npm - aiden-runtime - Versions diffs - 4.1.5 → 4.6.0 - Mend

aiden-runtime 4.1.5 → 4.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (181) hide show

package/README.md +265 -847
package/dist/api/server.js +32 -5
package/dist/cli/v4/aidenCLI.js +536 -152
package/dist/cli/v4/callbacks.js +170 -0
package/dist/cli/v4/chatSession.js +245 -3
package/dist/cli/v4/commands/_runtimeToggleHelpers.js +94 -0
package/dist/cli/v4/commands/browserDepth.js +45 -0
package/dist/cli/v4/commands/cron.js +264 -0
package/dist/cli/v4/commands/daemon.js +541 -0
package/dist/cli/v4/commands/daemonStatus.js +253 -0
package/dist/cli/v4/commands/fanout.js +42 -59
package/dist/cli/v4/commands/help.js +13 -0
package/dist/cli/v4/commands/index.js +35 -1
package/dist/cli/v4/commands/mcp.js +80 -54
package/dist/cli/v4/commands/plannerGuard.js +53 -0
package/dist/cli/v4/commands/recovery.js +122 -0
package/dist/cli/v4/commands/runs.js +223 -0
package/dist/cli/v4/commands/sandbox.js +48 -0
package/dist/cli/v4/commands/spawnPause.js +93 -0
package/dist/cli/v4/commands/suggestions.js +68 -0
package/dist/cli/v4/commands/tce.js +41 -0
package/dist/cli/v4/commands/trigger.js +378 -0
package/dist/cli/v4/commands/update.js +95 -3
package/dist/cli/v4/daemonAgentBuilder.js +145 -0
package/dist/cli/v4/defaultSoul.js +1 -1
package/dist/cli/v4/display/capabilityCard.js +26 -0
package/dist/cli/v4/display.js +18 -8
package/dist/cli/v4/replyRenderer.js +31 -23
package/dist/cli/v4/updateBootPrompt.js +170 -0
package/dist/core/playwrightBridge.js +129 -0
package/dist/core/v4/aidenAgent.js +527 -5
package/dist/core/v4/browserState.js +436 -0
package/dist/core/v4/checkpoint.js +79 -0
package/dist/core/v4/daemon/bootstrap.js +651 -0
package/dist/core/v4/daemon/cleanShutdown.js +154 -0
package/dist/core/v4/daemon/cron/cronBridge.js +126 -0
package/dist/core/v4/daemon/cron/cronEmitter.js +173 -0
package/dist/core/v4/daemon/cron/migration.js +199 -0
package/dist/core/v4/daemon/cron/misfirePolicy.js +115 -0
package/dist/core/v4/daemon/daemonConfig.js +90 -0
package/dist/core/v4/daemon/db/connection.js +106 -0
package/dist/core/v4/daemon/db/migrations.js +362 -0
package/dist/core/v4/daemon/db/schema/v1.spec.js +18 -0
package/dist/core/v4/daemon/dispatcher/agentRunner.js +98 -0
package/dist/core/v4/daemon/dispatcher/budgetGate.js +127 -0
package/dist/core/v4/daemon/dispatcher/daemonApproval.js +113 -0
package/dist/core/v4/daemon/dispatcher/dailyBudgetTracker.js +120 -0
package/dist/core/v4/daemon/dispatcher/dispatcher.js +389 -0
package/dist/core/v4/daemon/dispatcher/fireRateLimiter.js +113 -0
package/dist/core/v4/daemon/dispatcher/index.js +53 -0
package/dist/core/v4/daemon/dispatcher/promptTemplate.js +95 -0
package/dist/core/v4/daemon/dispatcher/realAgentRunner.js +356 -0
package/dist/core/v4/daemon/dispatcher/resolveModel.js +93 -0
package/dist/core/v4/daemon/dispatcher/sessionId.js +93 -0
package/dist/core/v4/daemon/drain.js +156 -0
package/dist/core/v4/daemon/eventLoopLag.js +73 -0
package/dist/core/v4/daemon/health.js +159 -0
package/dist/core/v4/daemon/idempotencyStore.js +204 -0
package/dist/core/v4/daemon/index.js +179 -0
package/dist/core/v4/daemon/instanceTracker.js +99 -0
package/dist/core/v4/daemon/resourceRegistry.js +150 -0
package/dist/core/v4/daemon/restartCode.js +32 -0
package/dist/core/v4/daemon/restartFailureCounter.js +77 -0
