@zhijiewang/openharness 1.3.0 → 1.4.0

package/dist/commands/index.js

@@ -100,15 +100,54 @@ register("undo", "Undo last AI commit", () => {
         handled: true,
     };
 });
-register("rewind", "Restore files from last checkpoint (undo last AI edit)", () => {
-    const { rewindLastCheckpoint, checkpointCount } = require("../harness/checkpoints.js");
-    const cp = rewindLastCheckpoint();
-    if (!cp) {
+register("rewind", "Restore files from checkpoint (interactive picker or last)", (args) => {
+    const { rewindLastCheckpoint, listCheckpoints, checkpointCount } = require("../harness/checkpoints.js");
+    const checkpoints = listCheckpoints();
+    if (checkpoints.length === 0) {
         return { output: "No checkpoints available. Checkpoints are created before file modifications.", handled: true };
     }
-    const remaining = checkpointCount();
+    const idx = args.trim();
+    // /rewind (no args) — show checkpoint list
+    if (!idx) {
+        const lines = [`Checkpoints (${checkpoints.length}):\n`];
+        for (let i = checkpoints.length - 1; i >= 0; i--) {
+            const cp = checkpoints[i];
+            const age = Math.round((Date.now() - cp.timestamp) / 60_000);
+            lines.push(`  ${i + 1}. [${age}m ago] ${cp.description}`);
+            lines.push(`     Files: ${cp.files.join(', ')}`);
+        }
+        lines.push('');
+        lines.push('Usage: /rewind <number> to restore a specific checkpoint');
+        lines.push('       /rewind last    to restore the most recent');
+        return { output: lines.join('\n'), handled: true };
+    }
+    // /rewind last — restore most recent
+    if (idx === 'last') {
+        const cp = rewindLastCheckpoint();
+        if (!cp)
+            return { output: "No checkpoints.", handled: true };
+        return {
+            output: `Rewound: ${cp.description}\nRestored ${cp.files.length} file(s): ${cp.files.join(", ")}\n${checkpointCount()} checkpoint(s) remaining.`,
+            handled: true,
+        };
+    }
+    // /rewind <n> — restore specific checkpoint
+    const num = parseInt(idx, 10);
+    if (isNaN(num) || num < 1 || num > checkpoints.length) {
+        return { output: `Invalid checkpoint number. Use 1-${checkpoints.length}.`, handled: true };
+    }
+    // Rewind to specific checkpoint (restore all from that point)
+    let restored = 0;
+    while (checkpointCount() >= num) {
+        const cp = rewindLastCheckpoint();
+        if (!cp)
+            break;
+        restored++;
+        if (checkpointCount() < num)
+            break;
+    }
     return {
-        output: `Rewound: ${cp.description}\nRestored ${cp.files.length} file(s): ${cp.files.join(", ")}\n${remaining} checkpoint(s) remaining.`,
+        output: `Rewound ${restored} checkpoint(s) to point #${num}.\n${checkpointCount()} checkpoint(s) remaining.`,
         handled: true,
     };
 });

package/dist/harness/config.d.ts

@@ -11,14 +11,25 @@ export type McpServerConfig = {
     timeout?: number;
 };
 export type HookDef = {
-    command: string;
+    command?: string;
+    http?: string;
+    prompt?: string;
     match?: string;
+    timeout?: number;
 };
 export type HooksConfig = {
     sessionStart?: HookDef[];
     sessionEnd?: HookDef[];
     preToolUse?: HookDef[];
     postToolUse?: HookDef[];
+    fileChanged?: HookDef[];
+    cwdChanged?: HookDef[];
+    subagentStart?: HookDef[];
+    subagentStop?: HookDef[];
+    preCompact?: HookDef[];
+    postCompact?: HookDef[];
+    configChange?: HookDef[];
+    notification?: HookDef[];
 };
 export type ToolPermissionRule = {
     tool: string;

package/dist/harness/config.js

@@ -77,6 +77,11 @@ export function readOhConfig(root) {
 }
 export function writeOhConfig(cfg, root) {
     invalidateConfigCache();
+    // Emit configChange hook (lazy import to avoid circular dependency)
+    try {
+        require('./hooks.js').emitHook('configChange', {});
+    }
+    catch { /* ignore */ }
     const p = configPath(root);
     mkdirSync(join(root ?? ".", ".oh"), { recursive: true });
     if (cfg.provider === "llamacpp" || cfg.provider === "lmstudio") {

