guardlink 1.4.1 → 1.4.2

package/CHANGELOG.md

@@ -5,6 +5,36 @@ All notable changes to GuardLink CLI will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [1.4.2] — 2026-04-24
+
+### Added
+
+- **CLI**: `guardlink annotate --mode external` — generate annotations as standalone `.gal` files under `.guardlink/annotations/` that mirror the source tree, instead of as inline comments in source files. Source files remain unchanged. Useful for vendored code, audit-controlled repositories, and projects where modifying source files is politically expensive. Contributed by [@jordi-murgo](https://github.com/jordi-murgo) in [#6](https://github.com/Bugb-Technologies/guardlink/pull/6).
+- **CLI**: `guardlink annotate --stdout` — print the annotation prompt to stdout instead of launching an agent or copying to the clipboard. Useful for piping into custom harnesses and CI pipelines. Contributed by [@jordi-murgo](https://github.com/jordi-murgo) in [#6](https://github.com/Bugb-Technologies/guardlink/pull/6).
+- **Parser**: `@source file:<path> line:<n> [symbol:<name>]` directive — anchors annotations in a `.gal` file to a logical source-code location. The directive produces no annotation itself; it sets the location for subsequent annotations until the next `@source` or end of file.
+- **Types**: `SourceLocation.origin_file` and `SourceLocation.origin_line` — physical location of an annotation (the `.gal` file path), preserved alongside the logical location (`file` / `line`) for dashboards, reports, and SARIF to surface provenance where useful while defaulting to the logical source location for developer-facing output.
+
+### Changed
+
+- **`guardlink init --mode external`**: contains GuardLink's entire footprint inside `.guardlink/` — no `CLAUDE.md` / `AGENTS.md` / `.cursor/rules/` files at the project root, no `.mcp.json` at the root, no `docs/GUARDLINK_REFERENCE.md`. The reference doc and MCP config template are placed inside `.guardlink/` instead.
+- **Review writeback**: `@accepts` and `@audit` annotations generated via `guardlink review` are written to the annotation's physical location (the `.gal` file in external mode) rather than the logical source location, preserving external mode's "source files untouched" property through governance workflows.
+- **Review writeback**: comment-style detection now correctly handles HTML (`<!-- ... -->`) and CSS (`/* ... */`) files. Previously these fell back to JavaScript-style `//` comments, producing invalid markup. Contributed by [@jordi-murgo](https://github.com/jordi-murgo) in [#6](https://github.com/Bugb-Technologies/guardlink/pull/6).
+- **Review exposure IDs**: composite `writeFile:writeLine:logicalFile:logicalLine:asset:threat` scheme replaces the previous `file:line` scheme. Prevents two `@exposes` annotations at the same source location from colliding on the MCP review identifier. Contributed by [@jordi-murgo](https://github.com/jordi-murgo) in [#6](https://github.com/Bugb-Technologies/guardlink/pull/6).
+- **Review insertion**: TypeScript and Python decorators starting with `@` are no longer mistaken for GuardLink annotations when walking the "coupled block" during writeback. Contributed by [@jordi-murgo](https://github.com/jordi-murgo) in [#6](https://github.com/Bugb-Technologies/guardlink/pull/6).
+- **Parser `**/*.gal`** discovery is now case-insensitive. Contributed by [@jordi-murgo](https://github.com/jordi-murgo) in [#6](https://github.com/Bugb-Technologies/guardlink/pull/6).
+
+### Fixed
+
+- **Agent prompts**: wrap the external-mode example annotation block in `@shield:begin` / `@shield:end` to prevent `guardlink validate` from parsing the JavaScript string literals inside `src/agents/prompts.ts` as real annotations (resolved four parse errors in the CI dogfood step after #6 merged).
+- **Documentation**: correct `--mode inline|gal` references to `--mode inline|external` in `README.md` (two occurrences), `docs/GUARDLINK_REFERENCE.md` (three occurrences including the TUI `/annotate` slash-command help text). The flag value shipped as `external`; the docs referenced the prototype name `gal`.
+- **Documentation**: document `--stdout` flag on the AI-agent flags cheat-sheet in `docs/GUARDLINK_REFERENCE.md`.
+- **Documentation**: add `@source` convention note to the standalone `.gal` files section in `docs/GUARDLINK_REFERENCE.md` — annotations placed before the first `@source` directive fall back to the `.gal` file's own physical location, which is rarely what users want.
+
+### Chore
+
+- **Version**: bump from `1.4.1-gal` development tag (landed via #6) to `1.4.2` across `package.json`, `package-lock.json`, `src/cli/index.ts`, and `src/mcp/server.ts`.
+- **Lockfiles**: remove committed `bun.lock` (landed via #6). This project standardizes on npm; `package-lock.json` is canonical. Added `bun.lock`, `yarn.lock`, and `pnpm-lock.yaml` to `.gitignore` so contributors using alternate package managers locally do not accidentally commit a second lockfile.
+
 ## [1.4.1] — 2026-03-12
 
 ### Fixed

package/README.md

@@ -60,7 +60,7 @@ To uninstall: `npm unlink -g guardlink`
 guardlink init
 
 # Let AI annotate your project - Launch a coding agent to add annotations
-guardlink annotate [prompt]
+guardlink annotate [prompt] [--mode inline|external]
 
 # Let your AI coding agent annotate, or write annotations manually
 # Then validate
@@ -149,7 +149,7 @@ GuardLink ships an MCP server and behavioral directives for AI coding agents. Af
 | `guardlink_suggest` | Suggest annotations for a code snippet |
 | `guardlink_lookup` | Query threats, controls, flows by keyword |
 | `guardlink_threat_report` | AI threat report (STRIDE, DREAD, etc.) |
-| `guardlink_annotate` | Build annotation prompt for the agent |
+| `guardlink_annotate` | Build annotation prompt for the agent, with inline or `.gal` mode |
 | `guardlink_report` | Generate markdown report |
 | `guardlink_dashboard` | Generate HTML dashboard |
 | `guardlink_sarif` | Export SARIF 2.1.0 |
@@ -165,7 +165,7 @@ GuardLink ships an MCP server and behavioral directives for AI coding agents. Af
 | Command | Description |
 |---------|-------------|
 | `guardlink init [dir]` | Initialize project with definitions, config, and agent integration |
-| `guardlink annotate [prompt]` | Launch a coding agent to add annotations |
+| `guardlink annotate [prompt] [--mode inline\|external]` | Launch a coding agent to add inline annotations or associated `.gal` files |
 | `guardlink parse [dir]` | Parse all annotations, output ThreatModel JSON |
 | `guardlink status [dir]` | Coverage summary: assets, threats, mitigations, exposures |
 | `guardlink validate [dir]` | Check for syntax errors, dangling refs, duplicate IDs |
@@ -195,7 +195,9 @@ GuardLink ships an MCP server and behavioral directives for AI coding agents. Af
 
 ## Annotation Reference
 
-GuardLink annotations go in comments in any language. The parser supports `//`, `#`, `--`, `/* */`, `""" """`, and 25+ comment styles.
+GuardLink annotations can live in source comments in any language or in standalone `.gal` files. The parser supports `//`, `#`, `--`, `/* */`, `""" """`, and 25+ comment styles for inline annotations, plus raw GAL lines for externalized files.
+
+> In standalone `.gal` files, drop the host-language comment prefix. `// @exposes ...` becomes `@exposes ...`. Keep definitions in `.guardlink/definitions.*`; use `.gal` files for externalized relationship annotations. Use `@source file:<path> line:<n> [symbol:<name>]` to point the following annotations at the real code location.
 
 ### Definitions (shared, in `.guardlink/definitions.js`)
 
@@ -214,6 +216,15 @@ GuardLink annotations go in comments in any language. The parser supports `//`,
 # @transfers #sqli from #api to #database -- "DB handles untrusted input"
 ```
 
+### Externalized relationships (in `.gal` files)
+
+```text
+@source file:src/auth/login.ts line:42 symbol:authenticate
+@exposes #api to #xss [P1] cwe:CWE-79 -- "User bio rendered without escaping"
+@audit #api -- "Review sanitization before release"
+@comment -- "Same GAL syntax as inline comments, but without // or # prefixes"
+```
+
 ### Data Flow & Architecture
 
