activeclaw 2026.2.11 → 2026.2.13

package/dist/auth-BcNHFK-i.js

@@ -1,184 +0,0 @@
-import { i as isTrustedProxyAddress, l as resolveGatewayClientIp, n as isLoopbackAddress, o as parseForwardedForClientIp } from "./ws-C0k_dhCP.js";
-import { c as readTailscaleWhoisIdentity } from "./tailscale-DU6DgqVy.js";
-import { timingSafeEqual } from "node:crypto";
-
-//#region src/gateway/auth.ts
-function safeEqual(a, b) {
-	if (a.length !== b.length) return false;
-	return timingSafeEqual(Buffer.from(a), Buffer.from(b));
-}
-function normalizeLogin(login) {
-	return login.trim().toLowerCase();
-}
-function getHostName(hostHeader) {
-	const host = (hostHeader ?? "").trim().toLowerCase();
-	if (!host) return "";
-	if (host.startsWith("[")) {
-		const end = host.indexOf("]");
-		if (end !== -1) return host.slice(1, end);
-	}
-	const [name] = host.split(":");
-	return name ?? "";
-}
-function headerValue(value) {
-	return Array.isArray(value) ? value[0] : value;
-}
-function resolveTailscaleClientIp(req) {
-	if (!req) return;
-	const forwardedFor = headerValue(req.headers?.["x-forwarded-for"]);
-	return forwardedFor ? parseForwardedForClientIp(forwardedFor) : void 0;
-}
-function resolveRequestClientIp(req, trustedProxies) {
-	if (!req) return;
-	return resolveGatewayClientIp({
-		remoteAddr: req.socket?.remoteAddress ?? "",
-		forwardedFor: headerValue(req.headers?.["x-forwarded-for"]),
-		realIp: headerValue(req.headers?.["x-real-ip"]),
-		trustedProxies
-	});
-}
-function isLocalDirectRequest(req, trustedProxies) {
-	if (!req) return false;
-	if (!isLoopbackAddress(resolveRequestClientIp(req, trustedProxies) ?? "")) return false;
-	const host = getHostName(req.headers?.host);
-	const hostIsLocal = host === "localhost" || host === "127.0.0.1" || host === "::1";
-	const hostIsTailscaleServe = host.endsWith(".ts.net");
-	const hasForwarded = Boolean(req.headers?.["x-forwarded-for"] || req.headers?.["x-real-ip"] || req.headers?.["x-forwarded-host"]);
-	const remoteIsTrustedProxy = isTrustedProxyAddress(req.socket?.remoteAddress, trustedProxies);
-	return (hostIsLocal || hostIsTailscaleServe) && (!hasForwarded || remoteIsTrustedProxy);
-}
-function getTailscaleUser(req) {
-	if (!req) return null;
-	const login = req.headers["tailscale-user-login"];
-	if (typeof login !== "string" || !login.trim()) return null;
-	const nameRaw = req.headers["tailscale-user-name"];
-	const profilePic = req.headers["tailscale-user-profile-pic"];
-	const name = typeof nameRaw === "string" && nameRaw.trim() ? nameRaw.trim() : login.trim();
-	return {
-		login: login.trim(),
-		name,
-		profilePic: typeof profilePic === "string" && profilePic.trim() ? profilePic.trim() : void 0
-	};
-}
-function hasTailscaleProxyHeaders(req) {
-	if (!req) return false;
-	return Boolean(req.headers["x-forwarded-for"] && req.headers["x-forwarded-proto"] && req.headers["x-forwarded-host"]);
-}
-function isTailscaleProxyRequest(req) {
-	if (!req) return false;
-	return isLoopbackAddress(req.socket?.remoteAddress) && hasTailscaleProxyHeaders(req);
-}
-async function resolveVerifiedTailscaleUser(params) {
