context-compress 2026.3.13 → 2026.3.21

package/dist/server.bundle.mjs

@@ -10861,7 +10861,9 @@ var DEFAULTS = {
   searchWindowMs: 6e4,
   searchReduceAfter: 3,
   searchBlockAfter: 8,
-  compressionLevel: "normal"
+  compressionLevel: "normal",
+  persistDb: false,
+  dbDir: null
 };
 var LEVEL_OVERRIDES = {
   normal: {},
@@ -10896,7 +10898,9 @@ var ConfigSchema = external_exports.object({
   searchWindowMs: external_exports.number().int().positive().optional(),
   searchReduceAfter: external_exports.number().int().nonnegative().optional(),
   searchBlockAfter: external_exports.number().int().positive().optional(),
-  compressionLevel: external_exports.enum(["normal", "compact", "ultra"]).optional()
+  compressionLevel: external_exports.enum(["normal", "compact", "ultra"]).optional(),
+  persistDb: external_exports.boolean().optional(),
+  dbDir: external_exports.string().nullable().optional()
 });
 function parseIntEnv(key) {
   const val = process.env[key];
@@ -10965,6 +10969,12 @@ function loadEnvConfig() {
   if (level === "normal" || level === "compact" || level === "ultra") {
     partial2.compressionLevel = level;
   }
+  if (process.env.CONTEXT_COMPRESS_PERSIST_DB === "1") {
+    partial2.persistDb = true;
+  }
+  if (process.env.CONTEXT_COMPRESS_DB_DIR) {
+    partial2.dbDir = process.env.CONTEXT_COMPRESS_DB_DIR;
+  }
   return partial2;
 }
 var _config = null;
@@ -10980,6 +10990,60 @@ function loadConfig(projectDir2) {
       merged[k] = value;
     }
   }
+  if (merged.maxOutputBytes < 1024) {
+    console.error(
+      `[context-compress] Config: maxOutputBytes clamped from ${merged.maxOutputBytes} to 1024`
+    );
+    merged.maxOutputBytes = 1024;
+  }
+  if (merged.hardCapBytes < merged.maxOutputBytes) {
+    console.error(
+      `[context-compress] Config: hardCapBytes clamped from ${merged.hardCapBytes} to ${merged.maxOutputBytes}`
+    );
+    merged.hardCapBytes = merged.maxOutputBytes;
+  }
+  if (merged.intentSearchThreshold < 0) {
+    console.error(
+      `[context-compress] Config: intentSearchThreshold clamped from ${merged.intentSearchThreshold} to 0`
+    );
+    merged.intentSearchThreshold = 0;
+  }
+  if (merged.searchLimit < 1) {
+    console.error(`[context-compress] Config: searchLimit clamped from ${merged.searchLimit} to 1`);
+    merged.searchLimit = 1;
+  }
+  if (merged.searchWindowMs < 1e3) {
+    console.error(
+      `[context-compress] Config: searchWindowMs clamped from ${merged.searchWindowMs} to 1000`
+    );
+    merged.searchWindowMs = 1e3;
+  }
+  if (merged.searchReduceAfter < 1) {
+    console.error(
+      `[context-compress] Config: searchReduceAfter clamped from ${merged.searchReduceAfter} to 1`
+    );
+    merged.searchReduceAfter = 1;
+  }
+  if (merged.searchBlockAfter < merged.searchReduceAfter + 1) {
+    const minVal = merged.searchReduceAfter + 1;
+    console.error(
+      `[context-compress] Config: searchBlockAfter clamped from ${merged.searchBlockAfter} to ${minVal}`
+    );
+    merged.searchBlockAfter = minVal;
+  }
+  if (merged.searchMaxBytes < 1024) {
+    console.error(
+      `[context-compress] Config: searchMaxBytes clamped from ${merged.searchMaxBytes} to 1024`
+    );
+    merged.searchMaxBytes = 1024;
+  }
+  if (merged.batchMaxBytes < 1024) {
+    console.error(
+      `[context-compress] Config: batchMaxBytes clamped from ${merged.batchMaxBytes} to 1024`
+    );
+    merged.batchMaxBytes = 1024;
+  }
+  if (merged.dbDir) merged.persistDb = true;
   _config = merged;
   return _config;
 }
@@ -10997,7 +11061,7 @@ function debug(...args) {
 }
 
 // src/server.ts
-import { readFileSync as readFileSync2, statSync } from "node:fs";
+import { readFileSync as readFileSync2, realpathSync, statSync } from "node:fs";
 import { dirname, join as join4, resolve } from "node:path";
 import { fileURLToPath } from "node:url";
 
@@ -21152,6 +21216,54 @@ import { execFileSync, spawn } from "node:child_process";
 import { mkdirSync, mkdtempSync, rmSync, writeFileSync } from "node:fs";
 import { tmpdir } from "node:os";
 import { join as join2 } from "node:path";
+
+// src/utils.ts
+function detectInjectionPatterns(content) {
+  const warnings = [];
+  const patterns = [
+    { re: /ignore\s+(all\s+)?previous\s+instructions/i, label: "instruction override" },
+    { re: /you\s+are\s+now\s+/i, label: "role reassignment" },
+    {
+      re: /(?:^|\n)\s*system\s*:\s*(?:you are|you're|as an? )/im,
+      label: "system prompt injection"
+    },
+    { re: /\[INST\]|\[\/INST\]|<\|im_start\|>|<\|im_end\|>/i, label: "chat template injection" },
