@zhijiewang/openharness 2.30.0 → 2.30.1

package/dist/commands/ai.js

@@ -1,7 +1,11 @@
 /**
  * AI commands — /plan, /review, /roles, /agents, /plugins, /btw, /loop
  */
+import { listRoles } from "../agents/roles.js";
 import { gitDiff, isGitRepo } from "../git/index.js";
+import { addMarketplace, formatInstalledPlugins, formatMarketplaceSearch, getInstalledPlugins, installPlugin, listMarketplaces, removeMarketplace, searchMarketplace, uninstallPlugin, } from "../harness/marketplace.js";
+import { discoverPlugins, discoverSkills } from "../harness/plugins.js";
+import { discoverAgents } from "../services/a2a.js";
 import { handleCybergotchiCommand } from "./cybergotchi.js";
 export function registerAICommands(register) {
     register("btw", "Ask a side question (ephemeral, no tools, not saved to history)", (args) => {
@@ -71,7 +75,6 @@ export function registerAICommands(register) {
         };
     });
     register("roles", "List available agent specialization roles", () => {
-        const { listRoles } = require("../agents/roles.js");
         const roles = listRoles();
         const lines = ["Available agent roles:\n"];
         for (const role of roles) {
@@ -86,7 +89,6 @@ export function registerAICommands(register) {
         return { output: lines.join("\n"), handled: true };
     });
     register("agents", "Discover running openHarness agents on this machine", () => {
-        const { discoverAgents } = require("../services/a2a.js");
         const agents = discoverAgents();
         if (agents.length === 0) {
             return {
@@ -110,8 +112,6 @@ export function registerAICommands(register) {
         return { output: lines.join("\n"), handled: true };
     });
     const pluginsHandler = (args) => {
-        const { discoverPlugins, discoverSkills } = require("../harness/plugins.js");
-        const { searchMarketplace, installPlugin, uninstallPlugin, getInstalledPlugins, listMarketplaces, addMarketplace, removeMarketplace, formatMarketplaceSearch, formatInstalledPlugins, } = require("../harness/marketplace.js");
         const parts = args.trim().split(/\s+/);
         const subcommand = parts[0] ?? "";
         const rest = parts.slice(1).join(" ");

package/dist/commands/git.js

@@ -3,6 +3,7 @@
  */
 import { execSync } from "node:child_process";
 import { gitBranch, gitCommit, gitDiff, gitLog, gitUndo, isGitRepo } from "../git/index.js";
+import { checkpointCount, listCheckpoints, rewindLastCheckpoint } from "../harness/checkpoints.js";
 export function registerGitCommands(register) {
     register("diff", "Show uncommitted git changes", () => {
         if (!isGitRepo()) {
@@ -22,7 +23,6 @@ export function registerGitCommands(register) {
         };
     });
     register("rewind", "Restore files from checkpoint (interactive picker or last)", (args) => {
-        const { rewindLastCheckpoint, listCheckpoints, checkpointCount } = require("../harness/checkpoints.js");
         const checkpoints = listCheckpoints();
         if (checkpoints.length === 0) {
             return { output: "No checkpoints available. Checkpoints are created before file modifications.", handled: true };

package/dist/commands/info.js

@@ -12,10 +12,11 @@ import { getHooks, invalidateHookCache } from "../harness/hooks.js";
 import { discoverPlugins, discoverSkills } from "../harness/plugins.js";
 import { invalidateSandboxCache } from "../harness/sandbox.js";
 import { formatTrace, listTracedSessions, loadTrace } from "../harness/traces.js";
-import { invalidateVerificationCache } from "../harness/verification.js";
+import { getVerificationConfig, invalidateVerificationCache } from "../harness/verification.js";
 import { normalizeMcpConfig } from "../mcp/config-normalize.js";
 import { connectedMcpServers, disconnectMcpClients, loadMcpTools } from "../mcp/loader.js";
 import { getAuthStatus } from "../mcp/oauth.js";
+import { formatRegistry, generateConfigBlock, MCP_REGISTRY, searchRegistry } from "../mcp/registry.js";
 import { getRouteSelection } from "../providers/router.js";
 import { formatHooksReport } from "./hooks-report.js";
 import { mcpLoginHandler, mcpLogoutHandler } from "./mcp-auth.js";
@@ -326,7 +327,6 @@ export function registerInfoCommands(register, getCommandMap) {
         const globalCfg = existsSync(join(homedir(), ".oh", "config.yaml"));
         lines.push(`  Global config: ${globalCfg ? "~/.oh/config.yaml ✓" : "not set (optional)"}`);
         try {
-            const { getVerificationConfig } = require("../harness/verification.js");
             const vCfg = getVerificationConfig();
             if (vCfg?.enabled) {
                 lines.push(`  Verification:  ✓ (${vCfg.rules.length} rules, mode: ${vCfg.mode})`);
@@ -478,7 +478,6 @@ export function registerInfoCommands(register, getCommandMap) {
         return { output: lines.join("\n"), handled: true };
     });
     register("mcp-registry", "Browse and add MCP servers from the curated registry", (args) => {
-        const { searchRegistry, formatRegistry, generateConfigBlock, MCP_REGISTRY } = require("../mcp/registry.js");
         const query = args.trim();
         if (!query) {
             const output = `MCP Server Registry (${MCP_REGISTRY.length} servers)\n${"─".repeat(50)}\n\n${formatRegistry()}\n\nUsage:\n  /mcp-registry <name>    Show install config for a server\n  /mcp-registry <keyword> Search by name, description, or category`;

