fourmis-agents-sdk 0.4.0 → 0.4.1

package/dist/index.js

@@ -1,20 +1,5 @@
 // @bun
-var __create = Object.create;
-var __getProtoOf = Object.getPrototypeOf;
 var __defProp = Object.defineProperty;
-var __getOwnPropNames = Object.getOwnPropertyNames;
-var __hasOwnProp = Object.prototype.hasOwnProperty;
-var __toESM = (mod, isNodeMode, target) => {
-  target = mod != null ? __create(__getProtoOf(mod)) : {};
-  const to = isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target;
-  for (let key of __getOwnPropNames(mod))
-    if (!__hasOwnProp.call(to, key))
-      __defProp(to, key, {
-        get: () => mod[key],
-        enumerable: true
-      });
-  return to;
-};
 var __export = (target, all) => {
   for (var name in all)
     __defProp(target, name, {
@@ -27,6 +12,76 @@ var __export = (target, all) => {
 var __esm = (fn, res) => () => (fn && (res = fn(fn = 0)), res);
 var __require = import.meta.require;
 
+// src/tools/mcp-resources.ts
+var exports_mcp_resources = {};
+__export(exports_mcp_resources, {
+  createReadMcpResourceTool: () => createReadMcpResourceTool,
+  createListMcpResourcesTool: () => createListMcpResourcesTool
+});
+function createListMcpResourcesTool(mcpClient) {
+  return {
+    name: "mcp__list_resources",
+    description: "List available resources from MCP servers.",
+    inputSchema: {
+      type: "object",
+      properties: {
+        server: {
+          type: "string",
+          description: "Optional server name to filter by. If omitted, lists resources from all servers."
+        }
+      }
+    },
+    async execute(input) {
+      const { server } = input ?? {};
+      try {
+        const resources = await mcpClient.listResources(server);
+        if (resources.length === 0) {
+          return { content: "No resources available." };
+        }
+        const lines = resources.map((r) => `[${r.server}] ${r.uri} - ${r.name}${r.description ? `: ${r.description}` : ""}`);
+        return { content: lines.join(`
+`) };
+      } catch (err) {
+        const message = err instanceof Error ? err.message : String(err);
+        return { content: `Error listing resources: ${message}`, isError: true };
+      }
+    }
+  };
+}
+function createReadMcpResourceTool(mcpClient) {
+  return {
+    name: "mcp__read_resource",
+    description: "Read a specific resource from an MCP server by URI.",
+    inputSchema: {
+      type: "object",
+      properties: {
+        server: {
+          type: "string",
+          description: "The MCP server name that hosts the resource."
+        },
+        uri: {
+          type: "string",
+          description: "The resource URI to read."
+        }
+      },
+      required: ["server", "uri"]
+    },
+    async execute(input) {
+      const { server, uri } = input;
+      if (!server || !uri) {
+        return { content: "Both 'server' and 'uri' are required.", isError: true };
+      }
+      try {
+        const content = await mcpClient.readResource(server, uri);
+        return { content };
+      } catch (err) {
+        const message = err instanceof Error ? err.message : String(err);
+        return { content: `Error reading resource: ${message}`, isError: true };
+      }
+    }
+  };
+}
+
 // src/auth/openai-oauth.ts
 var exports_openai_oauth = {};
 __export(exports_openai_oauth, {
@@ -40,25 +95,25 @@ __export(exports_openai_oauth, {
   decodeJwtPayload: () => decodeJwtPayload
 });
 import { randomBytes, createHash } from "crypto";
-import { readFileSync as readFileSync2, writeFileSync as writeFileSync2, mkdirSync as mkdirSync2, existsSync as existsSync2 } from "fs";
-import { join as join2 } from "path";
-import { homedir as homedir2 } from "os";
+import { readFileSync, writeFileSync, mkdirSync, existsSync } from "fs";
+import { join } from "path";
+import { homedir } from "os";
 function getHome() {
-  return process.env.HOME ?? homedir2();
+  return process.env.HOME ?? homedir();
 }
 function tokenDir() {
-  return join2(getHome(), ".fourmis");
+  return join(getHome(), ".fourmis");
 }
 function tokenPath() {
-  return join2(tokenDir(), "openai-auth.json");
+  return join(tokenDir(), "openai-auth.json");
 }
 function codexFallbackPath() {
-  return join2(getHome(), ".codex", "auth.json");
+  return join(getHome(), ".codex", "auth.json");
 }
 function loadTokens() {
   for (const p of [tokenPath(), codexFallbackPath()]) {
     try {
-      const raw = readFileSync2(p, "utf-8");
+      const raw = readFileSync(p, "utf-8");
       const data = JSON.parse(raw);
       if (data.access_token && data.account_id) {
         return data;
@@ -69,10 +124,10 @@ function loadTokens() {
 }
 function saveTokens(tokens) {
   const dir = tokenDir();
-  if (!existsSync2(dir)) {
-    mkdirSync2(dir, { recursive: true });
+  if (!existsSync(dir)) {
+    mkdirSync(dir, { recursive: true });
   }
-  writeFileSync2(tokenPath(), JSON.stringify(tokens, null, 2), { mode: 384 });
+  writeFileSync(tokenPath(), JSON.stringify(tokens, null, 2), { mode: 384 });
 }
 function generateCodeVerifier() {
   return randomBytes(64).toString("base64url");
@@ -322,19 +377,19 @@ __export(exports_gemini_oauth, {
   isLoggedIn: () => isLoggedIn2,
   getValidToken: () => getValidToken2
 });
-import { readFileSync as readFileSync3, writeFileSync as writeFileSync3, existsSync as existsSync3 } from "fs";
-import { join as join3 } from "path";
-import { homedir as homedir3 } from "os";
+import { readFileSync as readFileSync2, writeFileSync as writeFileSync2, existsSync as existsSync2 } from "fs";
+import { join as join2 } from "path";
+import { homedir as homedir2 } from "os";
 function getHome2() {
-  return process.env.HOME ?? homedir3();
+  return process.env.HOME ?? homedir2();
 }
 function tokenPath2() {
-  return join3(getHome2(), ".gemini", "oauth_creds.json");
+  return join2(getHome2(), ".gemini", "oauth_creds.json");
 }
 function loadTokens2() {
   const p = tokenPath2();
   try {
-    const raw = readFileSync3(p, "utf-8");
+    const raw = readFileSync2(p, "utf-8");
     const data = JSON.parse(raw);
     if (data.access_token && data.refresh_token) {
       return data;
@@ -347,12 +402,12 @@ function loadTokensSync2() {
 }
 function saveTokens2(tokens) {
   const p = tokenPath2();
-  const dir = join3(getHome2(), ".gemini");
-  if (!existsSync3(dir)) {
-    const { mkdirSync: mkdirSync3 } = __require("fs");
-    mkdirSync3(dir, { recursive: true });
+  const dir = join2(getHome2(), ".gemini");
+  if (!existsSync2(dir)) {
+    const { mkdirSync: mkdirSync2 } = __require("fs");
+    mkdirSync2(dir, { recursive: true });
   }
-  writeFileSync3(p, JSON.stringify(tokens, null, 2), { mode: 384 });
+  writeFileSync2(p, JSON.stringify(tokens, null, 2), { mode: 384 });
 }
 async function refreshAccessToken2(refreshToken) {
   const res = await fetch(GOOGLE_TOKEN_URL, {
@@ -406,367 +461,520 @@ var init_gemini_oauth = __esm(() => {
   GEMINI_CLIENT_SECRET = process.env.GEMINI_OAUTH_CLIENT_SECRET ?? ["GOCSPX", "4uHgMPm", "1o7Sk", "geV6Cu5clXFsxl"].join("-");
 });
 
-// src/tools/mcp-resources.ts
-var exports_mcp_resources = {};
-__export(exports_mcp_resources, {
-  createReadMcpResourceTool: () => createReadMcpResourceTool,
-  createListMcpResourcesTool: () => createListMcpResourcesTool
-});
-function createListMcpResourcesTool(mcpClient) {
+// src/types.ts
+function uuid() {
+  return crypto.randomUUID();
+}
+function emptyTokenUsage() {
   return {
-    name: "mcp__list_resources",
-    description: "List available resources from MCP servers.",
-    inputSchema: {
-      type: "object",
-      properties: {
-        server: {
-          type: "string",
-          description: "Optional server name to filter by. If omitted, lists resources from all servers."
-        }
-      }
-    },
-    async execute(input) {
-      const { server } = input ?? {};
-      try {
-        const resources = await mcpClient.listResources(server);
-        if (resources.length === 0) {
-          return { content: "No resources available." };
-        }
-        const lines = resources.map((r) => `[${r.server}] ${r.uri} - ${r.name}${r.description ? `: ${r.description}` : ""}`);
-        return { content: lines.join(`
-`) };
-      } catch (err) {
-        const message = err instanceof Error ? err.message : String(err);
-        return { content: `Error listing resources: ${message}`, isError: true };
-      }
-    }
+    inputTokens: 0,
+    outputTokens: 0,
+    cacheReadInputTokens: 0,
+    cacheCreationInputTokens: 0
   };
 }
-function createReadMcpResourceTool(mcpClient) {
+function mergeUsage(a, b) {
   return {
-    name: "mcp__read_resource",
-    description: "Read a specific resource from an MCP server by URI.",
-    inputSchema: {
-      type: "object",
-      properties: {
-        server: {
-          type: "string",
-          description: "The MCP server name that hosts the resource."
-        },
-        uri: {
-          type: "string",
-          description: "The resource URI to read."
