@zhijiewang/openharness 2.23.0 → 2.24.0

package/README.md

@@ -164,6 +164,7 @@ Available variables: `{model}`, `{tokens}` (input↑ output↓), `{cost}` ($X.XX
 | **Web** | | |
 | WebFetch | medium | Fetch URL content (SSRF-protected) |
 | WebSearch | medium | Search the web |
+| ExaSearch | medium | Neural web search via Exa (requires `EXA_API_KEY`) |
 | RemoteTrigger | high | HTTP requests to webhooks/APIs |
 | **Tasks** | | |
 | TaskCreate | low | Create structured tasks |

package/README.zh-CN.md

@@ -164,6 +164,7 @@ statusLineFormat: '{model} │ {tokens} │ {cost} │ {ctx}'
 | **Web** | | |
 | WebFetch | 中 | 获取 URL 内容（防 SSRF） |
 | WebSearch | 中 | 网络搜索 |
+| ExaSearch | 中 | 通过 Exa 进行神经网络搜索（需要 `EXA_API_KEY`） |
 | RemoteTrigger | 高 | 向 webhook/API 发送 HTTP 请求 |
 | **任务** | | |
 | TaskCreate | 低 | 创建结构化任务 |

package/dist/commands/settings.js

@@ -5,6 +5,7 @@ import { spawn } from "node:child_process";
 import { existsSync, mkdirSync, writeFileSync } from "node:fs";
 import { homedir, platform } from "node:os";
 import { dirname, join } from "node:path";
+import { readApprovalLog } from "../harness/approvals.js";
 import { readOhConfig } from "../harness/config.js";
 import { loadKeybindings } from "../harness/keybindings.js";
 import { isTrusted, listTrusted, trust } from "../harness/trust.js";
@@ -138,17 +139,37 @@ export function registerSettingsCommands(register) {
         const { sandboxStatus } = require("../harness/sandbox.js");
         return { output: `${sandboxStatus()}\n\nConfigure in .oh/config.yaml under sandbox:`, handled: true };
     });
-    register("permissions", "View or change permission mode", (args, ctx) => {
-        const mode = args.trim().toLowerCase();
-        if (!mode) {
+    register("permissions", "View or change permission mode (or 'log' for approval history)", (args, ctx) => {
+        const trimmed = args.trim();
+        if (!trimmed) {
             return {
-                output: `Current permission mode: ${ctx.permissionMode}\n\nAvailable modes:\n  ask            Prompt for medium/high risk (default)\n  trust          Auto-approve everything\n  deny           Only low-risk read-only\n  acceptEdits    Auto-approve file edits\n  plan           Read-only mode\n  auto           Auto-approve, block dangerous bash\n  bypassPermissions  CI/CD only`,
+                output: `Current permission mode: ${ctx.permissionMode}\n\nAvailable modes:\n  ask            Prompt for medium/high risk (default)\n  trust          Auto-approve everything\n  deny           Only low-risk read-only\n  acceptEdits    Auto-approve file edits\n  plan           Read-only mode\n  auto           Auto-approve, block dangerous bash\n  bypassPermissions  CI/CD only\n\nApproval history:\n  /permissions log [n]   Show last n approval decisions (default 50)`,
                 handled: true,
             };
         }
+        // Audit U-B5: /permissions log [n] — show approval history from
+        // ~/.oh/approvals.log. Subcommand check happens before the mode-name
+        // validation so "log" doesn't collide with the mode list.
+        const [head, ...tail] = trimmed.split(/\s+/);
+        if (head?.toLowerCase() === "log") {
+            const n = Math.max(1, Math.min(500, Number.parseInt(tail[0] ?? "50", 10) || 50));
+            const records = readApprovalLog(n);
+            if (records.length === 0) {
+                return { output: "No approval decisions logged yet.", handled: true };
+            }
+            const lines = records.map((r) => {
+                const time = r.ts.slice(11, 19); // HH:MM:SS from ISO
+                const date = r.ts.slice(0, 10);
+                const decision = r.decision === "allow" ? "✓" : r.decision === "always" ? "★" : "✗";
+                const reason = r.reason ? ` (${r.reason})` : "";
+                return `${date} ${time}  ${decision} ${r.decision.padEnd(7)} ${r.tool.padEnd(14)} ${r.source}${reason}`;
+            });
+            return { output: `Last ${records.length} approval decisions:\n${lines.join("\n")}`, handled: true };
+        }
+        const mode = trimmed.toLowerCase();
         const valid = ["ask", "trust", "deny", "acceptedits", "plan", "auto", "bypasspermissions"];
         if (!valid.includes(mode)) {
-            return { output: `Unknown mode: ${mode}. Valid: ${valid.join(", ")}`, handled: true };
+            return { output: `Unknown mode: ${mode}. Valid: ${valid.join(", ")} | log`, handled: true };
         }
         return {
             output: `Permission mode set to: ${mode}\n(Note: takes effect for new tool calls in this session)`,

package/dist/harness/approvals.d.ts

@@ -0,0 +1,45 @@
+/**
+ * Approval log (audit U-B5).
+ *
+ * Append-only JSONL at `~/.oh/approvals.log` recording every permission
+ * resolution OH makes during a session — the source (user / hook / rule /
+ * permission-prompt-tool / headless / policy), the tool name, the decision
+ * (allow / deny / always), a redacted args preview, and a timestamp.
+ *
+ * Rotated to a `.1` sibling once the file exceeds ~2 MiB so the log doesn't
+ * grow unbounded. The slash command `/permissions log` reads the tail.
+ *
+ * Mirrors Claude Code's session approval log. Genuinely new — no prior art
+ * in OH (grep-verified during the audit refresh).
+ */
+export type ApprovalSource = "user" | "hook" | "rule" | "permission-prompt-tool" | "policy" | "headless";
+export type ApprovalDecision = "allow" | "deny" | "always";
+export interface ApprovalRecord {
+    ts: string;
+    tool: string;
+    decision: ApprovalDecision;
+    source: ApprovalSource;
+    /** Tool args as JSON, truncated to ~500 chars to keep the log compact. */
+    argsPreview?: string;
+    /** Optional human-readable reason (hook reason, headless reason, etc.). */
+    reason?: string;
+    cwd?: string;
+}
+/**
+ * Override the log file path for tests, or `null` to silence the writer.
+ * Calling without arguments resets to the real `~/.oh/approvals.log`.
+ */
+export declare function setApprovalLogPathForTests(path: string | null | undefined): void;
+/**
+ * Append a single approval decision to the log. Errors are swallowed: a
+ * disk-full or permission error must not block the agent loop.
+ */
+export declare function recordApproval(rec: Omit<ApprovalRecord, "ts">): void;
+/**
+ * Read the most recent `n` records from the log. Skips malformed lines.
+ * Used by the `/permissions log` slash command.
+ */
+export declare function readApprovalLog(n?: number): ApprovalRecord[];
+/** Truncate an args string to roughly N chars without breaking JSON brackets. */
+export declare function previewArgs(argsJson: string, max?: number): string;
+//# sourceMappingURL=approvals.d.ts.map

