context-compress 2026.3.13 → 2026.3.20

package/dist/server.bundle.mjs

@@ -10861,7 +10861,9 @@ var DEFAULTS = {
   searchWindowMs: 6e4,
   searchReduceAfter: 3,
   searchBlockAfter: 8,
-  compressionLevel: "normal"
+  compressionLevel: "normal",
+  persistDb: false,
+  dbDir: null
 };
 var LEVEL_OVERRIDES = {
   normal: {},
@@ -10896,7 +10898,9 @@ var ConfigSchema = external_exports.object({
   searchWindowMs: external_exports.number().int().positive().optional(),
   searchReduceAfter: external_exports.number().int().nonnegative().optional(),
   searchBlockAfter: external_exports.number().int().positive().optional(),
-  compressionLevel: external_exports.enum(["normal", "compact", "ultra"]).optional()
+  compressionLevel: external_exports.enum(["normal", "compact", "ultra"]).optional(),
+  persistDb: external_exports.boolean().optional(),
+  dbDir: external_exports.string().nullable().optional()
 });
 function parseIntEnv(key) {
   const val = process.env[key];
@@ -10965,6 +10969,12 @@ function loadEnvConfig() {
   if (level === "normal" || level === "compact" || level === "ultra") {
     partial2.compressionLevel = level;
   }
+  if (process.env.CONTEXT_COMPRESS_PERSIST_DB === "1") {
+    partial2.persistDb = true;
+  }
+  if (process.env.CONTEXT_COMPRESS_DB_DIR) {
+    partial2.dbDir = process.env.CONTEXT_COMPRESS_DB_DIR;
+  }
   return partial2;
 }
 var _config = null;
@@ -10980,6 +10990,60 @@ function loadConfig(projectDir2) {
       merged[k] = value;
     }
   }
+  if (merged.maxOutputBytes < 1024) {
+    console.error(
+      `[context-compress] Config: maxOutputBytes clamped from ${merged.maxOutputBytes} to 1024`
+    );
+    merged.maxOutputBytes = 1024;
+  }
+  if (merged.hardCapBytes < merged.maxOutputBytes) {
+    console.error(
+      `[context-compress] Config: hardCapBytes clamped from ${merged.hardCapBytes} to ${merged.maxOutputBytes}`
+    );
+    merged.hardCapBytes = merged.maxOutputBytes;
+  }
+  if (merged.intentSearchThreshold < 0) {
+    console.error(
+      `[context-compress] Config: intentSearchThreshold clamped from ${merged.intentSearchThreshold} to 0`
+    );
+    merged.intentSearchThreshold = 0;
+  }
+  if (merged.searchLimit < 1) {
+    console.error(`[context-compress] Config: searchLimit clamped from ${merged.searchLimit} to 1`);
+    merged.searchLimit = 1;
+  }
+  if (merged.searchWindowMs < 1e3) {
+    console.error(
+      `[context-compress] Config: searchWindowMs clamped from ${merged.searchWindowMs} to 1000`
+    );
+    merged.searchWindowMs = 1e3;
+  }
+  if (merged.searchReduceAfter < 1) {
+    console.error(
+      `[context-compress] Config: searchReduceAfter clamped from ${merged.searchReduceAfter} to 1`
+    );
+    merged.searchReduceAfter = 1;
+  }
+  if (merged.searchBlockAfter < merged.searchReduceAfter + 1) {
+    const minVal = merged.searchReduceAfter + 1;
+    console.error(
+      `[context-compress] Config: searchBlockAfter clamped from ${merged.searchBlockAfter} to ${minVal}`
+    );
+    merged.searchBlockAfter = minVal;
+  }
+  if (merged.searchMaxBytes < 1024) {
+    console.error(
+      `[context-compress] Config: searchMaxBytes clamped from ${merged.searchMaxBytes} to 1024`
+    );
+    merged.searchMaxBytes = 1024;
+  }
+  if (merged.batchMaxBytes < 1024) {