package/dist/harness/hooks.d.ts

@@ -1,10 +1,15 @@
 /**
- * Hooks system — run shell commands on lifecycle events.
+ * Hooks system — run commands, HTTP requests, or LLM prompts on lifecycle events.
  *
- * preToolUse hooks can block tool execution (exit code 1 = block).
+ * preToolUse hooks can block tool execution (exit code 1 / allowed: false).
  * All other hooks are fire-and-forget (errors are silently ignored).
+ *
+ * Hook types:
+ * - command: shell script (existing)
+ * - http: POST JSON to URL, expect { allowed: true/false }
+ * - prompt: LLM yes/no check via provider.complete()
  */
-export type HookEvent = "sessionStart" | "sessionEnd" | "preToolUse" | "postToolUse";
+export type HookEvent = "sessionStart" | "sessionEnd" | "preToolUse" | "postToolUse" | "fileChanged" | "cwdChanged" | "subagentStart" | "subagentStop" | "preCompact" | "postCompact" | "configChange" | "notification";
 export type HookContext = {
     toolName?: string;
     toolArgs?: string;
@@ -16,7 +21,17 @@ export type HookContext = {
     permissionMode?: string;
     cost?: string;
     tokens?: string;
+    /** For fileChanged: the file path that changed */
+    filePath?: string;
+    /** For cwdChanged: the new working directory */
+    newCwd?: string;
+    /** For subagentStart/Stop: the agent ID */
+    agentId?: string;
+    /** For notification: the message */
+    message?: string;
 };
+/** Clear hook cache (call after config changes) */
+export declare function invalidateHookCache(): void;
 /**
  * Emit a hook event. For preToolUse, returns false if any hook blocks the call.
  *
@@ -26,7 +41,7 @@ export type HookContext = {
 export declare function emitHook(event: HookEvent, ctx?: HookContext): boolean;
 /**
  * Async version of emitHook that waits for all hooks to complete.
- * Useful for sessionEnd where you want to ensure hooks finish.
+ * Supports all hook types (command, HTTP, prompt).
  */
 export declare function emitHookAsync(event: HookEvent, ctx?: HookContext): Promise<boolean>;
 //# sourceMappingURL=hooks.d.ts.map