package/dist/harness/approvals.js

@@ -0,0 +1,100 @@
+/**
+ * Approval log (audit U-B5).
+ *
+ * Append-only JSONL at `~/.oh/approvals.log` recording every permission
+ * resolution OH makes during a session — the source (user / hook / rule /
+ * permission-prompt-tool / headless / policy), the tool name, the decision
+ * (allow / deny / always), a redacted args preview, and a timestamp.
+ *
+ * Rotated to a `.1` sibling once the file exceeds ~2 MiB so the log doesn't
+ * grow unbounded. The slash command `/permissions log` reads the tail.
+ *
+ * Mirrors Claude Code's session approval log. Genuinely new — no prior art
+ * in OH (grep-verified during the audit refresh).
+ */
+import { appendFileSync, existsSync, mkdirSync, readFileSync, renameSync, statSync } from "node:fs";
+import { homedir } from "node:os";
+import { dirname, join } from "node:path";
+const LOG_FILE = join(homedir(), ".oh", "approvals.log");
+const ROTATE_BYTES = 2 * 1024 * 1024;
+/** Test seam — flip to `null` to disable logging in test runs. */
+let _logFileOverride;
+/**
+ * Override the log file path for tests, or `null` to silence the writer.
+ * Calling without arguments resets to the real `~/.oh/approvals.log`.
+ */
+export function setApprovalLogPathForTests(path) {
+    _logFileOverride = path;
+}
+function logPath() {
+    if (_logFileOverride === null)
+        return null;
+    return _logFileOverride ?? LOG_FILE;
+}
+function rotateIfNeeded(file) {
+    try {
+        const st = statSync(file);
+        if (st.size >= ROTATE_BYTES) {
+            renameSync(file, `${file}.1`);
+        }
+    }
+    catch {
+        /* file does not exist yet — no rotate needed */
+    }
+}
+/**
+ * Append a single approval decision to the log. Errors are swallowed: a
+ * disk-full or permission error must not block the agent loop.
+ */
+export function recordApproval(rec) {
+    const file = logPath();
+    if (!file)
+        return;
+    try {
+        mkdirSync(dirname(file), { recursive: true });
+        rotateIfNeeded(file);
+        const line = `${JSON.stringify({ ts: new Date().toISOString(), ...rec })}\n`;
+        appendFileSync(file, line, "utf8");
+    }
+    catch {
+        /* logging must not throw into caller */
+    }
+}
+/**
+ * Read the most recent `n` records from the log. Skips malformed lines.
+ * Used by the `/permissions log` slash command.
+ */
+export function readApprovalLog(n = 50) {
+    const file = logPath();
+    if (!file || !existsSync(file))
+        return [];
+    let raw;
+    try {
+        raw = readFileSync(file, "utf8");
+    }
+    catch {
+        return [];
+    }
+    const lines = raw.split("\n").filter((l) => l.length > 0);
+    const tail = lines.slice(Math.max(0, lines.length - n));
+    const out = [];
+    for (const line of tail) {
+        try {
+            const obj = JSON.parse(line);
+            if (obj && typeof obj.tool === "string" && typeof obj.decision === "string") {
+                out.push(obj);
+            }
+        }
+        catch {
+            /* skip malformed line */
+        }
+    }
+    return out;
+}
+/** Truncate an args string to roughly N chars without breaking JSON brackets. */
+export function previewArgs(argsJson, max = 500) {
+    if (argsJson.length <= max)
+        return argsJson;
+    return `${argsJson.slice(0, max)}…`;
+}
+//# sourceMappingURL=approvals.js.map

package/dist/harness/config.d.ts

@@ -151,6 +151,27 @@ export type OhConfig = {
     apiKeyHelper?: string;
     toolPermissions?: ToolPermissionRule[];
     statusLineFormat?: string;
+    /**
+     * JSON-envelope status line script (audit U-B1). When set, OH spawns
+     * `command` through the user's shell on each refresh, pipes a JSON
+     * envelope `{ model, tokens, cost, ctx, sessionId, cwd, gitBranch }` to
+     * stdin, and uses the trimmed stdout as the status line. Mirrors Claude
+     * Code's `statusLine` config. Gated through the workspace-trust system —
+     * scripts only run in trusted dirs.
+     *
+     * Output is cached for `refreshMs` (default 1000) so the script doesn't
+     * re-spawn on every keypress. Multi-line output is truncated to the
+     * first line.
+     *
+     * Coexists with `statusLineFormat` — when both are set, the script wins.
+     */
+    statusLine?: {
+        command: string;
+        /** Cache window in ms. Default: 1000. Min: 100. */
+        refreshMs?: number;
+        /** Spawn timeout in ms. Default: 2000. */
+        timeoutMs?: number;
+    };
     /** Verification loops — auto-run lint/typecheck after file edits */
     verification?: {
         enabled?: boolean;