+    console.error(
+      `[context-compress] Config: batchMaxBytes clamped from ${merged.batchMaxBytes} to 1024`
+    );
+    merged.batchMaxBytes = 1024;
+  }
+  if (merged.dbDir) merged.persistDb = true;
   _config = merged;
   return _config;
 }
@@ -10997,7 +11061,7 @@ function debug(...args) {
 }
 
 // src/server.ts
-import { readFileSync as readFileSync2, statSync } from "node:fs";
+import { readFileSync as readFileSync2, realpathSync, statSync } from "node:fs";
 import { dirname, join as join4, resolve } from "node:path";
 import { fileURLToPath } from "node:url";
 
@@ -21516,10 +21580,12 @@ __cm_main().then(()=>{${epilogue}}).catch(e=>{console.error(e);${epilogue}proces
 }
 
 // src/network.ts
+import dns from "node:dns";
 function isPrivateHost(hostname2) {
   const h = hostname2.startsWith("[") && hostname2.endsWith("]") ? hostname2.slice(1, -1) : hostname2;
   const lower = h.toLowerCase();
   if (lower === "localhost" || lower === "0.0.0.0") return true;
+  if (/^0\./.test(h)) return true;
   if (/^127\./.test(h)) return true;
   if (/^10\./.test(h)) return true;
   if (/^172\.(1[6-9]|2\d|3[01])\./.test(h)) return true;
@@ -21527,12 +21593,50 @@ function isPrivateHost(hostname2) {
   if (/^169\.254\./.test(h)) return true;
   if (/^100\.(6[4-9]|[7-9]\d|1[01]\d|12[0-7])\./.test(h)) return true;
   if (lower === "::1") return true;
+  if (lower === "::" || lower === "0:0:0:0:0:0:0:0") return true;
   const mappedMatch = lower.match(/^::ffff:(\d+\.\d+\.\d+\.\d+)$/);
   if (mappedMatch) return isPrivateHost(mappedMatch[1]);
   if (/^fe[89ab]/i.test(h)) return true;
   if (/^f[cd]/i.test(h)) return true;
   return false;
 }
+async function resolveAndValidate(url) {
+  const parsed = new URL(url);
+  const hostname2 = parsed.hostname;
+  if (/^\d+\.\d+\.\d+\.\d+$/.test(hostname2) || hostname2.includes(":")) {
+    if (isPrivateHost(hostname2)) {
+      throw new Error(`Blocked: resolved IP ${hostname2} is a private/internal address`);
+    }
+    return { url, resolvedIp: null };
+  }
+  let resolvedIp = null;
+  let v4Error = false;
+  let v6Error = false;
+  try {
+    const { address } = await dns.promises.lookup(hostname2, { family: 4 });
+    if (isPrivateHost(address)) {
+      throw new Error(`Blocked: ${hostname2} resolved to private IP ${address}`);
+    }
+    resolvedIp = address;
+  } catch (err) {
+    if (err instanceof Error && err.message.startsWith("Blocked:")) throw err;
+    v4Error = true;
+  }
+  try {
+    const { address } = await dns.promises.lookup(hostname2, { family: 6 });
+    if (isPrivateHost(address)) {
+      throw new Error(`Blocked: ${hostname2} resolved to private IPv6 ${address}`);
+    }
+    if (!resolvedIp) resolvedIp = address;
+  } catch (err) {
+    if (err instanceof Error && err.message.startsWith("Blocked:")) throw err;
+    v6Error = true;
+  }
+  if (v4Error && v6Error) {
+    throw new Error(`DNS resolution failed for ${hostname2}: unable to verify host safety`);
+  }
+  return { url, resolvedIp };
+}
 
 // src/runtime/index.ts
 import { exec } from "node:child_process";
@@ -21857,8 +21961,9 @@ function asciiBar(ratio, width = BAR_WIDTH) {
   return `[${"\u2588".repeat(filled)}${"\u2591".repeat(empty)}] ${(ratio * 100).toFixed(0)}%`;
 }
 function tokenCost(tokens) {
