@x-code-cli/core 0.2.1 → 0.2.2

package/dist/tools/read-file.js

@@ -16,53 +16,95 @@ import path from 'node:path';
 import { tool } from 'ai';
 import { z } from 'zod';
 import { classifyFile } from '../agent/file-ingest.js';
+import { mediaTypeFor } from '../utils/media-type.js';
 import { formatToolError } from '../utils/tool-errors.js';
 import { reportProgress } from './progress.js';
-function mediaTypeFor(filePath) {
-    const ext = path.extname(filePath).toLowerCase();
-    if (ext === '.jpg' || ext === '.jpeg')
-        return 'image/jpeg';
-    if (ext === '.png')
-        return 'image/png';
-    if (ext === '.webp')
-        return 'image/webp';
-    if (ext === '.gif')
-        return 'image/gif';
-    if (ext === '.bmp')
-        return 'image/bmp';
-    return 'image/png';
-}
-/** Threshold above which a no-args readFile call returns a partial head plus a
- *  hint to re-read specific ranges. Picked empirically: 500 lines of code is
- *  a realistic ceiling for "skim the whole thing", and anything bigger is
- *  almost always used with grep first. */
-const LARGE_FILE_LINE_THRESHOLD = 500;
+/** Default cap on lines returned by a no-args readFile call. Aligned with
+ *  Claude Code's MAX_LINES_TO_READ — picked empirically: 2000 lines is a
+ *  realistic ceiling for "skim the whole thing", anything bigger is almost
+ *  always used with grep first. Was 500 originally, bumped after observing
+ *  that 500 forced too many round-trips for legitimate "read this whole
+ *  module" cases (4× more calls than CC for the same coverage). */
+const LARGE_FILE_LINE_THRESHOLD = 2000;
+/** Byte cap on a single tool-result payload. Mirrors the @-attach ingest cap
+ *  in file-ingest.ts and Claude Code's Read-tool 25K-token default (~100 KB
+ *  English / ~75 KB CJK; 256 KB gives headroom). Applies to BOTH the
+ *  default head case AND the explicit offset/limit case — without this,
+ *  a model that asks for `limit: 90000` on a multi-MB file gets the entire
+ *  thing dumped into context and the next turn fails with
+ *  context_length_exceeded. CC enforces the same invariant via
+ *  `validateContentTokens`. */
+const MAX_READ_BYTES = 256 * 1024;
 async function readTextResult(filePath, offset, limit) {
     const content = await fs.readFile(filePath, 'utf-8');
     const lines = content.split('\n');
     const totalLines = lines.length;
-    // When the caller passes neither offset nor limit and the file is large,
-    // return only the head and tell the model how to request the rest. Without
-    // this guard, models happily read 2000-line files "just to see what's in
-    // there" and the full content rides along on every subsequent turn. The
-    // downstream truncator (tool-result-sanitize) would eventually clip this,
-    // but doing it at the tool level preserves intent — the model sees
-    // explicitly that the file was large and that it should narrow the range.
     const userSpecifiedRange = offset != null || limit != null;
-    if (!userSpecifiedRange && totalLines > LARGE_FILE_LINE_THRESHOLD) {
-        const head = lines.slice(0, LARGE_FILE_LINE_THRESHOLD);
-        const body = head.map((line, i) => `${i + 1}\t${line}`).join('\n');
-        return (body +
-            `\n\n[readFile: showing first ${LARGE_FILE_LINE_THRESHOLD}/${totalLines} lines. ` +
-            `Call readFile again with offset/limit to view other ranges, or use grep to find specific symbols.]`);
+    // Decide which slice the caller asked for; head-truncation is its own
+    // mode so the trailing hint can say "showing first N" vs "byte cap hit".
+    let start;
+    let end;
+    let isHeadTruncation = false;
+    if (userSpecifiedRange) {
+        start = (offset ?? 1) - 1;
+        end = limit ? start + limit : lines.length;
+    }
+    else if (totalLines > LARGE_FILE_LINE_THRESHOLD) {
+        start = 0;
+        end = LARGE_FILE_LINE_THRESHOLD;
+        isHeadTruncation = true;
+    }
+    else {
+        start = 0;
+        end = lines.length;
     }
-    const start = (offset ?? 1) - 1;
-    const end = limit ? start + limit : lines.length;
     const sliced = lines.slice(start, end);
-    return sliced.map((line, i) => `${start + i + 1}\t${line}`).join('\n');
+    // Build the numbered-line output line-by-line, stopping as soon as adding
+    // the next line would push past MAX_READ_BYTES. Per-line byte counting
+    // is necessary for CJK / wide-char content where line.length lies about
+    // the on-the-wire size.
+    const formatted = [];
+    let bytes = 0;
+    for (let i = 0; i < sliced.length; i++) {
+        const numbered = `${start + i + 1}\t${sliced[i]}`;
+        const addedBytes = Buffer.byteLength(numbered, 'utf-8') + (formatted.length > 0 ? 1 : 0);
+        if (bytes + addedBytes > MAX_READ_BYTES && formatted.length > 0)
+            break;
+        formatted.push(numbered);
+        bytes += addedBytes;
+    }
+    const includedLines = formatted.length;
+    const body = formatted.join('\n');
+    // Trailing hint — same shape as Claude Code's MaxFileReadTokenExceededError
+    // message: tells the model exactly which next call will work, so it can
+    // self-recover instead of giving up or repeating the same call.
+    if (isHeadTruncation) {
+        const note = includedLines < sliced.length ? ` (further capped at ${MAX_READ_BYTES / 1024} KB)` : '';
+        return (body +
+            `\n\n[readFile: showing first ${includedLines}/${totalLines} lines${note}. ` +
+            `Call readFile again with offset/limit to view other ranges, or use grep to find specific symbols. ` +
+            `For whole-file analysis of very large files, consider delegating to a sub-agent via the task tool — ` +
+            `each sub-agent reads in isolated context and returns only a summary.]`);
+    }
+    if (includedLines < sliced.length) {
+        const nextOffset = start + includedLines + 1;
+        return (body +
+            `\n\n[readFile: output capped at ${MAX_READ_BYTES / 1024} KB; ` +
+            `returned ${includedLines}/${sliced.length} requested lines (lines ${start + 1}-${start + includedLines}). ` +
+            `Call readFile again with offset=${nextOffset} for the next chunk, or narrow the range.]`);
+    }
+    return body;
 }
 export const readFile = tool({
-    description: 'Read the contents of a file at the given path. Returns line-numbered text for code/docs, and inline media for images/PDFs so the model can inspect them directly.',
+    description: `Read a file from the local filesystem. Assume this tool can read all files on the machine.
+
+Usage:
+- The filePath parameter must be an absolute path, not a relative path.
+- You can optionally specify offset and limit (especially handy for long files), but it's recommended to read the whole file first.
+- Results are returned with line numbers starting at 1.
+- This tool can read images (PNG, JPG, etc.) and PDFs — their content is presented inline.
+- This tool can only read files, not directories. To list a directory, use listDir or shell with ls.
+- If a file path is provided by the user, assume it is valid.`,
     inputSchema: z.object({
         filePath: z.string().describe('Absolute path to the file'),
         offset: z.number().optional().describe('Start line (1-based, text files only)'),