package/dist/core/v4/daemon/runStore.js +144 -0
package/dist/core/v4/daemon/runtimeLock.js +167 -0
package/dist/core/v4/daemon/signals.js +50 -0
package/dist/core/v4/daemon/supervisor.js +272 -0
package/dist/core/v4/daemon/triggerBus.js +279 -0
package/dist/core/v4/daemon/triggers/email/allowlist.js +70 -0
package/dist/core/v4/daemon/triggers/email/automatedSender.js +78 -0
package/dist/core/v4/daemon/triggers/email/bodyExtractor.js +0 -0
package/dist/core/v4/daemon/triggers/email/emailSeenStore.js +99 -0
package/dist/core/v4/daemon/triggers/email/emailSpec.js +107 -0
package/dist/core/v4/daemon/triggers/email/imapConnection.js +211 -0
package/dist/core/v4/daemon/triggers/email/index.js +332 -0
package/dist/core/v4/daemon/triggers/email/seenUids.js +60 -0
package/dist/core/v4/daemon/triggers/fileObservationsStore.js +93 -0
package/dist/core/v4/daemon/triggers/fileWatcher.js +253 -0
package/dist/core/v4/daemon/triggers/fileWatcherSpec.js +88 -0
package/dist/core/v4/daemon/triggers/fsIdentity.js +42 -0
package/dist/core/v4/daemon/triggers/globMatcher.js +100 -0
package/dist/core/v4/daemon/triggers/reconcile.js +206 -0
package/dist/core/v4/daemon/triggers/settleStat.js +81 -0
package/dist/core/v4/daemon/triggers/webhook.js +376 -0
package/dist/core/v4/daemon/triggers/webhookDeliveriesStore.js +109 -0
package/dist/core/v4/daemon/triggers/webhookIdempotency.js +72 -0
package/dist/core/v4/daemon/triggers/webhookRateLimit.js +56 -0
package/dist/core/v4/daemon/triggers/webhookSpec.js +76 -0
package/dist/core/v4/daemon/triggers/webhookVerifier.js +128 -0
package/dist/core/v4/daemon/types.js +15 -0
package/dist/core/v4/dockerSession.js +461 -0
package/dist/core/v4/dryRun.js +117 -0
package/dist/core/v4/failureClassifier.js +779 -0
package/dist/core/v4/providerFallback.js +35 -2
package/dist/core/v4/recoveryReport.js +449 -0
package/dist/core/v4/runtimeToggles.js +214 -0
package/dist/core/v4/sandboxConfig.js +285 -0
package/dist/core/v4/sandboxFs.js +316 -0
package/dist/core/v4/selfimprovement/recoveryStore.js +307 -0
package/dist/core/v4/selfimprovement/signatureBuilder.js +158 -0
package/dist/core/v4/subagent/childBuilder.js +391 -0
package/dist/core/v4/subagent/fanout.js +75 -51
package/dist/core/v4/subagent/spawnPause.js +191 -0
package/dist/core/v4/subagent/spawnSubAgent.js +310 -0
package/dist/core/v4/suggestionCatalog.js +41 -0
package/dist/core/v4/suggestionEngine.js +210 -0
package/dist/core/v4/toolRegistry.js +37 -3
package/dist/core/v4/turnState.js +587 -0
package/dist/core/v4/update/checkUpdate.js +63 -3
package/dist/core/v4/update/installMethodDetect.js +115 -0
package/dist/core/v4/update/registryClient.js +121 -0
package/dist/core/v4/update/skipState.js +75 -0
package/dist/core/v4/verifier.js +448 -0
package/dist/core/version.js +1 -1
package/dist/moat/plannerGuard.js +29 -0
package/dist/providers/v4/anthropicAdapter.js +31 -3
package/dist/providers/v4/chatCompletionsAdapter.js +26 -3
package/dist/providers/v4/codexResponsesAdapter.js +25 -2
package/dist/providers/v4/ollamaPromptToolsAdapter.js +57 -2
package/dist/tools/v4/browser/_observer.js +224 -0
package/dist/tools/v4/browser/browserBlocker.js +396 -0
package/dist/tools/v4/browser/browserClick.js +18 -1
package/dist/tools/v4/browser/browserClose.js +18 -1
package/dist/tools/v4/browser/browserExtract.js +5 -1
package/dist/tools/v4/browser/browserFill.js +17 -1