-	const { req, tailscaleWhois } = params;
-	const tailscaleUser = getTailscaleUser(req);
-	if (!tailscaleUser) return {
-		ok: false,
-		reason: "tailscale_user_missing"
-	};
-	if (!isTailscaleProxyRequest(req)) return {
-		ok: false,
-		reason: "tailscale_proxy_missing"
-	};
-	const clientIp = resolveTailscaleClientIp(req);
-	if (!clientIp) return {
-		ok: false,
-		reason: "tailscale_whois_failed"
-	};
-	const whois = await tailscaleWhois(clientIp);
-	if (!whois?.login) return {
-		ok: false,
-		reason: "tailscale_whois_failed"
-	};
-	if (normalizeLogin(whois.login) !== normalizeLogin(tailscaleUser.login)) return {
-		ok: false,
-		reason: "tailscale_user_mismatch"
-	};
-	return {
-		ok: true,
-		user: {
-			login: whois.login,
-			name: whois.name ?? tailscaleUser.name,
-			profilePic: tailscaleUser.profilePic
-		}
-	};
-}
-function resolveGatewayAuth(params) {
-	const authConfig = params.authConfig ?? {};
-	const env = params.env ?? process.env;
-	const token = authConfig.token ?? env.OPENCLAW_GATEWAY_TOKEN ?? env.CLAWDBOT_GATEWAY_TOKEN ?? void 0;
-	const password = authConfig.password ?? env.OPENCLAW_GATEWAY_PASSWORD ?? env.CLAWDBOT_GATEWAY_PASSWORD ?? void 0;
-	const mode = authConfig.mode ?? (password ? "password" : "token");
-	return {
-		mode,
-		token,
-		password,
-		allowTailscale: authConfig.allowTailscale ?? (params.tailscaleMode === "serve" && mode !== "password")
-	};
-}
-function assertGatewayAuthConfigured(auth) {
-	if (auth.mode === "token" && !auth.token) {
-		if (auth.allowTailscale) return;
-		throw new Error("gateway auth mode is token, but no token was configured (set gateway.auth.token or OPENCLAW_GATEWAY_TOKEN)");
-	}
-	if (auth.mode === "password" && !auth.password) throw new Error("gateway auth mode is password, but no password was configured");
-}
-async function authorizeGatewayConnect(params) {
-	const { auth, connectAuth, req, trustedProxies } = params;
-	const tailscaleWhois = params.tailscaleWhois ?? readTailscaleWhoisIdentity;
-	const localDirect = isLocalDirectRequest(req, trustedProxies);
-	if (auth.allowTailscale && !localDirect) {
-		const tailscaleCheck = await resolveVerifiedTailscaleUser({
-			req,
-			tailscaleWhois
-		});
-		if (tailscaleCheck.ok) return {
-			ok: true,
-			method: "tailscale",
-			user: tailscaleCheck.user.login
-		};
-	}
-	if (auth.mode === "token") {
-		if (!auth.token) return {
-			ok: false,
-			reason: "token_missing_config"
-		};
-		if (!connectAuth?.token) return {
-			ok: false,
-			reason: "token_missing"
-		};
-		if (!safeEqual(connectAuth.token, auth.token)) return {
-			ok: false,
-			reason: "token_mismatch"
-		};
-		return {
-			ok: true,
-			method: "token"
-		};
-	}
-	if (auth.mode === "password") {
-		const password = connectAuth?.password;
-		if (!auth.password) return {
-			ok: false,
-			reason: "password_missing_config"
-		};
-		if (!password) return {
-			ok: false,
-			reason: "password_missing"
-		};
-		if (!safeEqual(password, auth.password)) return {
-			ok: false,
-			reason: "password_mismatch"
-		};
-		return {
-			ok: true,
-			method: "password"