package/dist/harness/hooks.js

@@ -1,8 +1,13 @@
 /**
- * Hooks system — run shell commands on lifecycle events.
+ * Hooks system — run commands, HTTP requests, or LLM prompts on lifecycle events.
  *
- * preToolUse hooks can block tool execution (exit code 1 = block).
+ * preToolUse hooks can block tool execution (exit code 1 / allowed: false).
  * All other hooks are fire-and-forget (errors are silently ignored).
+ *
+ * Hook types:
+ * - command: shell script (existing)
+ * - http: POST JSON to URL, expect { allowed: true/false }
+ * - prompt: LLM yes/no check via provider.complete()
  */
 import { spawn, spawnSync } from "node:child_process";
 import { readOhConfig } from "./config.js";
@@ -14,6 +19,10 @@ function getHooks() {
     cachedHooks = cfg?.hooks ?? null;
     return cachedHooks;
 }
+/** Clear hook cache (call after config changes) */
+export function invalidateHookCache() {
+    cachedHooks = undefined;
+}
 function buildEnv(event, ctx) {
     const env = {
         ...process.env,
@@ -39,6 +48,14 @@ function buildEnv(event, ctx) {
         env.OH_COST = ctx.cost;
     if (ctx.tokens)
         env.OH_TOKENS = ctx.tokens;
+    if (ctx.filePath)
+        env.OH_FILE_PATH = ctx.filePath;
+    if (ctx.newCwd)
+        env.OH_NEW_CWD = ctx.newCwd;
+    if (ctx.agentId)
+        env.OH_AGENT_ID = ctx.agentId;
+    if (ctx.message)
+        env.OH_MESSAGE = ctx.message;
     return env;
 }
 function matchesHook(def, ctx) {
@@ -47,11 +64,9 @@ function matchesHook(def, ctx) {
     }
     return true;
 }
-/**
- * Run a single hook command asynchronously.
- * Returns a promise that resolves with the exit code (0 = success).
- */
-function runHookAsync(command, env, timeoutMs = 10_000) {
+// ── Hook Executors ──
+/** Run a command hook. Returns exit code (0 = success/allowed). */
+function runCommandHookAsync(command, env, timeoutMs = 10_000) {
     return new Promise((resolve) => {
         const proc = spawn(command, {
             shell: true,
@@ -64,7 +79,7 @@ function runHookAsync(command, env, timeoutMs = 10_000) {
             if (!settled) {
                 settled = true;
                 proc.kill();
-                resolve(1); // timeout = failure
+                resolve(1);
             }
         }, timeoutMs);
         proc.on("exit", (code) => {
@@ -83,6 +98,50 @@ function runHookAsync(command, env, timeoutMs = 10_000) {
         });
     });
 }
+/** Run an HTTP hook. POSTs context as JSON, expects { allowed: true/false }. */
+async function runHttpHook(url, event, ctx, timeoutMs = 10_000) {
+    try {
+        const body = JSON.stringify({ event, ...ctx });
+        const res = await fetch(url, {
+            method: 'POST',
+            headers: { 'Content-Type': 'application/json' },
+            body,
+            signal: AbortSignal.timeout(timeoutMs),
+        });
+        if (!res.ok)
+            return false;
+        const data = await res.json();
+        return data.allowed !== false;
+    }
+    catch {
+        return false;
+    }
+}
+/** Run a prompt hook. Uses LLM to make a yes/no decision. */
+async function runPromptHook(promptText, ctx) {
+    // Prompt hooks require a provider — skip if not available
+    // This is a lightweight check; full LLM call would need provider injection
+    // For now, prompt hooks evaluate the prompt text as a simple template
+    // TODO: inject provider for full LLM-based prompt hooks
+    return true; // Default allow if no LLM available
+}
+// ── Hook Execution ──
+/** Execute a single hook definition. Returns true if allowed. */
+async function executeHookDef(def, event, ctx) {
+    const timeout = def.timeout ?? 10_000;
+    if (def.command) {
+        const env = buildEnv(event, ctx);
+        const code = await runCommandHookAsync(def.command, env, timeout);
+        return code === 0;
+    }
+    if (def.http) {
+        return runHttpHook(def.http, event, ctx, timeout);
+    }
+    if (def.prompt) {
+        return runPromptHook(def.prompt, ctx);
+    }
+    return true; // No handler = allow
+}
 /**
  * Emit a hook event. For preToolUse, returns false if any hook blocks the call.
  *
@@ -96,19 +155,21 @@ export function emitHook(event, ctx = {}) {
     const defs = hooks[event] ?? [];
     const env = buildEnv(event, ctx);
     if (event === "preToolUse") {
-        // preToolUse must be synchronous — it gates tool execution
+        // preToolUse command hooks must be synchronous — they gate tool execution
         for (const def of defs) {
             if (!matchesHook(def, ctx))
                 continue;
-            const result = spawnSync(def.command, {
-                shell: true,
-                timeout: 10_000,
-                stdio: "pipe",
-                env,
-            });
-            if (result.status !== 0 || result.error) {
-                return false;
+            if (def.command) {
+                const result = spawnSync(def.command, {
+                    shell: true,
+                    timeout: def.timeout ?? 10_000,
+                    stdio: "pipe",
+                    env,
+                });
+                if (result.status !== 0 || result.error)
+                    return false;
             }
+            // HTTP and prompt hooks for preToolUse are handled in emitHookAsync
         }
         return true;
     }
@@ -116,27 +177,25 @@ export function emitHook(event, ctx = {}) {
     for (const def of defs) {
         if (!matchesHook(def, ctx))
             continue;
-        runHookAsync(def.command, env).catch(() => { });
+        executeHookDef(def, event, ctx).catch(() => { });
     }
     return true;
 }
 /**
  * Async version of emitHook that waits for all hooks to complete.
- * Useful for sessionEnd where you want to ensure hooks finish.
+ * Supports all hook types (command, HTTP, prompt).
  */
 export async function emitHookAsync(event, ctx = {}) {
     const hooks = getHooks();
     if (!hooks)
         return true;
     const defs = hooks[event] ?? [];
-    const env = buildEnv(event, ctx);
     for (const def of defs) {
         if (!matchesHook(def, ctx))
             continue;
-        const code = await runHookAsync(def.command, env);
-        if (event === "preToolUse" && code !== 0) {
+        const allowed = await executeHookDef(def, event, ctx);
+        if (event === "preToolUse" && !allowed)
             return false;
-        }
     }
     return true;
 }