-        }
-      },
-      required: ["server", "uri"]
-    },
-    async execute(input) {
-      const { server, uri } = input;
-      if (!server || !uri) {
-        return { content: "Both 'server' and 'uri' are required.", isError: true };
-      }
-      try {
-        const content = await mcpClient.readResource(server, uri);
-        return { content };
-      } catch (err) {
-        const message = err instanceof Error ? err.message : String(err);
-        return { content: `Error reading resource: ${message}`, isError: true };
-      }
-    }
+    inputTokens: a.inputTokens + b.inputTokens,
+    outputTokens: a.outputTokens + b.outputTokens,
+    cacheReadInputTokens: a.cacheReadInputTokens + b.cacheReadInputTokens,
+    cacheCreationInputTokens: a.cacheCreationInputTokens + b.cacheCreationInputTokens
   };
 }
 
-// src/permissions.ts
-var SAFE_TOOLS = new Set(["Read", "Glob", "Grep", "WebFetch", "WebSearch"]);
-var EDIT_TOOLS = new Set(["Write", "Edit", "NotebookEdit", "TodoWrite", "Config"]);
-var FS_COMMANDS = ["mkdir", "touch", "rm", "mv", "cp"];
-var DELEGATE_TOOLS = new Set(["Teammate", "Task", "TaskOutput", "TaskStop"]);
-function normalizeRules(rules) {
-  if (!rules)
-    return [];
-  return rules.map((r) => typeof r === "string" ? { toolName: r } : r);
+// src/agent-loop.ts
+function makeModelUsageEntry() {
+  return {
+    inputTokens: 0,
+    outputTokens: 0,
+    cacheReadInputTokens: 0,
+    cacheCreationInputTokens: 0,
+    totalCostUsd: 0
+  };
 }
-function matchesRule(rules, toolName, input) {
-  for (const rule of rules) {
-    if (rule.toolName !== toolName)
-      continue;
-    if (!rule.ruleContent)
-      return true;
-    const inputStr = toolName === "Bash" ? String(input?.command ?? "") : JSON.stringify(input ?? {});
-    if (inputStr.includes(rule.ruleContent))
-      return true;
-  }
-  return false;
+function makeErrorResult(params) {
+  return {
+    type: "result",
+    subtype: params.subtype,
+    duration_ms: Date.now() - params.startTime,
+    duration_api_ms: params.apiTimeMs,
+    is_error: true,
+    num_turns: params.turns,
+    stop_reason: null,
+    total_cost_usd: params.costUsd,
+    usage: params.usage,
+    modelUsage: params.modelUsage,
+    permission_denials: params.permissionDenials,
+    errors: params.errors,
+    uuid: uuid(),
+    session_id: params.sessionId
+  };
 }
-
-class PermissionManager {
-  mode;
-  canUseTool;
-  allowRules;
-  denyRules;
-  settingsManager;
-  constructor(mode = "default", canUseTool, permissions, settingsManager) {
-    this.mode = mode;
-    this.canUseTool = canUseTool;
-    this.allowRules = normalizeRules(permissions?.allow);
-    this.denyRules = normalizeRules(permissions?.deny);
-    this.settingsManager = settingsManager;
+function extractStructuredJson(text) {
+  const trimmed = text.trim();
+  if (!trimmed) {
+    return { ok: false, error: "Empty result text; expected JSON output." };
   }
-  async check(toolName, input, options) {
-    if (this.mode === "bypassPermissions") {
-      return { behavior: "allow" };
-    }
-    if (matchesRule(this.denyRules, toolName, input)) {
-      return {
-        behavior: "deny",
-        message: `Tool "${toolName}" is denied by permissions config.`
-      };
-    }
-    if (this.mode === "plan") {
-      if (!SAFE_TOOLS.has(toolName)) {
-        return {
-          behavior: "deny",
-          message: `Tool "${toolName}" is not allowed in plan mode. Only read-only tools are available.`
-        };
-      }
-      return { behavior: "allow" };
-    }
-    if (this.mode === "delegate") {
-      if (!DELEGATE_TOOLS.has(toolName) && !SAFE_TOOLS.has(toolName)) {
-        return {
-          behavior: "deny",
-          message: `Tool "${toolName}" is not allowed in delegate mode. Only Teammate, Task, and read-only tools are available.`
-        };
-      }
-      return { behavior: "allow" };
-    }
-    if (matchesRule(this.allowRules, toolName, input)) {
-      return { behavior: "allow" };
-    }
-    if (SAFE_TOOLS.has(toolName)) {
-      return { behavior: "allow" };
-    }
-    if (this.mode === "acceptEdits") {
-      if (EDIT_TOOLS.has(toolName)) {
-        return { behavior: "allow" };
-      }
-      if (toolName === "Bash") {
-        const cmd = String(input?.command ?? "").trimStart();
-        if (FS_COMMANDS.some((fc) => cmd.startsWith(fc + " ") || cmd === fc)) {
-          return { behavior: "allow" };
-        }
-      }
-    }
-    if (this.canUseTool) {
-      const result = await this.canUseTool(toolName, input, {
-        ...options,
-        toolUseID: options.toolUseId,
-        agentID: options.agentId
-      });
-      if (result.behavior === "allow" && result.updatedPermissions) {
-        this.applyPermissionUpdates(result.updatedPermissions);
-      }
-      return result;
-    }
-    if (this.mode === "dontAsk") {
-      return {
-        behavior: "deny",
-        message: `Tool "${toolName}" requires approval. In dontAsk mode, tools must be pre-approved via permissions config.`
-      };
-    }
-    return { behavior: "allow" };
+  const fenced = trimmed.match(/```(?:json)?\s*([\s\S]*?)\s*```/i);
+  const candidate = fenced ? fenced[1].trim() : trimmed;
+  try {
+    return { ok: true, value: JSON.parse(candidate) };
+  } catch (err) {
+    const message = err instanceof Error ? err.message : String(err);
+    return { ok: false, error: `Invalid JSON output: ${message}` };
   }
-  applyPermissionUpdates(updates) {
-    for (const update of updates) {
-      if (this.settingsManager && update.destination !== "session" && update.destination !== "cliArg") {
-        this.settingsManager.persistUpdate(update);
-      }
-      switch (update.type) {
-        case "addRules":
-          for (const rule of update.rules) {
-            if (update.behavior === "allow") {
-              this.allowRules.push(rule);
-            } else if (update.behavior === "deny") {
-              this.denyRules.push(rule);
-            }
-          }
-          break;
-        case "removeRules":
-          for (const rule of update.rules) {
-            if (update.behavior === "allow") {
-              this.allowRules = this.allowRules.filter((r) => !(r.toolName === rule.toolName && r.ruleContent === rule.ruleContent));
-            } else if (update.behavior === "deny") {
-              this.denyRules = this.denyRules.filter((r) => !(r.toolName === rule.toolName && r.ruleContent === rule.ruleContent));
-            }
-          }
-          break;
-        case "replaceRules":
-          if (update.behavior === "allow") {
-            this.allowRules = [...update.rules];
-          } else if (update.behavior === "deny") {
-            this.denyRules = [...update.rules];
-          }
-          break;
-        case "setMode":
-          this.mode = update.mode;
-          break;
-      }
+}
+async function* agentLoop(prompt, options) {
+  const {
+    provider,
+    model,
+    fallbackModel,
+    modelState,
+    maxThinkingTokensState,
+    thinking,
+    effort,
+    outputFormat,
+    systemPrompt,
+    tools,
+    permissions,
+    cwd,
+    sessionId,
+    maxTurns,
+    maxBudgetUsd,
+    includePartialMessages,
+    signal,
+    env,
+    debug,
+    hooks,
+    mcpClient,
+    previousMessages,
+    sessionLogger,
+    nativeMemoryTool,
+    initMeta
+  } = options;
+  const effectiveModelState = modelState ?? { current: model };
+  const startTime = Date.now();
+  let apiTimeMs = 0;
+  let turns = 0;
+  let totalUsage = emptyTokenUsage();
+  let costUsd = 0;
+  const modelUsage = {};
+  const permissionDenials = [];
+  if (mcpClient) {
+    await mcpClient.connectAll();
+    for (const tool of mcpClient.getTools()) {
+      tools.register(tool);
     }
+    const { createListMcpResourcesTool: createListMcpResourcesTool2, createReadMcpResourceTool: createReadMcpResourceTool2 } = await Promise.resolve().then(() => exports_mcp_resources);
+    tools.register(createListMcpResourcesTool2(mcpClient));
+    tools.register(createReadMcpResourceTool2(mcpClient));
   }
-  setMode(mode) {
-    this.mode = mode;
-  }
-  getMode() {
-    return this.mode;
+  const messages = [
+    ...previousMessages ?? [],
+    { role: "user", content: prompt }
+  ];
+  if (sessionLogger) {
+    sessionLogger("user", prompt, null);
   }
-}
-
-// src/settings.ts
-import { existsSync, mkdirSync, readFileSync, writeFileSync } from "fs";
-import { dirname, join } from "path";
-import { homedir } from "os";
-
-class SettingsManager {
-  cwd;
-  constructor(cwd) {
-    this.cwd = cwd;
+  yield {
+    type: "system",
+    subtype: "init",
+    apiKeySource: "user",
+    claude_code_version: "fourmis-agent-sdk",
+    session_id: sessionId,
+    model: effectiveModelState.current,
+    tools: tools.list(),
+    cwd,
+    mcp_servers: (mcpClient?.status() ?? []).map((s) => ({ name: s.name, status: s.status })),
+    permissionMode: permissions.getMode(),
+    agents: initMeta?.agents,
+    betas: initMeta?.betas,
+    slash_commands: initMeta?.slashCommands ?? [],
+    output_style: initMeta?.outputStyle ?? "default",
+    skills: initMeta?.skills ?? [],
+    plugins: (initMeta?.plugins ?? []).map((p) => ({ name: p.path.split("/").pop() ?? p.path, path: p.path })),
+    uuid: uuid()
+  };
+  if (hooks) {
+    await hooks.fire("Setup", {
+      event: "Setup",
+      hook_event_name: "Setup",
+      trigger: "init",
+      session_id: sessionId,
+      cwd,
+      permission_mode: permissions.getMode()
+    }, undefined, { signal });
   }
-  loadPermissions(sources) {
-    const allAllow = [];
-    const allDeny = [];
-    for (const source of sources) {
-      const path = this.sourceToPath(source);
-      const data = this.readJson(path);
-      if (!data?.permissions)
-        continue;
-      const perms = data.permissions;
-      if (Array.isArray(perms.allow)) {
-        for (const rule of perms.allow) {
-          if (typeof rule === "string") {
-            allAllow.push(this.parseRule(rule));
-          }
-        }
-      }
-      if (Array.isArray(perms.deny)) {
-        for (const rule of perms.deny) {
-          if (typeof rule === "string") {
-            allDeny.push(this.parseRule(rule));
-          }
-        }
-      }
-    }
-    const result = {};
-    if (allAllow.length > 0)
-      result.allow = allAllow;
-    if (allDeny.length > 0)
-      result.deny = allDeny;
-    return result;
+  if (hooks) {
+    await hooks.fire("SessionStart", {
+      event: "SessionStart",
+      hook_event_name: "SessionStart",
+      session_id: sessionId,
+      source: "startup",
+      model: effectiveModelState.current,
+      cwd,
+      permission_mode: permissions.getMode()
+    }, undefined, { signal });
   }
-  persistUpdate(update) {
-    const path = this.destinationToPath(update.destination);
-    if (!path)
+  while (true) {
+    if (signal.aborted) {
+      yield makeErrorResult({
+        subtype: "error_during_execution",
+        errors: ["Aborted"],
+        turns,
+        costUsd,
+        sessionId,
+        startTime,
+        apiTimeMs,
+        usage: totalUsage,
+        modelUsage,
+        permissionDenials
+      });
       return;
-    const data = this.readJson(path) ?? {};
-    if (!data.permissions)
-      data.permissions = {};
-    const perms = data.permissions;
-    switch (update.type) {
-      case "addRules": {
-        const key = update.behavior;
-        const existing = Array.isArray(perms[key]) ? perms[key] : [];
-        const newRules = update.rules.map((r) => this.serializeRule(r));
-        const set = new Set(existing);
-        for (const rule of newRules)
-          set.add(rule);
-        perms[key] = [...set];
-        break;
-      }
-      case "removeRules": {
-        const key = update.behavior;
-        if (!Array.isArray(perms[key]))
-          break;
-        const toRemove = new Set(update.rules.map((r) => this.serializeRule(r)));
-        perms[key] = perms[key].filter((r) => !toRemove.has(r));
-        break;
-      }
-      case "replaceRules": {
-        const key = update.behavior;
-        perms[key] = update.rules.map((r) => this.serializeRule(r));
-        break;
-      }
-      case "setMode": {
-        perms.defaultMode = update.mode;
-        break;
-      }
-      default:
-        return;
     }
-    const dir = dirname(path);
-    if (!existsSync(dir))
-      mkdirSync(dir, { recursive: true });
-    writeFileSync(path, JSON.stringify(data, null, 2) + `
-`);
-  }
-  sourceToPath(source) {