 ```go

package/dist/agents/index.d.ts

@@ -14,12 +14,20 @@ export interface AgentEntry {
     app: string | null;
     flag: string;
 }
+export type AnnotationMode = 'inline' | 'external';
 export declare const AGENTS: readonly AgentEntry[];
 /** Parse --agent flags from a raw args string (TUI slash commands). */
 export declare function parseAgentFlag(args: string): {
     agent: AgentEntry | null;
     cleanArgs: string;
 };
+/** Parse annotation placement mode from raw args (CLI/TUI). */
+export declare function parseAnnotationModeFlag(args: string): {
+    mode: AnnotationMode;
+    cleanArgs: string;
+    error?: string;
+};
+export declare function resolveAnnotationMode(mode: string | undefined): AnnotationMode;
 /** Resolve agent from Commander option booleans (CLI commands). */
 export declare function agentFromOpts(opts: Record<string, any>): AgentEntry | null;
 export { launchAgentForeground, launchAgentIDE, launchAgent, launchAgentInline, copyToClipboard } from './launcher.js';

package/dist/agents/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/agents/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAIH,MAAM,WAAW,UAAU;IACzB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,GAAG,EAAE,MAAM,GAAG,IAAI,CAAC;IACnB,GAAG,EAAE,MAAM,GAAG,IAAI,CAAC;IACnB,IAAI,EAAE,MAAM,CAAC;CACd;AAED,eAAO,MAAM,MAAM,EAAE,SAAS,UAAU,EAO9B,CAAC;AAEX,uEAAuE;AACvE,wBAAgB,cAAc,CAAC,IAAI,EAAE,MAAM,GAAG;IAAE,KAAK,EAAE,UAAU,GAAG,IAAI,CAAC;IAAC,SAAS,EAAE,MAAM,CAAA;CAAE,CAO5F;AAED,mEAAmE;AACnE,wBAAgB,aAAa,CAAC,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,GAAG,UAAU,GAAG,IAAI,CAQ1E;AAED,OAAO,EAAE,qBAAqB,EAAE,cAAc,EAAE,WAAW,EAAE,iBAAiB,EAAE,eAAe,EAAE,MAAM,eAAe,CAAC;AACvH,YAAY,EAAE,YAAY,EAAE,MAAM,eAAe,CAAC;AAClD,OAAO,EAAE,mBAAmB,EAAE,MAAM,cAAc,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/agents/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAIH,MAAM,WAAW,UAAU;IACzB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,GAAG,EAAE,MAAM,GAAG,IAAI,CAAC;IACnB,GAAG,EAAE,MAAM,GAAG,IAAI,CAAC;IACnB,IAAI,EAAE,MAAM,CAAC;CACd;AAED,MAAM,MAAM,cAAc,GAAG,QAAQ,GAAG,UAAU,CAAC;AAEnD,eAAO,MAAM,MAAM,EAAE,SAAS,UAAU,EAQ9B,CAAC;AAEX,uEAAuE;AACvE,wBAAgB,cAAc,CAAC,IAAI,EAAE,MAAM,GAAG;IAAE,KAAK,EAAE,UAAU,GAAG,IAAI,CAAC;IAAC,SAAS,EAAE,MAAM,CAAA;CAAE,CAO5F;AAED,+DAA+D;AAC/D,wBAAgB,uBAAuB,CAAC,IAAI,EAAE,MAAM,GAAG;IAAE,IAAI,EAAE,cAAc,CAAC;IAAC,SAAS,EAAE,MAAM,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CA0BjH;AAED,wBAAgB,qBAAqB,CAAC,IAAI,EAAE,MAAM,GAAG,SAAS,GAAG,cAAc,CAI9E;AAED,mEAAmE;AACnE,wBAAgB,aAAa,CAAC,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,GAAG,UAAU,GAAG,IAAI,CAS1E;AAED,OAAO,EAAE,qBAAqB,EAAE,cAAc,EAAE,WAAW,EAAE,iBAAiB,EAAE,eAAe,EAAE,MAAM,eAAe,CAAC;AACvH,YAAY,EAAE,YAAY,EAAE,MAAM,eAAe,CAAC;AAClD,OAAO,EAAE,mBAAmB,EAAE,MAAM,cAAc,CAAC"}

package/dist/agents/index.js

@@ -14,6 +14,7 @@ export const AGENTS = [
     { id: 'codex', name: 'Codex CLI', cmd: 'codex', app: null, flag: '--codex' },
     { id: 'gemini', name: 'Gemini CLI', cmd: 'gemini', app: null, flag: '--gemini' },
     { id: 'clipboard', name: 'Clipboard', cmd: null, app: null, flag: '--clipboard' },
+    { id: 'stdout', name: 'Stdout', cmd: null, app: null, flag: '--stdout' },
 ];
 /** Parse --agent flags from a raw args string (TUI slash commands). */
 export function parseAgentFlag(args) {
@@ -24,6 +25,38 @@ export function parseAgentFlag(args) {
     }
     return { agent: null, cleanArgs: args };
 }
+/** Parse annotation placement mode from raw args (CLI/TUI). */
+export function parseAnnotationModeFlag(args) {
+    const eqMatch = args.match(/(?:^|\s)--mode=(inline|external)(?=\s|$)/);
+    if (eqMatch) {
+        return {
+            mode: eqMatch[1],
+            cleanArgs: args.replace(eqMatch[0], ' ').replace(/\s+/g, ' ').trim(),
+        };
+    }
+    const spacedMatch = args.match(/(?:^|\s)--mode\s+(inline|external)(?=\s|$)/);
+    if (spacedMatch) {
+        return {
+            mode: spacedMatch[1],
+            cleanArgs: args.replace(spacedMatch[0], ' ').replace(/\s+/g, ' ').trim(),
+        };
+    }
+    if (/(?:^|\s)--mode(?:\s|=|$)/.test(args)) {
+        return {
+            mode: 'inline',
+            cleanArgs: args,
+            error: 'Invalid --mode value. Use --mode inline or --mode external.',
+        };
+    }
+    return { mode: 'inline', cleanArgs: args };
+}
+export function resolveAnnotationMode(mode) {
+    if (!mode || mode === 'inline')
+        return 'inline';
+    if (mode === 'external')
+        return 'external';
+    throw new Error(`Invalid annotation mode "${mode}". Use "inline" or "external".`);
+}
 /** Resolve agent from Commander option booleans (CLI commands). */
 export function agentFromOpts(opts) {
     if (opts.claudeCode)
@@ -38,6 +71,8 @@ export function agentFromOpts(opts) {
         return AGENTS.find(a => a.id === 'gemini');
     if (opts.clipboard)
         return AGENTS.find(a => a.id === 'clipboard');
+    if (opts.stdout)
+        return AGENTS.find(a => a.id === 'stdout');
     return null;
 }
 export { launchAgentForeground, launchAgentIDE, launchAgent, launchAgentInline, copyToClipboard } from './launcher.js';

