agentsys 5.14.0 → 6.0.0

package/.claude-plugin/marketplace.json

@@ -1,7 +1,7 @@
 {
   "name": "agentsys",
   "description": "26 specialized plugins for AI workflow automation - task orchestration, PR workflow, slop detection, code review, drift detection, enhancement analysis, documentation sync, unified static analysis, durable memory, negative behavior memory, skill and system prompt curation, perf investigations, topic research, agent config linting, cross-tool AI consultation, structured AI debate, workflow pattern learning, codebase onboarding, contributor guidance, Zig language support, Mojo language support, and Ada/SPARK language support",
-  "version": "5.14.0",
+  "version": "6.0.0",
   "owner": {
     "name": "Avi Fenesh",
     "url": "https://github.com/avifenesh"
@@ -198,19 +198,6 @@
       "category": "productivity",
       "homepage": "https://github.com/agent-sh/learn"
     },
-    {
-      "name": "axiom",
-      "source": {
-        "source": "url",
-        "url": "https://github.com/agent-sh/axiom.git",
-        "ref": "v0.6.2",
-        "commit": "e3f3fabfcb19c140a38cbd5c5129ac69ca50b359"
-      },
-      "description": "Personal agent-native knowledge base: load thin context, query durable memories, create project scaffolds, and propose approved records",
-      "version": "0.6.2",
-      "category": "productivity",
-      "homepage": "https://github.com/agent-sh/axiom"
-    },
     {
       "name": "banthis",
       "source": {
@@ -262,19 +249,6 @@
       "category": "productivity",
       "homepage": "https://github.com/agent-sh/debate"
     },
-    {
-      "name": "web-ctl",
-      "source": {
-        "source": "url",
-        "url": "https://github.com/agent-sh/web-ctl.git",
-        "commit": "345e44bc8a7b373728afce6c0d94ef067b5abc82",
-        "ref": "v1.1.0"
-      },
-      "description": "Browser automation and web testing toolkit for AI agents - headless browser control, persistent sessions, auth handoff, and prompt injection defense",
-      "version": "1.1.0",
-      "category": "automation",
-      "homepage": "https://github.com/agent-sh/web-ctl"
-    },
     {
       "name": "skillers",
       "source": {

package/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "agentsys",
-  "version": "5.14.0",
+  "version": "6.0.0",
   "description": "Professional-grade slash commands for Claude Code with cross-platform support",
   "keywords": [
     "workflow",

package/.codex-plugin/plugin.json

@@ -4,8 +4,8 @@
   "skills": "./adapters/codex/skills",
   "interface": {
     "displayName": "agentsys",
-    "shortDescription": "AI agent orchestration with 45 skills and 50 agents",
-    "longDescription": "Professional-grade slash commands for AI-powered development workflows. Includes /next-task (task discovery to production), /axiom (durable agent memory), /banthis (negative behavior memory), /skill-curator and /system-prompt-curator (agent configuration curation), /ship (commit to deploy), /audit-project (multi-agent code review), /deslop (AI slop cleanup), /perf (performance investigation), /enhance (config analysis), /consult (cross-tool AI consultation), and more.",
+    "shortDescription": "AI agent orchestration with 44 skills and 49 agents",
+    "longDescription": "Professional-grade slash commands for AI-powered development workflows. Includes /next-task (task discovery to production), /banthis (negative behavior memory), /skill-curator and /system-prompt-curator (agent configuration curation), /ship (commit to deploy), /audit-project (multi-agent code review), /deslop (AI slop cleanup), /perf (performance investigation), /enhance (config analysis), /consult (cross-tool AI consultation), and more.",
     "developerName": "Avi Fenesh",
     "category": "developer-tools",
     "capabilities": [
@@ -20,7 +20,6 @@
     "websiteUrl": "https://agent-sh.github.io/agent-sh.dev/",
     "defaultPrompt": [
       "What should I work on next?",
