bmalph 2.7.4 → 2.7.6

package/ralph/drivers/cursor.sh

@@ -1,11 +1,7 @@
 #!/bin/bash
-# Cursor CLI driver for Ralph (EXPERIMENTAL)
-# Provides platform-specific CLI invocation logic for Cursor CLI.
-#
-# Known limitations:
-# - CLI is in beta — binary name and flags may change
-# - NDJSON stream format assumes {type: "text", content: "..."} events
-# - Session continuity is disabled until Cursor exposes a stable capturable session ID
+# Cursor CLI driver for Ralph
+# Uses the documented cursor-agent contract for background execution and
+# switches to stream-json only for live display paths.
 
 driver_name() {
     echo "cursor"
@@ -42,7 +38,6 @@ driver_check_available() {
     command -v "$cli_binary" &>/dev/null
 }
 
-# Cursor CLI tool names
 driver_valid_tools() {
     VALID_TOOL_PATTERNS=(
         "file_edit"
@@ -53,10 +48,17 @@ driver_valid_tools() {
     )
 }
 
-# Build Cursor CLI command
-# Context is prepended to the prompt (same pattern as Codex/Copilot drivers).
-# Uses --print for headless mode, --force for autonomous execution,
-# --output-format stream-json for NDJSON streaming.
+driver_supports_tool_allowlist() {
+    return 1
+}
+
+driver_permission_denial_help() {
+    echo "  - $DRIVER_DISPLAY_NAME uses its native permission model."
+    echo "  - ALLOWED_TOOLS in $RALPHRC_FILE is ignored for this driver."
+    echo "  - Ralph already runs Cursor with --force."
+    echo "  - Review Cursor permissions or approval settings, then restart the loop."
+}
+
 driver_build_command() {
     local prompt_file=$1
     local loop_context=$2
@@ -76,16 +78,12 @@ driver_build_command() {
         CLAUDE_CMD_ARGS+=("$cli_binary")
     fi
 
-    # Headless mode
-    CLAUDE_CMD_ARGS+=("--print")
-
-    # Autonomous execution
-    CLAUDE_CMD_ARGS+=("--force")
+    CLAUDE_CMD_ARGS+=("-p" "--force" "--output-format" "json")
 
-    # NDJSON streaming output
-    CLAUDE_CMD_ARGS+=("--output-format" "stream-json")
+    if [[ "$CLAUDE_USE_CONTINUE" == "true" && -n "$session_id" ]]; then
+        CLAUDE_CMD_ARGS+=("--resume" "$session_id")
+    fi
 
-    # Build prompt with context prepended
     local prompt_content
     if driver_running_on_windows; then
         prompt_content=$(driver_build_windows_bootstrap_prompt "$loop_context" "$prompt_file")
@@ -102,20 +100,43 @@ $prompt_content"
 }
 
 driver_supports_sessions() {
-    return 1  # false — session IDs are not capturable from current NDJSON output
+    return 0
 }
 
 driver_supports_live_output() {
-    return 0  # true
+    return 0
 }
 
 driver_prepare_live_command() {
-    LIVE_CMD_ARGS=("${CLAUDE_CMD_ARGS[@]}")
+    LIVE_CMD_ARGS=()
+    local skip_next=false
+
+    for arg in "${CLAUDE_CMD_ARGS[@]}"; do
+        if [[ "$skip_next" == "true" ]]; then
+            LIVE_CMD_ARGS+=("stream-json")
+            skip_next=false
+        elif [[ "$arg" == "--output-format" ]]; then
+            LIVE_CMD_ARGS+=("$arg")
+            skip_next=true
+        else
+            LIVE_CMD_ARGS+=("$arg")
+        fi
+    done
+
+    if [[ "$skip_next" == "true" ]]; then
+        return 1
+    fi
 }
 