package/dist/harness/status-line-script.d.ts

@@ -0,0 +1,52 @@
+/**
+ * JSON-envelope status line script runner (audit U-B1).
+ *
+ * Mirrors Claude Code's `statusLine` config. The user configures a shell
+ * command in `.oh/config.yaml`:
+ *
+ *   statusLine:
+ *     command: "~/scripts/oh-status.sh"
+ *     refreshMs: 2000
+ *
+ * On each REPL refresh, OH:
+ *   1. Builds a JSON envelope of session state (model, tokens, cost, etc.)
+ *   2. If the cache window hasn't expired AND the envelope hasn't changed,
+ *      returns the cached stdout — no spawn cost on every keypress.
+ *   3. Otherwise spawns the command through the shell, pipes the envelope
+ *      on stdin, captures stdout (timeout: 2s), trims to the first line.
+ *
+ * Caller is responsible for the workspace-trust gate (`isTrusted(cwd)`);
+ * this module just runs the command. Failures (non-zero exit, timeout,
+ * spawn error) return null so the caller can fall back to template /
+ * default rendering.
+ *
+ * Synchronous spawn used so the renderer doesn't need an async path —
+ * keeps the keypress loop hot. Trade-off: a slow script blocks the render
+ * up to `timeoutMs`; the cache makes this rare.
+ */
+export interface StatusLineEnvelope {
+    model: string;
+    tokens: {
+        input: number;
+        output: number;
+    };
+    cost: number;
+    contextPercent: number;
+    sessionId: string;
+    cwd: string;
+    gitBranch?: string;
+}
+export interface StatusLineConfig {
+    command: string;
+    refreshMs?: number;
+    timeoutMs?: number;
+}
+/**
+ * Run the status line script with the given envelope. Returns the trimmed
+ * first line of stdout, or null on failure / empty output. Caches results
+ * for `refreshMs`.
+ */
+export declare function runStatusLineScript(env: StatusLineEnvelope, cfg: StatusLineConfig): string | null;
+/** @internal Test-only reset. */
+export declare function _resetStatusLineCacheForTest(): void;
+//# sourceMappingURL=status-line-script.d.ts.map

package/dist/harness/status-line-script.js

@@ -0,0 +1,88 @@
+/**
+ * JSON-envelope status line script runner (audit U-B1).
+ *
+ * Mirrors Claude Code's `statusLine` config. The user configures a shell
+ * command in `.oh/config.yaml`:
+ *
+ *   statusLine:
+ *     command: "~/scripts/oh-status.sh"
+ *     refreshMs: 2000
+ *
+ * On each REPL refresh, OH:
+ *   1. Builds a JSON envelope of session state (model, tokens, cost, etc.)
+ *   2. If the cache window hasn't expired AND the envelope hasn't changed,
+ *      returns the cached stdout — no spawn cost on every keypress.
+ *   3. Otherwise spawns the command through the shell, pipes the envelope
+ *      on stdin, captures stdout (timeout: 2s), trims to the first line.
+ *
+ * Caller is responsible for the workspace-trust gate (`isTrusted(cwd)`);
+ * this module just runs the command. Failures (non-zero exit, timeout,
+ * spawn error) return null so the caller can fall back to template /
+ * default rendering.
+ *
+ * Synchronous spawn used so the renderer doesn't need an async path —
+ * keeps the keypress loop hot. Trade-off: a slow script blocks the render
+ * up to `timeoutMs`; the cache makes this rare.
+ */
+import { spawnSync } from "node:child_process";
+let cache = null;
+const DEFAULT_REFRESH_MS = 1000;
+const MIN_REFRESH_MS = 100;
+const DEFAULT_TIMEOUT_MS = 2000;
+/**
+ * Stable cache key from the envelope. Excludes timestamps / sessionId-y
+ * things that don't actually change the script's output (the script reads
+ * the envelope it gets — if the input is the same, the output should be
+ * too).
+ */
+function envelopeKey(env) {
+    return JSON.stringify({
+        model: env.model,
+        tokens: env.tokens,
+        cost: env.cost,
+        contextPercent: env.contextPercent,
+        cwd: env.cwd,
+        gitBranch: env.gitBranch,
+    });
+}
+/**
+ * Run the status line script with the given envelope. Returns the trimmed
+ * first line of stdout, or null on failure / empty output. Caches results
+ * for `refreshMs`.
+ */
+export function runStatusLineScript(env, cfg) {
+    const refresh = Math.max(MIN_REFRESH_MS, cfg.refreshMs ?? DEFAULT_REFRESH_MS);
+    const timeout = cfg.timeoutMs ?? DEFAULT_TIMEOUT_MS;
+    const key = envelopeKey(env);
+    const now = Date.now();
+    if (cache && cache.envelopeKey === key && now - cache.timestamp < refresh) {
+        return cache.output;
+    }
+    try {
+        const result = spawnSync(cfg.command, {
+            shell: true,
+            timeout,
+            stdio: ["pipe", "pipe", "pipe"],
+            input: JSON.stringify(env),
+            encoding: "utf8",
+        });
+        if (result.error || result.status !== 0) {
+            return null;
+        }
+        const out = (result.stdout ?? "").toString().trim();
+        if (!out)
+            return null;
+        // Truncate to first line — multi-line output would corrupt the status row.
+        const firstLine = out.split(/\r?\n/)[0];
+        cache = { envelopeKey: key, output: firstLine, timestamp: now };
+        return firstLine;
+    }
+    catch {
+        return null;
+    }
+}
+/** @internal Test-only reset. */
+export function _resetStatusLineCacheForTest() {
+    cache = null;
+}
+//# sourceMappingURL=status-line-script.js.map