+    { re: /\n\n(?:Human|Assistant):/m, label: "chat delimiter injection" },
+    { re: /reveal\s+(your|the)\s+(system|secret|confidential)/i, label: "data exfiltration" },
+    { re: /act\s+as\s+(if\s+you\s+are|a)\s+/i, label: "role manipulation" }
+  ];
+  for (const { re, label } of patterns) {
+    if (re.test(content)) {
+      warnings.push(label);
+    }
+  }
+  return warnings;
+}
+async function limitConcurrency(tasks, limit) {
+  const results = new Array(tasks.length);
+  let nextIndex = 0;
+  async function runNext() {
+    while (nextIndex < tasks.length) {
+      const index = nextIndex++;
+      try {
+        const value = await tasks[index]();
+        results[index] = { status: "fulfilled", value };
+      } catch (reason) {
+        results[index] = { status: "rejected", reason };
+      }
+    }
+  }
+  const workers = Array.from({ length: Math.min(limit, tasks.length) }, () => runNext());
+  await Promise.all(workers);
+  return results;
+}
+function formatBytes(bytes) {
+  if (bytes < 1024) return `${bytes}B`;
+  if (bytes < 1024 * 1024) return `${(bytes / 1024).toFixed(1)}KB`;
+  return `${(bytes / (1024 * 1024)).toFixed(1)}MB`;
+}
+
+// src/executor.ts
 var DEFAULT_TIMEOUT = 3e4;
 var SAFE_ENV_KEYS = [
   "PATH",
@@ -21316,20 +21428,26 @@ function smartTruncate(output, maxBytes) {
 `;
   return headLines.join("\n") + separator + tailLines.join("\n");
 }
-function formatBytes(bytes) {
-  if (bytes < 1024) return `${bytes}B`;
-  if (bytes < 1024 * 1024) return `${(bytes / 1024).toFixed(1)}KB`;
-  return `${(bytes / (1024 * 1024)).toFixed(1)}MB`;
-}
 var SubprocessExecutor = class {
   runtimes;
   config;
   env;
+  activeProcesses = /* @__PURE__ */ new Set();
   constructor(runtimes, config3) {
     this.runtimes = runtimes;
     this.config = config3;
     this.env = buildEnv(config3);
   }
+  /** Kill all active child processes and their process trees. */
+  shutdown() {
+    for (const proc of this.activeProcesses) {
+      try {
+        if (proc.pid) killProcessTree(proc.pid);
+      } catch {
+      }
+    }
+    this.activeProcesses.clear();
+  }
   /**
    * Execute code in a subprocess.
    */
@@ -21431,6 +21549,7 @@ var SubprocessExecutor = class {
         shell: useShell,
         detached: process.platform !== "win32"
       });
+      this.activeProcesses.add(proc);
       proc.stdout?.on("data", (chunk) => {
         totalBytes += chunk.length;
         if (totalBytes > hardCap) {
@@ -21451,6 +21570,7 @@ var SubprocessExecutor = class {
       });
       proc.on("error", (err) => {
         debug("Process error:", err.message);
+        this.activeProcesses.delete(proc);
         if (!resolved) {
           resolved = true;
           resolve2({
@@ -21463,6 +21583,7 @@ var SubprocessExecutor = class {
         }
       });
       proc.on("close", (code) => {
+        this.activeProcesses.delete(proc);
         if (resolved) return;
         resolved = true;
         let stdout = Buffer.concat(stdoutChunks).toString("utf-8");
@@ -21476,8 +21597,10 @@ var SubprocessExecutor = class {
           stdout += `
 [output capped at ${formatBytes(hardCap)} \u2014 process killed]`;
         }
-        stdout = deduplicateLines(stdout);
-        stdout = groupErrorLines(stdout);
+        if (stdout.length > 1e4) {
+          stdout = deduplicateLines(stdout);
+          stdout = groupErrorLines(stdout);
+        }
         const truncated = Buffer.byteLength(stdout) > maxOutput;
         if (truncated) {
           stdout = smartTruncate(stdout, maxOutput);
@@ -21516,10 +21639,12 @@ __cm_main().then(()=>{${epilogue}}).catch(e=>{console.error(e);${epilogue}proces
 }
 
 // src/network.ts
+import dns from "node:dns";
 function isPrivateHost(hostname2) {
   const h = hostname2.startsWith("[") && hostname2.endsWith("]") ? hostname2.slice(1, -1) : hostname2;
   const lower = h.toLowerCase();
   if (lower === "localhost" || lower === "0.0.0.0") return true;
+  if (/^0\./.test(h)) return true;
   if (/^127\./.test(h)) return true;
   if (/^10\./.test(h)) return true;
   if (/^172\.(1[6-9]|2\d|3[01])\./.test(h)) return true;
@@ -21527,12 +21652,50 @@ function isPrivateHost(hostname2) {
   if (/^169\.254\./.test(h)) return true;
   if (/^100\.(6[4-9]|[7-9]\d|1[01]\d|12[0-7])\./.test(h)) return true;
   if (lower === "::1") return true;
+  if (lower === "::" || lower === "0:0:0:0:0:0:0:0") return true;
   const mappedMatch = lower.match(/^::ffff:(\d+\.\d+\.\d+\.\d+)$/);
   if (mappedMatch) return isPrivateHost(mappedMatch[1]);
   if (/^fe[89ab]/i.test(h)) return true;