package/dist/tools/v4/browser/browserGetUrl.js +5 -1
package/dist/tools/v4/browser/browserNavigate.js +16 -1
package/dist/tools/v4/browser/browserScreenshot.js +5 -1
package/dist/tools/v4/browser/browserScroll.js +18 -1
package/dist/tools/v4/browser/browserType.js +17 -1
package/dist/tools/v4/browser/captchaCheck.js +5 -1
package/dist/tools/v4/executeCode.js +1 -0
package/dist/tools/v4/files/fileCopy.js +56 -2
package/dist/tools/v4/files/fileDelete.js +38 -1
package/dist/tools/v4/files/fileList.js +12 -1
package/dist/tools/v4/files/fileMove.js +59 -2
package/dist/tools/v4/files/filePatch.js +43 -1
package/dist/tools/v4/files/fileRead.js +12 -1
package/dist/tools/v4/files/fileWrite.js +41 -1
package/dist/tools/v4/index.js +88 -61
package/dist/tools/v4/memory/memoryAdd.js +14 -0
package/dist/tools/v4/memory/memoryRemove.js +14 -0
package/dist/tools/v4/memory/memoryReplace.js +15 -0
package/dist/tools/v4/memory/sessionSummary.js +12 -0
package/dist/tools/v4/process/processKill.js +19 -0
package/dist/tools/v4/process/processList.js +1 -0
package/dist/tools/v4/process/processLogRead.js +1 -0
package/dist/tools/v4/process/processSpawn.js +13 -0
package/dist/tools/v4/process/processWait.js +1 -0
package/dist/tools/v4/sessions/recallSession.js +1 -0
package/dist/tools/v4/sessions/sessionList.js +1 -0
package/dist/tools/v4/sessions/sessionSearch.js +1 -0
package/dist/tools/v4/skills/lookupToolSchema.js +7 -0
package/dist/tools/v4/skills/skillManage.js +13 -0
package/dist/tools/v4/skills/skillView.js +1 -0
package/dist/tools/v4/skills/skillsList.js +1 -0
package/dist/tools/v4/subagent/spawnSubAgentTool.js +334 -0
package/dist/tools/v4/subagent/subagentFanout.js +54 -1
package/dist/tools/v4/system/aidenSelfUpdate.js +16 -0
package/dist/tools/v4/system/appClose.js +13 -0
package/dist/tools/v4/system/appInput.js +13 -0
package/dist/tools/v4/system/appLaunch.js +13 -0
package/dist/tools/v4/system/clipboardRead.js +1 -0
package/dist/tools/v4/system/clipboardWrite.js +14 -0
package/dist/tools/v4/system/mediaKey.js +12 -0
package/dist/tools/v4/system/mediaSessions.js +1 -0
package/dist/tools/v4/system/mediaTransport.js +13 -0
package/dist/tools/v4/system/naturalEvents.js +1 -0
package/dist/tools/v4/system/nowPlaying.js +1 -0
package/dist/tools/v4/system/osProcessList.js +1 -0
package/dist/tools/v4/system/screenshot.js +1 -0
package/dist/tools/v4/system/systemInfo.js +1 -0
package/dist/tools/v4/system/volumeSet.js +17 -0
package/dist/tools/v4/terminal/shellExec.js +81 -9
package/dist/tools/v4/web/deepResearch.js +1 -0
package/dist/tools/v4/web/openUrl.js +1 -0
package/dist/tools/v4/web/webFetch.js +1 -0
package/dist/tools/v4/web/webPage.js +1 -0
package/dist/tools/v4/web/webSearch.js +1 -0
package/dist/tools/v4/web/youtubeSearch.js +1 -0
package/package.json +13 -3

package/dist/providers/v4/codexResponsesAdapter.js CHANGED Viewed

@@ -104,7 +104,7 @@ class CodexResponsesAdapter {
     // ── Public: non-streaming entry ─────────────────────────────────────
     async call(input) {
         const body = this.buildBody(input);
-        const reply = await this.dispatch(body);
+        const reply = await this.dispatch(body, input.signal);
         // Codex backend always streams; aggregate the SSE frames into the
         // same shape the JSON path returns. Plain api.openai.com path returns
         // JSON directly.
