clawfast 2.2.2 → 2.4.1

package/dist/clawfast.cjs

@@ -199,10 +199,10 @@ var init_boot_ui = __esm({
 var require_main = __commonJS({
   "../node_modules/.pnpm/dotenv@17.4.2/node_modules/dotenv/lib/main.js"(exports2, module2) {
     "use strict";
-    var fs8 = require("fs");
-    var path12 = require("path");
-    var os7 = require("os");
-    var crypto2 = require("crypto");
+    var fs10 = require("fs");
+    var path14 = require("path");
+    var os8 = require("os");
+    var crypto3 = require("crypto");
     var TIPS = [
       "\u25C8 encrypted .env [www.dotenvx.com]",
       "\u25C8 secrets for agents [www.dotenvx.com]",
@@ -331,7 +331,7 @@ var require_main = __commonJS({
       if (options && options.path && options.path.length > 0) {
         if (Array.isArray(options.path)) {
           for (const filepath of options.path) {
-            if (fs8.existsSync(filepath)) {
+            if (fs10.existsSync(filepath)) {
               possibleVaultPath = filepath.endsWith(".vault") ? filepath : `${filepath}.vault`;
             }
           }
@@ -339,15 +339,15 @@ var require_main = __commonJS({
           possibleVaultPath = options.path.endsWith(".vault") ? options.path : `${options.path}.vault`;
         }
       } else {
-        possibleVaultPath = path12.resolve(process.cwd(), ".env.vault");
+        possibleVaultPath = path14.resolve(process.cwd(), ".env.vault");
       }
-      if (fs8.existsSync(possibleVaultPath)) {
+      if (fs10.existsSync(possibleVaultPath)) {
         return possibleVaultPath;
       }
       return null;
     }
     function _resolveHome(envPath) {
-      return envPath[0] === "~" ? path12.join(os7.homedir(), envPath.slice(1)) : envPath;
+      return envPath[0] === "~" ? path14.join(os8.homedir(), envPath.slice(1)) : envPath;
     }
     function _configVault(options) {
       const debug = parseBoolean(process.env.DOTENV_CONFIG_DEBUG || options && options.debug);
@@ -364,7 +364,7 @@ var require_main = __commonJS({
       return { parsed };
     }
     function configDotenv(options) {
-      const dotenvPath = path12.resolve(process.cwd(), ".env");
+      const dotenvPath = path14.resolve(process.cwd(), ".env");
       let encoding = "utf8";
       let processEnv = process.env;
       if (options && options.processEnv != null) {
@@ -392,13 +392,13 @@ var require_main = __commonJS({
       }
       let lastError;
       const parsedAll = {};
-      for (const path13 of optionPaths) {
+      for (const path15 of optionPaths) {
         try {
-          const parsed = DotenvModule.parse(fs8.readFileSync(path13, { encoding }));
+          const parsed = DotenvModule.parse(fs10.readFileSync(path15, { encoding }));
           DotenvModule.populate(parsedAll, parsed, options);
         } catch (e) {
           if (debug) {
-            _debug(`failed to load ${path13} ${e.message}`);
+            _debug(`failed to load ${path15} ${e.message}`);
           }
           lastError = e;
         }
@@ -411,7 +411,7 @@ var require_main = __commonJS({
         const shortPaths = [];
         for (const filePath of optionPaths) {
           try {
-            const relative2 = path12.relative(process.cwd(), filePath);
+            const relative2 = path14.relative(process.cwd(), filePath);
             shortPaths.push(relative2);
           } catch (e) {
             if (debug) {
@@ -446,7 +446,7 @@ var require_main = __commonJS({
       const authTag = ciphertext.subarray(-16);
       ciphertext = ciphertext.subarray(12, -16);
       try {
-        const aesgcm = crypto2.createDecipheriv("aes-256-gcm", key, nonce);
+        const aesgcm = crypto3.createDecipheriv("aes-256-gcm", key, nonce);
         aesgcm.setAuthTag(authTag);
         return `${aesgcm.update(ciphertext)}${aesgcm.final()}`;
       } catch (error51) {
@@ -565,7 +565,7 @@ async function testNvidiaKey(key) {
         "Content-Type": "application/json"
       },
       body: JSON.stringify({
-        model: "openai/gpt-oss-120b",
+        model: "mistralai/mistral-medium-3.5-128b",
         messages: [{ role: "user", content: "hi" }],
         max_tokens: 1
       })
@@ -689,7 +689,7 @@ var clawfastVersion, isDevVersion, isNewerVersion;
 var init_version = __esm({
   "src/version.ts"() {
     "use strict";
-    clawfastVersion = () => true ? "2.2.2" : devVersionFromPackageJson();
+    clawfastVersion = () => true ? "2.4.1" : devVersionFromPackageJson();
     isDevVersion = () => clawfastVersion().includes("-dev");
     isNewerVersion = (a, b) => {
       const parse3 = (v) => v.split("-")[0].split(".").map((n) => Number.parseInt(n, 10) || 0);
@@ -1138,7 +1138,9 @@ function bannerSections(opts) {
 }
 function buildBanner(_systemPromptChars, version3 = "1") {
   const { artRows, slogan, panel } = bannerSections({ version: version3 });
-  return "\n" + ["", ...artRows, "", center(slogan, vlen(panel[0])), "", ...panel].join("\n") + "\n";
+  return "\n" + ["", ...artRows, "", center(slogan, vlen(panel[0])), "", ...panel].join(
+    "\n"
+  ) + "\n";
 }
 async function playBanner(opts = {}) {
   const { artRows, slogan, panel } = bannerSections(opts);
@@ -1146,7 +1148,9 @@ async function playBanner(opts = {}) {
   process.stdout.write("\n");
   await revealLines(artRows, 55);
   process.stdout.write("\n");
-  const padLeft = " ".repeat(Math.max(0, Math.floor((width - vlen(slogan)) / 2)));
+  const padLeft = " ".repeat(
+    Math.max(0, Math.floor((width - vlen(slogan)) / 2))
+  );
   await typeOut(SLOGAN, {
     perChar: 14,
     render: (s) => padLeft + gradient(s, { bold: true })
@@ -1154,8 +1158,10 @@ async function playBanner(opts = {}) {
   process.stdout.write("\n");
   await sweepRule(width);
   for (const check2 of BOOT_CHECKS) {
-    process.stdout.write(`  ${paint("[\u2713]", PAL.green, { bold: true })} ${dim(check2)}
-`);
+    process.stdout.write(
+      `  ${paint("[\u2713]", PAL.green, { bold: true })} ${dim(check2)}
+`
+    );
     await sleep(110);
   }
   process.stdout.write("\n");
@@ -1261,6 +1267,12 @@ var init_news = __esm({
     init_ui();
     init_theme();
     NEWS = {
+      "2.3.0": [
+        "Linux liberado e turbinado: o clawfast detecta Kali/Linux (e se e root) e entra em modo FULL-POWER \u2014 shell real, sockets, apt/pip/pipx, systemctl e todo o arsenal Kali (nmap, masscan, sqlmap, metasploit, hydra, hashcat, nuclei, gobuster/ffuf...).",
+        "Python 100% liberado e scan a vontade: portas, faixas de IP/CIDR, servicos/versoes e ate numeros (OSINT de telefone com phoneinfoga). Tudo o que o SO permite, ele faz.",
+        'Prompt do Kali repassado pra voce: quando uma ferramenta/instalador/login para e pede algo (criar conta, y/n, senha do sudo, OTP), o clawfast avisa exatamente o que "o kali" esta pedindo; voce digita aqui e ele repassa pro programa pelo stdin e segue.',
+        "Escopo liberado por padrao no Linux: http_request e o toolkit de recon nao exigem mais editar scope.txt. Volte ao restrito com CLAWFAST_STRICT_SCOPE=1; force liberado em qualquer SO com CLAWFAST_UNRESTRICTED=1."
+      ],
       "2.1.0": [
         'Novo visual "Verde Matrix Elite": gradiente verde\u2192teal\u2192ciano em todo o terminal. Banner cinematografico no boot \u2014 o wordmark desce em cortina, o slogan se datilografa e o painel "ACESSO CONCEDIDO" abaixa.',
         "Header de cada turno animado, spinner de boot pulsando em gradiente e caixas (prompt, /model, /nov) com bordas pesadas realcadas.",
@@ -1937,10 +1949,10 @@ function mergeDefs(...defs) {
 function cloneDef(schema) {
   return mergeDefs(schema._zod.def);
 }
-function getElementAtPath(obj, path12) {
-  if (!path12)
+function getElementAtPath(obj, path14) {
+  if (!path14)
     return obj;
-  return path12.reduce((acc, key) => acc?.[key], obj);
+  return path14.reduce((acc, key) => acc?.[key], obj);
 }
 function promiseAllObject(promisesObj) {
   const keys = Object.keys(promisesObj);
@@ -2268,11 +2280,11 @@ function explicitlyAborted(x, startIndex = 0) {
   }
   return false;
 }
-function prefixIssues(path12, issues) {
+function prefixIssues(path14, issues) {
   return issues.map((iss) => {
     var _a25;
     (_a25 = iss).path ?? (_a25.path = []);
-    iss.path.unshift(path12);
+    iss.path.unshift(path14);
     return iss;
   });
 }
@@ -2490,16 +2502,16 @@ function flattenError(error51, mapper = (issue2) => issue2.message) {
 }
 function formatError(error51, mapper = (issue2) => issue2.message) {
   const fieldErrors = { _errors: [] };
-  const processError = (error52, path12 = []) => {
+  const processError = (error52, path14 = []) => {
     for (const issue2 of error52.issues) {
       if (issue2.code === "invalid_union" && issue2.errors.length) {
-        issue2.errors.map((issues) => processError({ issues }, [...path12, ...issue2.path]));
+        issue2.errors.map((issues) => processError({ issues }, [...path14, ...issue2.path]));
       } else if (issue2.code === "invalid_key") {
-        processError({ issues: issue2.issues }, [...path12, ...issue2.path]);
+        processError({ issues: issue2.issues }, [...path14, ...issue2.path]);
       } else if (issue2.code === "invalid_element") {
-        processError({ issues: issue2.issues }, [...path12, ...issue2.path]);
+        processError({ issues: issue2.issues }, [...path14, ...issue2.path]);
       } else {
-        const fullpath = [...path12, ...issue2.path];
+        const fullpath = [...path14, ...issue2.path];
         if (fullpath.length === 0) {
           fieldErrors._errors.push(mapper(issue2));
         } else {
@@ -2526,17 +2538,17 @@ function formatError(error51, mapper = (issue2) => issue2.message) {
 }
 function treeifyError(error51, mapper = (issue2) => issue2.message) {
   const result = { errors: [] };
-  const processError = (error52, path12 = []) => {
+  const processError = (error52, path14 = []) => {
     var _a25, _b18;
     for (const issue2 of error52.issues) {
       if (issue2.code === "invalid_union" && issue2.errors.length) {
-        issue2.errors.map((issues) => processError({ issues }, [...path12, ...issue2.path]));
+        issue2.errors.map((issues) => processError({ issues }, [...path14, ...issue2.path]));
       } else if (issue2.code === "invalid_key") {
-        processError({ issues: issue2.issues }, [...path12, ...issue2.path]);
+        processError({ issues: issue2.issues }, [...path14, ...issue2.path]);
       } else if (issue2.code === "invalid_element") {
-        processError({ issues: issue2.issues }, [...path12, ...issue2.path]);
+        processError({ issues: issue2.issues }, [...path14, ...issue2.path]);
       } else {
-        const fullpath = [...path12, ...issue2.path];
+        const fullpath = [...path14, ...issue2.path];
         if (fullpath.length === 0) {
           result.errors.push(mapper(issue2));
           continue;
@@ -2568,8 +2580,8 @@ function treeifyError(error51, mapper = (issue2) => issue2.message) {
 }
 function toDotPath(_path) {
   const segs = [];
-  const path12 = _path.map((seg) => typeof seg === "object" ? seg.key : seg);
-  for (const seg of path12) {
+  const path14 = _path.map((seg) => typeof seg === "object" ? seg.key : seg);
+  for (const seg of path14) {
     if (typeof seg === "number")
       segs.push(`[${seg}]`);
     else if (typeof seg === "symbol")
@@ -16072,13 +16084,13 @@ function resolveRef(ref, ctx) {
   if (!ref.startsWith("#")) {
     throw new Error("External $ref is not supported, only local refs (#/...) are allowed");
   }
-  const path12 = ref.slice(1).split("/").filter(Boolean);
-  if (path12.length === 0) {
+  const path14 = ref.slice(1).split("/").filter(Boolean);
+  if (path14.length === 0) {
     return ctx.rootSchema;
   }
   const defsKey = ctx.version === "draft-2020-12" ? "$defs" : "definitions";
-  if (path12[0] === defsKey) {
-    const key = path12[1];
+  if (path14[0] === defsKey) {
+    const key = path14[1];
     if (!key || !ctx.defs[key]) {
       throw new Error(`Reference not found: ${ref}`);
     }
@@ -17267,8 +17279,8 @@ var init_parseUtil = __esm({
     init_errors3();
     init_en2();
     makeIssue = (params) => {
-      const { data, path: path12, errorMaps, issueData } = params;
-      const fullPath = [...path12, ...issueData.path || []];
+      const { data, path: path14, errorMaps, issueData } = params;
+      const fullPath = [...path14, ...issueData.path || []];
       const fullIssue = {
         ...issueData,
         path: fullPath
@@ -17551,11 +17563,11 @@ var init_types = __esm({
     init_parseUtil();
     init_util2();
     ParseInputLazyPath = class {
-      constructor(parent, value, path12, key) {
+      constructor(parent, value, path14, key) {
         this._cachedPath = [];
         this.parent = parent;
         this.data = value;
-        this._path = path12;
+        this._path = path14;
         this._key = key;
       }
       get path() {
@@ -23594,8 +23606,8 @@ var require_auth_config = __commonJS({
       writeAuthConfig: () => writeAuthConfig
     });
     module2.exports = __toCommonJS(auth_config_exports);
-    var fs8 = __toESM2(require("fs"));
-    var path12 = __toESM2(require("path"));
+    var fs10 = __toESM2(require("fs"));
+    var path14 = __toESM2(require("path"));
     var import_token_util = require_token_util();
     function getAuthConfigPath() {
       const dataDir = (0, import_token_util.getVercelDataDir)();
@@ -23604,15 +23616,15 @@ var require_auth_config = __commonJS({
           `Unable to find Vercel CLI data directory. Your platform: ${process.platform}. Supported: darwin, linux, win32.`
         );
       }
-      return path12.join(dataDir, "auth.json");
+      return path14.join(dataDir, "auth.json");
     }
     function readAuthConfig() {
       try {
         const authPath = getAuthConfigPath();
-        if (!fs8.existsSync(authPath)) {
+        if (!fs10.existsSync(authPath)) {
           return null;
         }
-        const content = fs8.readFileSync(authPath, "utf8");
+        const content = fs10.readFileSync(authPath, "utf8");
         if (!content) {
           return null;
         }
@@ -23623,11 +23635,11 @@ var require_auth_config = __commonJS({
     }
     function writeAuthConfig(config3) {
       const authPath = getAuthConfigPath();
-      const authDir = path12.dirname(authPath);
-      if (!fs8.existsSync(authDir)) {
-        fs8.mkdirSync(authDir, { mode: 504, recursive: true });
+      const authDir = path14.dirname(authPath);
+      if (!fs10.existsSync(authDir)) {
+        fs10.mkdirSync(authDir, { mode: 504, recursive: true });
       }
-      fs8.writeFileSync(authPath, JSON.stringify(config3, null, 2), { mode: 384 });
+      fs10.writeFileSync(authPath, JSON.stringify(config3, null, 2), { mode: 384 });
     }
     function isValidAccessToken(authConfig, expirationBufferMs = 0) {
       if (!authConfig.token)
@@ -23818,8 +23830,8 @@ var require_token_util = __commonJS({
       saveToken: () => saveToken
     });
     module2.exports = __toCommonJS(token_util_exports);
-    var path12 = __toESM2(require("path"));
-    var fs8 = __toESM2(require("fs"));
+    var path14 = __toESM2(require("path"));
+    var fs10 = __toESM2(require("fs"));
     var import_token_error = require_token_error();
     var import_token_io = require_token_io();
     var import_auth_config = require_auth_config();
@@ -23831,7 +23843,7 @@ var require_token_util = __commonJS({
       if (!dataDir) {
         return null;
       }
-      return path12.join(dataDir, vercelFolder);
+      return path14.join(dataDir, vercelFolder);
     }
     async function getVercelToken2(options) {
       const authConfig = (0, import_auth_config.readAuthConfig)();
@@ -23907,13 +23919,13 @@ var require_token_util = __commonJS({
           "Unable to find project root directory. Have you linked your project with `vc link?`"
         );
       }
-      const prjPath = path12.join(dir, ".vercel", "project.json");
-      if (!fs8.existsSync(prjPath)) {
+      const prjPath = path14.join(dir, ".vercel", "project.json");
+      if (!fs10.existsSync(prjPath)) {
         throw new import_token_error.VercelOidcTokenError(
           "project.json not found, have you linked your project with `vc link?`"
         );
       }
-      const prj = JSON.parse(fs8.readFileSync(prjPath, "utf8"));
+      const prj = JSON.parse(fs10.readFileSync(prjPath, "utf8"));
       if (typeof prj.projectId !== "string" && typeof prj.orgId !== "string") {
         throw new TypeError(
           "Expected a string-valued projectId property. Try running `vc link` to re-link your project."
@@ -23928,11 +23940,11 @@ var require_token_util = __commonJS({
           "Unable to find user data directory. Please reach out to Vercel support."
         );
       }
-      const tokenPath = path12.join(dir, "com.vercel.token", `${projectId}.json`);
+      const tokenPath = path14.join(dir, "com.vercel.token", `${projectId}.json`);
       const tokenJson = JSON.stringify(token);
-      fs8.mkdirSync(path12.dirname(tokenPath), { mode: 504, recursive: true });
-      fs8.writeFileSync(tokenPath, tokenJson);
-      fs8.chmodSync(tokenPath, 432);
+      fs10.mkdirSync(path14.dirname(tokenPath), { mode: 504, recursive: true });
+      fs10.writeFileSync(tokenPath, tokenJson);
+      fs10.chmodSync(tokenPath, 432);
       return;
     }
     function loadToken(projectId) {
@@ -23942,11 +23954,11 @@ var require_token_util = __commonJS({
           "Unable to find user data directory. Please reach out to Vercel support."
         );
       }
-      const tokenPath = path12.join(dir, "com.vercel.token", `${projectId}.json`);
-      if (!fs8.existsSync(tokenPath)) {
+      const tokenPath = path14.join(dir, "com.vercel.token", `${projectId}.json`);
+      if (!fs10.existsSync(tokenPath)) {
         return null;
       }
-      const token = JSON.parse(fs8.readFileSync(tokenPath, "utf8"));
+      const token = JSON.parse(fs10.readFileSync(tokenPath, "utf8"));
       assertVercelOidcTokenResponse(token);
       return token;
     }
@@ -35972,7 +35984,7 @@ function createOpenRouter(options = {}) {
   );
   const createChatModel = (modelId, settings = {}) => new OpenRouterChatLanguageModel(modelId, settings, {
     provider: "openrouter.chat",
-    url: ({ path: path12 }) => `${baseURL}${path12}`,
+    url: ({ path: path14 }) => `${baseURL}${path14}`,
     headers: getHeaders,
     compatibility,
     fetch: options.fetch,
@@ -35980,7 +35992,7 @@ function createOpenRouter(options = {}) {
   });
   const createCompletionModel = (modelId, settings = {}) => new OpenRouterCompletionLanguageModel(modelId, settings, {
     provider: "openrouter.completion",
-    url: ({ path: path12 }) => `${baseURL}${path12}`,
+    url: ({ path: path14 }) => `${baseURL}${path14}`,
     headers: getHeaders,
     compatibility,
     fetch: options.fetch,
@@ -35988,21 +36000,21 @@ function createOpenRouter(options = {}) {
   });
   const createEmbeddingModel = (modelId, settings = {}) => new OpenRouterEmbeddingModel(modelId, settings, {
     provider: "openrouter.embedding",
-    url: ({ path: path12 }) => `${baseURL}${path12}`,
+    url: ({ path: path14 }) => `${baseURL}${path14}`,
     headers: getHeaders,
     fetch: options.fetch,
     extraBody: options.extraBody
   });
   const createImageModel = (modelId, settings = {}) => new OpenRouterImageModel(modelId, settings, {
     provider: "openrouter.image",
-    url: ({ path: path12 }) => `${baseURL}${path12}`,
+    url: ({ path: path14 }) => `${baseURL}${path14}`,
     headers: getHeaders,
     fetch: options.fetch,
     extraBody: options.extraBody
   });
   const createVideoModel = (modelId, settings = {}) => new OpenRouterVideoModel(modelId, settings, {
     provider: "openrouter.video",
-    url: ({ path: path12 }) => `${baseURL}${path12}`,
+    url: ({ path: path14 }) => `${baseURL}${path14}`,
     headers: getHeaders,
     fetch: options.fetch,
     extraBody: options.extraBody
@@ -40538,37 +40550,37 @@ function createOpenAI(options = {}) {
   );
   const createChatModel = (modelId) => new OpenAIChatLanguageModel(modelId, {
     provider: `${providerName}.chat`,
-    url: ({ path: path12 }) => `${baseURL}${path12}`,
+    url: ({ path: path14 }) => `${baseURL}${path14}`,
     headers: getHeaders,
     fetch: options.fetch
   });
   const createCompletionModel = (modelId) => new OpenAICompletionLanguageModel(modelId, {
     provider: `${providerName}.completion`,
-    url: ({ path: path12 }) => `${baseURL}${path12}`,
+    url: ({ path: path14 }) => `${baseURL}${path14}`,
     headers: getHeaders,
     fetch: options.fetch
   });
   const createEmbeddingModel = (modelId) => new OpenAIEmbeddingModel(modelId, {
     provider: `${providerName}.embedding`,
-    url: ({ path: path12 }) => `${baseURL}${path12}`,
+    url: ({ path: path14 }) => `${baseURL}${path14}`,
     headers: getHeaders,
     fetch: options.fetch
   });
   const createImageModel = (modelId) => new OpenAIImageModel(modelId, {
     provider: `${providerName}.image`,
-    url: ({ path: path12 }) => `${baseURL}${path12}`,
+    url: ({ path: path14 }) => `${baseURL}${path14}`,
     headers: getHeaders,
     fetch: options.fetch
   });
   const createTranscriptionModel = (modelId) => new OpenAITranscriptionModel(modelId, {
     provider: `${providerName}.transcription`,
-    url: ({ path: path12 }) => `${baseURL}${path12}`,
+    url: ({ path: path14 }) => `${baseURL}${path14}`,
     headers: getHeaders,
     fetch: options.fetch
   });
   const createSpeechModel = (modelId) => new OpenAISpeechModel(modelId, {
     provider: `${providerName}.speech`,
-    url: ({ path: path12 }) => `${baseURL}${path12}`,
+    url: ({ path: path14 }) => `${baseURL}${path14}`,
     headers: getHeaders,
     fetch: options.fetch
   });
@@ -40583,7 +40595,7 @@ function createOpenAI(options = {}) {
   const createResponsesModel = (modelId) => {
     return new OpenAIResponsesLanguageModel(modelId, {
       provider: `${providerName}.responses`,
-      url: ({ path: path12 }) => `${baseURL}${path12}`,
+      url: ({ path: path14 }) => `${baseURL}${path14}`,
       headers: getHeaders,
       fetch: options.fetch,
       fileIdPrefixes: ["file-"]
@@ -46085,7 +46097,6 @@ var init_providers = __esm({
       "model-nvidia-mistral-medium-3.5": nvidia.chat(
         "mistralai/mistral-medium-3.5-128b"
       ),
-      "model-nvidia-gpt-oss-120b": nvidia.chat("openai/gpt-oss-120b"),
       "model-nvidia-glm-5.1": nvidia.chat("z-ai/glm-5.1"),
       "model-nvidia-qwen3.5-397b": nvidia.chat("qwen/qwen3.5-397b-a17b"),
       // Extra explicit keys for the CLI.
@@ -46123,8 +46134,6 @@ var init_providers = __esm({
       ...hasEnvValue("NVIDIA_API_KEY") ? [
         "model-nvidia-mistral-medium-3.5",
         // NVIDIA mistralai/mistral-medium-3.5-128b
-        "model-nvidia-gpt-oss-120b",
-        // NVIDIA openai/gpt-oss-120b
         "model-nvidia-glm-5.1",
         // NVIDIA z-ai/glm-5.1
         "model-nvidia-qwen3.5-397b"
@@ -46150,7 +46159,6 @@ var init_providers = __esm({
       "model-opus-4.6": "May 2025",
       "model-kimi-k2.6": "April 2024",
       "model-nvidia-mistral-medium-3.5": "Unknown",
-      "model-nvidia-gpt-oss-120b": "June 2024",
       "model-nvidia-glm-5.1": "Unknown",
       "model-nvidia-qwen3.5-397b": "Unknown",
       "model-deepseek-proxy": "July 2024",
@@ -46174,7 +46182,6 @@ var init_providers = __esm({
       "model-opus-4.6": "Anthropic Claude Opus 4.6",
       "model-kimi-k2.6": "Moonshot Kimi K2.6",
       "model-nvidia-mistral-medium-3.5": "NVIDIA - Mistral Medium 3.5",
-      "model-nvidia-gpt-oss-120b": "NVIDIA - OpenAI GPT-OSS 120B",
       "model-nvidia-glm-5.1": "NVIDIA - Z.ai GLM 5.1",
       "model-nvidia-qwen3.5-397b": "NVIDIA - Qwen3.5 397B A17B",
       "model-deepseek-proxy": "DeepSeek (sessao web logada / deepsproxy)",
@@ -49218,8 +49225,8 @@ var init_background_process_tracker = __esm({
       /**
        * Normalize file path for comparison
        */
-      normalizePath(path12) {
-        let normalized = path12.trim().replace(/\/+/g, "/");
+      normalizePath(path14) {
+        let normalized = path14.trim().replace(/\/+/g, "/");
         if (normalized.startsWith("./")) {
           normalized = normalized.slice(2);
         }
@@ -49457,8 +49464,8 @@ function createGetModuleFromFilename(basePath = process.argv[1] ? (0, import_pat
     return decodedFile;
   };
 }
-function normalizeWindowsPath(path12) {
-  return path12.replace(/^[A-Z]:/, "").replace(/\\/g, "/");
+function normalizeWindowsPath(path14) {
+  return path14.replace(/^[A-Z]:/, "").replace(/\\/g, "/");
 }
 var import_path;
 var init_module_node = __esm({
@@ -52347,9 +52354,9 @@ async function addSourceContext(frames) {
   LRU_FILE_CONTENTS_CACHE.reduce();
   return frames;
 }
-function getContextLinesFromFile(path12, ranges, output) {
+function getContextLinesFromFile(path14, ranges, output) {
   return new Promise((resolve2) => {
-    const stream = (0, import_node_fs5.createReadStream)(path12);
+    const stream = (0, import_node_fs5.createReadStream)(path14);
     const lineReaded = (0, import_node_readline2.createInterface)({
       input: stream
     });
@@ -52364,7 +52371,7 @@ function getContextLinesFromFile(path12, ranges, output) {
     let rangeStart = range[0];
     let rangeEnd = range[1];
     function onStreamError() {
-      LRU_FILE_CONTENTS_FS_READ_FAILED.set(path12, 1);
+      LRU_FILE_CONTENTS_FS_READ_FAILED.set(path14, 1);
       lineReaded.close();
       lineReaded.removeAllListeners();
       destroyStreamAndResolve();
@@ -52425,8 +52432,8 @@ function clearLineContext(frame3) {
   delete frame3.context_line;
   delete frame3.post_context;
 }
-function shouldSkipContextLinesForFile(path12) {
-  return path12.startsWith("node:") || path12.endsWith(".min.js") || path12.endsWith(".min.cjs") || path12.endsWith(".min.mjs") || path12.startsWith("data:");
+function shouldSkipContextLinesForFile(path14) {
+  return path14.startsWith("node:") || path14.endsWith(".min.js") || path14.endsWith(".min.cjs") || path14.endsWith(".min.mjs") || path14.startsWith("data:");
 }
 function shouldSkipContextLinesForFrame(frame3) {
   if (void 0 !== frame3.lineno && frame3.lineno > MAX_CONTEXTLINES_LINENO) return true;
@@ -67836,8 +67843,8 @@ var init_logger2 = __esm({
 });
 