package/dist/tools/read-file.js.map

@@ -1 +1 @@
-{"version":3,"file":"read-file.js","sourceRoot":"","sources":["../../src/tools/read-file.ts"],"names":[],"mappings":"AAAA,mCAAmC;AACnC,EAAE;AACF,2EAA2E;AAC3E,wEAAwE;AACxE,qEAAqE;AACrE,2EAA2E;AAC3E,gCAAgC;AAChC,EAAE;AACF,sEAAsE;AACtE,sEAAsE;AACtE,wEAAwE;AACxE,wEAAwE;AACxE,0BAA0B;AAC1B,OAAO,EAAE,MAAM,kBAAkB,CAAA;AACjC,OAAO,IAAI,MAAM,WAAW,CAAA;AAE5B,OAAO,EAAE,IAAI,EAAE,MAAM,IAAI,CAAA;AAEzB,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAEvB,OAAO,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAA;AACtD,OAAO,EAAE,eAAe,EAAE,MAAM,yBAAyB,CAAA;AACzD,OAAO,EAAE,cAAc,EAAE,MAAM,eAAe,CAAA;AAE9C,SAAS,YAAY,CAAC,QAAgB;IACpC,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,WAAW,EAAE,CAAA;IAChD,IAAI,GAAG,KAAK,MAAM,IAAI,GAAG,KAAK,OAAO;QAAE,OAAO,YAAY,CAAA;IAC1D,IAAI,GAAG,KAAK,MAAM;QAAE,OAAO,WAAW,CAAA;IACtC,IAAI,GAAG,KAAK,OAAO;QAAE,OAAO,YAAY,CAAA;IACxC,IAAI,GAAG,KAAK,MAAM;QAAE,OAAO,WAAW,CAAA;IACtC,IAAI,GAAG,KAAK,MAAM;QAAE,OAAO,WAAW,CAAA;IACtC,OAAO,WAAW,CAAA;AACpB,CAAC;AAED;;;0CAG0C;AAC1C,MAAM,yBAAyB,GAAG,GAAG,CAAA;AAErC,KAAK,UAAU,cAAc,CAAC,QAAgB,EAAE,MAAe,EAAE,KAAc;IAC7E,MAAM,OAAO,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAA;IACpD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;IACjC,MAAM,UAAU,GAAG,KAAK,CAAC,MAAM,CAAA;IAE/B,yEAAyE;IACzE,2EAA2E;IAC3E,yEAAyE;IACzE,wEAAwE;IACxE,0EAA0E;IAC1E,mEAAmE;IACnE,0EAA0E;IAC1E,MAAM,kBAAkB,GAAG,MAAM,IAAI,IAAI,IAAI,KAAK,IAAI,IAAI,CAAA;IAC1D,IAAI,CAAC,kBAAkB,IAAI,UAAU,GAAG,yBAAyB,EAAE,CAAC;QAClE,MAAM,IAAI,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,yBAAyB,CAAC,CAAA;QACtD,MAAM,IAAI,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;QAClE,OAAO,CACL,IAAI;YACJ,gCAAgC,yBAAyB,IAAI,UAAU,UAAU;YACjF,oGAAoG,CACrG,CAAA;IACH,CAAC;IAED,MAAM,KAAK,GAAG,CAAC,MAAM,IAAI,CAAC,CAAC,GAAG,CAAC,CAAA;IAC/B,MAAM,GAAG,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAA;IAChD,MAAM,MAAM,GAAG,KAAK,CAAC,KAAK,CAAC,KAAK,EAAE,GAAG,CAAC,CAAA;IACtC,OAAO,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK,GAAG,CAAC,GAAG,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;AACxE,CAAC;AAED,MAAM,CAAC,MAAM,QAAQ,GAAG,IAAI,CAAC;IAC3B,WAAW,EAAE,mKAAmK;IAChL,WAAW,EAAE,CAAC,CAAC,MAAM,CAAC;QACpB,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,2BAA2B,CAAC;QAC1D,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,uCAAuC,CAAC;QAC/E,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,qCAAqC,CAAC;KAC7E,CAAC;IACF,OAAO,EAAE,KAAK,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,KAAK,EAAE,EAAE,EAAE,UAAU,EAAE,EAAE,EAAE;QAC7D,IAAI,CAAC;YACH,cAAc,CAAC,UAAU,EAAE,WAAW,QAAQ,EAAE,CAAC,CAAA;YACjD,MAAM,IAAI,GAAG,MAAM,YAAY,CAAC,QAAQ,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,MAAe,CAAC,CAAA;YAEtE,IAAI,IAAI,KAAK,OAAO,EAAE,CAAC;gBACrB,MAAM,MAAM,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAA;gBAC1C,qEAAqE;gBACrE,iEAAiE;gBACjE,4DAA4D;gBAC5D,mEAAmE;gBACnE,kEAAkE;gBAClE,wBAAwB;gBACxB,OAAO;oBACL,IAAI,EAAE,SAAS;oBACf,KAAK,EAAE;wBACL,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,iBAAiB,QAAQ,EAAE,EAAE;wBACnD;4BACE,IAAI,EAAE,YAAY;4BAClB,IAAI,EAAE,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC;4BAC/B,SAAS,EAAE,YAAY,CAAC,QAAQ,CAAC;yBAClC;qBACF;iBACF,CAAA;YACH,CAAC;YAED,IAAI,IAAI,KAAK,KAAK,EAAE,CAAC;gBACnB,MAAM,MAAM,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAA;gBAC1C,OAAO;oBACL,IAAI,EAAE,SAAS;oBACf,KAAK,EAAE;wBACL,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,eAAe,QAAQ,EAAE,EAAE;wBACjD;4BACE,IAAI,EAAE,WAAW;4BACjB,IAAI,EAAE,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC;4BAC/B,SAAS,EAAE,iBAAiB;4BAC5B,QAAQ,EAAE,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC;yBAClC;qBACF;iBACF,CAAA;YACH,CAAC;YAED,0CAA0C;YAC1C,uEAAuE;YACvE,wEAAwE;YACxE,wEAAwE;YACxE,kEAAkE;YAClE,mBAAmB;YACnB,OAAO,MAAM,cAAc,CAAC,QAAQ,EAAE,MAAM,EAAE,KAAK,CAAC,CAAA;QACtD,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,eAAe,CAAC,cAAc,EAAE,GAAG,CAAC,CAAA;QAC7C,CAAC;IACH,CAAC;CACF,CAAC,CAAA"}
+{"version":3,"file":"read-file.js","sourceRoot":"","sources":["../../src/tools/read-file.ts"],"names":[],"mappings":"AAAA,mCAAmC;AACnC,EAAE;AACF,2EAA2E;AAC3E,wEAAwE;AACxE,qEAAqE;AACrE,2EAA2E;AAC3E,gCAAgC;AAChC,EAAE;AACF,sEAAsE;AACtE,sEAAsE;AACtE,wEAAwE;AACxE,wEAAwE;AACxE,0BAA0B;AAC1B,OAAO,EAAE,MAAM,kBAAkB,CAAA;AACjC,OAAO,IAAI,MAAM,WAAW,CAAA;AAE5B,OAAO,EAAE,IAAI,EAAE,MAAM,IAAI,CAAA;AAEzB,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAEvB,OAAO,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAA;AACtD,OAAO,EAAE,YAAY,EAAE,MAAM,wBAAwB,CAAA;AACrD,OAAO,EAAE,eAAe,EAAE,MAAM,yBAAyB,CAAA;AACzD,OAAO,EAAE,cAAc,EAAE,MAAM,eAAe,CAAA;AAE9C;;;;;mEAKmE;AACnE,MAAM,yBAAyB,GAAG,IAAI,CAAA;AAEtC;;;;;;;+BAO+B;AAC/B,MAAM,cAAc,GAAG,GAAG,GAAG,IAAI,CAAA;AAEjC,KAAK,UAAU,cAAc,CAAC,QAAgB,EAAE,MAAe,EAAE,KAAc;IAC7E,MAAM,OAAO,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAA;IACpD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;IACjC,MAAM,UAAU,GAAG,KAAK,CAAC,MAAM,CAAA;IAE/B,MAAM,kBAAkB,GAAG,MAAM,IAAI,IAAI,IAAI,KAAK,IAAI,IAAI,CAAA;IAE1D,sEAAsE;IACtE,yEAAyE;IACzE,IAAI,KAAa,CAAA;IACjB,IAAI,GAAW,CAAA;IACf,IAAI,gBAAgB,GAAG,KAAK,CAAA;IAC5B,IAAI,kBAAkB,EAAE,CAAC;QACvB,KAAK,GAAG,CAAC,MAAM,IAAI,CAAC,CAAC,GAAG,CAAC,CAAA;QACzB,GAAG,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAA;IAC5C,CAAC;SAAM,IAAI,UAAU,GAAG,yBAAyB,EAAE,CAAC;QAClD,KAAK,GAAG,CAAC,CAAA;QACT,GAAG,GAAG,yBAAyB,CAAA;QAC/B,gBAAgB,GAAG,IAAI,CAAA;IACzB,CAAC;SAAM,CAAC;QACN,KAAK,GAAG,CAAC,CAAA;QACT,GAAG,GAAG,KAAK,CAAC,MAAM,CAAA;IACpB,CAAC;IACD,MAAM,MAAM,GAAG,KAAK,CAAC,KAAK,CAAC,KAAK,EAAE,GAAG,CAAC,CAAA;IAEtC,0EAA0E;IAC1E,uEAAuE;IACvE,wEAAwE;IACxE,wBAAwB;IACxB,MAAM,SAAS,GAAa,EAAE,CAAA;IAC9B,IAAI,KAAK,GAAG,CAAC,CAAA;IACb,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACvC,MAAM,QAAQ,GAAG,GAAG,KAAK,GAAG,CAAC,GAAG,CAAC,KAAK,MAAM,CAAC,CAAC,CAAC,EAAE,CAAA;QACjD,MAAM,UAAU,GAAG,MAAM,CAAC,UAAU,CAAC,QAAQ,EAAE,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;QACxF,IAAI,KAAK,GAAG,UAAU,GAAG,cAAc,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC;YAAE,MAAK;QACtE,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;QACxB,KAAK,IAAI,UAAU,CAAA;IACrB,CAAC;IACD,MAAM,aAAa,GAAG,SAAS,CAAC,MAAM,CAAA;IACtC,MAAM,IAAI,GAAG,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;IAEjC,4EAA4E;IAC5E,wEAAwE;IACxE,gEAAgE;IAChE,IAAI,gBAAgB,EAAE,CAAC;QACrB,MAAM,IAAI,GAAG,aAAa,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,uBAAuB,cAAc,GAAG,IAAI,MAAM,CAAC,CAAC,CAAC,EAAE,CAAA;QACpG,OAAO,CACL,IAAI;YACJ,gCAAgC,aAAa,IAAI,UAAU,SAAS,IAAI,IAAI;YAC5E,oGAAoG;YACpG,sGAAsG;YACtG,uEAAuE,CACxE,CAAA;IACH,CAAC;IACD,IAAI,aAAa,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC;QAClC,MAAM,UAAU,GAAG,KAAK,GAAG,aAAa,GAAG,CAAC,CAAA;QAC5C,OAAO,CACL,IAAI;YACJ,mCAAmC,cAAc,GAAG,IAAI,OAAO;YAC/D,YAAY,aAAa,IAAI,MAAM,CAAC,MAAM,2BAA2B,KAAK,GAAG,CAAC,IAAI,KAAK,GAAG,aAAa,KAAK;YAC5G,mCAAmC,UAAU,4CAA4C,CAC1F,CAAA;IACH,CAAC;IACD,OAAO,IAAI,CAAA;AACb,CAAC;AAED,MAAM,CAAC,MAAM,QAAQ,GAAG,IAAI,CAAC;IAC3B,WAAW,EAAE;;;;;;;;8DAQ+C;IAC5D,WAAW,EAAE,CAAC,CAAC,MAAM,CAAC;QACpB,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,2BAA2B,CAAC;QAC1D,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,uCAAuC,CAAC;QAC/E,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,qCAAqC,CAAC;KAC7E,CAAC;IACF,OAAO,EAAE,KAAK,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,KAAK,EAAE,EAAE,EAAE,UAAU,EAAE,EAAE,EAAE;QAC7D,IAAI,CAAC;YACH,cAAc,CAAC,UAAU,EAAE,WAAW,QAAQ,EAAE,CAAC,CAAA;YACjD,MAAM,IAAI,GAAG,MAAM,YAAY,CAAC,QAAQ,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,MAAe,CAAC,CAAA;YAEtE,IAAI,IAAI,KAAK,OAAO,EAAE,CAAC;gBACrB,MAAM,MAAM,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAA;gBAC1C,qEAAqE;gBACrE,iEAAiE;gBACjE,4DAA4D;gBAC5D,mEAAmE;gBACnE,kEAAkE;gBAClE,wBAAwB;gBACxB,OAAO;oBACL,IAAI,EAAE,SAAS;oBACf,KAAK,EAAE;wBACL,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,iBAAiB,QAAQ,EAAE,EAAE;wBACnD;4BACE,IAAI,EAAE,YAAY;4BAClB,IAAI,EAAE,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC;4BAC/B,SAAS,EAAE,YAAY,CAAC,QAAQ,CAAC;yBAClC;qBACF;iBACF,CAAA;YACH,CAAC;YAED,IAAI,IAAI,KAAK,KAAK,EAAE,CAAC;gBACnB,MAAM,MAAM,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAA;gBAC1C,OAAO;oBACL,IAAI,EAAE,SAAS;oBACf,KAAK,EAAE;wBACL,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,eAAe,QAAQ,EAAE,EAAE;wBACjD;4BACE,IAAI,EAAE,WAAW;4BACjB,IAAI,EAAE,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC;4BAC/B,SAAS,EAAE,iBAAiB;4BAC5B,QAAQ,EAAE,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC;yBAClC;qBACF;iBACF,CAAA;YACH,CAAC;YAED,0CAA0C;YAC1C,uEAAuE;YACvE,wEAAwE;YACxE,wEAAwE;YACxE,kEAAkE;YAClE,mBAAmB;YACnB,OAAO,MAAM,cAAc,CAAC,QAAQ,EAAE,MAAM,EAAE,KAAK,CAAC,CAAA;QACtD,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,eAAe,CAAC,cAAc,EAAE,GAAG,CAAC,CAAA;QAC7C,CAAC;IACH,CAAC;CACF,CAAC,CAAA"}