package/dist/commands/session.js

@@ -2,7 +2,7 @@
  * Session commands — /clear, /compact, /copy, /export, /history, /browse, /resume, /fork, /pin, /unpin
  */
 import { spawnSync } from "node:child_process";
-import { existsSync, mkdirSync } from "node:fs";
+import { existsSync, mkdirSync, writeFileSync } from "node:fs";
 import { homedir, platform } from "node:os";
 import { dirname, join, resolve } from "node:path";
 import { getContextWindow } from "../harness/cost.js";
@@ -134,7 +134,6 @@ export function registerSessionCommands(register) {
         const body = asJson ? JSON.stringify(ctx.messages, null, 2) : formatMessagesAsMarkdown(ctx.messages);
         try {
             mkdirSync(dirname(filename), { recursive: true });
-            const { writeFileSync } = require("node:fs");
             writeFileSync(filename, body);
             return { output: `Exported ${ctx.messages.length} messages to ${filename}`, handled: true };
         }

package/dist/commands/settings.js

@@ -8,6 +8,7 @@ import { dirname, join } from "node:path";
 import { readApprovalLog } from "../harness/approvals.js";
 import { readOhConfig } from "../harness/config.js";
 import { loadKeybindings } from "../harness/keybindings.js";
+import { sandboxStatus } from "../harness/sandbox.js";
 import { isTrusted, listTrusted, trust } from "../harness/trust.js";
 const KEYBINDINGS_TEMPLATE = `[
   { "key": "ctrl+d", "action": "/diff" },
@@ -136,7 +137,6 @@ export function registerSettingsCommands(register) {
         return { output: `Effort level set to: ${level}`, handled: true };
     });
     register("sandbox", "Show sandbox status and restrictions", () => {
-        const { sandboxStatus } = require("../harness/sandbox.js");
         return { output: `${sandboxStatus()}\n\nConfigure in .oh/config.yaml under sandbox:`, handled: true };
     });
     register("permissions", "View or change permission mode (or 'log' for approval history)", (args, ctx) => {

package/dist/commands/skills.js

@@ -1,9 +1,9 @@
 /**
  * Skill management commands — /skills, /skill-create, /skill-delete, /skill-edit, /skill-search, /skill-install
  */
-import { existsSync, mkdirSync, writeFileSync } from "node:fs";
+import { existsSync, mkdirSync, unlinkSync, writeFileSync } from "node:fs";
 import { join } from "node:path";
-import { discoverSkills } from "../harness/plugins.js";
+import { discoverSkills, findSkill } from "../harness/plugins.js";
 export function registerSkillCommands(register) {
     register("skills", "List all available skills", () => {
         const skills = discoverSkills();
@@ -76,12 +76,10 @@ How to confirm the skill worked correctly.
         const name = args.trim();
         if (!name)
             return { output: "Usage: /skill-delete <name>", handled: true };
-        const { findSkill } = require("../harness/plugins.js");
         const skill = findSkill(name);
         if (!skill)
             return { output: `Skill "${name}" not found.`, handled: true };
         try {
-            const { unlinkSync } = require("node:fs");
             unlinkSync(skill.filePath);
             return { output: `Deleted skill: ${skill.filePath}`, handled: true };
         }
@@ -93,7 +91,6 @@ How to confirm the skill worked correctly.
         const name = args.trim();
         if (!name)
             return { output: "Usage: /skill-edit <name>", handled: true };
-        const { findSkill } = require("../harness/plugins.js");
         const skill = findSkill(name);
         if (!skill)
             return { output: `Skill "${name}" not found.`, handled: true };