-# Cursor CLI outputs NDJSON events
 driver_stream_filter() {
-    echo 'select(.type == "text") | .content // empty'
+    echo '
+        if .type == "assistant" then
+            [(.message.content[]? | select(.type == "text") | .text)] | join("\n")
+        elif .type == "tool_call" then
+            "\n\n⚡ [" + (.tool_call.name // .name // "tool_call") + "]\n"
+        else
+            empty
+        end'
 }
 
 driver_running_on_windows() {
@@ -208,10 +229,18 @@ driver_localappdata_cli_binary() {
         local_app_data=$(cygpath -u "$local_app_data")
     fi
 
-    local candidate="$local_app_data/cursor-agent/agent.cmd"
-    if [[ -f "$candidate" ]]; then
-        echo "$candidate"
-    fi
+    local candidates=(
+        "$local_app_data/cursor-agent/cursor-agent.cmd"
+        "$local_app_data/cursor-agent/agent.cmd"
+    )
+
+    local candidate
+    for candidate in "${candidates[@]}"; do
+        if [[ -f "$candidate" ]]; then
+            echo "$candidate"
+            return 0
+        fi
+    done
 }
 
 driver_wrapper_path() {

package/ralph/lib/circuit_breaker.sh

@@ -203,7 +203,7 @@ record_loop_result() {
         has_permission_denials=$(jq -r '.analysis.has_permission_denials // false' "$response_analysis_file" 2>/dev/null || echo "false")
     fi
 
-    if [[ "$has_permission_denials" == "true" ]]; then
+    if [[ "${PERMISSION_DENIAL_MODE:-halt}" == "threshold" && "$has_permission_denials" == "true" ]]; then
         consecutive_permission_denials=$((consecutive_permission_denials + 1))
     else
         consecutive_permission_denials=0
@@ -248,7 +248,7 @@ record_loop_result() {
             # Permission denials take highest priority (Issue #101)
             if [[ $consecutive_permission_denials -ge $CB_PERMISSION_DENIAL_THRESHOLD ]]; then
                 new_state="$CB_STATE_OPEN"
-                reason="Permission denied in $consecutive_permission_denials consecutive loops - update ALLOWED_TOOLS in .ralphrc"
+                reason="Permission denied in $consecutive_permission_denials consecutive loops"
             elif [[ $consecutive_no_progress -ge $CB_NO_PROGRESS_THRESHOLD ]]; then
                 new_state="$CB_STATE_OPEN"
                 reason="No progress detected in $consecutive_no_progress consecutive loops"
@@ -266,7 +266,7 @@ record_loop_result() {
             # Permission denials take highest priority (Issue #101)
             if [[ $consecutive_permission_denials -ge $CB_PERMISSION_DENIAL_THRESHOLD ]]; then
                 new_state="$CB_STATE_OPEN"
-                reason="Permission denied in $consecutive_permission_denials consecutive loops - update ALLOWED_TOOLS in .ralphrc"
+                reason="Permission denied in $consecutive_permission_denials consecutive loops"
             elif [[ "$has_progress" == "true" ]]; then
                 new_state="$CB_STATE_CLOSED"
                 reason="Progress detected, circuit recovered"

package/ralph/lib/date_utils.sh

@@ -49,35 +49,37 @@ get_epoch_seconds() {
 # Convert ISO 8601 timestamp to Unix epoch seconds
 # Input: ISO timestamp (e.g., "2025-01-15T10:30:00+00:00")
 # Returns: Unix epoch seconds on stdout
-# Falls back to current epoch on parse failure (safe default)
-parse_iso_to_epoch() {
+# Returns non-zero on parse failure.
+parse_iso_to_epoch_strict() {
     local iso_timestamp=$1
 
     if [[ -z "$iso_timestamp" || "$iso_timestamp" == "null" ]]; then
-        date +%s
-        return
+        return 1
     fi
 