@@ -175,7 +175,7 @@ class CodexResponsesAdapter {
         }
         return { ...headers, ...this.extraHeaders };
     }
-    async dispatch(body) {
+    async dispatch(body, externalSignal) {
         const headers = this.buildHeaders();
         const serialised = JSON.stringify(body);
         const totalTries = this.maxRetries + 1;
@@ -183,6 +183,19 @@ class CodexResponsesAdapter {
         for (let attempt = 0; attempt < totalTries; attempt++) {
             const controller = new AbortController();
             const timer = setTimeout(() => controller.abort(), this.timeoutMs);
+            // v4.6 prep — forward external abort into the internal controller.
+            // External aborts surface as raw AbortError so AidenAgent routes
+            // them as 'interrupted' rather than retrying as ProviderTimeoutError.
+            let externalAbortHandler = null;
+            if (externalSignal) {
+                if (externalSignal.aborted) {
+                    controller.abort();
+                }
+                else {
+                    externalAbortHandler = () => controller.abort();
+                    externalSignal.addEventListener('abort', externalAbortHandler, { once: true });
+                }
+            }
             let response;
             try {
                 response = await fetch(this.endpoint, {
@@ -194,7 +207,14 @@ class CodexResponsesAdapter {
             }
             catch (err) {
                 clearTimeout(timer);
+                if (externalAbortHandler && externalSignal) {
+                    externalSignal.removeEventListener('abort', externalAbortHandler);
+                }
                 if (err?.name === 'AbortError') {
+                    // v4.6 prep — external abort takes priority over internal timeout.
+                    if (externalSignal?.aborted) {
+                        throw err;
+                    }
                     lastErr = new errors_1.ProviderTimeoutError(this.providerName, this.timeoutMs);
                 }
                 else {
@@ -207,6 +227,9 @@ class CodexResponsesAdapter {
                 throw lastErr;
             }
             clearTimeout(timer);
+            if (externalAbortHandler && externalSignal) {
+                externalSignal.removeEventListener('abort', externalAbortHandler);
+            }
             if (response.ok)
                 return response;
             const status = response.status;

package/dist/providers/v4/ollamaPromptToolsAdapter.js CHANGED Viewed

@@ -63,7 +63,7 @@ class OllamaPromptToolsAdapter {
         let lastError = null;
         for (let attempt = 1; attempt <= totalAttempts; attempt += 1) {
             try {
-                const response = await this.fetchWithTimeout(url, headers, body);
+                const response = await this.fetchWithTimeout(url, headers, body, input.signal);
                 if (response.ok) {
                     const json = (await response.json());
                     return this.parseResponse(json);
@@ -134,6 +134,17 @@ class OllamaPromptToolsAdapter {
         const headers = { 'Content-Type': 'application/json' };
         const controller = new AbortController();
         const timer = setTimeout(() => controller.abort(), this.timeoutMs);
+        // v4.6 prep — forward external abort into the internal controller.
+        let externalAbortHandler = null;
+        if (input.signal) {
+            if (input.signal.aborted) {
+                controller.abort();
+            }
+            else {
+                externalAbortHandler = () => controller.abort();
+                input.signal.addEventListener('abort', externalAbortHandler, { once: true });
+            }
+        }
         let response;
         try {
             response = await fetch(url, {
@@ -145,13 +156,23 @@ class OllamaPromptToolsAdapter {
         }
         catch (err) {
             clearTimeout(timer);
+            if (externalAbortHandler && input.signal) {
+                input.signal.removeEventListener('abort', externalAbortHandler);
+            }
             if (err instanceof Error && err.name === 'AbortError') {
+                // v4.6 prep — external abort takes priority over internal timeout.