package/dist/components/InitWizard.js

@@ -15,6 +15,7 @@ import { Box, Text, useInput } from "ink";
 import TextInput from "ink-text-input";
 import { useCallback, useState } from "react";
 import { writeOhConfig } from "../harness/config.js";
+import { MCP_REGISTRY } from "../mcp/registry.js";
 import CybergotchiSetup from "./CybergotchiSetup.js";
 const PROVIDERS = [
     {
@@ -125,7 +126,6 @@ export default function InitWizard({ onDone }) {
         let mcpServers;
         if (selectedMcp.size > 0) {
             try {
-                const { MCP_REGISTRY } = require("../mcp/registry.js");
                 mcpServers = [...selectedMcp]
                     .map((name) => MCP_REGISTRY.find((e) => e.name === name))
                     .filter(Boolean)

package/dist/harness/config.js

@@ -127,13 +127,9 @@ export function appendToolPermission(toolName, action = "allow", root) {
 }
 export function writeOhConfig(cfg, root) {
     invalidateConfigCache();
-    // Emit configChange hook (lazy import to avoid circular dependency)
-    try {
-        require("./hooks.js").emitHook("configChange", {});
-    }
-    catch {
-        /* ignore */
-    }
+    // Emit configChange hook (dynamic import to avoid circular dependency
+    // with hooks.ts, which imports readOhConfig from this module).
+    import("./hooks.js").then((m) => m.emitHook("configChange", {})).catch(() => { });
     const p = configPath(root);
     mkdirSync(join(root ?? ".", ".oh"), { recursive: true });
     if (cfg.provider === "llamacpp" || cfg.provider === "lmstudio") {

package/dist/harness/plugins.js

@@ -14,6 +14,7 @@ import { existsSync, readdirSync, readFileSync, statSync } from "node:fs";
 import { homedir } from "node:os";
 import { dirname, join, relative } from "node:path";
 import { fileURLToPath } from "node:url";
+import { getInstalledPlugins } from "./marketplace.js";
 const PROJECT_SKILLS_DIR = join(".oh", "skills");
 const GLOBAL_SKILLS_DIR = join(homedir(), ".oh", "skills");
 // Claude Code ecosystem mirror paths (Anthropic convention)
@@ -178,7 +179,6 @@ export function discoverSkills() {
     skills.push(...loadSkillsFromDir(CC_GLOBAL_SKILLS_DIR, "global"));
     // Load skills from installed marketplace plugins (namespaced as plugin-name:skill-name)
     try {
-        const { getInstalledPlugins } = require("./marketplace.js");
         for (const plugin of getInstalledPlugins()) {
             const pluginSkillsDir = join(plugin.cachePath, "skills");
             const pluginSkills = loadSkillsFromDir(pluginSkillsDir, "plugin");

package/dist/harness/telemetry.js

@@ -15,10 +15,15 @@ import { appendFileSync, existsSync, mkdirSync, readdirSync, readFileSync } from
 import { homedir } from "node:os";
 import { join } from "node:path";
 import { readOhConfig } from "./config.js";
-const TELEMETRY_DIR = join(homedir(), ".oh", "telemetry");
+/**
+ * Telemetry directory. Resolved on each access so `OH_TELEMETRY_DIR` env-var
+ * overrides (used by tests) take effect even after this module loads.
+ */
+function telemetryDir() {
+    return process.env.OH_TELEMETRY_DIR ?? join(homedir(), ".oh", "telemetry");
+}
 // ── State ──
 let _enabled;
-let _sessionFile = null;
 function isEnabled() {
     if (_enabled !== undefined)
         return _enabled;
@@ -26,12 +31,13 @@ function isEnabled() {
     _enabled = config?.telemetry?.enabled === true;
     return _enabled;
 }
+/** Resolve the JSONL path for a sessionId. Stateless — was previously a module-level
+ * singleton that ignored `sessionId` after the first call, causing multi-session
+ * processes (e.g. `--resume`) to write every session into the first one's file. */
 function getSessionFile(sessionId) {
-    if (_sessionFile)
-        return _sessionFile;
-    mkdirSync(TELEMETRY_DIR, { recursive: true });
-    _sessionFile = join(TELEMETRY_DIR, `${sessionId}.jsonl`);
-    return _sessionFile;
+    const dir = telemetryDir();
+    mkdirSync(dir, { recursive: true });
+    return join(dir, `${sessionId}.jsonl`);
 }
 // ── Public API ──
 /** Record a telemetry event (no-op if telemetry disabled) */
@@ -84,7 +90,7 @@ export function recordError(sessionId, category) {
 }
 /** Read local telemetry events for a session */
 export function readSessionEvents(sessionId) {
-    const file = join(TELEMETRY_DIR, `${sessionId}.jsonl`);
+    const file = join(telemetryDir(), `${sessionId}.jsonl`);
     if (!existsSync(file))
         return [];
     try {
@@ -99,15 +105,16 @@ export function readSessionEvents(sessionId) {
 }
 /** Get aggregate stats across all sessions */
 export function getAggregateStats() {
-    if (!existsSync(TELEMETRY_DIR))
+    const dir = telemetryDir();
+    if (!existsSync(dir))
         return { totalSessions: 0, totalEvents: 0, toolUsage: {}, errorCategories: {} };
-    const files = readdirSync(TELEMETRY_DIR).filter((f) => f.endsWith(".jsonl"));
+    const files = readdirSync(dir).filter((f) => f.endsWith(".jsonl"));
     const toolUsage = {};
     const errorCategories = {};
     let totalEvents = 0;
     for (const file of files) {
         try {
-            const lines = readFileSync(join(TELEMETRY_DIR, file), "utf-8").split("\n").filter(Boolean);
+            const lines = readFileSync(join(dir, file), "utf-8").split("\n").filter(Boolean);
             totalEvents += lines.length;
             for (const line of lines) {
                 const event = JSON.parse(line);
@@ -128,6 +135,5 @@ export function getAggregateStats() {
 /** Reset telemetry cache (for testing or config changes) */
 export function resetTelemetry() {
     _enabled = undefined;
-    _sessionFile = null;
 }
 //# sourceMappingURL=telemetry.js.map