   if (/^f[cd]/i.test(h)) return true;
   return false;
 }
+async function resolveAndValidate(url) {
+  const parsed = new URL(url);
+  const hostname2 = parsed.hostname;
+  if (/^\d+\.\d+\.\d+\.\d+$/.test(hostname2) || hostname2.includes(":")) {
+    if (isPrivateHost(hostname2)) {
+      throw new Error(`Blocked: resolved IP ${hostname2} is a private/internal address`);
+    }
+    return { url, resolvedIp: null };
+  }
+  let resolvedIp = null;
+  let v4Error = false;
+  let v6Error = false;
+  const [v4Result, v6Result] = await Promise.allSettled([
+    dns.promises.lookup(hostname2, { family: 4 }),
+    dns.promises.lookup(hostname2, { family: 6 })
+  ]);
+  if (v4Result.status === "fulfilled") {
+    if (isPrivateHost(v4Result.value.address)) {
+      throw new Error(`Blocked: ${hostname2} resolved to private IP ${v4Result.value.address}`);
+    }
+    resolvedIp = v4Result.value.address;
+  } else {
+    v4Error = true;
+  }
+  if (v6Result.status === "fulfilled") {
+    if (isPrivateHost(v6Result.value.address)) {
+      throw new Error(`Blocked: ${hostname2} resolved to private IPv6 ${v6Result.value.address}`);
+    }
+    if (!resolvedIp) resolvedIp = v6Result.value.address;
+  } else {
+    v6Error = true;
+  }
+  if (v4Error && v6Error) {
+    throw new Error(`DNS resolution failed for ${hostname2}: unable to verify host safety`);
+  }
+  return { url, resolvedIp };
+}
 
 // src/runtime/index.ts
 import { exec } from "node:child_process";
@@ -21857,8 +22020,9 @@ function asciiBar(ratio, width = BAR_WIDTH) {
   return `[${"\u2588".repeat(filled)}${"\u2591".repeat(empty)}] ${(ratio * 100).toFixed(0)}%`;
 }
 function tokenCost(tokens) {
-  const cost = tokens / 1e6 * 3;
-  return cost >= 0.01 ? `~$${cost.toFixed(2)}` : "<$0.01";
+  const sonnetCost = tokens / 1e6 * 3;
+  if (sonnetCost < 0.01) return "<$0.01";
+  return `~$${sonnetCost.toFixed(2)} (Sonnet)`;
 }
 var SessionTracker = class {
   stats = {
@@ -21890,10 +22054,14 @@ var SessionTracker = class {
     const totalReturned = Object.values(snap.bytesReturned).reduce((a, b) => a + b, 0);
     const keptOut = snap.bytesIndexed + snap.bytesSandboxed;
     const totalProcessed = keptOut + totalReturned;
-    const savingsRatio = totalReturned > 0 ? totalProcessed / totalReturned : 1;
+    const savingsRatio = totalReturned > 0 ? totalProcessed / totalReturned : keptOut > 0 ? Number.POSITIVE_INFINITY : 1;
     const reductionPct = totalProcessed > 0 ? ((1 - totalReturned / totalProcessed) * 100).toFixed(1) : "0.0";
-    const estTokens = Math.round(totalReturned / 4);
-    const estTokensAvoided = Math.round(keptOut / 4);
+    const estTokensLo = Math.round(totalReturned / 5);
+    const estTokensHi = Math.round(totalReturned / 3);
+    const estTokensAvoidedLo = Math.round(keptOut / 5);
+    const estTokensAvoidedHi = Math.round(keptOut / 3);
+    const estTokensMid = Math.round(totalReturned / 4);
+    const estTokensAvoidedMid = Math.round(keptOut / 4);
     const lines = [];
     lines.push("## Session Statistics\n");
     lines.push("| Metric | Value |");
@@ -21903,13 +22071,14 @@ var SessionTracker = class {
     lines.push(`| Total data processed | ${formatBytes(totalProcessed)} |`);
     lines.push(`| Kept in sandbox | ${formatBytes(keptOut)} |`);
     lines.push(`| Context consumed | ${formatBytes(totalReturned)} |`);
-    lines.push(`| Est. tokens used | ~${estTokens.toLocaleString()} (${tokenCost(estTokens)}) |`);
     lines.push(
-      `| Est. tokens saved | ~${estTokensAvoided.toLocaleString()} (${tokenCost(estTokensAvoided)}) |`
+      `| Est. tokens used | ~${estTokensLo.toLocaleString()}-${estTokensHi.toLocaleString()} tokens (${tokenCost(estTokensMid)}) |`
     );
     lines.push(
-      `| **Savings ratio** | **${savingsRatio.toFixed(1)}x** (${reductionPct}% reduction) |`
+      `| Est. tokens saved | ~${estTokensAvoidedLo.toLocaleString()}-${estTokensAvoidedHi.toLocaleString()} tokens (${tokenCost(estTokensAvoidedMid)}) |`
     );
+    const savingsLabel = Number.isFinite(savingsRatio) ? `${savingsRatio.toFixed(1)}x` : "\u221E";
+    lines.push(`| **Savings ratio** | **${savingsLabel}** (${reductionPct}% reduction) |`);
     if (totalProcessed > 0) {
       const savingsBar = asciiBar(keptOut / totalProcessed);
       lines.push(`
@@ -21923,11 +22092,12 @@ var SessionTracker = class {
       const maxBytes = Math.max(...Object.values(snap.bytesReturned));
       for (const [name, calls] of Object.entries(snap.calls)) {
         const bytes = snap.bytesReturned[name] ?? 0;