+                if (input.signal?.aborted) {
+                    throw err;
+                }
                 throw new errors_1.ProviderTimeoutError(this.providerName, this.timeoutMs);
             }
             throw new errors_1.ProviderError(`Ollama not reachable at ${this.baseUrl}: ${err instanceof Error ? err.message : String(err)}`, this.providerName, undefined, err, true);
         }
         if (!response.ok) {
             clearTimeout(timer);
+            if (externalAbortHandler && input.signal) {
+                input.signal.removeEventListener('abort', externalAbortHandler);
+            }
             const status = response.status;
             const rawText = await this.safeReadText(response);
             // Phase v4.1.1-oauth-fix Phase 5: composeMessage handles body
@@ -160,8 +181,15 @@ class OllamaPromptToolsAdapter {
         }
         if (!response.body) {
             clearTimeout(timer);
+            if (externalAbortHandler && input.signal) {
+                input.signal.removeEventListener('abort', externalAbortHandler);
+            }
             throw new errors_1.ProviderError(`Provider ${this.providerName} returned an empty stream body`, this.providerName);
         }
+        // Response is good; the stream consumer will run for a while. The
+        // controller stays armed (with `externalSignal` still listening) so
+        // that mid-stream aborts cancel reader.read() via fetch's signal.
+        // Listener cleanup happens in the stream-consumer try/finally below.
         const reader = response.body.getReader();
         const decoder = new TextDecoder('utf-8');
         let lineBuffer = '';
@@ -223,10 +251,18 @@ class OllamaPromptToolsAdapter {
         }
         catch (err) {
             clearTimeout(timer);
+            // v4.6 prep — external abort during mid-stream read surfaces as
+            // AbortError; re-throw so AidenAgent routes it as 'interrupted'.
+            if (err instanceof Error && err.name === 'AbortError' && input.signal?.aborted) {
+                throw err;
+            }
             throw new errors_1.ProviderError(`Provider ${this.providerName} stream interrupted: ${err instanceof Error ? err.message : String(err)}`, this.providerName, undefined, err, true);
         }
         finally {
             clearTimeout(timer);
+            if (externalAbortHandler && input.signal) {
+                input.signal.removeEventListener('abort', externalAbortHandler);
+            }
             try {
                 reader.releaseLock();
             }
@@ -422,9 +458,20 @@ class OllamaPromptToolsAdapter {
         const textBefore = firstTagIdx >= 0 ? text.slice(0, firstTagIdx).trim() : text;
         return { textBefore, toolCalls };
     }
-    async fetchWithTimeout(url, headers, body) {
+    async fetchWithTimeout(url, headers, body, externalSignal) {
         const controller = new AbortController();
         const timer = setTimeout(() => controller.abort(), this.timeoutMs);
+        // v4.6 prep — forward external abort into the internal controller.
+        let externalAbortHandler = null;
+        if (externalSignal) {
+            if (externalSignal.aborted) {
+                controller.abort();
+            }
+            else {
+                externalAbortHandler = () => controller.abort();
+                externalSignal.addEventListener('abort', externalAbortHandler, { once: true });
+            }
+        }
         try {
             return await fetch(url, {
                 method: 'POST',
@@ -435,12 +482,20 @@ class OllamaPromptToolsAdapter {
         }
         catch (err) {
             if (err instanceof Error && err.name === 'AbortError') {
+                // v4.6 prep — external abort takes priority over internal timeout.
+                // Surface the raw AbortError so AidenAgent routes it as 'interrupted'.
+                if (externalSignal?.aborted) {
+                    throw err;
+                }
                 throw new errors_1.ProviderTimeoutError(this.providerName, this.timeoutMs);
             }
             throw err;
         }
         finally {
             clearTimeout(timer);
+            if (externalAbortHandler && externalSignal) {
+                externalSignal.removeEventListener('abort', externalAbortHandler);
+            }
         }
     }
     async safeReadText(response) {

package/dist/tools/v4/browser/_observer.js ADDED Viewed

@@ -0,0 +1,224 @@
+"use strict";
+/**
+ * Copyright (c) 2026 Shiva Deore (Taracod).
+ * Licensed under AGPL-3.0. See LICENSE for details.
+ *
+ * Aiden — local-first agent.
+ */
+/**
+ * tools/v4/browser/_observer.ts — v4.3 Phase 1 + 2: shared BrowserState
+ * observer + stale-ref retry HOC for browser ToolHandlers.
+ *
+ * One BrowserState lives per server process (lifecycle matches the
+ * persistent playwrightBridge context). Every browser tool wraps its
+ * ToolHandler in `withBrowserState(...)` so the observer's pre/post
+ * snapshot capture happens automatically.
+ *
+ * Phase 1 — observer captures pre/post snapshots and embeds them as
+ * a `browserState` sidecar on the tool result when
+ * browser depth is enabled (default ON; opt-out via
+ * AIDEN_BROWSER_DEPTH=0). No-op when disabled.