package/dist/tools/shell-provider.d.ts

@@ -1,5 +1,6 @@
 import { type ResultPromise } from 'execa';
 export type ShellType = 'bash' | 'zsh' | 'powershell';
+export declare const MAX_SHELL_BUFFER: number;
 export interface ShellSpawnOptions {
     timeout: number;
     env?: NodeJS.ProcessEnv;

package/dist/tools/shell-provider.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"shell-provider.d.ts","sourceRoot":"","sources":["../../src/tools/shell-provider.ts"],"names":[],"mappings":"AAMA,OAAO,EAAS,KAAK,aAAa,EAAE,MAAM,OAAO,CAAA;AAGjD,MAAM,MAAM,SAAS,GAAG,MAAM,GAAG,KAAK,GAAG,YAAY,CAAA;AAErD,MAAM,WAAW,iBAAiB;IAChC,OAAO,EAAE,MAAM,CAAA;IACf,GAAG,CAAC,EAAE,MAAM,CAAC,UAAU,CAAA;IACvB,GAAG,CAAC,EAAE,MAAM,CAAA;IACZ;;uBAEmB;IACnB,MAAM,CAAC,EAAE,WAAW,CAAA;CACrB;AAED,MAAM,WAAW,aAAa;IAC5B,IAAI,EAAE,SAAS,CAAA;IACf,KAAK,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,iBAAiB,GAAG,aAAa,CAAA;CAC/D;AA+DD,wBAAgB,gBAAgB,IAAI,aAAa,CAYhD"}
+{"version":3,"file":"shell-provider.d.ts","sourceRoot":"","sources":["../../src/tools/shell-provider.ts"],"names":[],"mappings":"AAMA,OAAO,EAAE,KAAK,aAAa,EAAS,MAAM,OAAO,CAAA;AAIjD,MAAM,MAAM,SAAS,GAAG,MAAM,GAAG,KAAK,GAAG,YAAY,CAAA;AAMrD,eAAO,MAAM,gBAAgB,QAAmB,CAAA;AAEhD,MAAM,WAAW,iBAAiB;IAChC,OAAO,EAAE,MAAM,CAAA;IACf,GAAG,CAAC,EAAE,MAAM,CAAC,UAAU,CAAA;IACvB,GAAG,CAAC,EAAE,MAAM,CAAA;IACZ;;uBAEmB;IACnB,MAAM,CAAC,EAAE,WAAW,CAAA;CACrB;AAED,MAAM,WAAW,aAAa;IAC5B,IAAI,EAAE,SAAS,CAAA;IACf,KAAK,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,iBAAiB,GAAG,aAAa,CAAA;CAC/D;AA6DD,wBAAgB,gBAAgB,IAAI,aAAa,CAYhD"}

package/dist/tools/shell-provider.js

@@ -6,12 +6,18 @@
 // hand-roll quote escapes for PowerShell.
 import { execa } from 'execa';
 import os from 'node:os';
+// 20 MB — matches Claude Code's ripgrep buffer; generous enough for real
+// workloads, small enough to prevent an accidental `yes` or `find /` from
+// eating all memory. When exceeded, execa terminates the child with SIGTERM
+// and surfaces a "maxBuffer exceeded" error.
+export const MAX_SHELL_BUFFER = 20 * 1024 * 1024;
 function createPosixProvider(executable, type) {
     return {
         type,
         spawn(command, opts) {
             return execa(executable, ['-c', command], {
                 timeout: opts.timeout,
+                maxBuffer: MAX_SHELL_BUFFER,
                 cwd: opts.cwd,
                 reject: false,
                 cancelSignal: opts.signal,
@@ -52,6 +58,7 @@ function createPowerShellProvider(executable) {
             ].join('\n');
             return execa(executable, ['-NoProfile', '-NonInteractive', '-EncodedCommand', encodePowerShellCommand(wrapped)], {
                 timeout: opts.timeout,
+                maxBuffer: MAX_SHELL_BUFFER,
                 cwd: opts.cwd,
                 reject: false,
                 cancelSignal: opts.signal,