package/dist/harness/traces.d.ts

@@ -32,13 +32,36 @@ export declare class SessionTracer {
     private activeSpans;
     private spanCounter;
     private otlp?;
+    /**
+     * Pending spans that have ended but not yet been POSTed to OTLP. Drained
+     * by a microtask-debounced flush (one POST per microtask boundary even if
+     * many spans end in the same tick) and by the public `flush()` method.
+     */
+    private otlpBuffer;
+    private otlpFlushScheduled;
+    /** In-flight fetches so `flush()` can await any POSTs already on the wire. */
+    private otlpInFlight;
     constructor(sessionId: string, otlp?: OTLPConfig);
     /** Start a new span. Returns the span ID. */
     startSpan(name: string, attributes?: Record<string, unknown>, parentSpanId?: string): string;
     /** End a span and record it. */
     endSpan(spanId: string, status?: "ok" | "error", extraAttributes?: Record<string, unknown>): TraceSpan | null;
-    /** Fire-and-forget POST of a single span to the configured OTLP HTTP endpoint. Errors swallowed — telemetry must never crash the agent. */
+    /**
+     * Buffer the span for OTLP shipping. The actual POST is deferred to a
+     * microtask so multiple spans ending in the same tick coalesce into a
+     * single batch POST instead of one fetch each. Errors are swallowed —
+     * telemetry must never crash the agent.
+     */
     private shipSpanOTLP;
+    /** Send whatever is in `otlpBuffer` as a single fire-and-forget POST. The
+     * returned promise is tracked in `otlpInFlight` so `flush()` can await it. */
+    private drainOTLPBuffer;
+    /**
+     * Drain any pending OTLP buffer and await every in-flight POST. Call this at
+     * session end so spans aren't dropped on `process.exit`. No-op when OTLP is
+     * not configured. Errors are swallowed (already, by `drainOTLPBuffer`).
+     */
+    flush(): Promise<void>;
     /** Get all completed spans */
     getSpans(): TraceSpan[];
     /** Get a summary of the trace */

