER;AAAA,MACF;AACA,MAAA,CAAA,CAAE,MAAA,GAAS,IAAA;AACX,MAAA,OAAO,IAAA;AAAA,IACT;AAGA,IAAA,IAAI;AACF,MAAA,IAAI,KAAA,EAAO;AACT,QAAA,IAAI;AACF,UAAA,OAAA,CAAQ,IAAA,CAAK,CAAC,GAAA,EAAK,SAAS,CAAA;AAAA,QAC9B,CAAA,CAAA,MAAQ;AACN,UAAA,CAAA,CAAE,KAAA,CAAM,KAAK,SAAS,CAAA;AAAA,QACxB;AAAA,MACF,CAAA,MAAO;AACL,QAAA,IAAI;AACF,UAAA,OAAA,CAAQ,IAAA,CAAK,CAAC,GAAA,EAAK,SAAS,CAAA;AAAA,QAC9B,CAAA,CAAA,MAAQ;AACN,UAAA,CAAA,CAAE,KAAA,CAAM,KAAK,SAAS,CAAA;AAAA,QACxB;AAEA,QAAA,MAAM,KAAA,GAAQ,WAAW,MAAM;AAE7B,UAAA,IAAI,IAAA,CAAK,UAAU,GAAA,CAAI,GAAG,KAAK,CAAC,CAAA,CAAE,MAAM,MAAA,EAAQ;AAC9C,YAAA,IAAI;AACF,cAAA,OAAA,CAAQ,IAAA,CAAK,CAAC,GAAA,EAAK,SAAS,CAAA;AAAA,YAC9B,CAAA,CAAA,MAAQ;AACN,cAAA,IAAI;AACF,gBAAA,CAAA,CAAE,KAAA,CAAM,KAAK,SAAS,CAAA;AAAA,cACxB,CAAA,CAAA,MAAQ;AAAA,cAER;AAAA,YACF;AAAA,UACF;AAAA,QACF,GAAG,OAAO,CAAA;AACV,QAAA,KAAA,CAAM,KAAA,IAAQ;AAAA,MAChB;AAAA,IACF,CAAA,CAAA,MAAQ;AAAA,IAER;AACA,IAAA,CAAA,CAAE,MAAA,GAAS,IAAA;AACX,IAAA,OAAO,IAAA;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OAAA,CAAQ,IAAA,GAAiB,EAAC,EAAa;AACrC,IAAA,MAAM,OAAO,KAAA,CAAM,IAAA,CAAK,IAAA,CAAK,SAAA,CAAU,MAAM,CAAA;AAC7C,IAAA,MAAM,SAAmB,EAAC;AAC1B,IAAA,KAAA,MAAW,OAAO,IAAA,EAAM;AACtB,MAAA,MAAM,CAAA,GAAI,IAAA,CAAK,SAAA,CAAU,GAAA,CAAI,GAAG,CAAA;AAChC,MAAA,IAAI,CAAA,IAAK,CAAC,CAAA,CAAE,SAAA,IAAa,IAAA,CAAK,IAAA,CAAK,GAAA,EAAK,IAAI,CAAA,EAAG,MAAA,CAAO,IAAA,CAAK,GAAG,CAAA;AAAA,IAChE;AACA,IAAA,OAAO,MAAA;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,WAAA,CAAY,SAAA,EAAmB,IAAA,GAAiB,EAAC,EAAa;AAC5D,IAAA,MAAM,IAAA,GAAO,KAAK,SAAA,CAAU,SAAS,EAAE,GAAA,CAAI,CAAC,CAAA,KAAM,CAAA,CAAE,GAAG,CAAA;AACvD,IAAA,MAAM,SAAmB,EAAC;AAC1B,IAAA,KAAA,MAAW,OAAO,IAAA,EAAM;AACtB,MAAA,IAAI,KAAK,IAAA,CAAK,GAAA,EAAK,IAAI,CAAA,EAAG,MAAA,CAAO,KAAK,GAAG,CAAA;AAAA,IAC3C;AACA,IAAA,OAAO,MAAA;AAAA,EACT;AACF;AAGA,IAAI,SAAA;AAEG,SAAS,kBAAA,GAA0C;AACxD,EAAA,IAAI,CAAC,SAAA,EAAW;AACd,IAAA,SAAA,GAAY,IAAI,mBAAA,EAAoB;AAAA,EACtC;AACA,EAAA,OAAO,SAAA;AACT;AAGO,SAAS,qBAAA,GAA8B;AAC5C,EAAA,SAAA,GAAY,MAAA;AACd","file":"process-registry.js","sourcesContent":["/**\n * CircuitBreaker — prevents runaway bash/exec tool chains by:\n *\n *   - Tripping on consecutive failures (models that keep repeating the\n *     same failing command, e.g. `npm install` with wrong args in a loop)\n *   - Tripping on slow call ratio (too many long-running commands suggest\n *     a hung subprocess that the model doesn't know how to kill)\n *   - Rate-limiting bursts (rapid succession of commands without reading\n *     output suggests the model isn't processing results)\n *   - Auto-recovering after a cooldown period so a fixed model can resume\n *\n * The breaker is owned by the ProcessRegistry so any tool that registers\n * a process participates in the same circuit. \"Per-tool\" isolation is\n * intentionally NOT implemented — the model treats bash/exec as one\n * resource pool; isolating them would let the model route around the\n * breaker by alternating which tool it uses.\n */\n\nexport interface CircuitBreakerConfig {\n  /**\n   * Consecutive failures before trip. Default: 5.\n   * A single success resets this counter to 0.\n   */\n  maxConsecutiveFailures?: number | undefined;\n  /**\n   * Slow-call threshold in ms. A call that runs longer than this is\n   * counted as \"slow\". Default: 60_000 (1 minute).\n   */\n  slowCallThresholdMs?: number | undefined;\n  /**\n   * Max slow calls before trip (within the sliding window). Default: 3.\n   */\n  maxSlowCalls?: number | undefined;\n  /**\n   * Sliding window for rate-limit and slow-call counting, in ms.\n   * Default: 60_000 (1 minute).\n   */\n  windowMs?: number | undefined;\n  /**\n   * Max calls within the sliding window. Default: 30.\n   * Burst exceeding this trips the breaker immediately.\n   */\n  maxCallsPerWindow?: number | undefined;\n  /**\n   * Cooldown before auto-recovery attempt, in ms. Default: 30_000 (30s).