+    local normalized_iso
+    normalized_iso=$(printf '%s' "$iso_timestamp" | sed -E 's/\.([0-9]+)(Z|[+-][0-9]{2}:[0-9]{2})$/\2/')
+
     # Try GNU date -d (Linux, macOS with Homebrew coreutils)
     local result
     if result=$(date -d "$iso_timestamp" +%s 2>/dev/null) && [[ "$result" =~ ^[0-9]+$ ]]; then
         echo "$result"
-        return
+        return 0
     fi
 
     # Try BSD date -j (native macOS)
     # Normalize timezone for BSD parsing (Z → +0000, ±HH:MM → ±HHMM)
     local tz_fixed
-    tz_fixed=$(echo "$iso_timestamp" | sed -E 's/Z$/+0000/; s/([+-][0-9]{2}):([0-9]{2})$/\1\2/')
+    tz_fixed=$(printf '%s' "$normalized_iso" | sed -E 's/Z$/+0000/; s/([+-][0-9]{2}):([0-9]{2})$/\1\2/')
     if result=$(date -j -f "%Y-%m-%dT%H:%M:%S%z" "$tz_fixed" +%s 2>/dev/null) && [[ "$result" =~ ^[0-9]+$ ]]; then
         echo "$result"
-        return
+        return 0
     fi
 
     # Fallback: manual epoch arithmetic from ISO components
     # Parse: YYYY-MM-DDTHH:MM:SS (ignore timezone, assume UTC)
     local year month day hour minute second
-    if [[ "$iso_timestamp" =~ ^([0-9]{4})-([0-9]{2})-([0-9]{2})T([0-9]{2}):([0-9]{2}):([0-9]{2}) ]]; then
+    if [[ "$normalized_iso" =~ ^([0-9]{4})-([0-9]{2})-([0-9]{2})T([0-9]{2}):([0-9]{2}):([0-9]{2}) ]]; then
         year="${BASH_REMATCH[1]}"
         month="${BASH_REMATCH[2]}"
         day="${BASH_REMATCH[3]}"
@@ -88,10 +90,26 @@ parse_iso_to_epoch() {
         # Use date with explicit components if available
         if result=$(date -u -d "${year}-${month}-${day} ${hour}:${minute}:${second}" +%s 2>/dev/null) && [[ "$result" =~ ^[0-9]+$ ]]; then
             echo "$result"
-            return
+            return 0
         fi
     fi
 
+    return 1
+}
+
+# Convert ISO 8601 timestamp to Unix epoch seconds
+# Input: ISO timestamp (e.g., "2025-01-15T10:30:00+00:00")
+# Returns: Unix epoch seconds on stdout
+# Falls back to current epoch on parse failure (safe default)
+parse_iso_to_epoch() {
+    local iso_timestamp=$1
+    local result
+
+    if result=$(parse_iso_to_epoch_strict "$iso_timestamp"); then
+        echo "$result"
+        return 0
+    fi
+
     # Ultimate fallback: return current epoch (safe default)
     date +%s
 }
@@ -101,4 +119,5 @@ export -f get_iso_timestamp
 export -f get_next_hour_time
 export -f get_basic_timestamp
 export -f get_epoch_seconds
+export -f parse_iso_to_epoch_strict
 export -f parse_iso_to_epoch