-        const tokens = Math.round(bytes / 4);
+        const tokLo = Math.round(bytes / 5);
+        const tokHi = Math.round(bytes / 3);
         const barRatio = maxBytes > 0 ? bytes / maxBytes : 0;
         const bar = "\u2588".repeat(Math.max(1, Math.round(barRatio * 15)));
         lines.push(
-          `  ${name.padEnd(16)} ${String(calls).padStart(3)} calls  ${bar} ${formatBytes(bytes)} (~${tokens.toLocaleString()} tok)`
+          `  ${name.padEnd(16)} ${String(calls).padStart(3)} calls  ${bar} ${formatBytes(bytes)} (~${tokLo.toLocaleString()}-${tokHi.toLocaleString()} tok)`
         );
       }
     }
@@ -21940,7 +22110,7 @@ Context-compress kept ${formatBytes(keptOut)} out of context (${reductionPct}% s
 };
 
 // src/store.ts
-import { readdirSync, unlinkSync } from "node:fs";
+import { mkdirSync as mkdirSync2, readdirSync, unlinkSync } from "node:fs";
 import { tmpdir as tmpdir2 } from "node:os";
 import { join as join3 } from "node:path";
 import Database from "better-sqlite3";
@@ -22031,20 +22201,15 @@ var STOPWORDS = /* @__PURE__ */ new Set([
   "how",
   "its",
   "may",
-  "new",
   "now",
   "old",
   "see",
   "way",
   "who",
   "did",
-  "get",
-  "got",
-  "let",
   "say",
   "she",
   "too",
-  "use",
   "will",
   "with",
   "this",
@@ -22058,7 +22223,6 @@ var STOPWORDS = /* @__PURE__ */ new Set([
   "them",
   "than",
   "each",
-  "make",
   "like",
   "just",
   "over",
@@ -22098,21 +22262,7 @@ var STOPWORDS = /* @__PURE__ */ new Set([
   "where",
   "here",
   "were",
-  "much",
-  "update",
-  "updates",
-  "updated",
-  "deps",
-  "dev",
-  "tests",
-  "test",
-  "add",
-  "added",
-  "fix",
-  "fixed",
-  "run",
-  "running",
-  "using"
+  "much"
 ]);
 var HEADING_RE = /^(#{1,4})\s+(.+)$/;
 var SEPARATOR_RE = /^[-_*]{3,}\s*$/;
@@ -22125,17 +22275,20 @@ function sanitizeQuery(raw) {
   const words = q.split(/\s+/).filter((w) => w.length >= 2).map((w) => `"${w}"`);
   return words.length > 0 ? words.join(" OR ") : "";
 }
-function levenshtein(a, b) {
+function levenshtein(a, b, maxDist) {
   if (a.length === 0) return b.length;
   if (b.length === 0) return a.length;
   let prev = Array.from({ length: b.length + 1 }, (_, i) => i);
   let curr = new Array(b.length + 1);
   for (let i = 1; i <= a.length; i++) {
     curr[0] = i;
+    let rowMin = curr[0];
     for (let j = 1; j <= b.length; j++) {
       const cost = a[i - 1] === b[j - 1] ? 0 : 1;
       curr[j] = Math.min(prev[j] + 1, curr[j - 1] + 1, prev[j - 1] + cost);
+      if (curr[j] < rowMin) rowMin = curr[j];
     }
+    if (maxDist !== void 0 && rowMin > maxDist) return maxDist + 1;
     [prev, curr] = [curr, prev];
   }
   return prev[b.length];
@@ -22148,8 +22301,18 @@ var ContentStore = class {
   insertChunkStmt;
   vocabCountStmt;
   vocabInsertStmt;
-  constructor(dbPath) {
-    const path = dbPath ?? join3(tmpdir2(), `context-compress-${process.pid}.db`);
+  constructor(options) {
+    let path;
+    if (typeof options === "string") {
+      path = options;
+    } else if (options?.persistDb || options?.dbDir) {
+      const dir = options.dbDir ?? join3(process.env.CLAUDE_PROJECT_DIR ?? process.cwd(), ".context-compress");
+      mkdirSync2(dir, { recursive: true });
+      path = join3(dir, "store.db");
+      debug("Using persistent DB at", path);
+    } else {
+      path = (typeof options === "object" ? options?.dbPath : void 0) ?? join3(tmpdir2(), `context-compress-${process.pid}.db`);
+    }
     this.db = new Database(path);
     this.db.pragma("journal_mode = WAL");
     this.db.pragma("synchronous = NORMAL");
@@ -22267,22 +22430,22 @@ var ContentStore = class {
     }
     return { query, results: [] };
   }
-  porterSearch(sanitized, source, limit) {
+  ftsSearch(table, sanitized, source, limit) {
     const sourceFilter = source ? "AND sources.label LIKE '%' || ? || '%'" : "";
     const params = [sanitized];
     if (source) params.push(source);
     params.push(limit);
     const sql = `
 			SELECT
-				chunks.title,
-				chunks.content,
-				chunks.content_type,
+				${table}.title,
+				${table}.content,
+				${table}.content_type,
 				sources.label,
-				bm25(chunks, 2.0, 1.0) AS rank,
-				highlight(chunks, 1, char(2), char(3)) AS highlighted
-			FROM chunks
-			JOIN sources ON sources.id = chunks.source_id
-			WHERE chunks MATCH ? ${sourceFilter}
+				bm25(${table}, 2.0, 1.0) AS rank,
+				highlight(${table}, 1, char(2), char(3)) AS highlighted
+			FROM ${table}
+			JOIN sources ON sources.id = ${table}.source_id
+			WHERE ${table} MATCH ? ${sourceFilter}
 			ORDER BY rank
 			LIMIT ?