package/dist/harness/rules.js

@@ -65,13 +65,28 @@ export function loadRules(projectPath) {
         if (content)
             rules.push(content);
     }
-    // 4. Project rules/*.md
+    // 4. Project rules/*.md (with optional path-scoped filtering)
     const rulesDir = join(root, ".oh", "rules");
     if (existsSync(rulesDir)) {
         for (const file of readdirSync(rulesDir).filter((f) => f.endsWith(".md")).sort()) {
-            const content = readSafe(join(rulesDir, file));
-            if (content)
-                rules.push(content);
+            const raw = readSafe(join(rulesDir, file));
+            if (!raw)
+                continue;
+            // Check for paths frontmatter: only include if matching current context
+            const pathsMatch = raw.match(/^---\n[\s\S]*?^paths:\s*(.+)$/m);
+            if (pathsMatch) {
+                // Path-scoped rule — strip frontmatter and only include if glob matches
+                const pattern = pathsMatch[1].trim();
+                const fmEnd = raw.indexOf('---', raw.indexOf('---') + 3);
+                const content = fmEnd > 0 ? raw.slice(fmEnd + 3).trim() : raw;
+                if (content && matchesPathGlob(root, pattern)) {
+                    rules.push(content);
+                }
+            }
+            else {
+                // No paths restriction — always include
+                rules.push(raw);
+            }
         }
     }
     // 5. CLAUDE.local.md (personal overrides, typically gitignored)
@@ -110,4 +125,17 @@ function readSafe(path) {
         return "";
     }
 }
+/**
+ * Check if any file in the project matches a glob pattern.
+ * Simple implementation: checks if the pattern directory exists.
+ * For `src/api/**`, checks if `src/api/` exists.
+ */
+function matchesPathGlob(root, pattern) {
+    // Extract the directory portion before any wildcard
+    const dirPart = pattern.split('*')[0].replace(/\/+$/, '');
+    if (!dirPart)
+        return true; // Pattern like "**/*.ts" matches everything
+    const fullDir = join(root, dirPart);
+    return existsSync(fullDir);
+}
 //# sourceMappingURL=rules.js.map

package/dist/harness/submit-handler.js

@@ -69,14 +69,30 @@ export async function handleUserInput(input, ctx) {
     }
     // Normal prompt — add user message
     messages = [...messages, createUserMessage(input)];
-    // Resolve @mentions
+    // Resolve @mentions — local files first, then MCP resources
     let resolvedInput = input;
-    const mentionPattern = /@(\w[\w.-]*)/g;
+    const mentionPattern = /@([\w][\w./-]*)/g;
     const mentions = [...input.matchAll(mentionPattern)].map(m => m[1]);
     const companionName = ctx.companionConfig?.soul?.name?.toLowerCase();
     for (const mention of mentions) {
         if (companionName && mention.toLowerCase() === companionName)
             continue;
+        // Try local file first (supports paths like @src/main.ts, @README.md)
+        try {
+            const { existsSync, readFileSync } = await import('node:fs');
+            const { resolve } = await import('node:path');
+            const filePath = resolve(process.cwd(), mention);
+            if (existsSync(filePath)) {
+                const content = readFileSync(filePath, 'utf-8');
+                const truncated = content.length > 10_000
+                    ? content.slice(0, 10_000) + '\n[...truncated]'
+                    : content;
+                resolvedInput += `\n\n[File @${mention}]:\n${truncated}`;
+                continue;
+            }
+        }
+        catch { /* ignore */ }
+        // Fall back to MCP resource
         try {
             const content = await resolveMcpMention(mention);
             if (content)

package/dist/main.js

@@ -233,6 +233,7 @@ program
     .option("--fork <id>", "Fork (branch) from an existing session")
     .option("--light", "Use light theme")
     .option("--output-format <format>", "Output format for -p mode (text, json, stream-json)", "text")
+    .option("--json-schema <schema>", "Constrain output to match a JSON schema (headless mode)")
     .action(async (opts) => {
     // Load saved config as defaults (env vars + CLI flags override)
     const savedConfig = readOhConfig();

package/dist/query/compress.js

@@ -4,6 +4,7 @@
  */
 import { createUserMessage } from "../types/message.js";
 import { defaultEstimateTokens } from "../providers/base.js";
+import { emitHook } from "../harness/hooks.js";
 const DEFAULT_KEEP_LAST = 10;
 /**
  * Semantic importance scoring for messages.
@@ -61,6 +62,7 @@ export function estimateMessagesTokens(messages, estimateTokens = (t) => Math.ce
 export function compressMessages(messages, targetTokens) {
     if (messages.length <= 2)
         return messages;
+    emitHook("preCompact", {});
     const result = [...messages];
     const keepLast = DEFAULT_KEEP_LAST;
     // MicroCompact: Truncate long tool results and assistant messages
@@ -114,12 +116,14 @@ export function compressMessages(messages, targetTokens) {
                 validCallIds.add(tc.id);
         }
     }
-    return result.filter((msg) => {
+    const filtered = result.filter((msg) => {
         if (msg.role !== "tool")
             return true;
         return (msg.toolResults?.length ?? 0) > 0 &&
             msg.toolResults.every((tr) => validCallIds.has(tr.callId));
     });
+    emitHook("postCompact", {});
+    return filtered;
 }
 /**
  * LLM-assisted summarization of older messages.