 // ../lib/ai/tools/file.ts
-function isSpritPath(path12) {
-  return path12.split(/[\\/]/).some((segment) => segment.toLowerCase() === "sprit");
+function isSpritPath(path14) {
+  return path14.split(/[\\/]/).some((segment) => segment.toLowerCase() === "sprit");
 }
 function getViewSandboxType(sandbox) {
   return isCentrifugoSandbox(sandbox) ? "centrifugo" : "e2b";
@@ -67868,7 +67875,7 @@ function captureFileViewImageUsage(args) {
   const {
     context: context2,
     sandbox,
-    path: path12,
+    path: path14,
     outcome,
     durationMs,
     mediaType,
@@ -67886,7 +67893,7 @@ function captureFileViewImageUsage(args) {
     model: getActiveModelName(context2),
     configured_model: context2.modelName,
     sandbox_type: getViewSandboxType(sandbox),
-    file_extension: getFileExtension(path12),
+    file_extension: getFileExtension(path14),
     outcome,
     success: outcome === "success",
     duration_ms: durationMs,
@@ -67960,22 +67967,22 @@ async function runSandboxCommand(sandbox, command, envVars, timeoutMs = 6e4) {
 function isWindowsSandbox(sandbox) {
   return isCentrifugoSandbox(sandbox) && sandbox.isWindows();
 }
-function getWindowsNativePath(path12) {
-  if (/^[A-Za-z]:[\\/]/.test(path12)) return path12;
-  if (path12.startsWith("/tmp/")) {
-    return `C:\\temp${path12.slice(4).replace(/\//g, "\\")}`;
+function getWindowsNativePath(path14) {
+  if (/^[A-Za-z]:[\\/]/.test(path14)) return path14;
+  if (path14.startsWith("/tmp/")) {
+    return `C:\\temp${path14.slice(4).replace(/\//g, "\\")}`;
   }
-  return path12.replace(/\//g, "\\");
+  return path14.replace(/\//g, "\\");
 }
-function getPythonPathForSandbox(sandbox, path12) {
-  return isWindowsSandbox(sandbox) ? getWindowsNativePath(path12) : path12;
+function getPythonPathForSandbox(sandbox, path14) {
+  return isWindowsSandbox(sandbox) ? getWindowsNativePath(path14) : path14;
 }
-function toWindowsBashPath(path12) {
-  const drive = path12.match(/^([A-Za-z]):[\\/](.*)$/);
+function toWindowsBashPath(path14) {
+  const drive = path14.match(/^([A-Za-z]):[\\/](.*)$/);
   if (drive) {
     return `/${drive[1].toLowerCase()}/${drive[2].replace(/\\/g, "/")}`;
   }
-  return path12.replace(/\\/g, "/");
+  return path14.replace(/\\/g, "/");
 }
 async function detectSandboxShell(sandbox) {
   if (!isWindowsSandbox(sandbox)) return "bash";
@@ -68014,8 +68021,8 @@ PY`;
     }
   }
 }
-async function getSandboxFileState(sandbox, path12) {
-  const pythonPath = getPythonPathForSandbox(sandbox, path12);
+async function getSandboxFileState(sandbox, path14) {
+  const pythonPath = getPythonPathForSandbox(sandbox, path14);
   const result = await runPythonScript(
     sandbox,
     FILE_STATE_SCRIPT,
@@ -68032,23 +68039,23 @@ async function getSandboxFileState(sandbox, path12) {
   if (result.exitCode !== 0) {
     return {
       kind: "unknown",
-      path: path12,
+      path: path14,
       error: result.stderr || result.stdout || "file state command failed"
     };
   }
   try {
     const payload = JSON.parse(result.stdout.trim());
     if (payload.kind === "file" && typeof payload.sizeBytes === "number" && Number.isFinite(payload.sizeBytes)) {
-      return { ...payload, path: path12 };
+      return { ...payload, path: path14 };
     }
     if (payload.kind === "missing" || payload.kind === "not_file") {
-      return { ...payload, path: path12 };
+      return { ...payload, path: path14 };
     }
   } catch {
   }
   return {
     kind: "unknown",
-    path: path12,
+    path: path14,
     error: result.stderr || result.stdout || "invalid file state response"
   };
 }
@@ -68080,8 +68087,8 @@ ${numberedContent}${truncatedNotice}${footerNotice}`;
     })
   };
 }
-async function readSandboxTextFile(sandbox, path12, range) {
-  const pythonPath = getPythonPathForSandbox(sandbox, path12);
+async function readSandboxTextFile(sandbox, path14, range) {
+  const pythonPath = getPythonPathForSandbox(sandbox, path14);
   const envVars = {
     clawfast_FILE_READ_PATH: pythonPath,
     clawfast_FILE_READ_RANGE_START: String(range?.[0] ?? 0),
@@ -68109,40 +68116,40 @@ async function readSandboxTextFile(sandbox, path12, range) {
   }
   return payload;
 }
-async function readSandboxTextFileWithFallback(sandbox, path12, range) {
+async function readSandboxTextFileWithFallback(sandbox, path14, range) {
   try {
-    return await readSandboxTextFile(sandbox, path12, range);
+    return await readSandboxTextFile(sandbox, path14, range);
   } catch (error51) {
     const errorMessage = error51 instanceof Error ? error51.message : String(error51);
     if (errorMessage.startsWith("Invalid ") || errorMessage.includes("File not found")) {
       throw error51;
     }
-    const state = await getSandboxFileState(sandbox, path12);
+    const state = await getSandboxFileState(sandbox, path14);
     if (state.kind === "unknown") {
       throw new Error(
-        `Unable to determine file size for ${path12}; refusing to load the file into memory. ${state.error}`
+        `Unable to determine file size for ${path14}; refusing to load the file into memory. ${state.error}`
       );
     }
     if (state.kind === "missing") {
-      throw new Error(`File not found or is not a regular file: ${path12}`);
+      throw new Error(`File not found or is not a regular file: ${path14}`);
     }
     if (state.kind === "not_file") {
-      throw new Error(`File is not a regular file: ${path12}`);
+      throw new Error(`File is not a regular file: ${path14}`);
     }
     if (state.sizeBytes > MAX_TEXT_FILE_READ_BYTES) {
       if (range) {
         throw new Error(
-          `Unable to perform a bounded range read for ${path12}, and the file is too large to load safely (${formatBytes(state.sizeBytes)}). Use a targeted terminal command that writes a small result to a separate file.`
+          `Unable to perform a bounded range read for ${path14}, and the file is too large to load safely (${formatBytes(state.sizeBytes)}). Use a targeted terminal command that writes a small result to a separate file.`
         );
       }
       return {
-        path: path12,
+        path: path14,
         sizeBytes: state.sizeBytes,
         totalLines: 0,
         tooLarge: true
       };
     }
-    const fileContent = await sandbox.files.read(path12, {
+    const fileContent = await sandbox.files.read(path14, {
       user: "user"
     });
     const lines = fileContent.split("\n");
@@ -68166,7 +68173,7 @@ async function readSandboxTextFileWithFallback(sandbox, path12, range) {
       const startIndex = start - 1;
       const endIndex = end === -1 ? lines.length : end;
       return {
-        path: path12,
+        path: path14,
         sizeBytes: Buffer.byteLength(fileContent),
         totalLines: lines.length,
         content: lines.slice(startIndex, endIndex).join("\n"),
@@ -68174,7 +68181,7 @@ async function readSandboxTextFileWithFallback(sandbox, path12, range) {
       };
     }
     return {
-      path: path12,
+      path: path14,
       sizeBytes: Buffer.byteLength(fileContent),
       totalLines: lines.length,
       content: fileContent,
@@ -68182,7 +68189,7 @@ async function readSandboxTextFileWithFallback(sandbox, path12, range) {
     };
   }
 }
-async function appendSandboxTextFile(sandbox, path12, text2) {
+async function appendSandboxTextFile(sandbox, path14, text2) {
   const tempPath = `/tmp/clawfast_append_${Date.now()}_${Math.random().toString(36).slice(2)}.tmp`;
   await sandbox.files.write(tempPath, text2, {
     user: "user"
@@ -68191,7 +68198,7 @@ async function appendSandboxTextFile(sandbox, path12, text2) {
     sandbox,
     APPEND_TEXT_FILE_SCRIPT,
     {
-      clawfast_FILE_APPEND_TARGET_PATH: getPythonPathForSandbox(sandbox, path12),
+      clawfast_FILE_APPEND_TARGET_PATH: getPythonPathForSandbox(sandbox, path14),
       clawfast_FILE_APPEND_SOURCE_PATH: getPythonPathForSandbox(
         sandbox,
         tempPath
@@ -68203,13 +68210,13 @@ async function appendSandboxTextFile(sandbox, path12, text2) {
     throw new Error(result.stderr || result.stdout || "Failed to append file");
   }
 }
-async function readSandboxFileForView(sandbox, path12, includeData) {
+async function readSandboxFileForView(sandbox, path14, includeData) {
   if (isCentrifugoSandbox(sandbox) && sandbox.isWindows()) {
     throw new Error(
       "The view action is not available for Windows local sandboxes yet. Use a Linux/E2B sandbox or inspect the image manually."
     );
   }
-  const sandboxPath = getSandboxViewPath(sandbox, path12);
+  const sandboxPath = getSandboxViewPath(sandbox, path14);
   const viewEnvVars = {
     clawfast_FILE_VIEW_PATH: sandboxPath,
     clawfast_FILE_VIEW_INCLUDE_DATA: includeData ? "1" : "0",
@@ -68553,19 +68560,19 @@ try:
 except OSError:
     pass
 `;
-    getFilename = (path12) => path12.split("/").pop() || path12;
-    getFileExtension = (path12) => {
-      const filename = getFilename(path12);
+    getFilename = (path14) => path14.split("/").pop() || path14;
+    getFileExtension = (path14) => {
+      const filename = getFilename(path14);
       const dotIndex = filename.lastIndexOf(".");
       if (dotIndex <= 0 || dotIndex === filename.length - 1) return void 0;
       return filename.slice(dotIndex + 1).toLowerCase();
     };
-    getSandboxViewPath = (sandbox, path12) => {
+    getSandboxViewPath = (sandbox, path14) => {
       const maybeSandbox = sandbox;
-      if (isCentrifugoSandbox(maybeSandbox) && maybeSandbox.isWindows() && path12.startsWith("/tmp/")) {
-        return `C:\\temp${path12.slice(4).replace(/\//g, "\\")}`;
+      if (isCentrifugoSandbox(maybeSandbox) && maybeSandbox.isWindows() && path14.startsWith("/tmp/")) {
+        return `C:\\temp${path14.slice(4).replace(/\//g, "\\")}`;
       }
-      return path12;
+      return path14;
     };
     stripTrailingWs = (line) => line.replace(/[ \t]+$/u, "");
     editSchema = external_exports.object({
@@ -68639,7 +68646,7 @@ ${instructionsDescription}`,
             "A list of edits to be sequentially applied to the file. Required for `edit` action."
           )
         }),
-        execute: async ({ action, path: path12, text: text2, range, edits }) => {
+        execute: async ({ action, path: path14, text: text2, range, edits }) => {
           try {
             const { sandbox } = await sandboxManager.getSandbox();
             switch (action) {
@@ -68649,7 +68656,7 @@ ${instructionsDescription}`,
                   captureFileViewImageUsage({
                     context: context2,
                     sandbox,
-                    path: path12,
+                    path: path14,
                     outcome: "unsupported_model",
                     durationMs: Date.now() - viewStartedAt,
                     failureReason: "unsupported_model"
@@ -68658,26 +68665,26 @@ ${instructionsDescription}`,
                 }
                 let viewPayload;
                 try {
-                  viewPayload = await readSandboxFileForView(sandbox, path12, false);
+                  viewPayload = await readSandboxFileForView(sandbox, path14, false);
                 } catch (error51) {
                   captureFileViewImageUsage({
                     context: context2,
                     sandbox,
-                    path: path12,
+                    path: path14,
                     outcome: "inspection_failed",
                     durationMs: Date.now() - viewStartedAt,
                     failureReason: classifyFileViewError(error51)
                   });
                   throw error51;
                 }
-                const filename = getFilename(path12);
+                const filename = getFilename(path14);
                 let previewFiles = [];
                 let previewUploadError;
                 try {
                   previewFiles = await uploadViewPreviewFiles({
                     context: context2,
                     sandbox,
-                    sourcePath: path12,
+                    sourcePath: path14,
                     payload: viewPayload
                   });
                 } catch (error51) {
@@ -68691,7 +68698,7 @@ ${instructionsDescription}`,
                       user_id: context2.userID,
                       sandbox_type: getViewSandboxType(sandbox),
                       file_name: filename,
-                      source_path: path12,
+                      source_path: path14,
                       kind: viewPayload.kind,
                       media_type: viewPayload.mediaType,
                       size_bytes: viewPayload.sizeBytes,
@@ -68702,7 +68709,7 @@ ${instructionsDescription}`,
                 captureFileViewImageUsage({
                   context: context2,
                   sandbox,
-                  path: path12,
+                  path: path14,
                   outcome: "success",
                   durationMs: Date.now() - viewStartedAt,
                   mediaType: viewPayload.mediaType,
@@ -68712,7 +68719,7 @@ ${instructionsDescription}`,
                 return {
                   action: "view",
                   content: `Viewing image file: ${filename} (${viewPayload.mediaType}, ${viewPayload.sizeBytes} bytes).`,
-                  path: path12,
+                  path: path14,
                   filename,
                   mediaType: viewPayload.mediaType,
                   sizeBytes: viewPayload.sizeBytes,
@@ -68722,8 +68729,8 @@ ${instructionsDescription}`,
                 };
               }
               case "read": {
-                const filename = path12.split("/").pop() || path12;
-                const spritChunked = isSpritPath(path12);
+                const filename = path14.split("/").pop() || path14;
+                const spritChunked = isSpritPath(path14);
                 let effectiveRange = range;
                 if (spritChunked) {
                   const start = range && range[0] > 0 ? range[0] : 1;
@@ -68736,7 +68743,7 @@ ${instructionsDescription}`,
                 }
                 const readPayload = await readSandboxTextFileWithFallback(
                   sandbox,
-                  path12,
+                  path14,
                   effectiveRange
                 );
                 if (readPayload.tooLarge) {
@@ -68773,46 +68780,46 @@ File is too large to read in full (${formatBytes(readPayload.sizeBytes)}, ${tota
                 if (text2 === void 0) {
                   return { error: "text is required for write action" };
                 }
-                await sandbox.files.write(path12, text2, {
+                await sandbox.files.write(path14, text2, {
                   user: "user"
                 });
-                return `File written: ${path12}`;
+                return `File written: ${path14}`;
               }
               case "append": {
                 if (text2 === void 0) {
                   return { error: "text is required for append action" };
                 }
-                const existingState = await getSandboxFileState(sandbox, path12);
+                const existingState = await getSandboxFileState(sandbox, path14);
                 if (existingState.kind === "unknown") {
                   return {
-                    error: `Cannot append safely because the existing file size could not be determined for ${path12}. ${existingState.error}`
+                    error: `Cannot append safely because the existing file size could not be determined for ${path14}. ${existingState.error}`
                   };
                 }
                 if (existingState.kind === "not_file") {
                   return {
-                    error: `Cannot append to ${path12} because it is not a file.`
+                    error: `Cannot append to ${path14} because it is not a file.`
                   };
                 }
                 if (existingState.kind === "file" && existingState.sizeBytes > MAX_TEXT_FILE_READ_BYTES) {
-                  await appendSandboxTextFile(sandbox, path12, text2);
+                  await appendSandboxTextFile(sandbox, path14, text2);
                   return {
-                    content: `File appended: ${path12}
+                    content: `File appended: ${path14}
 Existing file is ${formatBytes(existingState.sizeBytes)}, so the full diff preview was skipped to avoid loading the entire file into memory.`
                   };
                 }
                 let existingContent = "";
                 try {
-                  existingContent = await sandbox.files.read(path12, {
+                  existingContent = await sandbox.files.read(path14, {
                     user: "user"
                   });
                 } catch {
                 }
                 const newContent = existingContent + text2;
-                await sandbox.files.write(path12, newContent, {
+                await sandbox.files.write(path14, newContent, {
                   user: "user"
                 });
                 return {
-                  content: `File appended: ${path12}`,
+                  content: `File appended: ${path14}`,
                   originalContent: truncateOutput({
                     content: existingContent,
                     mode: "read-file"
@@ -68827,31 +68834,31 @@ Existing file is ${formatBytes(existingState.sizeBytes)}, so the full diff previ
                 if (!edits || edits.length === 0) {
                   return { error: "edits array is required for edit action" };
                 }
-                const existingState = await getSandboxFileState(sandbox, path12);
+                const existingState = await getSandboxFileState(sandbox, path14);
                 if (existingState.kind === "unknown") {
                   return {
-                    error: `Cannot edit ${path12} safely because the file size could not be determined. ${existingState.error}`
+                    error: `Cannot edit ${path14} safely because the file size could not be determined. ${existingState.error}`
                   };
                 }
                 if (existingState.kind === "missing") {
                   return {
-                    error: `Cannot edit file ${path12} - file is empty or does not exist`
+                    error: `Cannot edit file ${path14} - file is empty or does not exist`
                   };
                 }
                 if (existingState.kind === "not_file") {
-                  return { error: `Cannot edit ${path12} because it is not a file.` };
+                  return { error: `Cannot edit ${path14} because it is not a file.` };
                 }
                 if (existingState.sizeBytes > MAX_TEXT_FILE_READ_BYTES) {
                   return {
-                    error: `File ${path12} is too large for the edit action (${formatBytes(existingState.sizeBytes)}). Use a targeted shell command, restore the file from a clean source, or replace it with the write action instead of loading the whole file into memory.`
+                    error: `File ${path14} is too large for the edit action (${formatBytes(existingState.sizeBytes)}). Use a targeted shell command, restore the file from a clean source, or replace it with the write action instead of loading the whole file into memory.`
                   };
                 }
-                const originalContent = await sandbox.files.read(path12, {
+                const originalContent = await sandbox.files.read(path14, {
                   user: "user"
                 });
                 if (!originalContent) {
                   return {
-                    error: `Cannot edit file ${path12} - file is empty or does not exist`
+                    error: `Cannot edit file ${path14} - file is empty or does not exist`
                   };
                 }
                 const resolvedEdits = [];
@@ -68896,7 +68903,7 @@ ${hint}` : "")
                     }
                   }
                 }
-                await sandbox.files.write(path12, content, {
+                await sandbox.files.write(path14, content, {
                   user: "user"
                 });
                 const lines = content.split("\n");
@@ -68988,419 +68995,483 @@ ${numberedLines}`,
   }
 });
 