-      "Load my durable Axiom context",
       "Review this codebase"
     ]
   }

package/AGENTS.md

@@ -76,7 +76,7 @@
 <!-- GEN:START:claude-architecture -->
 ```
 lib/          → Shared library (vendored to plugins)
-plugins/      → 26 plugins, 50 agents (40 file-based + 10 role-based), 47 skills
+plugins/      → 24 plugins, 49 agents (39 file-based + 10 role-based), 44 skills
 adapters/     → Platform adapters (opencode-plugin/, opencode/, codex/)
 checklists/   → Action checklists (9 files)
 bin/cli.js    → npm CLI installer
@@ -94,14 +94,12 @@ bin/cli.js    → npm CLI installer
 | enhance | 8 | 9 | Code quality analyzers |
 | sync-docs | 1 | 1 | Documentation sync |
 | repo-intel | 3 | 1 | Unified static analysis |
-| axiom | 0 | 1 | Durable agent-native memory |
 | banthis | 0 | 1 | Durable negative behavior memory |
 | perf | 6 | 8 | Performance investigation |
 | learn | 1 | 1 | Topic research and learning guides |
 | agnix | 0 | 1 | Agent config linting |
 | consult | 1 | 1 | Cross-tool AI consultation |
 | debate | 1 | 1 | Multi-perspective debate analysis |
-| web-ctl | 1 | 2 | Browser automation for AI agents |
 | skill-curator | 0 | 1 | Skill authoring and review |
 | system-prompt-curator | 0 | 1 | System prompt curation |
 | skillers | 2 | 2 | Workflow pattern learning |
@@ -178,7 +176,7 @@ agentsys                # Run installer
 <agents>
 ## Agents
 
-50 agents across 26 plugins (17 have agents; gate-and-ship is commands-only; axiom, banthis, skill-curator, system-prompt-curator, and agnix are skill/command-only; zig-lsp is config-only with no commands or agents; mojo and ada-spark are skill-only). Key agents by model:
+49 agents across 24 plugins (16 have agents; gate-and-ship is commands-only; banthis, skill-curator, system-prompt-curator, and agnix are skill/command-only; zig-lsp is config-only with no commands or agents; mojo and ada-spark are skill-only). Key agents by model:
 
 | Model | Agents | Use Case |
 |-------|--------|----------|
@@ -192,7 +190,7 @@ See [README.md](./README.md#command-details) and [docs/reference/AGENTS.md](./do
 <skills>
 ## Skills
 
-45 skills across plugins. Agents invoke skills for reusable implementation.
+44 skills across plugins. Agents invoke skills for reusable implementation.
 
 | Category | Key Skills |
 |----------|------------|
@@ -200,7 +198,7 @@ See [README.md](./README.md#command-details) and [docs/reference/AGENTS.md](./do
 | Enhancement | `enhance-*` (9 skills for plugins, agents, docs, prompts, hooks), `skill-curator`, `system-prompt-curator` |
 | Performance | `baseline`, `benchmark`, `profile`, `theory-tester` |
 | Cleanup | `deslop`, `sync-docs`, `drift-analysis`, `repo-intel` |
-| Memory | `axiom`, `banthis` |
+| Memory | `banthis` |
 
 See [README.md](./README.md#skills) for full skill list.
 </skills>

package/CHANGELOG.md

@@ -9,6 +9,19 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [6.0.0] - 2026-05-29
+
+### Removed
+- **BREAKING: Dropped the `axiom` and `web-ctl` plugins from the marketplace** (#365). Both repositories were retired; their marketplace entries, `plugins.txt` rows, `.kiro` mirrors (`web-auth`, `web-browse`, `web-session`), and all site/docs references were scrubbed. Installable plugin count is now 24 (was 26). Users who previously installed `axiom` or `web-ctl` from the marketplace must remove them; they will no longer resolve.
+
+### Added
+- **Unified `repo-intel` core library** synced from agent-core (#373). The vendored `lib/repo-intel/` now exposes a single surface that folds the former `repo-map` lifecycle and the embedder into one module: `init`/`update`/`status`/`load`/`loadRaw`/`exists`, typed `queries.*`, LLM-augmentation write-path (`applyDescriptors`/`applySummary`), and an opt-in `embed` submodule (orchestrator, preference, binary resolver) for semantic search and duplicate detection. `lib/repo-map` remains as a deprecated compatibility shim. `lib/index.js` now exports `repoIntel` alongside `repoMap`.