-		};
-	}
-	return {
-		ok: false,
-		reason: "unauthorized"
-	};
-}
-
-//#endregion
-export { resolveGatewayAuth as i, authorizeGatewayConnect as n, isLocalDirectRequest as r, assertGatewayAuthConfigured as t };

package/dist/auth-BvIPpm7G.js

@@ -1,184 +0,0 @@
-import { i as isTrustedProxyAddress, l as resolveGatewayClientIp, n as isLoopbackAddress, o as parseForwardedForClientIp } from "./ws-DtDKpbLR.js";
-import { c as readTailscaleWhoisIdentity } from "./tailscale-Cu-2HNvU.js";
-import { timingSafeEqual } from "node:crypto";
-
-//#region src/gateway/auth.ts
-function safeEqual(a, b) {
-	if (a.length !== b.length) return false;
-	return timingSafeEqual(Buffer.from(a), Buffer.from(b));
-}
-function normalizeLogin(login) {
-	return login.trim().toLowerCase();
-}
-function getHostName(hostHeader) {
-	const host = (hostHeader ?? "").trim().toLowerCase();
-	if (!host) return "";
-	if (host.startsWith("[")) {
-		const end = host.indexOf("]");
-		if (end !== -1) return host.slice(1, end);
-	}
-	const [name] = host.split(":");
-	return name ?? "";
-}
-function headerValue(value) {
-	return Array.isArray(value) ? value[0] : value;
-}
-function resolveTailscaleClientIp(req) {
-	if (!req) return;
-	const forwardedFor = headerValue(req.headers?.["x-forwarded-for"]);
-	return forwardedFor ? parseForwardedForClientIp(forwardedFor) : void 0;
-}
-function resolveRequestClientIp(req, trustedProxies) {
-	if (!req) return;
-	return resolveGatewayClientIp({
-		remoteAddr: req.socket?.remoteAddress ?? "",
-		forwardedFor: headerValue(req.headers?.["x-forwarded-for"]),
-		realIp: headerValue(req.headers?.["x-real-ip"]),
-		trustedProxies
-	});
-}
-function isLocalDirectRequest(req, trustedProxies) {
-	if (!req) return false;
-	if (!isLoopbackAddress(resolveRequestClientIp(req, trustedProxies) ?? "")) return false;
-	const host = getHostName(req.headers?.host);
-	const hostIsLocal = host === "localhost" || host === "127.0.0.1" || host === "::1";
-	const hostIsTailscaleServe = host.endsWith(".ts.net");
-	const hasForwarded = Boolean(req.headers?.["x-forwarded-for"] || req.headers?.["x-real-ip"] || req.headers?.["x-forwarded-host"]);
-	const remoteIsTrustedProxy = isTrustedProxyAddress(req.socket?.remoteAddress, trustedProxies);
-	return (hostIsLocal || hostIsTailscaleServe) && (!hasForwarded || remoteIsTrustedProxy);
-}
-function getTailscaleUser(req) {
-	if (!req) return null;
-	const login = req.headers["tailscale-user-login"];
-	if (typeof login !== "string" || !login.trim()) return null;
-	const nameRaw = req.headers["tailscale-user-name"];
-	const profilePic = req.headers["tailscale-user-profile-pic"];
-	const name = typeof nameRaw === "string" && nameRaw.trim() ? nameRaw.trim() : login.trim();
-	return {
-		login: login.trim(),
-		name,
-		profilePic: typeof profilePic === "string" && profilePic.trim() ? profilePic.trim() : void 0
-	};
-}
-function hasTailscaleProxyHeaders(req) {
-	if (!req) return false;
-	return Boolean(req.headers["x-forwarded-for"] && req.headers["x-forwarded-proto"] && req.headers["x-forwarded-host"]);
-}