package/dist/agents/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/agents/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAYH,MAAM,CAAC,MAAM,MAAM,GAA0B;IAC3C,EAAE,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,aAAa,EAAE,GAAG,EAAE,QAAQ,EAAG,GAAG,EAAE,IAAI,EAAQ,IAAI,EAAE,eAAe,EAAE;IAClG,EAAE,EAAE,EAAE,QAAQ,EAAO,IAAI,EAAE,QAAQ,EAAO,GAAG,EAAE,IAAI,EAAO,GAAG,EAAE,QAAQ,EAAI,IAAI,EAAE,UAAU,EAAE;IAC7F,EAAE,EAAE,EAAE,UAAU,EAAK,IAAI,EAAE,UAAU,EAAK,GAAG,EAAE,IAAI,EAAO,GAAG,EAAE,UAAU,EAAE,IAAI,EAAE,YAAY,EAAE;IAC/F,EAAE,EAAE,EAAE,OAAO,EAAQ,IAAI,EAAE,WAAW,EAAI,GAAG,EAAE,OAAO,EAAI,GAAG,EAAE,IAAI,EAAQ,IAAI,EAAE,SAAS,EAAE;IAC5F,EAAE,EAAE,EAAE,QAAQ,EAAO,IAAI,EAAE,YAAY,EAAG,GAAG,EAAE,QAAQ,EAAG,GAAG,EAAE,IAAI,EAAQ,IAAI,EAAE,UAAU,EAAE;IAC7F,EAAE,EAAE,EAAE,WAAW,EAAI,IAAI,EAAE,WAAW,EAAI,GAAG,EAAE,IAAI,EAAO,GAAG,EAAE,IAAI,EAAQ,IAAI,EAAE,aAAa,EAAE;CACxF,CAAC;AAEX,uEAAuE;AACvE,MAAM,UAAU,cAAc,CAAC,IAAY;IACzC,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE,CAAC;QACvB,IAAI,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC;YAC1B,OAAO,EAAE,KAAK,EAAE,CAAC,EAAE,SAAS,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC;QAClE,CAAC;IACH,CAAC;IACD,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC;AAC1C,CAAC;AAED,mEAAmE;AACnE,MAAM,UAAU,aAAa,CAAC,IAAyB;IACrD,IAAI,IAAI,CAAC,UAAU;QAAE,OAAO,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,aAAa,CAAE,CAAC;IACtE,IAAI,IAAI,CAAC,MAAM;QAAM,OAAO,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,QAAQ,CAAE,CAAC;IACjE,IAAI,IAAI,CAAC,QAAQ;QAAI,OAAO,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,UAAU,CAAE,CAAC;IACnE,IAAI,IAAI,CAAC,KAAK;QAAO,OAAO,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,OAAO,CAAE,CAAC;IAChE,IAAI,IAAI,CAAC,MAAM;QAAM,OAAO,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,QAAQ,CAAE,CAAC;IACjE,IAAI,IAAI,CAAC,SAAS;QAAG,OAAO,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,WAAW,CAAE,CAAC;IACpE,OAAO,IAAI,CAAC;AACd,CAAC;AAED,OAAO,EAAE,qBAAqB,EAAE,cAAc,EAAE,WAAW,EAAE,iBAAiB,EAAE,eAAe,EAAE,MAAM,eAAe,CAAC;AAEvH,OAAO,EAAE,mBAAmB,EAAE,MAAM,cAAc,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/agents/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAcH,MAAM,CAAC,MAAM,MAAM,GAA0B;IAC3C,EAAE,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,aAAa,EAAE,GAAG,EAAE,QAAQ,EAAG,GAAG,EAAE,IAAI,EAAQ,IAAI,EAAE,eAAe,EAAE;IAClG,EAAE,EAAE,EAAE,QAAQ,EAAO,IAAI,EAAE,QAAQ,EAAO,GAAG,EAAE,IAAI,EAAO,GAAG,EAAE,QAAQ,EAAI,IAAI,EAAE,UAAU,EAAE;IAC7F,EAAE,EAAE,EAAE,UAAU,EAAK,IAAI,EAAE,UAAU,EAAK,GAAG,EAAE,IAAI,EAAO,GAAG,EAAE,UAAU,EAAE,IAAI,EAAE,YAAY,EAAE;IAC/F,EAAE,EAAE,EAAE,OAAO,EAAQ,IAAI,EAAE,WAAW,EAAI,GAAG,EAAE,OAAO,EAAI,GAAG,EAAE,IAAI,EAAQ,IAAI,EAAE,SAAS,EAAE;IAC5F,EAAE,EAAE,EAAE,QAAQ,EAAO,IAAI,EAAE,YAAY,EAAG,GAAG,EAAE,QAAQ,EAAG,GAAG,EAAE,IAAI,EAAQ,IAAI,EAAE,UAAU,EAAE;IAC7F,EAAE,EAAE,EAAE,WAAW,EAAI,IAAI,EAAE,WAAW,EAAI,GAAG,EAAE,IAAI,EAAO,GAAG,EAAE,IAAI,EAAQ,IAAI,EAAE,aAAa,EAAE;IAChG,EAAE,EAAE,EAAE,QAAQ,EAAO,IAAI,EAAE,QAAQ,EAAO,GAAG,EAAE,IAAI,EAAO,GAAG,EAAE,IAAI,EAAQ,IAAI,EAAE,UAAU,EAAE;CACrF,CAAC;AAEX,uEAAuE;AACvE,MAAM,UAAU,cAAc,CAAC,IAAY;IACzC,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE,CAAC;QACvB,IAAI,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC;YAC1B,OAAO,EAAE,KAAK,EAAE,CAAC,EAAE,SAAS,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC;QAClE,CAAC;IACH,CAAC;IACD,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC;AAC1C,CAAC;AAED,+DAA+D;AAC/D,MAAM,UAAU,uBAAuB,CAAC,IAAY;IAClD,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,0CAA0C,CAAC,CAAC;IACvE,IAAI,OAAO,EAAE,CAAC;QACZ,OAAO;YACL,IAAI,EAAE,OAAO,CAAC,CAAC,CAAmB;YAClC,SAAS,EAAE,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,IAAI,EAAE;SACrE,CAAC;IACJ,CAAC;IAED,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,4CAA4C,CAAC,CAAC;IAC7E,IAAI,WAAW,EAAE,CAAC;QAChB,OAAO;YACL,IAAI,EAAE,WAAW,CAAC,CAAC,CAAmB;YACtC,SAAS,EAAE,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,IAAI,EAAE;SACzE,CAAC;IACJ,CAAC;IAED,IAAI,0BAA0B,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;QAC1C,OAAO;YACL,IAAI,EAAE,QAAQ;YACd,SAAS,EAAE,IAAI;YACf,KAAK,EAAE,6DAA6D;SACrE,CAAC;IACJ,CAAC;IAED,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC;AAC7C,CAAC;AAED,MAAM,UAAU,qBAAqB,CAAC,IAAwB;IAC5D,IAAI,CAAC,IAAI,IAAI,IAAI,KAAK,QAAQ;QAAE,OAAO,QAAQ,CAAC;IAChD,IAAI,IAAI,KAAK,UAAU;QAAE,OAAO,UAAU,CAAC;IAC3C,MAAM,IAAI,KAAK,CAAC,4BAA4B,IAAI,gCAAgC,CAAC,CAAC;AACpF,CAAC;AAED,mEAAmE;AACnE,MAAM,UAAU,aAAa,CAAC,IAAyB;IACrD,IAAI,IAAI,CAAC,UAAU;QAAE,OAAO,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,aAAa,CAAE,CAAC;IACtE,IAAI,IAAI,CAAC,MAAM;QAAM,OAAO,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,QAAQ,CAAE,CAAC;IACjE,IAAI,IAAI,CAAC,QAAQ;QAAI,OAAO,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,UAAU,CAAE,CAAC;IACnE,IAAI,IAAI,CAAC,KAAK;QAAO,OAAO,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,OAAO,CAAE,CAAC;IAChE,IAAI,IAAI,CAAC,MAAM;QAAM,OAAO,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,QAAQ,CAAE,CAAC;IACjE,IAAI,IAAI,CAAC,SAAS;QAAG,OAAO,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,WAAW,CAAE,CAAC;IACpE,IAAI,IAAI,CAAC,MAAM;QAAM,OAAO,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,QAAQ,CAAE,CAAC;IACjE,OAAO,IAAI,CAAC;AACd,CAAC;AAED,OAAO,EAAE,qBAAqB,EAAE,cAAc,EAAE,WAAW,EAAE,iBAAiB,EAAE,eAAe,EAAE,MAAM,eAAe,CAAC;AAEvH,OAAO,EAAE,mBAAmB,EAAE,MAAM,cAAc,CAAC"}

package/dist/agents/launcher.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"launcher.d.ts","sourceRoot":"","sources":["../../src/agents/launcher.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AAOH,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAI7C,8DAA8D;AAC9D,wBAAgB,eAAe,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAmBrD;AAID;;;;;;GAMG;AACH,wBAAgB,qBAAqB,CAAC,KAAK,EAAE,UAAU,EAAE,GAAG,EAAE,MAAM,GAAG;IACrE,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,CAyBA;AAID;;;GAGG;AACH,wBAAgB,cAAc,CAAC,KAAK,EAAE,UAAU,EAAE,GAAG,EAAE,MAAM,GAAG;IAC9D,OAAO,EAAE,OAAO,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,CAwCA;AAID,MAAM,WAAW,YAAY;IAC3B,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AA0CD;;;;;;GAMG;AACH,wBAAsB,iBAAiB,CACrC,KAAK,EAAE,UAAU,EACjB,MAAM,EAAE,MAAM,EACd,GAAG,EAAE,MAAM,EACX,OAAO,CAAC,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,IAAI,EAChC,IAAI,CAAC,EAAE;IAAE,OAAO,CAAC,EAAE,OAAO,CAAA;CAAE,GAC3B,OAAO,CAAC,YAAY,CAAC,CAmFvB;AAID,MAAM,WAAW,YAAY;IAC3B,QAAQ,EAAE,OAAO,CAAC;IAClB,eAAe,EAAE,OAAO,CAAC;IACzB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED;;;;;;GAMG;AACH,wBAAgB,WAAW,CAAC,KAAK,EAAE,UAAU,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,YAAY,CAyBxF"}
+{"version":3,"file":"launcher.d.ts","sourceRoot":"","sources":["../../src/agents/launcher.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AAOH,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAI7C,8DAA8D;AAC9D,wBAAgB,eAAe,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAmBrD;AAID;;;;;;GAMG;AACH,wBAAgB,qBAAqB,CAAC,KAAK,EAAE,UAAU,EAAE,GAAG,EAAE,MAAM,GAAG;IACrE,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,CAyBA;AAID;;;GAGG;AACH,wBAAgB,cAAc,CAAC,KAAK,EAAE,UAAU,EAAE,GAAG,EAAE,MAAM,GAAG;IAC9D,OAAO,EAAE,OAAO,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,CAwCA;AAID,MAAM,WAAW,YAAY;IAC3B,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AA0CD;;;;;;GAMG;AACH,wBAAsB,iBAAiB,CACrC,KAAK,EAAE,UAAU,EACjB,MAAM,EAAE,MAAM,EACd,GAAG,EAAE,MAAM,EACX,OAAO,CAAC,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,IAAI,EAChC,IAAI,CAAC,EAAE;IAAE,OAAO,CAAC,EAAE,OAAO,CAAA;CAAE,GAC3B,OAAO,CAAC,YAAY,CAAC,CAmFvB;AAID,MAAM,WAAW,YAAY;IAC3B,QAAQ,EAAE,OAAO,CAAC;IAClB,eAAe,EAAE,OAAO,CAAC;IACzB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED;;;;;;GAMG;AACH,wBAAgB,WAAW,CAAC,KAAK,EAAE,UAAU,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,YAAY,CA+BxF"}