+
+### Fixed
+- `skill-patterns` `side_effect_without_disable` now accepts both the YAML boolean `true` and the quoted string `"true"` for `disable-model-invocation`, so a frontmatter value of `"true"` is no longer wrongly re-flagged.
+- Bounded 19 polynomial-ReDoS regexes and closed 2 prototype-pollution sinks across the synced `collectors`/`enhance` lib (match semantics preserved; verified by equivalence testing).
+- Removed the stale `aiRatio` query test - the analyzer dropped AI-authorship attribution and the query no longer exists (#372).
+
 ## [5.14.0] - 2026-05-21
 
 ### Added

package/README.md

@@ -19,7 +19,7 @@
 </p>
 
 <p align="center">
-  <b>26 plugins · 50 agents · 47 skills (across all repos) · 30k lines of lib code · 3,518 tests · 5 platforms</b><br>
+  <b>24 plugins · 49 agents · 44 skills (across all repos) · 30k lines of lib code · 3,518 tests · 5 platforms</b><br>
   <em>Plugins distributed as standalone repos under <a href="https://github.com/agent-sh">agent-sh</a> org - agentsys is the marketplace &amp; installer</em>
 </p>
 
@@ -45,7 +45,7 @@ AI models can write code. That's not the hard part anymore. The hard part is eve
 
 ## What This Is
 
-An agent orchestration system - 26 plugins, 50 agents (40 file-based + 10 role-based specialists in audit-project), and 47 skills that compose into structured pipelines for software development. Each plugin lives in its own standalone repo under the [agent-sh](https://github.com/agent-sh) org. agentsys is the marketplace and installer that ties them together.
+An agent orchestration system - 24 plugins, 49 agents (39 file-based + 10 role-based specialists in audit-project), and 44 skills that compose into structured pipelines for software development. Each plugin lives in its own standalone repo under the [agent-sh](https://github.com/agent-sh) org. agentsys is the marketplace and installer that ties them together.
 
 Each agent has a single responsibility, a specific model assignment, and defined inputs/outputs. Pipelines enforce phase gates so agents can't skip steps. State persists across sessions so work survives interruptions.
 
@@ -118,7 +118,6 @@ The investment shifts from model spend to pipeline design. Better prompts, riche
 | [`/next-task`](#next-task) | Task workflow: discovery, implementation, PR, merge |
 | [`/prepare-delivery`](#prepare-delivery) | Pre-ship quality gates: deslop, review, validation, docs sync |
 | [`/gate-and-ship`](#gate-and-ship) | Quality gates then ship (/prepare-delivery + /ship) |
-| [`/axiom`](#axiom) | Durable memory: load, query, list, bootstrap projects, and record approved knowledge |
 | [`/banthis`](#banthis) | Durable negative memory: persist banned agent behaviors |
 | [`/agnix`](#agnix) | Lint agent configurations (423 rules) |
 | [`/ship`](#ship) | PR creation, CI monitoring, merge |
@@ -132,7 +131,6 @@ The investment shifts from model spend to pipeline design. Better prompts, riche
 | [`/learn`](#learn) | Research topics, create learning guides |
 | [`/consult`](#consult) | Cross-tool AI consultation |
 | [`/debate`](#debate) | Structured debate between AI tools |
-| [`/web-ctl`](#web-ctl) | Browser automation for AI agents |
 | [`/release`](#release) | Versioned release with ecosystem detection |
 | [`/skillers`](#skillers) | Workflow pattern learning and automation |
 | [`/skill-curator`](#skill-curator) | Create and improve reliable SKILL.md files |
@@ -146,7 +144,7 @@ Each command works standalone. Together, they compose into end-to-end pipelines.