package/ralph/lib/response_analyzer.sh

@@ -22,6 +22,103 @@ RALPH_DIR="${RALPH_DIR:-.ralph}"
 COMPLETION_KEYWORDS=("done" "complete" "finished" "all tasks complete" "project complete" "ready for review")
 TEST_ONLY_PATTERNS=("npm test" "bats" "pytest" "jest" "cargo test" "go test" "running tests")
 NO_WORK_PATTERNS=("nothing to do" "no changes" "already implemented" "up to date")
+PERMISSION_DENIAL_INLINE_PATTERNS=(
+    "requires approval before it can run"
+    "requires approval before it can proceed"
+    "not allowed to use tool"
+    "not permitted to use tool"
+)
+
+extract_permission_signal_text() {
+    local text=$1
+
+    if [[ -z "$text" ]]; then
+        echo ""
+        return 0
+    fi
+
+    # Only inspect the response preamble for tool refusals. Later paragraphs and
+    # copied logs often contain old permission errors that should not halt Ralph.
+    local signal_source="${text//$'\r'/}"
+    if [[ "$signal_source" == *"---RALPH_STATUS---"* ]]; then
+        signal_source="${signal_source%%---RALPH_STATUS---*}"
+    fi
+
+    local signal_text=""
+    local non_empty_lines=0
+    local trimmed=""
+    local line=""
+
+    while IFS= read -r line; do
+        trimmed="${line#"${line%%[![:space:]]*}"}"
+        trimmed="${trimmed%"${trimmed##*[![:space:]]}"}"
+
+        if [[ -z "$trimmed" ]]; then
+            if [[ $non_empty_lines -gt 0 ]]; then
+                break
+            fi
+            continue
+        fi
+
+        signal_text+="$trimmed"$'\n'
+        ((non_empty_lines += 1))
+        if [[ $non_empty_lines -ge 5 ]]; then
+            break
+        fi
+    done <<< "$signal_source"
+
+    printf '%s' "$signal_text"
+}
+
+permission_denial_line_matches() {
+    local normalized=$1
+
+    case "$normalized" in
+        permission\ denied:*|denied\ permission:*)
+            [[ "$normalized" == *approval* || "$normalized" == *tool* || "$normalized" == *command* || "$normalized" == *blocked* || "$normalized" == *"not allowed"* || "$normalized" == *"not permitted"* ]]
+            return
+            ;;
+        approval\ required:*)
+            [[ "$normalized" == *run* || "$normalized" == *proceed* || "$normalized" == *tool* || "$normalized" == *command* || "$normalized" == *blocked* ]]
+            return
+            ;;
+    esac
+
+    return 1
+}
+
+contains_permission_denial_signal() {
+    local signal_text=$1
+
+    if [[ -z "$signal_text" ]]; then
+        return 1
+    fi
+
+    local line
+    while IFS= read -r line; do
+        local trimmed="${line#"${line%%[![:space:]]*}"}"
+        local normalized="${trimmed,,}"
+
+        if permission_denial_line_matches "$normalized"; then
+            return 0
+        fi
+
+        local pattern
+        for pattern in "${PERMISSION_DENIAL_INLINE_PATTERNS[@]}"; do
+            if [[ "$normalized" == *"$pattern"* ]]; then
+                return 0
+            fi
+        done
+    done <<< "$signal_text"
+
+    return 1
+}
+
+contains_permission_denial_text() {
+    local signal_text
+    signal_text=$(extract_permission_signal_text "$1")
+    contains_permission_denial_signal "$signal_text"
+}
 
 # =============================================================================
 # JSON OUTPUT FORMAT DETECTION AND PARSING
@@ -97,6 +194,37 @@ normalize_codex_jsonl_response() {
     ' "$output_file" > "$normalized_file"
 }
 
+# Normalize Cursor stream-json event output into the object shape expected downstream.
+normalize_cursor_stream_json_response() {
+    local output_file=$1
+    local normalized_file=$2
+
+    jq -rs '
+        def assistant_text($item):
+            [($item.message.content // [])[]? | select(.type == "text") | .text]
+            | join("\n");
+
+        (map(select(.type == "result")) | last // {}) as $result_event
+        | {
+            result: (
+                $result_event.result
+                // (
+                    map(select(.type == "assistant"))
+                    | map(assistant_text(.))
+                    | map(select(length > 0))
+                    | join("\n")
+                )
+            ),
+            sessionId: (
+                $result_event.session_id
+                // (map(select(.type == "system" and .subtype == "init") | .session_id // empty) | first)
+                // ""
+            ),
+            metadata: {}
+        }
+    ' "$output_file" > "$normalized_file"
+}
+
 # Detect whether a multi-document stream matches Codex JSONL events.
 is_codex_jsonl_output() {
     local output_file=$1
@@ -112,6 +240,24 @@ is_codex_jsonl_output() {
     ' < "$output_file" 2>/dev/null
 }
 