-  const cost = tokens / 1e6 * 3;
-  return cost >= 0.01 ? `~$${cost.toFixed(2)}` : "<$0.01";
+  const sonnetCost = tokens / 1e6 * 3;
+  if (sonnetCost < 0.01) return "<$0.01";
+  return `~$${sonnetCost.toFixed(2)} (Sonnet)`;
 }
 var SessionTracker = class {
   stats = {
@@ -21890,10 +21995,14 @@ var SessionTracker = class {
     const totalReturned = Object.values(snap.bytesReturned).reduce((a, b) => a + b, 0);
     const keptOut = snap.bytesIndexed + snap.bytesSandboxed;
     const totalProcessed = keptOut + totalReturned;
-    const savingsRatio = totalReturned > 0 ? totalProcessed / totalReturned : 1;
+    const savingsRatio = totalReturned > 0 ? totalProcessed / totalReturned : keptOut > 0 ? Number.POSITIVE_INFINITY : 1;
     const reductionPct = totalProcessed > 0 ? ((1 - totalReturned / totalProcessed) * 100).toFixed(1) : "0.0";
-    const estTokens = Math.round(totalReturned / 4);
-    const estTokensAvoided = Math.round(keptOut / 4);
+    const estTokensLo = Math.round(totalReturned / 5);
+    const estTokensHi = Math.round(totalReturned / 3);
+    const estTokensAvoidedLo = Math.round(keptOut / 5);
+    const estTokensAvoidedHi = Math.round(keptOut / 3);
+    const estTokensMid = Math.round(totalReturned / 4);
+    const estTokensAvoidedMid = Math.round(keptOut / 4);
     const lines = [];
     lines.push("## Session Statistics\n");
     lines.push("| Metric | Value |");
@@ -21903,13 +22012,14 @@ var SessionTracker = class {
     lines.push(`| Total data processed | ${formatBytes(totalProcessed)} |`);
     lines.push(`| Kept in sandbox | ${formatBytes(keptOut)} |`);
     lines.push(`| Context consumed | ${formatBytes(totalReturned)} |`);
-    lines.push(`| Est. tokens used | ~${estTokens.toLocaleString()} (${tokenCost(estTokens)}) |`);
     lines.push(
-      `| Est. tokens saved | ~${estTokensAvoided.toLocaleString()} (${tokenCost(estTokensAvoided)}) |`
+      `| Est. tokens used | ~${estTokensLo.toLocaleString()}-${estTokensHi.toLocaleString()} tokens (${tokenCost(estTokensMid)}) |`
     );
     lines.push(
-      `| **Savings ratio** | **${savingsRatio.toFixed(1)}x** (${reductionPct}% reduction) |`
+      `| Est. tokens saved | ~${estTokensAvoidedLo.toLocaleString()}-${estTokensAvoidedHi.toLocaleString()} tokens (${tokenCost(estTokensAvoidedMid)}) |`
     );
+    const savingsLabel = Number.isFinite(savingsRatio) ? `${savingsRatio.toFixed(1)}x` : "\u221E";
+    lines.push(`| **Savings ratio** | **${savingsLabel}** (${reductionPct}% reduction) |`);
     if (totalProcessed > 0) {
       const savingsBar = asciiBar(keptOut / totalProcessed);
       lines.push(`
@@ -21923,11 +22033,12 @@ var SessionTracker = class {
       const maxBytes = Math.max(...Object.values(snap.bytesReturned));
       for (const [name, calls] of Object.entries(snap.calls)) {
         const bytes = snap.bytesReturned[name] ?? 0;
-        const tokens = Math.round(bytes / 4);
+        const tokLo = Math.round(bytes / 5);
+        const tokHi = Math.round(bytes / 3);
         const barRatio = maxBytes > 0 ? bytes / maxBytes : 0;
         const bar = "\u2588".repeat(Math.max(1, Math.round(barRatio * 15)));
         lines.push(
-          `  ${name.padEnd(16)} ${String(calls).padStart(3)} calls  ${bar} ${formatBytes(bytes)} (~${tokens.toLocaleString()} tok)`