package/dist/tools/shell-provider.js.map

@@ -1 +1 @@
-{"version":3,"file":"shell-provider.js","sourceRoot":"","sources":["../../src/tools/shell-provider.ts"],"names":[],"mappings":"AAAA,gEAAgE;AAChE,EAAE;AACF,8EAA8E;AAC9E,4EAA4E;AAC5E,8EAA8E;AAC9E,0CAA0C;AAC1C,OAAO,EAAE,KAAK,EAAsB,MAAM,OAAO,CAAA;AACjD,OAAO,EAAE,MAAM,SAAS,CAAA;AAmBxB,SAAS,mBAAmB,CAAC,UAAkB,EAAE,IAAoB;IACnE,OAAO;QACL,IAAI;QACJ,KAAK,CAAC,OAAO,EAAE,IAAI;YACjB,OAAO,KAAK,CAAC,UAAU,EAAE,CAAC,IAAI,EAAE,OAAO,CAAC,EAAE;gBACxC,OAAO,EAAE,IAAI,CAAC,OAAO;gBACrB,GAAG,EAAE,IAAI,CAAC,GAAG;gBACb,MAAM,EAAE,KAAK;gBACb,YAAY,EAAE,IAAI,CAAC,MAAM;gBACzB,GAAG,EAAE,EAAE,GAAG,CAAC,IAAI,CAAC,GAAG,IAAI,OAAO,CAAC,GAAG,CAAC,EAAE,gBAAgB,EAAE,OAAO,EAAE;aACjE,CAAC,CAAA;QACJ,CAAC;KACF,CAAA;AACH,CAAC;AAED,+EAA+E;AAC/E,4EAA4E;AAC5E,8EAA8E;AAC9E,yBAAyB;AACzB,SAAS,uBAAuB,CAAC,SAAiB;IAChD,OAAO,MAAM,CAAC,IAAI,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAA;AAC7D,CAAC;AAED,SAAS,wBAAwB,CAAC,UAAkB;IAClD,OAAO;QACL,IAAI,EAAE,YAAY;QAClB,KAAK,CAAC,OAAO,EAAE,IAAI;YACjB,6DAA6D;YAC7D,wEAAwE;YACxE,mEAAmE;YACnE,gDAAgD;YAChD,qEAAqE;YACrE,qEAAqE;YACrE,4BAA4B;YAC5B,oEAAoE;YACpE,qEAAqE;YACrE,uEAAuE;YACvE,qEAAqE;YACrE,iEAAiE;YACjE,MAAM,OAAO,GAAG;gBACd,0DAA0D;gBAC1D,0CAA0C;gBAC1C,OAAO;gBACP,qFAAqF;gBACrF,YAAY;aACb,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;YACZ,OAAO,KAAK,CACV,UAAU,EACV,CAAC,YAAY,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,uBAAuB,CAAC,OAAO,CAAC,CAAC,EACtF;gBACE,OAAO,EAAE,IAAI,CAAC,OAAO;gBACrB,GAAG,EAAE,IAAI,CAAC,GAAG;gBACb,MAAM,EAAE,KAAK;gBACb,YAAY,EAAE,IAAI,CAAC,MAAM;gBACzB,GAAG,EAAE,EAAE,GAAG,CAAC,IAAI,CAAC,GAAG,IAAI,OAAO,CAAC,GAAG,CAAC,EAAE,gBAAgB,EAAE,OAAO,EAAE;aACjE,CACF,CAAA;QACH,CAAC;KACF,CAAA;AACH,CAAC;AAED,MAAM,UAAU,gBAAgB;IAC9B,IAAI,EAAE,CAAC,QAAQ,EAAE,KAAK,OAAO,EAAE,CAAC;QAC9B,wEAAwE;QACxE,6DAA6D;QAC7D,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,KAAK,CAAA;QAC/B,IAAI,KAAK,IAAI,gBAAgB,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;YAC1C,OAAO,mBAAmB,CAAC,KAAK,EAAE,KAAK,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,CAAA;QAC3E,CAAC;QACD,OAAO,wBAAwB,CAAC,gBAAgB,CAAC,CAAA;IACnD,CAAC;IACD,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,KAAK,IAAI,WAAW,CAAA;IAClD,OAAO,mBAAmB,CAAC,SAAS,EAAE,SAAS,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,CAAA;AACnF,CAAC"}
+{"version":3,"file":"shell-provider.js","sourceRoot":"","sources":["../../src/tools/shell-provider.ts"],"names":[],"mappings":"AAAA,gEAAgE;AAChE,EAAE;AACF,8EAA8E;AAC9E,4EAA4E;AAC5E,8EAA8E;AAC9E,0CAA0C;AAC1C,OAAO,EAAsB,KAAK,EAAE,MAAM,OAAO,CAAA;AAEjD,OAAO,EAAE,MAAM,SAAS,CAAA;AAIxB,yEAAyE;AACzE,0EAA0E;AAC1E,4EAA4E;AAC5E,6CAA6C;AAC7C,MAAM,CAAC,MAAM,gBAAgB,GAAG,EAAE,GAAG,IAAI,GAAG,IAAI,CAAA;AAiBhD,SAAS,mBAAmB,CAAC,UAAkB,EAAE,IAAoB;IACnE,OAAO;QACL,IAAI;QACJ,KAAK,CAAC,OAAO,EAAE,IAAI;YACjB,OAAO,KAAK,CAAC,UAAU,EAAE,CAAC,IAAI,EAAE,OAAO,CAAC,EAAE;gBACxC,OAAO,EAAE,IAAI,CAAC,OAAO;gBACrB,SAAS,EAAE,gBAAgB;gBAC3B,GAAG,EAAE,IAAI,CAAC,GAAG;gBACb,MAAM,EAAE,KAAK;gBACb,YAAY,EAAE,IAAI,CAAC,MAAM;gBACzB,GAAG,EAAE,EAAE,GAAG,CAAC,IAAI,CAAC,GAAG,IAAI,OAAO,CAAC,GAAG,CAAC,EAAE,gBAAgB,EAAE,OAAO,EAAE;aACjE,CAAC,CAAA;QACJ,CAAC;KACF,CAAA;AACH,CAAC;AAED,+EAA+E;AAC/E,4EAA4E;AAC5E,8EAA8E;AAC9E,yBAAyB;AACzB,SAAS,uBAAuB,CAAC,SAAiB;IAChD,OAAO,MAAM,CAAC,IAAI,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAA;AAC7D,CAAC;AAED,SAAS,wBAAwB,CAAC,UAAkB;IAClD,OAAO;QACL,IAAI,EAAE,YAAY;QAClB,KAAK,CAAC,OAAO,EAAE,IAAI;YACjB,6DAA6D;YAC7D,wEAAwE;YACxE,mEAAmE;YACnE,gDAAgD;YAChD,qEAAqE;YACrE,qEAAqE;YACrE,4BAA4B;YAC5B,oEAAoE;YACpE,qEAAqE;YACrE,uEAAuE;YACvE,qEAAqE;YACrE,iEAAiE;YACjE,MAAM,OAAO,GAAG;gBACd,0DAA0D;gBAC1D,0CAA0C;gBAC1C,OAAO;gBACP,qFAAqF;gBACrF,YAAY;aACb,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;YACZ,OAAO,KAAK,CAAC,UAAU,EAAE,CAAC,YAAY,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,uBAAuB,CAAC,OAAO,CAAC,CAAC,EAAE;gBAC/G,OAAO,EAAE,IAAI,CAAC,OAAO;gBACrB,SAAS,EAAE,gBAAgB;gBAC3B,GAAG,EAAE,IAAI,CAAC,GAAG;gBACb,MAAM,EAAE,KAAK;gBACb,YAAY,EAAE,IAAI,CAAC,MAAM;gBACzB,GAAG,EAAE,EAAE,GAAG,CAAC,IAAI,CAAC,GAAG,IAAI,OAAO,CAAC,GAAG,CAAC,EAAE,gBAAgB,EAAE,OAAO,EAAE;aACjE,CAAC,CAAA;QACJ,CAAC;KACF,CAAA;AACH,CAAC;AAED,MAAM,UAAU,gBAAgB;IAC9B,IAAI,EAAE,CAAC,QAAQ,EAAE,KAAK,OAAO,EAAE,CAAC;QAC9B,wEAAwE;QACxE,6DAA6D;QAC7D,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,KAAK,CAAA;QAC/B,IAAI,KAAK,IAAI,gBAAgB,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;YAC1C,OAAO,mBAAmB,CAAC,KAAK,EAAE,KAAK,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,CAAA;QAC3E,CAAC;QACD,OAAO,wBAAwB,CAAC,gBAAgB,CAAC,CAAA;IACnD,CAAC;IACD,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,KAAK,IAAI,WAAW,CAAA;IAClD,OAAO,mBAAmB,CAAC,SAAS,EAAE,SAAS,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,CAAA;AACnF,CAAC"}

package/dist/tools/shell-utils.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"shell-utils.d.ts","sourceRoot":"","sources":["../../src/tools/shell-utils.ts"],"names":[],"mappings":"AAKA,YAAY,EAAE,SAAS,EAAE,MAAM,qBAAqB,CAAA;AAEpD,oFAAoF;AACpF,wBAAgB,kBAAkB,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,EAAE,CA0CxD;AAkDD,+DAA+D;AAC/D,wBAAgB,UAAU,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAE/C;AAED,+DAA+D;AAC/D,wBAAgB,aAAa,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAGlD"}
+{"version":3,"file":"shell-utils.d.ts","sourceRoot":"","sources":["../../src/tools/shell-utils.ts"],"names":[],"mappings":"AAKA,YAAY,EAAE,SAAS,EAAE,MAAM,qBAAqB,CAAA;AAEpD,oFAAoF;AACpF,wBAAgB,kBAAkB,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,EAAE,CA0CxD;AAoGD,+DAA+D;AAC/D,wBAAgB,UAAU,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAE/C;AAED,+DAA+D;AAC/D,wBAAgB,aAAa,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAGlD"}