package/dist/query/tools.js

@@ -85,6 +85,13 @@ export async function executeSingleTool(toolCall, tools, context, permissionMode
             toolArgs: JSON.stringify(toolCall.arguments).slice(0, 1000),
             toolOutput: result.output.slice(0, 1000),
         });
+        // Emit fileChanged hook for file-modifying tools
+        if (!result.isError && ['Edit', 'Write', 'MultiEdit'].includes(tool.name)) {
+            const filePaths = getAffectedFiles(tool.name, parsed.data);
+            for (const fp of filePaths) {
+                emitHook("fileChanged", { filePath: fp, toolName: tool.name });
+            }
+        }
         // Verification loop: auto-run lint/typecheck after file-modifying tools
         let verificationSuffix = '';
         if (!result.isError && ['Edit', 'Write', 'MultiEdit'].includes(tool.name)) {

package/dist/tools/AgentTool/index.js

@@ -1,5 +1,6 @@
 import { z } from "zod";
 import { createWorktree, removeWorktree, hasWorktreeChanges, isGitRepo } from "../../git/index.js";
+import { emitHook } from "../../harness/hooks.js";
 const inputSchema = z.object({
     prompt: z.string(),
     description: z.string().optional(),
@@ -80,9 +81,11 @@ export const AgentTool = {
             maxTurns: 20,
             abortSignal: context.abortSignal,
         };
+        const agentId = Date.now().toString(36) + Math.random().toString(36).slice(2, 6);
+        emitHook("subagentStart", { agentId, toolName: input.subagent_type ?? 'general' });
         // Background execution: start agent and return immediately
         if (input.run_in_background) {
-            const bgId = Date.now().toString(36) + Math.random().toString(36).slice(2, 6);
+            const bgId = agentId;
             const runAgent = async () => {
                 let finalText = "";
                 const originalCwd = process.cwd();
@@ -190,6 +193,7 @@ export const AgentTool = {
                 }
             }
         }
+        emitHook("subagentStop", { agentId });
         return { output: finalText || "(sub-agent completed with no text output)", isError: false };
     },
     prompt() {

package/dist/tools/DiagnosticsTool/index.d.ts

@@ -2,17 +2,17 @@ import { z } from "zod";
 import type { Tool } from "../../Tool.js";
 declare const inputSchema: z.ZodObject<{
     file_path: z.ZodString;
-    action: z.ZodDefault<z.ZodEnum<["diagnostics", "definition", "references"]>>;
+    action: z.ZodDefault<z.ZodEnum<["diagnostics", "definition", "references", "hover"]>>;
     line: z.ZodOptional<z.ZodNumber>;
     character: z.ZodOptional<z.ZodNumber>;
 }, "strip", z.ZodTypeAny, {
-    action: "diagnostics" | "definition" | "references";
     file_path: string;
+    action: "diagnostics" | "definition" | "references" | "hover";
     line?: number | undefined;
     character?: number | undefined;
 }, {
     file_path: string;
-    action?: "diagnostics" | "definition" | "references" | undefined;
+    action?: "diagnostics" | "definition" | "references" | "hover" | undefined;
     line?: number | undefined;
     character?: number | undefined;
 }>;