\n   * After this the breaker enters \"half-open\" state and allows one call\n   * through to test whether the problem is resolved.\n   */\n  cooldownMs?: number | undefined;\n}\n\ninterface CallRecord {\n  at: number;\n  /** True if the call threw or returned an is_error result. */\n  failed: boolean;\n  /** True if elapsed time exceeded slowCallThresholdMs. */\n  slow: boolean;\n}\n\ntype BreakerState = 'closed' | 'open' | 'half-open';\n\nconst DEFAULT_MAX_CONSECUTIVE_FAILURES = 5;\nconst DEFAULT_SLOW_CALL_THRESHOLD_MS = 180_000;\n// 3 minutes — balanced against the 5-minute bash timeout. Commands\n// running <3min are normal; 3-5min are \"slow\" and count toward the\n// breaker. 3 consecutive slow calls trip the circuit.\nconst DEFAULT_MAX_SLOW_CALLS = 3;\nconst DEFAULT_WINDOW_MS = 60_000;\nconst DEFAULT_MAX_CALLS_PER_WINDOW = 30;\nconst DEFAULT_COOLDOWN_MS = 30_000;\n\nexport interface CircuitBreakerSnapshot {\n  state: 'closed' | 'open' | 'half-open';\n  consecutiveFailures: number;\n  slowCallsInWindow: number;\n  callsInWindow: number;\n  windowMs: number;\n  cooldownRemainingMs: number | null;\n  lastFailureAt: number | null;\n  lastSlowAt: number | null;\n}\n\nexport class CircuitBreaker {\n  private readonly maxConsecutiveFailures: number;\n  private readonly slowCallThresholdMs: number;\n  private readonly maxSlowCalls: number;\n  private readonly windowMs: number;\n  private readonly maxCallsPerWindow: number;\n  private readonly cooldownMs: number;\n\n  private state: BreakerState = 'closed';\n  private consecutiveFailures = 0;\n  private window: CallRecord[] = [];\n  private lastFailureAt: number | null = null;\n  private lastSlowAt: number | null = null;\n  /** Timestamp when the breaker was opened (for cooldown calculation). */\n  private openedAt: number | null = null;\n\n  /**\n   * Master enable flag. When false the breaker is bypassed: `beforeCall`\n   * always returns true and `afterCall` records nothing. The class itself\n   * defaults to enabled (so the standalone unit tests exercise tripping); the\n   * ProcessRegistry flips this off until the user opts in via `/settings`.\n   */\n  private enabled = true;\n\n  /**\n   * Fired (best-effort) when the breaker transitions into the `open` state.\n   * The registry uses this to arm its auto kill/reset countdown.\n   */\n  onTrip?: (() => void) | undefined;\n  /**\n   * Fired (best-effort) when the breaker returns to `closed` after having been\n   * open/half-open. The registry uses this to cancel a pending kill/reset.\n   */\n  onReset?: (() => void) | undefined;\n\n  constructor(config: CircuitBreakerConfig = {}) {\n    this.maxConsecutiveFailures = config.maxConsecutiveFailures ?? DEFAULT_MAX_CONSECUTIVE_FAILURES;\n    this.slowCallThresholdMs = config.slowCallThresholdMs ?? DEFAULT_SLOW_CALL_THRESHOLD_MS;\n    this.maxSlowCalls = config.maxSlowCalls ?? DEFAULT_MAX_SLOW_CALLS;\n    this.windowMs = config.windowMs ?? DEFAULT_WINDOW_MS;\n    this.maxCallsPerWindow = config.maxCallsPerWindow ?? DEFAULT_MAX_CALLS_PER_WINDOW;\n    this.cooldownMs = config.cooldownMs ?? DEFAULT_COOLDOWN_MS;\n  }\n\n  /** Toggle the master enable. Disabling resets to a clean `closed` state. */\n  setEnabled(enabled: boolean): void {\n    if (this.enabled === enabled) return;\n    this.enabled = enabled;\n    if (!enabled) this._reset();\n  }\n\n  get isEnabled(): boolean {\n    return this.enabled;\n  }\n\n  /**\n   * Returns true if the circuit allows a new call to proceed.\n   * When false, callers should abort the tool call and return a\n   * circuit-breaker error instead of spawning a process.\n   */\n  get canProceed(): boolean {\n    if (!this.enabled) return true;\n    this._checkStateTransition();\n    return this.state !