-    switch (source) {
-      case "user":
-        return join(homedir(), ".claude", "settings.json");
-      case "project":
-        return join(this.cwd, ".claude", "settings.json");
-      case "local":
-        return join(this.cwd, ".claude", "settings.local.json");
+    if (turns >= maxTurns) {
+      yield makeErrorResult({
+        subtype: "error_max_turns",
+        errors: [`Reached maximum turns (${maxTurns})`],
+        turns,
+        costUsd,
+        sessionId,
+        startTime,
+        apiTimeMs,
+        usage: totalUsage,
+        modelUsage,
+        permissionDenials
+      });
+      return;
     }
-  }
-  destinationToPath(destination) {
-    switch (destination) {
-      case "userSettings":
-        return join(homedir(), ".claude", "settings.json");
-      case "projectSettings":
-        return join(this.cwd, ".claude", "settings.json");
-      case "localSettings":
-        return join(this.cwd, ".claude", "settings.local.json");
-      default:
-        return null;
+    if (maxBudgetUsd > 0 && costUsd >= maxBudgetUsd) {
+      yield makeErrorResult({
+        subtype: "error_max_budget_usd",
+        errors: [],
+        turns,
+        costUsd,
+        sessionId,
+        startTime,
+        apiTimeMs,
+        usage: totalUsage,
+        modelUsage,
+        permissionDenials
+      });
+      return;
+    }
+    const activeModel = effectiveModelState.current;
+    const toolDefs = tools.getDefinitions();
+    const apiStart = Date.now();
+    let assistantTextParts = [];
+    const toolCalls = [];
+    let turnUsage = emptyTokenUsage();
+    let turnStopReason = null;
+    const nativeTools = nativeMemoryTool ? [nativeMemoryTool.definition] : undefined;
+    try {
+      const chunks = provider.chat({
+        model: activeModel,
+        messages,
+        tools: toolDefs.length > 0 ? toolDefs : undefined,
+        systemPrompt,
+        signal,
+        nativeTools,
+        thinkingBudget: maxThinkingTokensState?.current,
+        thinking,
+        effort,
+        outputFormat
+      });
+      for await (const chunk of chunks) {
+        switch (chunk.type) {
+          case "text_delta":
+            assistantTextParts.push(chunk.text);
+            if (includePartialMessages) {
+              yield {
+                type: "stream_event",
+                event: { type: "text_delta", text: chunk.text },
+                parent_tool_use_id: null,
+                uuid: uuid(),
+                session_id: sessionId
+              };
+            }
+            break;
+          case "thinking_delta":
+            if (includePartialMessages) {
+              yield {
+                type: "stream_event",
+                event: { type: "thinking_delta", thinking: chunk.text },
+                parent_tool_use_id: null,
+                uuid: uuid(),
+                session_id: sessionId
+              };
+            }
+            break;
+          case "tool_call":
+            toolCalls.push({ id: chunk.id, name: chunk.name, input: chunk.input });
+            break;
+          case "usage":
+            turnUsage = mergeUsage(turnUsage, chunk.usage);
+            break;
+          case "done":
+            turnStopReason = chunk.stopReason ?? null;
+            break;
+        }
+      }
+    } catch (err) {
+      const message = err instanceof Error ? err.message : String(err);
+      if (fallbackModel && activeModel !== fallbackModel) {
+        effectiveModelState.current = fallbackModel;
+        yield {
+          type: "system",
+          subtype: "status",
+          status: null,
+          permissionMode: permissions.getMode(),
+          uuid: uuid(),
+          session_id: sessionId
+        };
+        continue;
+      }
+      yield makeErrorResult({
+        subtype: "error_during_execution",
+        errors: [`API error: ${message}`],
+        turns,
+        costUsd,
+        sessionId,
+        startTime,
+        apiTimeMs,
+        usage: totalUsage,
+        modelUsage,
+        permissionDenials
+      });
+      return;
+    }
+    apiTimeMs += Date.now() - apiStart;
+    turns++;
+    totalUsage = mergeUsage(totalUsage, turnUsage);
+    const turnCost = provider.calculateCost(activeModel, turnUsage);
+    costUsd += turnCost;
+    if (!modelUsage[activeModel]) {
+      modelUsage[activeModel] = makeModelUsageEntry();
+    }
+    modelUsage[activeModel].inputTokens += turnUsage.inputTokens;
+    modelUsage[activeModel].outputTokens += turnUsage.outputTokens;
+    modelUsage[activeModel].cacheReadInputTokens += turnUsage.cacheReadInputTokens;
+    modelUsage[activeModel].cacheCreationInputTokens += turnUsage.cacheCreationInputTokens;
+    modelUsage[activeModel].totalCostUsd += turnCost;
+    modelUsage[activeModel].webSearchRequests = (modelUsage[activeModel].webSearchRequests ?? 0) + (turnUsage.webSearchRequests ?? 0);
+    modelUsage[activeModel].costUSD = modelUsage[activeModel].totalCostUsd;
+    modelUsage[activeModel].contextWindow = provider.getContextWindow(activeModel);
+    const assistantText = assistantTextParts.join("");
+    const assistantContent = [];
+    if (assistantText) {
+      assistantContent.push({ type: "text", text: assistantText });
+    }
+    for (const call of toolCalls) {
+      assistantContent.push({
+        type: "tool_use",
+        id: call.id,
+        name: call.name,
+        input: call.input
+      });
+    }
+    messages.push({ role: "assistant", content: assistantContent });
+    if (sessionLogger) {
+      sessionLogger("assistant", assistantContent, null);
+    }
+    yield {
+      type: "assistant",
+      message: {
+        role: "assistant",
+        content: assistantContent
+      },
+      parent_tool_use_id: null,
+      uuid: uuid(),
+      session_id: sessionId
+    };
+    if (toolCalls.length === 0) {
+      let structuredOutput;
+      if (outputFormat?.type === "json_schema") {
+        const parsed = extractStructuredJson(assistantText);
+        if (!parsed.ok) {
+          yield makeErrorResult({
+            subtype: "error_max_structured_output_retries",
+            errors: [parsed.error],
+            turns,
+            costUsd,
+            sessionId,
+            startTime,
+            apiTimeMs,
+            usage: totalUsage,
+            modelUsage,
+            permissionDenials
+          });
+          return;
+        }
+        structuredOutput = parsed.value;
+      }
+      if (hooks) {
+        await hooks.fire("Stop", {
+          event: "Stop",
+          hook_event_name: "Stop",
+          session_id: sessionId,
+          text: assistantText || undefined,
+          stop_reason: turnStopReason ?? undefined
+        }, undefined, {
+          signal
+        });
+      }
+      if (hooks) {
+        await hooks.fire("SessionEnd", {
+          event: "SessionEnd",
+          hook_event_name: "SessionEnd",
+          session_id: sessionId,
+          reason: "other"
+        }, undefined, { signal });
+      }
+      yield {
+        type: "result",
+        subtype: "success",
+        duration_ms: Date.now() - startTime,
+        duration_api_ms: apiTimeMs,
+        is_error: false,
+        num_turns: turns,
+        result: assistantText,
+        stop_reason: turnStopReason,
+        total_cost_usd: costUsd,
+        usage: totalUsage,
+        modelUsage,
+        permission_denials: permissionDenials,
+        structured_output: structuredOutput,
+        uuid: uuid(),
+        session_id: sessionId
+      };
+      return;
+    }
+    const toolResults = [];
+    for (const call of toolCalls) {
+      let hookDenied = false;
+      let hookUpdatedInput;
+      if (hooks) {
+        const hookResult = await hooks.fire("PreToolUse", {
+          event: "PreToolUse",
+          hook_event_name: "PreToolUse",
+          tool_name: call.name,
+          tool_input: call.input,
+          session_id: sessionId
+        }, call.id, { signal });
+        if (hookResult) {
+          if (hookResult.permissionDecision === "deny") {
+            hookDenied = true;
+          }
+          if (hookResult.updatedInput !== undefined) {
+            hookUpdatedInput = hookResult.updatedInput;
+          }
+        }
+      }
+      if (hookDenied) {
+        const denyContent = "Denied by hook";
+        toolResults.push({
+          type: "tool_result",
+          tool_use_id: call.id,
+          content: denyContent,
+          is_error: true
+        });
+        if (hooks) {
+          await hooks.fire("PostToolUseFailure", { event: "PostToolUseFailure", tool_name: call.name, tool_result: denyContent, tool_error: true, session_id: sessionId }, call.id, { signal });
+        }
+        continue;
+      }
+      const inputAfterHook = hookUpdatedInput !== undefined ? hookUpdatedInput : call.input;
+      const permResult = await permissions.check(call.name, inputAfterHook ?? {}, { signal, toolUseId: call.id });
+      if (permResult.behavior === "deny") {
+        const denyContent = `Permission denied: ${permResult.message}`;
+        permissionDenials.push({
+          tool_name: call.name,
+          tool_use_id: call.id,
+          tool_input: inputAfterHook ?? {}
+        });
+        toolResults.push({
+          type: "tool_result",
+          tool_use_id: call.id,
+          content: denyContent,
+          is_error: true
+        });
+        if (hooks) {
+          await hooks.fire("PostToolUseFailure", { event: "PostToolUseFailure", tool_name: call.name, tool_result: denyContent, tool_error: true, session_id: sessionId }, call.id, { signal });
+        }
+        continue;
+      }
+      const toolInput = permResult.behavior === "allow" && permResult.updatedInput ? permResult.updatedInput : inputAfterHook;
+      let result;
+      if (call.name === "memory" && nativeMemoryTool) {
+        try {
+          const content = await nativeMemoryTool.execute(toolInput);
+          result = { content, isError: content.startsWith("Error:") };
+        } catch (err) {
+          const message = err instanceof Error ? err.message : String(err);
+          result = { content: `Error: ${message}`, isError: true };
+        }
+      } else {
+        const toolCtx = {
+          cwd,
+          signal,
+          sessionId,
+          env
+        };
+        result = await tools.execute(call.name, toolInput, toolCtx);
+      }
+      if (call.name === "ExitPlanMode") {
+        permissions.setMode("default");
+      }
+      if (debug) {
+        console.error(`[debug] Tool ${call.name}: ${result.isError ? "ERROR" : "OK"} (${result.content.length} chars)`);
+      }
+      if (hooks) {
+        if (result.isError) {
+          await hooks.fire("PostToolUseFailure", {
+            event: "PostToolUseFailure",
+            hook_event_name: "PostToolUseFailure",
+            tool_name: call.name,
+            tool_result: result.content,
+            tool_error: true,
+            session_id: sessionId
+          }, call.id, { signal });
+        } else {
+          const postResult = await hooks.fire("PostToolUse", {
+            event: "PostToolUse",
+            hook_event_name: "PostToolUse",
+            tool_name: call.name,
+            tool_result: result.content,
+            session_id: sessionId
+          }, call.id, { signal });
+          if (postResult?.additionalContext) {
+            result.content += `
+${postResult.additionalContext}`;
+          }
+        }
+      }
+      toolResults.push({
+        type: "tool_result",
+        tool_use_id: call.id,
+        content: result.content,
+        is_error: result.isError
+      });
     }
-  }
-  readJson(path) {
-    try {
-      const content = readFileSync(path, "utf-8");
-      return JSON.parse(content);
-    } catch {
-      return null;
+    messages.push({ role: "user", content: toolResults });
+    if (sessionLogger) {
+      sessionLogger("user", toolResults, null);
     }
+    yield {
+      type: "user",
+      message: {
+        role: "user",
+        content: toolResults
+      },
+      parent_tool_use_id: null,
+      isSynthetic: true,
+      uuid: uuid(),
+      session_id: sessionId
+    };
   }
-  parseRule(s) {
-    const match = s.match(/^([^(]+)\((.+)\)$/);
-    if (match)
-      return { toolName: match[1], ruleContent: match[2] };
-    return { toolName: s };
-  }
-  serializeRule(rule) {
-    return rule.ruleContent ? `${rule.toolName}(${rule.ruleContent})` : rule.toolName;
-  }
-}
-
-// src/types.ts
-function uuid() {
-  return crypto.randomUUID();
-}