-// ../lib/utils/error-redaction.ts
-var REDACTED_VALUE, SENSITIVE_FIELD_PATTERN, ENV_SECRET_PATTERN, redactSensitiveErrorMessage, stringifyRedactedError;
-var init_error_redaction = __esm({
-  "../lib/utils/error-redaction.ts"() {
-    "use strict";
-    REDACTED_VALUE = "[Redacted]";
-    SENSITIVE_FIELD_PATTERN = /(["']?\b(?:serviceKey|service_key|apiKey|api_key|authorization|bearer|cookie|password|secret|token)\b["']?)(\s*[:=]\s*)(?:"[^"]*"|'[^']*'|[^\s,}]+)/gi;
-    ENV_SECRET_PATTERN = /(["']?\b(?:CONVEX_SERVICE_ROLE_KEY|POSTHOG_API_KEY|STRIPE_SECRET_KEY)\b["']?)(\s*[:=]\s*)(?:"[^"]*"|'[^']*'|[^\s,}]+)/gi;
-    redactSensitiveErrorMessage = (message) => message.replace(SENSITIVE_FIELD_PATTERN, (_match, key, separator) => {
-      return `${key}${separator}"${REDACTED_VALUE}"`;
-    }).replace(ENV_SECRET_PATTERN, (_match, key, separator) => {
-      return `${key}${separator}"${REDACTED_VALUE}"`;
-    });
-    stringifyRedactedError = (error51) => {
-      const message = error51 instanceof Error ? error51.message : typeof error51 === "string" ? error51 : (() => {
+// src/tools/web-research.ts
+function decodeHtmlEntities(input) {
+  return input.replace(/&(#x?[0-9a-fA-F]+|[a-zA-Z]+);/g, (whole, code) => {
+    if (code[0] === "#") {
+      const num = code[1] === "x" || code[1] === "X" ? Number.parseInt(code.slice(2), 16) : Number.parseInt(code.slice(1), 10);
+      if (Number.isFinite(num) && num > 0 && num <= 1114111) {
         try {
-          return JSON.stringify(error51);
+          return String.fromCodePoint(num);
         } catch {
-          return String(error51);
+          return whole;
         }
-      })();
-      return redactSensitiveErrorMessage(message);
-    };
-  }
-});
-
-// ../lib/ai/tools/utils/perplexity.ts
-var SEARCH_RESULT_CONTENT_MAX_TOKENS, RECENCY_MAP, PerplexityApiError, ERROR_BODY_SUMMARY_MAX_LENGTH, RETRYABLE_PERPLEXITY_STATUSES, HTML_ENTITY_MAP, normalizeWhitespace, decodeBasicHtmlEntities, stripHtml, extractHtmlTagText, redactNetworkDetails, truncateSummary, isRetryablePerplexityStatus, summarizePerplexityErrorBody, buildPerplexitySearchBody, formatSearchResults;
-var init_perplexity = __esm({
-  "../lib/ai/tools/utils/perplexity.ts"() {
-    "use strict";
-    SEARCH_RESULT_CONTENT_MAX_TOKENS = 250;
-    RECENCY_MAP = {
-      past_day: "day",
-      past_week: "week",
-      past_month: "month",
-      past_year: "year"
-    };
-    PerplexityApiError = class extends Error {
-      constructor({
-        status,
-        statusText,
-        bodySummary,
-        retryable
-      }) {
-        const statusLabel = statusText ? `${status} ${statusText}` : `${status}`;
-        const summary = bodySummary ? `: ${bodySummary}` : "";
-        super(`Perplexity API error ${statusLabel}${summary}`);
-        this.name = "PerplexityApiError";
-        this.status = status;
-        this.statusText = statusText;
-        this.bodySummary = bodySummary;
-        this.retryable = retryable;
       }
+      return whole;
+    }
+    return NAMED_ENTITIES[code] != null ? NAMED_ENTITIES[code] : whole;
+  });
+}
+function htmlToText(html) {
+  let s = html;
+  s = s.replace(/<!--[\s\S]*?-->/g, " ");
+  s = s.replace(/<(script|style|noscript|svg|head|template)[\s\S]*?<\/\1>/gi, " ");
+  s = s.replace(
+    /<\/(p|div|section|article|header|footer|li|ul|ol|tr|table|h[1-6]|blockquote|pre|nav|aside)>/gi,
+    "\n"
+  );
+  s = s.replace(/<br\s*\/?>/gi, "\n");
+  s = s.replace(/<[^>]+>/g, " ");
+  s = decodeHtmlEntities(s);
+  s = s.replace(/[ \t\f\v\r]+/g, " ");
+  s = s.replace(/\n{3,}/g, "\n\n");
+  s = s.split("\n").map((line) => line.trim()).join("\n").trim();
+  return s;
+}
+function extractTitle(html) {
+  const m = /<title[^>]*>([\s\S]*?)<\/title>/i.exec(html);
+  return m ? htmlToText(m[1]).slice(0, 200) : "";
+}
+function decodeDdgHref(href) {
+  let h = (href || "").trim();
+  if (!h) return "";
+  if (h.startsWith("//")) h = "https:" + h;
+  try {
+    const u = new URL(h, "https://duckduckgo.com");
+    const uddg = u.searchParams.get("uddg");
+    if (uddg) return uddg;
+    return u.href;
+  } catch {
+    return h;
+  }
+}
+function parseDuckDuckGoHtml(html) {
+  const snippets = [];
+  const snippetRe = /<a[^>]+class="[^"]*result__snippet[^"]*"[^>]*>([\s\S]*?)<\/a>/gi;
+  let sm;
+  while (sm = snippetRe.exec(html)) snippets.push(htmlToText(sm[1]));
+  const results = [];
+  const linkRe = /<a[^>]+class="[^"]*result__a[^"]*"[^>]+href="([^"]+)"[^>]*>([\s\S]*?)<\/a>/gi;
+  let m;
+  let i = 0;
+  while (m = linkRe.exec(html)) {
+    const url2 = decodeDdgHref(m[1]);
+    const title = htmlToText(m[2]);
+    if (url2 && title && /^https?:\/\//i.test(url2)) {
+      results.push({ title, url: url2, snippet: snippets[i] || "" });
+    }
+    i++;
+  }
+  return results;
+}
+function parseDuckDuckGoLite(html) {
+  const results = [];
+  const linkRe = /<a[^>]+class="[^"]*result-link[^"]*"[^>]+href="([^"]+)"[^>]*>([\s\S]*?)<\/a>/gi;
+  let m;
+  while (m = linkRe.exec(html)) {
+    const url2 = decodeDdgHref(m[1]);
+    const title = htmlToText(m[2]);
+    if (url2 && title && /^https?:\/\//i.test(url2)) {
+      results.push({ title, url: url2, snippet: "" });
+    }
+  }
+  return results;
+}
+function canonicalUrl(raw) {
+  try {
+    const u = new URL(raw.trim());
+    if (u.protocol !== "http:" && u.protocol !== "https:") return null;
+    u.hash = "";
+    let s = u.href;
+    if (s.endsWith("/")) s = s.slice(0, -1);
+    return s;
+  } catch {
+    return null;
+  }
+}
+function dedupeResults(results) {
+  const seen = /* @__PURE__ */ new Set();
+  const out3 = [];
+  for (const r2 of results) {
+    const key = canonicalUrl(r2.url);
+    if (!key || seen.has(key)) continue;
+    seen.add(key);
+    out3.push(r2);
+  }
+  return out3;
+}
+async function mapPool(items, concurrency, fn) {
+  const results = new Array(items.length);
+  if (items.length === 0) return results;
+  const workers = [];
+  const n = Math.min(Math.max(1, concurrency), items.length);
+  let next = 0;
+  for (let w = 0; w < n; w++) {
+    workers.push(
+      (async () => {
+        for (; ; ) {
+          const i = next++;
+          if (i >= items.length) break;
+          try {
+            results[i] = await fn(items[i], i);
+          } catch (err) {
+            results[i] = {
+              error: err instanceof Error ? err.message : String(err)
+            };
+          }
+        }
+      })()
+    );
+  }
+  await Promise.all(workers);
+  return results;
+}
+async function fetchText(url2, opts) {
+  const ctrl = new AbortController();
+  const onAbort = () => ctrl.abort();
+  if (opts.signal) {
+    if (opts.signal.aborted) ctrl.abort();
+    else opts.signal.addEventListener("abort", onAbort, { once: true });
+  }
+  const timer2 = setTimeout(() => ctrl.abort(), opts.timeoutMs);
+  try {
+    const resp = await fetch(url2, {
+      method: "GET",
+      headers: {
+        "User-Agent": UA,
+        Accept: "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8",
+        "Accept-Language": "en-US,en;q=0.9,pt-BR;q=0.8"
+      },
+      redirect: "follow",
+      signal: ctrl.signal
+    });
+    let text2 = await resp.text();
+    if (text2.length > MAX_RAW_BYTES) text2 = text2.slice(0, MAX_RAW_BYTES);
+    return {
+      status: resp.status,
+      finalUrl: resp.url || url2,
+      contentType: resp.headers.get("content-type") || "",
+      text: text2
     };
-    ERROR_BODY_SUMMARY_MAX_LENGTH = 400;
-    RETRYABLE_PERPLEXITY_STATUSES = /* @__PURE__ */ new Set([408, 429, 500, 502, 503, 504]);
-    HTML_ENTITY_MAP = {
-      amp: "&",
-      gt: ">",
-      lt: "<",
-      nbsp: " ",
-      quot: '"',
-      "#160": " ",
-      "#39": "'"
-    };
-    normalizeWhitespace = (value) => value.replace(/\s+/g, " ").trim();
-    decodeBasicHtmlEntities = (value) => value.replace(/&([a-zA-Z0-9#]+);/g, (match, entity) => {
-      return HTML_ENTITY_MAP[entity] ?? match;
+  } finally {
+    clearTimeout(timer2);
+    opts.signal?.removeEventListener("abort", onAbort);
+  }
+}
+async function searchOneQuery(query, signal, df) {
+  const enc = encodeURIComponent(query);
+  const dfParam = df ? `&df=${df}` : "";
+  try {
+    const r2 = await fetchText(
+      `https://html.duckduckgo.com/html/?q=${enc}${dfParam}`,
+      { timeoutMs: SEARCH_TIMEOUT_MS, signal }
+    );
+    const parsed = parseDuckDuckGoHtml(r2.text);
+    if (parsed.length) return parsed;
+  } catch (err) {
+    if (isAbort(err)) throw err;
+  }
+  try {
+    const r2 = await fetchText(
+      `https://lite.duckduckgo.com/lite/?q=${enc}${dfParam}`,
+      { timeoutMs: SEARCH_TIMEOUT_MS, signal }
+    );
+    return parseDuckDuckGoLite(r2.text);
+  } catch (err) {
+    if (isAbort(err)) throw err;
+    return [];
+  }
+}
+async function searchQueries(queries, signal, df) {
+  const lists = await mapPool(
+    queries,
+    Math.min(queries.length, 5),
+    (q) => searchOneQuery(q, signal, df)
+  );
+  const merged = [];
+  for (const item of lists) {
+    if (Array.isArray(item)) merged.push(...item);
+  }
+  return dedupeResults(merged);
+}
+async function readPage(url2, signal) {
+  const r2 = await fetchText(url2, { timeoutMs: READ_TIMEOUT_MS, signal });
+  const text2 = isTextual(r2.contentType) ? htmlToText(r2.text) : "";
+  return {
+    url: url2,
+    finalUrl: r2.finalUrl,
+    status: r2.status,
+    title: extractTitle(r2.text) || r2.finalUrl,
+    text: text2,
+    bytes: r2.text.length,
+    contentType: r2.contentType
+  };
+}
+async function jinaRead(url2, signal) {
+  const key = process.env.JINA_API_KEY;
+  if (!key) return null;
+  try {
+    const resp = await fetch(`https://r.jina.ai/${url2}`, {
+      headers: { Authorization: `Bearer ${key}`, "X-Timeout": "25" },
+      signal
     });
-    stripHtml = (value) => normalizeWhitespace(
-      decodeBasicHtmlEntities(
-        value.replace(/<script\b[^>]*>[\s\S]*?<\/script>/gi, " ").replace(/<style\b[^>]*>[\s\S]*?<\/style>/gi, " ").replace(/<[^>]+>/g, " ")
-      )
+    if (!resp.ok) return null;
+    return await resp.text();
+  } catch {
+    return null;
+  }
+}
+function formatSearchResults(results) {
+  if (!results.length) {
+    return "Nenhum resultado encontrado. Refine a query (sin\xF4nimos, termos em ingl\xEAs, operadores site:/filetype:) e tente de novo.";
+  }
+  const shown = results.slice(0, SEARCH_MAX_RESULTS);
+  const lines = [`${shown.length} resultado(s):`];
+  shown.forEach((r2, i) => {
+    lines.push("");
+    lines.push(`${i + 1}. ${r2.title}`);
+    lines.push(`   ${r2.url}`);
+    if (r2.snippet) lines.push(`   ${truncate3(r2.snippet, 300)}`);
+  });
+  return lines.join("\n");
+}
+function formatResearchDigest(pages, stats) {
+  const header = `Pesquisa profunda: ${stats.totalFound} candidato(s), ${stats.fetched} buscado(s) (${stats.conc ?? 1} em paralelo), ${stats.ok} ok, ${stats.failures} falha(s)` + (stats.capped ? `, capado em ${stats.maxPages} p\xE1ginas` : "") + ".";
+  if (!pages.length) {
+    return header + "\nNenhuma p\xE1gina retornou texto. Refine as queries ou forne\xE7a urls e tente de novo.";
+  }
+  const INLINE = 40;
+  const lines = [header, ""];
+  pages.slice(0, INLINE).forEach((p, i) => {
+    lines.push(`### ${i + 1}. ${p.title}`);
+    lines.push(`${p.finalUrl} (HTTP ${p.status})`);
+    const extract = p.text.replace(/\n+/g, " ").trim();
+    if (extract) lines.push(truncate3(extract, 600));
+    lines.push("");
+  });
+  if (pages.length > INLINE) {
+    lines.push(`\u2026 +${pages.length - INLINE} fonte(s) no relat\xF3rio completo.`);
+  }
+  if (stats.reportPath) {
+    lines.push(`Relat\xF3rio completo salvo em: ${stats.reportPath}`);
+  }
+  return lines.join("\n");
+}
+async function saveResearchReport(workdir, queries, pages, stats) {
+  if (!workdir || !pages.length) return null;
+  try {
+    const dir = import_node_path5.default.join(workdir, "reports");
+    await import_node_fs6.promises.mkdir(dir, { recursive: true });
+    const slug = (queries[0] || "research").toLowerCase().replace(/[^a-z0-9]+/g, "-").replace(/^-+|-+$/g, "").slice(0, 40) || "research";
+    const file2 = import_node_path5.default.join(dir, `research_${slug}_${Date.now()}.md`);
+    const parts = [];
+    parts.push(`# Pesquisa: ${queries.join(" / ") || "(seed urls)"}`);
+    parts.push("");
+    parts.push(
+      `Candidatos: ${stats.totalFound} \xB7 Buscados: ${stats.fetched} \xB7 OK: ${stats.ok} \xB7 Falhas: ${stats.failures}` + (stats.capped ? ` \xB7 capado em ${stats.maxPages}` : "")
     );
-    extractHtmlTagText = (html, tagName) => {
-      const matches = html.matchAll(
-        new RegExp(`<${tagName}\\b[^>]*>([\\s\\S]*?)<\\/${tagName}>`, "gi")
-      );
-      return Array.from(matches).map((match) => stripHtml(match[1] ?? "")).filter(Boolean);
-    };
-    redactNetworkDetails = (value) => value.replace(
-      /\b(?:(?:25[0-5]|2[0-4]\d|1?\d?\d)\.){3}(?:25[0-5]|2[0-4]\d|1?\d?\d)\b/g,
-      "[Redacted IP]"
-    ).replace(/\bRay ID:\s*[a-f0-9]+\b/gi, "Ray ID: [Redacted]");
-    truncateSummary = (value) => value.length > ERROR_BODY_SUMMARY_MAX_LENGTH ? `${value.slice(0, ERROR_BODY_SUMMARY_MAX_LENGTH - 1)}\u2026` : value;
-    isRetryablePerplexityStatus = (status) => RETRYABLE_PERPLEXITY_STATUSES.has(status);
-    summarizePerplexityErrorBody = (body, contentType = "") => {
-      const trimmed = body.trim();
-      if (!trimmed) return "";
-      let summary = "";
-      if (contentType.includes("json") || trimmed.startsWith("{")) {
-        try {
-          const parsed = JSON.parse(trimmed);
-          const error51 = typeof parsed.error === "string" ? parsed.error : parsed.error && typeof parsed.error === "object" && "message" in parsed.error && typeof parsed.error.message === "string" ? parsed.error.message : void 0;
-          const message = error51 || (typeof parsed.message === "string" ? parsed.message : void 0) || (typeof parsed.detail === "string" ? parsed.detail : void 0);
-          summary = message || trimmed;
-        } catch {
-          summary = trimmed;
-        }
-      } else if (/<[a-z][\s\S]*>/i.test(trimmed)) {
-        const tagSummaries = [
-          ...extractHtmlTagText(trimmed, "h1"),
-          ...extractHtmlTagText(trimmed, "p"),
-          ...extractHtmlTagText(trimmed, "h2")
-        ];
-        summary = tagSummaries.length > 0 ? tagSummaries.join(". ") : stripHtml(trimmed);
-      } else {
-        summary = trimmed;
-      }
-      return truncateSummary(redactNetworkDetails(normalizeWhitespace(summary)));
-    };
-    buildPerplexitySearchBody = (query, options) => {
-      const searchBody = {
-        query,
-        max_results: options?.maxResults ?? 10,
-        max_tokens_per_page: SEARCH_RESULT_CONTENT_MAX_TOKENS
-      };
-      if (options?.country) {
-        searchBody.country = options.country;
-      }
-      if (options?.recency) {
-        searchBody.search_recency_filter = options.recency;
-      }
-      return searchBody;
-    };
-    formatSearchResults = (results) => {
-      return results.map((result) => ({
-        title: result.title,
-        url: result.url,
-        content: result.snippet,
-        date: result.date || null,
-        lastUpdated: result.last_updated || null
-      }));
-    };
+    parts.push("");
+    pages.forEach((p, i) => {
+      parts.push(`## ${i + 1}. ${p.title}`);
+      parts.push(`- URL: ${p.finalUrl}`);
+      parts.push(`- HTTP: ${p.status} \xB7 ${p.bytes} bytes`);
+      parts.push("");
+      parts.push(truncate3(p.text, 4e3));
+      parts.push("");
+    });
+    await import_node_fs6.promises.writeFile(file2, parts.join("\n"), "utf8");
+    return file2;
+  } catch {
+    return null;
   }
-});
-
-// ../lib/ai/tools/web-search.ts
-var WEB_SEARCH_COST_PER_REQUEST, PERPLEXITY_SEARCH_URL, WEB_SEARCH_MAX_ATTEMPTS, WEB_SEARCH_RETRY_BASE_DELAY_MS, WEB_SEARCH_RETRY_JITTER_MS, PERPLEXITY_QUERY_MAX_LENGTH, EMPTY_QUERY_TOOL_ERROR, QUERY_TOO_LONG_TOOL_ERROR, webSearchQuerySchema, sleep2, getRetryDelayMs, createPerplexityApiError, formatPerplexityFailureForTool, fetchPerplexitySearch, normalizeSearchQueries, createWebSearch;
-var init_web_search = __esm({
-  "../lib/ai/tools/web-search.ts"() {
+}
+var import_node_fs6, import_node_path5, UA, SEARCH_TIMEOUT_MS, READ_TIMEOUT_MS, MAX_RAW_BYTES, OPEN_URL_MAX_CHARS, SEARCH_MAX_RESULTS, HARD_PAGE_CEILING, TIME_TO_DDG_DF, NAMED_ENTITIES, truncate3, isAbort, isTextual, TIME_ENUM, createWebSearch, createOpenUrl, createDeepResearch;
+var init_web_research = __esm({
+  "src/tools/web-research.ts"() {
     "use strict";
     init_dist5();
     init_zod();
-    init_error_redaction();
-    init_perplexity();
-    WEB_SEARCH_COST_PER_REQUEST = 5e-3;
-    PERPLEXITY_SEARCH_URL = "https://api.perplexity.ai/search";
-    WEB_SEARCH_MAX_ATTEMPTS = 3;
-    WEB_SEARCH_RETRY_BASE_DELAY_MS = 300;
-    WEB_SEARCH_RETRY_JITTER_MS = 75;
-    PERPLEXITY_QUERY_MAX_LENGTH = 8192;
-    EMPTY_QUERY_TOOL_ERROR = "Error performing web search: Provide at least one non-empty query.";
-    QUERY_TOO_LONG_TOOL_ERROR = `Error performing web search: Each query must be ${PERPLEXITY_QUERY_MAX_LENGTH} characters or fewer.`;
-    webSearchQuerySchema = external_exports.string().trim().min(1).max(PERPLEXITY_QUERY_MAX_LENGTH);
-    sleep2 = (delayMs, signal) => {
-      if (delayMs <= 0) return Promise.resolve();
-      if (signal?.aborted) {
-        return Promise.reject(new DOMException("Operation aborted", "AbortError"));
-      }
-      return new Promise((resolve2, reject) => {
-        const cleanup = () => signal?.removeEventListener("abort", onAbort);
-        const onAbort = () => {
-          clearTimeout(timeout);
-          cleanup();
-          reject(new DOMException("Operation aborted", "AbortError"));
-        };
-        const timeout = setTimeout(() => {
-          cleanup();
-          resolve2();
-        }, delayMs);
-        signal?.addEventListener("abort", onAbort, { once: true });
-      });
-    };
-    getRetryDelayMs = (attemptIndex) => {
-      const exponentialDelay = WEB_SEARCH_RETRY_BASE_DELAY_MS * Math.pow(2, attemptIndex);
-      const jitter = Math.random() * WEB_SEARCH_RETRY_JITTER_MS;
-      return Math.round(exponentialDelay + jitter);
-    };
-    createPerplexityApiError = async (response) => {
-      const errorText = await response.text();
-      const bodySummary = summarizePerplexityErrorBody(
-        errorText,
-        response.headers.get("content-type") || ""
-      );
-      return new PerplexityApiError({
-        status: response.status,
-        statusText: response.statusText,
-        bodySummary,
-        retryable: isRetryablePerplexityStatus(response.status)
-      });
-    };
-    formatPerplexityFailureForTool = (error51, attempts) => {
-      const statusText = error51.statusText ? ` ${error51.statusText}` : "";
-      if (error51.retryable) {
-        return `Error performing web search: Perplexity search is temporarily unavailable (HTTP ${error51.status}${statusText} after ${attempts} attempts). Please retry shortly or continue without live web results if the task can proceed.`;
-      }
-      if (error51.status === 401 || error51.status === 403) {
-        return `Error performing web search: Perplexity search is not authorized (HTTP ${error51.status}${statusText}). Check the Perplexity API key or account access.`;
-      }
-      return `Error performing web search: Perplexity search failed (HTTP ${error51.status}${statusText}).`;
+    import_node_fs6 = require("node:fs");
+    import_node_path5 = __toESM(require("node:path"));
+    UA = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0 Safari/537.36";
+    SEARCH_TIMEOUT_MS = 15e3;
+    READ_TIMEOUT_MS = 25e3;
+    MAX_RAW_BYTES = 15e5;
+    OPEN_URL_MAX_CHARS = 8e3;
+    SEARCH_MAX_RESULTS = 30;
+    HARD_PAGE_CEILING = 500;
+    TIME_TO_DDG_DF = {
+      past_day: "d",
+      past_week: "w",
+      past_month: "m",
+      past_year: "y"
+    };
+    NAMED_ENTITIES = {
+      amp: "&",
+      lt: "<",
+      gt: ">",
+      quot: '"',
+      apos: "'",
+      nbsp: " ",
+      "#39": "'"
     };
-    fetchPerplexitySearch = async (searchBody, abortSignal) => {
-      for (let attemptIndex = 0; attemptIndex < WEB_SEARCH_MAX_ATTEMPTS; attemptIndex++) {
-        const attempt = attemptIndex + 1;
-        const isFinalAttempt = attempt === WEB_SEARCH_MAX_ATTEMPTS;
+    truncate3 = (s, n) => s.length <= n ? s : s.slice(0, n - 1) + "\u2026";
+    isAbort = (err) => err instanceof Error && err.name === "AbortError";
+    isTextual = (ct) => !ct || /text|html|json|xml|javascript|csv/i.test(ct);
+    TIME_ENUM = external_exports.enum(["all", "past_day", "past_week", "past_month", "past_year"]).optional();
+    createWebSearch = (_context) => tool({
+      description: `Search the web for free (no API key required, DuckDuckGo-backed). Returns ranked results (title, url, snippet).
+
+<instructions>
+- Give 1\u20135 \`queries\` that are VARIANTS of the SAME intent (query expansions), not different goals. For non-English topics add one English variant.
+- Break a complex need into step-by-step searches instead of one giant query.
+- You CAN use operators: site:, filetype:, inurl:, intitle:.
+- After searching, OPEN the most relevant results with open_url to actually read them; cross-check facts across 2+ sources.
+- If results are weak, refine the wording and search again.
+</instructions>`,
+      inputSchema: external_exports.object({
+        brief: external_exports.string().describe("A one-sentence preamble describing the purpose of this search."),
+        queries: external_exports.array(external_exports.string().trim().min(1).max(2e3)).min(1).max(5).describe("1\u20135 query variants of the same intent."),
+        time: TIME_ENUM.describe(
+          "Optional recency filter (past_day/week/month/year)."
+        )
+      }),
+      execute: async ({ queries, time: time3 }, { abortSignal } = {}) => {
+        const norm = Array.from(
+          new Set(queries.map((q) => q.trim()).filter(Boolean))
+        ).slice(0, 5);
+        if (!norm.length) return "Erro: forne\xE7a ao menos uma query n\xE3o vazia.";
         try {
-          const response = await fetch(PERPLEXITY_SEARCH_URL, {
-            method: "POST",
-            headers: {
-              "Content-Type": "application/json",
-              Authorization: `Bearer ${process.env.PERPLEXITY_API_KEY || ""}`
-            },
-            body: JSON.stringify(searchBody),
-            signal: abortSignal
-          });
-          if (response.ok) {
-            return response;
-          }
-          const error51 = await createPerplexityApiError(response);
-          if (!error51.retryable || isFinalAttempt) {
-            throw error51;
-          }
-          const delayMs = getRetryDelayMs(attemptIndex);
-          console.warn("Web search provider error; retrying", {
-            attempt,
-            maxAttempts: WEB_SEARCH_MAX_ATTEMPTS,
-            status: error51.status,
-            statusText: error51.statusText,
-            bodySummary: error51.bodySummary,
-            delayMs
-          });
-          await sleep2(delayMs, abortSignal);
-        } catch (error51) {
-          if (error51 instanceof Error && error51.name === "AbortError") {
-            throw error51;
-          }
-          if (error51 instanceof PerplexityApiError) {
-            throw error51;
-          }
-          if (isFinalAttempt) {
-            throw error51;
-          }
-          const delayMs = getRetryDelayMs(attemptIndex);
-          console.warn("Web search network error; retrying", {
-            attempt,
-            maxAttempts: WEB_SEARCH_MAX_ATTEMPTS,
-            error: stringifyRedactedError(error51),
-            delayMs
-          });
-          await sleep2(delayMs, abortSignal);
+          const df = time3 && time3 !== "all" ? TIME_TO_DDG_DF[time3] : void 0;
+          const results = await searchQueries(norm, abortSignal, df);
+          return formatSearchResults(results);
+        } catch (err) {
+          if (isAbort(err)) return "Erro: opera\xE7\xE3o abortada.";
+          return `Erro na busca: ${err instanceof Error ? err.message : String(err)}`;
         }
       }
-      throw new Error("Web search failed before any Perplexity response was read");
-    };
-    normalizeSearchQueries = (rawQueries) => {
-      const queries = rawQueries.map((query) => query.trim()).filter(Boolean);
-      if (queries.length === 0) {
-        return { queries, error: EMPTY_QUERY_TOOL_ERROR };
-      }
-      if (queries.some((query) => query.length > PERPLEXITY_QUERY_MAX_LENGTH)) {
-        return { queries, error: QUERY_TOO_LONG_TOOL_ERROR };
-      }
-      return { queries: queries.slice(0, 3) };
-    };
-    createWebSearch = (context2) => {
-      const { userLocation, onToolCost } = context2;
-      return tool({
-        description: `Search for information across various sources.
+    });
+    createOpenUrl = (_opts) => tool({
+      description: `Open a specific URL and return its readable text content (free, no API key). Use it to actually READ a link \u2014 the one the user pasted, or one from a prior search \u2014 before you act on it.
 