== 'open';\n  }\n\n  /**\n   * Snapshot of the current breaker state for observability (`/kill`).\n   */\n  snapshot(): CircuitBreakerSnapshot {\n    this._checkStateTransition();\n    const now = Date.now();\n    let cooldownRemaining: number | null = null;\n    if (this.openedAt !== null && this.state === 'open') {\n      const elapsed = now - this.openedAt;\n      cooldownRemaining = Math.max(0, this.cooldownMs - elapsed);\n    }\n    return {\n      state: this.state,\n      consecutiveFailures: this.consecutiveFailures,\n      slowCallsInWindow: this.window.filter((c) => c.slow).length,\n      callsInWindow: this.window.length,\n      windowMs: this.windowMs,\n      cooldownRemainingMs: cooldownRemaining,\n      lastFailureAt: this.lastFailureAt,\n      lastSlowAt: this.lastSlowAt,\n    };\n  }\n\n  /**\n   * Call this BEFORE spawning a bash/exec process.\n   * Returns true if the call is allowed; false if the breaker is open.\n   * When false, callers MUST NOT spawn a process.\n   *\n   * @param bypass - If true, skip the circuit breaker check entirely.\n   *                  Use for background/fire-and-forget processes that should\n   *                  not affect breaker state.\n   */\n  beforeCall(bypass = false): boolean {\n    if (bypass || !this.enabled) return true;\n    this._checkStateTransition();\n    if (this.state === 'open') return false;\n    return true;\n  }\n\n  /**\n   * Call this AFTER a bash/exec process finishes (success or failure).\n   * `durationMs` is the wall-clock time the process ran.\n   * `failed` is true when the process returned a non-zero exit code or\n   * threw an exception before spawning.\n   *\n   * @param bypass - If true, do not update breaker state.\n   *                  Use for background/fire-and-forget processes.\n   */\n  afterCall(durationMs: number, failed: boolean, bypass = false): void {\n    if (bypass || !this.enabled) return;\n\n    const now = Date.now();\n\n    if (this.state === 'half-open') {\n      // First call through after cooldown — if it failed, go back to open.\n      if (failed) {\n        this._trip();\n        return;\n      }\n      // Success in half-open → reset to closed.\n      this._reset();\n      return;\n    }\n\n    // Prune old records outside the sliding window.\n    this._pruneWindow(now);\n\n    const slow = durationMs >= this.slowCallThresholdMs;\n    this.window.push({ at: now, failed, slow });\n\n    if (failed) {\n      this.consecutiveFailures++;\n      this.lastFailureAt = now;\n      if (this.consecutiveFailures >= this.maxConsecutiveFailures) {\n        this._trip();\n      }\n      return;\n    }\n\n    // Success: reset consecutive failure counter.\n    this.consecutiveFailures = 0;\n\n    if (slow) {\n      this.lastSlowAt = now;\n      const slowCount = this.window.filter((c) => c.slow).length;\n      if (slowCount >= this.maxSlowCalls) {\n        this._trip();\n      }\n    }\n\n    const callCount = this.window.length;\n    if (callCount >= this.maxCallsPerWindow) {\n      // Rate limit exceeded. This is a soft trip — we reset the window\n      // and let the next call try immediately (the caller will still see\n      // canProceed=false until the window drains naturally).\n      this._trip();\n    }\n  }\n\n  /** Force the breaker open. Used by /kill force and Ctrl+C. */\n  forceOpen(): void {\n    this._trip();\n  }\n\n  /** Force a reset to closed. Used by tests and /kill reset. */\n  forceReset(): void {\n    this._reset();\n  }\n\n  private _trip(): void {\n    if (this.state === 'open') return; // already open\n    this.state = 'open';\n    this.openedAt = Date.now();\n    // Best-effort: never let a listener failure corrupt breaker state.\n    try {\n      this.onTrip?.