-function emptyTokenUsage() {
-  return {
-    inputTokens: 0,
-    outputTokens: 0,
-    cacheReadInputTokens: 0,
-    cacheCreationInputTokens: 0
-  };
-}
-function mergeUsage(a, b) {
-  return {
-    inputTokens: a.inputTokens + b.inputTokens,
-    outputTokens: a.outputTokens + b.outputTokens,
-    cacheReadInputTokens: a.cacheReadInputTokens + b.cacheReadInputTokens,
-    cacheCreationInputTokens: a.cacheCreationInputTokens + b.cacheCreationInputTokens
-  };
 }
 
 // src/utils/cost.ts
@@ -1262,6 +1470,22 @@ var CODEX_MODELS = new Set([
   "gpt-5-codex",
   "gpt-5-codex-mini"
 ]);
+var OPENAI_MAX_TOOL_NAME = 64;
+function sanitizeToolName(name) {
+  const clean = name.replace(/[^a-zA-Z0-9_-]/g, "_");
+  if (clean.length <= OPENAI_MAX_TOOL_NAME)
+    return clean;
+  const hash = simpleHash(name);
+  return clean.slice(0, OPENAI_MAX_TOOL_NAME - 7) + "_" + hash;
+}
+function simpleHash(s) {
+  let h = 2166136261;
+  for (let i = 0;i < s.length; i++) {
+    h ^= s.charCodeAt(i);
+    h = Math.imul(h, 16777619);
+  }
+  return (h >>> 0).toString(16).padStart(8, "0").slice(0, 6);
+}
 
 class OpenAIAdapter {
   name = "openai";
@@ -1269,6 +1493,7 @@ class OpenAIAdapter {
   codexMode;
   accountId;
   currentAccessToken;
+  toolNameMap = new Map;
   constructor(options) {
     const key = options?.apiKey ?? process.env.OPENAI_API_KEY;
     if (key) {
@@ -1301,6 +1526,15 @@ class OpenAIAdapter {
     }
   }
   async* chat(request) {
+    this.toolNameMap.clear();
+    if (request.tools) {
+      for (const tool of request.tools) {
+        const sanitized = sanitizeToolName(tool.name);
+        if (sanitized !== tool.name) {
+          this.toolNameMap.set(sanitized, tool.name);
+        }
+      }
+    }
     if (this.codexMode) {
       yield* this.chatResponses(request);
     } else {
@@ -1402,7 +1636,7 @@ class OpenAIAdapter {
       yield {
         type: "tool_call",
         id: buf.id,
-        name: buf.name,
+        name: this.resolveToolName(buf.name),
         input
       };
     }
@@ -1446,7 +1680,7 @@ class OpenAIAdapter {
             yield {
               type: "tool_call",
               id: item.call_id,
-              name: item.name,
+              name: this.resolveToolName(item.name),
               input: parsedInput
             };
           }
@@ -1513,7 +1747,7 @@ class OpenAIAdapter {
               id: block.id,
               type: "function",
               function: {
-                name: block.name,
+                name: sanitizeToolName(block.name),
                 arguments: JSON.stringify(block.input)
               }
             });
@@ -1578,7 +1812,7 @@ class OpenAIAdapter {
           result.push({
             type: "function_call",
             call_id: tu.id,
-            name: tu.name,
+            name: sanitizeToolName(tu.name),
             arguments: JSON.stringify(tu.input)
           });
         }
@@ -1610,7 +1844,7 @@ class OpenAIAdapter {
     return tools.map((tool) => ({
       type: "function",
       function: {
-        name: tool.name,
+        name: sanitizeToolName(tool.name),
         description: tool.description,
         parameters: tool.inputSchema
       }
@@ -1619,12 +1853,15 @@ class OpenAIAdapter {
   convertToolsForResponses(tools) {
     return tools.map((tool) => ({
       type: "function",
-      name: tool.name,
+      name: sanitizeToolName(tool.name),
       description: tool.description,
       parameters: tool.inputSchema,
       strict: false
     }));
   }
+  resolveToolName(name) {
+    return this.toolNameMap.get(name) ?? name;
+  }
   mapStopReason(reason) {
     switch (reason) {
       case "stop":
@@ -2374,7 +2611,7 @@ function resolvePath(filePath, cwd) {
 
 // src/tools/write.ts
 import { mkdir } from "fs/promises";
-import { dirname as dirname2 } from "path";
+import { dirname } from "path";
 var WriteTool = {
   name: "Write",
   description: "Writes content to a file. Creates parent directories if needed. " + "Overwrites existing files.",
@@ -2402,7 +2639,7 @@ var WriteTool = {
     }
     const resolvedPath = file_path.startsWith("/") ? file_path : `${ctx.cwd}/${file_path}`;
     try {
-      const dir = dirname2(resolvedPath);
+      const dir = dirname(resolvedPath);
       await mkdir(dir, { recursive: true });
       await Bun.write(resolvedPath, content);
       const lines = content.split(`
@@ -2963,7 +3200,7 @@ var AskUserQuestionTool = {
 
 // src/tools/todo-write.ts
 import { mkdir as mkdir2, writeFile as writeFile2 } from "fs/promises";
-import { dirname as dirname3, join as join4 } from "path";
+import { dirname as dirname2, join as join3 } from "path";
 var TodoWriteTool = {
   name: "TodoWrite",
   description: "Write/update task todo items for the current session.",
@@ -2995,9 +3232,9 @@ var TodoWriteTool = {
         return { content: "Error: each todo requires content and status", isError: true };
       }
     }
-    const filePath = join4(ctx.cwd, ".claude", "todos.json");
+    const filePath = join3(ctx.cwd, ".claude", "todos.json");
     try {
-      await mkdir2(dirname3(filePath), { recursive: true });
+      await mkdir2(dirname2(filePath), { recursive: true });
       const payload = {
         updatedAt: new Date().toISOString(),
         todos
@@ -3016,11 +3253,11 @@ var TodoWriteTool = {
 
 // src/tools/config.ts
 import { mkdir as mkdir3, readFile as readFile2, writeFile as writeFile3 } from "fs/promises";
-import { join as join5, dirname as dirname4 } from "path";
+import { join as join4, dirname as dirname3 } from "path";
 function scopePath(cwd, scope) {
   if (scope === "project")
-    return join5(cwd, ".claude", "settings.json");
-  return join5(cwd, ".claude", "settings.local.json");
+    return join4(cwd, ".claude", "settings.json");
+  return join4(cwd, ".claude", "settings.local.json");
 }
 function setByPath(obj, keyPath, value) {
   const keys = keyPath.split(".").filter(Boolean);
@@ -3101,7 +3338,7 @@ var ConfigTool = {
     }
     setByPath(data, key, value);
     try {
-      await mkdir3(dirname4(filePath), { recursive: true });
+      await mkdir3(dirname3(filePath), { recursive: true });
       await writeFile3(filePath, JSON.stringify(data, null, 2) + `
 `, "utf-8");
       return { content: `Updated ${key} in ${filePath}` };
@@ -3149,904 +3386,681 @@ function buildToolRegistry(toolNames, allowedTools, disallowedTools) {
   const registry = new ToolRegistry;
   for (const name of toolNames) {
     if (disallowedTools?.includes(name))
-      continue;
-    const tool = ALL_TOOLS[name];
-    if (tool) {
-      registry.register(tool);
-    }
-  }
-  return registry;
-}
-
-// src/skills/frontmatter.ts
-import { parse } from "yaml";
-function normalizeNewlines(value) {
-  return value.replace(/\r\n/g, `
-`).replace(/\r/g, `
-`);
-}
-function extractFrontmatter(content) {
-  const normalized = normalizeNewlines(content);
-  if (!normalized.startsWith("---")) {
-    return { yamlString: null, body: normalized };
-  }
-  const endIndex = normalized.indexOf(`
----`, 3);
-  if (endIndex === -1) {
-    return { yamlString: null, body: normalized };
-  }
-  return {
-    yamlString: normalized.slice(4, endIndex),
-    body: normalized.slice(endIndex + 4).trim()
-  };
-}
-function parseFrontmatter(content) {
-  const { yamlString, body } = extractFrontmatter(content);
-  if (!yamlString) {
-    return { frontmatter: {}, body };
-  }
-  const parsed = parse(yamlString);
-  return { frontmatter: parsed ?? {}, body };
-}
-function stripFrontmatter(content) {
-  return parseFrontmatter(content).body;
-}
-
-// src/skills/skills.ts
-import { existsSync as existsSync4, readdirSync, readFileSync as readFileSync4, realpathSync, statSync } from "fs";
-import { homedir as homedir4 } from "os";
-import { basename, dirname as dirname5, isAbsolute, join as join6, resolve } from "path";
-var MAX_NAME_LENGTH = 64;
-var MAX_DESCRIPTION_LENGTH = 1024;
-var MAX_COMPATIBILITY_LENGTH = 500;
-var CONFIG_DIR_NAME = ".claude";
-function shouldIgnore(name) {
-  return name.startsWith(".") || name === "node_modules";
-}
-function validateName(name, parentDirName) {
-  const errors = [];
-  if (name !== parentDirName) {
-    errors.push(`name "${name}" does not match parent directory "${parentDirName}"`);
-  }
-  if (name.length > MAX_NAME_LENGTH) {
-    errors.push(`name exceeds ${MAX_NAME_LENGTH} characters (${name.length})`);
-  }
-  if (!/^[a-z0-9-]+$/.test(name)) {
-    errors.push(`name contains invalid characters (must be lowercase a-z, 0-9, hyphens only)`);
-  }
-  if (name.startsWith("-") || name.endsWith("-")) {
-    errors.push(`name must not start or end with a hyphen`);
-  }
-  if (name.includes("--")) {
-    errors.push(`name must not contain consecutive hyphens`);
-  }
-  return errors;
-}
-function validateDescription(description) {
-  const errors = [];
-  if (!description || description.trim() === "") {
-    errors.push("description is required");
-  } else if (description.length > MAX_DESCRIPTION_LENGTH) {
-    errors.push(`description exceeds ${MAX_DESCRIPTION_LENGTH} characters (${description.length})`);
-  }
-  return errors;
-}
-function validateCompatibility(compatibility) {
-  if (!compatibility)
-    return [];
-  if (compatibility.length > MAX_COMPATIBILITY_LENGTH) {
-    return [`compatibility exceeds ${MAX_COMPATIBILITY_LENGTH} characters (${compatibility.length})`];
-  }
-  return [];
-}
-function loadSkillsFromDir(options) {
-  return loadSkillsFromDirInternal(options.dir, options.source, true);
-}
-function loadSkillsFromDirInternal(dir, source, includeRootFiles) {
-  const skills = [];
-  const diagnostics = [];
-  if (!existsSync4(dir)) {
-    return { skills, diagnostics };
-  }
-  try {
-    const entries = readdirSync(dir, { withFileTypes: true });
-    for (const entry of entries) {
-      if (shouldIgnore(entry.name)) {
-        continue;
-      }
-      const fullPath = join6(dir, entry.name);
-      let isDirectory = entry.isDirectory();
-      let isFile = entry.isFile();
-      if (entry.isSymbolicLink()) {
-        try {
-          const stats = statSync(fullPath);
-          isDirectory = stats.isDirectory();
-          isFile = stats.isFile();
-        } catch {
-          continue;
-        }
-      }
-      if (isDirectory) {
-        const subResult = loadSkillsFromDirInternal(fullPath, source, false);
-        skills.push(...subResult.skills);
-        diagnostics.push(...subResult.diagnostics);
-        continue;
-      }
-      if (!isFile)
-        continue;
-      const isRootMd = includeRootFiles && entry.name.endsWith(".md");
-      const isSkillMd = !includeRootFiles && entry.name === "SKILL.md";
-      if (!isRootMd && !isSkillMd)
-        continue;
-      const result = loadSkillFromFile(fullPath, source);
-      if (result.skill) {
-        skills.push(result.skill);
-      }
-      diagnostics.push(...result.diagnostics);
-    }
-  } catch {}
-  return { skills, diagnostics };
-}
-function loadSkillFromFile(filePath, source) {
-  const diagnostics = [];
-  try {
-    const rawContent = readFileSync4(filePath, "utf-8");
-    const { frontmatter } = parseFrontmatter(rawContent);
-    const skillDir = dirname5(filePath);
-    const parentDirName = basename(skillDir);
-    const descErrors = validateDescription(frontmatter.description);
-    for (const error of descErrors) {
-      diagnostics.push({ type: "warning", message: error, path: filePath });
-    }
-    const name = frontmatter.name || parentDirName;
-    const nameErrors = validateName(name, parentDirName);
-    for (const error of nameErrors) {
-      diagnostics.push({ type: "warning", message: error, path: filePath });
-    }
-    const compatErrors = validateCompatibility(frontmatter.compatibility);
-    for (const error of compatErrors) {
-      diagnostics.push({ type: "warning", message: error, path: filePath });
-    }
-    if (!frontmatter.description || frontmatter.description.trim() === "") {
-      return { skill: null, diagnostics };
+      continue;
+    const tool = ALL_TOOLS[name];
+    if (tool) {
+      registry.register(tool);
     }
-    const allowedToolsRaw = frontmatter["allowed-tools"];
-    const allowedTools = allowedToolsRaw ? allowedToolsRaw.split(/\s+/).filter(Boolean) : undefined;
-    return {
-      skill: {
-        name,
-        description: frontmatter.description,
-        filePath,
-        baseDir: skillDir,
-        source,
-        disableModelInvocation: frontmatter["disable-model-invocation"] === true,
-        license: frontmatter.license,