 <instructions>
-- MUST use this tool to access up-to-date or external information when needed; DO NOT rely solely on internal knowledge
-- Each search MUST contain exactly 1 to 3 \`queries\` (NEVER more than 3). Queries MUST be variants of the same intent (i.e., query expansions), NOT different goals
-- For non-English queries, MUST include at least one English query as the final variant to expand coverage
-- For complex searches, MUST break down into step-by-step searches instead of using a single complex query
-- Access multiple URLs from search results for comprehensive information or cross-validation
-- CAN use Google dork syntax (site:, filetype:, inurl:, intitle:, etc.) for targeted reconnaissance and pentest enumeration
-- Only use \`time\` parameter when explicitly required by task, otherwise leave time range unrestricted
-- Prioritize cybersecurity-relevant information: CVEs, CVSS scores, exploits, PoCs, security tools, and pentest methodologies
-- Include specific versions, configurations, and technical details; cite reliable sources (NIST, OWASP, CVE databases)
-- For commands/installations, prioritize Kali Linux compatibility using apt or pre-installed tools
+- The URL must be public and http(s).
+- Returns the page title + extracted text (JS is not executed; for JS-heavy pages use the recon toolkit's --browser path).
+- Read carefully, then verify important facts against another source.
 </instructions>`,
-        inputSchema: external_exports.object({
-          queries: external_exports.array(webSearchQuerySchema).min(1).max(3).describe(
-            "MAXIMUM 3 non-empty query variants (1-3 items only). Express the same search intent with different wording."
-          ),
-          time: external_exports.enum(["all", "past_day", "past_week", "past_month", "past_year"]).optional().describe(
-            "Optional time filter to limit results to a recent time range"
-          ),
-          brief: external_exports.string().describe(
-            "A one-sentence preamble describing the purpose of this operation"
-          )
-        }),
-        execute: async ({
-          queries: rawQueries,
-          time: time3
-        }, { abortSignal }) => {
-          try {
-            const { queries, error: error51 } = normalizeSearchQueries(rawQueries);
-            if (error51) {
-              return error51;
-            }
-            const searchBody = buildPerplexitySearchBody(
-              queries.length === 1 ? queries[0] : queries,
-              {
-                country: userLocation?.country,
-                recency: time3 && time3 !== "all" ? RECENCY_MAP[time3] : void 0
-              }
-            );
-            const response = await fetchPerplexitySearch(searchBody, abortSignal);
-            onToolCost?.(WEB_SEARCH_COST_PER_REQUEST);
-            const searchResponse = await response.json();
-            const isMultiQuery = queries.length > 1;
-            let allResults;
-            if (isMultiQuery && Array.isArray(searchResponse.results[0])) {
-              allResults = searchResponse.results.flat();
-            } else {
-              allResults = searchResponse.results;
-            }
-            return formatSearchResults(allResults);
-          } catch (error51) {
-            if (error51 instanceof Error && error51.name === "AbortError") {
-              return "Error: Operation aborted";
-            }
-            if (error51 instanceof PerplexityApiError) {
-              console.error("Web search tool error:", {
-                name: error51.name,
-                status: error51.status,
-                statusText: error51.statusText,
-                retryable: error51.retryable,
-                bodySummary: error51.bodySummary
-              });
-              return formatPerplexityFailureForTool(
-                error51,
-                error51.retryable ? WEB_SEARCH_MAX_ATTEMPTS : 1
-              );
-            }
-            const errorMessage = stringifyRedactedError(error51);
-            console.error("Web search tool error:", errorMessage);
-            return `Error performing web search: ${errorMessage}`;
-          }
+      inputSchema: external_exports.object({
+        brief: external_exports.string().describe("A one-sentence preamble describing the purpose of this fetch."),
+        url: external_exports.string().describe("The http(s) URL to open and read.")
+      }),
+      execute: async ({ url: url2 }, { abortSignal } = {}) => {
+        const canon = canonicalUrl(url2);
+        if (!canon) return `URL inv\xE1lida: ${url2}`;
+        try {
+          const jina = await jinaRead(canon, abortSignal);
+          if (jina) return truncate3(jina, OPEN_URL_MAX_CHARS * 2);
+          const page = await readPage(canon, abortSignal);
+          if (!isTextual(page.contentType)) {
+            return `(${page.finalUrl}) conte\xFAdo n\xE3o textual (${page.contentType}, ${page.bytes} bytes) \u2014 n\xE3o extra\xEDdo.`;
+          }
+          const head = `# ${page.title}
+${page.finalUrl} (HTTP ${page.status}, ${page.bytes} bytes)
+`;
+          const body = page.text || "(sem texto extra\xEDvel \u2014 pode ser JS puro; use a recon toolkit com --browser)";
+          return head + "\n" + truncate3(body, OPEN_URL_MAX_CHARS);
+        } catch (err) {
+          if (isAbort(err)) return "Erro: opera\xE7\xE3o abortada.";
+          return `Erro ao abrir URL: ${err instanceof Error ? err.message : String(err)}`;
         }
-      });
-    };
-  }
-});
-
-// ../lib/ai/tools/open-url.ts
-var createOpenUrlTool;
-var init_open_url = __esm({
-  "../lib/ai/tools/open-url.ts"() {
-    "use strict";
-    init_dist5();
-    init_zod();
-    init_token_utils();
-    createOpenUrlTool = () => {
-      return tool({
-        description: `Retrieve the full contents of a specific webpage by URL.
+      }
+    });
+    createDeepResearch = (opts) => tool({
+      description: `Deep web research: search + fetch MANY pages concurrently and return a synthesized digest with sources. Free, no API key.
 
 <instructions>
-- Use to fetch and read a specific webpage, usually obtained from a prior search
-- URLs must be valid and publicly accessible
-- Prioritize cybersecurity-relevant information: CVEs, CVSS scores, exploits, PoCs, security tools, and pentest methodologies
-- Include specific versions, configurations, and technical details; cite reliable sources (NIST, OWASP, CVE databases)
+- Provide \`queries\` (1\u20136 variants) and/or seed \`urls\`. It searches, collects candidate links, and fetches up to \`max_pages\` of them in parallel.
+- Tune to the SUBJECT: a quick fact needs a handful of pages; a broad survey can sweep up to 500. Do NOT fetch 500 for something small.
+- Returns: per-source title + url + a short extract, plus counts. A full Markdown report is saved under the workspace's reports/ when possible.
+- Use this for broad/unknown topics and cross-validation; use open_url to drill into a single page, web_search for a quick lookup.
 </instructions>`,
-        inputSchema: external_exports.object({
-          url: external_exports.string().describe("The URL to open and retrieve content from"),
-          brief: external_exports.string().describe(
-            "A one-sentence preamble describing the purpose of this operation"
-          )
-        }),
-        execute: async ({ url: url2 }, { abortSignal }) => {
-          try {
-            const jinaUrl = `https://r.jina.ai/${encodeURIComponent(url2)}`;
-            const response = await fetch(jinaUrl, {
-              method: "GET",
-              headers: {
-                Authorization: `Bearer ${process.env.JINA_API_KEY}`,
-                "X-Timeout": "30",
-                "X-Base": "final",
-                "X-Token-Budget": "200000"
-              },
-              signal: abortSignal
-            });
-            if (!response.ok) {
-              const errorBody = await response.text();
-              return `Error: HTTP ${response.status} - ${errorBody}`;
-            }
-            const content = await response.text();
-            const truncated = truncateContent(content, void 0, 2048);
-            return truncated;
-          } catch (error51) {
-            if (error51 instanceof Error && error51.name === "AbortError") {
-              return "Error: Operation aborted";
-            }
-            console.error("Open URL tool error:", error51);
-            const errorMessage = error51 instanceof Error ? error51.message : "Unknown error occurred";
-            return `Error opening URL: ${errorMessage}`;
-          }
+      inputSchema: external_exports.object({
+        brief: external_exports.string().describe("A one-sentence preamble describing the research goal."),
+        queries: external_exports.array(external_exports.string().trim().min(1).max(2e3)).max(6).optional().describe("1\u20136 search query variants of the same intent."),
+        urls: external_exports.array(external_exports.string()).max(HARD_PAGE_CEILING).optional().describe("Optional seed URLs to include directly."),
+        max_pages: external_exports.number().int().min(1).max(HARD_PAGE_CEILING).optional().describe("Max pages to fetch (default 12, ceiling 500). Match to the subject."),
+        concurrency: external_exports.number().int().min(1).max(HARD_PAGE_CEILING).optional().describe("Parallel fetches (default 8, up to 500)."),
+        time: TIME_ENUM.describe("Optional recency filter for the search step.")
+      }),
+      execute: async (input, { abortSignal } = {}) => {
+        const queries = Array.from(
+          new Set((input.queries || []).map((q) => q.trim()).filter(Boolean))
+        ).slice(0, 6);
+        const seeds = [];
+        for (const u of input.urls || []) {
+          const c = canonicalUrl(u);
+          if (c) seeds.push({ title: c, url: c, snippet: "" });
+        }
+        if (!queries.length && !seeds.length) {
+          return "Erro: forne\xE7a queries e/ou urls para pesquisar.";
+        }
+        const maxPages = Math.min(
+          Math.max(1, input.max_pages ?? 12),
+          HARD_PAGE_CEILING
+        );
+        const requestedConc = Math.min(
+          Math.max(1, input.concurrency ?? 8),
+          HARD_PAGE_CEILING
+        );
+        try {
+          const df = input.time && input.time !== "all" ? TIME_TO_DDG_DF[input.time] : void 0;
+          const searched = queries.length ? await searchQueries(queries, abortSignal, df) : [];
+          const candidates = dedupeResults([...seeds, ...searched]);
+          const totalFound = candidates.length;
+          const capped = totalFound > maxPages;
+          const toFetch = candidates.slice(0, maxPages);
+          const conc = Math.min(requestedConc, toFetch.length || 1);
+          const fetched = await mapPool(
+            toFetch,
+            conc,
+            (r2) => readPage(r2.url, abortSignal)
+          );
+          const pages = [];
+          let failures = 0;
+          fetched.forEach((p) => {
+            if (p && "error" in p) failures++;
+            else if (p) pages.push(p);
+          });
+          const reportPath = await saveResearchReport(
+            opts.workdir,
+            queries,
+            pages,
+            { totalFound, fetched: toFetch.length, ok: pages.length, failures, capped, maxPages }
+          );
+          return formatResearchDigest(pages, {
+            totalFound,
+            fetched: toFetch.length,
+            ok: pages.length,
+            failures,
+            capped,
+            maxPages,
+            conc,
+            reportPath
+          });
+        } catch (err) {
+          if (isAbort(err)) return "Erro: opera\xE7\xE3o abortada.";
+          return `Erro na pesquisa profunda: ${err instanceof Error ? err.message : String(err)}`;
         }
-      });
-    };
+      }
+    });
   }
 });
 
 // src/tools/scope.ts
-var import_node_fs6, import_node_path5, import_promises, ipv4ToInt, isIpLiteral, maskForPrefix, parseCidr, ScopeImpl, scopeFileFor, loadScope, hostFromUrl;
+var import_node_fs7, import_node_path6, import_promises, ipv4ToInt, isIpLiteral, maskForPrefix, parseCidr, ScopeImpl, scopeFileFor, loadScope, hostFromUrl;
 var init_scope = __esm({
   "src/tools/scope.ts"() {
     "use strict";
-    import_node_fs6 = __toESM(require("node:fs"));
-    import_node_path5 = __toESM(require("node:path"));
+    import_node_fs7 = __toESM(require("node:fs"));
+    import_node_path6 = __toESM(require("node:path"));
     import_promises = __toESM(require("node:dns/promises"));
     ipv4ToInt = (ip) => {
       const parts = ip.split(".");
@@ -69498,11 +69569,11 @@ var init_scope = __esm({
         return false;
       }
     };
-    scopeFileFor = (workdir) => import_node_path5.default.join(workdir, "recon", "scope.txt");
+    scopeFileFor = (workdir) => import_node_path6.default.join(workdir, "recon", "scope.txt");
     loadScope = (workdir) => {
       const file2 = scopeFileFor(workdir);
       try {
-        const text2 = import_node_fs6.default.readFileSync(file2, "utf8");
+        const text2 = import_node_fs7.default.readFileSync(file2, "utf8");
         return ScopeImpl.parse(text2, file2);
       } catch {
         return ScopeImpl.parse("", null);
@@ -69519,7 +69590,7 @@ var init_scope = __esm({
 });
 
 // src/tools/http-request.ts
-var FUZZ, MAX_FUZZ, BODY_PREVIEW_CHARS, DEFAULT_TIMEOUT_S, LOOPBACK, numberEnv, sleep3, sampleUrl, NOTABLE_HEADERS, applyFuzz, buildInit, collectNotableHeaders, doRequest, summarizeFuzz, scopeRefusal, createHttpRequest;
+var FUZZ, MAX_FUZZ, BODY_PREVIEW_CHARS, DEFAULT_TIMEOUT_S, LOOPBACK, numberEnv, sleep2, sampleUrl, NOTABLE_HEADERS, applyFuzz, buildInit, collectNotableHeaders, doRequest, summarizeFuzz, scopeRefusal, createHttpRequest;
 var init_http_request = __esm({
   "src/tools/http-request.ts"() {
     "use strict";
@@ -69535,7 +69606,7 @@ var init_http_request = __esm({
       const raw = Number(process.env[name25]);
       return Number.isFinite(raw) && raw >= 0 ? raw : void 0;
     };
-    sleep3 = (ms, signal) => new Promise((resolve2) => {
+    sleep2 = (ms, signal) => new Promise((resolve2) => {
       if (ms <= 0 || signal?.aborted) return resolve2();
       const t = setTimeout(resolve2, ms);
       signal?.addEventListener(
@@ -69656,7 +69727,7 @@ var init_http_request = __esm({
     };
     scopeRefusal = (host, workdir) => `Recusado: o host "${host}" n\xE3o est\xE1 no escopo autorizado. Adicione-o a ${scopeFileFor(workdir)} (formatos: example.com, *.example.com, CIDR 10.0.0.0/24, ou um IP) \u2014 somente alvos que voc\xEA possui ou tem autoriza\xE7\xE3o expl\xEDcita para testar. Edite o scope.txt com a ferramenta file e tente de novo.`;
     createHttpRequest = (deps) => {
-      const { workdir, loadScopeFn = loadScope } = deps;
+      const { workdir, loadScopeFn = loadScope, unrestricted = false } = deps;
       const envThrottle = numberEnv("clawfast_HTTP_THROTTLE_MS");
       const envJitter = numberEnv("clawfast_HTTP_JITTER_MS");
       return tool({
@@ -69670,20 +69741,30 @@ SCOPE: every request is gated by recon/scope.txt (same allowlist as the recon to
 
 USE FOR: testing a single endpoint, replaying/tampering a captured request, parameter/path/value fuzzing, verifying an exploit by observing the real response. NOT a replacement for bulk crawling \u2014 use the Python recon toolkit for that.`,
         inputSchema: external_exports.object({
-          brief: external_exports.string().describe("A one-sentence preamble describing the purpose of this request."),
+          brief: external_exports.string().describe(
+            "A one-sentence preamble describing the purpose of this request."
+          ),
           url: external_exports.string().url().describe(
             "Target URL. May contain the marker FUZZ (replaced by each fuzz payload)."
           ),
           method: external_exports.enum(["GET", "POST", "PUT", "PATCH", "DELETE", "HEAD", "OPTIONS"]).optional().describe("HTTP method (default GET)."),
           headers: external_exports.record(external_exports.string(), external_exports.string()).optional().describe("Request headers. Values may contain FUZZ."),
           body: external_exports.string().optional().describe("Request body for POST/PUT/PATCH/DELETE. May contain FUZZ."),
-          follow_redirects: external_exports.boolean().optional().describe("Follow 3xx redirects (default true). Set false to inspect Location."),
-          timeout: external_exports.number().optional().describe(`Per-request timeout in seconds (default ${DEFAULT_TIMEOUT_S}).`),
+          follow_redirects: external_exports.boolean().optional().describe(
+            "Follow 3xx redirects (default true). Set false to inspect Location."
+          ),
+          timeout: external_exports.number().optional().describe(
+            `Per-request timeout in seconds (default ${DEFAULT_TIMEOUT_S}).`
+          ),
           fuzz: external_exports.array(external_exports.string()).optional().describe(
             `Intruder payloads \u2014 substituted into the FUZZ marker, one request each (max ${MAX_FUZZ}).`
           ),
-          throttle_ms: external_exports.number().optional().describe("OPSEC: delay between fuzz requests in ms (overrides clawfast_HTTP_THROTTLE_MS)."),
-          jitter_ms: external_exports.number().optional().describe("OPSEC: random extra delay 0..jitter added to each throttle.")
+          throttle_ms: external_exports.number().optional().describe(
+            "OPSEC: delay between fuzz requests in ms (overrides clawfast_HTTP_THROTTLE_MS)."
+          ),
+          jitter_ms: external_exports.number().optional().describe(
+            "OPSEC: random extra delay 0..jitter added to each throttle."
+          )
         }),
         execute: async (input, { abortSignal } = {}) => {
           const method = input.method ?? "GET";
@@ -69693,7 +69774,7 @@ USE FOR: testing a single endpoint, replaying/tampering a captured request, para
           if (!host) {
             return { error: `URL inv\xE1lida: ${input.url}` };
           }
-          if (!LOOPBACK.has(host)) {
+          if (!unrestricted && !LOOPBACK.has(host)) {
             const scope = loadScopeFn(workdir);
             const allowed = await scope.allows(host);
             if (!allowed) {
@@ -69733,7 +69814,13 @@ USE FOR: testing a single endpoint, replaying/tampering a captured request, para
                 abortSignal
               );
               if ("error" in res2) {
-                rows.push({ payload, status: "ERR", bodyLength: 0, timeMs: res2.timeMs, error: res2.error });
+                rows.push({
+                  payload,
+                  status: "ERR",
+                  bodyLength: 0,
+                  timeMs: res2.timeMs,
+                  error: res2.error
+                });
               } else {
                 rows.push({
                   payload,
@@ -69744,7 +69831,10 @@ USE FOR: testing a single endpoint, replaying/tampering a captured request, para
                 });
               }
               if (i < list.length - 1 && (throttle > 0 || jitter > 0)) {
-                await sleep3(throttle + Math.floor(Math.random() * (jitter + 1)), abortSignal);
+                await sleep2(
+                  throttle + Math.floor(Math.random() * (jitter + 1)),
+                  abortSignal
+                );
               }
             }
             return { fuzz: { host, count: rows.length, rows } };
@@ -69822,12 +69912,12 @@ ${s.bodyPreview}`
 });
 