package/dist/tools/shell-utils.js

@@ -76,18 +76,61 @@ const READ_ONLY_COMMANDS = [
     'Test-Path',
 ];
 /** Git sub-commands that are read-only */
-const READ_ONLY_GIT_SUBCOMMANDS = ['status', 'log', 'diff', 'branch', 'show', 'remote', 'tag'];
+const READ_ONLY_GIT_SUBCOMMANDS = ['status', 'log', 'diff', 'branch', 'show', 'remote', 'tag', 'stash list', 'reflog'];
 // Pre-compiled regexes for performance
 const READ_ONLY_REGEX = new RegExp(`^\\s*(${READ_ONLY_COMMANDS.join('|')}|git\\s+(${READ_ONLY_GIT_SUBCOMMANDS.join('|')}))\\b`);
 const DESTRUCTIVE_PATTERNS = [
+    // ── Filesystem destruction ──
     /\brm\s+(-[a-z]*f|-[a-z]*r|--force|--recursive)/,
+    /\brm\s+-rf\b/,
     /\bsudo\b/,
     /\bmkfs\b/,
     /\bdd\s+if=/,
     /\b(chmod|chown)\s+.*\//,
     />\s*\/dev\/sd/,
     /\bformat\b/,
-    /\bRemove-Item\s+.*-Recurse/,
+    /\bRemove-Item\s+.*-Recurse/i,
+    /\bRemove-Item\s+.*-Force/i,
+    /\bdel\s+\/[sS]/,
+    /\brmdir\s+\/[sS]/,
+    // ── Git destructive operations ──
+    /\bgit\s+push\s+.*--force\b/,
+    /\bgit\s+push\s+-f\b/,
+    /\bgit\s+reset\s+--hard\b/,
+    /\bgit\s+clean\s+-[a-z]*f/,
+    /\bgit\s+checkout\s+--\s*\./,
+    /\bgit\s+rebase\b/,
+    /\bgit\s+filter-branch\b/,
+    /\bgit\s+reflog\s+expire\b/,
+    /\bgit\s+gc\s+--prune\b/,
+    // ── Remote code execution / download-and-exec ──
+    /\bcurl\s.*\|\s*(ba)?sh\b/,
+    /\bwget\s.*\|\s*(ba)?sh\b/,
+    /\bcurl\s.*\|\s*python/,
+    /\bwget\s.*\|\s*python/,
+    // ── System control ──
+    /\bshutdown\b/,
+    /\breboot\b/,
+    /\binit\s+[06]\b/,
+    /\bsystemctl\s+(stop|disable|mask|halt|poweroff)\b/,
+    /\bkillall\b/,
+    /\bpkill\s+-9\b/,
+    /\bStop-Computer\b/i,
+    /\bRestart-Computer\b/i,
+    // ── Database destruction ──
+    /\bDROP\s+(DATABASE|TABLE|SCHEMA)\b/i,
+    /\bTRUNCATE\s+TABLE\b/i,
+    /\bDELETE\s+FROM\s+\S+\s*;?\s*$/im,
+    // ── Container / infra destruction ──
+    /\bdocker\s+(rm|rmi|system\s+prune|volume\s+rm)\b/,
+    /\bkubectl\s+delete\b/,
+    // ── Environment pollution ──
+    /\bnpm\s+publish\b/,
+    /\bpnpm\s+publish\b/,
+    /\byarn\s+publish\b/,
+    // ── Disk / partition ──
+    /\bfdisk\b/,
+    /\bparted\b/,
 ];
 /** Check if a sub-command is read-only (safe to auto-allow) */
 export function isReadOnly(cmd) {

package/dist/tools/shell-utils.js.map

@@ -1 +1 @@
-{"version":3,"file":"shell-utils.js","sourceRoot":"","sources":["../../src/tools/shell-utils.ts"],"names":[],"mappings":"AAOA,oFAAoF;AACpF,MAAM,UAAU,kBAAkB,CAAC,GAAW;IAC5C,gDAAgD;IAChD,MAAM,KAAK,GAAa,EAAE,CAAA;IAC1B,IAAI,OAAO,GAAG,EAAE,CAAA;IAChB,IAAI,aAAa,GAAG,KAAK,CAAA;IACzB,IAAI,aAAa,GAAG,KAAK,CAAA;IAEzB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACpC,MAAM,EAAE,GAAG,GAAG,CAAC,CAAC,CAAC,CAAA;QACjB,MAAM,IAAI,GAAG,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAA;QAEvB,IAAI,EAAE,KAAK,GAAG,IAAI,CAAC,aAAa,EAAE,CAAC;YACjC,aAAa,GAAG,CAAC,aAAa,CAAA;YAC9B,OAAO,IAAI,EAAE,CAAA;QACf,CAAC;aAAM,IAAI,EAAE,KAAK,GAAG,IAAI,CAAC,aAAa,EAAE,CAAC;YACxC,aAAa,GAAG,CAAC,aAAa,CAAA;YAC9B,OAAO,IAAI,EAAE,CAAA;QACf,CAAC;aAAM,IAAI,CAAC,aAAa,IAAI,CAAC,aAAa,EAAE,CAAC;YAC5C,IAAI,EAAE,KAAK,GAAG,IAAI,IAAI,KAAK,GAAG,EAAE,CAAC;gBAC/B,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;gBACnB,OAAO,GAAG,EAAE,CAAA;gBACZ,CAAC,EAAE,CAAA,CAAC,cAAc;YACpB,CAAC;iBAAM,IAAI,EAAE,KAAK,GAAG,IAAI,IAAI,KAAK,GAAG,EAAE,CAAC;gBACtC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;gBACnB,OAAO,GAAG,EAAE,CAAA;gBACZ,CAAC,EAAE,CAAA,CAAC,cAAc;YACpB,CAAC;iBAAM,IAAI,EAAE,KAAK,GAAG,EAAE,CAAC;gBACtB,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;gBACnB,OAAO,GAAG,EAAE,CAAA;YACd,CAAC;iBAAM,IAAI,EAAE,KAAK,GAAG,EAAE,CAAC;gBACtB,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;gBACnB,OAAO,GAAG,EAAE,CAAA;YACd,CAAC;iBAAM,CAAC;gBACN,OAAO,IAAI,EAAE,CAAA;YACf,CAAC;QACH,CAAC;aAAM,CAAC;YACN,OAAO,IAAI,EAAE,CAAA;QACf,CAAC;IACH,CAAC;IACD,IAAI,OAAO,CAAC,IAAI,EAAE;QAAE,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;IAEvC,OAAO,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAA;AACnD,CAAC;AAED,2DAA2D;AAC3D,MAAM,kBAAkB,GAAG;IACzB,IAAI;IACJ,IAAI;IACJ,KAAK;IACL,KAAK;IACL,KAAK;IACL,MAAM;IACN,MAAM;IACN,IAAI;IACJ,MAAM;IACN,OAAO;IACP,MAAM;IACN,MAAM;IACN,MAAM;IACN,IAAI;IACJ,IAAI;IACJ,KAAK;IACL,UAAU;IACV,MAAM;IACN,MAAM;IACN,aAAa;IACb,eAAe;IACf,cAAc;IACd,aAAa;IACb,eAAe;IACf,WAAW;CACZ,CAAA;AAED,0CAA0C;AAC1C,MAAM,yBAAyB,GAAG,CAAC,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAA;AAE9F,uCAAuC;AACvC,MAAM,eAAe,GAAG,IAAI,MAAM,CAChC,SAAS,kBAAkB,CAAC,IAAI,CAAC,GAAG,CAAC,YAAY,yBAAyB,CAAC,IAAI,CAAC,GAAG,CAAC,OAAO,CAC5F,CAAA;AAED,MAAM,oBAAoB,GAAa;IACrC,gDAAgD;IAChD,UAAU;IACV,UAAU;IACV,YAAY;IACZ,wBAAwB;IACxB,eAAe;IACf,YAAY;IACZ,4BAA4B;CAC7B,CAAA;AAED,+DAA+D;AAC/D,MAAM,UAAU,UAAU,CAAC,GAAW;IACpC,OAAO,eAAe,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,CAAA;AACzC,CAAC;AAED,+DAA+D;AAC/D,MAAM,UAAU,aAAa,CAAC,GAAW;IACvC,MAAM,CAAC,GAAG,GAAG,CAAC,IAAI,EAAE,CAAA;IACpB,OAAO,oBAAoB,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAA;AAChE,CAAC"}
+{"version":3,"file":"shell-utils.js","sourceRoot":"","sources":["../../src/tools/shell-utils.ts"],"names":[],"mappings":"AAOA,oFAAoF;AACpF,MAAM,UAAU,kBAAkB,CAAC,GAAW;IAC5C,gDAAgD;IAChD,MAAM,KAAK,GAAa,EAAE,CAAA;IAC1B,IAAI,OAAO,GAAG,EAAE,CAAA;IAChB,IAAI,aAAa,GAAG,KAAK,CAAA;IACzB,IAAI,aAAa,GAAG,KAAK,CAAA;IAEzB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACpC,MAAM,EAAE,GAAG,GAAG,CAAC,CAAC,CAAC,CAAA;QACjB,MAAM,IAAI,GAAG,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAA;QAEvB,IAAI,EAAE,KAAK,GAAG,IAAI,CAAC,aAAa,EAAE,CAAC;YACjC,aAAa,GAAG,CAAC,aAAa,CAAA;YAC9B,OAAO,IAAI,EAAE,CAAA;QACf,CAAC;aAAM,IAAI,EAAE,KAAK,GAAG,IAAI,CAAC,aAAa,EAAE,CAAC;YACxC,aAAa,GAAG,CAAC,aAAa,CAAA;YAC9B,OAAO,IAAI,EAAE,CAAA;QACf,CAAC;aAAM,IAAI,CAAC,aAAa,IAAI,CAAC,aAAa,EAAE,CAAC;YAC5C,IAAI,EAAE,KAAK,GAAG,IAAI,IAAI,KAAK,GAAG,EAAE,CAAC;gBAC/B,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;gBACnB,OAAO,GAAG,EAAE,CAAA;gBACZ,CAAC,EAAE,CAAA,CAAC,cAAc;YACpB,CAAC;iBAAM,IAAI,EAAE,KAAK,GAAG,IAAI,IAAI,KAAK,GAAG,EAAE,CAAC;gBACtC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;gBACnB,OAAO,GAAG,EAAE,CAAA;gBACZ,CAAC,EAAE,CAAA,CAAC,cAAc;YACpB,CAAC;iBAAM,IAAI,EAAE,KAAK,GAAG,EAAE,CAAC;gBACtB,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;gBACnB,OAAO,GAAG,EAAE,CAAA;YACd,CAAC;iBAAM,IAAI,EAAE,KAAK,GAAG,EAAE,CAAC;gBACtB,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;gBACnB,OAAO,GAAG,EAAE,CAAA;YACd,CAAC;iBAAM,CAAC;gBACN,OAAO,IAAI,EAAE,CAAA;YACf,CAAC;QACH,CAAC;aAAM,CAAC;YACN,OAAO,IAAI,EAAE,CAAA;QACf,CAAC;IACH,CAAC;IACD,IAAI,OAAO,CAAC,IAAI,EAAE;QAAE,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;IAEvC,OAAO,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAA;AACnD,CAAC;AAED,2DAA2D;AAC3D,MAAM,kBAAkB,GAAG;IACzB,IAAI;IACJ,IAAI;IACJ,KAAK;IACL,KAAK;IACL,KAAK;IACL,MAAM;IACN,MAAM;IACN,IAAI;IACJ,MAAM;IACN,OAAO;IACP,MAAM;IACN,MAAM;IACN,MAAM;IACN,IAAI;IACJ,IAAI;IACJ,KAAK;IACL,UAAU;IACV,MAAM;IACN,MAAM;IACN,aAAa;IACb,eAAe;IACf,cAAc;IACd,aAAa;IACb,eAAe;IACf,WAAW;CACZ,CAAA;AAED,0CAA0C;AAC1C,MAAM,yBAAyB,GAAG,CAAC,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,YAAY,EAAE,QAAQ,CAAC,CAAA;AAEtH,uCAAuC;AACvC,MAAM,eAAe,GAAG,IAAI,MAAM,CAChC,SAAS,kBAAkB,CAAC,IAAI,CAAC,GAAG,CAAC,YAAY,yBAAyB,CAAC,IAAI,CAAC,GAAG,CAAC,OAAO,CAC5F,CAAA;AAED,MAAM,oBAAoB,GAAa;IACrC,+BAA+B;IAC/B,gDAAgD;IAChD,cAAc;IACd,UAAU;IACV,UAAU;IACV,YAAY;IACZ,wBAAwB;IACxB,eAAe;IACf,YAAY;IACZ,6BAA6B;IAC7B,2BAA2B;IAC3B,gBAAgB;IAChB,kBAAkB;IAElB,mCAAmC;IACnC,4BAA4B;IAC5B,qBAAqB;IACrB,0BAA0B;IAC1B,0BAA0B;IAC1B,4BAA4B;IAC5B,kBAAkB;IAClB,yBAAyB;IACzB,2BAA2B;IAC3B,wBAAwB;IAExB,kDAAkD;IAClD,0BAA0B;IAC1B,0BAA0B;IAC1B,uBAAuB;IACvB,uBAAuB;IAEvB,uBAAuB;IACvB,cAAc;IACd,YAAY;IACZ,iBAAiB;IACjB,mDAAmD;IACnD,aAAa;IACb,gBAAgB;IAChB,oBAAoB;IACpB,uBAAuB;IAEvB,6BAA6B;IAC7B,qCAAqC;IACrC,uBAAuB;IACvB,kCAAkC;IAElC,sCAAsC;IACtC,kDAAkD;IAClD,sBAAsB;IAEtB,8BAA8B;IAC9B,mBAAmB;IACnB,oBAAoB;IACpB,oBAAoB;IAEpB,yBAAyB;IACzB,WAAW;IACX,YAAY;CACb,CAAA;AAED,+DAA+D;AAC/D,MAAM,UAAU,UAAU,CAAC,GAAW;IACpC,OAAO,eAAe,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,CAAA;AACzC,CAAC;AAED,+DAA+D;AAC/D,MAAM,UAAU,aAAa,CAAC,GAAW;IACvC,MAAM,CAAC,GAAG,GAAG,CAAC,IAAI,EAAE,CAAA;IACpB,OAAO,oBAAoB,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAA;AAChE,CAAC"}