-        compatibility: frontmatter.compatibility,
-        metadata: frontmatter.metadata,
-        allowedTools
-      },
-      diagnostics
-    };
-  } catch (error) {
-    const message = error instanceof Error ? error.message : "failed to parse skill file";
-    diagnostics.push({ type: "warning", message, path: filePath });
-    return { skill: null, diagnostics };
   }
+  return registry;
 }
-function normalizePath(input) {
-  const trimmed = input.trim();
-  if (trimmed === "~")
-    return homedir4();
-  if (trimmed.startsWith("~/"))
-    return join6(homedir4(), trimmed.slice(2));
-  if (trimmed.startsWith("~"))
-    return join6(homedir4(), trimmed.slice(1));
-  return trimmed;
+
+// src/permissions.ts
+var SAFE_TOOLS = new Set(["Read", "Glob", "Grep", "WebFetch", "WebSearch"]);
+var EDIT_TOOLS = new Set(["Write", "Edit", "NotebookEdit", "TodoWrite", "Config"]);
+var FS_COMMANDS = ["mkdir", "touch", "rm", "mv", "cp"];
+var DELEGATE_TOOLS = new Set(["Teammate", "Task", "TaskOutput", "TaskStop"]);
+function normalizeRules(rules) {
+  if (!rules)
+    return [];
+  return rules.map((r) => typeof r === "string" ? { toolName: r } : r);
 }
-function resolveSkillPath(p, cwd) {
-  const normalized = normalizePath(p);
-  return isAbsolute(normalized) ? normalized : resolve(cwd, normalized);
+function matchesRule(rules, toolName, input) {
+  for (const rule of rules) {
+    if (rule.toolName !== toolName)
+      continue;
+    if (!rule.ruleContent)
+      return true;
+    const inputStr = toolName === "Bash" ? String(input?.command ?? "") : JSON.stringify(input ?? {});
+    if (inputStr.includes(rule.ruleContent))
+      return true;
+  }
+  return false;
 }
-function loadSkills(options = {}) {
-  const { cwd = process.cwd(), skillPaths = [], includeDefaults = true } = options;
-  const skillMap = new Map;
-  const realPathSet = new Set;
-  const allDiagnostics = [];
-  const collisionDiagnostics = [];
-  function addSkills(result) {
-    allDiagnostics.push(...result.diagnostics);
-    for (const skill of result.skills) {
-      let realPath;
-      try {
-        realPath = realpathSync(skill.filePath);
-      } catch {
-        realPath = skill.filePath;
+
+class PermissionManager {
+  mode;
+  canUseTool;
+  allowRules;
+  denyRules;
+  settingsManager;
+  constructor(mode = "default", canUseTool, permissions, settingsManager) {
+    this.mode = mode;
+    this.canUseTool = canUseTool;
+    this.allowRules = normalizeRules(permissions?.allow);
+    this.denyRules = normalizeRules(permissions?.deny);
+    this.settingsManager = settingsManager;
+  }
+  async check(toolName, input, options) {
+    if (this.mode === "bypassPermissions") {
+      return { behavior: "allow" };
+    }
+    if (matchesRule(this.denyRules, toolName, input)) {
+      return {
+        behavior: "deny",
+        message: `Tool "${toolName}" is denied by permissions config.`
+      };
+    }
+    if (this.mode === "plan") {
+      if (!SAFE_TOOLS.has(toolName)) {
+        return {
+          behavior: "deny",
+          message: `Tool "${toolName}" is not allowed in plan mode. Only read-only tools are available.`
+        };
       }
-      if (realPathSet.has(realPath))
-        continue;
-      const existing = skillMap.get(skill.name);
-      if (existing) {
-        collisionDiagnostics.push({
-          type: "collision",
-          message: `name "${skill.name}" collision`,
-          path: skill.filePath,
-          collision: {
-            resourceType: "skill",
-            name: skill.name,
-            winnerPath: existing.filePath,
-            loserPath: skill.filePath
-          }
-        });
-      } else {
-        skillMap.set(skill.name, skill);
-        realPathSet.add(realPath);
+      return { behavior: "allow" };
+    }
+    if (this.mode === "delegate") {
+      if (!DELEGATE_TOOLS.has(toolName) && !SAFE_TOOLS.has(toolName)) {
+        return {
+          behavior: "deny",
+          message: `Tool "${toolName}" is not allowed in delegate mode. Only Teammate, Task, and read-only tools are available.`
+        };
       }
+      return { behavior: "allow" };
     }
-  }
-  if (includeDefaults) {
-    const userSkillsDir = join6(homedir4(), CONFIG_DIR_NAME, "skills");
-    const projectSkillsDir = resolve(cwd, CONFIG_DIR_NAME, "skills");
-    addSkills(loadSkillsFromDirInternal(userSkillsDir, "user", true));
-    addSkills(loadSkillsFromDirInternal(projectSkillsDir, "project", true));
-  }
-  for (const rawPath of skillPaths) {
-    const resolvedPath = resolveSkillPath(rawPath, cwd);
-    if (!existsSync4(resolvedPath)) {
-      allDiagnostics.push({ type: "warning", message: "skill path does not exist", path: resolvedPath });
-      continue;
+    if (matchesRule(this.allowRules, toolName, input)) {
+      return { behavior: "allow" };
     }
-    try {
-      const stats = statSync(resolvedPath);
-      if (stats.isDirectory()) {
-        addSkills(loadSkillsFromDirInternal(resolvedPath, "path", true));
-      } else if (stats.isFile() && resolvedPath.endsWith(".md")) {
-        const result = loadSkillFromFile(resolvedPath, "path");
-        if (result.skill) {
-          addSkills({ skills: [result.skill], diagnostics: result.diagnostics });
-        } else {
-          allDiagnostics.push(...result.diagnostics);
+    if (SAFE_TOOLS.has(toolName)) {
+      return { behavior: "allow" };
+    }
+    if (this.mode === "acceptEdits") {
+      if (EDIT_TOOLS.has(toolName)) {
+        return { behavior: "allow" };
+      }
+      if (toolName === "Bash") {
+        const cmd = String(input?.command ?? "").trimStart();
+        if (FS_COMMANDS.some((fc) => cmd.startsWith(fc + " ") || cmd === fc)) {
+          return { behavior: "allow" };
         }
-      } else {
-        allDiagnostics.push({ type: "warning", message: "skill path is not a markdown file", path: resolvedPath });
       }
-    } catch (error) {
-      const message = error instanceof Error ? error.message : "failed to read skill path";
-      allDiagnostics.push({ type: "warning", message, path: resolvedPath });
     }
+    if (this.canUseTool) {
+      const result = await this.canUseTool(toolName, input, {
+        ...options,
+        toolUseID: options.toolUseId,
+        agentID: options.agentId
+      });
+      if (result.behavior === "allow" && result.updatedPermissions) {
+        this.applyPermissionUpdates(result.updatedPermissions);
+      }
+      return result;
+    }
+    if (this.mode === "dontAsk") {
+      return {
+        behavior: "deny",
+        message: `Tool "${toolName}" requires approval. In dontAsk mode, tools must be pre-approved via permissions config.`
+      };
+    }
+    return { behavior: "allow" };
   }
-  return {
-    skills: Array.from(skillMap.values()),
-    diagnostics: [...allDiagnostics, ...collisionDiagnostics]
-  };
-}
-function escapeXml(str) {
-  return str.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/"/g, "&quot;").replace(/'/g, "&apos;");
-}
-function formatSkillsForPrompt(skills) {
-  const visibleSkills = skills.filter((s) => !s.disableModelInvocation);
-  if (visibleSkills.length === 0) {
-    return "";
-  }
-  const lines = [
-    "The following skills provide specialized instructions for specific tasks.",
-    "Use the read tool to load a skill's file when the task matches its description.",
-    "When a skill file references a relative path, resolve it against the skill directory (parent of SKILL.md / dirname of the path) and use that absolute path in tool commands.",
-    "",
-    "<available_skills>"
-  ];
-  for (const skill of visibleSkills) {
-    lines.push("  <skill>");
-    lines.push(`    <name>${escapeXml(skill.name)}</name>`);
-    lines.push(`    <description>${escapeXml(skill.description)}</description>`);
-    lines.push(`    <location>${escapeXml(skill.filePath)}</location>`);
-    if (skill.allowedTools?.length) {
-      lines.push(`    <allowed-tools>${escapeXml(skill.allowedTools.join(" "))}</allowed-tools>`);
+  applyPermissionUpdates(updates) {
+    for (const update of updates) {
+      if (this.settingsManager && update.destination !== "session" && update.destination !== "cliArg") {
+        this.settingsManager.persistUpdate(update);
+      }
+      switch (update.type) {
+        case "addRules":
+          for (const rule of update.rules) {
+            if (update.behavior === "allow") {
+              this.allowRules.push(rule);
+            } else if (update.behavior === "deny") {
+              this.denyRules.push(rule);
+            }
+          }
+          break;
+        case "removeRules":
+          for (const rule of update.rules) {
+            if (update.behavior === "allow") {
+              this.allowRules = this.allowRules.filter((r) => !(r.toolName === rule.toolName && r.ruleContent === rule.ruleContent));
+            } else if (update.behavior === "deny") {
+              this.denyRules = this.denyRules.filter((r) => !(r.toolName === rule.toolName && r.ruleContent === rule.ruleContent));
+            }
+          }
+          break;
+        case "replaceRules":
+          if (update.behavior === "allow") {
+            this.allowRules = [...update.rules];
+          } else if (update.behavior === "deny") {
+            this.denyRules = [...update.rules];
+          }
+          break;
+        case "setMode":
+          this.mode = update.mode;
+          break;
+      }
     }
-    lines.push("  </skill>");
   }
-  lines.push("</available_skills>");
-  return lines.join(`
-`);
+  setMode(mode) {
+    this.mode = mode;
+  }
+  getMode() {
+    return this.mode;
+  }
 }
-// src/utils/system-prompt.ts
-import { readFileSync as readFileSync5 } from "fs";
-import { join as join7 } from "path";
-var CORE_IDENTITY = `You are an AI coding agent. You help users with software engineering tasks by reading, writing, and modifying code. You have access to tools that let you interact with the filesystem and execute commands.
-
-You are highly capable and can help users complete complex tasks that would otherwise be too difficult or time-consuming.`;
-var CODING_GUIDELINES = `# Coding Guidelines
-
-- Read files before modifying them. Understand existing code before suggesting changes.
-- Make minimal, focused changes. Only modify what's directly requested or clearly necessary.
-- Don't over-engineer. Keep solutions simple. Don't add features, refactoring, or abstractions beyond what was asked.
-- Don't introduce security vulnerabilities (command injection, XSS, SQL injection, etc.).
-- Use the dedicated tools for file operations instead of shell commands:
-  - Read files with the Read tool (not cat/head/tail)
-  - Edit files with the Edit tool (not sed/awk)
-  - Write files with the Write tool (not echo/cat heredoc)
-  - Search files with Glob (not find/ls) and Grep (not grep/rg)
-  - Use Bash only for system commands that truly require shell execution.`;
-var BASH_GUIDELINES = `# Bash Tool Guidelines
-
-- Use for system commands, git operations, running scripts, and terminal tasks.
-- Always quote file paths with spaces.
-- Prefer absolute paths over cd + relative paths.
-- Don't run destructive commands without clear intent.
-- Capture output \u2014 the result is returned, not displayed interactively.
-- Commands timeout after 120s by default (max 600s).`;
-var EDIT_GUIDELINES = `# Edit Tool Guidelines
-
-- The old_string must match exactly (including indentation and whitespace).
-- The old_string must be unique in the file, or the edit will fail. Provide more surrounding context to make it unique.
-- Use replace_all: true only when you want to replace every occurrence.`;
-var READ_GUIDELINES = `# Read Tool Guidelines
-
-- Returns content with line numbers in cat -n format.
-- Use offset/limit for large files to read specific sections.
-- Lines longer than 2000 characters are truncated.`;
-var GLOB_GUIDELINES = `# Glob Tool Guidelines
 
-- Use glob patterns like "**/*.ts" to find files by name.
-- Results are sorted by modification time (most recent first).`;
-var GREP_GUIDELINES = `# Grep Tool Guidelines
+// src/settings.ts
+import { existsSync as existsSync3, mkdirSync as mkdirSync2, readFileSync as readFileSync3, writeFileSync as writeFileSync3 } from "fs";
+import { dirname as dirname4, join as join5 } from "path";
+import { homedir as homedir3 } from "os";
 
-- Use regex patterns to search file contents.
-- Default output mode is "files_with_matches" (file paths only).
-- Use output_mode: "content" to see matching lines with context.