+          `  ${name.padEnd(16)} ${String(calls).padStart(3)} calls  ${bar} ${formatBytes(bytes)} (~${tokLo.toLocaleString()}-${tokHi.toLocaleString()} tok)`
         );
       }
     }
@@ -21940,7 +22051,7 @@ Context-compress kept ${formatBytes(keptOut)} out of context (${reductionPct}% s
 };
 
 // src/store.ts
-import { readdirSync, unlinkSync } from "node:fs";
+import { mkdirSync as mkdirSync2, readdirSync, unlinkSync } from "node:fs";
 import { tmpdir as tmpdir2 } from "node:os";
 import { join as join3 } from "node:path";
 import Database from "better-sqlite3";
@@ -22031,20 +22142,15 @@ var STOPWORDS = /* @__PURE__ */ new Set([
   "how",
   "its",
   "may",
-  "new",
   "now",
   "old",
   "see",
   "way",
   "who",
   "did",
-  "get",
-  "got",
-  "let",
   "say",
   "she",
   "too",
-  "use",
   "will",
   "with",
   "this",
@@ -22058,7 +22164,6 @@ var STOPWORDS = /* @__PURE__ */ new Set([
   "them",
   "than",
   "each",
-  "make",
   "like",
   "just",
   "over",
@@ -22098,21 +22203,7 @@ var STOPWORDS = /* @__PURE__ */ new Set([
   "where",
   "here",
   "were",
-  "much",
-  "update",
-  "updates",
-  "updated",
-  "deps",
-  "dev",
-  "tests",
-  "test",
-  "add",
-  "added",
-  "fix",
-  "fixed",
-  "run",
-  "running",
-  "using"
+  "much"
 ]);
 var HEADING_RE = /^(#{1,4})\s+(.+)$/;
 var SEPARATOR_RE = /^[-_*]{3,}\s*$/;
@@ -22148,8 +22239,18 @@ var ContentStore = class {
   insertChunkStmt;
   vocabCountStmt;
   vocabInsertStmt;
-  constructor(dbPath) {
-    const path = dbPath ?? join3(tmpdir2(), `context-compress-${process.pid}.db`);
+  constructor(options) {
+    let path;
+    if (typeof options === "string") {
+      path = options;
+    } else if (options?.persistDb || options?.dbDir) {
+      const dir = options.dbDir ?? join3(process.env.CLAUDE_PROJECT_DIR ?? process.cwd(), ".context-compress");
+      mkdirSync2(dir, { recursive: true });
+      path = join3(dir, "store.db");
+      debug("Using persistent DB at", path);
+    } else {
+      path = (typeof options === "object" ? options?.dbPath : void 0) ?? join3(tmpdir2(), `context-compress-${process.pid}.db`);
+    }
     this.db = new Database(path);
     this.db.pragma("journal_mode = WAL");
     this.db.pragma("synchronous = NORMAL");
@@ -22267,22 +22368,22 @@ var ContentStore = class {
     }
     return { query, results: [] };
   }
-  porterSearch(sanitized, source, limit) {
+  ftsSearch(table, sanitized, source, limit) {
     const sourceFilter = source ? "AND sources.label LIKE '%' || ? || '%'" : "";
     const params = [sanitized];
     if (source) params.push(source);
     params.push(limit);
     const sql = `
 			SELECT
-				chunks.title,
-				chunks.content,
-				chunks.content_type,
+				${table}.title,
+				${table}.content,
+				${table}.content_type,
 				sources.label,
-				bm25(chunks, 2.0, 1.0) AS rank,
-				highlight(chunks, 1, char(2), char(3)) AS highlighted
-			FROM chunks
-			JOIN sources ON sources.id = chunks.source_id
-			WHERE chunks MATCH ? ${sourceFilter}
+				bm25(${table}, 2.0, 1.0) AS rank,
+				highlight(${table}, 1, char(2), char(3)) AS highlighted
+			FROM ${table}
+			JOIN sources ON sources.id = ${table}.source_id
+			WHERE ${table} MATCH ? ${sourceFilter}
 			ORDER BY rank
 			LIMIT ?