package/dist/tools/shell.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"shell.d.ts","sourceRoot":"","sources":["../../src/tools/shell.ts"],"names":[],"mappings":"AAKA,eAAO,MAAM,KAAK;;;SAQhB,CAAA"}
+{"version":3,"file":"shell.d.ts","sourceRoot":"","sources":["../../src/tools/shell.ts"],"names":[],"mappings":"AAKA,eAAO,MAAM,KAAK;;;SAqBhB,CAAA"}

package/dist/tools/shell.js

@@ -2,7 +2,21 @@
 import { tool } from 'ai';
 import { z } from 'zod';
 export const shell = tool({
-    description: 'Execute a shell command and return stdout/stderr. Commands should be compatible with the current platform shell.',
+    description: `Execute a shell command and return stdout/stderr. The working directory persists between commands.
+
+IMPORTANT: Avoid using this tool to run grep, rg, cat, head, tail, sed, or awk commands. Instead, use the appropriate dedicated tool — they provide a better user experience:
+- File search: Use glob (NOT find or ls)
+- Content search: Use grep tool (NOT grep/rg command)
+- Read files: Use readFile (NOT cat/head/tail)
+- Edit files: Use edit (NOT sed/awk)
+- Write files: Use writeFile (NOT echo >/cat <<EOF)
+
+Instructions:
+- If your command will create new directories or files, first run ls to verify the parent directory exists and is the correct location.
+- Always quote file paths that contain spaces with double quotes.
+- When issuing multiple commands: if they are independent, make multiple shell tool calls in a single message for parallelism. If they depend on each other, use '&&' to chain them. Use ';' only when you need sequential execution but don't care if earlier commands fail. Do NOT use newlines to separate commands.
+- For git commands: prefer creating a new commit rather than amending. Never skip hooks (--no-verify) unless the user explicitly asks. Before running destructive operations (git reset --hard, git push --force), consider safer alternatives.
+- Do not sleep between commands that can run immediately.`,
     inputSchema: z.object({
         command: z.string().describe('The command to execute'),
         timeout: z.number().optional().describe('Timeout in milliseconds (default: 30000)'),

package/dist/tools/shell.js.map

@@ -1 +1 @@
-{"version":3,"file":"shell.js","sourceRoot":"","sources":["../../src/tools/shell.ts"],"names":[],"mappings":"AAAA,wGAAwG;AACxG,OAAO,EAAE,IAAI,EAAE,MAAM,IAAI,CAAA;AAEzB,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAEvB,MAAM,CAAC,MAAM,KAAK,GAAG,IAAI,CAAC;IACxB,WAAW,EACT,kHAAkH;IACpH,WAAW,EAAE,CAAC,CAAC,MAAM,CAAC;QACpB,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,wBAAwB,CAAC;QACtD,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,0CAA0C,CAAC;KACpF,CAAC;IACF,sGAAsG;CACvG,CAAC,CAAA"}
+{"version":3,"file":"shell.js","sourceRoot":"","sources":["../../src/tools/shell.ts"],"names":[],"mappings":"AAAA,wGAAwG;AACxG,OAAO,EAAE,IAAI,EAAE,MAAM,IAAI,CAAA;AAEzB,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAEvB,MAAM,CAAC,MAAM,KAAK,GAAG,IAAI,CAAC;IACxB,WAAW,EAAE;;;;;;;;;;;;;;0DAc2C;IACxD,WAAW,EAAE,CAAC,CAAC,MAAM,CAAC;QACpB,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,wBAAwB,CAAC;QACtD,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,0CAA0C,CAAC;KACpF,CAAC;IACF,sGAAsG;CACvG,CAAC,CAAA"}

package/dist/tools/task.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"task.d.ts","sourceRoot":"","sources":["../../src/tools/task.ts"],"names":[],"mappings":"AAUA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,iCAAiC,CAAA;AAEvE;;;2DAG2D;AAC3D,wBAAgB,wBAAwB,CAAC,QAAQ,EAAE,gBAAgB,GAAG,MAAM,CAoE3E;AAED;4DAC4D;AAC5D,wBAAgB,cAAc,CAAC,QAAQ,EAAE,gBAAgB;;;;UAcxD"}
+{"version":3,"file":"task.d.ts","sourceRoot":"","sources":["../../src/tools/task.ts"],"names":[],"mappings":"AAWA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,iCAAiC,CAAA;AAEvE;;;2DAG2D;AAC3D,wBAAgB,wBAAwB,CAAC,QAAQ,EAAE,gBAAgB,GAAG,MAAM,CAkE3E;AAED;4DAC4D;AAC5D,wBAAgB,cAAc,CAAC,QAAQ,EAAE,gBAAgB;;;;UAcxD"}

package/dist/tools/task.js

@@ -13,9 +13,7 @@ import { z } from 'zod';
  *  the model knows what subagent_type values are valid. */
 export function buildTaskToolDescription(registry) {
     const agents = registry.list();
-    const agentList = agents
-        .map((a) => `  - ${a.name}: ${a.description}`)
-        .join('\n');
+    const agentList = agents.map((a) => `  - ${a.name}: ${a.description}`).join('\n');
     return `Launch a sub-agent to handle a task in an isolated context. The sub-agent runs with its own message history and returns only its final conclusion — its intermediate tool calls never enter your context window, keeping the main conversation lean.
 