package/dist/query/tools.js

@@ -1,6 +1,7 @@
 /**
  * Tool execution — permission checking, batching, output capping.
  */
+import { previewArgs, recordApproval } from "../harness/approvals.js";
 import { createCheckpoint, getAffectedFiles } from "../harness/checkpoints.js";
 import { emitHook, emitHookWithOutcome } from "../harness/hooks.js";
 import { findToolByName } from "../Tool.js";
@@ -91,6 +92,7 @@ export async function executeSingleTool(toolCall, tools, context, permissionMode
                 permissionMode,
                 permissionAction: "ask",
             });
+            const argsPreview = previewArgs(JSON.stringify(toolCall.arguments));
             const denyAndEmit = (source, reason, output) => {
                 emitHook("permissionDenied", {
                     toolName: tool.name,
@@ -99,10 +101,31 @@ export async function executeSingleTool(toolCall, tools, context, permissionMode
                     denySource: source,
                     denyReason: reason,
                 });
+                // Audit U-B5: persist denial to ~/.oh/approvals.log so /permissions log
+                // can replay the session's approval history. The cast is safe — the
+                // four call sites below pass exact string literals matching ApprovalSource.
+                recordApproval({
+                    tool: tool.name,
+                    decision: "deny",
+                    source: source,
+                    argsPreview,
+                    reason,
+                    cwd: process.cwd(),
+                });
                 return { output, isError: true };
             };
+            const recordAllow = (source) => {
+                recordApproval({
+                    tool: tool.name,
+                    decision: "allow",
+                    source,
+                    argsPreview,
+                    cwd: process.cwd(),
+                });
+            };
             if (hookOutcome.permissionDecision === "allow") {
                 // Hook granted permission — proceed to execution.
+                recordAllow("hook");
             }
             else if (hookOutcome.permissionDecision === "deny" || !hookOutcome.allowed) {
                 const reason = hookOutcome.reason ? `: ${hookOutcome.reason}` : "";
@@ -118,6 +141,7 @@ export async function executeSingleTool(toolCall, tools, context, permissionMode
                 const promptDecision = await callPermissionPromptTool(permissionPromptTool, tools, context, tool.name, parsed.data);
                 if (promptDecision.behavior === "allow") {
                     // Permission tool granted — proceed.
+                    recordAllow("permission-prompt-tool");
                 }
                 else if (promptDecision.behavior === "deny") {
                     return denyAndEmit("permission-prompt-tool", promptDecision.message ?? "denied", `Permission denied by ${permissionPromptTool}${promptDecision.message ? `: ${promptDecision.message}` : ""}`);
@@ -131,6 +155,7 @@ export async function executeSingleTool(toolCall, tools, context, permissionMode
                     if (!allowed) {
                         return denyAndEmit("user", "user declined", "Permission denied by user.");
                     }
+                    recordAllow("user");
                 }
                 else {
                     return denyAndEmit("headless", "permission-prompt-tool unavailable and no interactive prompt", `Permission denied: ${permissionPromptTool} did not produce a usable decision and no interactive prompt is available.`);
@@ -144,6 +169,7 @@ export async function executeSingleTool(toolCall, tools, context, permissionMode
                 if (!allowed) {
                     return denyAndEmit("user", "user declined", "Permission denied by user.");
                 }
+                recordAllow("user");
             }
             else {
                 // Headless mode with no hook decision and no interactive prompt:
@@ -161,6 +187,16 @@ export async function executeSingleTool(toolCall, tools, context, permissionMode
                 denySource: "policy",
                 denyReason: perm.reason,
             });
+            // Audit U-B5: a `tool-rule-deny` reason came from an explicit
+            // `toolPermissions` rule the user wrote; everything else is policy.
+            recordApproval({
+                tool: tool.name,
+                decision: "deny",
+                source: perm.reason === "tool-rule-deny" ? "rule" : "policy",
+                argsPreview: previewArgs(JSON.stringify(toolCall.arguments)),
+                reason: perm.reason,
+                cwd: process.cwd(),
+            });
             return { output: `Permission denied: ${perm.reason}`, isError: true };
         }
     }

package/dist/renderer/cells.d.ts

@@ -7,6 +7,7 @@ export type Style = {
     bold: boolean;
     dim: boolean;
     underline: boolean;
+    hyperlink?: string | null;
 };
 export type Cell = {
     char: string;
@@ -32,6 +33,11 @@ export declare class CellGrid {
      * Returns the number of rows consumed.
      */
     writeWrapped(row: number, col: number, text: string, style: Style, wrapWidth: number, maxRow?: number): number;
+    /**
+     * Write text on a single row (no wrapping), tagging http(s):// and file:// runs
+     * with the OSC 8 hyperlink attribute (cyan + underline). Stops at maxCol or grid width.
+     */
+    writeTextWithLinks(row: number, col: number, text: string, baseStyle: Style, maxCol?: number): void;
     clone(): CellGrid;
 }
 //# sourceMappingURL=cells.d.ts.map

package/dist/renderer/cells.js

@@ -1,7 +1,7 @@
 /**
  * Cell grid — 2D array of styled characters for terminal rendering.
  */
-export const EMPTY_STYLE = { fg: null, bg: null, bold: false, dim: false, underline: false };
+export const EMPTY_STYLE = { fg: null, bg: null, bold: false, dim: false, underline: false, hyperlink: null };
 export const EMPTY_CELL = { char: " ", style: { ...EMPTY_STYLE } };
 export function cellsEqual(a, b) {
     return (a.char === b.char &&
@@ -9,7 +9,8 @@ export function cellsEqual(a, b) {
         a.style.bg === b.style.bg &&
         a.style.bold === b.style.bold &&
         a.style.dim === b.style.dim &&
-        a.style.underline === b.style.underline);
+        a.style.underline === b.style.underline &&
+        (a.style.hyperlink ?? null) === (b.style.hyperlink ?? null));
 }
 export class CellGrid {
     width;
@@ -37,6 +38,7 @@ export class CellGrid {
                 cell.style.bold = false;
                 cell.style.dim = false;
                 cell.style.underline = false;
+                cell.style.hyperlink = null;
             }
         }
     }
@@ -51,6 +53,7 @@ export class CellGrid {
         cell.style.bold = s.bold;
         cell.style.dim = s.dim;
         cell.style.underline = s.underline;
+        cell.style.hyperlink = s.hyperlink ?? null;
     }
     /**
      * Write a string into the grid at (row, col). Handles \n for line breaks.
@@ -122,6 +125,49 @@ export class CellGrid {
         }
         return r - row;
     }
+    /**
+     * Write text on a single row (no wrapping), tagging http(s):// and file:// runs
+     * with the OSC 8 hyperlink attribute (cyan + underline). Stops at maxCol or grid width.
+     */
+    writeTextWithLinks(row, col, text, baseStyle, maxCol) {
+        const limit = Math.min(maxCol ?? this.width, this.width);
+        if (row < 0 || row >= this.height)
+            return;
+        const linkRegex = /(https?:\/\/[^\s)\]'"<>]+|file:\/\/[^\s)\]'"<>]+)/g;
+        let cursor = 0;
+        let c = col;
+        while (true) {
+            const m = linkRegex.exec(text);
+            if (m === null)
+                break;
+            const before = text.slice(cursor, m.index);
+            for (let i = 0; i < before.length && c < limit; i++) {
+                this.setCell(row, c, before[i], baseStyle);
+                c++;
+            }
+            if (c >= limit)
+                return;
+            // Strip trailing punctuation that's almost never part of the URL.
+            let url = m[0];
+            while (url.length > 0 && /[.,;:!?]/.test(url[url.length - 1])) {
+                url = url.slice(0, -1);
+            }
+            if (url.length === 0) {
+                cursor = m.index + m[0].length;
+                continue;
+            }
+            const linkStyle = { ...baseStyle, fg: "cyan", underline: true, hyperlink: url };
+            for (let i = 0; i < url.length && c < limit; i++) {
+                this.setCell(row, c, url[i], linkStyle);
+                c++;
+            }
+            cursor = m.index + url.length;
+        }
+        for (let i = cursor; i < text.length && c < limit; i++) {
+            this.setCell(row, c, text[i], baseStyle);
+            c++;
+        }
+    }
     clone() {
         const g = new CellGrid(this.width, this.height);
         for (let r = 0; r < this.height; r++) {