 
 ## Skills
 
-47 skills included across the plugins:
+44 skills included across the plugins:
 
 | Category | Skills |
 |----------|--------|
@@ -158,10 +156,9 @@ Each command works standalone. Together, they compose into end-to-end pipelines.
 | **Code Review** | `audit-project` |
 | **AI Collaboration** | `consult`, `debate`, `learn`, `recommend`, `skillers-compact` |
 | **Onboarding** | `can-i-help`, `onboard` |
-| **Web** | `web-auth`, `web-browse` |
 | **Release** | `release` |
 | **Analysis** | `drift-analysis`, `repo-intel` |
-| **Memory** | `axiom`, `banthis` |
+| **Memory** | `banthis` |
 | **Linting** | `agnix` |
 
 **External skill plugins** (standalone repos, installed separately):
@@ -183,7 +180,7 @@ Skills are the reusable implementation units. Agents invoke skills; commands orc
 | [The Approach](#the-approach) | Why it's built this way |
 | [Benchmarks](#benchmarks) | Sonnet + agentsys vs raw Opus |
 | [Commands](#commands) | All 24 commands overview |
-| [Skills](#skills) | 47 skills across plugins |
+| [Skills](#skills) | 44 skills across plugins |
 | [Skill-Only Plugins](#skill-only-plugins) | glide-mq and other non-command plugins |
 | [Command Details](#command-details) | Deep dive into each command |
 | [How Commands Work Together](#how-commands-work-together) | Standalone vs integrated |
@@ -314,38 +311,6 @@ Each piece runs independently - use `/prepare-delivery` alone to review before d
 
 ---
 
-### /axiom
-
-**Purpose:** Durable, queryable memory for agents. Load the smallest useful context, query project or global knowledge, and propose new records without bloating `AGENTS.md`.
-
-**[axiom](https://github.com/agent-sh/axiom)** is a standalone plugin and CLI. It creates a private `axiom-based` knowledge repo after explicit approval, keeps only thin context loaded automatically, and stores durable decisions, memories, preferences, and project notes in queryable files.
-
-**Auto-loading at session start (v0.6.2+):** The plugin ships a `SessionStart` hook that runs `axiom before-any --auto-project --detect-only --quiet` automatically in Claude Code and Codex (Codex requires `[features].plugin_hooks = true` in `~/.codex/config.toml`). The hook never mutates state - it emits `## Axiom Setup` when `~/.axiom` is missing or `## Project Detection` when the current git project has no scaffold, then the agent asks the user before running `axiom init` or `axiom project <slug>`. An OpenCode plugin scaffold (`opencode-plugin/axiom.mjs`) hooks `session.created` and pre-warms `~/.axiom/.session-context.md`; full session-start context injection waits on [sst/opencode#5409](https://github.com/sst/opencode/issues/5409). On Cursor / Cline / Aider / Gemini CLI the agent invokes `before-any` via the skill instead.
-
-**What it does:**
-
-| Command | Use |
-|---------|-----|
-| `axiom before-any --quiet` | Load global thin context at the start of meaningful work |
-| `axiom before-any --auto-project --detect-only --quiet` | Read-only auto-load used by the SessionStart hook |
-| `axiom before-any --project <slug>` | Load project context and create missing project scaffolds |
-| `axiom query "<keyword>" --project <slug>` | Retrieve focused, source-backed project knowledge |
-| `axiom list --topics --project <slug>` | Explore what knowledge exists before querying |
-| `axiom record ...` | Propose a durable record through a temp clone, diff, and human approval |
-
-**Usage:**
-
-```bash
-/axiom before-any --quiet
-/axiom before-any --project flowfabric
-/axiom query "lease based" --project flowfabric
-/axiom record --project flowfabric --kind decision "Lease-based claiming v2" "We switched because it gives stronger safety during restarts."
-```
-
-**External tool:** Requires the [axiom CLI](https://github.com/agent-sh/axiom) from the plugin package.
-
----
-
 ### /banthis
 
 **Purpose:** Durable negative memory for repeated agent mistakes. Turn a user's "stop doing this" correction into a persistent rule in `CLAUDE.md` or `AGENTS.md`.
@@ -900,81 +865,6 @@ agent-knowledge/
 
 **Agent:** debate-orchestrator (opus model for orchestration)
 
-### /web-ctl
-
-**Purpose:** Browser automation for AI agents - navigate, authenticate, and interact with web pages.
-
-**How it works:**
-
-Each invocation is a single Node.js process using Playwright. No daemon, no MCP server. Session state persists via Chrome's userDataDir with AES-256-GCM encrypted storage.