 		`;
@@ -22295,41 +22458,15 @@ var ContentStore = class {
         score: Math.abs(row.rank)
       }));
     } catch (e) {
-      debug("Porter search error:", e);
+      debug(`FTS search error (${table}):`, e);
       return [];
     }
   }
+  porterSearch(sanitized, source, limit) {
+    return this.ftsSearch("chunks", sanitized, source, limit);
+  }
   trigramSearch(sanitized, source, limit) {
-    const sourceFilter = source ? "AND sources.label LIKE '%' || ? || '%'" : "";
-    const params = [sanitized];
-    if (source) params.push(source);
-    params.push(limit);
-    const sql = `
-			SELECT
-				chunks_trigram.title,
-				chunks_trigram.content,
-				chunks_trigram.content_type,
-				sources.label,
-				bm25(chunks_trigram, 2.0, 1.0) AS rank,
-				highlight(chunks_trigram, 1, char(2), char(3)) AS highlighted
-			FROM chunks_trigram
-			JOIN sources ON sources.id = chunks_trigram.source_id
-			WHERE chunks_trigram MATCH ? ${sourceFilter}
-			ORDER BY rank
-			LIMIT ?
-		`;
-    try {
-      const rows = this.db.prepare(sql).all(...params);
-      return rows.map((row) => ({
-        title: row.title,
-        snippet: extractSnippet(row.highlighted),
-        source: row.label,
-        score: Math.abs(row.rank)
-      }));
-    } catch (e) {
-      debug("Trigram search error:", e);
-      return [];
-    }
+    return this.ftsSearch("chunks_trigram", sanitized, source, limit);
   }
   /**
    * Fuzzy correction using vocabulary + Levenshtein distance.
@@ -22347,7 +22484,7 @@ var ContentStore = class {
       let bestWord = word;
       let bestDist = maxDist + 1;
       for (const { word: candidate } of candidates) {
-        const dist = levenshtein(word.toLowerCase(), candidate.toLowerCase());
+        const dist = levenshtein(word.toLowerCase(), candidate.toLowerCase(), maxDist);
         if (dist < bestDist && dist <= maxDist) {
           bestDist = dist;
           bestWord = candidate;
@@ -22364,7 +22501,8 @@ var ContentStore = class {
   updateVocabulary(content) {
     const currentCount = this.vocabCountStmt.get().cnt;
     if (currentCount >= MAX_VOCABULARY) return;
-    const words = content.split(WORD_SPLIT_RE).filter((w) => w.length >= 3 && !STOPWORDS.has(w.toLowerCase()));
+    const sample = content.length > 51200 ? content.slice(0, 51200) : content;
+    const words = sample.split(WORD_SPLIT_RE).filter((w) => w.length >= 3 && !STOPWORDS.has(w.toLowerCase()));
     const unique = new Set(words.map((w) => w.toLowerCase()));
     const insert = this.vocabInsertStmt;
     let added = 0;
@@ -22486,6 +22624,10 @@ function chunkMarkdown(content) {
     }
     currentLines.push(line);
   }
+  if (inFence) {
+    debug("Warning: unclosed code fence detected during markdown chunking");
+    hasCode = true;
+  }
   flush();
   return chunks;
 }
@@ -22499,7 +22641,7 @@ function chunkPlainText(content, linesPerChunk = 20, overlap = 2) {
       return {
         title: trimmed.split("\n")[0].slice(0, 80),
         content: trimmed,
-        hasCode: FENCE_RE.test(trimmed)
+        hasCode: /`{3,}/.test(trimmed)
       };
     }).filter(Boolean);
   }
@@ -22567,8 +22709,14 @@ var ALL_LANGUAGES = [
 var LANGUAGE_ENUM = ALL_LANGUAGES;
 var projectDir = process.env.CLAUDE_PROJECT_DIR ?? process.cwd();
 function isWithinProject(absPath) {
-  const normalized = resolve(absPath);
-  return normalized === projectDir || normalized.startsWith(`${projectDir}/`);
+  try {
+    const normalized = realpathSync(resolve(absPath));
+    const realProjectDir = realpathSync(projectDir);
+    return normalized === realProjectDir || normalized.startsWith(`${realProjectDir}/`);
+  } catch {
+    const normalized = resolve(absPath);
+    return normalized === projectDir || normalized.startsWith(`${projectDir}/`);
+  }
 }
 function getVersion() {
   try {
@@ -22600,9 +22748,58 @@ async function createServer(config3) {
   const bunDetected = hasBun(runtimes);
   debug("Runtimes detected:", runtimes.size);
   const executor = new SubprocessExecutor(runtimes, config3);
-  const store = new ContentStore();
+  let store;
+  let dbFallback = false;
+  try {
+    store = new ContentStore({ persistDb: config3.persistDb, dbDir: config3.dbDir });
+  } catch (e) {
+    debug("Failed to create DB, falling back to in-memory:", e);
+    store = new ContentStore(":memory:");
+    dbFallback = true;
+  }
   const tracker = new SessionTracker();
+  let activeExecutions = 0;
+  const MAX_CONCURRENT_EXECUTIONS = 8;
+  const EXECUTION_LIMIT_ERROR = "Error: too many concurrent executions. Try again shortly.";
+  async function withExecutionLimit(fn) {
+    if (activeExecutions >= MAX_CONCURRENT_EXECUTIONS) {
+      throw new Error(EXECUTION_LIMIT_ERROR);
+    }
+    activeExecutions++;
+    try {
+      return await fn();
+    } finally {
+      activeExecutions--;
+    }
+  }
+  function applyIntentFilter(output, intent, sourceLabel) {
+    if (Buffer.byteLength(output) <= config3.intentSearchThreshold) return output;
+    const indexed = store.index(output, sourceLabel);
+    tracker.trackIndexed(Buffer.byteLength(output));
+    const searchResults = store.search(intent, { limit: 3 });
+    const terms = store.getDistinctiveTerms(indexed.sourceId);
+    let filtered = `Indexed ${indexed.totalChunks} sections from ${sourceLabel}.