 // src/tools/findings.ts
-var import_node_fs7, import_node_path6, SEVERITIES, STATUSES, SEVERITY_RANK, SEVERITY_EMOJI, findingsStoreFor, readAll, writeAll, nextId, sortBySeverity, renderReport, oneLine, createFindings;
+var import_node_fs8, import_node_path7, SEVERITIES, STATUSES, SEVERITY_RANK, SEVERITY_EMOJI, findingsStoreFor, readAll, writeAll, nextId, sortBySeverity, renderReport, oneLine, createFindings;
 var init_findings = __esm({
   "src/tools/findings.ts"() {
     "use strict";
-    import_node_fs7 = __toESM(require("node:fs"));
-    import_node_path6 = __toESM(require("node:path"));
+    import_node_fs8 = __toESM(require("node:fs"));
+    import_node_path7 = __toESM(require("node:path"));
     init_dist5();
     init_zod();
     SEVERITIES = [
@@ -69853,16 +69943,16 @@ var init_findings = __esm({
       info: "\u26AA"
     };
     findingsStoreFor = (workdir) => {
-      const findingsDir = import_node_path6.default.join(workdir, "findings");
+      const findingsDir = import_node_path7.default.join(workdir, "findings");
       return {
         findingsDir,
-        storeFile: import_node_path6.default.join(findingsDir, "findings.json"),
-        reportFile: import_node_path6.default.join(findingsDir, "report.md")
+        storeFile: import_node_path7.default.join(findingsDir, "findings.json"),
+        reportFile: import_node_path7.default.join(findingsDir, "report.md")
       };
     };
     readAll = (store) => {
       try {
-        const raw = import_node_fs7.default.readFileSync(store.storeFile, "utf8");
+        const raw = import_node_fs8.default.readFileSync(store.storeFile, "utf8");
         const parsed = JSON.parse(raw);
         return Array.isArray(parsed) ? parsed : [];
       } catch {
@@ -69870,8 +69960,8 @@ var init_findings = __esm({
       }
     };
     writeAll = (store, findings) => {
-      import_node_fs7.default.mkdirSync(store.findingsDir, { recursive: true });
-      import_node_fs7.default.writeFileSync(store.storeFile, JSON.stringify(findings, null, 2), "utf8");
+      import_node_fs8.default.mkdirSync(store.findingsDir, { recursive: true });
+      import_node_fs8.default.writeFileSync(store.storeFile, JSON.stringify(findings, null, 2), "utf8");
     };
     nextId = (findings) => {
       let max = 0;
@@ -69970,7 +70060,9 @@ ACTIONS
 Use this together with http_request: probe \u2192 observe \u2192 record evidence \u2192 mark confirmed.`,
         inputSchema: external_exports.object({
           action: external_exports.enum(["add", "update", "list", "report"]),
-          brief: external_exports.string().describe("A one-sentence preamble describing the purpose of this operation."),
+          brief: external_exports.string().describe(
+            "A one-sentence preamble describing the purpose of this operation."
+          ),
           id: external_exports.string().optional().describe("Finding id (e.g. F-001) \u2014 required for update."),
           title: external_exports.string().optional(),
           severity: external_exports.enum(SEVERITIES).optional(),
@@ -70043,7 +70135,9 @@ Use this together with http_request: probe \u2192 observe \u2192 record evidence
             if (input.action === "list") {
               let filtered = findings;
               if (input.filter_severity) {
-                filtered = filtered.filter((f) => f.severity === input.filter_severity);
+                filtered = filtered.filter(
+                  (f) => f.severity === input.filter_severity
+                );
               }
               if (input.filter_status) {
                 filtered = filtered.filter((f) => f.status === input.filter_status);
@@ -70055,8 +70149,8 @@ Use this together with http_request: probe \u2192 observe \u2192 record evidence
               };
             }
             const md = renderReport(findings);
-            import_node_fs7.default.mkdirSync(store.findingsDir, { recursive: true });
-            import_node_fs7.default.writeFileSync(store.reportFile, md, "utf8");
+            import_node_fs8.default.mkdirSync(store.findingsDir, { recursive: true });
+            import_node_fs8.default.writeFileSync(store.reportFile, md, "utf8");
             return { report: store.reportFile, total: findings.length };
           } catch (err) {
             return {
@@ -70286,20 +70380,48 @@ var init_utils4 = __esm({
 
 // src/local-sandbox.ts
 function inferShellFlag(shell2) {
-  const base = import_node_path7.default.basename(shell2).toLowerCase();
+  const base = import_node_path8.default.basename(shell2).toLowerCase();
   if (base === "cmd" || base === "cmd.exe") return "/C";
   if (base === "powershell" || base === "powershell.exe" || base === "pwsh") {
     return "-Command";
   }
   return "-c";
 }
-var import_node_child_process2, import_node_fs8, import_node_path7, import_node_os3, import_node_url, import_meta, LocalSandbox;
+function detectLinux(platform) {
+  if (platform !== "linux") {
+    return { distroId: "", distroName: "", isKali: false };
+  }
+  try {
+    const text2 = (0, import_node_fs9.readFileSync)("/etc/os-release", "utf8");
+    const map2 = {};
+    for (const raw of text2.split(/\r?\n/)) {
+      const eq = raw.indexOf("=");
+      if (eq === -1) continue;
+      const key = raw.slice(0, eq).trim();
+      const val = raw.slice(eq + 1).trim().replace(/^"(.*)"$/, "$1").replace(/^'(.*)'$/, "$1");
+      if (key) map2[key] = val;
+    }
+    const id = (map2.ID || "").toLowerCase();
+    const idLike = (map2.ID_LIKE || "").toLowerCase();
+    const distroName = map2.PRETTY_NAME || map2.NAME || "Linux";
+    const isKali = id === "kali" || idLike.includes("kali") || /kali/i.test(distroName);
+    return { distroId: id, distroName, isKali };
+  } catch {
+    return { distroId: "", distroName: "Linux", isKali: false };
+  }
+}
+function computeUnrestricted(platform) {
+  if (truthyEnv("CLAWFAST_UNRESTRICTED")) return true;
+  if (truthyEnv("CLAWFAST_STRICT_SCOPE")) return false;
+  return platform === "linux";
+}
+var import_node_child_process2, import_node_fs9, import_node_path8, import_node_os3, import_node_url, import_meta, LocalSandbox, truthyEnv;
 var init_local_sandbox = __esm({
   "src/local-sandbox.ts"() {
     "use strict";
     import_node_child_process2 = require("node:child_process");
-    import_node_fs8 = require("node:fs");
-    import_node_path7 = __toESM(require("node:path"));
+    import_node_fs9 = require("node:fs");
+    import_node_path8 = __toESM(require("node:path"));
     import_node_os3 = __toESM(require("node:os"));
     import_node_url = require("node:url");
     init_utils4();
@@ -70311,6 +70433,10 @@ var init_local_sandbox = __esm({
         // The most recent foreground child. Lets the CLI forward user-typed lines to
         // a command that is waiting for stdin (interactive prompts, REPLs, etc.).
         this.activeForegroundChild = null;
+        // Host fingerprint, computed once at construction. Linux/Kali unlock the
+        // "full-power" sandbox context; root status flips sudo guidance; unrestricted
+        // opens the native http_request / recon scope gate (default ON for Linux).
+        this.platform = import_node_os3.default.platform();
         this.commands = {
           run: (command, opts) => {
             return new Promise((resolve2, reject) => {
@@ -70397,15 +70523,15 @@ var init_local_sandbox = __esm({
         this.files = {
           write: async (filePath, content) => {
             const resolved = this.resolvePath(filePath);
-            await import_node_fs8.promises.mkdir(import_node_path7.default.dirname(resolved), { recursive: true });
+            await import_node_fs9.promises.mkdir(import_node_path8.default.dirname(resolved), { recursive: true });
             const data = typeof content === "string" ? content : content instanceof ArrayBuffer ? Buffer.from(content) : content;
-            await import_node_fs8.promises.writeFile(resolved, data);
+            await import_node_fs9.promises.writeFile(resolved, data);
           },
           read: async (filePath) => {
-            return import_node_fs8.promises.readFile(this.resolvePath(filePath), "utf8");
+            return import_node_fs9.promises.readFile(this.resolvePath(filePath), "utf8");
           },
           remove: async (filePath) => {
-            await import_node_fs8.promises.rm(this.resolvePath(filePath), {
+            await import_node_fs9.promises.rm(this.resolvePath(filePath), {
               recursive: true,
               force: true
             });
@@ -70413,8 +70539,8 @@ var init_local_sandbox = __esm({
           list: async (dirPath = ".") => {
             const resolved = this.resolvePath(dirPath);
             try {
-              const entries = await import_node_fs8.promises.readdir(resolved, { withFileTypes: true });
-              return entries.filter((e) => e.isFile()).map((e) => ({ name: import_node_path7.default.join(resolved, e.name) }));
+              const entries = await import_node_fs9.promises.readdir(resolved, { withFileTypes: true });
+              return entries.filter((e) => e.isFile()).map((e) => ({ name: import_node_path8.default.join(resolved, e.name) }));
             } catch {
               return [];
             }
@@ -70430,12 +70556,15 @@ var init_local_sandbox = __esm({
           this.shellFlag = shell2.shellFlag;
         }
         const explicit = opts?.workdir || process.env.CLI_WORKDIR;
-        const base = explicit || import_node_path7.default.join(process.cwd(), "SPRIT");
+        const base = explicit || import_node_path8.default.join(process.cwd(), "SPRIT");
         this.autoCreated = !explicit;
-        this.workdir = import_node_path7.default.resolve(base).replace(/\\/g, "/");
+        this.workdir = import_node_path8.default.resolve(base).replace(/\\/g, "/");
+        this.linux = detectLinux(this.platform);
+        this.root = typeof process.getuid === "function" ? process.getuid() === 0 : false;
+        this.unrestricted = computeUnrestricted(this.platform);
       }
       async init() {
-        await import_node_fs8.promises.mkdir(this.workdir, { recursive: true });
+        await import_node_fs9.promises.mkdir(this.workdir, { recursive: true });
         await this.seedReconToolkit();
         await this.seedAuditToolkit();
       }
@@ -70452,8 +70581,8 @@ var init_local_sandbox = __esm({
           const assetsDir = (0, import_node_url.fileURLToPath)(
             new URL("../assets/recon", import_meta.url)
           );
-          const destDir = import_node_path7.default.join(this.workdir, "recon");
-          await import_node_fs8.promises.mkdir(destDir, { recursive: true });
+          const destDir = import_node_path8.default.join(this.workdir, "recon");
+          await import_node_fs9.promises.mkdir(destDir, { recursive: true });
           const files = [
             ["recon_deep.py", true],
             ["recon_common.py", true],
@@ -70469,17 +70598,17 @@ var init_local_sandbox = __esm({
             ["scope.txt", false]
           ];
           for (const [name25, overwrite] of files) {
-            const dest = import_node_path7.default.join(destDir, name25);
+            const dest = import_node_path8.default.join(destDir, name25);
             if (!overwrite) {
               try {
-                await import_node_fs8.promises.access(dest);
+                await import_node_fs9.promises.access(dest);
                 continue;
               } catch {
               }
             }
             try {
-              const content = await import_node_fs8.promises.readFile(import_node_path7.default.join(assetsDir, name25));
-              await import_node_fs8.promises.writeFile(dest, content);
+              const content = await import_node_fs9.promises.readFile(import_node_path8.default.join(assetsDir, name25));
+              await import_node_fs9.promises.writeFile(dest, content);
             } catch {
             }
           }
@@ -70497,12 +70626,12 @@ var init_local_sandbox = __esm({
           const assetsDir = (0, import_node_url.fileURLToPath)(
             new URL("../assets/audit", import_meta.url)
           );
-          const destDir = import_node_path7.default.join(this.workdir, "audit");
-          await import_node_fs8.promises.mkdir(destDir, { recursive: true });
+          const destDir = import_node_path8.default.join(this.workdir, "audit");
+          await import_node_fs9.promises.mkdir(destDir, { recursive: true });
           for (const name25 of ["project_audit.py", "README.md"]) {
             try {
-              const content = await import_node_fs8.promises.readFile(import_node_path7.default.join(assetsDir, name25));
-              await import_node_fs8.promises.writeFile(import_node_path7.default.join(destDir, name25), content);
+              const content = await import_node_fs9.promises.readFile(import_node_path8.default.join(assetsDir, name25));
+              await import_node_fs9.promises.writeFile(import_node_path8.default.join(destDir, name25), content);
             } catch {
             }
           }
@@ -70521,6 +70650,30 @@ var init_local_sandbox = __esm({
       isWindows() {
         return import_node_os3.default.platform() === "win32" && !this.isBashLikeShell();
       }
+      /** True on any Linux host — unlocks the full-power sandbox context. */
+      isLinux() {
+        return this.platform === "linux";
+      }
+      /** True when /etc/os-release identifies this host as Kali Linux. */
+      isKali() {
+        return this.linux.isKali;
+      }
+      /** Pretty distro name (PRETTY_NAME/NAME), e.g. "Kali GNU/Linux Rolling". */
+      getDistroName() {
+        return this.linux.distroName;
+      }
+      /** True when the session runs as uid 0 (no sudo needed). */
+      isRoot() {
+        return this.root;
+      }
+      /**
+       * True when the native http_request tool and the recon toolkit run WITHOUT
+       * the scope.txt allowlist gate. Defaults to ON for Linux ("tudo liberado"),
+       * OFF elsewhere; flip with CLAWFAST_UNRESTRICTED / CLAWFAST_STRICT_SCOPE.
+       */
+      isUnrestricted() {
+        return this.unrestricted;
+      }
       supportsPty() {
         return false;
       }
@@ -70529,10 +70682,12 @@ var init_local_sandbox = __esm({
         const shellInvocation = `${this.shellBin} ${this.shellFlag}`;
         const windowsNotes = import_node_os3.default.platform() === "win32" ? this.getWindowsShellNotes() : "";
         const pentestToolingNotes = this.getLocalPentestToolingNotes();
-        return `You are executing commands directly on the user's local host (${platform}, hostname "${import_node_os3.default.hostname()}") in DANGEROUS MODE: there is NO sandbox isolation.
+        const linuxPowerNotes = this.isLinux() ? this.getLinuxPowerNotes() : "";
+        const hostLabel = this.isLinux() ? `${this.getDistroName()} ${import_node_os3.default.arch()}, ${this.root ? "root" : "user"}@${import_node_os3.default.hostname()}` : `${platform}, hostname "${import_node_os3.default.hostname()}"`;
+        return `You are executing commands directly on the user's local host (${hostLabel}) in DANGEROUS MODE: there is NO sandbox isolation. This is the operator's OWN machine and they have authorized you to use its FULL power.
 Commands are invoked via \`${shellInvocation}\`. The working directory is "${this.workdir}".
 Be careful: file system, network and process operations all affect the real host system.
-A real human user is present at this terminal. When a command prompts for input \u2014 a password, a y/n confirmation, an interactive installer, a REPL prompt (python, mysql, ftp), an ssh/sudo prompt, etc. \u2014 the user types the answer and it is forwarded to the command's stdin. So you MAY run commands that prompt for input; just run the command and the user will respond when asked. Prefer non-interactive flags (like --yes) when they exist and are convenient, but interactive prompts are fully supported. Only full-screen / raw-mode TUI programs (vim, top, htop, less without \`| cat\`) are unsupported, since there is no PTY \u2014 avoid those and use line-oriented alternatives.
+A real human user is present at this terminal. When a command prompts for input \u2014 a password, a y/n confirmation, an interactive installer, a REPL prompt (python, mysql, ftp), an ssh/sudo prompt, an account/registration step, etc. \u2014 the user types the answer and it is forwarded to the command's stdin. So you MAY run commands that prompt for input; just run the command and the user will respond when asked. Prefer non-interactive flags (like --yes) when they exist and are convenient, but interactive prompts are fully supported. Only full-screen / raw-mode TUI programs (vim, top, htop, less without \`| cat\`) are unsupported, since there is no PTY \u2014 avoid those and use line-oriented alternatives.
 
 WORKSPACE - STRICT SCOPE:
 - Your entire workspace is the directory: ${this.workdir}
@@ -70549,7 +70704,28 @@ EDITING SCRIPTS:
 - When a script you wrote produces an error, fix the specific broken part.
 - Do not recreate or fully overwrite a file just to fix one error.
 - Use write only to create a brand-new file, or when changes to a short file are extensive.
-- Iterate on your own existing files across steps; treat them as persistent.${windowsNotes}${pentestToolingNotes}`;
+- Iterate on your own existing files across steps; treat them as persistent.${linuxPowerNotes}${windowsNotes}${pentestToolingNotes}`;
+      }
+      /**
+       * The Linux "full-power" block: tells the model it is on a real Linux/Kali box
+       * with no capability artificially withheld, how root/sudo works here, that
+       * Python and scanning are fully unlocked, and — critically — the protocol for
+       * relaying a Kali tool's interactive prompt to the human and forwarding their
+       * typed answer back to the program's stdin.
+       */
+      getLinuxPowerNotes() {
+        const who = this.root ? "root (uid 0) \u2014 no sudo needed; you can install packages, bind low ports, sniff, and read/write anywhere" : "a normal user \u2014 prefix privileged actions with sudo; the human will type the sudo password when prompted";
+        const apt = this.root ? "apt" : "sudo apt";
+        const kaliLine = this.isKali() ? "This is Kali Linux: treat the full offensive toolset as installed and ready." : "Treat this as a capable Linux pentest host; install whatever you need.";
+        return `
+
+LINUX FULL-POWER MODE (${this.getDistroName()}, running as ${who}):
+- ${kaliLine} Everything the OS permits, you may do \u2014 no capability is off-limits because of the platform. This box belongs to the operator and full use is authorized.
+- You have a REAL shell with REAL reach: full filesystem, raw sockets, package managers (\`${apt} install -y <pkg>\`, \`pip install\`, \`pipx install\`, \`go install\`), service control (\`systemctl\`), and the entire installed toolset.
+- Python is 100% unlocked: \`python3\`, \`pip\`, \`venv\`, any library. Build and run whatever the task needs \u2014 there is no Python restriction here.
+- Scanning is fully allowed: port scans, host/network range sweeps, service/version detection, and number/identifier enumeration (IP ranges, port ranges, phone-number OSINT with phoneinfoga, etc.). Pick the right tool (nmap, masscan, the recon/ toolkit) and apply reasonable OPSEC throttling on noisy work.
+- KALI / INTERACTIVE PROMPTS \u2014 IMPORTANT: many tools and installers stop to ask for input mid-run (msfconsole, an \`apt\` confirmation, an account/registration/sign-up step, an ssh/sudo/password prompt, a y/n, a setup wizard, a REPL). A real human is at this terminal. When the underlying program is waiting for input, STOP and tell the user in ONE short line EXACTLY what the program ("o kali") is asking and what to type \u2014 e.g. "o kali est\xE1 pedindo o nome de usu\xE1rio da conta; digite ele aqui". The user types the answer here, the CLI forwards it to the program's stdin, and you continue. You drive the tool; the human supplies the human answers.
+- Account creation / sign-ups a tool requires: run the step, surface each prompt to the user, forward their typed answers \u2014 NEVER invent credentials, never skip the human, never fabricate the tool's output.${this.unrestricted ? "\n- UNRESTRICTED scope is ACTIVE: the native http_request tool and the recon/ Python modules run WITHOUT the scope.txt allowlist (pass `--allow-out-of-scope` to the recon scripts). Still act only against targets the operator pointed you at." : ""}`;
       }
       getOsContext() {
         return this.getSandboxContext();
@@ -70572,6 +70748,10 @@ EDITING SCRIPTS:
       getWorkdir() {
         return this.workdir;
       }
+      /** The shell binary + exec flag this sandbox runs commands through. */
+      getShell() {
+        return { bin: this.shellBin, flag: this.shellFlag };
+      }
       getHost(port) {
         return `localhost:${port}`;
       }
@@ -70605,9 +70785,9 @@ EDITING SCRIPTS:
         if (!this.autoCreated) return null;
         const keep = (process.env.CLAWFAST_KEEP_SPRIT || "").trim().toLowerCase();
         if (keep === "1" || keep === "true" || keep === "yes") return null;
-        if (import_node_path7.default.basename(this.workdir).toUpperCase() !== "SPRIT") return null;
+        if (import_node_path8.default.basename(this.workdir).toUpperCase() !== "SPRIT") return null;
         try {
-          await import_node_fs8.promises.rm(this.workdir, { recursive: true, force: true });
+          await import_node_fs9.promises.rm(this.workdir, { recursive: true, force: true });
           return this.workdir;
         } catch {
           return null;
@@ -70658,15 +70838,15 @@ EDITING SCRIPTS:
         }
       }
       resolvePath(p) {
-        if (import_node_path7.default.isAbsolute(p)) return p;
-        return import_node_path7.default.join(this.workdir, p);
+        if (import_node_path8.default.isAbsolute(p)) return p;
+        return import_node_path8.default.join(this.workdir, p);
       }
       isBashLikeShell() {
-        const base = import_node_path7.default.basename(this.shellBin).toLowerCase();
+        const base = import_node_path8.default.basename(this.shellBin).toLowerCase();
         return base === "bash" || base === "bash.exe" || base === "sh";
       }
       isCmdShell() {
-        const base = import_node_path7.default.basename(this.shellBin).toLowerCase();
+        const base = import_node_path8.default.basename(this.shellBin).toLowerCase();
         return base === "cmd" || base === "cmd.exe";
       }
       getWindowsShellNotes() {
@@ -70708,12 +70888,14 @@ LOCAL PENTEST TOOLING:
 - In cmd.exe, do not use raw Bash constructs like \`export\`, \`$(pwd)\`, heredocs, or single-quote escaping. Wrap those commands with \`wsl.exe ... bash -lc "..."\` or rewrite them in cmd syntax.
 - For OWASP ZAP on Windows without WSL, prefer Docker: \`docker pull ghcr.io/zaproxy/zaproxy:stable\` and use a cmd.exe volume mount like \`-v "%cd%:/zap/wrk/:rw"\`.`;
         }
+        const sudo = this.root ? "" : "sudo ";
         return `
 