+# Detect whether a multi-document stream matches Cursor stream-json events.
+is_cursor_stream_json_output() {
+    local output_file=$1
+
+    jq -n -j '
+        reduce inputs as $item (
+            false;
+            . or (
+                $item.type == "system" or
+                $item.type == "user" or
+                $item.type == "assistant" or
+                $item.type == "tool_call" or
+                $item.type == "result"
+            )
+        )
+    ' < "$output_file" 2>/dev/null
+}
+
 # Normalize structured output to a single object when downstream parsing expects one.
 normalize_json_output() {
     local output_file=$1
@@ -129,6 +275,14 @@ normalize_json_output() {
             return $?
         fi
 
+        local is_cursor_stream_json
+        is_cursor_stream_json=$(is_cursor_stream_json_output "$output_file") || return 1
+
+        if [[ "$is_cursor_stream_json" == "true" ]]; then
+            normalize_cursor_stream_json_response "$output_file" "$normalized_file"
+            return $?
+        fi
+
         return 1
     fi
 
@@ -215,25 +369,45 @@ detect_output_format() {
 
         if [[ "$is_codex_jsonl" == "true" ]]; then
             echo "json"
-        else
+            return
+        fi
+
+        local is_cursor_stream_json
+        is_cursor_stream_json=$(is_cursor_stream_json_output "$output_file") || {
             echo "text"
+            return
+        }
+
+        if [[ "$is_cursor_stream_json" == "true" ]]; then
+            echo "json"
+            return
         fi
-        return
     fi
 
     echo "text"
 }
 
+trim_shell_whitespace() {
+    local value="${1//$'\r'/}"
+
+    value="${value#"${value%%[![:space:]]*}"}"
+    value="${value%"${value##*[![:space:]]}"}"
+
+    printf '%s' "$value"
+}
+
 # Parse JSON response and extract structured fields
 # Creates .ralph/.json_parse_result with normalized analysis data
-# Supports FOUR JSON formats:
+# Supports FIVE JSON formats:
 # 1. Flat format: { status, exit_signal, work_type, files_modified, ... }
 # 2. Claude CLI object format: { result, sessionId, metadata: { files_changed, has_errors, completion_status, ... } }
 # 3. Claude CLI array format: [ {type: "system", ...}, {type: "assistant", ...}, {type: "result", ...} ]
 # 4. Codex JSONL format: {"type":"thread.started",...}\n{"type":"item.completed","item":{...}}
+# 5. Cursor stream-json format: {"type":"assistant",...}\n{"type":"result",...}
 parse_json_response() {
     local output_file=$1
     local result_file="${2:-$RALPH_DIR/.json_parse_result}"
+    local original_output_file=$output_file
     local normalized_file=""
     local json_document_count=""
     local response_shape="object"
@@ -267,7 +441,11 @@ parse_json_response() {
         output_file="$normalized_file"
 
         if [[ "$response_shape" == "jsonl" ]]; then
-            response_shape="codex_jsonl"
+            if is_codex_jsonl_output "$original_output_file" >/dev/null 2>&1; then
+                response_shape="codex_jsonl"
+            else
+                response_shape="cursor_stream_jsonl"
+            fi
         fi
     fi
 