();\n    } catch {\n      /* ignored — observability hook only */\n    }\n  }\n\n  private _reset(): void {\n    const wasRecovering = this.state !== 'closed';\n    this.state = 'closed';\n    this.consecutiveFailures = 0;\n    this.window = [];\n    this.openedAt = null;\n    // Only notify on a real recovery (open/half-open → closed), not on the\n    // initial closed state or an idempotent re-reset.\n    if (wasRecovering) {\n      try {\n        this.onReset?.();\n      } catch {\n        /* ignored — observability hook only */\n      }\n    }\n  }\n\n  /** Transition from open → half-open when cooldown elapses. */\n  private _checkStateTransition(): void {\n    if (this.state !== 'open' || this.openedAt === null) return;\n    const elapsed = Date.now() - this.openedAt;\n    if (elapsed >= this.cooldownMs) {\n      this.state = 'half-open';\n      this.openedAt = null;\n    }\n  }\n\n  private _pruneWindow(now: number): void {\n    const cutoff = now - this.windowMs;\n    this.window = this.window.filter((c) => c.at >= cutoff);\n  }\n}","import { expectDefined } from '@wrongstack/core';\n/**\n * ProcessRegistry — global singleton that tracks all spawned child processes\n * from `bash` and `exec` tools. Enables:\n *\n *   - Listing active processes (for TUI status bar)\n *   - Killing individual processes or all processes (for Ctrl+C and /kill)\n *   - Detecting runaway processes (hung, looping)\n *   - Circuit breaker integration to prevent recursive/repeated failures\n *\n * Thread-safety: Node.js is single-threaded, but async callbacks can fire\n * in any order. All mutations go through synchronized Map methods.\n */\nimport { spawn } from 'node:child_process';\nimport type { ChildProcess } from 'node:child_process';\nimport * as os from 'node:os';\nimport { CircuitBreaker, type CircuitBreakerSnapshot, type CircuitBreakerConfig } from './circuit-breaker.js';\nexport type { CircuitBreakerSnapshot, CircuitBreakerConfig } from './circuit-breaker.js';\n\nexport interface TrackedProcess {\n  pid: number;\n  name: string;\n  /** Display-safe redacted command string — safe for logs, /ps, crash dumps.\n   *  Contains [REDACTED] in place of sensitive flag values. */\n  command: string;\n  startedAt: number;\n  sessionId?: string | undefined;\n  /** The raw ChildProcess handle. Never call .kill() directly on this —\n   *  use `kill()` below which handles process groups correctly on POSIX\n   *  and degrades gracefully on Windows. */\n  child: ChildProcess;\n  /** True once the process has been kill()ed but not yet exited.\n   *  We keep it in the registry until 'close' fires so callers can\n   *  distinguish \"still running\" from \"just exited\". */\n  killed: boolean;\n  /** If true, kill() and killAll() will refuse to kill this process.\n   *  Used for infrastructure processes (browser, dev servers, …) that\n   *  must outlive the agent session. */\n  protected: boolean;\n}\n\n// Sensitive CLI flag patterns that may appear in process command lines.\n// Redacted to [REDACTED] so crash dumps /ps output cannot leak secrets.\nconst SENSITIVE_FLAG_PATTERNS: RegExp[] = [\n  // --flag=value  or  --flag \"value\"  (value captured up to next space or comma)\n  /--(?:token|password|passwd|pwd|secret|api[-_]?key|api[-_]?secret|auth|credential|private[-_]?key|access[-_]?key|github[-_]?token|gh[-_]?token|bearer|jwt|oauth|pin|pincode|passphrase|access[-_]?token)(?:[=\\s,][^\\s]*)?/gi,\n  // -f \"value\" style short flags\n  /(?<!\\w)-t(?:\\s+|\\s*=\\s*)[^\\s,]+/,\n  /(?<!\\w)-p(?:ssword)?(?:\\s+|\\s*=\\s*)[^\\s,]+/gi,\n  // env var–style secrets: TOKEN=x, API_KEY=y, etc.\n  /(?:TOKEN|API_KEY|API_SECRET|AUTH_TOKEN|GITHUB_TOKEN|GH_TOKEN|BEARER|JWT|OAUTH|CREDENTIAL|SECRET|PRIVATE_KEY|PASSWORD|PASSWD)\\s*[=:]\\s*[^\\s,]+/gi,\n  // Generic high-entropy look: base64 strings >32 chars or hex strings >32 digits — but only\n  // when preceded by a flag name (e.g. --github-token=EyJ...).