+ *
+ * Phase 2 — stale-ref recovery. When an interactive browser tool
+ * (browser_click / browser_type / browser_fill) returns a
+ * resolution-class failure (`element not found`, `not visible`,
+ * `not attached`, `timeout`, `target closed`), the HOC resnapshots
+ * and retries the inner execute ONCE with the same args. The retry
+ * logic is reactive only — no preflight tax on success paths. The
+ * retry attempt + outcome lands on `ActionResult.staleRefRetry`
+ * for Phase 5's classifier to consume.
+ *
+ * The one-retry hard cap is the consult-derived non-negotiable: a
+ * second retry doesn't help (the cause isn't transient) and starts
+ * looking like agent thrashing. If the retry fails, the original
+ * failure result is preserved — same error message, but with the
+ * `staleRefRetry: { attempted: true, succeeded: false, ... }`
+ * sidecar so the classifier can recognise the pattern.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.STALE_REF_PATTERNS = exports.STALE_REF_RETRYABLE = exports.browserState = void 0;
+exports.detectStaleRefError = detectStaleRefError;
+exports.withBrowserState = withBrowserState;
+const browserState_1 = require("../../../core/v4/browserState");
+const browserBlocker_1 = require("./browserBlocker");
+const playwrightBridge_1 = require("../../../core/playwrightBridge");
+/**
+ * Shared observer — one instance per server process. The HOC closes
+ * over this reference so all 9 browser tools share the same snapshot
+ * counter and gating decision.
+ *
+ * Tests can construct their own BrowserState with a stubbed bridge
+ * loader and call `withBrowserState(handler, customState)` directly.
+ */
+exports.browserState = (0, browserState_1.createBrowserState)();
+// ── Phase 2 — stale-ref retry primitives ─────────────────────────────
+/**
+ * Interactive browser tools that operate on a selector. Stale-ref
+ * retry only fires for these — other tools either don't take a
+ * selector (browser_navigate, browser_close, browser_get_url) or
+ * are read-only (browser_extract, browser_screenshot, browser_scroll).
+ */
+exports.STALE_REF_RETRYABLE = new Set([
+    'browser_click',
+    'browser_type',
+    'browser_fill',
+]);
+/**
+ * Error-message patterns that indicate a resolution-class failure
+ * (DOM lookup failed BEFORE any side-effect-producing action fired).
+ * Phase 2 retries only on these — never on action-failure messages
+ * (network errors, permission denials, etc.).
+ *
+ * The patterns are case-insensitive substrings; one match is enough.
+ * False positives are tolerable — retry-once costs ~200ms and produces
+ * the same result on the second attempt. False negatives miss the
+ * common transient-race case, so bias toward sensitivity.
+ */
+exports.STALE_REF_PATTERNS = [
+    /element not found/i,
+    /not visible/i,
+    /not attached/i,
+    /detached from the DOM/i,
+    /target closed/i,
+    /timeout \d+ms exceeded/i,
+];
+/**
+ * Check if a tool result represents a resolution-class failure.
+ * Returns the matched pattern (as a short string) when stale, null
+ * otherwise. Pure helper, exported for tests.
+ */
+function detectStaleRefError(result) {
+    if (result === null || result === undefined || typeof result !== 'object')
+        return null;
+    const r = result;
+    if (r.success !== false)
+        return null;
+    if (typeof r.error !== 'string' || r.error.length === 0)
+        return null;
+    for (const pattern of exports.STALE_REF_PATTERNS) {
+        if (pattern.test(r.error)) {
+            return pattern.source;
+        }
+    }
+    return null;
+}
+/**
+ * Test whether a tool result represents success. Used by the HOC to
+ * decide whether the retry "succeeded" and should become canonical.
+ */
+function isSuccessResult(result) {
+    if (result === null || result === undefined || typeof result !== 'object')
+        return false;
+    return result.success === true;
+}
+const defaultPageTextFetcher = () => (0, playwrightBridge_1.pwSnapshot)();
+function withBrowserState(handler, state = exports.browserState,
+/**
+ * Optional page-text fetcher. Production code uses pwSnapshot;
+ * tests inject a stub returning canned text for the blocker
+ * detection tier. The fetcher is called ONCE per action when
+ * browser depth is enabled — disabled path skips entirely.