package/dist/harness/traces.js

@@ -19,6 +19,15 @@ export class SessionTracer {
     activeSpans = new Map();
     spanCounter = 0;
     otlp;
+    /**
+     * Pending spans that have ended but not yet been POSTed to OTLP. Drained
+     * by a microtask-debounced flush (one POST per microtask boundary even if
+     * many spans end in the same tick) and by the public `flush()` method.
+     */
+    otlpBuffer = [];
+    otlpFlushScheduled = false;
+    /** In-flight fetches so `flush()` can await any POSTs already on the wire. */
+    otlpInFlight = new Set();
     constructor(sessionId, otlp) {
         this.sessionId = sessionId;
         this.otlp = otlp;
@@ -56,19 +65,60 @@ export class SessionTracer {
             this.shipSpanOTLP(span);
         return span;
     }
-    /** Fire-and-forget POST of a single span to the configured OTLP HTTP endpoint. Errors swallowed — telemetry must never crash the agent. */
+    /**
+     * Buffer the span for OTLP shipping. The actual POST is deferred to a
+     * microtask so multiple spans ending in the same tick coalesce into a
+     * single batch POST instead of one fetch each. Errors are swallowed —
+     * telemetry must never crash the agent.
+     */
     shipSpanOTLP(span) {
         if (!this.otlp)
             return;
-        const payload = exportTraceOTLP(this.sessionId, [span]);
-        fetch(this.otlp.endpoint, {
+        this.otlpBuffer.push(span);
+        if (this.otlpFlushScheduled)
+            return;
+        this.otlpFlushScheduled = true;
+        queueMicrotask(() => {
+            this.otlpFlushScheduled = false;
+            this.drainOTLPBuffer();
+        });
+    }
+    /** Send whatever is in `otlpBuffer` as a single fire-and-forget POST. The
+     * returned promise is tracked in `otlpInFlight` so `flush()` can await it. */
+    drainOTLPBuffer() {
+        if (!this.otlp || this.otlpBuffer.length === 0)
+            return;
+        const batch = this.otlpBuffer;
+        this.otlpBuffer = [];
+        const payload = exportTraceOTLP(this.sessionId, batch);
+        const p = fetch(this.otlp.endpoint, {
             method: "POST",
             headers: { "Content-Type": "application/json", ...(this.otlp.headers ?? {}) },
             body: JSON.stringify(payload),
-        }).catch(() => {
-            /* swallow — telemetry must not interfere with the agent */
+        }).then(() => undefined, () => undefined);
+        this.otlpInFlight.add(p);
+        p.finally(() => {
+            this.otlpInFlight.delete(p);
         });
     }
+    /**
+     * Drain any pending OTLP buffer and await every in-flight POST. Call this at
+     * session end so spans aren't dropped on `process.exit`. No-op when OTLP is
+     * not configured. Errors are swallowed (already, by `drainOTLPBuffer`).
+     */
+    async flush() {
+        if (!this.otlp)
+            return;
+        // Drain any not-yet-shipped buffer first; cancel pending microtask flush
+        // (the buffer becomes empty so the microtask would no-op anyway, but
+        // clearing the flag is explicit).
+        this.otlpFlushScheduled = false;
+        this.drainOTLPBuffer();
+        // Wait for every fetch we've kicked off (microtask-shipped or just now).
+        if (this.otlpInFlight.size > 0) {
+            await Promise.allSettled(Array.from(this.otlpInFlight));
+        }
+    }
     /** Get all completed spans */
     getSpans() {
         return [...this.spans];
@@ -170,8 +220,22 @@ export function formatTrace(spans) {
     lines.push(`Total: ${spans.length} spans, ${totalMs}ms, ${errors} errors`);
     return lines.join("\n");
 }
+/**
+ * Coerce an arbitrary string (UUID with hyphens, "span-N", etc.) into a fixed-length
+ * lowercase hex string suitable for OTLP. OTLP collectors (Jaeger, Tempo, OTel
+ * Collector) validate that traceId is 32 hex chars and spanId is 16 hex chars and
+ * reject anything containing `-` or non-hex letters. We strip non-hex chars, then
+ * pad-left with zeros (or truncate from the left) to the target length.
+ */
+function toHexId(input, length) {
+    const hex = input.toLowerCase().replace(/[^0-9a-f]/g, "");
+    if (hex.length === 0)
+        return "0".repeat(length);
+    return hex.length >= length ? hex.slice(0, length) : hex.padStart(length, "0");
+}
 /** Export trace in OpenTelemetry-compatible format */
 export function exportTraceOTLP(sessionId, spans) {
+    const traceId = toHexId(sessionId, 32);
     return {
         resourceSpans: [
             {
@@ -185,9 +249,9 @@ export function exportTraceOTLP(sessionId, spans) {
                     {
                         scope: { name: "openharness.agent" },
                         spans: spans.map((s) => ({
-                            traceId: sessionId.padEnd(32, "0").slice(0, 32),
-                            spanId: s.spanId.padEnd(16, "0").slice(0, 16),
-                            parentSpanId: s.parentSpanId?.padEnd(16, "0").slice(0, 16),
+                            traceId,
+                            spanId: toHexId(s.spanId, 16),
+                            parentSpanId: s.parentSpanId ? toHexId(s.parentSpanId, 16) : undefined,
                             name: s.name,
                             startTimeUnixNano: s.startTime * 1_000_000,
                             endTimeUnixNano: s.endTime * 1_000_000,