 		`;
@@ -22295,41 +22396,15 @@ var ContentStore = class {
         score: Math.abs(row.rank)
       }));
     } catch (e) {
-      debug("Porter search error:", e);
+      debug(`FTS search error (${table}):`, e);
       return [];
     }
   }
+  porterSearch(sanitized, source, limit) {
+    return this.ftsSearch("chunks", sanitized, source, limit);
+  }
   trigramSearch(sanitized, source, limit) {
-    const sourceFilter = source ? "AND sources.label LIKE '%' || ? || '%'" : "";
-    const params = [sanitized];
-    if (source) params.push(source);
-    params.push(limit);
-    const sql = `
-			SELECT
-				chunks_trigram.title,
-				chunks_trigram.content,
-				chunks_trigram.content_type,
-				sources.label,
-				bm25(chunks_trigram, 2.0, 1.0) AS rank,
-				highlight(chunks_trigram, 1, char(2), char(3)) AS highlighted
-			FROM chunks_trigram
-			JOIN sources ON sources.id = chunks_trigram.source_id
-			WHERE chunks_trigram MATCH ? ${sourceFilter}
-			ORDER BY rank
-			LIMIT ?
-		`;
-    try {
-      const rows = this.db.prepare(sql).all(...params);
-      return rows.map((row) => ({
-        title: row.title,
-        snippet: extractSnippet(row.highlighted),
-        source: row.label,
-        score: Math.abs(row.rank)
-      }));
-    } catch (e) {
-      debug("Trigram search error:", e);
-      return [];
-    }
+    return this.ftsSearch("chunks_trigram", sanitized, source, limit);
   }
   /**
    * Fuzzy correction using vocabulary + Levenshtein distance.
@@ -22486,6 +22561,10 @@ function chunkMarkdown(content) {
     }
     currentLines.push(line);
   }
+  if (inFence) {
+    debug("Warning: unclosed code fence detected during markdown chunking");
+    hasCode = true;
+  }
   flush();
   return chunks;
 }
@@ -22499,7 +22578,7 @@ function chunkPlainText(content, linesPerChunk = 20, overlap = 2) {
       return {
         title: trimmed.split("\n")[0].slice(0, 80),
         content: trimmed,
-        hasCode: FENCE_RE.test(trimmed)
+        hasCode: /`{3,}/.test(trimmed)
       };
     }).filter(Boolean);
   }
@@ -22567,8 +22646,14 @@ var ALL_LANGUAGES = [
 var LANGUAGE_ENUM = ALL_LANGUAGES;
 var projectDir = process.env.CLAUDE_PROJECT_DIR ?? process.cwd();
 function isWithinProject(absPath) {
-  const normalized = resolve(absPath);
-  return normalized === projectDir || normalized.startsWith(`${projectDir}/`);
+  try {
+    const normalized = realpathSync(resolve(absPath));
+    const realProjectDir = realpathSync(projectDir);
+    return normalized === realProjectDir || normalized.startsWith(`${realProjectDir}/`);
+  } catch {
+    const normalized = resolve(absPath);
+    return normalized === projectDir || normalized.startsWith(`${projectDir}/`);
+  }
 }
 function getVersion() {
   try {
@@ -22592,6 +22677,45 @@ function compactLabel(normal, level) {
   }
   return normal;
 }
+async function limitConcurrency(tasks, limit) {
+  const results = new Array(tasks.length);
+  let nextIndex = 0;
+  async function runNext() {
+    while (nextIndex < tasks.length) {
+      const index = nextIndex++;
+      try {
+        const value = await tasks[index]();
+        results[index] = { status: "fulfilled", value };
+      } catch (reason) {
+        results[index] = { status: "rejected", reason };
+      }
+    }
+  }
+  const workers = Array.from({ length: Math.min(limit, tasks.length) }, () => runNext());
+  await Promise.all(workers);
+  return results;
+}
+function detectInjectionPatterns(content) {
+  const warnings = [];
+  const patterns = [
+    { re: /ignore\s+(all\s+)?previous\s+instructions/i, label: "instruction override" },
+    { re: /you\s+are\s+now\s+/i, label: "role reassignment" },
+    {
+      re: /(?:^|\n)\s*system\s*:\s*(?:you are|you're|as an? )/im,