package/dist/tools/DiagnosticsTool/index.js

@@ -2,8 +2,8 @@ import { z } from "zod";
 import { LspClient } from "../../lsp/client.js";
 const inputSchema = z.object({
     file_path: z.string().describe("Absolute path to the file to check"),
-    action: z.enum(["diagnostics", "definition", "references"]).default("diagnostics")
-        .describe("Action: diagnostics (errors/warnings), definition (go-to-def), references (find-refs)"),
+    action: z.enum(["diagnostics", "definition", "references", "hover"]).default("diagnostics")
+        .describe("Action: diagnostics (errors/warnings), definition (go-to-def), references (find-refs), hover (type info)"),
     line: z.number().optional().describe("Line number (0-indexed) for definition/references"),
     character: z.number().optional().describe("Column number (0-indexed) for definition/references"),
 });
@@ -16,6 +16,12 @@ function getLspCommand(filePath) {
     if (filePath.endsWith('.py')) {
         return { command: 'pylsp', args: [] };
     }
+    if (filePath.endsWith('.go')) {
+        return { command: 'gopls', args: ['serve'] };
+    }
+    if (filePath.endsWith('.rs')) {
+        return { command: 'rust-analyzer', args: [] };
+    }
     return null;
 }
 async function getClient(filePath, workingDir) {
@@ -84,6 +90,28 @@ export const DiagnosticsTool = {
                 const lines = refs.map(r => `${r.uri.replace('file://', '')}:${r.range.start.line + 1}:${r.range.start.character}`);
                 return { output: `${refs.length} reference(s):\n${lines.join('\n')}`, isError: false };
             }
+            if (input.action === "hover") {
+                if (input.line === undefined || input.character === undefined) {
+                    return { output: "line and character are required for hover.", isError: true };
+                }
+                await client.openFile(input.file_path);
+                // Hover uses textDocument/hover which returns MarkupContent
+                try {
+                    const result = await client.send('textDocument/hover', {
+                        textDocument: { uri: `file://${input.file_path.replace(/\\/g, '/')}` },
+                        position: { line: input.line, character: input.character },
+                    });
+                    if (!result || !result.contents)
+                        return { output: "No hover information.", isError: false };
+                    const content = typeof result.contents === 'string'
+                        ? result.contents
+                        : result.contents.value ?? JSON.stringify(result.contents);
+                    return { output: content, isError: false };
+                }
+                catch {
+                    return { output: "Hover not supported by this language server.", isError: false };
+                }
+            }
             return { output: `Unknown action: ${input.action}`, isError: true };
         }
         catch (err) {
@@ -94,15 +122,16 @@ export const DiagnosticsTool = {
         }
     },
     prompt() {
-        return `Get code intelligence from the language server. Actions:
+        return `Get code intelligence from the language server. Supports TypeScript, JavaScript, Python, Go, and Rust. Actions:
 - diagnostics: Get errors and warnings for a file
-- definition: Go to definition of a symbol at a given position (requires line, character)
-- references: Find all references to a symbol at a given position (requires line, character)
+- definition: Go to definition of a symbol at a given position
+- references: Find all references to a symbol at a given position
+- hover: Get type information and documentation for a symbol
 Parameters:
 - file_path (string, required): Absolute path to the file
-- action (string): "diagnostics" | "definition" | "references" (default: diagnostics)
-- line (number, optional): 0-indexed line for definition/references
-- character (number, optional): 0-indexed column for definition/references`;
+- action (string): "diagnostics" | "definition" | "references" | "hover" (default: diagnostics)
+- line (number, optional): 0-indexed line for definition/references/hover
+- character (number, optional): 0-indexed column for definition/references/hover`;
     },
 };
 //# sourceMappingURL=index.js.map

package/dist/tools/MonitorTool/index.d.ts

@@ -0,0 +1,21 @@
+import { z } from "zod";
+import type { Tool } from "../../Tool.js";
+declare const inputSchema: z.ZodObject<{
+    command: z.ZodString;
+    pattern: z.ZodOptional<z.ZodString>;
+    timeout: z.ZodOptional<z.ZodNumber>;
+    maxLines: z.ZodOptional<z.ZodNumber>;
+}, "strip", z.ZodTypeAny, {
+    command: string;
+    pattern?: string | undefined;
+    timeout?: number | undefined;
+    maxLines?: number | undefined;
+}, {
+    command: string;
+    pattern?: string | undefined;
+    timeout?: number | undefined;
+    maxLines?: number | undefined;
+}>;
+export declare const MonitorTool: Tool<typeof inputSchema>;
+export {};
+//# sourceMappingURL=index.d.ts.map