+ */
+pageTextFetcher = defaultPageTextFetcher) {
+    return {
+        ...handler,
+        async execute(args, ctx) {
+            if (!state.isEnabled()) {
+                return handler.execute(args, ctx);
+            }
+            const pre = await state.captureState();
+            let result = await handler.execute(args, ctx);
+            // v4.3 Phase 3 — manual-blocker detection. Runs on every
+            // browser-tool result when enabled. Uses the configured
+            // page-text fetcher (pwSnapshot in production). Detection
+            // never breaks the inner tool — pwSnapshot is wrapped in
+            // try/catch via the fetcher itself; failures produce no
+            // blocker and no observer sidecar field.
+            //
+            // The detected blocker is BOTH embedded on the result sidecar
+            // (Phase 5 + chat layer consumers) AND used to suppress
+            // Phase 2's stale-ref retry below. Pause-and-surface contract
+            // (Q-CDP5) — never auto-action a blocker.
+            let blocker;
+            try {
+                const snap = await pageTextFetcher();
+                if (snap.ok && snap.text) {
+                    const url = result?.url ?? '';
+                    const detected = (0, browserBlocker_1.detectBlocker)({ text: snap.text, url });
+                    if (detected)
+                        blocker = detected;
+                }
+            }
+            catch { /* detection never breaks the inner tool */ }
+            // v4.3 Phase 4 — propagate blocker (or its absence) to the
+            // active tab's metadata in BrowserState. Cross-tab queries can
+            // then ask "is there a pending blocker on any tab" without
+            // re-running detection. No-op when state is disabled or when
+            // the tabs map has no active entry (the reconciliation in
+            // captureState above sets activeTabId).
+            try {
+                state.updateActiveTabBlocker(blocker
+                    ? {
+                        kind: blocker.kind,
+                        subtype: blocker.subtype,
+                        url: blocker.url,
+                        confidence: blocker.confidence,
+                    }
+                    : null);
+            }
+            catch { /* defensive — tab updates never break the inner tool */ }
+            // v4.3 Phase 2 — stale-ref retry. Reactive: fires only after a
+            // resolution-class failure on an interactive tool. One retry
+            // hard cap. Safe because the resolution-class errors fire
+            // BEFORE any DOM event is dispatched, so retry can't double-act.
+            //
+            // v4.3 Phase 3 suppression: skip the retry when a manual
+            // blocker is present (`!blocker` gate). A blocker means the
+            // page is asking for human action — retrying the same tool
+            // call against a sign-in wall or 2FA prompt won't help and
+            // looks like agent thrashing.
+            let staleRefRetry;
+            if (pre && !blocker &&
+                exports.STALE_REF_RETRYABLE.has(handler.schema.name)) {
+                const staleReason = detectStaleRefError(result);
+                if (staleReason !== null) {
+                    // Resnapshot — the "between" state. We use it for the
+                    // diagnostic state_delta. The retry fires unconditionally
+                    // (per Q-P2-3 single-signal rule): even when DOM hash
+                    // hasn't changed, a transient race condition (element
+                    // attached one tick after the original timeout) is the
+                    // common case the retry catches.
+                    const between = await state.captureState();
+                    const state_delta = state.computeStateDelta(pre, between);
+                    const retryResult = await handler.execute(args, ctx);
+                    const retryOk = isSuccessResult(retryResult);
+                    staleRefRetry = {
+                        attempted: true,
+                        succeeded: retryOk,
+                        reason: staleReason,
+                        state_delta,
+                    };
+                    // If retry succeeded, the retry result becomes canonical.
+                    // If retry failed, keep the original failure — its error
+                    // context is what the model needs to see, and a same-error
+                    // retry would just look like duplicated chrome.
+                    if (retryOk)
+                        result = retryResult;
+                }
+            }
+            const post = await state.captureState();
+            const observerMeta = state.buildActionResult({ pre, post });
+            if (observerMeta &&
+                result !== null && result !== undefined &&
+                typeof result === 'object' && !Array.isArray(result)) {
+                const sidecar = {
+                    ...observerMeta,
+                    ...(staleRefRetry && { staleRefRetry }),
+                    ...(blocker && { blocker }),
+                };
+                return { ...result, browserState: sidecar };
+            }
+            return result;
+        },
+    };
+}