-- Use -i for case-insensitive search.`;
-var TOOL_SPECIFIC_GUIDELINES = {
-  Bash: BASH_GUIDELINES,
-  Edit: EDIT_GUIDELINES,
-  Read: READ_GUIDELINES,
-  Glob: GLOB_GUIDELINES,
-  Grep: GREP_GUIDELINES
-};
-function buildSystemPrompt(context) {
-  const sections = [CORE_IDENTITY];
-  for (const toolName of context.tools) {
-    const guidelines = TOOL_SPECIFIC_GUIDELINES[toolName];
-    if (guidelines) {
-      sections.push(guidelines);
-    }
+class SettingsManager {
+  cwd;
+  constructor(cwd) {
+    this.cwd = cwd;
   }
-  sections.push(CODING_GUIDELINES);
-  if (context.cwd) {
-    sections.push(`# Environment
-
-Working directory: ${context.cwd}`);
-    if (context.additionalDirectories && context.additionalDirectories.length > 0) {
-      sections.push(`Additional allowed directories:
-${context.additionalDirectories.map((d) => `- ${d}`).join(`
-`)}`);
+  loadPermissions(sources) {
+    const allAllow = [];
+    const allDeny = [];
+    for (const source of sources) {
+      const path = this.sourceToPath(source);
+      const data = this.readJson(path);
+      if (!data?.permissions)
+        continue;
+      const perms = data.permissions;
+      if (Array.isArray(perms.allow)) {
+        for (const rule of perms.allow) {
+          if (typeof rule === "string") {
+            allAllow.push(this.parseRule(rule));
+          }
+        }
+      }
+      if (Array.isArray(perms.deny)) {
+        for (const rule of perms.deny) {
+          if (typeof rule === "string") {
+            allDeny.push(this.parseRule(rule));
+          }
+        }
+      }
     }
-    if (context.loadProjectInstructions) {
-      const instructions = readProjectInstructions(context.cwd);
-      if (instructions) {
-        sections.push(`# Project Instructions
-
-${instructions}`);
+    const result = {};
+    if (allAllow.length > 0)
+      result.allow = allAllow;
+    if (allDeny.length > 0)
+      result.deny = allDeny;
+    return result;
+  }
+  persistUpdate(update) {
+    const path = this.destinationToPath(update.destination);
+    if (!path)
+      return;
+    const data = this.readJson(path) ?? {};
+    if (!data.permissions)
+      data.permissions = {};
+    const perms = data.permissions;
+    switch (update.type) {
+      case "addRules": {
+        const key = update.behavior;
+        const existing = Array.isArray(perms[key]) ? perms[key] : [];
+        const newRules = update.rules.map((r) => this.serializeRule(r));
+        const set = new Set(existing);
+        for (const rule of newRules)
+          set.add(rule);
+        perms[key] = [...set];
+        break;
+      }
+      case "removeRules": {
+        const key = update.behavior;
+        if (!Array.isArray(perms[key]))
+          break;
+        const toRemove = new Set(update.rules.map((r) => this.serializeRule(r)));
+        perms[key] = perms[key].filter((r) => !toRemove.has(r));
+        break;
+      }
+      case "replaceRules": {
+        const key = update.behavior;
+        perms[key] = update.rules.map((r) => this.serializeRule(r));
+        break;
       }
+      case "setMode": {
+        perms.defaultMode = update.mode;
+        break;
+      }
+      default:
+        return;
     }
+    const dir = dirname4(path);
+    if (!existsSync3(dir))
+      mkdirSync2(dir, { recursive: true });
+    writeFileSync3(path, JSON.stringify(data, null, 2) + `
+`);
   }
-  if (context.skills && context.skills.length > 0) {
-    const skillsPrompt = formatSkillsForPrompt(context.skills);
-    if (skillsPrompt) {
-      sections.push(`# Skills
-
-${skillsPrompt}`);
+  sourceToPath(source) {
+    switch (source) {
+      case "user":
+        return join5(homedir3(), ".claude", "settings.json");
+      case "project":
+        return join5(this.cwd, ".claude", "settings.json");
+      case "local":
+        return join5(this.cwd, ".claude", "settings.local.json");
     }
   }
-  if (context.customPrompt) {
-    sections.push(context.customPrompt);
+  destinationToPath(destination) {
+    switch (destination) {
+      case "userSettings":
+        return join5(homedir3(), ".claude", "settings.json");
+      case "projectSettings":
+        return join5(this.cwd, ".claude", "settings.json");
+      case "localSettings":
+        return join5(this.cwd, ".claude", "settings.local.json");
+      default:
+        return null;
+    }
   }
-  return sections.join(`
-
-`);
-}
-function readProjectInstructions(cwd) {
-  for (const name of ["CLAUDE.md", "AGENTS.md"]) {
+  readJson(path) {
     try {
-      const content = readFileSync5(join7(cwd, name), "utf-8").trim();
-      if (content)
-        return content;
-    } catch {}
+      const content = readFileSync3(path, "utf-8");
+      return JSON.parse(content);
+    } catch {
+      return null;
+    }
+  }
+  parseRule(s) {
+    const match = s.match(/^([^(]+)\((.+)\)$/);
+    if (match)
+      return { toolName: match[1], ruleContent: match[2] };
+    return { toolName: s };
+  }
+  serializeRule(rule) {
+    return rule.ruleContent ? `${rule.toolName}(${rule.ruleContent})` : rule.toolName;
   }
-  return null;
 }
 
-// src/agent-loop.ts
-function makeModelUsageEntry() {
-  return {
-    inputTokens: 0,
-    outputTokens: 0,
-    cacheReadInputTokens: 0,
-    cacheCreationInputTokens: 0,
-    totalCostUsd: 0
-  };
+// src/skills/frontmatter.ts
+import { parse } from "yaml";
+function normalizeNewlines(value) {
+  return value.replace(/\r\n/g, `
+`).replace(/\r/g, `
+`);
 }
-function makeErrorResult(params) {
+function extractFrontmatter(content) {
+  const normalized = normalizeNewlines(content);
+  if (!normalized.startsWith("---")) {
+    return { yamlString: null, body: normalized };
+  }
+  const endIndex = normalized.indexOf(`
+---`, 3);
+  if (endIndex === -1) {
+    return { yamlString: null, body: normalized };
+  }
   return {
-    type: "result",
-    subtype: params.subtype,
-    duration_ms: Date.now() - params.startTime,
-    duration_api_ms: params.apiTimeMs,
-    is_error: true,
-    num_turns: params.turns,
-    stop_reason: null,
-    total_cost_usd: params.costUsd,
-    usage: params.usage,
-    modelUsage: params.modelUsage,
-    permission_denials: params.permissionDenials,
-    errors: params.errors,
-    uuid: uuid(),
-    session_id: params.sessionId
+    yamlString: normalized.slice(4, endIndex),
+    body: normalized.slice(endIndex + 4).trim()
   };
 }
-function extractStructuredJson(text) {
-  const trimmed = text.trim();
-  if (!trimmed) {
-    return { ok: false, error: "Empty result text; expected JSON output." };
+function parseFrontmatter(content) {
+  const { yamlString, body } = extractFrontmatter(content);
+  if (!yamlString) {
+    return { frontmatter: {}, body };
+  }
+  const parsed = parse(yamlString);
+  return { frontmatter: parsed ?? {}, body };
+}
+function stripFrontmatter(content) {
+  return parseFrontmatter(content).body;
+}
+
+// src/skills/skills.ts
+import { existsSync as existsSync4, readdirSync, readFileSync as readFileSync4, realpathSync, statSync } from "fs";
+import { homedir as homedir4 } from "os";
+import { basename, dirname as dirname5, isAbsolute, join as join6, resolve } from "path";
+var MAX_NAME_LENGTH = 64;
+var MAX_DESCRIPTION_LENGTH = 1024;
+var MAX_COMPATIBILITY_LENGTH = 500;
+var CONFIG_DIR_NAME = ".claude";
+function shouldIgnore(name) {
+  return name.startsWith(".") || name === "node_modules";
+}
+function validateName(name, parentDirName) {
+  const errors = [];
+  if (name !== parentDirName) {
+    errors.push(`name "${name}" does not match parent directory "${parentDirName}"`);
   }
-  const fenced = trimmed.match(/```(?:json)?\s*([\s\S]*?)\s*```/i);
-  const candidate = fenced ? fenced[1].trim() : trimmed;
-  try {
-    return { ok: true, value: JSON.parse(candidate) };
-  } catch (err) {
-    const message = err instanceof Error ? err.message : String(err);
-    return { ok: false, error: `Invalid JSON output: ${message}` };
+  if (name.length > MAX_NAME_LENGTH) {
+    errors.push(`name exceeds ${MAX_NAME_LENGTH} characters (${name.length})`);
   }
-}
-async function* agentLoop(prompt, options) {
-  const {
-    provider,
-    model,
-    fallbackModel,
-    modelState,
-    maxThinkingTokensState,
-    thinking,
-    effort,
-    outputFormat,
-    systemPrompt,
-    tools,
-    permissions,
-    cwd,
-    sessionId,
-    maxTurns,
-    maxBudgetUsd,
-    includePartialMessages,
-    signal,
-    env,
-    debug,
-    hooks,
-    mcpClient,
-    previousMessages,
-    sessionLogger,
-    nativeMemoryTool,
-    initMeta
-  } = options;
-  const effectiveModelState = modelState ?? { current: model };
-  const startTime = Date.now();
-  let apiTimeMs = 0;
-  let turns = 0;
-  let totalUsage = emptyTokenUsage();
-  let costUsd = 0;
-  const modelUsage = {};
-  const permissionDenials = [];
-  if (mcpClient) {
-    await mcpClient.connectAll();
-    for (const tool of mcpClient.getTools()) {
-      tools.register(tool);
-    }
-    const { createListMcpResourcesTool: createListMcpResourcesTool2, createReadMcpResourceTool: createReadMcpResourceTool2 } = await Promise.resolve().then(() => exports_mcp_resources);
-    tools.register(createListMcpResourcesTool2(mcpClient));
-    tools.register(createReadMcpResourceTool2(mcpClient));
+  if (!/^[a-z0-9-]+$/.test(name)) {
+    errors.push(`name contains invalid characters (must be lowercase a-z, 0-9, hyphens only)`);
   }
-  const messages = [
-    ...previousMessages ?? [],
-    { role: "user", content: prompt }
-  ];
-  if (sessionLogger) {
-    sessionLogger("user", prompt, null);
+  if (name.startsWith("-") || name.endsWith("-")) {
+    errors.push(`name must not start or end with a hyphen`);
   }
-  yield {
-    type: "system",
-    subtype: "init",
-    apiKeySource: "user",
-    claude_code_version: "fourmis-agent-sdk",
-    session_id: sessionId,
-    model: effectiveModelState.current,
-    tools: tools.list(),
-    cwd,
-    mcp_servers: (mcpClient?.status() ?? []).map((s) => ({ name: s.name, status: s.status })),
-    permissionMode: permissions.getMode(),
-    agents: initMeta?.agents,
-    betas: initMeta?.betas,
-    slash_commands: initMeta?.slashCommands ?? [],
-    output_style: initMeta?.outputStyle ?? "default",
-    skills: initMeta?.skills ?? [],
-    plugins: (initMeta?.plugins ?? []).map((p) => ({ name: p.path.split("/").pop() ?? p.path, path: p.path })),
-    uuid: uuid()
-  };
-  if (hooks) {
-    await hooks.fire("Setup", {
-      event: "Setup",
-      hook_event_name: "Setup",
-      trigger: "init",
-      session_id: sessionId,
-      cwd,
-      permission_mode: permissions.getMode()
-    }, undefined, { signal });
+  if (name.includes("--")) {
+    errors.push(`name must not contain consecutive hyphens`);
   }
-  if (hooks) {
-    await hooks.fire("SessionStart", {
-      event: "SessionStart",
-      hook_event_name: "SessionStart",
-      session_id: sessionId,
-      source: "startup",
-      model: effectiveModelState.current,
-      cwd,
-      permission_mode: permissions.getMode()
-    }, undefined, { signal });
+  return errors;
+}
+function validateDescription(description) {
+  const errors = [];
+  if (!description || description.trim() === "") {
+    errors.push("description is required");
+  } else if (description.length > MAX_DESCRIPTION_LENGTH) {
+    errors.push(`description exceeds ${MAX_DESCRIPTION_LENGTH} characters (${description.length})`);
   }
-  while (true) {
-    if (signal.aborted) {
-      yield makeErrorResult({
-        subtype: "error_during_execution",
-        errors: ["Aborted"],
-        turns,
-        costUsd,
-        sessionId,
-        startTime,
-        apiTimeMs,
-        usage: totalUsage,
-        modelUsage,
-        permissionDenials
-      });
-      return;
-    }
-    if (turns >= maxTurns) {
-      yield makeErrorResult({
-        subtype: "error_max_turns",
-        errors: [`Reached maximum turns (${maxTurns})`],
-        turns,
-        costUsd,