package/dist/agents/launcher.js

@@ -256,6 +256,11 @@ export async function launchAgentInline(agent, prompt, cwd, onChunk, opts) {
  * For clipboard: copy only.
  */
 export function launchAgent(agent, prompt, cwd) {
+    // stdout-only mode: write raw prompt to stdout, skip clipboard (keeps output pipeable)
+    if (agent.id === 'stdout') {
+        process.stdout.write(prompt);
+        return { launched: true, clipboardCopied: false };
+    }
     // Step 1: Always copy to clipboard
     const clipboardCopied = copyToClipboard(prompt);
     // Step 2: clipboard-only mode

package/dist/agents/launcher.js.map

@@ -1 +1 @@
-{"version":3,"file":"launcher.js","sourceRoot":"","sources":["../../src/agents/launcher.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AAEH,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,oBAAoB,CAAC;AACtD,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AACnC,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AAC5E,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AAGjC,wEAAwE;AAExE,8DAA8D;AAC9D,MAAM,UAAU,eAAe,CAAC,IAAY;IAC1C,MAAM,IAAI,GAAG,QAAQ,EAAE,KAAK,QAAQ;QAClC,CAAC,CAAC,CAAC,QAAQ,CAAC;QACZ,CAAC,CAAC,QAAQ,EAAE,KAAK,OAAO;YACtB,CAAC,CAAC,CAAC,MAAM,CAAC;YACV,CAAC,CAAC,CAAC,4BAA4B,EAAE,0BAA0B,CAAC,CAAC;IAEjE,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,MAAM,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACtC,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,SAAS,CAAC,GAAG,EAAE,IAAI,EAAE;gBAClC,KAAK,EAAE,IAAI;gBACX,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC;gBAC/B,OAAO,EAAE,IAAI;aACd,CAAC,CAAC;YACH,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC;gBAAE,OAAO,IAAI,CAAC;QACvC,CAAC;QAAC,MAAM,CAAC;YAAC,SAAS;QAAC,CAAC;IACvB,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,wEAAwE;AAExE;;;;;;GAMG;AACH,MAAM,UAAU,qBAAqB,CAAC,KAAiB,EAAE,GAAW;IAIlE,IAAI,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC;QACf,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,KAAK,CAAC,IAAI,0BAA0B,EAAE,CAAC;IAC5E,CAAC;IAED,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,SAAS,CAAC,KAAK,CAAC,GAAG,EAAE,EAAE,EAAE;YACtC,GAAG;YACH,KAAK,EAAE,SAAS;YAChB,GAAG,EAAE,EAAE,GAAG,OAAO,CAAC,GAAG,EAAE;YACvB,8CAA8C;SAC/C,CAAC,CAAC;QAEH,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;YACjB,mCAAmC;YACnC,MAAM,GAAG,GAAI,MAAM,CAAC,KAAa,CAAC,IAAI,KAAK,QAAQ;gBACjD,CAAC,CAAC,GAAG,KAAK,CAAC,IAAI,KAAK,KAAK,CAAC,GAAG,gCAAgC;gBAC7D,CAAC,CAAC,oBAAoB,KAAK,CAAC,IAAI,KAAK,MAAM,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC;YAC9D,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC;QACxC,CAAC;QAED,OAAO,EAAE,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,CAAC;IACrC,CAAC;IAAC,OAAO,GAAQ,EAAE,CAAC;QAClB,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,EAAE,oBAAoB,KAAK,CAAC,IAAI,KAAK,GAAG,CAAC,OAAO,EAAE,EAAE,CAAC;IACrF,CAAC;AACH,CAAC;AAED,wEAAwE;AAExE;;;GAGG;AACH,MAAM,UAAU,cAAc,CAAC,KAAiB,EAAE,GAAW;IAI3D,IAAI,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC;QACf,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,KAAK,CAAC,IAAI,sBAAsB,EAAE,CAAC;IACxE,CAAC;IAED,IAAI,CAAC;QACH,MAAM,EAAE,GAAG,QAAQ,EAAE,CAAC;QACtB,IAAI,MAAM,CAAC;QAEX,IAAI,EAAE,KAAK,QAAQ,EAAE,CAAC;YACpB,MAAM,GAAG,SAAS,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,KAAK,CAAC,GAAG,EAAE,GAAG,CAAC,EAAE;gBACjD,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC;gBAC/B,OAAO,EAAE,KAAK;aACf,CAAC,CAAC;QACL,CAAC;aAAM,IAAI,EAAE,KAAK,OAAO,EAAE,CAAC;YAC1B,MAAM,GAAG,SAAS,CAAC,OAAO,EAAE,CAAC,EAAE,EAAE,KAAK,CAAC,GAAG,CAAC,EAAE;gBAC3C,GAAG;gBACH,KAAK,EAAE,IAAI;gBACX,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC;gBAC/B,OAAO,EAAE,KAAK;aACf,CAAC,CAAC;QACL,CAAC;aAAM,CAAC;YACN,wCAAwC;YACxC,MAAM,GAAG,SAAS,CAAC,UAAU,EAAE,CAAC,GAAG,CAAC,EAAE;gBACpC,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC;gBAC/B,OAAO,EAAE,KAAK;aACf,CAAC,CAAC;QACL,CAAC;QAED,IAAI,MAAM,CAAC,KAAK,IAAI,CAAC,MAAM,CAAC,MAAM,KAAK,IAAI,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,CAAC,EAAE,CAAC;YACpE,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,kBAAkB,KAAK,CAAC,IAAI,qDAAqD,GAAG,EAAE;aAC9F,CAAC;QACJ,CAAC;QAED,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IAC3B,CAAC;IAAC,OAAO,GAAQ,EAAE,CAAC;QAClB,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,CAAC,OAAO,EAAE,CAAC;IAChD,CAAC;AACH,CAAC;AASD;;;;;;;;GAQG;AACH,SAAS,eAAe,CAAC,OAAe,EAAE,MAAc,EAAE,eAAwB;IAChF,QAAQ,OAAO,EAAE,CAAC;QAChB,KAAK,aAAa;YAChB,OAAO;gBACL,IAAI,EAAE,MAAM;gBACZ,gCAAgC;gBAChC,gBAAgB,EAAE,yDAAyD;gBAC3E,iBAAiB,EAAE,MAAM;aAC1B,CAAC;QACJ,KAAK,OAAO;YACV,uDAAuD;YACvD,uDAAuD;YACvD,2EAA2E;YAC3E,2DAA2D;YAC3D,OAAO;gBACL,MAAM,EAAE,MAAM;gBACd,4CAA4C;gBAC5C,SAAS,EAAE,OAAO;gBAClB,uBAAuB;gBACvB,GAAG,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,eAAe,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;aACpD,CAAC;QACJ,KAAK,QAAQ;YACX,OAAO;gBACL,UAAU,EAAE,MAAM;gBAClB,iBAAiB,EAAE,MAAM;aAC1B,CAAC;QACJ;YACE,OAAO,IAAI,CAAC;IAChB,CAAC;AACH,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CACrC,KAAiB,EACjB,MAAc,EACd,GAAW,EACX,OAAgC,EAChC,IAA4B;IAE5B,IAAI,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC;QACf,OAAO,EAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,GAAG,KAAK,CAAC,IAAI,8CAA8C,EAAE,CAAC;IAC7F,CAAC;IAED,IAAI,GAAG,GAAG,KAAK,CAAC,GAAG,CAAC;IACpB,IAAI,IAAI,GAAG,eAAe,CAAC,KAAK,CAAC,EAAE,EAAE,MAAM,CAAC,CAAC;IAC7C,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,OAAO,EAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,iCAAiC,KAAK,CAAC,IAAI,EAAE,EAAE,CAAC;IAC/E,CAAC;IAED,OAAO,IAAI,OAAO,CAAe,CAAC,OAAO,EAAE,EAAE;QAC3C,IAAI,CAAC;YACH,kFAAkF;YAClF,iDAAiD;YACjD,kFAAkF;YAClF,8EAA8E;YAC9E,IAAI,eAAmC,CAAC;YACxC,IAAI,KAAK,CAAC,EAAE,KAAK,OAAO,EAAE,CAAC;gBACzB,MAAM,MAAM,GAAG,WAAW,CAAC,IAAI,CAAC,MAAM,EAAE,EAAE,kBAAkB,CAAC,CAAC,CAAC;gBAC/D,eAAe,GAAG,IAAI,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;YAC9C,CAAC;YAED,IAAI,GAAG,eAAe,CAAC,KAAK,CAAC,EAAE,EAAE,MAAM,EAAE,eAAe,CAAa,CAAC;YAEtE,uFAAuF;YACvF,yEAAyE;YACzE,MAAM,SAAS,GAAG,KAAK,CAAC,EAAE,KAAK,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;YAE5D,MAAM,KAAK,GAAG,KAAK,CAAC,GAAG,EAAE,IAAI,EAAE;gBAC7B,GAAG;gBACH,KAAK,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,MAAM,CAAC;gBAClC,GAAG,EAAE,EAAE,GAAG,OAAO,CAAC,GAAG,EAAE,QAAQ,EAAE,GAAG,EAAE;aACvC,CAAC,CAAC;YAEH,+EAA+E;YAC/E,IAAI,KAAK,CAAC,EAAE,KAAK,OAAO,EAAE,CAAC;gBACzB,KAAK,CAAC,KAAK,EAAE,GAAG,EAAE,CAAC;YACrB,CAAC;YAED,IAAI,OAAO,GAAG,EAAE,CAAC;YACjB,IAAI,MAAM,GAAG,EAAE,CAAC;YAEhB,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,EAAE,CAAC,IAAY,EAAE,EAAE;gBACxC,MAAM,IAAI,GAAG,IAAI,CAAC,QAAQ,EAAE,CAAC;gBAC7B,OAAO,IAAI,IAAI,CAAC;gBAChB,IAAI,OAAO;oBAAE,OAAO,CAAC,IAAI,CAAC,CAAC;YAC7B,CAAC,CAAC,CAAC;YAEH,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,EAAE,CAAC,IAAY,EAAE,EAAE;gBACxC,MAAM,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAC5B,CAAC,CAAC,CAAC;YAEH,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAU,EAAE,EAAE;gBAC/B,MAAM,GAAG,GAAI,GAAW,CAAC,IAAI,KAAK,QAAQ;oBACxC,CAAC,CAAC,GAAG,KAAK,CAAC,IAAI,KAAK,KAAK,CAAC,GAAG,gCAAgC;oBAC7D,CAAC,CAAC,oBAAoB,KAAK,CAAC,IAAI,KAAK,GAAG,CAAC,OAAO,EAAE,CAAC;gBACrD,OAAO,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC,CAAC;YACnC,CAAC,CAAC,CAAC;YAEH,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,IAAmB,EAAE,EAAE;gBACxC,mFAAmF;gBACnF,IAAI,eAAe,IAAI,UAAU,CAAC,eAAe,CAAC,EAAE,CAAC;oBACnD,IAAI,CAAC;wBACH,MAAM,WAAW,GAAG,YAAY,CAAC,eAAe,EAAE,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC;wBAClE,UAAU,CAAC,eAAe,CAAC,CAAC;wBAC5B,IAAI,WAAW,EAAE,CAAC;4BAChB,OAAO,CAAC,EAAE,OAAO,EAAE,WAAW,EAAE,CAAC,CAAC;4BAClC,OAAO;wBACT,CAAC;oBACH,CAAC;oBAAC,MAAM,CAAC,CAAC,oCAAoC,CAAC,CAAC;gBAClD,CAAC;gBAED,IAAI,IAAI,KAAK,CAAC,IAAI,IAAI,KAAK,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;oBAC5C,OAAO,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,GAAG,KAAK,CAAC,IAAI,qBAAqB,IAAI,GAAG,MAAM,CAAC,CAAC,CAAC,IAAI,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;gBACpH,CAAC;qBAAM,CAAC;oBACN,OAAO,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC;gBACvB,CAAC;YACH,CAAC,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,OAAO,CAAC,EAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,oBAAoB,KAAK,CAAC,IAAI,KAAK,GAAG,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;QACpF,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC;AAUD;;;;;;GAMG;AACH,MAAM,UAAU,WAAW,CAAC,KAAiB,EAAE,MAAc,EAAE,GAAW;IACxE,mCAAmC;IACnC,MAAM,eAAe,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC;IAEhD,8BAA8B;IAC9B,IAAI,KAAK,CAAC,EAAE,KAAK,WAAW,EAAE,CAAC;QAC7B,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,eAAe,EAAE,CAAC;IAC7C,CAAC;IAED,4CAA4C;IAC5C,IAAI,KAAK,CAAC,GAAG,EAAE,CAAC;QACd,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,GAAG,qBAAqB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;QAC9D,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,eAAe,EAAE,KAAK,EAAE,CAAC;QACrD,CAAC;QACD,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,eAAe,EAAE,CAAC;IAC7C,CAAC;IAED,+BAA+B;IAC/B,IAAI,KAAK,CAAC,GAAG,EAAE,CAAC;QACd,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,GAAG,cAAc,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;QACtD,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,eAAe,EAAE,KAAK,EAAE,CAAC;IACvD,CAAC;IAED,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,eAAe,EAAE,KAAK,EAAE,uBAAuB,KAAK,CAAC,EAAE,EAAE,EAAE,CAAC;AACxF,CAAC"}
+{"version":3,"file":"launcher.js","sourceRoot":"","sources":["../../src/agents/launcher.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AAEH,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,oBAAoB,CAAC;AACtD,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AACnC,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AAC5E,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AAGjC,wEAAwE;AAExE,8DAA8D;AAC9D,MAAM,UAAU,eAAe,CAAC,IAAY;IAC1C,MAAM,IAAI,GAAG,QAAQ,EAAE,KAAK,QAAQ;QAClC,CAAC,CAAC,CAAC,QAAQ,CAAC;QACZ,CAAC,CAAC,QAAQ,EAAE,KAAK,OAAO;YACtB,CAAC,CAAC,CAAC,MAAM,CAAC;YACV,CAAC,CAAC,CAAC,4BAA4B,EAAE,0BAA0B,CAAC,CAAC;IAEjE,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,MAAM,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACtC,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,SAAS,CAAC,GAAG,EAAE,IAAI,EAAE;gBAClC,KAAK,EAAE,IAAI;gBACX,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC;gBAC/B,OAAO,EAAE,IAAI;aACd,CAAC,CAAC;YACH,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC;gBAAE,OAAO,IAAI,CAAC;QACvC,CAAC;QAAC,MAAM,CAAC;YAAC,SAAS;QAAC,CAAC;IACvB,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,wEAAwE;AAExE;;;;;;GAMG;AACH,MAAM,UAAU,qBAAqB,CAAC,KAAiB,EAAE,GAAW;IAIlE,IAAI,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC;QACf,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,KAAK,CAAC,IAAI,0BAA0B,EAAE,CAAC;IAC5E,CAAC;IAED,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,SAAS,CAAC,KAAK,CAAC,GAAG,EAAE,EAAE,EAAE;YACtC,GAAG;YACH,KAAK,EAAE,SAAS;YAChB,GAAG,EAAE,EAAE,GAAG,OAAO,CAAC,GAAG,EAAE;YACvB,8CAA8C;SAC/C,CAAC,CAAC;QAEH,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;YACjB,mCAAmC;YACnC,MAAM,GAAG,GAAI,MAAM,CAAC,KAAa,CAAC,IAAI,KAAK,QAAQ;gBACjD,CAAC,CAAC,GAAG,KAAK,CAAC,IAAI,KAAK,KAAK,CAAC,GAAG,gCAAgC;gBAC7D,CAAC,CAAC,oBAAoB,KAAK,CAAC,IAAI,KAAK,MAAM,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC;YAC9D,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC;QACxC,CAAC;QAED,OAAO,EAAE,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,CAAC;IACrC,CAAC;IAAC,OAAO,GAAQ,EAAE,CAAC;QAClB,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,EAAE,oBAAoB,KAAK,CAAC,IAAI,KAAK,GAAG,CAAC,OAAO,EAAE,EAAE,CAAC;IACrF,CAAC;AACH,CAAC;AAED,wEAAwE;AAExE;;;GAGG;AACH,MAAM,UAAU,cAAc,CAAC,KAAiB,EAAE,GAAW;IAI3D,IAAI,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC;QACf,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,KAAK,CAAC,IAAI,sBAAsB,EAAE,CAAC;IACxE,CAAC;IAED,IAAI,CAAC;QACH,MAAM,EAAE,GAAG,QAAQ,EAAE,CAAC;QACtB,IAAI,MAAM,CAAC;QAEX,IAAI,EAAE,KAAK,QAAQ,EAAE,CAAC;YACpB,MAAM,GAAG,SAAS,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,KAAK,CAAC,GAAG,EAAE,GAAG,CAAC,EAAE;gBACjD,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC;gBAC/B,OAAO,EAAE,KAAK;aACf,CAAC,CAAC;QACL,CAAC;aAAM,IAAI,EAAE,KAAK,OAAO,EAAE,CAAC;YAC1B,MAAM,GAAG,SAAS,CAAC,OAAO,EAAE,CAAC,EAAE,EAAE,KAAK,CAAC,GAAG,CAAC,EAAE;gBAC3C,GAAG;gBACH,KAAK,EAAE,IAAI;gBACX,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC;gBAC/B,OAAO,EAAE,KAAK;aACf,CAAC,CAAC;QACL,CAAC;aAAM,CAAC;YACN,wCAAwC;YACxC,MAAM,GAAG,SAAS,CAAC,UAAU,EAAE,CAAC,GAAG,CAAC,EAAE;gBACpC,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC;gBAC/B,OAAO,EAAE,KAAK;aACf,CAAC,CAAC;QACL,CAAC;QAED,IAAI,MAAM,CAAC,KAAK,IAAI,CAAC,MAAM,CAAC,MAAM,KAAK,IAAI,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,CAAC,EAAE,CAAC;YACpE,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,kBAAkB,KAAK,CAAC,IAAI,qDAAqD,GAAG,EAAE;aAC9F,CAAC;QACJ,CAAC;QAED,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IAC3B,CAAC;IAAC,OAAO,GAAQ,EAAE,CAAC;QAClB,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,CAAC,OAAO,EAAE,CAAC;IAChD,CAAC;AACH,CAAC;AASD;;;;;;;;GAQG;AACH,SAAS,eAAe,CAAC,OAAe,EAAE,MAAc,EAAE,eAAwB;IAChF,QAAQ,OAAO,EAAE,CAAC;QAChB,KAAK,aAAa;YAChB,OAAO;gBACL,IAAI,EAAE,MAAM;gBACZ,gCAAgC;gBAChC,gBAAgB,EAAE,yDAAyD;gBAC3E,iBAAiB,EAAE,MAAM;aAC1B,CAAC;QACJ,KAAK,OAAO;YACV,uDAAuD;YACvD,uDAAuD;YACvD,2EAA2E;YAC3E,2DAA2D;YAC3D,OAAO;gBACL,MAAM,EAAE,MAAM;gBACd,4CAA4C;gBAC5C,SAAS,EAAE,OAAO;gBAClB,uBAAuB;gBACvB,GAAG,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,eAAe,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;aACpD,CAAC;QACJ,KAAK,QAAQ;YACX,OAAO;gBACL,UAAU,EAAE,MAAM;gBAClB,iBAAiB,EAAE,MAAM;aAC1B,CAAC;QACJ;YACE,OAAO,IAAI,CAAC;IAChB,CAAC;AACH,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CACrC,KAAiB,EACjB,MAAc,EACd,GAAW,EACX,OAAgC,EAChC,IAA4B;IAE5B,IAAI,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC;QACf,OAAO,EAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,GAAG,KAAK,CAAC,IAAI,8CAA8C,EAAE,CAAC;IAC7F,CAAC;IAED,IAAI,GAAG,GAAG,KAAK,CAAC,GAAG,CAAC;IACpB,IAAI,IAAI,GAAG,eAAe,CAAC,KAAK,CAAC,EAAE,EAAE,MAAM,CAAC,CAAC;IAC7C,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,OAAO,EAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,iCAAiC,KAAK,CAAC,IAAI,EAAE,EAAE,CAAC;IAC/E,CAAC;IAED,OAAO,IAAI,OAAO,CAAe,CAAC,OAAO,EAAE,EAAE;QAC3C,IAAI,CAAC;YACH,kFAAkF;YAClF,iDAAiD;YACjD,kFAAkF;YAClF,8EAA8E;YAC9E,IAAI,eAAmC,CAAC;YACxC,IAAI,KAAK,CAAC,EAAE,KAAK,OAAO,EAAE,CAAC;gBACzB,MAAM,MAAM,GAAG,WAAW,CAAC,IAAI,CAAC,MAAM,EAAE,EAAE,kBAAkB,CAAC,CAAC,CAAC;gBAC/D,eAAe,GAAG,IAAI,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;YAC9C,CAAC;YAED,IAAI,GAAG,eAAe,CAAC,KAAK,CAAC,EAAE,EAAE,MAAM,EAAE,eAAe,CAAa,CAAC;YAEtE,uFAAuF;YACvF,yEAAyE;YACzE,MAAM,SAAS,GAAG,KAAK,CAAC,EAAE,KAAK,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;YAE5D,MAAM,KAAK,GAAG,KAAK,CAAC,GAAG,EAAE,IAAI,EAAE;gBAC7B,GAAG;gBACH,KAAK,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,MAAM,CAAC;gBAClC,GAAG,EAAE,EAAE,GAAG,OAAO,CAAC,GAAG,EAAE,QAAQ,EAAE,GAAG,EAAE;aACvC,CAAC,CAAC;YAEH,+EAA+E;YAC/E,IAAI,KAAK,CAAC,EAAE,KAAK,OAAO,EAAE,CAAC;gBACzB,KAAK,CAAC,KAAK,EAAE,GAAG,EAAE,CAAC;YACrB,CAAC;YAED,IAAI,OAAO,GAAG,EAAE,CAAC;YACjB,IAAI,MAAM,GAAG,EAAE,CAAC;YAEhB,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,EAAE,CAAC,IAAY,EAAE,EAAE;gBACxC,MAAM,IAAI,GAAG,IAAI,CAAC,QAAQ,EAAE,CAAC;gBAC7B,OAAO,IAAI,IAAI,CAAC;gBAChB,IAAI,OAAO;oBAAE,OAAO,CAAC,IAAI,CAAC,CAAC;YAC7B,CAAC,CAAC,CAAC;YAEH,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,EAAE,CAAC,IAAY,EAAE,EAAE;gBACxC,MAAM,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAC5B,CAAC,CAAC,CAAC;YAEH,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAU,EAAE,EAAE;gBAC/B,MAAM,GAAG,GAAI,GAAW,CAAC,IAAI,KAAK,QAAQ;oBACxC,CAAC,CAAC,GAAG,KAAK,CAAC,IAAI,KAAK,KAAK,CAAC,GAAG,gCAAgC;oBAC7D,CAAC,CAAC,oBAAoB,KAAK,CAAC,IAAI,KAAK,GAAG,CAAC,OAAO,EAAE,CAAC;gBACrD,OAAO,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC,CAAC;YACnC,CAAC,CAAC,CAAC;YAEH,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,IAAmB,EAAE,EAAE;gBACxC,mFAAmF;gBACnF,IAAI,eAAe,IAAI,UAAU,CAAC,eAAe,CAAC,EAAE,CAAC;oBACnD,IAAI,CAAC;wBACH,MAAM,WAAW,GAAG,YAAY,CAAC,eAAe,EAAE,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC;wBAClE,UAAU,CAAC,eAAe,CAAC,CAAC;wBAC5B,IAAI,WAAW,EAAE,CAAC;4BAChB,OAAO,CAAC,EAAE,OAAO,EAAE,WAAW,EAAE,CAAC,CAAC;4BAClC,OAAO;wBACT,CAAC;oBACH,CAAC;oBAAC,MAAM,CAAC,CAAC,oCAAoC,CAAC,CAAC;gBAClD,CAAC;gBAED,IAAI,IAAI,KAAK,CAAC,IAAI,IAAI,KAAK,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;oBAC5C,OAAO,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,GAAG,KAAK,CAAC,IAAI,qBAAqB,IAAI,GAAG,MAAM,CAAC,CAAC,CAAC,IAAI,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;gBACpH,CAAC;qBAAM,CAAC;oBACN,OAAO,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC;gBACvB,CAAC;YACH,CAAC,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,OAAO,CAAC,EAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,oBAAoB,KAAK,CAAC,IAAI,KAAK,GAAG,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;QACpF,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC;AAUD;;;;;;GAMG;AACH,MAAM,UAAU,WAAW,CAAC,KAAiB,EAAE,MAAc,EAAE,GAAW;IACxE,uFAAuF;IACvF,IAAI,KAAK,CAAC,EAAE,KAAK,QAAQ,EAAE,CAAC;QAC1B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAC7B,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,eAAe,EAAE,KAAK,EAAE,CAAC;IACpD,CAAC;IAED,mCAAmC;IACnC,MAAM,eAAe,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC;IAEhD,8BAA8B;IAC9B,IAAI,KAAK,CAAC,EAAE,KAAK,WAAW,EAAE,CAAC;QAC7B,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,eAAe,EAAE,CAAC;IAC7C,CAAC;IAED,4CAA4C;IAC5C,IAAI,KAAK,CAAC,GAAG,EAAE,CAAC;QACd,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,GAAG,qBAAqB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;QAC9D,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,eAAe,EAAE,KAAK,EAAE,CAAC;QACrD,CAAC;QACD,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,eAAe,EAAE,CAAC;IAC7C,CAAC;IAED,+BAA+B;IAC/B,IAAI,KAAK,CAAC,GAAG,EAAE,CAAC;QACd,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,GAAG,cAAc,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;QACtD,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,eAAe,EAAE,KAAK,EAAE,CAAC;IACvD,CAAC;IAED,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,eAAe,EAAE,KAAK,EAAE,uBAAuB,KAAK,CAAC,EAAE,EAAE,EAAE,CAAC;AACxF,CAAC"}