+      label: "system prompt injection"
+    },
+    { re: /\[INST\]|\[\/INST\]|<\|im_start\|>|<\|im_end\|>/i, label: "chat template injection" },
+    { re: /\n\n(?:Human|Assistant):/m, label: "chat delimiter injection" },
+    { re: /reveal\s+(your|the)\s+(system|secret|confidential)/i, label: "data exfiltration" },
+    { re: /act\s+as\s+(if\s+you\s+are|a)\s+/i, label: "role manipulation" }
+  ];
+  for (const { re, label } of patterns) {
+    if (re.test(content)) {
+      warnings.push(label);
+    }
+  }
+  return warnings;
+}
 async function createServer(config3) {
   const version2 = getVersion();
   debug("Version:", version2);
@@ -22600,8 +22724,39 @@ async function createServer(config3) {
   const bunDetected = hasBun(runtimes);
   debug("Runtimes detected:", runtimes.size);
   const executor = new SubprocessExecutor(runtimes, config3);
-  const store = new ContentStore();
+  let store;
+  let dbFallback = false;
+  try {
+    store = new ContentStore({ persistDb: config3.persistDb, dbDir: config3.dbDir });
+  } catch (e) {
+    debug("Failed to create DB, falling back to in-memory:", e);
+    store = new ContentStore(":memory:");
+    dbFallback = true;
+  }
   const tracker = new SessionTracker();
+  function applyIntentFilter(output, intent, sourceLabel) {
+    if (Buffer.byteLength(output) <= config3.intentSearchThreshold) return output;
+    const indexed = store.index(output, sourceLabel);
+    tracker.trackIndexed(Buffer.byteLength(output));
+    const searchResults = store.search(intent, { limit: 3 });
+    const terms = store.getDistinctiveTerms(indexed.sourceId);
+    let filtered = `Indexed ${indexed.totalChunks} sections from ${sourceLabel}.
+`;
+    filtered += `${searchResults.results.length} sections matched "${intent}":
+
+`;
+    for (const hit of searchResults.results) {
+      filtered += `  - **${hit.title}**: ${hit.snippet.slice(0, 200)}
+`;
+    }
+    if (terms.length > 0 && config3.compressionLevel !== "ultra") {
+      filtered += `
+Searchable terms: ${terms.join(", ")}
+`;
+    }
+    filtered += "\nUse search(queries: [...]) to retrieve full content of any section.";
+    return compactLabel(filtered, config3.compressionLevel);
+  }
   const shutdown = () => {
     try {
       store.close();
@@ -22618,7 +22773,7 @@ async function createServer(config3) {
   });
   server2.tool(
     "execute",
-    `Execute code in a sandboxed subprocess. Only stdout enters context \u2014 raw data stays in the subprocess. Use instead of bash/cat when output would exceed 20 lines. ${bunDetected ? "(Bun detected \u2014 JS/TS runs 3-5x faster) " : ""}Available: ${ALL_LANGUAGES.join(", ")}.
+    `Execute code in a sandboxed subprocess. Only stdout enters context \u2014 raw data stays in the subprocess. Use instead of bash/cat when output would exceed ~5KB. ${bunDetected ? "(Bun detected \u2014 JS/TS runs 3-5x faster) " : ""}Available: ${ALL_LANGUAGES.join(", ")}.
 
 PREFER THIS OVER BASH for: API calls (gh, curl, aws), test runners (npm test, pytest), git queries (git log, git diff), data processing, and ANY CLI command that may produce large output. Bash should only be used for file mutations, git writes, and navigation.`,
     {
@@ -22643,27 +22798,8 @@ PREFER THIS OVER BASH for: API calls (gh, curl, aws), test runners (npm test, py
 STDERR:
 ${result.stderr}`;
       }
-      if (intent && Buffer.byteLength(output) > config3.intentSearchThreshold) {
-        const indexed = store.index(output, `execute:${language}`);
-        tracker.trackIndexed(Buffer.byteLength(output));
-        const searchResults = store.search(intent, { limit: 3 });
-        const terms = store.getDistinctiveTerms(indexed.sourceId);
-        let filtered = `Indexed ${indexed.totalChunks} sections from execute output.