-        sessionId,
-        startTime,
-        apiTimeMs,
-        usage: totalUsage,
-        modelUsage,
-        permissionDenials
-      });
-      return;
-    }
-    if (maxBudgetUsd > 0 && costUsd >= maxBudgetUsd) {
-      yield makeErrorResult({
-        subtype: "error_max_budget_usd",
-        errors: [],
-        turns,
-        costUsd,
-        sessionId,
-        startTime,
-        apiTimeMs,
-        usage: totalUsage,
-        modelUsage,
-        permissionDenials
-      });
-      return;
-    }
-    const activeModel = effectiveModelState.current;
-    const toolDefs = tools.getDefinitions();
-    const apiStart = Date.now();
-    let assistantTextParts = [];
-    const toolCalls = [];
-    let turnUsage = emptyTokenUsage();
-    let turnStopReason = null;
-    const nativeTools = nativeMemoryTool ? [nativeMemoryTool.definition] : undefined;
-    try {
-      const chunks = provider.chat({
-        model: activeModel,
-        messages,
-        tools: toolDefs.length > 0 ? toolDefs : undefined,
-        systemPrompt,
-        signal,
-        nativeTools,
-        thinkingBudget: maxThinkingTokensState?.current,
-        thinking,
-        effort,
-        outputFormat
-      });
-      for await (const chunk of chunks) {
-        switch (chunk.type) {
-          case "text_delta":
-            assistantTextParts.push(chunk.text);
-            if (includePartialMessages) {
-              yield {
-                type: "stream_event",
-                event: { type: "text_delta", text: chunk.text },
-                parent_tool_use_id: null,
-                uuid: uuid(),
-                session_id: sessionId
-              };
-            }
-            break;
-          case "thinking_delta":
-            if (includePartialMessages) {
-              yield {
-                type: "stream_event",
-                event: { type: "thinking_delta", thinking: chunk.text },
-                parent_tool_use_id: null,
-                uuid: uuid(),
-                session_id: sessionId
-              };
-            }
-            break;
-          case "tool_call":
-            toolCalls.push({ id: chunk.id, name: chunk.name, input: chunk.input });
-            break;
-          case "usage":
-            turnUsage = mergeUsage(turnUsage, chunk.usage);
-            break;
-          case "done":
-            turnStopReason = chunk.stopReason ?? null;
-            break;
+  return errors;
+}
+function validateCompatibility(compatibility) {
+  if (!compatibility)
+    return [];
+  if (compatibility.length > MAX_COMPATIBILITY_LENGTH) {
+    return [`compatibility exceeds ${MAX_COMPATIBILITY_LENGTH} characters (${compatibility.length})`];
+  }
+  return [];
+}
+function loadSkillsFromDir(options) {
+  return loadSkillsFromDirInternal(options.dir, options.source, true);
+}
+function loadSkillsFromDirInternal(dir, source, includeRootFiles) {
+  const skills = [];
+  const diagnostics = [];
+  if (!existsSync4(dir)) {
+    return { skills, diagnostics };
+  }
+  try {
+    const entries = readdirSync(dir, { withFileTypes: true });
+    for (const entry of entries) {
+      if (shouldIgnore(entry.name)) {
+        continue;
+      }
+      const fullPath = join6(dir, entry.name);
+      let isDirectory = entry.isDirectory();
+      let isFile = entry.isFile();
+      if (entry.isSymbolicLink()) {
+        try {
+          const stats = statSync(fullPath);
+          isDirectory = stats.isDirectory();
+          isFile = stats.isFile();
+        } catch {
+          continue;
         }
       }
-    } catch (err) {
-      const message = err instanceof Error ? err.message : String(err);
-      if (fallbackModel && activeModel !== fallbackModel) {
-        effectiveModelState.current = fallbackModel;
-        yield {
-          type: "system",
-          subtype: "status",
-          status: null,
-          permissionMode: permissions.getMode(),
-          uuid: uuid(),
-          session_id: sessionId
-        };
+      if (isDirectory) {
+        const subResult = loadSkillsFromDirInternal(fullPath, source, false);
+        skills.push(...subResult.skills);
+        diagnostics.push(...subResult.diagnostics);
         continue;
       }
-      yield makeErrorResult({
-        subtype: "error_during_execution",
-        errors: [`API error: ${message}`],
-        turns,
-        costUsd,
-        sessionId,
-        startTime,
-        apiTimeMs,
-        usage: totalUsage,
-        modelUsage,
-        permissionDenials
-      });
-      return;
+      if (!isFile)
+        continue;
+      const isRootMd = includeRootFiles && entry.name.endsWith(".md");
+      const isSkillMd = !includeRootFiles && entry.name === "SKILL.md";
+      if (!isRootMd && !isSkillMd)
+        continue;
+      const result = loadSkillFromFile(fullPath, source);
+      if (result.skill) {
+        skills.push(result.skill);
+      }
+      diagnostics.push(...result.diagnostics);
     }
-    apiTimeMs += Date.now() - apiStart;
-    turns++;
-    totalUsage = mergeUsage(totalUsage, turnUsage);
-    const turnCost = provider.calculateCost(activeModel, turnUsage);
-    costUsd += turnCost;
-    if (!modelUsage[activeModel]) {
-      modelUsage[activeModel] = makeModelUsageEntry();
+  } catch {}
+  return { skills, diagnostics };
+}
+function loadSkillFromFile(filePath, source) {
+  const diagnostics = [];
+  try {
+    const rawContent = readFileSync4(filePath, "utf-8");
+    const { frontmatter } = parseFrontmatter(rawContent);
+    const skillDir = dirname5(filePath);
+    const parentDirName = basename(skillDir);
+    const descErrors = validateDescription(frontmatter.description);
+    for (const error of descErrors) {
+      diagnostics.push({ type: "warning", message: error, path: filePath });
     }
-    modelUsage[activeModel].inputTokens += turnUsage.inputTokens;
-    modelUsage[activeModel].outputTokens += turnUsage.outputTokens;
-    modelUsage[activeModel].cacheReadInputTokens += turnUsage.cacheReadInputTokens;
-    modelUsage[activeModel].cacheCreationInputTokens += turnUsage.cacheCreationInputTokens;
-    modelUsage[activeModel].totalCostUsd += turnCost;
-    modelUsage[activeModel].webSearchRequests = (modelUsage[activeModel].webSearchRequests ?? 0) + (turnUsage.webSearchRequests ?? 0);
-    modelUsage[activeModel].costUSD = modelUsage[activeModel].totalCostUsd;
-    modelUsage[activeModel].contextWindow = provider.getContextWindow(activeModel);
-    const assistantText = assistantTextParts.join("");
-    const assistantContent = [];
-    if (assistantText) {
-      assistantContent.push({ type: "text", text: assistantText });
+    const name = frontmatter.name || parentDirName;
+    const nameErrors = validateName(name, parentDirName);
+    for (const error of nameErrors) {
+      diagnostics.push({ type: "warning", message: error, path: filePath });
     }
-    for (const call of toolCalls) {
-      assistantContent.push({
-        type: "tool_use",
-        id: call.id,
-        name: call.name,
-        input: call.input
-      });
+    const compatErrors = validateCompatibility(frontmatter.compatibility);
+    for (const error of compatErrors) {
+      diagnostics.push({ type: "warning", message: error, path: filePath });
     }
-    messages.push({ role: "assistant", content: assistantContent });
-    if (sessionLogger) {
-      sessionLogger("assistant", assistantContent, null);
+    if (!frontmatter.description || frontmatter.description.trim() === "") {
+      return { skill: null, diagnostics };
     }
-    yield {
-      type: "assistant",
-      message: {
-        role: "assistant",
-        content: assistantContent
+    const allowedToolsRaw = frontmatter["allowed-tools"];
+    const allowedTools = allowedToolsRaw ? allowedToolsRaw.split(/\s+/).filter(Boolean) : undefined;
+    return {
+      skill: {
+        name,
+        description: frontmatter.description,
+        filePath,
+        baseDir: skillDir,
+        source,
+        disableModelInvocation: frontmatter["disable-model-invocation"] === true,
+        license: frontmatter.license,
+        compatibility: frontmatter.compatibility,
+        metadata: frontmatter.metadata,
+        allowedTools
       },
-      parent_tool_use_id: null,
-      uuid: uuid(),
-      session_id: sessionId
+      diagnostics
     };
-    if (toolCalls.length === 0) {
-      let structuredOutput;
-      if (outputFormat?.type === "json_schema") {
-        const parsed = extractStructuredJson(assistantText);
-        if (!parsed.ok) {
-          yield makeErrorResult({
-            subtype: "error_max_structured_output_retries",
-            errors: [parsed.error],
-            turns,
-            costUsd,
-            sessionId,
-            startTime,
-            apiTimeMs,
-            usage: totalUsage,
-            modelUsage,
-            permissionDenials
-          });
-          return;
-        }
-        structuredOutput = parsed.value;
-      }
-      if (hooks) {
-        await hooks.fire("Stop", {
-          event: "Stop",
-          hook_event_name: "Stop",
-          session_id: sessionId,
-          text: assistantText || undefined,
-          stop_reason: turnStopReason ?? undefined
-        }, undefined, {
-          signal
-        });
-      }
-      if (hooks) {
-        await hooks.fire("SessionEnd", {
-          event: "SessionEnd",
-          hook_event_name: "SessionEnd",
-          session_id: sessionId,
-          reason: "other"
-        }, undefined, { signal });
-      }
-      yield {
-        type: "result",
-        subtype: "success",
-        duration_ms: Date.now() - startTime,
-        duration_api_ms: apiTimeMs,
-        is_error: false,
-        num_turns: turns,
-        result: assistantText,
-        stop_reason: turnStopReason,
-        total_cost_usd: costUsd,
-        usage: totalUsage,
-        modelUsage,
-        permission_denials: permissionDenials,
-        structured_output: structuredOutput,
-        uuid: uuid(),
-        session_id: sessionId
-      };
-      return;
-    }
-    const toolResults = [];
-    for (const call of toolCalls) {
-      let hookDenied = false;
-      let hookUpdatedInput;
-      if (hooks) {
-        const hookResult = await hooks.fire("PreToolUse", {
-          event: "PreToolUse",
-          hook_event_name: "PreToolUse",
-          tool_name: call.name,
-          tool_input: call.input,
-          session_id: sessionId
-        }, call.id, { signal });
-        if (hookResult) {
-          if (hookResult.permissionDecision === "deny") {
-            hookDenied = true;
-          }
-          if (hookResult.updatedInput !== undefined) {
-            hookUpdatedInput = hookResult.updatedInput;
-          }
-        }
-      }
-      if (hookDenied) {
-        const denyContent = "Denied by hook";
-        toolResults.push({
-          type: "tool_result",
-          tool_use_id: call.id,
-          content: denyContent,
-          is_error: true
-        });
-        if (hooks) {
-          await hooks.fire("PostToolUseFailure", { event: "PostToolUseFailure", tool_name: call.name, tool_result: denyContent, tool_error: true, session_id: sessionId }, call.id, { signal });
-        }
-        continue;
-      }
-      const inputAfterHook = hookUpdatedInput !== undefined ? hookUpdatedInput : call.input;
-      const permResult = await permissions.check(call.name, inputAfterHook ?? {}, { signal, toolUseId: call.id });
-      if (permResult.behavior === "deny") {
-        const denyContent = `Permission denied: ${permResult.message}`;
-        permissionDenials.push({
-          tool_name: call.name,
-          tool_use_id: call.id,
-          tool_input: inputAfterHook ?? {}
-        });
-        toolResults.push({
-          type: "tool_result",
-          tool_use_id: call.id,
-          content: denyContent,
-          is_error: true
-        });
-        if (hooks) {