\n  /--\\w*(?:token|key|secret|password|passwd|auth|credential)\\w*[=\\s,][A-Za-z0-9+/=]{32,}/,\n];\n\n/**\n * Returns a display-safe copy of `cmd` with sensitive flag values replaced by [REDACTED].\n * The original string is unchanged; this is pure and has no side effects.\n */\nexport function redactCommand(cmd: string): string {\n  let result = cmd;\n  for (const pattern of SENSITIVE_FLAG_PATTERNS) {\n    result = result.replace(pattern, (match) => {\n      // Preserve the flag name portion; redact only the value part.\n      // e.g. \"--token=sekrit_abc\"  →  \"--token=[REDACTED]\"\n      const eq = match.indexOf('=');\n      const sp = match.search(/\\s/);\n      const delim = eq !== -1 ? '=' : sp !== -1 ? match[sp] : null;\n      if (delim !== null) {\n        const flag = match.slice(0, match.indexOf(expectDefined(delim)) + 1);\n        return `${flag}[REDACTED]`;\n      }\n      // Nothing delimitable found; replace the whole token silently.\n      // Short flags like -tVALUE are replaced entirely to avoid edge cases.\n      const flagEnd = match.match(/^--?[a-zA-Z][a-zA-Z0-9_-]*/)?.[0] ?? match;\n      return `${flagEnd}=**redacted**`;\n    });\n  }\n  return result;\n}\n\ninterface KillOpts {\n  /** SIGKILL instead of SIGTERM. Default: false (SIGTERM first). */\n  force?: boolean | undefined;\n  /** MS to wait between SIGTERM and SIGKILL on POSIX. Default: 2000. */\n  graceMs?: number | undefined;\n}\n\n/**\n * Snapshot of the armed auto kill/reset countdown, or null when nothing is\n * armed. `remainingMs` ticks down in real time; the TUI statusline renders it.\n */\nexport interface BreakerCountdown {\n  remainingMs: number;\n  totalMs: number;\n}\n\ntype BreakerCountdownListener = (snapshot: BreakerCountdown | null) => void;\n\nexport interface RegistryStats {\n  activeCount: number;\n  totalCount: number;\n  breaker: CircuitBreakerSnapshot;\n}\n\nconst DEFAULT_GRACE_MS = 2000;\n\n/**\n * Kill an entire process tree on Windows via `taskkill /T /F`.\n *\n * TerminateProcess (what `child.kill()` maps to) has no process-group\n * semantics, so killing a shell wrapper (`cmd.exe /c …`) orphans its\n * grandchildren (node, vitest forks, dev servers). The orphans inherit the\n * parent's stdio pipe handles and can keep streaming into this process for\n * the rest of the session — which both prevents the child's 'close' event\n * from ever firing and grows in-memory output buffers without bound.\n *\n * Fire-and-forget: returns true if taskkill was spawned, false if spawning\n * it failed (caller should fall back to a direct `child.kill()`).\n */\nexport function killWin32Tree(pid: number): boolean {\n  try {\n    spawn('taskkill', ['/pid', String(pid), '/T', '/F'], {\n      stdio: 'ignore',\n      windowsHide: true,\n    }).unref();\n    return true;\n  } catch {\n    return false;\n  }\n}\n\nexport class ProcessRegistryImpl {\n  private readonly processes = new Map<number, TrackedProcess>();\n  private readonly breaker: CircuitBreaker;\n\n  /**\n   * Auto kill/reset config. When the breaker trips and `autoKillResetMs > 0`,\n   * a countdown is armed; on expiry all tracked processes are killed and the\n   * breaker is reset to closed (forced recovery). Zero means manual recovery\n   * only (`/kill reset`).\n   */\n  private autoKillResetMs = 0;\n  private autoKillTimer: ReturnType<typeof setTimeout> | null = null;\n  private autoKillArmedAt: number | null = null;\n  private breakerCountdownListeners: BreakerCountdownListener[] = [];\n\n  constructor(breakerConfig?: CircuitBreakerConfig) {\n    this.breaker = new CircuitBreaker(breakerConfig);\n    // Arm on trip, cancel on recovery. Listeners are best-effort.