-function isTailscaleProxyRequest(req) {
-	if (!req) return false;
-	return isLoopbackAddress(req.socket?.remoteAddress) && hasTailscaleProxyHeaders(req);
-}
-async function resolveVerifiedTailscaleUser(params) {
-	const { req, tailscaleWhois } = params;
-	const tailscaleUser = getTailscaleUser(req);
-	if (!tailscaleUser) return {
-		ok: false,
-		reason: "tailscale_user_missing"
-	};
-	if (!isTailscaleProxyRequest(req)) return {
-		ok: false,
-		reason: "tailscale_proxy_missing"
-	};
-	const clientIp = resolveTailscaleClientIp(req);
-	if (!clientIp) return {
-		ok: false,
-		reason: "tailscale_whois_failed"
-	};
-	const whois = await tailscaleWhois(clientIp);
-	if (!whois?.login) return {
-		ok: false,
-		reason: "tailscale_whois_failed"
-	};
-	if (normalizeLogin(whois.login) !== normalizeLogin(tailscaleUser.login)) return {
-		ok: false,
-		reason: "tailscale_user_mismatch"
-	};
-	return {
-		ok: true,
-		user: {
-			login: whois.login,
-			name: whois.name ?? tailscaleUser.name,
-			profilePic: tailscaleUser.profilePic
-		}
-	};
-}
-function resolveGatewayAuth(params) {
-	const authConfig = params.authConfig ?? {};
-	const env = params.env ?? process.env;
-	const token = authConfig.token ?? env.OPENCLAW_GATEWAY_TOKEN ?? env.CLAWDBOT_GATEWAY_TOKEN ?? void 0;
-	const password = authConfig.password ?? env.OPENCLAW_GATEWAY_PASSWORD ?? env.CLAWDBOT_GATEWAY_PASSWORD ?? void 0;
-	const mode = authConfig.mode ?? (password ? "password" : "token");
-	return {
-		mode,
-		token,
-		password,
-		allowTailscale: authConfig.allowTailscale ?? (params.tailscaleMode === "serve" && mode !== "password")
-	};
-}
-function assertGatewayAuthConfigured(auth) {
-	if (auth.mode === "token" && !auth.token) {
-		if (auth.allowTailscale) return;
-		throw new Error("gateway auth mode is token, but no token was configured (set gateway.auth.token or OPENCLAW_GATEWAY_TOKEN)");
-	}
-	if (auth.mode === "password" && !auth.password) throw new Error("gateway auth mode is password, but no password was configured");
-}
-async function authorizeGatewayConnect(params) {
-	const { auth, connectAuth, req, trustedProxies } = params;
-	const tailscaleWhois = params.tailscaleWhois ?? readTailscaleWhoisIdentity;
-	const localDirect = isLocalDirectRequest(req, trustedProxies);
-	if (auth.allowTailscale && !localDirect) {
-		const tailscaleCheck = await resolveVerifiedTailscaleUser({
-			req,
-			tailscaleWhois
-		});
-		if (tailscaleCheck.ok) return {
-			ok: true,
-			method: "tailscale",
-			user: tailscaleCheck.user.login
-		};
-	}
-	if (auth.mode === "token") {
-		if (!auth.token) return {
-			ok: false,
-			reason: "token_missing_config"
-		};
-		if (!connectAuth?.token) return {
-			ok: false,
-			reason: "token_missing"
-		};
-		if (!safeEqual(connectAuth.token, auth.token)) return {
-			ok: false,
-			reason: "token_mismatch"
-		};
-		return {
-			ok: true,
-			method: "token"
-		};
-	}
-	if (auth.mode === "password") {
-		const password = connectAuth?.password;
-		if (!auth.password) return {
-			ok: false,
-			reason: "password_missing_config"
-		};
-		if (!password) return {