package/dist/providers/anthropic.js

@@ -134,6 +134,10 @@ export class AnthropicProvider {
         let currentToolId = "";
         let currentToolName = "";
         let currentToolArgs = "";
+        // Persist across chunk boundaries: a TCP/TLS framing boundary can land
+        // between the SSE `event:` and `data:` lines, leaving the event type
+        // staged for the next chunk's first `data:` line.
+        let currentEvent = "";
         while (true) {
             const { done, value } = await reader.read();
             if (done)
@@ -141,7 +145,6 @@ export class AnthropicProvider {
             buffer += decoder.decode(value, { stream: true });
             const lines = buffer.split("\n");
             buffer = lines.pop() ?? "";
-            let currentEvent = "";
             for (const line of lines) {
                 const trimmed = line.trim();
                 if (trimmed.startsWith("event:")) {

package/dist/repl.js

@@ -2,6 +2,7 @@
  * Imperative REPL — extracted business logic from React REPL.tsx.
  * Uses TerminalRenderer for display instead of Ink.
  */
+import { readdirSync, statSync } from "node:fs";
 import { homedir } from "node:os";
 import { getCommandEntries } from "./commands/index.js";
 import { roll } from "./cybergotchi/bones.js";
@@ -185,7 +186,6 @@ export async function startREPL(config) {
                 const dir = lastSep >= 0 ? expanded.slice(0, lastSep + 1) : ".";
                 const prefix = lastSep >= 0 ? expanded.slice(lastSep + 1) : expanded;
                 try {
-                    const { readdirSync, statSync } = require("node:fs");
                     const entries = readdirSync(dir)
                         .filter((name) => name.toLowerCase().startsWith(prefix.toLowerCase()))
                         .slice(0, 10);

package/dist/services/AgentDispatcher.js

@@ -161,6 +161,13 @@ export class AgentDispatcher {
                 if (filtered.length > 0)
                     taskTools = filtered;
             }
+            // Plumb cwd through config.workingDir so parallel runTask calls don't
+            // race on the global process.cwd(). The query loop seeds ToolContext
+            // with this value; built-in tools (FileRead, Glob, Bash, …) honor it.
+            // Previously this method called `process.chdir(worktreePath)` and a
+            // matching `process.chdir(originalCwd)` in `finally` — but since
+            // `process.cwd()` is process-wide, two concurrent tasks would clobber
+            // each other's directory mid-execution.
             const config = {
                 provider: this.provider,
                 tools: taskTools,
@@ -169,6 +176,7 @@ export class AgentDispatcher {
                 model: this.model,
                 maxTurns: 20,
                 abortSignal: this.abortSignal,
+                workingDir: worktreePath ?? cwd,
             };
             // Inject blocker results as context
             let promptWithContext = task.prompt;
@@ -184,37 +192,16 @@ export class AgentDispatcher {
                     promptWithContext = `${blockerContext}\n\n---\n\n${task.prompt}`;
                 }
             }
-            const originalCwd = process.cwd();
-            if (worktreePath) {
-                try {
-                    process.chdir(worktreePath);
-                }
-                catch {
-                    /* ignore */
-                }
-            }
             let output = "";
             let errorMessage = null;
-            try {
-                for await (const event of query(promptWithContext, config)) {
-                    if (event.type === "text_delta")
-                        output += event.content;
-                    if (event.type === "error") {
-                        errorMessage = event.message;
-                        break;
-                    }
-                    forwardChildEvent(event, taskCallId, this.emitChildEvent);
-                }
-            }
-            finally {
-                if (worktreePath) {
-                    try {
-                        process.chdir(originalCwd);
-                    }
-                    catch {
-                        /* ignore */
-                    }
+            for await (const event of query(promptWithContext, config)) {
+                if (event.type === "text_delta")
+                    output += event.content;
+                if (event.type === "error") {
+                    errorMessage = event.message;
+                    break;
                 }
+                forwardChildEvent(event, taskCallId, this.emitChildEvent);
             }
             if (errorMessage !== null) {
                 result = { id: task.id, output: `Error: ${errorMessage}`, isError: true, durationMs: Date.now() - start };