-
-```
-Agent calls skill -> node scripts/web-ctl.js <args> -> Playwright API -> JSON result
-```
-
-**Session lifecycle:**
-
-1. `session start <name>` - Create session (encrypted profile directory)
-2. `session auth <name> --url <login-url>` - Opens headed Chrome for human login (2FA, CAPTCHAs). Polls for success URL/selector, encrypts cookies on completion
-3. `run <name> <action>` - Headless actions using persisted cookies
-4. `session end <name>` - Cleanup
-
-**Actions:**
-
-| Action | Description | Key flag |
-|--------|-------------|----------|
-| `goto <url>` | Navigate to URL | |
-| `snapshot` | Get accessibility tree (primary page inspection) | |
-| `click <sel>` | Click element | `--wait-stable` |
-| `click-wait <sel>` | Click and wait for DOM + network stability | `--timeout <ms>` |
-| `type <sel> <text>` | Type with human-like delays | |
-| `read <sel>` | Read element text content | |
-| `fill <sel> <value>` | Clear field and set value | |
-| `wait <sel>` | Wait for element to appear | `--timeout <ms>` |
-| `evaluate <js>` | Execute JS in page context | `--allow-evaluate` |
-| `screenshot` | Full-page screenshot | `--path <file>` |
-| `network` | Capture network requests | `--filter <pattern>` |
-| `checkpoint` | Open headed browser for user (CAPTCHAs) | `--timeout <sec>` |
-
-`click-wait` waits for network idle + no DOM mutations for 500ms before returning. Cuts SPA interactions from multiple agent turns to one.
-
-**Error handling:**
-
-All errors return classified codes with actionable recovery suggestions:
-
-| Code | Recovery suggestion |
-|------|-------------------|
-| `element_not_found` | Snapshot included in response for selector discovery |
-| `timeout` | Increase `--timeout` |
-| `browser_closed` | `session start <name>` |
-| `network_error` | Check URL; verify cookies with `session status` |
-| `no_display` | Use `--vnc` flag |
-| `session_expired` | Re-authenticate |
-
-**Security:** Output sanitization (cookies/tokens redacted), prompt injection defense (`[PAGE_CONTENT: ...]` delimiters), AES-256-GCM encryption at rest, anti-bot measures (`webdriver=false`, random delays), read-only agent (no Write/Edit tools).
-
-**Selector syntax:** `role=button[name='Submit']`, `css=div.class`, `text=Click here`, `#id`
-
-**Usage:**
-
-```bash
-/web-ctl goto https://example.com
-/web-ctl auth twitter --url https://x.com/i/flow/login
-/web-ctl   # describe what you want to do, agent orchestrates it
-```
-
-**Install:**
-
-```bash
-agentsys install web-ctl
-npm install playwright
-npx playwright install chromium
-```
-
-**Agent:** web-session (sonnet model)
-
-**Skills:** web-auth (human-in-the-loop auth), web-browse (headless actions)
-
 ### /release
 
 > Versioned release with automatic ecosystem and tooling detection

package/lib/binary/index.js

@@ -48,6 +48,12 @@ const { promisify } = require('util');
 
 const execFileAsync = promisify(cp.execFile);
 
+// repo-intel artifacts grow with history: a mature repo's JSON can exceed 20 MB
+// (agnix measured ~21 MB). Node's execFile default maxBuffer is 1 MB, which
+// silently fails init/update/query on any real repo with "stdout maxBuffer length
+// exceeded". Cap generously; callers can override via options.maxBuffer.