@@ -296,7 +474,7 @@ parse_json_response() {
         if [[ -n "$result_text" ]] && echo "$result_text" | grep -q -- "---RALPH_STATUS---"; then
             # Extract EXIT_SIGNAL value from RALPH_STATUS block within result text
             local embedded_exit_sig
-            embedded_exit_sig=$(echo "$result_text" | grep "EXIT_SIGNAL:" | cut -d: -f2 | tr -d '\r' | xargs)
+            embedded_exit_sig=$(trim_shell_whitespace "$(printf '%s\n' "$result_text" | grep "EXIT_SIGNAL:" | cut -d: -f2)")
             if [[ -n "$embedded_exit_sig" ]]; then
                 # Explicit EXIT_SIGNAL found in RALPH_STATUS block
                 explicit_exit_signal_found="true"
@@ -311,7 +489,7 @@ parse_json_response() {
             # Also check STATUS field as fallback ONLY when EXIT_SIGNAL was not specified
             # This respects explicit EXIT_SIGNAL: false which means "task complete, continue working"
             local embedded_status
-            embedded_status=$(echo "$result_text" | grep "STATUS:" | cut -d: -f2 | tr -d '\r' | xargs)
+            embedded_status=$(trim_shell_whitespace "$(printf '%s\n' "$result_text" | grep "STATUS:" | cut -d: -f2)")
             if [[ "$embedded_status" == "COMPLETE" && "$explicit_exit_signal_found" != "true" ]]; then
                 # STATUS: COMPLETE without any EXIT_SIGNAL field implies completion
                 exit_signal="true"
@@ -341,7 +519,7 @@ parse_json_response() {
     local summary=$(jq -r -j '.result // .summary // ""' "$output_file" 2>/dev/null)
 
     # Session ID: from Claude CLI format (sessionId) OR from metadata.session_id
-    local session_id=$(jq -r -j '.sessionId // .metadata.session_id // ""' "$output_file" 2>/dev/null)
+    local session_id=$(jq -r -j '.sessionId // .metadata.session_id // .session_id // ""' "$output_file" 2>/dev/null)
 
     # Loop number: from metadata
     local loop_number=$(jq -r -j '.metadata.loop_number // .loop_number // 0' "$output_file" 2>/dev/null)
@@ -371,11 +549,19 @@ parse_json_response() {
         denied_commands_json=$(jq -r -j '[.permission_denials[] | if .tool_name == "Bash" then "Bash(\(.tool_input.command // "?" | split("\n")[0] | .[0:60]))" else .tool_name // "unknown" end]' "$output_file" 2>/dev/null || echo "[]")
     fi
 
+    # Heuristic permission-denial matching is limited to the refusal-shaped
+    # response preamble, not arbitrary prose or copied logs later in the body.
+    if [[ "$has_permission_denials" != "true" ]] && contains_permission_denial_text "$summary"; then
+        has_permission_denials="true"
+        permission_denial_count=1
+        denied_commands_json='["permission_denied"]'
+    fi
+
     # Apply completion heuristics to normalized summary text when explicit structured
     # completion markers are absent. This keeps JSONL analysis aligned with text mode.
     local summary_has_completion_keyword="false"
     local summary_has_no_work_pattern="false"
-    if [[ "$response_shape" == "codex_jsonl" && "$explicit_exit_signal_found" != "true" && -n "$summary" ]]; then
+    if [[ "$response_shape" == "codex_jsonl" || "$response_shape" == "cursor_stream_jsonl" ]] && [[ "$explicit_exit_signal_found" != "true" && -n "$summary" ]]; then
         for keyword in "${COMPLETION_KEYWORDS[@]}"; do
             if echo "$summary" | grep -qi "$keyword"; then
                 summary_has_completion_keyword="true"
@@ -639,8 +825,8 @@ analyze_response() {
     # 1. Check for explicit structured output (if Claude follows schema)
     if grep -q -- "---RALPH_STATUS---" "$output_file"; then
         # Parse structured output
-        local status=$(grep "STATUS:" "$output_file" | cut -d: -f2 | tr -d '\r' | xargs)
-        local exit_sig=$(grep "EXIT_SIGNAL:" "$output_file" | cut -d: -f2 | tr -d '\r' | xargs)
+        local status=$(trim_shell_whitespace "$(grep "STATUS:" "$output_file" | cut -d: -f2)")
+        local exit_sig=$(trim_shell_whitespace "$(grep "EXIT_SIGNAL:" "$output_file" | cut -d: -f2)")
 