-			ok: false,
-			reason: "password_missing"
-		};
-		if (!safeEqual(password, auth.password)) return {
-			ok: false,
-			reason: "password_mismatch"
-		};
-		return {
-			ok: true,
-			method: "password"
-		};
-	}
-	return {
-		ok: false,
-		reason: "unauthorized"
-	};
-}
-
-//#endregion
-export { resolveGatewayAuth as i, authorizeGatewayConnect as n, isLocalDirectRequest as r, assertGatewayAuthConfigured as t };

package/dist/boolean-M-esQJt6.js

@@ -1,30 +0,0 @@
-//#region src/utils/boolean.ts
-const DEFAULT_TRUTHY = [
-	"true",
-	"1",
-	"yes",
-	"on"
-];
-const DEFAULT_FALSY = [
-	"false",
-	"0",
-	"no",
-	"off"
-];
-const DEFAULT_TRUTHY_SET = new Set(DEFAULT_TRUTHY);
-const DEFAULT_FALSY_SET = new Set(DEFAULT_FALSY);
-function parseBooleanValue(value, options = {}) {
-	if (typeof value === "boolean") return value;
-	if (typeof value !== "string") return;
-	const normalized = value.trim().toLowerCase();
-	if (!normalized) return;
-	const truthy = options.truthy ?? DEFAULT_TRUTHY;
-	const falsy = options.falsy ?? DEFAULT_FALSY;
-	const truthySet = truthy === DEFAULT_TRUTHY ? DEFAULT_TRUTHY_SET : new Set(truthy);
-	const falsySet = falsy === DEFAULT_FALSY ? DEFAULT_FALSY_SET : new Set(falsy);
-	if (truthySet.has(normalized)) return true;
-	if (falsySet.has(normalized)) return false;
-}
-
-//#endregion
-export { parseBooleanValue as t };

package/dist/bundled/soul-evil/HOOK.md

@@ -1,71 +0,0 @@
----
-name: soul-evil
-description: "Swap SOUL.md with SOUL_EVIL.md during a purge window or by random chance"
-homepage: https://docs.openclaw.ai/hooks/soul-evil
-metadata:
-  {
-    "openclaw":
-      {
-        "emoji": "😈",
-        "events": ["agent:bootstrap"],
-        "requires": { "config": ["hooks.internal.entries.soul-evil.enabled"] },
-        "install": [{ "id": "bundled", "kind": "bundled", "label": "Bundled with OpenClaw" }],
-      },
-  }
----
-
-# SOUL Evil Hook
-
-Replaces the injected `SOUL.md` content with `SOUL_EVIL.md` during a daily purge window or by random chance.
-
-## What It Does
-
-When enabled and the trigger conditions match, the hook swaps the **injected** `SOUL.md` content before the system prompt is built. It does **not** modify files on disk.
-
-## Files
-
-- `SOUL.md` — normal persona (always read)
-- `SOUL_EVIL.md` — alternate persona (read only when triggered)
-
-You can change the filename via hook config.
-
-## Configuration
-
-Add this to your config (`~/.openclaw/openclaw.json`):
-
-```json
-{
-  "hooks": {
-    "internal": {
-      "enabled": true,
-      "entries": {
-        "soul-evil": {
-          "enabled": true,
-          "file": "SOUL_EVIL.md",
-          "chance": 0.1,
-          "purge": { "at": "21:00", "duration": "15m" }
-        }
-      }
-    }
-  }
-}
-```
-
-### Options
-
-- `file` (string): alternate SOUL filename (default: `SOUL_EVIL.md`)
-- `chance` (number 0–1): random chance per run to swap in SOUL_EVIL
-- `purge.at` (HH:mm): daily purge window start time (24h)
-- `purge.duration` (duration): window length (e.g. `30s`, `10m`, `1h`)
-
-**Precedence:** purge window wins over chance.