+const ANALYZER_MAX_BUFFER = 256 * 1024 * 1024;
+
 const { ANALYZER_MIN_VERSION, BINARY_NAME, GITHUB_REPO } = require('./version');
 
 const PLATFORM_MAP = {
@@ -957,7 +963,7 @@ function ensureBinarySync(options) {
  */
 function runAnalyzer(args, options) {
   const binPath = ensureBinarySync();
-  const opts = Object.assign({ encoding: 'utf8', windowsHide: true }, options);
+  const opts = Object.assign({ encoding: 'utf8', windowsHide: true, maxBuffer: ANALYZER_MAX_BUFFER }, options);
   if (!opts.stdio) opts.stdio = ['pipe', 'pipe', 'pipe'];
   const result = cp.execFileSync(binPath, args, opts);
   return typeof result === 'string' ? result : result.toString('utf8');
@@ -971,7 +977,7 @@ function runAnalyzer(args, options) {
  */
 async function runAnalyzerAsync(args, options) {
   const binPath = await ensureBinary();
-  const opts = Object.assign({ encoding: 'utf8', windowsHide: true }, options);
+  const opts = Object.assign({ encoding: 'utf8', windowsHide: true, maxBuffer: ANALYZER_MAX_BUFFER }, options);
   const result = await execFileAsync(binPath, args, opts);
   return result.stdout;
 }

package/lib/binary/shared-helpers.js

@@ -0,0 +1,160 @@
+'use strict';
+
+/**
+ * Shared HTTP + archive helpers used by both binary resolvers
+ * (`lib/binary/index.js` for `agent-analyzer`, `lib/embed/binary.js`
+ * for `agent-analyzer-embed`).
+ *
+ * Extracted to keep the two resolvers from drifting on HTTP redirect
+ * handling, GitHub auth, and archive extraction details — a single
+ * fix to e.g. the timeout policy or the redirect cap lands once and
+ * applies to both binaries.
+ *
+ * @module lib/binary/shared-helpers
+ */
+
+const fs = require('fs');
+const path = require('path');
+const os = require('os');
+const https = require('https');
+const cp = require('child_process');
+
+const DEFAULT_DOWNLOAD_TIMEOUT_MS = 30000;
+const MAX_REDIRECTS = 5;
+
+/**
+ * Fetch a URL into an in-memory Buffer following up to 5 redirects.
+ *
+ * Honors `GITHUB_TOKEN` / `GH_TOKEN` for authenticated requests
+ * (raises rate limit, lets private-repo asset URLs work). Stalled
+ * connections are killed by the per-request timeout — without this
+ * a stuck socket would hang the process indefinitely.
+ *
+ * @param {string} url
+ * @param {Object} [options]
+ * @param {string} [options.userAgent='agent-sh/binary-resolver']
+ * @param {number} [options.timeoutMs=30000] - per-request timeout
+ * @returns {Promise<Buffer>}
+ */
+function downloadToBuffer(url, options) {
+  const opts = options || {};
+  const userAgent = opts.userAgent || 'agent-sh/binary-resolver';
+  const timeoutMs = opts.timeoutMs || DEFAULT_DOWNLOAD_TIMEOUT_MS;
+
+  return new Promise(function (resolve, reject) {
+    const ghToken = process.env.GITHUB_TOKEN || process.env.GH_TOKEN;
+
+    function request(reqUrl, redirectCount) {
+      if (redirectCount > MAX_REDIRECTS) {
+        reject(new Error('Too many redirects fetching from ' + url));
+        return;
+      }
+      const headers = {
+        'User-Agent': userAgent,
+        'Accept': 'application/octet-stream'
+      };
+      if (ghToken) headers['Authorization'] = 'Bearer ' + ghToken;
+
+      const req = https.get(reqUrl, { headers: headers, timeout: timeoutMs }, function (res) {
+        const sc = res.statusCode;
+        if (sc === 301 || sc === 302 || sc === 307 || sc === 308) {
+          res.resume();
+          var loc = res.headers.location;
+          if (loc && !loc.startsWith('https://')) {
+            reject(new Error('Refusing non-HTTPS redirect to ' + loc));
+            return;
+          }
+          request(loc, redirectCount + 1);
+          return;
+        }
+        if (sc !== 200) {
+          res.resume();
+          const hint = sc === 403 ? ' (rate limited - set GITHUB_TOKEN env var)' : '';
+          reject(new Error('HTTP ' + sc + hint + ' fetching ' + reqUrl));
+          return;
+        }
+        const chunks = [];
+        res.on('data', function (chunk) { chunks.push(chunk); });
+        res.on('end', function () { resolve(Buffer.concat(chunks)); });
+        res.on('error', reject);
+      });
+      req.on('error', reject);
+      req.on('timeout', function () {
+        req.destroy();
+        reject(new Error('Timeout (' + timeoutMs + 'ms) fetching ' + reqUrl));
+      });
+    }
+
+    request(url, 0);
+  });
+}
+
+/**
+ * Extract a `.tar.gz` Buffer into `destDir` using the system `tar`.