-LOCAL PENTEST TOOLING:
-- Prefer already-installed local tools, but verify first with \`command -v zaproxy nikto nuclei docker\`.
-- On Kali/Debian hosts, install missing scanners with \`sudo apt update && sudo apt install -y zaproxy nikto nuclei\`; if the session is root, omit \`sudo\`.
-- For OWASP ZAP Docker scans, map the current working directory with \`-v "$(pwd):/zap/wrk/:rw"\` so reports are preserved.`;
+LOCAL PENTEST TOOLING (${this.isLinux() ? this.getDistroName() : "Linux"}):
+- Treat the full Kali/Debian arsenal as available; verify a specific tool with \`command -v <tool>\` and install anything missing with \`${sudo}apt update && ${sudo}apt install -y <pkg>\` (or \`pipx install\` / \`pip install\`).
+- Common arsenal: nmap, masscan, nikto, nuclei, sqlmap, wpscan, gobuster / ffuf / feroxbuster, hydra, john, hashcat, metasploit (\`msfconsole\`), netcat, whois, dig, dnsrecon, amass, subfinder, theHarvester, wfuzz, zaproxy, burpsuite, responder, enum4linux, smbclient, phoneinfoga.
+- No PTY here: prefer line-oriented invocation \u2014 \`msfconsole -q -x "use ...; set ...; run; exit"\`, \`sqlmap --batch\`, and pipe pagers through \`| cat\`. Interactive prompts still work (the human types answers), but avoid full-screen TUIs.
+- For OWASP ZAP / containerized scans, Docker works too: \`docker run ... -v "$(pwd):/zap/wrk/:rw" ...\` so reports are preserved.`;
       }
       getWslWorkdir() {
         const match = this.workdir.match(/^([A-Za-z]):\/(.*)$/);
@@ -70721,6 +70903,10 @@ LOCAL PENTEST TOOLING:
         return `/mnt/${match[1].toLowerCase()}/${match[2]}`;
       }
     };
+    truthyEnv = (name25) => {
+      const v = (process.env[name25] || "").trim().toLowerCase();
+      return v === "1" || v === "true" || v === "yes" || v === "on";
+    };
   }
 });
 
@@ -70763,6 +70949,577 @@ var init_local_sandbox_manager = __esm({
   }
 });
 
+// src/message-tail.ts
+function ensureGeneratableTail(messages, continuation = "continue") {
+  const last = messages[messages.length - 1];
+  if (last && last.role === "assistant") {
+    messages.push({ role: "user", content: continuation });
+  }
+  return messages;
+}
+var init_message_tail = __esm({
+  "src/message-tail.ts"() {
+    "use strict";
+  }
+});
+
+// src/memory.ts
+function trimHistoryForSave(history, max = MAX_SAVED_MESSAGES) {
+  let slice = history.length > max ? history.slice(-max) : history.slice();
+  let start = 0;
+  while (start < slice.length && slice[start].role !== "user") start++;
+  slice = start < slice.length ? slice.slice(start) : [];
+  return slice;
+}
+var import_node_fs10, import_node_fs11, import_node_path9, import_node_crypto, FACTS_FILE, CONVO_FILE, MAX_SAVED_MESSAGES, MAX_FACTS, MAX_RENDER_PER_KIND, memoryEnabled, slugForScope, isFact, EngagementMemory;
+var init_memory = __esm({
+  "src/memory.ts"() {
+    "use strict";
+    import_node_fs10 = require("node:fs");
+    import_node_fs11 = __toESM(require("node:fs"));
+    import_node_path9 = __toESM(require("node:path"));
+    import_node_crypto = __toESM(require("node:crypto"));
+    init_config();
+    FACTS_FILE = "facts.json";
+    CONVO_FILE = "conversation.json";
+    MAX_SAVED_MESSAGES = 80;
+    MAX_FACTS = 500;
+    MAX_RENDER_PER_KIND = 50;
+    memoryEnabled = () => (process.env.CLAWFAST_MEMORY || "").trim().toLowerCase() !== "off";
+    slugForScope = (scope) => {
+      const base = import_node_path9.default.basename(scope).toLowerCase().replace(/[^a-z0-9]+/g, "-").replace(/^-+|-+$/g, "").slice(0, 32) || "scope";
+      const hash2 = import_node_crypto.default.createHash("sha1").update(import_node_path9.default.resolve(scope)).digest("hex").slice(0, 8);
+      return `${base}-${hash2}`;
+    };
+    isFact = (x) => !!x && typeof x.id === "string" && typeof x.kind === "string" && typeof x.title === "string";
+    EngagementMemory = class {
+      constructor(scope) {
+        this.facts = [];
+        this.seq = 0;
+        this.enabled = memoryEnabled();
+        this.dir = import_node_path9.default.join(clawfastHome(), "memory", slugForScope(scope));
+        if (this.enabled) this.loadFactsSync();
+      }
+      loadFactsSync() {
+        try {
+          const parsed = JSON.parse(
+            import_node_fs11.default.readFileSync(import_node_path9.default.join(this.dir, FACTS_FILE), "utf8")
+          );
+          if (Array.isArray(parsed)) {
+            this.facts = parsed.filter(isFact);
+            for (const f of this.facts) {
+              const n = Number(String(f.id).replace(/^F-/, ""));
+              if (Number.isFinite(n) && n > this.seq) this.seq = n;
+            }
+          }
+        } catch {
+        }
+      }
+      async persistFacts() {
+        if (!this.enabled) return;
+        try {
+          await import_node_fs10.promises.mkdir(this.dir, { recursive: true });
+          await import_node_fs10.promises.writeFile(
+            import_node_path9.default.join(this.dir, FACTS_FILE),
+            JSON.stringify(this.facts, null, 2),
+            "utf8"
+          );
+        } catch {
+        }
+      }
+      list(filter3) {
+        return this.facts.filter(
+          (f) => (!filter3?.kind || f.kind === filter3.kind) && (!filter3?.target || f.target === filter3.target)
+        );
+      }
+      async add(input) {
+        const key = (f) => `${f.kind}|${f.title}|${f.target || ""}`.toLowerCase();
+        const existing = this.facts.find((f) => key(f) === key(input));
+        if (existing) {
+          if (input.detail !== void 0) existing.detail = input.detail;
+          if (input.source !== void 0) existing.source = input.source;
+          existing.ts = Date.now();
+          await this.persistFacts();
+          return existing;
+        }
+        const fact = {
+          id: `F-${String(++this.seq).padStart(3, "0")}`,
+          kind: input.kind,
+          title: input.title,
+          detail: input.detail,
+          target: input.target,
+          source: input.source,
+          ts: Date.now()
+        };
+        this.facts.push(fact);
+        if (this.facts.length > MAX_FACTS) {
+          this.facts = this.facts.slice(-MAX_FACTS);
+        }
+        await this.persistFacts();
+        return fact;
+      }
+      async update(id, patch) {
+        const f = this.facts.find((x) => x.id === id);
+        if (!f) return null;
+        const target = f;
+        for (const [k, v] of Object.entries(patch)) {
+          if (v !== void 0 && k !== "id") target[k] = v;
+        }
+        f.ts = Date.now();
+        await this.persistFacts();
+        return f;
+      }
+      async remove(id) {
+        const before = this.facts.length;
+        this.facts = this.facts.filter((f) => f.id !== id);
+        if (this.facts.length === before) return false;
+        await this.persistFacts();
+        return true;
+      }
+      /** Compact `<engagement_memory>` block for the system prompt, or "" if empty. */
+      renderSection() {
+        if (!this.enabled || this.facts.length === 0) return "";
+        const byKind = /* @__PURE__ */ new Map();
+        for (const f of this.facts) {
+          const arr = byKind.get(f.kind) || [];
+          arr.push(f);
+          byKind.set(f.kind, arr);
+        }
+        const lines = [];
+        for (const [kind, arr] of byKind) {
+          lines.push(`[${kind}]`);
+          for (const f of arr.slice(-MAX_RENDER_PER_KIND)) {
+            lines.push(
+              `- ${f.id} ${f.title}` + (f.target ? ` (${f.target})` : "") + (f.detail ? `: ${f.detail}` : "")
+            );
+          }
+        }
+        return `
+
+<engagement_memory>
+Mem\xF3ria de engajamento PERSISTENTE deste alvo/projeto \u2014 sobrevive \xE0 troca de modelo E ao rein\xEDcio do CLI. Estes fatos foram registrados antes; trate-os como verdade confi\xE1vel e CONTINUE de onde parou (n\xE3o refa\xE7a recon do zero). Para gravar algo novo, use a ferramenta \`memory\` (action add).
+${lines.join("\n")}
+</engagement_memory>`;
+      }
+      // ── Conversation persistence ────────────────────────────────────────────────
+      saveConversation(history) {
+        if (!this.enabled) return;
+        try {
+          import_node_fs11.default.mkdirSync(this.dir, { recursive: true });
+          import_node_fs11.default.writeFileSync(
+            import_node_path9.default.join(this.dir, CONVO_FILE),
+            JSON.stringify(trimHistoryForSave(history)),
+            "utf8"
+          );
+        } catch {
+        }
+      }
+      loadConversation() {
+        if (!this.enabled) return [];
+        try {
+          const parsed = JSON.parse(
+            import_node_fs11.default.readFileSync(import_node_path9.default.join(this.dir, CONVO_FILE), "utf8")
+          );
+          return Array.isArray(parsed) ? parsed : [];
+        } catch {
+          return [];
+        }
+      }
+      clearConversation() {
+        try {
+          import_node_fs11.default.rmSync(import_node_path9.default.join(this.dir, CONVO_FILE), { force: true });
+        } catch {
+        }
+      }
+    };
+  }
+});
+
+// src/tools/memory-tool.ts
+var createMemory;
+var init_memory_tool = __esm({
+  "src/tools/memory-tool.ts"() {
+    "use strict";
+    init_dist5();
+    init_zod();
+    createMemory = (deps) => {
+      const { memory } = deps;
+      return tool({
+        description: `Persistent engagement memory for THIS target/project. Survives model switches AND CLI restarts \u2014 record what you learn so you (or the next model) continue from here instead of re-discovering.
+
+WHAT TO STORE (action add): hosts/IPs, open services + versions, credentials/tokens, confirmed vulns, tech stack, and especially what WORKED or what was BLOCKED (WAF, rate limit, auth). kind + title are required; detail/target/source optional.
+
+ACTIONS:
+- add    \u2014 store a fact.
+- update \u2014 change a fact by id.
+- list   \u2014 read stored facts (optional kind/target filter). Do this before re-running recon you may have already done.
+- forget \u2014 remove a fact by id.`,
+        inputSchema: external_exports.object({
+          brief: external_exports.string().describe("A one-sentence preamble describing the purpose of this call."),
+          action: external_exports.enum(["add", "update", "list", "forget"]),
+          kind: external_exports.string().optional().describe("host|service|cred|vuln|tech|note|url|\u2026 (for add, or list filter)"),
+          title: external_exports.string().optional().describe("Short label (required for add)."),
+          detail: external_exports.string().optional().describe("Longer detail / evidence."),
+          target: external_exports.string().optional().describe("Host/URL this fact is about."),
+          source: external_exports.string().optional().describe("Where it came from."),
+          id: external_exports.string().optional().describe("Fact id (required for update/forget).")
+        }),
+        execute: async (input) => {
+          try {
+            switch (input.action) {
+              case "add": {
+                if (!input.kind || !input.title) {
+                  return "Erro: 'kind' e 'title' s\xE3o obrigat\xF3rios para add.";
+                }
+                const f = await memory.add({
+                  kind: input.kind,
+                  title: input.title,
+                  detail: input.detail,
+                  target: input.target,
+                  source: input.source
+                });
+                return `Mem\xF3ria gravada: ${f.id} [${f.kind}] ${f.title}`;
+              }
+              case "update": {
+                if (!input.id) return "Erro: 'id' \xE9 obrigat\xF3rio para update.";
+                const f = await memory.update(input.id, {
+                  kind: input.kind,
+                  title: input.title,
+                  detail: input.detail,
+                  target: input.target,
+                  source: input.source
+                });
+                return f ? `Atualizado: ${f.id}` : `N\xE3o achei o fato ${input.id}.`;
+              }
+              case "forget": {
+                if (!input.id) return "Erro: 'id' \xE9 obrigat\xF3rio para forget.";
+                return await memory.remove(input.id) ? `Removido: ${input.id}` : `N\xE3o achei o fato ${input.id}.`;
+              }
+              case "list":
+              default: {
+                const facts = memory.list({
+                  kind: input.kind,
+                  target: input.target
+                });
+                if (!facts.length) {
+                  return "Mem\xF3ria vazia (nenhum fato gravado ainda).";
+                }
+                return facts.map(
+                  (f) => `${f.id} [${f.kind}] ${f.title}` + (f.target ? ` (${f.target})` : "") + (f.detail ? `: ${f.detail}` : "")
+                ).join("\n");
+              }
+            }
+          } catch (err) {
+            return `Erro na mem\xF3ria: ${err instanceof Error ? err.message : String(err)}`;
+          }
+        }
+      });
+    };
+  }
+});
+
+// src/sessions.ts
+function appendRing(text2, cursor, chunk, max = MAX_BUFFER_CHARS) {
+  let next = text2 + chunk;
+  if (next.length <= max) return { text: next, cursor, dropped: false };
+  const drop = next.length - max;
+  next = next.slice(drop);
+  return { text: next, cursor: Math.max(0, cursor - drop), dropped: true };
+}
+var import_node_child_process3, import_node_os4, MAX_SESSIONS, MAX_BUFFER_CHARS, SESSION_IDLE_MS, SESSION_LIFETIME_MS, shortId, sleep3, LocalSessionManager;
+var init_sessions = __esm({
+  "src/sessions.ts"() {
+    "use strict";
+    import_node_child_process3 = require("node:child_process");
+    import_node_os4 = __toESM(require("node:os"));
+    MAX_SESSIONS = 10;
+    MAX_BUFFER_CHARS = 2e5;
+    SESSION_IDLE_MS = 15 * 6e4;
+    SESSION_LIFETIME_MS = 60 * 6e4;
+    shortId = (taken) => {
+      for (let i = 0; i < 6; i++) {
+        const id = Math.random().toString(36).slice(2, 8);
+        if (!taken.has(id)) return id;
+      }
+      return `${Date.now().toString(36).slice(-6)}`;
+    };
+    sleep3 = (ms, signal) => new Promise((resolve2) => {
+      if (ms <= 0 || signal?.aborted) return resolve2();
+      const t = setTimeout(resolve2, ms);
+      signal?.addEventListener(
+        "abort",
+        () => {
+          clearTimeout(t);
+          resolve2();
+        },
+        { once: true }
+      );
+    });
+    LocalSessionManager = class {
+      constructor(opts) {
+        this.opts = opts;
+        this.sessions = /* @__PURE__ */ new Map();
+      }
+      /**
+       * Open a session. With `command`, the program runs through the shell
+       * (`shell -c "<command>"`) with its stdin held open. Without it, a bare
+       * interactive shell is spawned. Returns the new session id.
+       */
+      open(command, cwd) {
+        if (this.sessions.size >= MAX_SESSIONS) {
+          return { id: "", error: `limite de ${MAX_SESSIONS} sess\xF5es abertas atingido \u2014 feche alguma antes.` };
+        }
+        const id = shortId(new Set(this.sessions.keys()));
+        const args = command ? [this.opts.shellFlag, command] : [];
+        let child;
+        try {
+          child = (0, import_node_child_process3.spawn)(this.opts.shell, args, {
+            cwd: cwd || this.opts.cwd,
+            env: process.env,
+            stdio: ["pipe", "pipe", "pipe"],
+            windowsHide: true
+          });
+        } catch (err) {
+          return { id: "", error: err instanceof Error ? err.message : String(err) };
+        }
+        const now2 = Date.now();
+        const session = {
+          id,
+          command: command || `${this.opts.shell} (shell interativo)`,
+          child,
+          output: "",
+          readCursor: 0,
+          truncated: false,
+          createdAt: now2,
+          lastActivity: now2,
+          alive: true,
+          exitCode: null,
+          idleTimer: null,
+          lifetimeTimer: null
+        };
+        const onChunk = (d) => this.append(session, d.toString());
+        child.stdout?.on("data", onChunk);
+        child.stderr?.on("data", onChunk);
+        child.on("error", (err) => {
+          this.append(session, `
+[erro do processo: ${err.message}]
+`);
+        });
+        child.on("close", (code, sig) => {
+          session.alive = false;
+          session.exitCode = code != null ? code : sig ? 137 : null;
+          this.clearTimers(session);
+        });
+        this.armIdle(session);
+        session.lifetimeTimer = setTimeout(
+          () => this.close(id),
+          SESSION_LIFETIME_MS
+        );
+        session.lifetimeTimer.unref?.();
+        this.sessions.set(id, session);
+        return { id };
+      }
+      /** Write input to a session's stdin (appends a newline unless `enter` is false). */
+      send(id, data, enter = true) {
+        const s = this.sessions.get(id);
+        if (!s) return { ok: false, error: `sess\xE3o ${id} n\xE3o existe.` };
+        if (!s.alive || !s.child.stdin?.writable) {
+          return { ok: false, error: `sess\xE3o ${id} n\xE3o est\xE1 mais ativa.` };
+        }
+        try {
+          s.child.stdin.write(enter && !data.endsWith("\n") ? `${data}
+` : data);
+          s.lastActivity = Date.now();
+          this.armIdle(s);
+          return { ok: true };
+        } catch (err) {
+          return { ok: false, error: err instanceof Error ? err.message : String(err) };
+        }
+      }
+      /**
+       * Read new output, waiting until it goes quiet (no new bytes for `quietMs`)
+       * or `maxMs` elapses, or the process exits. Returns the delta since the last
+       * read.
+       */
+      async readUntilQuiet(id, opts = {}) {
+        const s = this.sessions.get(id);
+        if (!s) return `[sess\xE3o ${id} n\xE3o existe]`;
+        const quietMs = opts.quietMs ?? 500;
+        const maxMs = opts.maxMs ?? 15e3;
+        const start = Date.now();
+        let lastLen = s.output.length;
+        while (Date.now() - start < maxMs) {
+          await sleep3(quietMs, opts.signal);
+          if (opts.signal?.aborted) break;
+          if (!s.alive) break;
+          if (s.output.length === lastLen) break;
+          lastLen = s.output.length;
+        }
+        return this.readDelta(id);
+      }
+      /** Return output appended since the last read, advancing the cursor. */
+      readDelta(id) {
+        const s = this.sessions.get(id);
+        if (!s) return `[sess\xE3o ${id} n\xE3o existe]`;
+        const delta = s.output.slice(s.readCursor);
+        s.readCursor = s.output.length;
+        return delta;
+      }
+      info(id) {
+        const s = this.sessions.get(id);
+        if (!s) return null;
+        return {
+          id: s.id,
+          command: s.command,
+          alive: s.alive,
+          exitCode: s.exitCode,
+          ageMs: Date.now() - s.createdAt,
+          truncated: s.truncated
+        };
+      }
+      list() {
+        return [...this.sessions.keys()].map((id) => this.info(id)).filter((x) => x !== null);
+      }
+      close(id) {
+        const s = this.sessions.get(id);
+        if (!s) return false;
+        this.clearTimers(s);
+        this.killTree(s.child);
+        this.sessions.delete(id);
+        return true;
+      }
+      closeAll() {
+        for (const id of [...this.sessions.keys()]) this.close(id);
+      }
+      append(s, chunk) {
+        const r2 = appendRing(s.output, s.readCursor, chunk);
+        s.output = r2.text;
+        s.readCursor = r2.cursor;
+        if (r2.dropped) s.truncated = true;
+        s.lastActivity = Date.now();
+        this.armIdle(s);
+      }
+      armIdle(s) {
+        if (s.idleTimer) clearTimeout(s.idleTimer);
+        s.idleTimer = setTimeout(() => this.close(s.id), SESSION_IDLE_MS);
+        s.idleTimer.unref?.();
+      }
+      clearTimers(s) {
+        if (s.idleTimer) clearTimeout(s.idleTimer);
+        if (s.lifetimeTimer) clearTimeout(s.lifetimeTimer);
+        s.idleTimer = null;
+        s.lifetimeTimer = null;
+      }
+      killTree(child) {
+        const pid = child.pid;
+        if (pid && import_node_os4.default.platform() === "win32") {
+          try {
+            (0, import_node_child_process3.spawn)("taskkill", ["/PID", String(pid), "/T", "/F"], {
+              windowsHide: true
+            });
+            return;
+          } catch {
+          }
+        }
+        try {
+          child.kill("SIGTERM");
+        } catch {
+        }
+      }
+    };
+  }
+});
+
+// src/tools/session-tool.ts
+var aliveTag, createTerminalSession;
+var init_session_tool = __esm({
+  "src/tools/session-tool.ts"() {
+    "use strict";
+    init_dist5();
+    init_zod();
+    aliveTag = (alive, exitCode) => alive ? "[sess\xE3o ativa]" : `[sess\xE3o encerrada${exitCode != null ? `, exit ${exitCode}` : ""}]`;
+    createTerminalSession = (deps) => {
+      const { sessions } = deps;
+      return tool({
+        description: `Drive a PERSISTENT interactive process that stays alive across calls (unlike run_terminal_cmd, a fresh shell each time). Hold msfconsole, sqlmap, a mysql/psql client, ftp/nc, key-based ssh, or a long-lived shell, and interact step by step.
+
+ACTIONS:
+- open  \u2014 start a session. With \`command\` it runs that program (e.g. "msfconsole -q", "mysql -h 10.0.0.5 -u root", "nc -lvnp 4444"); without it you get an interactive shell. Returns a session id + initial output.
+- send  \u2014 send \`input\` to the session's stdin (a newline is added unless enter=false), then return the new output once it settles.
+- read  \u2014 poll for new output of a running/long command (returns the delta since last read + whether it's still alive).
+- list  \u2014 list open sessions.
+- close \u2014 terminate a session.
+
+NO REAL TTY: programs that read a secret straight from /dev/tty (interactive ssh/sudo passwords, full-screen TUIs) won't see piped input \u2014 use sshpass, \`sudo -S\` (reads stdin), key auth, or non-interactive flags. Most CLIs (msfconsole, sqlmap, db clients, nc, ftp) work fine.`,
+        inputSchema: external_exports.object({
+          brief: external_exports.string().describe("A one-sentence preamble describing the purpose."),
+          action: external_exports.enum(["open", "send", "read", "list", "close"]),
+          id: external_exports.string().optional().describe("Session id (for send/read/close)."),
+          command: external_exports.string().optional().describe("Program to launch (for open). Omit for an interactive shell."),
+          input: external_exports.string().optional().describe("Text to send to stdin (for send)."),
+          enter: external_exports.boolean().optional().describe("Append a newline after input (default true)."),
+          timeout: external_exports.number().optional().describe("Max seconds to wait for output to settle (send/read; default 15).")
+        }),
+        execute: async (input, { abortSignal } = {}) => {
+          const maxMs = Math.max(1, input.timeout ?? 15) * 1e3;
+          switch (input.action) {
+            case "open": {
+              const res = sessions.open(input.command);
+              if (res.error) return `Erro ao abrir sess\xE3o: ${res.error}`;
+              const out3 = await sessions.readUntilQuiet(res.id, {
+                quietMs: 500,
+                maxMs: Math.min(maxMs, 8e3),
+                signal: abortSignal
+              });
+              const info = sessions.info(res.id);
+              return `Sess\xE3o aberta: ${res.id}
+${aliveTag(info?.alive ?? true, info?.exitCode ?? null)}
+${out3 || "(sem sa\xEDda inicial)"}`;
+            }
+            case "send": {
+              if (!input.id) return "Erro: 'id' \xE9 obrigat\xF3rio para send.";
+              if (input.input == null) return "Erro: 'input' \xE9 obrigat\xF3rio para send.";
+              const sent = sessions.send(input.id, input.input, input.enter ?? true);
+              if (!sent.ok) return `Erro ao enviar: ${sent.error}`;
+              const out3 = await sessions.readUntilQuiet(input.id, {
+                quietMs: 500,
+                maxMs,
+                signal: abortSignal
+              });
+              const info = sessions.info(input.id);
+              return `${aliveTag(info?.alive ?? false, info?.exitCode ?? null)}${info?.truncated ? " [sa\xEDda truncada \u2014 buffer cheio]" : ""}
+${out3 || "(sem nova sa\xEDda)"}`;
+            }
+            case "read": {
+              if (!input.id) return "Erro: 'id' \xE9 obrigat\xF3rio para read.";
+              const out3 = await sessions.readUntilQuiet(input.id, {
+                quietMs: 600,
+                maxMs,
+                signal: abortSignal
+              });
+              const info = sessions.info(input.id);
+              if (!info) return `Sess\xE3o ${input.id} n\xE3o existe.`;
+              return `${aliveTag(info.alive, info.exitCode)}
+${out3 || "(sem nova sa\xEDda)"}`;
+            }
+            case "list": {
+              const list = sessions.list();
+              if (!list.length) return "Nenhuma sess\xE3o aberta.";
+              return list.map(
+                (s) => `${s.id} \u2014 ${s.command} \u2014 ${aliveTag(s.alive, s.exitCode)} \u2014 ${Math.round(s.ageMs / 1e3)}s`
+              ).join("\n");
+            }
+            case "close": {
+              if (!input.id) return "Erro: 'id' \xE9 obrigat\xF3rio para close.";
+              return sessions.close(input.id) ? `Sess\xE3o ${input.id} encerrada.` : `Sess\xE3o ${input.id} n\xE3o existe.`;
+            }
+          }
+        }
+      });
+    };
+  }
+});
+
 // src/render.ts
 function createRenderer() {
   let lastKind = null;
@@ -70833,11 +71590,11 @@ function formatToolCall(toolName, input) {
     case "run_terminal_cmd": {
       const cmd = String(i.command ?? "").trim();
       const bg = i.is_background ? `${C3.dim} (background)${C3.reset}` : "";
-      return ` ${C3.cyan}\u276F${C3.reset} ${C3.cyan}exec${C3.reset}  ${C3.bold}${truncate3(cmd, 400)}${C3.reset}${bg}`;
+      return ` ${C3.cyan}\u276F${C3.reset} ${C3.cyan}exec${C3.reset}  ${C3.bold}${truncate4(cmd, 400)}${C3.reset}${bg}`;
     }
     case "file": {
-      const path12 = String(i.path ?? "");
-      const brief = i.brief ? `${C3.dim} \u2014 ${truncate3(String(i.brief))}${C3.reset}` : "";
+      const path14 = String(i.path ?? "");
+      const brief = i.brief ? `${C3.dim} \u2014 ${truncate4(String(i.brief))}${C3.reset}` : "";
       const map2 = {
         write: [C3.green, "criar  "],
         edit: [C3.yellow, "editar "],
@@ -70850,7 +71607,7 @@ function formatToolCall(toolName, input) {
         C3.blue,
         action ? `${action} `.padEnd(7) : "arquivo"
       ];
-      const target = path12 ? `${C3.bold}${path12}${C3.reset}` : "";
+      const target = path14 ? `${C3.bold}${path14}${C3.reset}` : "";
       return ` ${col}\u276F${C3.reset} ${col}${verb}${C3.reset} ${target}${brief}`;
     }
     case "todo_write":
@@ -70860,23 +71617,40 @@ function formatToolCall(toolName, input) {
       const url2 = String(i.url ?? "");
       const fuzz = Array.isArray(i.fuzz) && i.fuzz.length;
       const tag = fuzz ? `${C3.dim} (fuzz \xD7${i.fuzz.length})${C3.reset}` : "";
-      return ` ${C3.cyan}\u276F${C3.reset} ${C3.cyan}http${C3.reset}  ${C3.bold}${method}${C3.reset} ${truncate3(url2, 360)}${tag}`;
+      return ` ${C3.cyan}\u276F${C3.reset} ${C3.cyan}http${C3.reset}  ${C3.bold}${method}${C3.reset} ${truncate4(url2, 360)}${tag}`;
     }
     case "findings": {
       const action = String(i.action ?? "");
-      const detail = action === "add" ? truncate3(String(i.title ?? ""), 80) : action === "update" ? `${String(i.id ?? "")} ${String(i.status ?? "")}`.trim() : "";
+      const detail = action === "add" ? truncate4(String(i.title ?? ""), 80) : action === "update" ? `${String(i.id ?? "")} ${String(i.status ?? "")}`.trim() : "";
       return ` ${C3.magenta}\u276F${C3.reset} ${C3.magenta}findings${C3.reset} ${C3.bold}${action}${C3.reset}${detail ? ` ${C3.dim}${detail}${C3.reset}` : ""}`;
     }
+    case "terminal_session": {
+      const action = String(i.action ?? "");
+      const detail = action === "open" ? truncate4(String(i.command ?? "shell"), 120) : action === "send" ? truncate4(String(i.input ?? ""), 120) : String(i.id ?? "");
+      return ` ${C3.cyan}\u276F${C3.reset} ${C3.cyan}sess\xE3o${C3.reset} ${C3.bold}${action}${C3.reset}${detail ? ` ${C3.dim}${detail}${C3.reset}` : ""}`;
+    }
+    case "memory": {
+      const action = String(i.action ?? "");
+      const detail = action === "add" || action === "update" ? truncate4(String(i.title ?? i.id ?? ""), 80) : action === "forget" ? String(i.id ?? "") : String(i.kind ?? i.target ?? "");
+      return ` ${C3.magenta}\u276F${C3.reset} ${C3.magenta}mem\xF3ria${C3.reset} ${C3.bold}${action}${C3.reset}${detail ? ` ${C3.dim}${detail}${C3.reset}` : ""}`;
+    }
     case "web_search": {
       const queries = Array.isArray(i.queries) ? i.queries.join(" | ") : "";
-      return ` ${C3.cyan}\u276F${C3.reset} ${C3.cyan}busca${C3.reset}  ${C3.dim}${truncate3(queries, 200)}${C3.reset}`;
+      return ` ${C3.cyan}\u276F${C3.reset} ${C3.cyan}busca${C3.reset}  ${C3.dim}${truncate4(queries, 200)}${C3.reset}`;
     }
     case "open_url": {
       const url2 = String(i.url ?? i.urls ?? "");
-      return ` ${C3.cyan}\u276F${C3.reset} ${C3.cyan}abrir${C3.reset}  ${C3.dim}${truncate3(url2, 280)}${C3.reset}`;
+      return ` ${C3.cyan}\u276F${C3.reset} ${C3.cyan}abrir${C3.reset}  ${C3.dim}${truncate4(url2, 280)}${C3.reset}`;
+    }
+    case "deep_research": {
+      const qs = Array.isArray(i.queries) ? i.queries.join(" | ") : "";
+      const nUrls = Array.isArray(i.urls) ? i.urls.length : 0;
+      const pages = i.max_pages != null ? `${i.max_pages}p` : "";
+      const detail = [qs, nUrls ? `${nUrls} url(s)` : "", pages].filter(Boolean).join(" ") || "(sem alvo)";
+      return ` ${C3.cyan}\u276F${C3.reset} ${C3.cyan}pesquisa${C3.reset}  ${C3.dim}${truncate4(detail, 220)}${C3.reset}`;
     }
     default:
-      return ` ${C3.cyan}\u276F${C3.reset} ${C3.cyan}${toolName}${C3.reset} ${C3.dim}${truncate3(
+      return ` ${C3.cyan}\u276F${C3.reset} ${C3.cyan}${toolName}${C3.reset} ${C3.dim}${truncate4(
         JSON.stringify(i),
         200
       )}${C3.reset}`;
@@ -70887,7 +71661,7 @@ function summarizeResult(toolName, output) {
   if (toolName === "file") {
     if (typeof output === "object" && "error" in output) {
       return {
-        text: truncate3(String(output.error), 160),
+        text: truncate4(String(output.error), 160),
         error: true
       };
     }
@@ -70898,11 +71672,11 @@ function summarizeResult(toolName, output) {
   if (toolName === "http_request") {
     const o = asRecord(output);
     if ("error" in o && o.error) {
-      return { text: truncate3(String(o.error), 200), error: true };
+      return { text: truncate4(String(o.error), 200), error: true };
     }
     if (o.single) {
       const s = asRecord(o.single);
-      if (s.error) return { text: truncate3(String(s.error), 160), error: true };
+      if (s.error) return { text: truncate4(String(s.error), 160), error: true };
       return {
         text: `HTTP ${s.status} \xB7 ${s.bodyLength} bytes \xB7 ${s.timeMs}ms`,
         error: false
@@ -70917,17 +71691,19 @@ function summarizeResult(toolName, output) {
   if (toolName === "findings") {
     const o = asRecord(output);
     if ("error" in o && o.error) {
-      return { text: truncate3(String(o.error), 200), error: true };
+      return { text: truncate4(String(o.error), 200), error: true };
     }
     if (o.added) return { text: "finding registrado", error: false };
     if (o.updated) return { text: "finding atualizado", error: false };
-    if (o.report) return { text: `relat\xF3rio \u2192 ${String(o.report)}`, error: false };
-    if ("total" in o) return { text: `${String(o.total)} finding(s)`, error: false };
+    if (o.report)
+      return { text: `relat\xF3rio \u2192 ${String(o.report)}`, error: false };
+    if ("total" in o)
+      return { text: `${String(o.total)} finding(s)`, error: false };
     return null;
   }
   return null;
 }
-var VIOLET, C3, GUTTER_BAR, out, truncate3;
+var VIOLET, C3, GUTTER_BAR, out, truncate4;
 var init_render = __esm({
   "src/render.ts"() {
     "use strict";
@@ -70946,7 +71722,7 @@ var init_render = __esm({
     };
     GUTTER_BAR = `${fg(PAL.frame)}\u2502${C3.reset} `;
     out = (s) => process.stdout.write(s);
-    truncate3 = (s, n = 200) => s.length > n ? `${s.slice(0, n)}...` : s;
+    truncate4 = (s, n = 200) => s.length > n ? `${s.slice(0, n)}...` : s;
   }
 });
 