package/dist/renderer/differ.js

@@ -18,6 +18,11 @@ export function styleToSGR(style) {
         codes.push(BG_CODES[style.bg]);
     return `\x1b[${codes.join(";")}m`;
 }
+/** OSC 8 hyperlink open/close sequences (ST = ESC \). */
+function osc8Open(url) {
+    return `\x1b]8;;${url}\x1b\\`;
+}
+const OSC8_CLOSE = "\x1b]8;;\x1b\\";
 /**
  * Compare two grids and return the ANSI string that transforms prev into next.
  * Only emits escape sequences for changed cells.
@@ -25,6 +30,7 @@ export function styleToSGR(style) {
 export function diff(prev, next, rowOffset = 0) {
     const parts = [];
     let lastStyle = null;
+    let lastHyperlink = null;
     let expectedRow = -1;
     let expectedCol = -1;
     for (let r = 0; r < next.height; r++) {
@@ -43,13 +49,24 @@ export function diff(prev, next, rowOffset = 0) {
                 parts.push(sgr);
                 lastStyle = sgr;
             }
+            // Apply OSC 8 hyperlink transitions independently of SGR
+            const nextHyperlink = nextCell.style.hyperlink ?? null;
+            if (nextHyperlink !== lastHyperlink) {
+                if (lastHyperlink !== null)
+                    parts.push(OSC8_CLOSE);
+                if (nextHyperlink !== null)
+                    parts.push(osc8Open(nextHyperlink));
+                lastHyperlink = nextHyperlink;
+            }
             parts.push(nextCell.char);
             expectedRow = r;
             expectedCol = c + 1;
         }
     }
-    // Reset style at end
+    // Close any open hyperlink and reset style at end
     if (parts.length > 0) {
+        if (lastHyperlink !== null)
+            parts.push(OSC8_CLOSE);
         parts.push("\x1b[0m");
     }
     return parts.join("");

package/dist/renderer/index.js

@@ -3,6 +3,7 @@
  * Flushed messages flow to scrollback; live area is rewritten in-place
  * right after the scrollback content each frame (no absolute positioning gap).
  */
+import { recordApproval } from "../harness/approvals.js";
 import { getTheme } from "../utils/theme-data.js";
 import { summarizeToolArgs } from "../utils/tool-summary.js";
 import { CellGrid } from "./cells.js";
@@ -403,6 +404,10 @@ export class TerminalRenderer {
                 catch {
                     /* persistence failure must not block the agent */
                 }
+                // Audit U-B5: log the "always allow this tool" rule promotion as a
+                // supplementary record so /permissions log shows the user upgraded
+                // from a one-shot allow to a persistent rule.
+                recordApproval({ tool: toolName, decision: "always", source: "user", cwd: process.cwd() });
             }
             this.scheduleRender();
             resolve(k === "y" || k === "a");

package/dist/renderer/layout-sections.js

@@ -187,7 +187,7 @@ export function renderToolCallsSection(state, grid, r, limit, opts) {
             for (const line of visible) {
                 if (r >= limit)
                     break;
-                grid.writeText(r, 6, line.slice(0, w - 8), S_DIM);
+                grid.writeTextWithLinks(r, 6, line.slice(0, w - 8), S_DIM, w - 2);
                 r++;
             }
         }
@@ -205,7 +205,7 @@ export function renderToolCallsSection(state, grid, r, limit, opts) {
                 if (r >= limit)
                     break;
                 const lineStyle = tc.status === "error" ? S_ERROR : S_DIM;
-                grid.writeText(r, 6, line.slice(0, w - 8), lineStyle);
+                grid.writeTextWithLinks(r, 6, line.slice(0, w - 8), lineStyle, w - 2);
                 r++;
             }
             if (outLines.length > maxOut && r < limit) {

package/dist/renderer/markdown.js

@@ -241,7 +241,10 @@ function parseInline(text, baseStyle) {
         // Link: [text](url)
         const linkMatch = remaining.match(/^\[([^\]]+)\]\(([^)]+)\)/);
         if (linkMatch) {
-            segments.push({ text: linkMatch[1], style: { ...baseStyle, underline: true, fg: "cyan" } });
+            segments.push({
+                text: linkMatch[1],
+                style: { ...baseStyle, underline: true, fg: "cyan", hyperlink: linkMatch[2] },
+            });
             segments.push({ text: ` (${linkMatch[2]})`, style: { ...baseStyle, dim: true } });
             remaining = remaining.slice(linkMatch[0].length);
             continue;