\n    this.breaker.onTrip = () => this._armAutoKillReset();\n    this.breaker.onReset = () => this._cancelAutoKillReset();\n    // Protection is OFF by default — the user opts in via `/settings breaker on`.\n    this.breaker.setEnabled(false);\n  }\n\n  register(info: Omit<TrackedProcess, 'killed' | 'protected'> & { protected?: boolean | undefined }): void {\n    this.processes.set(info.pid, { ...info, killed: false, protected: info.protected ?? false });\n  }\n\n  /** Unregister a process by PID. Called on 'close' / 'exit' events. */\n  unregister(pid: number): void {\n    this.processes.delete(pid);\n  }\n\n  /** Get a single process by PID. */\n  get(pid: number): TrackedProcess | undefined {\n    return this.processes.get(pid);\n  }\n\n  /** Get all tracked processes. */\n  list(): TrackedProcess[] {\n    return Array.from(this.processes.values());\n  }\n\n  /** Get processes filtered by name (e.g. 'bash', 'exec'). */\n  byName(name: string): TrackedProcess[] {\n    return this.list().filter((p) => p.name === name);\n  }\n\n  /** Get processes filtered by session. */\n  bySession(sessionId: string): TrackedProcess[] {\n    return this.list().filter((p) => p.sessionId === sessionId);\n  }\n\n  /** Count of active (non-killed) processes. */\n  get activeCount(): number {\n    let n = 0;\n    for (const p of this.processes.values()) {\n      if (!p.killed) n++;\n    }\n    return n;\n  }\n\n  /**\n   * Combined stats for observability — used by /ps and the TUI status bar.\n   */\n  stats(): RegistryStats {\n    return {\n      activeCount: this.activeCount,\n      totalCount: this.processes.size,\n      breaker: this.breaker.snapshot(),\n    };\n  }\n\n  /**\n   * Returns true if the circuit allows a new bash/exec call to proceed.\n   * When false, callers MUST NOT spawn a process.\n   */\n  get canProceed(): boolean {\n    return this.breaker.canProceed;\n  }\n\n  /**\n   * Called before spawning a process. Returns true if allowed; false if\n   * the circuit breaker is open.\n   *\n   * @param bypass - If true, skip circuit breaker check (for background processes).\n   */\n  beforeCall(bypass = false): boolean {\n    return this.breaker.beforeCall(bypass);\n  }\n\n  /**\n   * Called after a process finishes. `durationMs` is wall-clock time;\n   * `failed` is true for non-zero exit codes.\n   *\n   * @param bypass - If true, do not update circuit breaker state (for background processes).\n   */\n  afterCall(durationMs: number, failed: boolean, bypass = false): void {\n    this.breaker.afterCall(durationMs, failed, bypass);\n  }\n\n  /** Force-open the circuit breaker (Ctrl+C, /kill force). */\n  forceBreakerOpen(): void {\n    this.breaker.forceOpen();\n  }\n\n  /** Force-reset the circuit breaker to closed (/kill reset). */\n  forceBreakerReset(): void {\n    this.breaker.forceReset();\n  }\n\n  /**\n   * Configure circuit-breaker protection at runtime. Called from `/settings`\n   * (instant, all modes) and on TUI mount (applies persisted config).\n   *\n   * - `enabled` toggles whether the breaker gates `bash`/`exec`.\n   * - `autoKillResetMs` arms the auto kill/reset countdown when the breaker\n   *   trips (0 = manual recovery only).\n   *\n   * Re-applies cleanly on every call: cancels a pending countdown when the\n   * timeout is cleared or protection disabled, and re-arms if the breaker is\n   * currently open under the new settings.\n   */\n  setBreakerConfig(cfg: { enabled?: boolean | undefined; autoKillResetMs?: number | undefined }): void {\n    if (cfg.enabled !== undefined) this.breaker.setEnabled(cfg.enabled);\n    if (cfg.autoKillResetMs !