+ * Available on Linux, macOS, and Windows (built into recent Win10/11).
+ *
+ * @param {Buffer} buf
+ * @param {string} destDir
+ * @returns {Promise<void>}
+ */
+function extractTarGz(buf, destDir) {
+  return new Promise(function (resolve, reject) {
+    const tarDest = process.platform === 'win32' ? destDir.replace(/\\/g, '/') : destDir;
+    const tar = cp.spawn('tar', ['xz', '-C', tarDest], {
+      stdio: ['pipe', 'pipe', 'pipe']
+    });
+    let stderr = '';
+    tar.stderr.on('data', function (d) { stderr += d; });
+    tar.stdin.write(buf);
+    tar.stdin.end();
+    tar.on('close', function (code) {
+      if (code !== 0) {
+        reject(new Error('tar extraction failed (code ' + code + '): ' + stderr));
+      } else {
+        resolve();
+      }
+    });
+    tar.on('error', reject);
+  });
+}
+
+/**
+ * Extract a `.zip` Buffer into `destDir` using PowerShell's
+ * `Expand-Archive` (Windows-only).
+ *
+ * @param {Buffer} buf
+ * @param {string} destDir
+ * @param {string} binaryName - used as the temp-dir prefix
+ * @returns {Promise<void>}
+ */
+function extractZip(buf, destDir, binaryName) {
+  return new Promise(function (resolve, reject) {
+    var tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), binaryName + '-'));
+    var tmpZip = path.join(tmpDir, 'archive.zip');
+    fs.writeFileSync(tmpZip, buf);
+    var ps = cp.spawn(
+      'powershell',
+      ['-NoProfile', '-NonInteractive', '-Command',
+       'Expand-Archive', '-Path', tmpZip, '-DestinationPath', destDir, '-Force'],
+      { stdio: ['ignore', 'pipe', 'pipe'] }
+    );
+    var stderr = '';
+    ps.stderr.on('data', function (d) { stderr += d; });
+    ps.on('close', function (code) {
+      try { fs.rmSync(tmpDir, { recursive: true, force: true }); } catch (e) { /* ignore */ }
+      if (code !== 0) {
+        reject(new Error('zip extraction failed (code ' + code + '): ' + stderr));
+      } else {
+        resolve();
+      }
+    });
+    ps.on('error', reject);
+  });
+}
+
+module.exports = {
+  downloadToBuffer,
+  extractTarGz,
+  extractZip,
+  DEFAULT_DOWNLOAD_TIMEOUT_MS
+};

package/lib/collectors/codebase.js

@@ -126,7 +126,10 @@ function extractSymbols(content) {
     symbols.functions.push(match[1]);
   }
 
-  const arrowPattern = /(?:const|let)\s+([a-zA-Z_$][a-zA-Z0-9_$]*)\s*=\s*(?:async\s*)?\([^)]*\)\s*=>/g;
+  // ReDoS fix: bound the unbounded \s* / async runs and the parameter list so the
+  // matcher cannot backtrack polynomially on pathological input. Bounds are large
+  // enough that all realistic source matches identically to the prior \s*/[^)]* form.
+  const arrowPattern = /(?:const|let)\s{1,1000}([a-zA-Z_$][a-zA-Z0-9_$]*)\s{0,1000}=\s{0,1000}(?:async\s{0,1000})?\([^)]{0,2000}\)\s{0,1000}=>/g;
   while ((match = arrowPattern.exec(content)) !== null) {
     symbols.functions.push(match[1]);
   }
@@ -141,7 +144,9 @@ function extractSymbols(content) {
     symbols.exports.push(match[1]);
   }
 
-  const moduleExportsPattern = /module\.exports\s*=\s*\{([^}]+)\}/;
+  // ReDoS fix: bound the \s* runs and capture length so the matcher stays linear;
+  // bounds exceed any realistic module.exports declaration so matches are unchanged.