+`;
+    filtered += `${searchResults.results.length} sections matched "${intent}":
+
+`;
+    for (const hit of searchResults.results) {
+      filtered += `  - **${hit.title}**: ${hit.snippet.slice(0, 200)}
+`;
+    }
+    if (terms.length > 0 && config3.compressionLevel !== "ultra") {
+      filtered += `
+Searchable terms: ${terms.join(", ")}
+`;
+    }
+    filtered += "\nUse search(queries: [...]) to retrieve full content of any section.";
+    return compactLabel(filtered, config3.compressionLevel);
+  }
   const shutdown = () => {
+    try {
+      executor.shutdown();
+    } catch {
+    }
     try {
       store.close();
     } catch {
@@ -22611,6 +22808,16 @@ async function createServer(config3) {
   process.on("SIGINT", shutdown);
   process.on("SIGTERM", shutdown);
   process.on("beforeExit", shutdown);
+  process.on("uncaughtException", (err) => {
+    debug("Uncaught exception:", err);
+    shutdown();
+    process.exit(1);
+  });
+  process.on("unhandledRejection", (err) => {
+    debug("Unhandled rejection:", err);
+    shutdown();
+    process.exit(1);
+  });
   const searchCalls = [];
   const server2 = new McpServer({
     name: "context-compress",
@@ -22618,7 +22825,7 @@ async function createServer(config3) {
   });
   server2.tool(
     "execute",
-    `Execute code in a sandboxed subprocess. Only stdout enters context \u2014 raw data stays in the subprocess. Use instead of bash/cat when output would exceed 20 lines. ${bunDetected ? "(Bun detected \u2014 JS/TS runs 3-5x faster) " : ""}Available: ${ALL_LANGUAGES.join(", ")}.
+    `Execute code in a sandboxed subprocess. Only stdout enters context \u2014 raw data stays in the subprocess. Use instead of bash/cat when output would exceed ~5KB. ${bunDetected ? "(Bun detected \u2014 JS/TS runs 3-5x faster) " : ""}Available: ${ALL_LANGUAGES.join(", ")}.
 
 PREFER THIS OVER BASH for: API calls (gh, curl, aws), test runners (npm test, pytest), git queries (git log, git diff), data processing, and ANY CLI command that may produce large output. Bash should only be used for file mutations, git writes, and navigation.`,
     {
@@ -22632,7 +22839,24 @@ PREFER THIS OVER BASH for: API calls (gh, curl, aws), test runners (npm test, py
       timeout: external_exports.number().default(3e4).describe("Max execution time in ms")
     },
     async ({ language, code, intent, timeout }) => {
-      const result = await executor.execute({ language, code, timeout });
+      const codeBytes = Buffer.byteLength(code);
+      if (codeBytes > 1024e3) {
+        return {
+          content: [
+            {
+              type: "text",
+              text: `Error: code too large (${(codeBytes / 1024).toFixed(0)}KB). Max 1MB.`
+            }
+          ]
+        };
+      }
+      let result;
+      try {
+        result = await withExecutionLimit(() => executor.execute({ language, code, timeout }));
+      } catch (e) {
+        const msg = e instanceof Error ? e.message : String(e);
+        return { content: [{ type: "text", text: msg }] };
+      }
       if (result.networkBytes) {
         tracker.trackSandboxed(result.networkBytes);
       }
@@ -22643,27 +22867,8 @@ PREFER THIS OVER BASH for: API calls (gh, curl, aws), test runners (npm test, py
 STDERR:
 ${result.stderr}`;
       }
-      if (intent && Buffer.byteLength(output) > config3.intentSearchThreshold) {
-        const indexed = store.index(output, `execute:${language}`);
-        tracker.trackIndexed(Buffer.byteLength(output));
-        const searchResults = store.search(intent, { limit: 3 });
-        const terms = store.getDistinctiveTerms(indexed.sourceId);
-        let filtered = `Indexed ${indexed.totalChunks} sections from execute output.