-`;
-        filtered += `${searchResults.results.length} sections matched "${intent}":
-
-`;
-        for (const hit of searchResults.results) {
-          filtered += `  - **${hit.title}**: ${hit.snippet.slice(0, 200)}
-`;
-        }
-        if (terms.length > 0 && config3.compressionLevel !== "ultra") {
-          filtered += `
-Searchable terms: ${terms.join(", ")}
-`;
-        }
-        filtered += "\nUse search(queries: [...]) to retrieve full content of any section.";
-        output = compactLabel(filtered, config3.compressionLevel);
+      if (intent) {
+        output = applyIntentFilter(output, intent, `execute:${language}`);
       }
       const responseBytes = Buffer.byteLength(output);
       tracker.trackCall("execute", responseBytes);
@@ -22707,27 +22843,8 @@ Searchable terms: ${terms.join(", ")}
 STDERR:
 ${result.stderr}`;
       }
-      if (intent && Buffer.byteLength(output) > config3.intentSearchThreshold) {
-        const indexed = store.index(output, `file:${filePath}`);
-        tracker.trackIndexed(Buffer.byteLength(output));
-        const searchResults = store.search(intent, { limit: 3 });
-        const terms = store.getDistinctiveTerms(indexed.sourceId);
-        let filtered = `Indexed ${indexed.totalChunks} sections from "${filePath}" into knowledge base.
-`;
-        filtered += `${searchResults.results.length} sections matched "${intent}":
-
-`;
-        for (const hit of searchResults.results) {
-          filtered += `  - **${hit.title}**: ${hit.snippet.slice(0, 200)}
-`;
-        }
-        if (terms.length > 0 && config3.compressionLevel !== "ultra") {
-          filtered += `
-Searchable terms: ${terms.join(", ")}
-`;
-        }
-        filtered += "\nUse search(queries: [...]) to retrieve full content of any section.";
-        output = compactLabel(filtered, config3.compressionLevel);
+      if (intent) {
+        output = applyIntentFilter(output, intent, `file:${filePath}`);
       }
       const responseBytes = Buffer.byteLength(output);
       tracker.trackCall("execute_file", responseBytes);
@@ -22757,20 +22874,38 @@ Searchable terms: ${terms.join(", ")}
             ]
           };
         }
-        const fileStat = statSync(absPath);
-        if (fileStat.size > 50 * 1024 * 1024) {
+        try {
+          const fileStat = statSync(absPath);
+          if (fileStat.size > 50 * 1024 * 1024) {
+            return {
+              content: [
+                {
+                  type: "text",
+                  text: `Error: file "${filePath}" is too large (${(fileStat.size / 1024 / 1024).toFixed(1)}MB). Max 50MB.`
+                }
+              ]
+            };
+          }
+          text = readFileSync2(absPath, "utf-8");
+          label = source ?? filePath;
+        } catch (e) {
+          const msg = e instanceof Error ? e.message : String(e);
+          return {
+            content: [{ type: "text", text: `Error reading "${filePath}": ${msg}` }]
+          };
+        }
+      } else if (content) {
+        const contentBytes = Buffer.byteLength(content);
+        if (contentBytes > 50 * 1024 * 1024) {
           return {
             content: [
               {
                 type: "text",
-                text: `Error: file "${filePath}" is too large (${(fileStat.size / 1024 / 1024).toFixed(1)}MB). Max 50MB.`
+                text: `Error: content too large (${(contentBytes / 1024 / 1024).toFixed(1)}MB). Max 50MB.`
               }
             ]
           };
         }
-        text = readFileSync2(absPath, "utf-8");
-        label = source ?? filePath;
-      } else if (content) {
         text = content;
       } else {
         return {
@@ -22869,8 +23004,22 @@ ${hit.snippet}
           content: [{ type: "text", text: `Error: invalid URL "${url}"` }]
         };
       }
+      let resolvedIp = null;
+      try {
+        const validated = await resolveAndValidate(url);
+        resolvedIp = validated.resolvedIp;
+      } catch (err) {
+        return {
+          content: [
+            {
+              type: "text",