package/dist/repl.js

@@ -14,8 +14,10 @@ import { readOhConfig, writeOhConfig } from "./harness/config.js";
 import { estimateMessageTokens, getContextWarning } from "./harness/context-warning.js";
 import { CostTracker, estimateCost, getContextWindow } from "./harness/cost.js";
 import { createSession, loadSession, saveSession } from "./harness/session.js";
+import { runStatusLineScript } from "./harness/status-line-script.js";
 import { createStore } from "./harness/store.js";
 import { handleUserInput } from "./harness/submit-handler.js";
+import { isTrusted, trustSystemActive } from "./harness/trust.js";
 import { query } from "./query/index.js";
 import { resetDiffStyleCache } from "./renderer/diff.js";
 import { TerminalRenderer } from "./renderer/index.js";
@@ -23,6 +25,7 @@ import { resetStyleCache } from "./renderer/layout.js";
 import { resetMdStyleCache } from "./renderer/markdown.js";
 import { createAssistantMessage, createInfoMessage, createMessage } from "./types/message.js";
 import { formatTokenCount } from "./utils/format.js";
+import { fuzzyFilter } from "./utils/fuzzy.js";
 import { setActiveTheme } from "./utils/theme-data.js";
 import { formatToolArgs, summarizeToolOutput } from "./utils/tool-summary.js";
 export async function startREPL(config) {
@@ -131,16 +134,15 @@ export async function startREPL(config) {
     function updateAutocomplete() {
         acIsPath = false;
         if (inputText.startsWith("/") && inputText.length > 1 && !inputText.includes(" ")) {
-            // Slash command autocomplete — entries arrive in registration order
-            // (Session → Git → Info → Settings → AI → Skills → MCP), so categories
-            // are naturally contiguous after a startsWith filter (audit U-A3).
-            const prefix = inputText.slice(1).toLowerCase();
-            const entries = getCommandEntries()
-                .filter((e) => e.name.startsWith(prefix))
-                .slice(0, 8);
-            acSuggestions = entries.map((e) => e.name);
-            acDescriptions = entries.map((e) => e.description);
-            acCategories = entries.map((e) => e.category);
+            // Slash command autocomplete (audit U-B3): subsequence-match scoring,
+            // not a startsWith filter. Prefix matches still rank first via the
+            // bonus in `fuzzyScore`, but the user can type "gst" to surface
+            // "/git-status" or "perm" to surface "/permissions".
+            const query = inputText.slice(1);
+            const ranked = fuzzyFilter(query, getCommandEntries()).slice(0, 8);
+            acSuggestions = ranked.map((r) => r.entry.name);
+            acDescriptions = ranked.map((r) => r.entry.description);
+            acCategories = ranked.map((r) => r.entry.category);
             acTokenStart = 0;
             acIndex = -1;
         }
@@ -273,8 +275,38 @@ export async function startREPL(config) {
             const pct = Math.max(1, Math.ceil(usage * 100));
             ctxStr = `ctx [${bar}] ${pct}%`;
         }
-        // Use template if configured, otherwise default format
-        if (cachedConfig?.statusLineFormat) {
+        // Resolution priority: script (audit U-B1) → template → default.
+        //
+        // Script path: spawn user-configured shell with a JSON envelope on
+        // stdin; gated through the workspace-trust system from audit U-A4 so
+        // a hostile project can't auto-execute on first launch. Cached for
+        // `refreshMs` (default 1s) inside `status-line-script.ts` so the
+        // script doesn't run on every keypress. Failure → fall through to
+        // the template / default below.
+        let scriptLine = null;
+        const sl = cachedConfig?.statusLine;
+        if (sl?.command) {
+            const cwd = process.cwd();
+            if (trustSystemActive() && !isTrusted(cwd)) {
+                scriptLine = null; // untrusted — silently skip; user can /trust
+            }
+            else {
+                const ctxPct = ctxWindow > 0 && estimatedTokenCount > 0 ? estimatedTokenCount / ctxWindow : 0;
+                scriptLine = runStatusLineScript({
+                    model: currentModel || "",
+                    tokens: { input: inTok, output: outTok },
+                    cost: totalCostVal,
+                    contextPercent: ctxPct,
+                    sessionId: session.id,
+                    cwd,
+                    gitBranch: session.gitBranch,
+                }, sl);
+            }
+        }
+        if (scriptLine !== null) {
+            renderer.setStatusLine(scriptLine);
+        }
+        else if (cachedConfig?.statusLineFormat) {
             const line = cachedConfig.statusLineFormat
                 .replace("{model}", currentModel || "")
                 .replace("{tokens}", tokensStr)

package/dist/tools/ExaSearchTool/index.d.ts

@@ -0,0 +1,101 @@
+import { z } from "zod";
+import type { Tool } from "../../Tool.js";
+declare const SEARCH_TYPES: readonly ["auto", "neural", "fast", "keyword"];
+declare const CATEGORIES: readonly ["company", "research paper", "news", "personal site", "financial report", "people"];
+declare const inputSchema: z.ZodObject<{
+    query: z.ZodString;
+    num_results: z.ZodOptional<z.ZodNumber>;
+    type: z.ZodOptional<z.ZodEnum<["auto", "neural", "fast", "keyword"]>>;
+    category: z.ZodOptional<z.ZodEnum<["company", "research paper", "news", "personal site", "financial report", "people"]>>;
+    include_domains: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+    exclude_domains: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+    include_text: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+    exclude_text: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+    start_published_date: z.ZodOptional<z.ZodString>;
+    end_published_date: z.ZodOptional<z.ZodString>;
+    user_location: z.ZodOptional<z.ZodString>;
+    text: z.ZodOptional<z.ZodBoolean>;
+    highlights: z.ZodOptional<z.ZodBoolean>;
+    summary: z.ZodOptional<z.ZodBoolean>;
+    summary_query: z.ZodOptional<z.ZodString>;
+    max_text_chars: z.ZodOptional<z.ZodNumber>;
+}, "strip", z.ZodTypeAny, {
+    query: string;
+    type?: "auto" | "fast" | "neural" | "keyword" | undefined;
+    text?: boolean | undefined;
+    summary?: boolean | undefined;
+    num_results?: number | undefined;
+    category?: "company" | "research paper" | "news" | "personal site" | "financial report" | "people" | undefined;
+    include_domains?: string[] | undefined;
+    exclude_domains?: string[] | undefined;
+    include_text?: string[] | undefined;
+    exclude_text?: string[] | undefined;
+    start_published_date?: string | undefined;
+    end_published_date?: string | undefined;
+    user_location?: string | undefined;
+    highlights?: boolean | undefined;
+    summary_query?: string | undefined;
+    max_text_chars?: number | undefined;
+}, {
+    query: string;
+    type?: "auto" | "fast" | "neural" | "keyword" | undefined;
+    text?: boolean | undefined;
+    summary?: boolean | undefined;
+    num_results?: number | undefined;
+    category?: "company" | "research paper" | "news" | "personal site" | "financial report" | "people" | undefined;
+    include_domains?: string[] | undefined;
+    exclude_domains?: string[] | undefined;
+    include_text?: string[] | undefined;
+    exclude_text?: string[] | undefined;
+    start_published_date?: string | undefined;
+    end_published_date?: string | undefined;
+    user_location?: string | undefined;
+    highlights?: boolean | undefined;
+    summary_query?: string | undefined;
+    max_text_chars?: number | undefined;
+}>;
+type ExaContents = {
+    text?: boolean | {
+        maxCharacters?: number;
+    };
+    highlights?: boolean | {
+        maxCharacters?: number;
+    };
+    summary?: boolean | {
+        query?: string;
+    };
+};
+type ExaRequest = {
+    query: string;
+    numResults: number;
+    type?: (typeof SEARCH_TYPES)[number];
+    category?: (typeof CATEGORIES)[number];
+    includeDomains?: string[];
+    excludeDomains?: string[];
+    includeText?: string[];
+    excludeText?: string[];
+    startPublishedDate?: string;
+    endPublishedDate?: string;
+    userLocation?: string;
+    contents?: ExaContents;
+};
+type ExaResultItem = {
+    id?: string;
+    url: string;
+    title?: string | null;
+    publishedDate?: string;
+    author?: string | null;
+    text?: string;
+    highlights?: string[];
+    summary?: string;
+};
+type ExaResponse = {
+    results: ExaResultItem[];
+    requestId?: string;
+};
+export declare function buildRequestBody(input: z.infer<typeof inputSchema>): ExaRequest;
+export declare function extractSnippet(item: ExaResultItem): string;
+export declare function formatResults(response: ExaResponse): string;
+export declare const ExaSearchTool: Tool<typeof inputSchema>;
+export {};
+//# sourceMappingURL=index.d.ts.map