+  const moduleExportsPattern = /module\.exports\s{0,1000}=\s{0,1000}\{([^}]{1,100000})\}/;
   const moduleMatch = content.match(moduleExportsPattern);
   if (moduleMatch) {
     const keys = moduleMatch[1].split(',').map(k => k.trim().split(':')[0].trim());

package/lib/collectors/documentation.js

@@ -50,7 +50,9 @@ function safeReadFile(filePath, basePath) {
  * Analyze a single markdown file
  */
 function analyzeMarkdownFile(content, filePath) {
-  const sectionMatches = content.match(/^##\s+(.+)$/gm) || [];
+  // ReDoS fix: bound the \s+ run after the ## marker; line-anchored (.+) cannot
+  // cross newlines so this matches the same headings as before.
+  const sectionMatches = content.match(/^##\s{1,1000}(.+)$/gm) || [];
   const sections = sectionMatches.slice(0, 10).map(s => s.replace(/^##\s+/, ''));
   const sectionLower = sections.map(s => s.toLowerCase()).join(' ');
 
@@ -83,7 +85,11 @@ function extractCheckboxes(result, content) {
  * Extract documented features
  */
 function extractFeatures(result, content) {
-  const featurePattern = /^[-*]\s+\*{0,2}(.+?)\*{0,2}(?:\s*[-–]\s*(.+))?$/gm;
+  // ReDoS fix: bound the \s+ run and the line-content quantifiers so the lazy
+  // (.+?) / optional trailing (.+) pair cannot backtrack polynomially. Using
+  // [^\n] is equivalent to . here (. never matches newline), and the bounds far
+  // exceed the 80-char feature cap applied below, so matches are unchanged.
+  const featurePattern = /^[-*]\s{1,100}\*{0,2}([^\n]{1,2000}?)\*{0,2}(?:\s{0,100}[-–]\s{0,100}([^\n]{1,2000}))?$/gm;
   let match;
 
   while ((match = featurePattern.exec(content)) !== null && result.features.length < 20) {

package/lib/enhance/agent-patterns.js

@@ -439,8 +439,17 @@ const agentPatterns = {
 
       // Look for hardcoded .claude/ references
       const hasHardcoded = /\.claude\//.test(content);
-      // Exclude if using AI_STATE_DIR
-      const usesEnvVar = /AI_STATE_DIR|\$\{.*STATE.*\}/i.test(content);
+      // Exclude if using AI_STATE_DIR or a ${...STATE...} env expression.
+      // ReDoS fix: the old /\$\{.*STATE.*\}/ (and the [^}]*STATE[^}]* rewrite)
+      // has two ambiguous quantifier runs -> polynomial backtrack. Instead
+      // scan each ${...} group with a single bounded [^}] run, then substring-
+      // test for STATE. Linear, and matches STATE in ANY ${...} like before.
+      let usesEnvVar = /AI_STATE_DIR/i.test(content);
+      if (!usesEnvVar) {
+        for (const m of content.matchAll(/\$\{([^}]{0,1000})\}/g)) {
+          if (/STATE/i.test(m[1])) { usesEnvVar = true; break; }
+        }
+      }
 
       if (hasHardcoded && !usesEnvVar) {
         return {
@@ -494,8 +503,12 @@ const agentPatterns = {
 
       // Check if has code blocks or lists but no XML
       const hasCodeBlocks = /```[\s\S]+?```/.test(content);
-      const hasLists = /^[-*]\s+.+$/m.test(content);
-      const hasXML = /<\w+>[\s\S]*?<\/\w+>/.test(content);
+      // ReDoS fix: bound the \s+ and line-content runs; line-anchored so this still
+      // detects any "- item" / "* item" list line as before.
+      const hasLists = /^[-*]\s{1,1000}[^\n]{1,2000}$/m.test(content);
+      // ReDoS fix: bound the unbounded [\s\S]*? so an unterminated <tag> cannot
+      // drive polynomial backtracking; 50k chars covers any realistic XML block.
+      const hasXML = /<\w+>[\s\S]{0,50000}?<\/\w+>/.test(content);
       const sectionCount = (content.match(/^##\s+/gm) || []).length;
 
       // Complex content without XML