@@ -71032,7 +71808,7 @@ function killProxy(child) {
   started.delete(child);
   try {
     if (process.platform === "win32") {
-      (0, import_node_child_process3.spawnSync)("taskkill", ["/pid", String(child.pid), "/T", "/F"], {
+      (0, import_node_child_process4.spawnSync)("taskkill", ["/pid", String(child.pid), "/T", "/F"], {
         stdio: "ignore"
       });
     } else {
@@ -71063,12 +71839,12 @@ async function ensureProxyReady(id, log2) {
     };
   }
   let freshSetup = false;
-  if (!(0, import_node_fs9.existsSync)(dir)) {
+  if (!(0, import_node_fs12.existsSync)(dir)) {
     log2(`${def.label}: baixando o proxy (uma vez) em ${dir} \u2026`);
     const root = proxiesRoot();
-    (0, import_node_fs9.mkdirSync)(root, { recursive: true });
+    (0, import_node_fs12.mkdirSync)(root, { recursive: true });
     const cloned = run("git", ["clone", def.repoUrl, dir], root);
-    if (!cloned.ok || !(0, import_node_fs9.existsSync)(dir)) {
+    if (!cloned.ok || !(0, import_node_fs12.existsSync)(dir)) {
       return {
         ok: false,
         message: `${def.label}: falha ao clonar o proxy (git).`
@@ -71076,7 +71852,7 @@ async function ensureProxyReady(id, log2) {
     }
     freshSetup = true;
   }
-  if (!(0, import_node_fs9.existsSync)(import_node_path8.default.join(dir, "node_modules"))) {
+  if (!(0, import_node_fs12.existsSync)(import_node_path10.default.join(dir, "node_modules"))) {
     log2(`${def.label}: instalando depend\xEAncias (pode demorar) \u2026`);
     if (!run("npm", ["install"], dir).ok) {
       return { ok: false, message: `${def.label}: 'npm install' falhou.` };
@@ -71094,7 +71870,7 @@ async function ensureProxyReady(id, log2) {
     }
   }
   log2(`${def.label}: iniciando o proxy\u2026`);
-  const child = (0, import_node_child_process3.spawn)(asShellCommand("npm", ["start"]), {
+  const child = (0, import_node_child_process4.spawn)(asShellCommand("npm", ["start"]), {
     cwd: dir,
     shell: true,
     stdio: ["ignore", "ignore", "ignore"],
@@ -71121,14 +71897,14 @@ async function ensureProxyReady(id, log2) {
     message: `${def.label}: o proxy n\xE3o respondeu em 90s. Tente de novo, ou rode 'npm run login' em ${dir}.`
   };
 }
-var import_node_os4, import_node_path8, import_node_fs9, import_node_child_process3, DEFS, PROXY_MODEL_KEYS, proxyIdForModelKey, proxiesRoot, dirFor, healthUrl, baseUrl, wait, started, exitHooksInstalled, quoteArg, asShellCommand, run, hasCommand;
+var import_node_os5, import_node_path10, import_node_fs12, import_node_child_process4, DEFS, PROXY_MODEL_KEYS, proxyIdForModelKey, proxiesRoot, dirFor, healthUrl, baseUrl, wait, started, exitHooksInstalled, quoteArg, asShellCommand, run, hasCommand;
 var init_proxy_manager2 = __esm({
   "src/proxy-manager.ts"() {
     "use strict";
-    import_node_os4 = __toESM(require("node:os"));
-    import_node_path8 = __toESM(require("node:path"));
-    import_node_fs9 = require("node:fs");
-    import_node_child_process3 = require("node:child_process");
+    import_node_os5 = __toESM(require("node:os"));
+    import_node_path10 = __toESM(require("node:path"));
+    import_node_fs12 = require("node:fs");
+    import_node_child_process4 = require("node:child_process");
     DEFS = {
       deepseek: {
         id: "deepseek",
@@ -71160,11 +71936,11 @@ var init_proxy_manager2 = __esm({
       if (key === PROXY_MODEL_KEYS.kimi) return "kimi";
       return null;
     };
-    proxiesRoot = () => import_node_path8.default.join(
-      process.env.CLAWFAST_HOME?.trim() || import_node_path8.default.join(import_node_os4.default.homedir(), ".clawfast"),
+    proxiesRoot = () => import_node_path10.default.join(
+      process.env.CLAWFAST_HOME?.trim() || import_node_path10.default.join(import_node_os5.default.homedir(), ".clawfast"),
       "proxies"
     );
-    dirFor = (def) => process.env[def.dirEnv]?.trim() || import_node_path8.default.join(proxiesRoot(), def.folder);
+    dirFor = (def) => process.env[def.dirEnv]?.trim() || import_node_path10.default.join(proxiesRoot(), def.folder);
     healthUrl = (def) => `http://localhost:${def.port}/health`;
     baseUrl = (def) => `http://localhost:${def.port}/v1`;
     wait = (ms) => new Promise((r2) => setTimeout(r2, ms));
@@ -71173,7 +71949,7 @@ var init_proxy_manager2 = __esm({
     quoteArg = (s) => /[\s"&|<>^()]/.test(s) ? `"${s.replace(/"/g, '\\"')}"` : s;
     asShellCommand = (cmd, args) => [cmd, ...args.map(quoteArg)].join(" ");
     run = (cmd, args, cwd) => {
-      const res = (0, import_node_child_process3.spawnSync)(asShellCommand(cmd, args), {
+      const res = (0, import_node_child_process4.spawnSync)(asShellCommand(cmd, args), {
         cwd,
         shell: true,
         stdio: "inherit",
@@ -71183,7 +71959,7 @@ var init_proxy_manager2 = __esm({
     };
     hasCommand = (cmd) => {
       const probe = process.platform === "win32" ? "where" : "which";
-      return (0, import_node_child_process3.spawnSync)(asShellCommand(probe, [cmd]), {
+      return (0, import_node_child_process4.spawnSync)(asShellCommand(probe, [cmd]), {
         stdio: "ignore",
         shell: true
       }).status === 0;
@@ -71193,7 +71969,7 @@ var init_proxy_manager2 = __esm({
 