== undefined) this.autoKillResetMs = Math.max(0, cfg.autoKillResetMs);\n\n    if (this.autoKillResetMs <= 0) {\n      this._cancelAutoKillReset();\n      return;\n    }\n    // If protection is active and the breaker is currently tripped, ensure a\n    // countdown is armed for the new window (covers a live config change while\n    // the breaker is already open).\n    if (this.breaker.isEnabled && this.breaker.snapshot().state === 'open') {\n      this._armAutoKillReset();\n    }\n  }\n\n  /**\n   * Live countdown to the next auto kill/reset, or null when nothing is armed.\n   * The TUI polls this on a 1s tick while armed so the statusline decrements.\n   */\n  getBreakerCountdown(): BreakerCountdown | null {\n    if (this.autoKillArmedAt === null || this.autoKillResetMs <= 0) return null;\n    const elapsed = Date.now() - this.autoKillArmedAt;\n    return { remainingMs: Math.max(0, this.autoKillResetMs - elapsed), totalMs: this.autoKillResetMs };\n  }\n\n  /**\n   * Subscribe to countdown arm/cancel events. Returns an unsubscribe function.\n   * Use {@link getBreakerCountdown} for the live ticking value between events.\n   */\n  onBreakerCountdownChange(listener: BreakerCountdownListener): () => void {\n    this.breakerCountdownListeners.push(listener);\n    return () => {\n      this.breakerCountdownListeners = this.breakerCountdownListeners.filter((l) => l !== listener);\n    };\n  }\n\n  private _emitBreakerCountdown(): void {\n    const snap = this.getBreakerCountdown();\n    for (const l of this.breakerCountdownListeners) {\n      try {\n        l(snap);\n      } catch {\n        /* listener failure must never affect breaker behavior */\n      }\n    }\n  }\n\n  /**\n   * Arm the auto kill/reset countdown. Idempotent: re-arming resets the window\n   * (a fresh trip after a failed half-open probe restarts the clock). No-op\n   * when protection is off or no timeout is configured.\n   */\n  private _armAutoKillReset(): void {\n    if (this.autoKillResetMs <= 0 || !this.breaker.isEnabled) return;\n    this._clearAutoKillTimer();\n    this.autoKillArmedAt = Date.now();\n    this.autoKillTimer = setTimeout(() => {\n      this.autoKillTimer = null;\n      this.autoKillArmedAt = null;\n      // Forced recovery: nuke runaway processes and reopen the circuit.\n      this.killAll({ force: false });\n      this.breaker.forceReset();\n      this._emitBreakerCountdown();\n    }, this.autoKillResetMs);\n    // Don't keep the event loop alive purely for auto-recovery.\n    this.autoKillTimer.unref?.();\n    this._emitBreakerCountdown();\n  }\n\n  private _cancelAutoKillReset(): void {\n    const wasArmed = this.autoKillArmedAt !== null;\n    this._clearAutoKillTimer();\n    if (wasArmed) {\n      this.autoKillArmedAt = null;\n      this._emitBreakerCountdown();\n    }\n  }\n\n  private _clearAutoKillTimer(): void {\n    if (this.autoKillTimer !== null) {\n      clearTimeout(this.autoKillTimer);\n      this.autoKillTimer = null;\n    }\n  }\n\n  /** Kill a single process by PID.\n   *\n   *  On POSIX: sends SIGTERM to the *process group* (-pid) so that\n   *  runaway grandchild processes (`sleep 9999 & disown`) are also killed.\n   *  After `graceMs` a SIGKILL is sent if the process hasn't exited.\n   *\n   *  On Windows: `child.kill()` maps to TerminateProcess — process groups\n   *  are not meaningfully supported. A second `force=true` call sends\n   *  SIGKILL (which maps to TerminateProcess again — the distinction is\n   *  in the exit code, not the signal).\n   *\n   *  Returns true if the process was found and kill was attempted.