package/dist/services/StreamingToolExecutor.js

@@ -2,6 +2,8 @@
  * Tool execution during LLM streaming — concurrent tool execution
  * with permission checks and queue management.
  */
+import { getAffectedFiles } from "../harness/checkpoints.js";
+import { emitHook, emitHookWithOutcome } from "../harness/hooks.js";
 import { findToolByName } from "../Tool.js";
 import { checkPermission } from "../types/permissions.js";
 const MAX_CONCURRENCY = 10;
@@ -54,23 +56,69 @@ export class StreamingToolExecutor {
             tracked.status = "completed";
             return;
         }
+        const argsPreview = JSON.stringify(tracked.toolCall.arguments).slice(0, 1000);
         // Permission check
         const perm = checkPermission(this.permissionMode, tool.riskLevel, tool.isReadOnly(tracked.toolCall.arguments), tool.name, tracked.toolCall.arguments);
-        if (!perm.allowed && perm.reason === "needs-approval" && this.askUser) {
-            const { formatToolArgs } = await import("../utils/tool-summary.js");
-            const description = formatToolArgs(tool.name, tracked.toolCall.arguments);
-            const allowed = await this.askUser(tool.name, description, tool.riskLevel);
-            if (!allowed) {
-                tracked.result = { output: "Permission denied.", isError: true };
+        if (!perm.allowed) {
+            if (perm.reason === "needs-approval") {
+                // Hook: permissionRequest — give configured hooks first say. If they
+                // explicitly allow/deny, that wins; otherwise fall through to the
+                // interactive prompt or to a fail-closed deny in headless mode.
+                const hookOutcome = await emitHookWithOutcome("permissionRequest", {
+                    toolName: tool.name,
+                    toolArgs: argsPreview,
+                    toolInputJson: JSON.stringify(tracked.toolCall.arguments).slice(0, 1000),
+                    permissionMode: this.permissionMode,
+                    permissionAction: "ask",
+                });
+                const denyAndEmit = (source, reason, output) => {
+                    emitHook("permissionDenied", {
+                        toolName: tool.name,
+                        toolArgs: argsPreview,
+                        permissionMode: this.permissionMode,
+                        denySource: source,
+                        denyReason: reason,
+                    });
+                    tracked.result = { output, isError: true };
+                    tracked.status = "completed";
+                };
+                if (hookOutcome.permissionDecision === "allow") {
+                    // Hook granted — proceed.
+                }
+                else if (hookOutcome.permissionDecision === "deny" || !hookOutcome.allowed) {
+                    const reason = hookOutcome.reason ? `: ${hookOutcome.reason}` : "";
+                    denyAndEmit("hook", hookOutcome.reason ?? "hook denied", `Permission denied by hook${reason}`);
+                    return;
+                }
+                else if (this.askUser) {
+                    const { formatToolArgs } = await import("../utils/tool-summary.js");
+                    const description = formatToolArgs(tool.name, tracked.toolCall.arguments);
+                    const allowed = await this.askUser(tool.name, description, tool.riskLevel);
+                    if (!allowed) {
+                        denyAndEmit("user", "user declined", "Permission denied by user.");
+                        return;
+                    }
+                }
+                else {
+                    // Headless mode with no hook decision and no interactive prompt.
+                    denyAndEmit("headless", "no hook decision and no interactive prompt available", "Permission denied: needs-approval (no interactive prompt available; configure a permissionRequest hook to gate this tool)");
+                    return;
+                }
+            }
+            else {
+                // Auto-mode policy block (deny / acceptEdits / etc) — symmetric event.
+                emitHook("permissionDenied", {
+                    toolName: tool.name,
+                    toolArgs: argsPreview,
+                    permissionMode: this.permissionMode,
+                    denySource: "policy",
+                    denyReason: perm.reason,
+                });
+                tracked.result = { output: `Denied: ${perm.reason}`, isError: true };
                 tracked.status = "completed";
                 return;
             }
         }
-        else if (!perm.allowed) {
-            tracked.result = { output: `Denied: ${perm.reason}`, isError: true };
-            tracked.status = "completed";
-            return;
-        }
         // Validate input
         const parsed = tool.inputSchema.safeParse(tracked.toolCall.arguments);
         if (!parsed.success) {
@@ -84,6 +132,17 @@ export class StreamingToolExecutor {
             tracked.status = "completed";
             return;
         }
+        // Hook: preToolUse — last gate before execution. A hook that returns
+        // false (exit code 1 / { allowed: false }) blocks the call.
+        const preAllowed = emitHook("preToolUse", {
+            toolName: tool.name,
+            toolArgs: argsPreview,
+        });
+        if (!preAllowed) {
+            tracked.result = { output: "Blocked by preToolUse hook.", isError: true };
+            tracked.status = "completed";
+            return;
+        }
         // Execute with per-call context (streaming output chunks + abort signal)
         const callId = tracked.toolCall.id;
         const callContext = {
@@ -138,6 +197,33 @@ export class StreamingToolExecutor {
             if (toolSpanId)
                 callContext.tracer?.endSpan(toolSpanId, "error", { error: tracked.result.output });
         }
+        // Hook: postToolUse / postToolUseFailure (mutually exclusive — strict CC parity)
+        if (tracked.result) {
+            const outputPreview = tracked.result.output.slice(0, 1000);
+            if (tracked.result.isError) {
+                emitHook("postToolUseFailure", {
+                    toolName: tool.name,
+                    toolArgs: argsPreview,
+                    toolOutput: outputPreview,
+                    toolError: "ReportedError",
+                    errorMessage: outputPreview,
+                });
+            }
+            else {
+                emitHook("postToolUse", {
+                    toolName: tool.name,
+                    toolArgs: argsPreview,
+                    toolOutput: outputPreview,
+                });
+                // Emit fileChanged hook for file-modifying tools
+                if (["Edit", "Write", "MultiEdit"].includes(tool.name)) {
+                    const filePaths = getAffectedFiles(tool.name, parsed.data);
+                    for (const fp of filePaths) {
+                        emitHook("fileChanged", { filePath: fp, toolName: tool.name });
+                    }
+                }
+            }
+        }
         tracked.status = "completed";
         this.processQueue(); // Process next queued tools
     }