package/dist/tools/ExaSearchTool/index.js

@@ -0,0 +1,165 @@
+import { z } from "zod";
+const SEARCH_TYPES = ["auto", "neural", "fast", "keyword"];
+const CATEGORIES = ["company", "research paper", "news", "personal site", "financial report", "people"];
+const inputSchema = z.object({
+    query: z.string(),
+    num_results: z.number().optional(),
+    type: z.enum(SEARCH_TYPES).optional(),
+    category: z.enum(CATEGORIES).optional(),
+    include_domains: z.array(z.string()).optional(),
+    exclude_domains: z.array(z.string()).optional(),
+    include_text: z.array(z.string()).optional(),
+    exclude_text: z.array(z.string()).optional(),
+    start_published_date: z.string().optional(),
+    end_published_date: z.string().optional(),
+    user_location: z.string().optional(),
+    text: z.boolean().optional(),
+    highlights: z.boolean().optional(),
+    summary: z.boolean().optional(),
+    summary_query: z.string().optional(),
+    max_text_chars: z.number().optional(),
+});
+const DEFAULT_NUM_RESULTS = 5;
+const MAX_TEXT_CHARS = 1500;
+const ENDPOINT = "https://api.exa.ai/search";
+const INTEGRATION_HEADER = "openharness";
+export function buildRequestBody(input) {
+    const body = {
+        query: input.query,
+        numResults: input.num_results ?? DEFAULT_NUM_RESULTS,
+    };
+    if (input.type)
+        body.type = input.type;
+    if (input.category)
+        body.category = input.category;
+    if (input.include_domains?.length)
+        body.includeDomains = input.include_domains;
+    if (input.exclude_domains?.length)
+        body.excludeDomains = input.exclude_domains;
+    if (input.include_text?.length)
+        body.includeText = input.include_text;
+    if (input.exclude_text?.length)
+        body.excludeText = input.exclude_text;
+    if (input.start_published_date)
+        body.startPublishedDate = input.start_published_date;
+    if (input.end_published_date)
+        body.endPublishedDate = input.end_published_date;
+    if (input.user_location)
+        body.userLocation = input.user_location;
+    const wantText = input.text ?? true;
+    const wantHighlights = input.highlights ?? true;
+    const wantSummary = input.summary ?? false;
+    const contents = {};
+    if (wantText) {
+        contents.text = { maxCharacters: input.max_text_chars ?? MAX_TEXT_CHARS };
+    }
+    if (wantHighlights) {
+        contents.highlights = true;
+    }
+    if (wantSummary) {
+        contents.summary = input.summary_query ? { query: input.summary_query } : true;
+    }
+    if (Object.keys(contents).length > 0) {
+        body.contents = contents;
+    }
+    return body;
+}
+export function extractSnippet(item) {
+    if (item.highlights && item.highlights.length > 0) {
+        return item.highlights.join(" … ");
+    }
+    if (item.summary)
+        return item.summary;
+    if (item.text) {
+        const trimmed = item.text.replace(/\s+/g, " ").trim();
+        return trimmed.length > 300 ? `${trimmed.slice(0, 300)}…` : trimmed;
+    }
+    return "";
+}
+export function formatResults(response) {
+    if (!response.results || response.results.length === 0) {
+        return "No results found.";
+    }
+    return response.results
+        .map((r, i) => {
+        const title = r.title?.trim() || "(untitled)";
+        const snippet = extractSnippet(r);
+        const meta = [];
+        if (r.author)
+            meta.push(`by ${r.author}`);
+        if (r.publishedDate)
+            meta.push(r.publishedDate.slice(0, 10));
+        const metaLine = meta.length ? `   ${meta.join(" · ")}\n` : "";
+        const snippetLine = snippet ? `   ${snippet}\n` : "";
+        return `${i + 1}. ${title}\n   ${r.url}\n${metaLine}${snippetLine}`.trimEnd();
+    })
+        .join("\n\n");
+}
+export const ExaSearchTool = {
+    name: "ExaSearch",
+    description: "Search the web with Exa — neural/fast/auto search with content retrieval, domain and date filters, and category targeting.",
+    inputSchema,
+    riskLevel: "medium",
+    isReadOnly() {
+        return true;
+    },
+    isConcurrencySafe() {
+        return true;
+    },
+    async call(input, _context) {
+        const apiKey = process.env.EXA_API_KEY;
+        if (!apiKey) {
+            return {
+                output: "Error: EXA_API_KEY environment variable is not set.",
+                isError: true,
+            };
+        }
+        const body = buildRequestBody(input);
+        try {
+            const response = await fetch(ENDPOINT, {
+                method: "POST",
+                headers: {
+                    "Content-Type": "application/json",
+                    "x-api-key": apiKey,
+                    "x-exa-integration": INTEGRATION_HEADER,
+                    "User-Agent": "OpenHarness/1.0",
+                },
+                body: JSON.stringify(body),
+                signal: AbortSignal.timeout(30_000),
+            });
+            if (!response.ok) {
+                const errText = await response.text().catch(() => "");
+                const detail = errText ? `: ${errText.slice(0, 500)}` : "";
+                return {
+                    output: `Error: Exa API returned ${response.status} ${response.statusText}${detail}`,
+                    isError: true,
+                };
+            }
+            const json = (await response.json());
+            return { output: formatResults(json), isError: false };
+        }
+        catch (err) {
+            const message = err instanceof Error ? err.message : String(err);
+            return { output: `Error performing Exa search: ${message}`, isError: true };
+        }
+    },
+    prompt() {
+        return `Search the web using Exa's neural search engine and return ranked results with snippets. Requires EXA_API_KEY env var. Parameters:
+- query (string, required): The search query.
+- num_results (number, optional): Max results to return (default 5).
+- type (string, optional): "auto" (default), "neural", "fast", or "keyword".
+- category (string, optional): One of "company", "research paper", "news", "personal site", "financial report", "people".
+- include_domains (string[], optional): Restrict to these domains.
+- exclude_domains (string[], optional): Skip these domains.
+- include_text (string[], optional): Results must contain these phrases.
+- exclude_text (string[], optional): Skip results containing these phrases.
+- start_published_date / end_published_date (string, optional): ISO 8601 publication date filters.
+- user_location (string, optional): Two-letter ISO country code.
+- text (boolean, optional): Include page text (default true).
+- highlights (boolean, optional): Include highlight snippets (default true).
+- summary (boolean, optional): Include AI-generated summary (default false).
+- summary_query (string, optional): Custom summarization query.
+- max_text_chars (number, optional): Cap text length per result (default 1500).`;
+    },
+};
+//# sourceMappingURL=index.js.map