package/dist/agents/prompts.d.ts

@@ -13,11 +13,12 @@
  * @handles internal on #agent-launcher -- "Serializes threat model IDs and flows into prompt"
  */
 import type { ThreatModel } from '../types/index.js';
+export type AnnotationMode = 'inline' | 'external';
 /**
  * Build a prompt for annotation agents.
  *
  * Includes the GuardLink reference doc, current model summary with flows and exposures,
  * flow-first threat modeling methodology, and precise GAL syntax rules.
  */
-export declare function buildAnnotatePrompt(userPrompt: string, root: string, model: ThreatModel | null): string;
+export declare function buildAnnotatePrompt(userPrompt: string, root: string, model: ThreatModel | null, annotationMode?: AnnotationMode): string;
 //# sourceMappingURL=prompts.d.ts.map

package/dist/agents/prompts.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"prompts.d.ts","sourceRoot":"","sources":["../../src/agents/prompts.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAIH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAErD;;;;;GAKG;AACH,wBAAgB,mBAAmB,CACjC,UAAU,EAAE,MAAM,EAClB,IAAI,EAAE,MAAM,EACZ,KAAK,EAAE,WAAW,GAAG,IAAI,GACxB,MAAM,CAyUR"}
+{"version":3,"file":"prompts.d.ts","sourceRoot":"","sources":["../../src/agents/prompts.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAIH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAErD,MAAM,MAAM,cAAc,GAAG,QAAQ,GAAG,UAAU,CAAC;AA6BnD;;;;;GAKG;AACH,wBAAgB,mBAAmB,CACjC,UAAU,EAAE,MAAM,EAClB,IAAI,EAAE,MAAM,EACZ,KAAK,EAAE,WAAW,GAAG,IAAI,EACzB,cAAc,GAAE,cAAyB,GACxC,MAAM,CAqWR"}

package/dist/agents/prompts.js

@@ -14,13 +14,37 @@
  */
 import { existsSync, readFileSync } from 'node:fs';
 import { resolve } from 'node:path';
+function annotationModeLabel(mode) {
+    return mode === 'external' ? 'externalized .gal files' : 'inline source comments';
+}
+function annotationModeInstructions(mode) {
+    if (mode === 'external') {
+        return `## Annotation Placement Mode
+You MUST write annotations into associated standalone \`.gal\` files, not inline in the source code.
+
+- Keep definitions in \`.guardlink/definitions.*\`
+- For each annotated source file, create or update an associated file under \`.guardlink/annotations/\`
+- Mirror the source path in the annotation file path (example: \`src/auth/login.ts\` -> \`.guardlink/annotations/src/auth/login.ts.gal\`)
+- Group annotations under \`@source file:<path> line:<n> [symbol:<name>]\` so each block points at the real code location
+- In \`.gal\` files, write raw GAL lines without \`//\` or \`#\` prefixes
+- Do NOT modify source files just to add comments when this mode is selected
+`;
+    }
+    return `## Annotation Placement Mode
+You MUST write annotations inline in the source code comments.
+
+- Place annotations in the file doc-block or directly above the security-relevant code
+- Use the host language comment syntax (\`//\`, \`#\`, \`--\`, etc.)
+- Do NOT externalize annotations into \`.gal\` files when this mode is selected
+`;
+}
 /**
  * Build a prompt for annotation agents.
  *
  * Includes the GuardLink reference doc, current model summary with flows and exposures,
  * flow-first threat modeling methodology, and precise GAL syntax rules.
  */
-export function buildAnnotatePrompt(userPrompt, root, model) {
+export function buildAnnotatePrompt(userPrompt, root, model, annotationMode = 'inline') {
     // Read the reference doc if available
     let refDoc = '';
     const refPath = resolve(root, '.guardlink', 'GUARDLINK_REFERENCE.md');
@@ -85,6 +109,7 @@ export function buildAnnotatePrompt(userPrompt, root, model) {
     }
     return `You are an expert security engineer performing threat modeling as code.
 Your job is to read this codebase deeply, understand how code flows between components, and annotate it with GuardLink (GAL) security annotations that accurately represent the security posture.
+This run MUST produce annotations as ${annotationModeLabel(annotationMode)}.
 
 This is NOT a vulnerability scanner. You are building a living threat model embedded in the code itself.
 Annotations capture what COULD go wrong, what controls exist, and how data moves — not just confirmed bugs.
@@ -95,6 +120,8 @@ ${modelSummary}${existingIds}${existingFlows}${existingExposures}
 ## Your Task
 ${userPrompt}
 
+${annotationModeInstructions(annotationMode)}
+
 ## HOW TO THINK — Flow-First Threat Modeling
 
 Before writing ANY annotation, you MUST understand the code deeply:
@@ -197,19 +224,35 @@ Place @boundary annotations where trust level changes between two components:
 \`\`\`
 
 ### Where to Place Annotations
-Annotations go in the file's top doc-block comment OR directly above the security-relevant code:
+${annotationMode === 'external'
+        ? 'Annotations go in associated `.gal` files, grouped by `@source` blocks that point at the real code location:'
+        : "Annotations go in the file's top doc-block comment OR directly above the security-relevant code:"}
 
 \`\`\`
-// @shield:begin -- "Placement examples, excluded from parsing"
-//
-// FILE-LEVEL (top doc-block) — for module-wide security properties:
-// Place @exposes, @mitigates, @flows, @handles, @boundary that describe the module as a whole
-//
-// INLINE (above specific functions/methods) — for function-specific concerns:
-// Place @exposes, @mitigates above the exact function where the risk or control lives
-// Place @comment above tricky security-relevant code to explain intent
-//
-// @shield:end
+${annotationMode === 'external'
+        ? [
+            '@shield:begin -- "Externalized annotation examples, excluded from parsing"',
+            '@source file:src/auth/login.ts line:42 symbol:authenticate',
+            '@exposes #auth-api to #sqli [P1] cwe:CWE-89 -- "User-supplied email reaches query builder"',
+            '@mitigates #auth-api against #sqli using #input-validation -- "Zod schema validates email before query"',
+            '@comment -- "Externalized annotations for src/auth/login.ts"',
+            '',
+            '@source file:src/auth/session.ts line:88 symbol:issueToken',
+            '@handles secrets on #auth-api -- "Issues session token"',
+            '@shield:end',
+        ].join('\n')
+        : [
+            '// @shield:begin -- "Placement examples, excluded from parsing"',
+            '//',
+            '// FILE-LEVEL (top doc-block) — for module-wide security properties:',
+            '// Place @exposes, @mitigates, @flows, @handles, @boundary that describe the module as a whole',
+            '//',
+            '// INLINE (above specific functions/methods) — for function-specific concerns:',
+            '// Place @exposes, @mitigates above the exact function where the risk or control lives',
+            '// Place @comment above tricky security-relevant code to explain intent',
+            '//',
+            '// @shield:end',
+        ].join('\n')}
 \`\`\`
 
 ### Severity — Be Honest, Not Alarmist
@@ -259,7 +302,7 @@ Adding @shield on your own initiative would actively harm the threat model by cr
 
 ## PRECISE GAL Syntax
 
-Definitions go in .guardlink/definitions.{ts,js,py,rs}. Source files use only relationship verbs.
+Definitions go in .guardlink/definitions.{ts,js,py,rs}. Relationship annotations can live in source comments or standalone .gal files.
 
 ### Definitions (in .guardlink/definitions file)
 \`\`\`
@@ -288,6 +331,14 @@ Definitions go in .guardlink/definitions.{ts,js,py,rs}. Source files use only re
 // @shield:end
 \`\`\`
 
+### Relationships (in standalone .gal files)
+\`\`\`
+@source file:src/auth/login.ts line:42 symbol:authenticate
+@exposes #auth to #sqli [P0] cwe:CWE-89 owasp:A03:2021 -- "User input concatenated into query"
+@mitigates #auth against #sqli using #prepared-stmts -- "Uses parameterized queries via sqlx"
+@audit #auth -- "Timing attack risk — needs human review"
+\`\`\`
+
 ## CRITICAL SYNTAX RULES (violations cause parse errors)
 
 1. **@boundary requires TWO assets**: \`@boundary between #A and #B\` or \`@boundary #A | #B\`.
@@ -322,6 +373,7 @@ Definitions go in .guardlink/definitions.{ts,js,py,rs}. Source files use only re
    A bare \`@comment\` without description is valid but useless. Always include context.
 
 10. **One annotation per comment line.** Do NOT put two @verbs on the same line.
+11. **In external mode, use \`@source\` before each block** so the annotations point at the intended file and line.
 
 ## Workflow
 
@@ -339,7 +391,7 @@ Definitions go in .guardlink/definitions.{ts,js,py,rs}. Source files use only re
    Think: "what's the risk, what's the defense, how does data flow here, and what should the next developer know?"
    NEVER write @accepts — that is a human-only governance decision. Use @audit to flag unmitigated risks for review.
 