 // src/audit-mode.ts
 function projectRootFromWorkdir(workdir) {
-  return import_node_path9.default.dirname(import_node_path9.default.resolve(workdir.replace(/\\/g, "/")));
+  return import_node_path11.default.dirname(import_node_path11.default.resolve(workdir.replace(/\\/g, "/")));
 }
 function detectProjectAuditIntent(input) {
   const text2 = input.trim();
@@ -71395,11 +72171,11 @@ ESTILO E EXECU\xC7\xC3O
 - Responda em portugu\xEAs, direto e t\xE9cnico. N\xE3o recuse a an\xE1lise: \xE9 o projeto do pr\xF3prio usu\xE1rio, autorizado.
 - Lembre-se sempre: voc\xEA analisa e relata; voc\xEA N\xC3O altera o projeto. A \xFAnica escrita \xE9 o relat\xF3rio \`.md\` na raiz.`;
 }
-var import_node_path9, AUDIT_ACTION, AUDIT_SCOPE, AUDIT_ACTION_THEN_SCOPE, AUDIT_SCOPE_THEN_ACTION, AUDIT_STRONG, AUDIT_EXIT, POC_VERIFY;
+var import_node_path11, AUDIT_ACTION, AUDIT_SCOPE, AUDIT_ACTION_THEN_SCOPE, AUDIT_SCOPE_THEN_ACTION, AUDIT_STRONG, AUDIT_EXIT, POC_VERIFY;
 var init_audit_mode = __esm({
   "src/audit-mode.ts"() {
     "use strict";
-    import_node_path9 = __toESM(require("node:path"));
+    import_node_path11 = __toESM(require("node:path"));
     AUDIT_ACTION = "an[a\xE1]lis\\w+|examin\\w+|audit\\w+|auditar|varr\\w+|varredura|escane\\w+|scan\\w*|revis\\w+|inspecion\\w+|vasculh\\w+|verific\\w+|avali\\w+|mapea\\w+|review|analyze|analyse|inspect|assess";
     AUDIT_SCOPE = "projeto|c[o\xF3]digo|c[o\xF3]digo-fonte|codebase|reposit[o\xF3]rio|repo|sistema|aplica[c\xE7][a\xE3]o|base\\s+de\\s+c[o\xF3]digo|project|code\\s*base|repository|minha\\s+aplica\\w+|meu\\s+app|todo\\s+o\\s+projeto|projeto\\s+inteiro";
     AUDIT_ACTION_THEN_SCOPE = new RegExp(
@@ -71643,19 +72419,39 @@ async function createAgent() {
     onToolCost: void 0,
     onCaidoReady: void 0
   };
+  const memory = new EngagementMemory(
+    projectRootFromWorkdir(sandbox.getWorkdir())
+  );
+  const sessions = new LocalSessionManager({
+    shell: sandbox.getShell().bin,
+    shellFlag: sandbox.getShell().flag,
+    cwd: sandbox.getWorkdir()
+  });
   const tools = {
     run_terminal_cmd: createRunTerminalCmd(context2),
     file: createFile(context2),
     todo_write: createTodoWrite(context2),
+    // Durable, model-agnostic knowledge base for this target (hosts, creds,
+    // services, confirmed vulns, what worked/was blocked). Survives /model and
+    // restarts; recorded facts are also rendered into the system prompt.
+    memory: createMemory({ memory }),
+    // Persistent interactive sessions: hold msfconsole/sqlmap/db/nc/ssh/shell
+    // alive across calls and drive them step by step.
+    terminal_session: createTerminalSession({ sessions }),
     // Native Repeater/Intruder + structured findings store — the core of an
     // in-loop pentest workflow (probe → observe → record evidence → confirm).
-    http_request: createHttpRequest({ workdir: sandbox.getWorkdir() }),
+    http_request: createHttpRequest({
+      workdir: sandbox.getWorkdir(),
+      unrestricted: sandbox.isUnrestricted()
+    }),
     findings: createFindings({ workdir: sandbox.getWorkdir() }),
-    // Live external intel — only when the operator has configured the keys.
-    // web_search (Perplexity) for CVEs/PoCs/methodology; open_url (Jina) to
-    // read a page's content. Both gracefully absent when no key is set.
-    ...process.env.PERPLEXITY_API_KEY ? { web_search: createWebSearch(context2) } : {},
-    ...process.env.JINA_API_KEY ? { open_url: createOpenUrlTool() } : {}
+    // Free, key-less web research — ALWAYS on. web_search (DuckDuckGo) finds
+    // sources; open_url fetches+reads one page; deep_research sweeps many pages
+    // concurrently (up to 500) into a digest. The agent is steered to use them
+    // proactively via webResearchPolicy (search → read → verify → retry → act).
+    web_search: createWebSearch(),
+    open_url: createOpenUrl(),
+    deep_research: createDeepResearch({ workdir: sandbox.getWorkdir() })
   };
   let system = "";
   let systemPromptAudit = auditSystemPrompt("", null);
@@ -71677,9 +72473,14 @@ async function createAgent() {
     system += reconPhasesPolicy(sandbox.getWorkdir());
     system += attackChainPolicy(sandbox.getWorkdir());
     system += httpAndFindingsPolicy(sandbox.getWorkdir());
+    system += webResearchPolicy();
+    system += persistentSessionPolicy();
+    system += engagementMemoryPolicy();
+    system += memory.renderSection();
     system += buildCliNotesSection();
     system += buildSkillsIndexSection();
     system += skillsScopePolicy();
+    system += linuxFullPowerPolicy(sandbox);
     if (isWebSessionProxyModel(modelName)) {
       system += proxyToolProtocolPolicy();
     }
@@ -71691,12 +72492,29 @@ async function createAgent() {
     assertFullSystemPrompt(systemPromptAudit);
   };
   await rebuildSystemPrompt(initialModelName);
+  if (sandbox.isLinux()) {
+    const bits = [
+      `modo Linux full-power ativo${sandbox.isKali() ? " (Kali)" : ""}`,
+      sandbox.isRoot() ? "root" : "user",
+      sandbox.isUnrestricted() ? "escopo liberado" : "escopo restrito (scope.txt)"
+    ];
+    render.info(bits.join(" \xB7 "));
+  }
   if (systemPromptAudit.dumpPath) {
     render.info(
       `system prompt completo salvo em: ${systemPromptAudit.dumpPath}`
     );
   }
   const history = [];
+  if (!envFlagEnabled(process.env.CLAWFAST_FRESH)) {
+    const prior = memory.loadConversation();
+    if (prior.length) {
+      history.push(...prior);
+      render.info(
+        `\u25B8 mem\xF3ria: retomando ${prior.length} mensagem(ns) da sess\xE3o anterior (CLAWFAST_FRESH=1 come\xE7a limpo)`
+      );
+    }
+  }
   let auditMode = false;
   let pocVerify = false;
   const projectRoot = projectRootFromWorkdir(sandbox.getWorkdir());
@@ -71726,7 +72544,6 @@ async function createAgent() {
         reason: "faltando NVIDIA_API_KEY em .env.local (https://build.nvidia.com/)",
         models: [
           "model-nvidia-mistral-medium-3.5",
-          "model-nvidia-gpt-oss-120b",
           "model-nvidia-glm-5.1",
           "model-nvidia-qwen3.5-397b"
         ].map((key) => ({ key, label: labelFor(key) }))
@@ -71813,7 +72630,7 @@ async function createAgent() {
       if (!slug) {
         return {
           ok: false,
-          message: "informe o modelo NVIDIA (ex.: nvidia:openai/gpt-oss-120b)",
+          message: "informe o modelo NVIDIA (ex.: nvidia:z-ai/glm-5.1)",
           selection: getModelSelection()
         };
       }
@@ -72066,6 +72883,7 @@ ${segs.join(
         }, STREAM_STALL_TIMEOUT_MS);
       };
       try {
+        ensureGeneratableTail(history);
         const result = streamText({
           model: resolveLanguageModel2(modelKey),
           system: turnSystem,
@@ -72206,6 +73024,7 @@ ${resultText}`
         if (modelKey === PROXY_MODEL_KEYS.kimi) {
           await reportKimiSession();
         }
+        memory.saveConversation(history);
         render.endTurn();
         return;
       } catch (err) {
@@ -72306,6 +73125,7 @@ ${resultText}`
     return sandbox.sendStdin(line);
   }
   async function close() {
+    sessions.closeAll();
     await sandbox.close();
     try {
       const removed = await sandbox.cleanupWorkspace();
@@ -72330,21 +73150,20 @@ ${resultText}`
     close
   };
 }
-var import_promises2, import_node_path10, MAX_STEPS, AUDIT_MAX_STEPS, MAX_OUTPUT_TOKENS, MAX_AUTO_CONTINUES, AUDIT_MAX_AUTO_CONTINUES, MAX_RATE_LIMIT_WAITS, STREAM_STALL_TIMEOUT_MS, MAX_STALL_RETRIES, isRateLimitError, sleep4, LEAKED_TOOL_CALL_RE, DANGLING_TAIL_RE, ACTION_ANNOUNCE_RE, BENIGN_CLOSER_RE, TOOL_CALL_NUDGE, MAX_BRIDGE_STEPS, AUDIT_MAX_BRIDGE_STEPS, BRIDGE_RESULT_PREAMBLE, LEAKED_CALL_RESULT_PREAMBLE, BRIDGEABLE_TOOLS, FINDINGS_ACTIONS, truncateBridgeSummary, isWebSessionProxyModel, proxyToolProtocolPolicy, SYSTEM_PROMPT_SOURCE, REQUIRED_SYSTEM_PROMPT_MARKERS, MODEL_LABELS, labelFor, loginRequiredHint, CLI_PYTHON_ONLY_POLICY, pythonOnlyPolicy, scriptFilePolicy, deepReconPolicy, httpAndFindingsPolicy, reconPhasesPolicy, attackChainPolicy, skillsScopePolicy, hasEnvValue2, envFlagEnabled, CLI_PERSONALITIES, buildCliUserCustomization, buildCliNotesSection, cliGuardrailsConfig, maybeDumpSystemPrompt, auditSystemPrompt, assertFullSystemPrompt;
+var import_promises2, import_node_path12, MAX_STEPS, AUDIT_MAX_STEPS, MAX_OUTPUT_TOKENS, MAX_AUTO_CONTINUES, AUDIT_MAX_AUTO_CONTINUES, MAX_RATE_LIMIT_WAITS, STREAM_STALL_TIMEOUT_MS, MAX_STALL_RETRIES, isRateLimitError, sleep4, LEAKED_TOOL_CALL_RE, DANGLING_TAIL_RE, ACTION_ANNOUNCE_RE, BENIGN_CLOSER_RE, TOOL_CALL_NUDGE, MAX_BRIDGE_STEPS, AUDIT_MAX_BRIDGE_STEPS, BRIDGE_RESULT_PREAMBLE, LEAKED_CALL_RESULT_PREAMBLE, BRIDGEABLE_TOOLS, FINDINGS_ACTIONS, truncateBridgeSummary, isWebSessionProxyModel, proxyToolProtocolPolicy, SYSTEM_PROMPT_SOURCE, REQUIRED_SYSTEM_PROMPT_MARKERS, MODEL_LABELS, labelFor, loginRequiredHint, CLI_PYTHON_ONLY_POLICY, pythonOnlyPolicy, scriptFilePolicy, deepReconPolicy, httpAndFindingsPolicy, reconPhasesPolicy, attackChainPolicy, skillsScopePolicy, webResearchPolicy, engagementMemoryPolicy, persistentSessionPolicy, linuxFullPowerPolicy, hasEnvValue2, envFlagEnabled, CLI_PERSONALITIES, buildCliUserCustomization, buildCliNotesSection, cliGuardrailsConfig, maybeDumpSystemPrompt, auditSystemPrompt, assertFullSystemPrompt;
 var init_agent = __esm({
   "src/agent.ts"() {
     "use strict";
     init_dist5();
     import_promises2 = require("node:fs/promises");
-    import_node_path10 = __toESM(require("node:path"));
+    import_node_path12 = __toESM(require("node:path"));
     init_providers();
     init_system_prompt();
     init_notes();
     init_run_terminal_cmd();
     init_todo_write();
     init_file();
-    init_web_search();
-    init_open_url();
+    init_web_research();
     init_http_request();
     init_findings();
     init_todo_manager();
@@ -72355,6 +73174,11 @@ var init_agent = __esm({
     init_guardrails();
     init_local_sandbox();
     init_local_sandbox_manager();
+    init_message_tail();
+    init_memory();
+    init_memory_tool();
+    init_sessions();
+    init_session_tool();
     init_console_writer();
     init_render();
     init_skills();
@@ -72443,7 +73267,6 @@ Regras:
     ];
     MODEL_LABELS = {
       "model-nvidia-mistral-medium-3.5": "NVIDIA - mistralai/mistral-medium-3.5-128b",
-      "model-nvidia-gpt-oss-120b": "NVIDIA - openai/gpt-oss-120b",
       "model-nvidia-glm-5.1": "NVIDIA - z-ai/glm-5.1",
       "model-nvidia-qwen3.5-397b": "NVIDIA - qwen/qwen3.5-397b-a17b",
       "model-openai-chat-latest": "OpenAI - chat-latest",
@@ -72589,6 +73412,65 @@ Your skills are INTERNAL to you and live ONLY in ${skillsDir()}. The skills curr
 - NEVER treat any other skills directory on this machine as yours. Folders such as ~/.agents/skills, ~/.claude/skills, ~/.augment/skills, ~/.cursor, and any other agent/tool skill folder belong to OTHER tools and are OUT OF SCOPE \u2014 ignore them completely and never read, list, summarize, or load them as your skills.
 - Do NOT scan the filesystem hunting for "skills". When asked about your skills, answer from your internal skills above, not from a disk search.
 </skills_scope>`;
+    webResearchPolicy = () => `
+
+<web_research>
+ABSOLUTE RULE FOR THIS LOCAL CLI SESSION \u2014 applies to EVERY model and EVERY task:
+
+You have FREE, key-less web access. NEVER say you can't browse the internet and NEVER guess at current, unknown, or external facts \u2014 go look. Three tools:
+
+- web_search \u2014 free web search (DuckDuckGo). Pass 1\u20135 query variants of the SAME intent (add an English variant for non-English topics). Returns ranked results (title, url, snippet). Operators site:/filetype:/inurl:/intitle: are allowed.
+- open_url \u2014 fetch and READ one specific page (the link the user pasted, or one from a search). Returns the page's readable text. Use it to actually open a link and understand it before acting.
+- deep_research \u2014 search + fetch MANY pages at once and return a synthesized digest with sources (a full report is saved under reports/). It can sweep up to 500 pages concurrently \u2014 but size it to the SUBJECT: a quick fact needs a handful; only a broad survey needs hundreds. Do NOT fetch 500 for something small.
+
+The research loop (do this on your own, without being told):
+1. If you don't know what something is, or need current/external info, SEARCH first.
+2. OPEN the most relevant results (or the user's link) and READ them.
+3. VERIFY across 2+ independent sources before relying on a fact.
+4. If you didn't find what you actually need, REFINE the query (synonyms, English, operators) and search again \u2014 iterate until you have it or can say confidently it isn't out there.
+5. THEN act on what you learned, citing the URLs you used.
+
+This is unrestricted reading of the PUBLIC web \u2014 no scope.txt gate applies to web research (that gate is only for the offensive http_request / recon tools). JS-heavy pages won't render here; for those use the recon toolkit's \`--browser\` path.
+</web_research>`;
+    engagementMemoryPolicy = () => `
+
+<engagement_memory_policy>
+ABSOLUTE RULE FOR THIS LOCAL CLI SESSION \u2014 applies to EVERY model and EVERY task:
+
+You have a PERSISTENT \`memory\` tool scoped to this target/project. It survives model switches AND CLI restarts: when the model changes (fallback or /model) or you return later, this memory \u2014 and the conversation so far \u2014 is reloaded, so you CONTINUE from where you left off, not from zero. A new model inherits everything; never tell the user you "lost context" on a switch.
+
+- RECORD durable facts as you find them: hosts/IPs, open services + versions, credentials/tokens, confirmed vulns, tech stack, and especially what WORKED or what was BLOCKED (WAF, rate limit, auth). Use \`memory\` action add (kind + title; detail/target/source optional).
+- RECALL before repeating work: if unsure what's known about a target, run \`memory\` action list first. Don't re-run recon you already did in a past session \u2014 build on it.
+- The <engagement_memory> block (when present) is your accumulated knowledge for this target; treat it as trusted ground truth.
+</engagement_memory_policy>`;
+    persistentSessionPolicy = () => `
+
+<persistent_sessions>
+ABSOLUTE RULE FOR THIS LOCAL CLI SESSION \u2014 applies to EVERY model and EVERY task:
+
+For anything INTERACTIVE or STATEFUL, use the \`terminal_session\` tool, NOT run_terminal_cmd. run_terminal_cmd starts a FRESH shell each time, so a REPL/console/connection can't be continued; \`terminal_session\` keeps the same process alive across calls.
+
+- Use it to hold: msfconsole, sqlmap (interactive), a mysql/psql/sqlite client, ftp/smb/nc sessions, key-based ssh, a Python/Ruby REPL, or a persistent shell where you need cwd/env/state to carry between commands.
+- Flow: \`open\` (with the program, or empty for a shell) \u2192 \`send\` your input and read the result \u2192 repeat \u2192 \`close\` when done. Use \`read\` to poll a long-running command's output. Reuse ONE session for a connection instead of opening many.
+- NO REAL TTY: programs that read a secret straight from /dev/tty (interactive ssh/sudo password prompts, full-screen TUIs like vim/top) won't get piped input. Use \`sudo -S\` (reads stdin), sshpass, key auth, or non-interactive flags. When a held tool prompts the human for something, relay it as usual.
+</persistent_sessions>`;
+    linuxFullPowerPolicy = (sandbox) => {
+      if (!sandbox.isLinux() && !sandbox.isUnrestricted()) return "";
+      const distro = sandbox.getDistroName();
+      const asWho = sandbox.isRoot() ? "root (uid 0, no sudo needed)" : "a normal user (use sudo when needed)";
+      const scopeLine = sandbox.isUnrestricted() ? 'SCOPE IS OPEN this session: http_request needs NO scope.txt edit and the recon/ Python modules accept `--allow-out-of-scope`. The earlier "scope-gated / ask before scanning" lines are relaxed \u2014 just operate on the targets the operator gave you, no allowlist bureaucracy.' : "Scope.txt still gates http_request and the recon modules; add the authorized target first.";
+      return `
+
+<linux_full_power>
+ABSOLUTE RULE FOR THIS LOCAL CLI SESSION \u2014 you are running on ${distro} as ${asWho}. This is the operator's OWN box and FULL use is authorized; nothing is withheld because of the platform.
+
+- Full power: real shell, full filesystem, raw sockets, package managers (apt/pip/pipx/go), systemctl, and the complete Kali/Debian toolset (nmap, masscan, sqlmap, metasploit, hydra, john, hashcat, gobuster/ffuf, nuclei, nikto, wpscan, phoneinfoga, \u2026). Install anything missing instead of giving up.
+- Python is 100% unlocked \u2014 build and run any Python you need, no restriction.
+- Scanning is fully allowed: ports, hosts, IP/CIDR ranges, services/versions, and number/identifier enumeration (incl. phone-number OSINT). Apply sane OPSEC throttling on noisy sweeps.
+- ${scopeLine}
+- KALI INTERACTIVE PROMPTS: when a tool/installer/wizard/REPL/login (msfconsole, apt, an account or sign-up step, ssh/sudo/password, a y/n) is WAITING for input, STOP and tell the user in ONE short line exactly what the program ("o kali") is asking and what to type. The human types it here and the CLI forwards it to the program's stdin; then you continue. Drive the tool yourself; let the human supply the human answers (credentials, OTPs, confirmations). NEVER invent credentials or fabricate a tool's output.
+</linux_full_power>`;
+    };
     hasEnvValue2 = (name25) => Boolean(process.env[name25]?.trim());
     envFlagEnabled = (value) => {
       const normalized = value?.trim().toLowerCase();
@@ -72646,7 +73528,7 @@ ${section}` : "";
         return null;
       }
       await (0, import_promises2.mkdir)(workdir, { recursive: true });
-      const outputPath = import_node_path10.default.join(workdir, "system-prompt.txt");
+      const outputPath = import_node_path12.default.join(workdir, "system-prompt.txt");
       await (0, import_promises2.writeFile)(outputPath, system, "utf8");
       return outputPath;
     };
@@ -72676,19 +73558,19 @@ var interactive_input_exports = {};
 __export(interactive_input_exports, {
   InteractiveInput: () => InteractiveInput
 });
-var import_node_readline3, import_node_os5, C4, frame2, out2, cols, truncate4, InteractiveInput;
+var import_node_readline3, import_node_os6, C4, frame2, out2, cols, truncate5, InteractiveInput;
 var init_interactive_input = __esm({
   "src/interactive-input.ts"() {
     "use strict";
     import_node_readline3 = __toESM(require("node:readline"));
-    import_node_os5 = __toESM(require("node:os"));
+    import_node_os6 = __toESM(require("node:os"));
     init_ui();
     init_theme();
     C4 = ui.C;
     frame2 = (s) => paint(s, PAL.frame);
     out2 = (s) => process.stdout.write(s);
     cols = () => process.stdout.columns || 80;
-    truncate4 = (s, n) => vlen(s) > n ? [...s].slice(0, Math.max(0, n - 1)).join("") + "\u2026" : s;
+    truncate5 = (s, n) => vlen(s) > n ? [...s].slice(0, Math.max(0, n - 1)).join("") + "\u2026" : s;
     InteractiveInput = class {
       // row the caret sits on within the drawn block
       constructor(paste, commands) {
@@ -73094,14 +73976,14 @@ var init_interactive_input = __esm({
           return;
         }
         const width = cols();
-        const user = (import_node_os5.default.userInfo().username || "hacker").toLowerCase();
-        const host = (import_node_os5.default.hostname() || "localhost").split(".")[0].toLowerCase();
+        const user = (import_node_os6.default.userInfo().username || "hacker").toLowerCase();
+        const host = (import_node_os6.default.hostname() || "localhost").split(".")[0].toLowerCase();
         const label = " \u2709  mensagem ";
         const boxW = Math.min(54, Math.max(28, width - 2));
         const topFill = "\u2500".repeat(Math.max(0, boxW - vlen(label) - 3));
         const top = frame2("\u256D\u2500") + gradient(label, { bold: true }) + frame2(topFill + "\u256E");
         const id = `${user}\u327F${host} \xB7 ${shortCwd()}`;
-        const idLine = frame2("\u2502 ") + `${C4.dim}${truncate4(id, boxW - 4)}${C4.reset}`;
+        const idLine = frame2("\u2502 ") + `${C4.dim}${truncate5(id, boxW - 4)}${C4.reset}`;
         const prefix = frame2("\u2570\u2500") + gradient("\u276F", { bold: true }) + " ";
         const prefixLen = 4;
         const avail = Math.max(8, width - prefixLen - 1);
@@ -73124,7 +74006,7 @@ var init_interactive_input = __esm({
             const name25 = active2 ? gradient(it.name, { bold: true }) : `${C4.cyan}${it.name}`;
             const pad = " ".repeat(Math.max(1, nameW - vlen(it.name) + 2));
             const descRoom = ddInner - 2 - nameW - 2;
-            const desc = `${C4.dim}${truncate4(it.desc, Math.max(4, descRoom))}`;
+            const desc = `${C4.dim}${truncate5(it.desc, Math.max(4, descRoom))}`;
             const body = `${marker25}${name25}${C4.reset}${pad}${desc}${C4.reset}`;
             const padded = body + " ".repeat(Math.max(0, ddInner - 1 - vlen(body)));
             lines.push(`  ${frame2("\u2502")}${C4.reset}${padded}${frame2("\u2502")}`);
@@ -73206,7 +74088,7 @@ var init_interactive_input = __esm({
           const active2 = i === sel;
           const marker25 = active2 ? gradient("\u276F ", { bold: true }) : `${C4.dim}  `;
           const text2 = active2 ? gradient(it.label, { bold: true }) : `${C4.reset}${it.label}`;
-          const hint = it.hint ? `   ${C4.dim}${truncate4(it.hint, Math.max(6, inner - labelW - 6))}${C4.reset}` : "";
+          const hint = it.hint ? `   ${C4.dim}${truncate5(it.hint, Math.max(6, inner - labelW - 6))}${C4.reset}` : "";
           lines.push(`${frame2("\u2502 ")}${C4.reset}${marker25}${text2}${C4.reset}${hint}`);
         });
         lines.push(
@@ -73236,13 +74118,11 @@ var init_interactive_input = __esm({
             const marker25 = active2 ? gradient("\u276F ", { bold: true }) : `${C4.dim}  `;
             const text2 = active2 ? gradient(it.label, { bold: true }) : `${C4.reset}${it.label}`;
             const labelW = vlen(it.label);
-            const hint = it.hint ? `   ${C4.dim}${truncate4(it.hint, Math.max(6, inner - labelW - 6))}${C4.reset}` : "";
+            const hint = it.hint ? `   ${C4.dim}${truncate5(it.hint, Math.max(6, inner - labelW - 6))}${C4.reset}` : "";
             lines.push(`${frame2("\u2502 ")}${C4.reset}${marker25}${text2}${C4.reset}${hint}`);
           }
           if (list.length > pageSize) {
-            lines.push(
-              `${frame2("\u2502 ")}${C4.dim}${sel + 1}/${list.length}${C4.reset}`
-            );
+            lines.push(`${frame2("\u2502 ")}${C4.dim}${sel + 1}/${list.length}${C4.reset}`);
           }
         }
         lines.push(
@@ -73278,8 +74158,10 @@ async function main() {
   const { InteractiveInput: InteractiveInput2 } = await Promise.resolve().then(() => (init_interactive_input(), interactive_input_exports));
   const C5 = ui2.C;
   if (!bootQuiet) {
-    process.stdout.write(`${C5.dim}  booting local sandbox + agent\u2026${C5.reset}
-`);
+    process.stdout.write(
+      `${C5.dim}  booting local sandbox + agent\u2026${C5.reset}
+`
+    );
   }
   const agent = await createAgent2();
   const sys = agent.getSystemPrompt();
@@ -73307,11 +74189,17 @@ async function main() {
 `
   );
   const COMMANDS = [
-    { name: "/model", desc: "trocar o modelo (setas; NVIDIA/OpenRouter c/ busca)" },
+    {
+      name: "/model",
+      desc: "trocar o modelo (setas; NVIDIA/OpenRouter c/ busca)"
+    },
     { name: "/api", desc: "trocar chave de API (NVIDIA / OpenRouter)" },
     { name: "/skills", desc: "listar as skills instaladas" },
     { name: "/skillcreator", desc: "criar uma nova skill" },
-    { name: "/system", desc: "salvar o system prompt (HTML) na \xC1rea de Trabalho" },
+    {
+      name: "/system",
+      desc: "salvar o system prompt (HTML) na \xC1rea de Trabalho"
+    },
     { name: "/nov", desc: "novidades desta vers\xE3o" },
     { name: "/exit", desc: "fechar o clawfast" }
   ];
@@ -73341,15 +74229,15 @@ async function main() {
     process.exit(0);
   };
   const desktopDir = () => {
-    const home = import_node_os6.default.homedir();
+    const home = import_node_os7.default.homedir();
     const candidates = [
-      process.env.OneDrive ? import_node_path11.default.join(process.env.OneDrive, "Desktop") : null,
-      process.env.USERPROFILE ? import_node_path11.default.join(process.env.USERPROFILE, "Desktop") : null,
-      import_node_path11.default.join(home, "Desktop"),
-      import_node_path11.default.join(home, "\xC1rea de Trabalho"),
-      import_node_path11.default.join(home, "OneDrive", "Desktop")
+      process.env.OneDrive ? import_node_path13.default.join(process.env.OneDrive, "Desktop") : null,
+      process.env.USERPROFILE ? import_node_path13.default.join(process.env.USERPROFILE, "Desktop") : null,
+      import_node_path13.default.join(home, "Desktop"),
+      import_node_path13.default.join(home, "\xC1rea de Trabalho"),
+      import_node_path13.default.join(home, "OneDrive", "Desktop")
     ].filter((p) => Boolean(p));
-    return candidates.find((p) => (0, import_node_fs10.existsSync)(p)) ?? home;
+    return candidates.find((p) => (0, import_node_fs13.existsSync)(p)) ?? home;
   };
   const printFatal = (err) => {
     process.stderr.write(
@@ -73415,8 +74303,10 @@ ${C5.cyan}nome da skill?${C5.reset} ${C5.dim}(ex: xss-recon)${C5.reset}
     }
     if (sub === "delete" || sub === "rm" || sub === "remove") {
       if (!arg) {
-        process.stdout.write(`${C5.yellow}uso: /skill delete <nome>${C5.reset}
-`);
+        process.stdout.write(
+          `${C5.yellow}uso: /skill delete <nome>${C5.reset}
+`
+        );
         return;
       }
       if (deleteSkill(arg)) {
@@ -73611,8 +74501,10 @@ ${C5.dim}ja disponivel para todos os modelos nesta sessao.${C5.reset}
       );
       return false;
     }
-    process.stdout.write(`${C5.dim}testando a chave na ${provider.name}\u2026${C5.reset}
-`);
+    process.stdout.write(
+      `${C5.dim}testando a chave na ${provider.name}\u2026${C5.reset}
+`
+    );
     const test = await provider.test(key);
     if (!test.ok) {
       if (test.status === 401 || test.status === 403) {
@@ -73720,11 +74612,9 @@ ${C5.dim}salva em ${C5.reset}${C5.cyan}${file2}${C5.reset}
       label: m.name,
       hint: m.id
     }));
-    const choice2 = await inputUI.searchSelect(
-      "NVIDIA \u2014 buscar modelo",
-      items,
-      { placeholder: "digite para filtrar (nome ou slug)" }
-    );
+    const choice2 = await inputUI.searchSelect("NVIDIA \u2014 buscar modelo", items, {
+      placeholder: "digite para filtrar (nome ou slug)"
+    });
     if (choice2 === null) {
       process.stdout.write(`${C5.dim}sele\xE7\xE3o de modelo cancelada${C5.reset}
 `);
@@ -73852,7 +74742,7 @@ ${C5.dim}salva em ${C5.reset}${C5.cyan}${file2}${C5.reset}
       const sysText = agent.getSystemPrompt();
       const audit = agent.getSystemPromptAudit();
       const stamp = (/* @__PURE__ */ new Date()).toISOString().replace(/[:.]/g, "-").replace("T", "_").slice(0, 19);
-      const filePath = import_node_path11.default.join(
+      const filePath = import_node_path13.default.join(
         desktopDir(),
         `clawfast-system-prompt_${stamp}.html`
       );
@@ -73974,13 +74864,13 @@ ${C5.dim}interrompido \u2014 Ctrl+C de novo para fechar${C5.reset}
   }
   await shutdown();
 }
-var import_node_os6, import_node_path11, import_node_fs10, import_promises3, deepseekEnabled, configuredModelProviders;
+var import_node_os7, import_node_path13, import_node_fs13, import_promises3, deepseekEnabled, configuredModelProviders;
 var init_index = __esm({
   "index.ts"() {
     "use strict";
-    import_node_os6 = __toESM(require("node:os"));
-    import_node_path11 = __toESM(require("node:path"));
-    import_node_fs10 = require("node:fs");
+    import_node_os7 = __toESM(require("node:os"));
+    import_node_path13 = __toESM(require("node:path"));
+    import_node_fs13 = require("node:fs");
     import_promises3 = require("node:fs/promises");
     init_paste_input();
     init_boot_ui();