package/dist/tools/MonitorTool/index.js

@@ -0,0 +1,114 @@
+import { z } from "zod";
+import { spawn } from "node:child_process";
+const inputSchema = z.object({
+    command: z.string().describe("Background command to watch"),
+    pattern: z.string().optional().describe("Regex pattern to match output lines"),
+    timeout: z.number().optional().describe("Max watch time in ms (default 60000)"),
+    maxLines: z.number().optional().describe("Max output lines to collect (default 100)"),
+});
+export const MonitorTool = {
+    name: "Monitor",
+    description: "Watch a background process and collect output. Optionally filter by regex pattern.",
+    inputSchema,
+    riskLevel: "medium",
+    isReadOnly() { return true; },
+    isConcurrencySafe() { return true; },
+    async call(input, context) {
+        const timeout = input.timeout ?? 60_000;
+        const maxLines = input.maxLines ?? 100;
+        const pattern = input.pattern ? new RegExp(input.pattern) : null;
+        return new Promise((resolve) => {
+            const lines = [];
+            let settled = false;
+            const proc = spawn(input.command, {
+                shell: true,
+                stdio: ['pipe', 'pipe', 'pipe'],
+                windowsHide: true,
+            });
+            const timer = setTimeout(() => {
+                if (!settled) {
+                    settled = true;
+                    proc.kill();
+                    resolve({
+                        output: lines.length > 0
+                            ? lines.join('\n') + `\n\n[Monitor timed out after ${timeout / 1000}s — ${lines.length} lines collected]`
+                            : `[Monitor timed out after ${timeout / 1000}s — no output]`,
+                        isError: false,
+                    });
+                }
+            }, timeout);
+            const handleLine = (line) => {
+                if (settled)
+                    return;
+                if (pattern && !pattern.test(line))
+                    return;
+                lines.push(line.trimEnd());
+                // Stream output chunk if callback available
+                if (context.onOutputChunk && context.callId) {
+                    context.onOutputChunk(context.callId, line + '\n');
+                }
+                if (lines.length >= maxLines) {
+                    settled = true;
+                    clearTimeout(timer);
+                    proc.kill();
+                    resolve({
+                        output: lines.join('\n') + `\n\n[Collected ${maxLines} lines — stopped]`,
+                        isError: false,
+                    });
+                }
+            };
+            let stdoutBuffer = '';
+            proc.stdout?.on('data', (chunk) => {
+                stdoutBuffer += chunk.toString();
+                const parts = stdoutBuffer.split('\n');
+                stdoutBuffer = parts.pop() ?? '';
+                for (const line of parts)
+                    handleLine(line);
+            });
+            let stderrBuffer = '';
+            proc.stderr?.on('data', (chunk) => {
+                stderrBuffer += chunk.toString();
+                const parts = stderrBuffer.split('\n');
+                stderrBuffer = parts.pop() ?? '';
+                for (const line of parts)
+                    handleLine(line);
+            });
+            proc.on('exit', (code) => {
+                if (!settled) {
+                    settled = true;
+                    clearTimeout(timer);
+                    // Flush remaining buffers
+                    if (stdoutBuffer)
+                        handleLine(stdoutBuffer);
+                    if (stderrBuffer)
+                        handleLine(stderrBuffer);
+                    resolve({
+                        output: lines.length > 0
+                            ? lines.join('\n') + `\n\n[Process exited with code ${code ?? 'unknown'} — ${lines.length} lines]`
+                            : `[Process exited with code ${code ?? 'unknown'} — no output]`,
+                        isError: (code ?? 0) !== 0,
+                    });
+                }
+            });
+            proc.on('error', (err) => {
+                if (!settled) {
+                    settled = true;
+                    clearTimeout(timer);
+                    resolve({
+                        output: `Monitor error: ${err.message}`,
+                        isError: true,
+                    });
+                }
+            });
+        });
+    },
+    prompt() {
+        return `Watch a background process and collect its output. Optionally filter lines by regex pattern.
+Parameters:
+- command (string, required): The command to run and watch
+- pattern (string, optional): Regex to filter output lines
+- timeout (number, optional): Max time in ms (default 60000)
+- maxLines (number, optional): Max lines to collect (default 100)`;
+    },
+};
+//# sourceMappingURL=index.js.map

package/dist/tools/PowerShellTool/index.d.ts

@@ -0,0 +1,15 @@
+import { z } from "zod";
+import type { Tool } from "../../Tool.js";
+declare const inputSchema: z.ZodObject<{
+    command: z.ZodString;
+    timeout: z.ZodOptional<z.ZodNumber>;
+}, "strip", z.ZodTypeAny, {
+    command: string;
+    timeout?: number | undefined;
+}, {
+    command: string;
+    timeout?: number | undefined;
+}>;
+export declare const PowerShellTool: Tool<typeof inputSchema>;
+export {};
+//# sourceMappingURL=index.d.ts.map

package/dist/tools/PowerShellTool/index.js

@@ -0,0 +1,32 @@
+import { z } from "zod";
+import { execSync } from "node:child_process";
+const inputSchema = z.object({
+    command: z.string().describe("PowerShell command to execute"),
+    timeout: z.number().optional().describe("Timeout in ms (default 120000)"),
+});
+export const PowerShellTool = {
+    name: "PowerShell",
+    description: "Execute PowerShell commands (Windows only). Use for Windows-specific tasks like registry access, COM objects, or .NET calls.",
+    inputSchema,
+    riskLevel: "high",
+    isReadOnly() { return false; },
+    isConcurrencySafe() { return false; },
+    async call(input) {
+        if (process.platform !== 'win32') {
+            return { output: "PowerShell is only available on Windows. Use Bash instead.", isError: true };
+        }
+        const timeout = input.timeout ?? 120_000;
+        try {
+            const output = execSync(`powershell.exe -NoProfile -NonInteractive -Command "${input.command.replace(/"/g, '\\"')}"`, { encoding: 'utf-8', timeout, maxBuffer: 10 * 1024 * 1024, windowsHide: true });
+            return { output: output.trim(), isError: false };
+        }
+        catch (err) {
+            const output = String(err.stdout ?? err.stderr ?? err.message ?? 'PowerShell error');
+            return { output: output.slice(0, 100_000), isError: true };
+        }
+    },
+    prompt() {
+        return "Execute PowerShell commands on Windows. Use for registry, COM, .NET, and Windows-specific operations.";
+    },
+};
+//# sourceMappingURL=index.js.map