-
-## Requirements
-
-- `hooks.internal.entries.soul-evil.enabled` must be set to `true`
-
-## Enable
-
-```bash
-openclaw hooks enable soul-evil
-```

package/dist/bundled/soul-evil/handler.js

@@ -1,194 +0,0 @@
-import "../../paths-BZtyHNCi.js";
-import { h as isSubagentSessionKey } from "../../session-key-nXYQSv-a.js";
-import { g as resolveUserPath } from "../../utils-dp_OM900.js";
-import "../../boolean-M-esQJt6.js";
-import { o as isAgentBootstrapEvent, r as resolveUserTimezone } from "../../date-time-c6HTX6IW.js";
-import { t as parseDurationMs } from "../../parse-duration-De_tAQSe.js";
-import "../../frontmatter-xwTm0734.js";
-import { t as resolveHookConfig } from "../../config-CI7EpvlP.js";
-import fs from "node:fs/promises";
-import path from "node:path";
-
-//#region src/hooks/soul-evil.ts
-const DEFAULT_SOUL_EVIL_FILENAME = "SOUL_EVIL.md";
-function resolveSoulEvilConfigFromHook(entry, log) {
-	if (!entry) return null;
-	const file = typeof entry.file === "string" ? entry.file : void 0;
-	if (entry.file !== void 0 && !file) log?.warn?.("soul-evil config: file must be a string");
-	let chance;
-	if (entry.chance !== void 0) if (typeof entry.chance === "number" && Number.isFinite(entry.chance)) chance = entry.chance;
-	else log?.warn?.("soul-evil config: chance must be a number");
-	let purge;
-	if (entry.purge && typeof entry.purge === "object") {
-		const at = typeof entry.purge.at === "string" ? entry.purge.at : void 0;
-		const duration = typeof entry.purge.duration === "string" ? entry.purge.duration : void 0;
-		if (entry.purge.at !== void 0 && !at) log?.warn?.("soul-evil config: purge.at must be a string");
-		if (entry.purge.duration !== void 0 && !duration) log?.warn?.("soul-evil config: purge.duration must be a string");
-		purge = {
-			at,
-			duration
-		};
-	} else if (entry.purge !== void 0) log?.warn?.("soul-evil config: purge must be an object");
-	if (!file && chance === void 0 && !purge) return null;
-	return {
-		file,
-		chance,
-		purge
-	};
-}
-function clampChance(value) {
-	if (typeof value !== "number" || !Number.isFinite(value)) return 0;
-	return Math.min(1, Math.max(0, value));
-}
-function parsePurgeAt(raw) {
-	if (!raw) return null;
-	const trimmed = raw.trim();
-	const match = /^([01]?\d|2[0-3]):([0-5]\d)$/.exec(trimmed);
-	if (!match) return null;
-	const hour = Number.parseInt(match[1] ?? "", 10);
-	const minute = Number.parseInt(match[2] ?? "", 10);
-	if (!Number.isFinite(hour) || !Number.isFinite(minute)) return null;
-	return hour * 60 + minute;
-}
-function timeOfDayMsInTimezone(date, timeZone) {
-	try {
-		const parts = new Intl.DateTimeFormat("en-US", {
-			timeZone,
-			hour: "2-digit",
-			minute: "2-digit",
-			second: "2-digit",
-			hourCycle: "h23"
-		}).formatToParts(date);
-		const map = {};
-		for (const part of parts) if (part.type !== "literal") map[part.type] = part.value;
-		if (!map.hour || !map.minute || !map.second) return null;
-		const hour = Number.parseInt(map.hour, 10);
-		const minute = Number.parseInt(map.minute, 10);
-		const second = Number.parseInt(map.second, 10);
-		if (!Number.isFinite(hour) || !Number.isFinite(minute) || !Number.isFinite(second)) return null;
-		return (hour * 3600 + minute * 60 + second) * 1e3 + date.getMilliseconds();
-	} catch {
-		return null;
-	}
-}
-function isWithinDailyPurgeWindow(params) {
-	if (!params.at || !params.duration) return false;
-	const startMinutes = parsePurgeAt(params.at);
-	if (startMinutes === null) return false;
-	let durationMs;
-	try {
-		durationMs = parseDurationMs(params.duration, { defaultUnit: "m" });
-	} catch {
-		return false;
-	}