 Available sub-agents:
@@ -87,7 +85,9 @@ export function createTaskTool(registry) {
         inputSchema: z.object({
             description: z.string().describe('A short (3-5 words) description of the task'),
             subagent_type: z.string().describe(`Which sub-agent to use. Available: ${registry.names().join(', ')}`),
-            prompt: z.string().describe('The complete task instruction sent to the sub-agent. Be specific — the sub-agent has no prior context.'),
+            prompt: z
+                .string()
+                .describe('The complete task instruction sent to the sub-agent. Be specific — the sub-agent has no prior context.'),
         }),
         // No execute — handled manually in tool-execution.ts
     });

package/dist/tools/task.js.map

@@ -1 +1 @@
-{"version":3,"file":"task.js","sourceRoot":"","sources":["../../src/tools/task.ts"],"names":[],"mappings":"AAAA,oDAAoD;AACpD,EAAE;AACF,sEAAsE;AACtE,kEAAkE;AAClE,gEAAgE;AAChE,kEAAkE;AAClE,mBAAmB;AACnB,OAAO,EAAE,IAAI,EAAE,MAAM,IAAI,CAAA;AACzB,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAIvB;;;2DAG2D;AAC3D,MAAM,UAAU,wBAAwB,CAAC,QAA0B;IACjE,MAAM,MAAM,GAAG,QAAQ,CAAC,IAAI,EAAE,CAAA;IAC9B,MAAM,SAAS,GAAG,MAAM;SACrB,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,WAAW,EAAE,CAAC;SAC7C,IAAI,CAAC,IAAI,CAAC,CAAA;IAEb,OAAO;;;EAGP,SAAS;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;WA0DA,CAAA;AACX,CAAC;AAED;4DAC4D;AAC5D,MAAM,UAAU,cAAc,CAAC,QAA0B;IACvD,OAAO,IAAI,CAAC;QACV,WAAW,EAAE,wBAAwB,CAAC,QAAQ,CAAC;QAC/C,WAAW,EAAE,CAAC,CAAC,MAAM,CAAC;YACpB,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,6CAA6C,CAAC;YAC/E,aAAa,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAChC,sCAAsC,QAAQ,CAAC,KAAK,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CACpE;YACD,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CACzB,wGAAwG,CACzG;SACF,CAAC;QACF,qDAAqD;KACtD,CAAC,CAAA;AACJ,CAAC"}
+{"version":3,"file":"task.js","sourceRoot":"","sources":["../../src/tools/task.ts"],"names":[],"mappings":"AAAA,oDAAoD;AACpD,EAAE;AACF,sEAAsE;AACtE,kEAAkE;AAClE,gEAAgE;AAChE,kEAAkE;AAClE,mBAAmB;AACnB,OAAO,EAAE,IAAI,EAAE,MAAM,IAAI,CAAA;AAEzB,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAIvB;;;2DAG2D;AAC3D,MAAM,UAAU,wBAAwB,CAAC,QAA0B;IACjE,MAAM,MAAM,GAAG,QAAQ,CAAC,IAAI,EAAE,CAAA;IAC9B,MAAM,SAAS,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;IAEjF,OAAO;;;EAGP,SAAS;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;WA0DA,CAAA;AACX,CAAC;AAED;4DAC4D;AAC5D,MAAM,UAAU,cAAc,CAAC,QAA0B;IACvD,OAAO,IAAI,CAAC;QACV,WAAW,EAAE,wBAAwB,CAAC,QAAQ,CAAC;QAC/C,WAAW,EAAE,CAAC,CAAC,MAAM,CAAC;YACpB,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,6CAA6C,CAAC;YAC/E,aAAa,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,sCAAsC,QAAQ,CAAC,KAAK,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACvG,MAAM,EAAE,CAAC;iBACN,MAAM,EAAE;iBACR,QAAQ,CACP,wGAAwG,CACzG;SACJ,CAAC;QACF,qDAAqD;KACtD,CAAC,CAAA;AACJ,CAAC"}

package/dist/tools/todo-write.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"todo-write.d.ts","sourceRoot":"","sources":["../../src/tools/todo-write.ts"],"names":[],"mappings":"AAKA;;;;;;;;;;;;0CAY0C;AAC1C,eAAO,MAAM,SAAS;;;;;;SAqGpB,CAAA"}
+{"version":3,"file":"todo-write.d.ts","sourceRoot":"","sources":["../../src/tools/todo-write.ts"],"names":[],"mappings":"AAKA;;;;;;;;;;;;0CAY0C;AAC1C,eAAO,MAAM,SAAS;;;;;;SA2GpB,CAAA"}

package/dist/tools/todo-write.js.map

@@ -1 +1 @@
-{"version":3,"file":"todo-write.js","sourceRoot":"","sources":["../../src/tools/todo-write.ts"],"names":[],"mappings":"AAAA,kGAAkG;AAClG,OAAO,EAAE,IAAI,EAAE,MAAM,IAAI,CAAA;AAEzB,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAEvB;;;;;;;;;;;;0CAY0C;AAC1C,MAAM,CAAC,MAAM,SAAS,GAAG,IAAI,CAAC;IAC5B,WAAW,EAAE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;0DAqE2C;IACxD,8DAA8D;IAC9D,mEAAmE;IACnE,qEAAqE;IACrE,kEAAkE;IAClE,iEAAiE;IACjE,gEAAgE;IAChE,4DAA4D;IAC5D,iEAAiE;IACjE,oEAAoE;IACpE,oEAAoE;IACpE,6DAA6D;IAC7D,kEAAkE;IAClE,+BAA+B;IAC/B,WAAW,EAAE,CAAC,CAAC,MAAM,CAAC;QACpB,KAAK,EAAE,CAAC;aACL,KAAK,CACJ,CAAC,CAAC,MAAM,CAAC;YACP,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,gDAAgD,CAAC;YACzF,UAAU,EAAE,CAAC;iBACV,MAAM,EAAE;iBACR,QAAQ,EAAE;iBACV,QAAQ,CAAC,oGAAoG,CAAC;YACjH,MAAM,EAAE,CAAC;iBACN,IAAI,CAAC,CAAC,SAAS,EAAE,aAAa,EAAE,WAAW,CAAC,CAAC;iBAC7C,QAAQ,EAAE;iBACV,QAAQ,CAAC,wGAAwG,CAAC;SACtH,CAAC,CACH;aACA,QAAQ,CAAC,8GAA8G,CAAC;KAC5H,CAAC;CACH,CAAC,CAAA"}
+{"version":3,"file":"todo-write.js","sourceRoot":"","sources":["../../src/tools/todo-write.ts"],"names":[],"mappings":"AAAA,kGAAkG;AAClG,OAAO,EAAE,IAAI,EAAE,MAAM,IAAI,CAAA;AAEzB,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAEvB;;;;;;;;;;;;0CAY0C;AAC1C,MAAM,CAAC,MAAM,SAAS,GAAG,IAAI,CAAC;IAC5B,WAAW,EAAE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;0DAqE2C;IACxD,8DAA8D;IAC9D,mEAAmE;IACnE,qEAAqE;IACrE,kEAAkE;IAClE,iEAAiE;IACjE,gEAAgE;IAChE,4DAA4D;IAC5D,iEAAiE;IACjE,oEAAoE;IACpE,oEAAoE;IACpE,6DAA6D;IAC7D,kEAAkE;IAClE,+BAA+B;IAC/B,WAAW,EAAE,CAAC,CAAC,MAAM,CAAC;QACpB,KAAK,EAAE,CAAC;aACL,KAAK,CACJ,CAAC,CAAC,MAAM,CAAC;YACP,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,gDAAgD,CAAC;YACzF,UAAU,EAAE,CAAC;iBACV,MAAM,EAAE;iBACR,QAAQ,EAAE;iBACV,QAAQ,CACP,oGAAoG,CACrG;YACH,MAAM,EAAE,CAAC;iBACN,IAAI,CAAC,CAAC,SAAS,EAAE,aAAa,EAAE,WAAW,CAAC,CAAC;iBAC7C,QAAQ,EAAE;iBACV,QAAQ,CACP,wGAAwG,CACzG;SACJ,CAAC,CACH;aACA,QAAQ,CACP,8GAA8G,CAC/G;KACJ,CAAC;CACH,CAAC,CAAA"}

package/dist/tools/web-fetch.d.ts

@@ -1,3 +1,5 @@
+/** @internal Exported for testing only. */
+export declare function validateFetchUrl(url: string): string | null;
 export declare const webFetch: import("ai").Tool<{
     url: string;
     prompt?: string | undefined;