package/dist/tools.js

@@ -14,6 +14,7 @@ import { CronCreateTool, CronDeleteTool, CronListTool } from "./tools/CronTool/i
 import { DiagnosticsTool } from "./tools/DiagnosticsTool/index.js";
 import { EnterPlanModeTool } from "./tools/EnterPlanModeTool/index.js";
 import { EnterWorktreeTool } from "./tools/EnterWorktreeTool/index.js";
+import { ExaSearchTool } from "./tools/ExaSearchTool/index.js";
 import { ExitPlanModeTool } from "./tools/ExitPlanModeTool/index.js";
 import { ExitWorktreeTool } from "./tools/ExitWorktreeTool/index.js";
 import { FileEditTool } from "./tools/FileEditTool/index.js";
@@ -87,6 +88,7 @@ export function getAllTools() {
     const extended = [
         WebFetchTool,
         WebSearchTool,
+        ExaSearchTool,
         TaskGetTool,
         TaskStopTool,
         TaskOutputTool,

package/dist/utils/fuzzy.d.ts

@@ -0,0 +1,39 @@
+/**
+ * Subsequence-match scoring for slash-command and similar pickers.
+ *
+ * Given a query, returns matched candidates in best-first order with all
+ * non-matches dropped. A candidate matches when every query character appears
+ * in the candidate name in order (not necessarily contiguous). Score rewards
+ * contiguous runs, prefix matches, and word-boundary hits so "git" still
+ * surfaces "/git" before "/login" when typing "g".
+ *
+ * Audit U-B3: replaces the prior `startsWith` filter in `src/repl.ts`.
+ */
+export type FuzzyEntry<T> = T & {
+    name: string;
+};
+export type FuzzyResult<T> = {
+    entry: FuzzyEntry<T>;
+    score: number;
+};
+/**
+ * Score a single candidate against the query. Returns `null` when query is not
+ * a subsequence of name. Higher scores are better.
+ *
+ * Scoring rubric (additive):
+ *  +100  candidate name starts with query (still earns subsequence bonus on top)
+ *  +50   per character of contiguous run (max once per matched char pair)
+ *  +20   match on a word-boundary char (after `-`, `_`, ` `, ':' or at start)
+ *  +1    base per matched character
+ *  -1    per skipped (unmatched) character before final query char
+ */
+export declare function fuzzyScore(query: string, name: string): number | null;
+/**
+ * Filter and rank entries by `entry.name` against `query`. Stable for ties:
+ * preserves the original input order so registration-order categories stay
+ * naturally contiguous when scores are equal.
+ */
+export declare function fuzzyFilter<T extends {
+    name: string;
+}>(query: string, entries: T[]): FuzzyResult<T>[];
+//# sourceMappingURL=fuzzy.d.ts.map

package/dist/utils/fuzzy.js

@@ -0,0 +1,70 @@
+/**
+ * Subsequence-match scoring for slash-command and similar pickers.
+ *
+ * Given a query, returns matched candidates in best-first order with all
+ * non-matches dropped. A candidate matches when every query character appears
+ * in the candidate name in order (not necessarily contiguous). Score rewards
+ * contiguous runs, prefix matches, and word-boundary hits so "git" still
+ * surfaces "/git" before "/login" when typing "g".
+ *
+ * Audit U-B3: replaces the prior `startsWith` filter in `src/repl.ts`.
+ */
+/**
+ * Score a single candidate against the query. Returns `null` when query is not
+ * a subsequence of name. Higher scores are better.
+ *
+ * Scoring rubric (additive):
+ *  +100  candidate name starts with query (still earns subsequence bonus on top)
+ *  +50   per character of contiguous run (max once per matched char pair)
+ *  +20   match on a word-boundary char (after `-`, `_`, ` `, ':' or at start)
+ *  +1    base per matched character
+ *  -1    per skipped (unmatched) character before final query char
+ */
+export function fuzzyScore(query, name) {
+    if (query.length === 0)
+        return 0;
+    const q = query.toLowerCase();
+    const n = name.toLowerCase();
+    let qi = 0;
+    let score = 0;
+    let lastMatchIdx = -2;
+    for (let i = 0; i < n.length && qi < q.length; i++) {
+        if (n[i] === q[qi]) {
+            score += 1;
+            const isBoundary = i === 0 || /[-_ :./]/.test(n[i - 1]);
+            if (isBoundary)
+                score += 20;
+            if (i === lastMatchIdx + 1)
+                score += 50;
+            lastMatchIdx = i;
+            qi++;
+        }
+    }
+    if (qi < q.length)
+        return null;
+    // Prefix bonus: candidate begins with the full query verbatim.
+    if (n.startsWith(q))
+        score += 100;
+    // Penalty for skipped chars between first and last match.
+    const span = lastMatchIdx - (n.indexOf(q[0]) ?? 0);
+    if (span > q.length)
+        score -= span - q.length;
+    return score;
+}
+/**
+ * Filter and rank entries by `entry.name` against `query`. Stable for ties:
+ * preserves the original input order so registration-order categories stay
+ * naturally contiguous when scores are equal.
+ */
+export function fuzzyFilter(query, entries) {
+    const out = [];
+    for (const entry of entries) {
+        const score = fuzzyScore(query, entry.name);
+        if (score === null)
+            continue;
+        out.push({ entry: entry, score });
+    }
+    out.sort((a, b) => b.score - a.score);
+    return out;
+}
+//# sourceMappingURL=fuzzy.js.map

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@zhijiewang/openharness",
-  "version": "2.23.0",
+  "version": "2.24.0",
   "description": "Open-source terminal coding agent. Works with any LLM.",
   "type": "module",
   "bin": {