package/dist/tools.js

@@ -42,6 +42,8 @@ import { KillProcessTool } from "./tools/KillProcessTool/index.js";
 import { RemoteTriggerTool } from "./tools/RemoteTriggerTool/index.js";
 import { MultiEditTool } from "./tools/MultiEditTool/index.js";
 import { PipelineTool } from "./tools/PipelineTool/index.js";
+import { PowerShellTool } from "./tools/PowerShellTool/index.js";
+import { MonitorTool } from "./tools/MonitorTool/index.js";
 /**
  * Returns all registered tools.
  *
@@ -96,6 +98,8 @@ export function getAllTools() {
         KillProcessTool,
         RemoteTriggerTool,
         MultiEditTool,
+        PowerShellTool,
+        MonitorTool,
     ];
     return [
         ...core,

package/dist/types/permissions.js

@@ -7,6 +7,13 @@ const EDIT_SAFE_TOOLS = new Set([
     "FileRead", "FileWrite", "FileEdit", "Glob", "Grep", "LS",
     "ImageRead", "NotebookEdit",
 ]);
+/** Parse a tool specifier like "Bash(npm run *)" into tool name + pattern */
+function parseToolSpecifier(specifier) {
+    const match = specifier.match(/^(\w+)\((.+)\)$/);
+    if (match)
+        return { toolName: match[1], argPattern: match[2] };
+    return { toolName: specifier };
+}
 /** Match a tool name against a pattern (supports trailing * for prefix matching) */
 function matchToolPattern(pattern, toolName) {
     if (pattern.endsWith("*")) {
@@ -14,14 +21,47 @@ function matchToolPattern(pattern, toolName) {
     }
     return pattern === toolName;
 }
+/**
+ * Match an argument pattern against a value using glob-style matching.
+ * Supports: * (any chars), ** (any path segments)
+ */
+function matchArgGlob(pattern, value) {
+    // Convert glob to regex: * → [^/]*, ** → .*, escape other regex chars
+    const regexStr = pattern
+        .replace(/[.+^${}()|[\]\\]/g, '\\$&') // escape regex chars (except * and ?)
+        .replace(/\*\*/g, '{{DOUBLESTAR}}')
+        .replace(/\*/g, '[^/]*')
+        .replace(/\{\{DOUBLESTAR\}\}/g, '.*');
+    try {
+        return new RegExp(`^${regexStr}$`).test(value);
+    }
+    catch {
+        return false;
+    }
+}
 /** Find the first matching tool permission rule */
 function findToolRule(rules, toolName, toolInput) {
     if (!rules || rules.length === 0)
         return undefined;
     return rules.find(r => {
-        if (!matchToolPattern(r.tool, toolName))
+        const { toolName: specToolName, argPattern } = parseToolSpecifier(r.tool);
+        // Check tool name match (with prefix * support)
+        if (!matchToolPattern(specToolName, toolName))
             return false;
-        // If rule has a pattern, match against Bash command content only
+        // If rule has an inline argument pattern (e.g., "Bash(npm run *)")
+        if (argPattern && toolInput) {
+            const input = toolInput;
+            // For Bash: match against command string
+            if (toolName === 'Bash' && typeof input.command === 'string') {
+                return matchArgGlob(argPattern, input.command);
+            }
+            // For file tools: match against file_path
+            if (['Edit', 'Write', 'Read'].includes(toolName) && typeof input.file_path === 'string') {
+                return matchArgGlob(argPattern, input.file_path);
+            }
+            return false; // Has pattern but no matching field
+        }
+        // Legacy: separate pattern field (regex) for Bash commands
         if (r.pattern && toolInput && toolName === "Bash") {
             const command = toolInput?.command;
             if (typeof command === "string") {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@zhijiewang/openharness",
-  "version": "1.3.0",
+  "version": "1.4.0",
   "description": "Open-source terminal coding agent. Works with any LLM.",
   "type": "module",
   "bin": {