-          await hooks.fire("PostToolUseFailure", { event: "PostToolUseFailure", tool_name: call.name, tool_result: denyContent, tool_error: true, session_id: sessionId }, call.id, { signal });
-        }
-        continue;
+  } catch (error) {
+    const message = error instanceof Error ? error.message : "failed to parse skill file";
+    diagnostics.push({ type: "warning", message, path: filePath });
+    return { skill: null, diagnostics };
+  }
+}
+function normalizePath(input) {
+  const trimmed = input.trim();
+  if (trimmed === "~")
+    return homedir4();
+  if (trimmed.startsWith("~/"))
+    return join6(homedir4(), trimmed.slice(2));
+  if (trimmed.startsWith("~"))
+    return join6(homedir4(), trimmed.slice(1));
+  return trimmed;
+}
+function resolveSkillPath(p, cwd) {
+  const normalized = normalizePath(p);
+  return isAbsolute(normalized) ? normalized : resolve(cwd, normalized);
+}
+function loadSkills(options = {}) {
+  const { cwd = process.cwd(), skillPaths = [], includeDefaults = true } = options;
+  const skillMap = new Map;
+  const realPathSet = new Set;
+  const allDiagnostics = [];
+  const collisionDiagnostics = [];
+  function addSkills(result) {
+    allDiagnostics.push(...result.diagnostics);
+    for (const skill of result.skills) {
+      let realPath;
+      try {
+        realPath = realpathSync(skill.filePath);
+      } catch {
+        realPath = skill.filePath;
       }
-      const toolInput = permResult.behavior === "allow" && permResult.updatedInput ? permResult.updatedInput : inputAfterHook;
-      let result;
-      if (call.name === "memory" && nativeMemoryTool) {
-        try {
-          const content = await nativeMemoryTool.execute(toolInput);
-          result = { content, isError: content.startsWith("Error:") };
-        } catch (err) {
-          const message = err instanceof Error ? err.message : String(err);
-          result = { content: `Error: ${message}`, isError: true };
-        }
+      if (realPathSet.has(realPath))
+        continue;
+      const existing = skillMap.get(skill.name);
+      if (existing) {
+        collisionDiagnostics.push({
+          type: "collision",
+          message: `name "${skill.name}" collision`,
+          path: skill.filePath,
+          collision: {
+            resourceType: "skill",
+            name: skill.name,
+            winnerPath: existing.filePath,
+            loserPath: skill.filePath
+          }
+        });
       } else {
-        const toolCtx = {
-          cwd,
-          signal,
-          sessionId,
-          env
-        };
-        result = await tools.execute(call.name, toolInput, toolCtx);
-      }
-      if (call.name === "ExitPlanMode") {
-        permissions.setMode("default");
-      }
-      if (debug) {
-        console.error(`[debug] Tool ${call.name}: ${result.isError ? "ERROR" : "OK"} (${result.content.length} chars)`);
+        skillMap.set(skill.name, skill);
+        realPathSet.add(realPath);
       }
-      if (hooks) {
-        if (result.isError) {
-          await hooks.fire("PostToolUseFailure", {
-            event: "PostToolUseFailure",
-            hook_event_name: "PostToolUseFailure",
-            tool_name: call.name,
-            tool_result: result.content,
-            tool_error: true,
-            session_id: sessionId
-          }, call.id, { signal });
+    }
+  }
+  if (includeDefaults) {
+    const userSkillsDir = join6(homedir4(), CONFIG_DIR_NAME, "skills");
+    const projectSkillsDir = resolve(cwd, CONFIG_DIR_NAME, "skills");
+    addSkills(loadSkillsFromDirInternal(userSkillsDir, "user", true));
+    addSkills(loadSkillsFromDirInternal(projectSkillsDir, "project", true));
+  }
+  for (const rawPath of skillPaths) {
+    const resolvedPath = resolveSkillPath(rawPath, cwd);
+    if (!existsSync4(resolvedPath)) {
+      allDiagnostics.push({ type: "warning", message: "skill path does not exist", path: resolvedPath });
+      continue;
+    }
+    try {
+      const stats = statSync(resolvedPath);
+      if (stats.isDirectory()) {
+        addSkills(loadSkillsFromDirInternal(resolvedPath, "path", true));
+      } else if (stats.isFile() && resolvedPath.endsWith(".md")) {
+        const result = loadSkillFromFile(resolvedPath, "path");
+        if (result.skill) {
+          addSkills({ skills: [result.skill], diagnostics: result.diagnostics });
         } else {
-          const postResult = await hooks.fire("PostToolUse", {
-            event: "PostToolUse",
-            hook_event_name: "PostToolUse",
-            tool_name: call.name,
-            tool_result: result.content,
-            session_id: sessionId
-          }, call.id, { signal });
-          if (postResult?.additionalContext) {
-            result.content += `
-${postResult.additionalContext}`;
-          }
+          allDiagnostics.push(...result.diagnostics);
         }
+      } else {
+        allDiagnostics.push({ type: "warning", message: "skill path is not a markdown file", path: resolvedPath });
       }
-      toolResults.push({
-        type: "tool_result",
-        tool_use_id: call.id,
-        content: result.content,
-        is_error: result.isError
-      });
+    } catch (error) {
+      const message = error instanceof Error ? error.message : "failed to read skill path";
+      allDiagnostics.push({ type: "warning", message, path: resolvedPath });
     }
-    messages.push({ role: "user", content: toolResults });
-    if (sessionLogger) {
-      sessionLogger("user", toolResults, null);
+  }
+  return {
+    skills: Array.from(skillMap.values()),
+    diagnostics: [...allDiagnostics, ...collisionDiagnostics]
+  };
+}
+function escapeXml(str) {
+  return str.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/"/g, "&quot;").replace(/'/g, "&apos;");
+}
+function formatSkillsForPrompt(skills) {
+  const visibleSkills = skills.filter((s) => !s.disableModelInvocation);
+  if (visibleSkills.length === 0) {
+    return "";
+  }
+  const lines = [
+    "The following skills provide specialized instructions for specific tasks.",
+    "Use the read tool to load a skill's file when the task matches its description.",
+    "When a skill file references a relative path, resolve it against the skill directory (parent of SKILL.md / dirname of the path) and use that absolute path in tool commands.",
+    "",
+    "<available_skills>"
+  ];
+  for (const skill of visibleSkills) {
+    lines.push("  <skill>");
+    lines.push(`    <name>${escapeXml(skill.name)}</name>`);
+    lines.push(`    <description>${escapeXml(skill.description)}</description>`);
+    lines.push(`    <location>${escapeXml(skill.filePath)}</location>`);
+    if (skill.allowedTools?.length) {
+      lines.push(`    <allowed-tools>${escapeXml(skill.allowedTools.join(" "))}</allowed-tools>`);
+    }
+    lines.push("  </skill>");
+  }
+  lines.push("</available_skills>");
+  return lines.join(`
+`);
+}
+// src/utils/system-prompt.ts
+import { readFileSync as readFileSync5 } from "fs";
+import { join as join7 } from "path";
+var CORE_IDENTITY = `You are an AI coding agent. You help users with software engineering tasks by reading, writing, and modifying code. You have access to tools that let you interact with the filesystem and execute commands.
+
+You are highly capable and can help users complete complex tasks that would otherwise be too difficult or time-consuming.`;
+var CODING_GUIDELINES = `# Coding Guidelines
+
+- Read files before modifying them. Understand existing code before suggesting changes.
+- Make minimal, focused changes. Only modify what's directly requested or clearly necessary.
+- Don't over-engineer. Keep solutions simple. Don't add features, refactoring, or abstractions beyond what was asked.
+- Don't introduce security vulnerabilities (command injection, XSS, SQL injection, etc.).
+- Use the dedicated tools for file operations instead of shell commands:
+  - Read files with the Read tool (not cat/head/tail)
+  - Edit files with the Edit tool (not sed/awk)
+  - Write files with the Write tool (not echo/cat heredoc)
+  - Search files with Glob (not find/ls) and Grep (not grep/rg)
+  - Use Bash only for system commands that truly require shell execution.`;
+var BASH_GUIDELINES = `# Bash Tool Guidelines
+
+- Use for system commands, git operations, running scripts, and terminal tasks.
+- Always quote file paths with spaces.
+- Prefer absolute paths over cd + relative paths.
+- Don't run destructive commands without clear intent.
+- Capture output \u2014 the result is returned, not displayed interactively.
+- Commands timeout after 120s by default (max 600s).`;
+var EDIT_GUIDELINES = `# Edit Tool Guidelines
+
+- The old_string must match exactly (including indentation and whitespace).
+- The old_string must be unique in the file, or the edit will fail. Provide more surrounding context to make it unique.
+- Use replace_all: true only when you want to replace every occurrence.`;
+var READ_GUIDELINES = `# Read Tool Guidelines
+
+- Returns content with line numbers in cat -n format.
+- Use offset/limit for large files to read specific sections.
+- Lines longer than 2000 characters are truncated.`;
+var GLOB_GUIDELINES = `# Glob Tool Guidelines
+
+- Use glob patterns like "**/*.ts" to find files by name.
+- Results are sorted by modification time (most recent first).`;
+var GREP_GUIDELINES = `# Grep Tool Guidelines
+
+- Use regex patterns to search file contents.
+- Default output mode is "files_with_matches" (file paths only).
+- Use output_mode: "content" to see matching lines with context.
+- Use -i for case-insensitive search.`;
+var TOOL_SPECIFIC_GUIDELINES = {
+  Bash: BASH_GUIDELINES,
+  Edit: EDIT_GUIDELINES,
+  Read: READ_GUIDELINES,
+  Glob: GLOB_GUIDELINES,
+  Grep: GREP_GUIDELINES
+};
+function buildSystemPrompt(context) {
+  const sections = [CORE_IDENTITY];
+  for (const toolName of context.tools) {
+    const guidelines = TOOL_SPECIFIC_GUIDELINES[toolName];
+    if (guidelines) {
+      sections.push(guidelines);
+    }
+  }
+  sections.push(CODING_GUIDELINES);
+  if (context.cwd) {
+    sections.push(`# Environment
+
+Working directory: ${context.cwd}`);
+    if (context.additionalDirectories && context.additionalDirectories.length > 0) {
+      sections.push(`Additional allowed directories:
+${context.additionalDirectories.map((d) => `- ${d}`).join(`
+`)}`);
+    }
+    if (context.loadProjectInstructions) {
+      const instructions = readProjectInstructions(context.cwd);
+      if (instructions) {
+        sections.push(`# Project Instructions
+
+${instructions}`);
+      }
+    }
+  }
+  if (context.skills && context.skills.length > 0) {
+    const skillsPrompt = formatSkillsForPrompt(context.skills);
+    if (skillsPrompt) {
+      sections.push(`# Skills
+
+${skillsPrompt}`);
     }
-    yield {
-      type: "user",
-      message: {
-        role: "user",
-        content: toolResults
-      },
-      parent_tool_use_id: null,
-      isSynthetic: true,
-      uuid: uuid(),
-      session_id: sessionId
-    };
   }
+  if (context.customPrompt) {
+    sections.push(context.customPrompt);
+  }
+  return sections.join(`
+
+`);
+}
+function readProjectInstructions(cwd) {
+  for (const name of ["CLAUDE.md", "AGENTS.md"]) {
+    try {
+      const content = readFileSync5(join7(cwd, name), "utf-8").trim();
+      if (content)
+        return content;
+    } catch {}
+  }
+  return null;
 }
 
 // src/query.ts
@@ -4343,7 +4357,9 @@ class McpClientManager {
       if (server.status.status !== "connected")
         continue;
       for (const tool of server.tools) {
-        const namespacedName = `mcp__${serverName}__${tool.name}`;
+        const config = this.configs[serverName];
+        const prefix = "toolPrefix" in config ? config.toolPrefix : serverName;
+        const namespacedName = prefix === "" ? tool.name : `${prefix}__${tool.name}`;
         result.push({
           name: namespacedName,
           description: tool.description ?? `MCP tool ${tool.name} from ${serverName}`,