package/dist/tools/CronTool/index.d.ts

@@ -6,13 +6,13 @@ declare const createSchema: z.ZodObject<{
     schedule: z.ZodString;
     prompt: z.ZodString;
 }, "strip", z.ZodTypeAny, {
-    action: "create";
     name: string;
+    action: "create";
     prompt: string;
     schedule: string;
 }, {
-    action: "create";
     name: string;
+    action: "create";
     prompt: string;
     schedule: string;
 }>;

package/dist/tools/DiagnosticsTool/index.d.ts

@@ -6,8 +6,8 @@ declare const inputSchema: z.ZodObject<{
     line: z.ZodOptional<z.ZodNumber>;
     character: z.ZodOptional<z.ZodNumber>;
 }, "strip", z.ZodTypeAny, {
-    action: "diagnostics" | "definition" | "references" | "hover";
     file_path: string;
+    action: "diagnostics" | "definition" | "references" | "hover";
     line?: number | undefined;
     character?: number | undefined;
 }, {

package/dist/tools/GrepTool/index.d.ts

@@ -17,9 +17,9 @@ declare const inputSchema: z.ZodObject<{
     "-n": z.ZodOptional<z.ZodBoolean>;
 }, "strip", z.ZodTypeAny, {
     pattern: string;
+    path?: string | undefined;
     type?: string | undefined;
     "-i"?: boolean | undefined;
-    path?: string | undefined;
     context?: number | undefined;
     glob?: string | undefined;
     offset?: number | undefined;
@@ -32,9 +32,9 @@ declare const inputSchema: z.ZodObject<{
     "-n"?: boolean | undefined;
 }, {
     pattern: string;
+    path?: string | undefined;
     type?: string | undefined;
     "-i"?: boolean | undefined;
-    path?: string | undefined;
     context?: number | undefined;
     glob?: string | undefined;
     offset?: number | undefined;

package/dist/tools/PowerShellTool/index.js

@@ -1,4 +1,4 @@
-import { execSync } from "node:child_process";
+import { execFileSync } from "node:child_process";
 import { z } from "zod";
 const inputSchema = z.object({
     command: z.string().describe("PowerShell command to execute"),
@@ -21,7 +21,16 @@ export const PowerShellTool = {
         }
         const timeout = input.timeout ?? 120_000;
         try {
-            const output = execSync(`powershell.exe -NoProfile -NonInteractive -Command "${input.command.replace(/"/g, '\\"')}"`, { encoding: "utf-8", timeout, maxBuffer: 10 * 1024 * 1024, windowsHide: true });
+            // execFileSync(file, args[]) spawns powershell.exe directly without a
+            // cmd.exe wrapper, so cmd.exe metachars (& | < > ^ %VAR%) are inert.
+            // The user's command is passed as a single -Command arg; PowerShell
+            // parses it as PowerShell, not as a doubly-parsed shell string.
+            const output = execFileSync("powershell.exe", ["-NoProfile", "-NonInteractive", "-Command", input.command], {
+                encoding: "utf-8",
+                timeout,
+                maxBuffer: 10 * 1024 * 1024,
+                windowsHide: true,
+            });
             return { output: output.trim(), isError: false };
         }
         catch (err) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@zhijiewang/openharness",
-  "version": "2.30.0",
+  "version": "2.30.1",
   "description": "Open-source terminal coding agent. Works with any LLM.",
   "type": "module",
   "bin": {