+              text: `Error: ${err instanceof Error ? err.message : "DNS validation failed"}`
+            }
+          ]
+        };
+      }
       const label = source ?? url;
-      const fetchCode = buildFetchCode(url);
+      const fetchCode = buildFetchCode(url, resolvedIp);
       const result = await executor.execute({
         language: "javascript",
         code: fetchCode,
@@ -22883,6 +23032,7 @@ ${hit.snippet}
       }
       const markdown = result.stdout;
       tracker.trackSandboxed(result.networkBytes ?? 0);
+      const injectionWarnings = detectInjectionPatterns(markdown);
       const indexed = store.index(markdown, label);
       tracker.trackIndexed(Buffer.byteLength(markdown));
       const preview = markdown.slice(0, 3072);
@@ -22899,6 +23049,11 @@ ${preview}`;
 Searchable terms: ${terms.join(", ")}`;
       }
       output += "\n\nUse search(queries: [...]) to retrieve full content of any section.";
+      if (injectionWarnings.length > 0) {
+        output += `
+
+\u26A0 Content safety notice: detected patterns (${injectionWarnings.join(", ")}). Review indexed content before relying on it.`;
+      }
       tracker.trackCall("fetch_and_index", Buffer.byteLength(output));
       return { content: [{ type: "text", text: output }] };
     }
@@ -22919,15 +23074,16 @@ Searchable terms: ${terms.join(", ")}`;
       timeout: external_exports.number().default(6e4).describe("Max execution time in ms (default: 60s)")
     },
     async ({ commands, queries, timeout }) => {
-      const commandResults = await Promise.allSettled(
-        commands.map(async (cmd) => {
+      const commandResults = await limitConcurrency(
+        commands.map((cmd) => async () => {
           const result = await executor.execute({
             language: "shell",
             code: cmd.command,
             timeout
           });
           return { label: cmd.label, result };
-        })
+        }),
+        4
       );
       let combined = "";
       const inventory = [];
@@ -23072,6 +23228,11 @@ Searchable terms: ${terms.join(", ")}`;
           );
         }
       }
+      if (dbFallback) {
+        lines.push(
+          "\n\u26A0 **Warning:** Persistent DB creation failed \u2014 using in-memory storage. Indexed data will not survive restarts."
+        );
+      }
       const output = lines.join("\n");
       tracker.trackCall("discover", Buffer.byteLength(output));
       return { content: [{ type: "text", text: output }] };
@@ -23085,11 +23246,21 @@ Searchable terms: ${terms.join(", ")}`;
     }
   };
 }
-function buildFetchCode(url) {
-  const escaped = JSON.stringify(url);
-  return `
-const url = ${escaped};
-const resp = await fetch(url);
+function buildFetchCode(url, resolvedIp) {
+  let fetchSetup;
+  if (resolvedIp) {
+    const pinnedUrl = new URL(url);
+    const originalHost = pinnedUrl.host;
+    pinnedUrl.hostname = resolvedIp;
+    fetchSetup = `
+const url = ${JSON.stringify(pinnedUrl.toString())};
+const resp = await fetch(url, { headers: { 'Host': ${JSON.stringify(originalHost)} }, redirect: 'error' });`;
+  } else {
+    fetchSetup = `
+const url = ${JSON.stringify(url)};
+const resp = await fetch(url, { redirect: 'error' });`;
+  }
+  return `${fetchSetup}
 if (!resp.ok) { console.error("HTTP " + resp.status); process.exit(1); }
 const html = await resp.text();
 
@@ -23125,12 +23296,15 @@ md = md.replace(/<br\\s*\\/?>/gi, "\\n");
 md = md.replace(/<[^>]+>/g, "");
 
 // Decode entities
-md = md.replace(/&amp;/g, "&")
-  .replace(/&lt;/g, "<")
+md = md.replace(/&lt;/g, "<")
   .replace(/&gt;/g, ">")
   .replace(/&quot;/g, '"')
   .replace(/&#39;/g, "'")
-  .replace(/&nbsp;/g, " ");
+  .replace(/&apos;/g, "'")
+  .replace(/&nbsp;/g, " ")
+  .replace(/&#(\\d+);/g, (_, n) => { const c = parseInt(n, 10); return c > 0 && c <= 0x10FFFF ? String.fromCodePoint(c) : ''; })
+  .replace(/&#x([0-9a-fA-F]+);/g, (_, h) => { const c = parseInt(h, 16); return c > 0 && c <= 0x10FFFF ? String.fromCodePoint(c) : ''; })
+  .replace(/&amp;/g, "&");
 
 // Clean whitespace
 md = md.replace(/\\n{3,}/g, "\\n\\n").trim();