         # If EXIT_SIGNAL is explicitly provided, respect it
         if [[ -n "$exit_sig" ]]; then
@@ -792,8 +978,18 @@ analyze_response() {
         fi
     fi
 
+    local has_permission_denials=false
+    local permission_denial_count=0
+    local denied_commands_json='[]'
+    local permission_signal_text=""
+    permission_signal_text=$(extract_permission_signal_text "$output_content")
+    if contains_permission_denial_text "$work_summary" || contains_permission_denial_signal "$permission_signal_text"; then
+        has_permission_denials=true
+        permission_denial_count=1
+        denied_commands_json='["permission_denied"]'
+    fi
+
     # Write analysis results to file (text parsing path) using jq for safe construction
-    # Note: Permission denial fields default to false/0 since text output doesn't include this data
     jq -n \
         --argjson loop_number "$loop_number" \
         --arg timestamp "$(get_iso_timestamp)" \
@@ -808,6 +1004,9 @@ analyze_response() {
         --argjson exit_signal "$exit_signal" \
         --arg work_summary "$work_summary" \
         --argjson output_length "$output_length" \
+        --argjson has_permission_denials "$has_permission_denials" \
+        --argjson permission_denial_count "$permission_denial_count" \
+        --argjson denied_commands "$denied_commands_json" \
         '{
             loop_number: $loop_number,
             timestamp: $timestamp,
@@ -823,9 +1022,9 @@ analyze_response() {
                 exit_signal: $exit_signal,
                 work_summary: $work_summary,
                 output_length: $output_length,
-                has_permission_denials: false,
-                permission_denial_count: 0,
-                denied_commands: []
+                has_permission_denials: $has_permission_denials,
+                permission_denial_count: $permission_denial_count,
+                denied_commands: $denied_commands
             }
         }' > "$analysis_result_file"
 
@@ -849,6 +1048,7 @@ update_exit_signals() {
     local has_completion_signal=$(jq -r -j '.analysis.has_completion_signal' "$analysis_file")
     local loop_number=$(jq -r -j '.loop_number' "$analysis_file")
     local has_progress=$(jq -r -j '.analysis.has_progress' "$analysis_file")
+    local has_permission_denials=$(jq -r -j '.analysis.has_permission_denials // false' "$analysis_file")
 
     # Read current exit signals
     local signals=$(cat "$exit_signals_file" 2>/dev/null || echo '{"test_only_loops": [], "done_signals": [], "completion_indicators": []}')
@@ -863,8 +1063,9 @@ update_exit_signals() {
         fi
     fi
 
-    # Update done_signals array
-    if [[ "$has_completion_signal" == "true" ]]; then
+    # Permission denials are handled in the same loop, so they must not become
+    # completion state that can halt the next loop.
+    if [[ "$has_permission_denials" != "true" && "$has_completion_signal" == "true" ]]; then
         signals=$(echo "$signals" | jq ".done_signals += [$loop_number]")
     fi
 
@@ -873,7 +1074,7 @@ update_exit_signals() {
     # due to deterministic scoring (+50 for JSON format, +20 for result field).
     # This caused premature exits after 5 loops. Now we respect Claude's explicit intent.
     local exit_signal=$(jq -r -j '.analysis.exit_signal // false' "$analysis_file")
-    if [[ "$exit_signal" == "true" ]]; then
+    if [[ "$has_permission_denials" != "true" && "$exit_signal" == "true" ]]; then
         signals=$(echo "$signals" | jq ".completion_indicators += [$loop_number]")
     fi
 
@@ -1093,7 +1294,9 @@ export -f detect_output_format
 export -f count_json_documents
 export -f normalize_cli_array_response
 export -f normalize_codex_jsonl_response
+export -f normalize_cursor_stream_json_response
 export -f is_codex_jsonl_output
+export -f is_cursor_stream_json_output
 export -f normalize_json_output
 export -f extract_session_id_from_output
 export -f parse_json_response