\n   */\n  kill(pid: number, opts: KillOpts = {}): boolean {\n    const p = this.processes.get(pid);\n    if (!p) return false;\n    if (p.killed) return true; // already kill()ed, don't double-send\n    if (p.protected) return false; // protected processes are never kill()ed\n\n    const { force = false, graceMs = DEFAULT_GRACE_MS } = opts;\n    const isWin = os.platform() === 'win32';\n\n    if (isWin) {\n      // Windows: no process group semantics. A direct kill terminates only\n      // the immediate child — shell-wrapped commands (cmd.exe /c …) leave\n      // grandchildren running that hold the inherited stdio pipes open and\n      // keep feeding output into this process indefinitely. Kill the whole\n      // tree via taskkill instead, but only for a real, still-running child\n      // (exitCode === null); test fakes and already-exited processes take\n      // the plain-kill path. The direct kill is deliberately NOT sent\n      // immediately alongside taskkill: killing the root first would break\n      // taskkill's parent-pid tree enumeration and orphan the grandchildren\n      // again — it runs as a delayed fallback instead.\n      const liveRealChild = p.child.exitCode === null && typeof p.child.pid === 'number';\n      if (liveRealChild && killWin32Tree(pid)) {\n        const fallback = setTimeout(() => {\n          if (p.child.exitCode === null) {\n            try {\n              p.child.kill('SIGKILL');\n            } catch {\n              // Process may have already exited.\n            }\n          }\n        }, graceMs);\n        fallback.unref?.();\n      } else {\n        try {\n          p.child.kill(force ? 'SIGKILL' : 'SIGTERM');\n        } catch {\n          // Process may have already exited.\n        }\n      }\n      p.killed = true;\n      return true;\n    }\n\n    // POSIX: kill the process group so grandchildren are cleaned up too.\n    try {\n      if (force) {\n        try {\n          process.kill(-pid, 'SIGKILL');\n        } catch {\n          p.child.kill('SIGKILL');\n        }\n      } else {\n        try {\n          process.kill(-pid, 'SIGTERM');\n        } catch {\n          p.child.kill('SIGTERM');\n        }\n        // Schedule SIGKILL as backup.\n        const timer = setTimeout(() => {\n          // Re-check: process may have exited on its own.\n          if (this.processes.has(pid) && !p.child.killed) {\n            try {\n              process.kill(-pid, 'SIGKILL');\n            } catch {\n              try {\n                p.child.kill('SIGKILL');\n              } catch {\n                /* already gone */\n              }\n            }\n          }\n        }, graceMs);\n        timer.unref?.(); // Don't keep event loop alive.\n      }\n    } catch {\n      // Process may have already exited.\n    }\n    p.killed = true;\n    return true;\n  }\n\n  /**\n   * Kill all tracked processes.\n   * Returns the PIDs that were kill()ed.\n   */\n  killAll(opts: KillOpts = {}): number[] {\n    const pids = Array.from(this.processes.keys());\n    const killed: number[] = [];\n    for (const pid of pids) {\n      const p = this.processes.get(pid);\n      if (p && !p.protected && this.kill(pid, opts)) killed.push(pid);\n    }\n    return killed;\n  }\n\n  /**\n   * Kill all processes for a specific session.\n   * Returns the PIDs that were kill()ed.\n   */\n  killSession(sessionId: string, opts: KillOpts = {}): number[] {\n    const pids = this.bySession(sessionId).map((p) => p.pid);\n    const killed: number[] = [];\n    for (const pid of pids) {\n      if (this.kill(pid, opts)) killed.push(pid);\n    }\n    return killed;\n  }\n}\n\n/** Module-level singleton. Initialized on first access. */\nlet _registry: ProcessRegistryImpl | undefined;\n\nexport function getProcessRegistry(): ProcessRegistryImpl {\n  if (!_registry) {\n    _registry = new ProcessRegistryImpl();\n  }\n  return _registry;\n}\n\n/** Reset for tests. */\nexport function _resetProcessRegistry(): void {\n  _registry = undefined;\n}\n\n// ── Convenience re-exports ────────────────────────────────────────────────────\n\nexport type { KillOpts };"]}