-`;
-        filtered += `${searchResults.results.length} sections matched "${intent}":
-
-`;
-        for (const hit of searchResults.results) {
-          filtered += `  - **${hit.title}**: ${hit.snippet.slice(0, 200)}
-`;
-        }
-        if (terms.length > 0 && config3.compressionLevel !== "ultra") {
-          filtered += `
-Searchable terms: ${terms.join(", ")}
-`;
-        }
-        filtered += "\nUse search(queries: [...]) to retrieve full content of any section.";
-        output = compactLabel(filtered, config3.compressionLevel);
+      if (intent) {
+        output = applyIntentFilter(output, intent, `execute:${language}`);
       }
       const responseBytes = Buffer.byteLength(output);
       tracker.trackCall("execute", responseBytes);
@@ -22683,6 +22888,17 @@ Searchable terms: ${terms.join(", ")}
       timeout: external_exports.number().default(3e4).describe("Max execution time in ms")
     },
     async ({ path: filePath, language, code, intent, timeout }) => {
+      const codeBytes = Buffer.byteLength(code);
+      if (codeBytes > 1024e3) {
+        return {
+          content: [
+            {
+              type: "text",
+              text: `Error: code too large (${(codeBytes / 1024).toFixed(0)}KB). Max 1MB.`
+            }
+          ]
+        };
+      }
       const absPath = resolve(projectDir, filePath);
       if (!isWithinProject(absPath)) {
         return {
@@ -22694,12 +22910,20 @@ Searchable terms: ${terms.join(", ")}
           ]
         };
       }
-      const result = await executor.executeFile({
-        language,
-        code,
-        filePath: absPath,
-        timeout
-      });
+      let result;
+      try {
+        result = await withExecutionLimit(
+          () => executor.executeFile({
+            language,
+            code,
+            filePath: absPath,
+            timeout
+          })
+        );
+      } catch (e) {
+        const msg = e instanceof Error ? e.message : String(e);
+        return { content: [{ type: "text", text: msg }] };
+      }
       let output = result.stdout;
       if (result.stderr && result.exitCode !== 0) {
         output += `
@@ -22707,27 +22931,8 @@ Searchable terms: ${terms.join(", ")}
 STDERR:
 ${result.stderr}`;
       }
-      if (intent && Buffer.byteLength(output) > config3.intentSearchThreshold) {
-        const indexed = store.index(output, `file:${filePath}`);
-        tracker.trackIndexed(Buffer.byteLength(output));
-        const searchResults = store.search(intent, { limit: 3 });
-        const terms = store.getDistinctiveTerms(indexed.sourceId);
-        let filtered = `Indexed ${indexed.totalChunks} sections from "${filePath}" into knowledge base.
-`;
-        filtered += `${searchResults.results.length} sections matched "${intent}":
-
-`;
-        for (const hit of searchResults.results) {
-          filtered += `  - **${hit.title}**: ${hit.snippet.slice(0, 200)}
-`;
-        }
-        if (terms.length > 0 && config3.compressionLevel !== "ultra") {
-          filtered += `
-Searchable terms: ${terms.join(", ")}
-`;
-        }
-        filtered += "\nUse search(queries: [...]) to retrieve full content of any section.";
-        output = compactLabel(filtered, config3.compressionLevel);
+      if (intent) {
+        output = applyIntentFilter(output, intent, `file:${filePath}`);
       }
       const responseBytes = Buffer.byteLength(output);
       tracker.trackCall("execute_file", responseBytes);
@@ -22757,20 +22962,38 @@ Searchable terms: ${terms.join(", ")}
             ]
           };
         }
-        const fileStat = statSync(absPath);
-        if (fileStat.size > 50 * 1024 * 1024) {
+        try {
+          const fileStat = statSync(absPath);
+          if (fileStat.size > 50 * 1024 * 1024) {
+            return {
+              content: [
+                {
+                  type: "text",
+                  text: `Error: file "${filePath}" is too large (${(fileStat.size / 1024 / 1024).toFixed(1)}MB). Max 50MB.`
+                }
+              ]
+            };
+          }
+          text = readFileSync2(absPath, "utf-8");
+          label = source ?? filePath;
+        } catch (e) {
+          const msg = e instanceof Error ? e.message : String(e);
+          return {
+            content: [{ type: "text", text: `Error reading "${filePath}": ${msg}` }]
+          };
+        }
+      } else if (content) {
+        const contentBytes = Buffer.byteLength(content);
+        if (contentBytes > 50 * 1024 * 1024) {
           return {
             content: [
               {
                 type: "text",
-                text: `Error: file "${filePath}" is too large (${(fileStat.size / 1024 / 1024).toFixed(1)}MB). Max 50MB.`
+                text: `Error: content too large (${(contentBytes / 1024 / 1024).toFixed(1)}MB). Max 50MB.`
               }
             ]
           };
         }
-        text = readFileSync2(absPath, "utf-8");
-        label = source ?? filePath;
-      } else if (content) {
         text = content;
       } else {
         return {
@@ -22869,13 +23092,35 @@ ${hit.snippet}
           content: [{ type: "text", text: `Error: invalid URL "${url}"` }]
         };
       }
+      let resolvedIp = null;
+      try {
+        const validated = await resolveAndValidate(url);
+        resolvedIp = validated.resolvedIp;
+      } catch (err) {