-	if (!Number.isFinite(durationMs) || durationMs <= 0) return false;
-	const dayMs = 1440 * 60 * 1e3;
-	if (durationMs >= dayMs) return true;
-	const nowMs = timeOfDayMsInTimezone(params.now, params.timeZone);
-	if (nowMs === null) return false;
-	const startMs = startMinutes * 60 * 1e3;
-	const endMs = startMs + durationMs;
-	if (endMs < dayMs) return nowMs >= startMs && nowMs < endMs;
-	const wrappedEnd = endMs % dayMs;
-	return nowMs >= startMs || nowMs < wrappedEnd;
-}
-function decideSoulEvil(params) {
-	const evil = params.config;
-	const fileName = evil?.file?.trim() || DEFAULT_SOUL_EVIL_FILENAME;
-	if (!evil) return {
-		useEvil: false,
-		fileName
-	};
-	const timeZone = resolveUserTimezone(params.userTimezone);
-	const now = params.now ?? /* @__PURE__ */ new Date();
-	if (isWithinDailyPurgeWindow({
-		at: evil.purge?.at,
-		duration: evil.purge?.duration,
-		now,
-		timeZone
-	})) return {
-		useEvil: true,
-		reason: "purge",
-		fileName
-	};
-	const chance = clampChance(evil.chance);
-	if (chance > 0) {
-		if ((params.random ?? Math.random)() < chance) return {
-			useEvil: true,
-			reason: "chance",
-			fileName
-		};
-	}
-	return {
-		useEvil: false,
-		fileName
-	};
-}
-async function applySoulEvilOverride(params) {
-	const decision = decideSoulEvil({
-		config: params.config,
-		userTimezone: params.userTimezone,
-		now: params.now,
-		random: params.random
-	});
-	if (!decision.useEvil) return params.files;
-	const workspaceDir = resolveUserPath(params.workspaceDir);
-	const evilPath = path.join(workspaceDir, decision.fileName);
-	let evilContent;
-	try {
-		evilContent = await fs.readFile(evilPath, "utf-8");
-	} catch {
-		params.log?.warn?.(`SOUL_EVIL active (${decision.reason ?? "unknown"}) but file missing: ${evilPath}`);
-		return params.files;
-	}
-	if (!evilContent.trim()) {
-		params.log?.warn?.(`SOUL_EVIL active (${decision.reason ?? "unknown"}) but file empty: ${evilPath}`);
-		return params.files;
-	}
-	if (!params.files.some((file) => file.name === "SOUL.md")) {
-		params.log?.warn?.(`SOUL_EVIL active (${decision.reason ?? "unknown"}) but SOUL.md not in bootstrap files`);
-		return params.files;
-	}
-	let replaced = false;
-	const updated = params.files.map((file) => {
-		if (file.name !== "SOUL.md") return file;
-		replaced = true;
-		return {
-			...file,
-			content: evilContent,
-			missing: false
-		};
-	});
-	if (!replaced) return params.files;
-	params.log?.debug?.(`SOUL_EVIL active (${decision.reason ?? "unknown"}) using ${decision.fileName}`);
-	return updated;
-}
-
-//#endregion
-//#region src/hooks/bundled/soul-evil/handler.ts
-const HOOK_KEY = "soul-evil";
-const soulEvilHook = async (event) => {
-	if (!isAgentBootstrapEvent(event)) return;
-	const context = event.context;
-	if (context.sessionKey && isSubagentSessionKey(context.sessionKey)) return;
-	const cfg = context.cfg;
-	const hookConfig = resolveHookConfig(cfg, HOOK_KEY);
-	if (!hookConfig || hookConfig.enabled === false) return;
-	const soulConfig = resolveSoulEvilConfigFromHook(hookConfig, { warn: (message) => console.warn(`[soul-evil] ${message}`) });
-	if (!soulConfig) return;
-	const workspaceDir = context.workspaceDir;
-	if (!workspaceDir || !Array.isArray(context.bootstrapFiles)) return;
-	context.bootstrapFiles = await applySoulEvilOverride({
-		files: context.bootstrapFiles,
-		workspaceDir,
-		config: soulConfig,
-		userTimezone: cfg?.agents?.defaults?.userTimezone,
-		log: {
-			warn: (message) => console.warn(`[soul-evil] ${message}`),
-			debug: (message) => console.debug?.(`[soul-evil] ${message}`)
-		}
-	});
-};
-
-//#endregion
-export { soulEvilHook as default };