package/dist/tools/web-fetch.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"web-fetch.d.ts","sourceRoot":"","sources":["../../src/tools/web-fetch.ts"],"names":[],"mappings":"AAoFA,eAAO,MAAM,QAAQ;;;UAqEnB,CAAA"}
+{"version":3,"file":"web-fetch.d.ts","sourceRoot":"","sources":["../../src/tools/web-fetch.ts"],"names":[],"mappings":"AA6DA,2CAA2C;AAC3C,wBAAgB,gBAAgB,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAkB3D;AAyDD,eAAO,MAAM,QAAQ;;;UAyEnB,CAAA"}

package/dist/tools/web-fetch.js

@@ -4,6 +4,7 @@ import * as cheerio from 'cheerio';
 import TurndownService from 'turndown';
 import { tool } from 'ai';
 import { z } from 'zod';
+import { LruCache } from '../utils/lru-cache.js';
 import { formatToolError } from '../utils/tool-errors.js';
 import { reportProgress } from './progress.js';
 const FETCH_TIMEOUT_MS = 15_000;
@@ -13,9 +14,10 @@ const FETCH_TIMEOUT_MS = 15_000;
 // This is a per-call cap; the model can always fetch again with a narrower prompt.
 const MAX_CONTENT_CHARS = 100_000;
 // Raw HTML ceiling before turndown. 10 MB is comfortable for any real doc page;
-// enforced via content-length header (best-effort — chunked responses skip this,
-// in which case the 15 s fetch timeout bounds the download).
+// enforced both by content-length header AND by streaming body read (see
+// readResponseBody) so chunked responses are also bounded.
 const MAX_HTTP_BYTES = 10 * 1024 * 1024;
+const MAX_URL_LENGTH = 2000;
 const CACHE_TTL_MS = 15 * 60 * 1000;
 const CACHE_MAX_ENTRIES = 50;
 const BROWSER_UA = 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36';
@@ -23,28 +25,55 @@ const BROWSER_UA = 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36
 // while blocking browser impersonators that fail TLS-fingerprint checks.
 const FALLBACK_UA = 'x-code-cli/0.1 (+https://github.com/woai3c/x-code-cli)';
 const YEAR = new Date().getFullYear();
-const fetchCache = new Map();
-function cacheGet(url) {
-    const entry = fetchCache.get(url);
-    if (!entry)
-        return null;
-    if (Date.now() - entry.at > CACHE_TTL_MS) {
-        fetchCache.delete(url);
-        return null;
-    }
-    // LRU: re-insert to move this entry to the tail (most-recently-used)
-    fetchCache.delete(url);
-    fetchCache.set(url, entry);
-    return entry.markdown;
+// ── SSRF protection ──
+// Reject URLs targeting internal/private networks. Mirrors Claude Code's
+// validateURL: hostname must have ≥2 dot-separated segments (rejects
+// `localhost`, bare hostnames), no embedded credentials, no non-HTTP schemes,
+// and no IPs in private/link-local/loopback ranges.
+const PRIVATE_IP_PATTERNS = [
+    /^127\./, // loopback
+    /^10\./, // 10.0.0.0/8
+    /^172\.(1[6-9]|2\d|3[01])\./, // 172.16.0.0/12
+    /^192\.168\./, // 192.168.0.0/16
+    /^169\.254\./, // link-local (AWS/GCP metadata)
+    /^0\./, // 0.0.0.0/8
+    /^::1$/, // IPv6 loopback
+    /^fd[0-9a-f]{2}:/i, // IPv6 ULA
+    /^fe80:/i, // IPv6 link-local
+];
+function isPrivateHost(hostname) {
+    const lower = hostname.toLowerCase();
+    if (lower === 'localhost' || lower.endsWith('.local') || lower.endsWith('.internal'))
+        return true;
+    // IP-literal in URL — strip surrounding brackets for IPv6
+    const bare = lower.startsWith('[') ? lower.slice(1, -1) : lower;
+    return PRIVATE_IP_PATTERNS.some((re) => re.test(bare));
 }
-function cacheSet(url, markdown) {
-    if (fetchCache.size >= CACHE_MAX_ENTRIES) {
-        const oldest = fetchCache.keys().next().value;
-        if (oldest !== undefined)
-            fetchCache.delete(oldest);
+/** @internal Exported for testing only. */
+export function validateFetchUrl(url) {
+    if (url.length > MAX_URL_LENGTH)
+        return `URL exceeds ${MAX_URL_LENGTH} character limit`;
+    let parsed;
+    try {
+        parsed = new URL(url);
+    }
+    catch {
+        return 'Invalid URL';
+    }
+    if (parsed.protocol !== 'http:' && parsed.protocol !== 'https:') {
+        return `Unsupported protocol: ${parsed.protocol} (only http/https allowed)`;
+    }
+    if (parsed.username || parsed.password)
+        return 'URLs with embedded credentials are not allowed';
+    const parts = parsed.hostname.split('.');
+    if (parts.length < 2)
+        return `Hostname "${parsed.hostname}" is not a public domain (must have at least two segments)`;
+    if (isPrivateHost(parsed.hostname)) {
+        return `Fetching private/internal address "${parsed.hostname}" is blocked for security`;
     }
-    fetchCache.set(url, { markdown, at: Date.now() });
+    return null;
 }
+const fetchCache = new LruCache({ maxEntries: CACHE_MAX_ENTRIES, ttlMs: CACHE_TTL_MS });
 const turndown = new TurndownService({
     headingStyle: 'atx',
     codeBlockStyle: 'fenced',
@@ -56,9 +85,41 @@ async function doFetch(url, userAgent) {
             Accept: 'text/html,application/xhtml+xml,application/xml;q=0.9,text/plain;q=0.8,*/*;q=0.5',
             'Accept-Language': 'en-US,en;q=0.9',
         },
+        redirect: 'follow',
         signal: AbortSignal.timeout(FETCH_TIMEOUT_MS),
     });
 }
+/** Stream-read response body with a hard byte cap. Prevents OOM on chunked
+ *  responses where content-length is absent or lying. */
+async function readResponseBody(response, maxBytes) {
+    const reader = response.body?.getReader();
+    if (!reader)
+        return response.text();
+    const chunks = [];
+    let totalBytes = 0;
+    while (true) {
+        const { done, value } = await reader.read();
+        if (done)
+            break;
+        totalBytes += value.byteLength;
+        if (totalBytes > maxBytes) {
+            await reader.cancel();
+            break;
+        }
+        chunks.push(value);
+    }
+    const merged = new Uint8Array(Math.min(totalBytes, maxBytes));
+    let offset = 0;
+    for (const chunk of chunks) {
+        const remaining = merged.byteLength - offset;
+        if (remaining <= 0)
+            break;
+        const slice = chunk.byteLength > remaining ? chunk.subarray(0, remaining) : chunk;
+        merged.set(slice, offset);
+        offset += slice.byteLength;
+    }
+    return new TextDecoder().decode(merged);
+}
 function formatOutput(url, markdown, prompt) {
     if (prompt) {
         return `# Content from ${url}\n\n${markdown}\n\n---\nExtract instruction: ${prompt}`;
@@ -77,7 +138,10 @@ export const webFetch = tool({
     }),
     execute: async ({ url, prompt }, { toolCallId }) => {
         try {
-            const cached = cacheGet(url);
+            const urlError = validateFetchUrl(url);
+            if (urlError)
+                return `Error: ${urlError}`;
+            const cached = fetchCache.get(url);
             if (cached) {
                 reportProgress(toolCallId, 'Using cached copy');
                 return formatOutput(url, cached, prompt);
@@ -93,18 +157,19 @@ export const webFetch = tool({
             if (!response.ok) {
                 return `Error: HTTP ${response.status} ${response.statusText}`;
             }
-            // Best-effort size guard: content-length is optional under chunked encoding,
-            // so we also rely on fetch's 15s timeout to bound pathological pages.
+            // Reject upfront when content-length exceeds the cap.
             const contentLength = Number(response.headers.get('content-length') ?? '0');
             if (contentLength > MAX_HTTP_BYTES) {
                 const mb = Math.round(contentLength / 1024 / 1024);
                 return `Error: Content too large (${mb} MB, limit ${MAX_HTTP_BYTES / 1024 / 1024} MB)`;
             }
             const contentType = response.headers.get('content-type') ?? '';
-            const body = await response.text();
+            // Stream-read with hard byte cap — prevents OOM on chunked responses
+            // where content-length is absent or lies.
+            const body = await readResponseBody(response, MAX_HTTP_BYTES);
             if (contentType.includes('application/json')) {
                 const json = body.slice(0, MAX_CONTENT_CHARS);
-                cacheSet(url, json);
+                fetchCache.set(url, json);
                 return formatOutput(url, json, prompt);
             }
             const $ = cheerio.load(body);
@@ -117,7 +182,7 @@ export const webFetch = tool({
             if (markdown.length > MAX_CONTENT_CHARS) {
                 markdown = markdown.slice(0, MAX_CONTENT_CHARS) + '\n\n... [content truncated]';
             }
-            cacheSet(url, markdown);
+            fetchCache.set(url, markdown);
             return formatOutput(url, markdown, prompt);
         }
         catch (err) {