+        return {
+          content: [
+            {
+              type: "text",
+              text: `Error: ${err instanceof Error ? err.message : "DNS validation failed"}`
+            }
+          ]
+        };
+      }
       const label = source ?? url;
-      const fetchCode = buildFetchCode(url);
-      const result = await executor.execute({
-        language: "javascript",
-        code: fetchCode,
-        timeout: 3e4
-      });
+      const fetchCode = buildFetchCode(url, resolvedIp);
+      let result;
+      try {
+        result = await withExecutionLimit(
+          () => executor.execute({
+            language: "javascript",
+            code: fetchCode,
+            timeout: 3e4
+          })
+        );
+      } catch (e) {
+        const msg = e instanceof Error ? e.message : String(e);
+        return { content: [{ type: "text", text: msg }] };
+      }
       if (result.exitCode !== 0 || !result.stdout.trim()) {
         const errMsg = `Failed to fetch ${url}: ${result.stderr || "empty response"}`;
         tracker.trackCall("fetch_and_index", Buffer.byteLength(errMsg));
@@ -22883,6 +23128,7 @@ ${hit.snippet}
       }
       const markdown = result.stdout;
       tracker.trackSandboxed(result.networkBytes ?? 0);
+      const injectionWarnings = detectInjectionPatterns(markdown);
       const indexed = store.index(markdown, label);
       tracker.trackIndexed(Buffer.byteLength(markdown));
       const preview = markdown.slice(0, 3072);
@@ -22899,6 +23145,11 @@ ${preview}`;
 Searchable terms: ${terms.join(", ")}`;
       }
       output += "\n\nUse search(queries: [...]) to retrieve full content of any section.";
+      if (injectionWarnings.length > 0) {
+        output += `
+
+\u26A0 Content safety notice: detected patterns (${injectionWarnings.join(", ")}). Review indexed content before relying on it.`;
+      }
       tracker.trackCall("fetch_and_index", Buffer.byteLength(output));
       return { content: [{ type: "text", text: output }] };
     }
@@ -22919,15 +23170,18 @@ Searchable terms: ${terms.join(", ")}`;
       timeout: external_exports.number().default(6e4).describe("Max execution time in ms (default: 60s)")
     },
     async ({ commands, queries, timeout }) => {
-      const commandResults = await Promise.allSettled(
-        commands.map(async (cmd) => {
-          const result = await executor.execute({
-            language: "shell",
-            code: cmd.command,
-            timeout
-          });
+      const commandResults = await limitConcurrency(
+        commands.map((cmd) => async () => {
+          const result = await withExecutionLimit(
+            () => executor.execute({
+              language: "shell",
+              code: cmd.command,
+              timeout
+            })
+          );
           return { label: cmd.label, result };
-        })
+        }),
+        4
       );
       let combined = "";
       const inventory = [];
@@ -23072,6 +23326,11 @@ Searchable terms: ${terms.join(", ")}`;
           );
         }
       }
+      if (dbFallback) {
+        lines.push(
+          "\n\u26A0 **Warning:** Persistent DB creation failed \u2014 using in-memory storage. Indexed data will not survive restarts."
+        );
+      }
       const output = lines.join("\n");
       tracker.trackCall("discover", Buffer.byteLength(output));
       return { content: [{ type: "text", text: output }] };
@@ -23085,13 +23344,30 @@ Searchable terms: ${terms.join(", ")}`;
     }
   };
 }
-function buildFetchCode(url) {
-  const escaped = JSON.stringify(url);
-  return `
-const url = ${escaped};
-const resp = await fetch(url);
+function buildFetchCode(url, resolvedIp) {
+  let fetchSetup;
+  if (resolvedIp) {
+    const pinnedUrl = new URL(url);
+    const originalHost = pinnedUrl.host;
+    pinnedUrl.hostname = resolvedIp;
+    fetchSetup = `
+const url = ${JSON.stringify(pinnedUrl.toString())};
+const resp = await fetch(url, { headers: { 'Host': ${JSON.stringify(originalHost)} }, redirect: 'error' });`;
+  } else {
+    fetchSetup = `
+const url = ${JSON.stringify(url)};
+const resp = await fetch(url, { redirect: 'error' });`;
+  }
+  return `${fetchSetup}
 if (!resp.ok) { console.error("HTTP " + resp.status); process.exit(1); }
+const cl = resp.headers.get('content-length');
+if (cl && parseInt(cl, 10) > 10 * 1024 * 1024) {
+    console.error("Response too large: " + cl + " bytes"); process.exit(1);
+}
 const html = await resp.text();
+if (html.length > 10 * 1024 * 1024) {
+    console.error("Response body too large: " + html.length + " chars"); process.exit(1);
+}
 
 // Strip unwanted tags
 let md = html
@@ -23125,12 +23401,15 @@ md = md.replace(/<br\\s*\\/?>/gi, "\\n");
 md = md.replace(/<[^>]+>/g, "");
 
 // Decode entities
-md = md.replace(/&amp;/g, "&")
-  .replace(/&lt;/g, "<")
+md = md.replace(/&lt;/g, "<")
   .replace(/&gt;/g, ">")
   .replace(/&quot;/g, '"')
   .replace(/&#39;/g, "'")
-  .replace(/&nbsp;/g, " ");
+  .replace(/&apos;/g, "'")
+  .replace(/&nbsp;/g, " ")
+  .replace(/&#(\\d+);/g, (_, n) => { const c = parseInt(n, 10); return c > 0 && c <= 0x10FFFF ? String.fromCodePoint(c) : ''; })
+  .replace(/&#x([0-9a-fA-F]+);/g, (_, h) => { const c = parseInt(h, 16); return c > 0 && c <= 0x10FFFF ? String.fromCodePoint(c) : ''; })
+  .replace(/&amp;/g, "&");
 
 // Clean whitespace
 md = md.replace(/\\n{3,}/g, "\\n\\n").trim();