-5. **Use the project's comment style** (// for JS/TS/Go/Rust, # for Python/Ruby/Shell, etc.)
+5. **Use the selected annotation mode consistently.** Inline mode writes source comments; external mode writes associated \`.gal\` files with \`@source\` blocks.
 
 6. **Run validation** via guardlink_validate (MCP) or \`guardlink validate\` to check for errors.
 

package/dist/agents/prompts.js.map

@@ -1 +1 @@
-{"version":3,"file":"prompts.js","sourceRoot":"","sources":["../../src/agents/prompts.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACnD,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAGpC;;;;;GAKG;AACH,MAAM,UAAU,mBAAmB,CACjC,UAAkB,EAClB,IAAY,EACZ,KAAyB;IAEzB,sCAAsC;IACtC,IAAI,MAAM,GAAG,EAAE,CAAC;IAChB,MAAM,OAAO,GAAG,OAAO,CAAC,IAAI,EAAE,YAAY,EAAE,wBAAwB,CAAC,CAAC;IACtE,IAAI,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;QACxB,MAAM,GAAG,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IAC1C,CAAC;IACD,2CAA2C;IAC3C,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,WAAW,GAAG,OAAO,CAAC,IAAI,EAAE,MAAM,EAAE,wBAAwB,CAAC,CAAC;QACpE,IAAI,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;YAC5B,MAAM,GAAG,YAAY,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;QAC9C,CAAC;IACH,CAAC;IAED,IAAI,YAAY,GAAG,uGAAuG,CAAC;IAC3H,IAAI,WAAW,GAAG,EAAE,CAAC;IACrB,IAAI,aAAa,GAAG,EAAE,CAAC;IACvB,IAAI,iBAAiB,GAAG,EAAE,CAAC;IAC3B,IAAI,KAAK,EAAE,CAAC;QACV,MAAM,KAAK,GAAG;YACZ,GAAG,KAAK,CAAC,kBAAkB,cAAc;YACzC,GAAG,KAAK,CAAC,SAAS,CAAC,MAAM,YAAY;YACrC,GAAG,KAAK,CAAC,MAAM,CAAC,MAAM,SAAS;YAC/B,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,UAAU;YACjC,GAAG,KAAK,CAAC,QAAQ,CAAC,MAAM,WAAW;YACnC,GAAG,KAAK,CAAC,WAAW,CAAC,MAAM,cAAc;YACzC,GAAG,KAAK,CAAC,KAAK,CAAC,MAAM,QAAQ;YAC7B,GAAG,KAAK,CAAC,UAAU,CAAC,MAAM,aAAa;SACxC,CAAC;QACF,YAAY,GAAG,kBAAkB,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC;QAErD,+EAA+E;QAC/E,MAAM,SAAS,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACvE,MAAM,QAAQ,GAAG,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACrE,MAAM,UAAU,GAAG,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACzE,IAAI,SAAS,CAAC,MAAM,GAAG,QAAQ,CAAC,MAAM,GAAG,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC/D,MAAM,QAAQ,GAAa,EAAE,CAAC;YAC9B,IAAI,QAAQ,CAAC,MAAM;gBAAE,QAAQ,CAAC,IAAI,CAAC,WAAW,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACrE,IAAI,SAAS,CAAC,MAAM;gBAAE,QAAQ,CAAC,IAAI,CAAC,YAAY,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACxE,IAAI,UAAU,CAAC,MAAM;gBAAE,QAAQ,CAAC,IAAI,CAAC,aAAa,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YAC3E,WAAW,GAAG,8DAA8D,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;QACpG,CAAC;QAED,qEAAqE;QACrE,IAAI,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC3B,MAAM,SAAS,GAAG,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CACjD,KAAK,CAAC,CAAC,MAAM,OAAO,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,CAAC,QAAQ,CAAC,IAAI,GAAG,CAClH,CAAC;YACF,aAAa,GAAG,6DAA6D,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACpG,IAAI,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,EAAE;gBAAE,aAAa,IAAI,eAAe,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,EAAE,OAAO,CAAC;QAC9F,CAAC;QAED,0EAA0E;QAC1E,8FAA8F;QAC9F,MAAM,oBAAoB,GAAG,KAAK,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE;YACtD,OAAO,CAAC,KAAK,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,KAAK,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,MAAM,CAAC,CAAC;QACpF,CAAC,CAAC,CAAC;QACH,IAAI,oBAAoB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACpC,MAAM,QAAQ,GAAG,oBAAoB,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CACzD,KAAK,CAAC,CAAC,KAAK,eAAe,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,QAAQ,IAAI,SAAS,MAAM,CAAC,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,CAAC,QAAQ,CAAC,IAAI,GAAG,CAC3G,CAAC;YACF,iBAAiB,GAAG,yHAAyH,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACnK,IAAI,oBAAoB,CAAC,MAAM,GAAG,EAAE;gBAAE,iBAAiB,IAAI,eAAe,oBAAoB,CAAC,MAAM,GAAG,EAAE,OAAO,CAAC;QACpH,CAAC;IACH,CAAC;IAED,OAAO;;;;;;EAMP,MAAM,CAAC,CAAC,CAAC,gDAAgD,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,EAAE;EAC/F,YAAY,GAAG,WAAW,GAAG,aAAa,GAAG,iBAAiB;;;EAG9D,UAAU;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA2PX,CAAC;AACF,CAAC"}
+{"version":3,"file":"prompts.js","sourceRoot":"","sources":["../../src/agents/prompts.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACnD,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAKpC,SAAS,mBAAmB,CAAC,IAAoB;IAC/C,OAAO,IAAI,KAAK,UAAU,CAAC,CAAC,CAAC,yBAAyB,CAAC,CAAC,CAAC,wBAAwB,CAAC;AACpF,CAAC;AAED,SAAS,0BAA0B,CAAC,IAAoB;IACtD,IAAI,IAAI,KAAK,UAAU,EAAE,CAAC;QACxB,OAAO;;;;;;;;;CASV,CAAC;IACA,CAAC;IAED,OAAO;;;;;;CAMR,CAAC;AACF,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,mBAAmB,CACjC,UAAkB,EAClB,IAAY,EACZ,KAAyB,EACzB,iBAAiC,QAAQ;IAEzC,sCAAsC;IACtC,IAAI,MAAM,GAAG,EAAE,CAAC;IAChB,MAAM,OAAO,GAAG,OAAO,CAAC,IAAI,EAAE,YAAY,EAAE,wBAAwB,CAAC,CAAC;IACtE,IAAI,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;QACxB,MAAM,GAAG,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IAC1C,CAAC;IACD,2CAA2C;IAC3C,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,WAAW,GAAG,OAAO,CAAC,IAAI,EAAE,MAAM,EAAE,wBAAwB,CAAC,CAAC;QACpE,IAAI,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;YAC5B,MAAM,GAAG,YAAY,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;QAC9C,CAAC;IACH,CAAC;IAED,IAAI,YAAY,GAAG,uGAAuG,CAAC;IAC3H,IAAI,WAAW,GAAG,EAAE,CAAC;IACrB,IAAI,aAAa,GAAG,EAAE,CAAC;IACvB,IAAI,iBAAiB,GAAG,EAAE,CAAC;IAC3B,IAAI,KAAK,EAAE,CAAC;QACV,MAAM,KAAK,GAAG;YACZ,GAAG,KAAK,CAAC,kBAAkB,cAAc;YACzC,GAAG,KAAK,CAAC,SAAS,CAAC,MAAM,YAAY;YACrC,GAAG,KAAK,CAAC,MAAM,CAAC,MAAM,SAAS;YAC/B,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,UAAU;YACjC,GAAG,KAAK,CAAC,QAAQ,CAAC,MAAM,WAAW;YACnC,GAAG,KAAK,CAAC,WAAW,CAAC,MAAM,cAAc;YACzC,GAAG,KAAK,CAAC,KAAK,CAAC,MAAM,QAAQ;YAC7B,GAAG,KAAK,CAAC,UAAU,CAAC,MAAM,aAAa;SACxC,CAAC;QACF,YAAY,GAAG,kBAAkB,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC;QAErD,+EAA+E;QAC/E,MAAM,SAAS,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACvE,MAAM,QAAQ,GAAG,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACrE,MAAM,UAAU,GAAG,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACzE,IAAI,SAAS,CAAC,MAAM,GAAG,QAAQ,CAAC,MAAM,GAAG,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC/D,MAAM,QAAQ,GAAa,EAAE,CAAC;YAC9B,IAAI,QAAQ,CAAC,MAAM;gBAAE,QAAQ,CAAC,IAAI,CAAC,WAAW,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACrE,IAAI,SAAS,CAAC,MAAM;gBAAE,QAAQ,CAAC,IAAI,CAAC,YAAY,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACxE,IAAI,UAAU,CAAC,MAAM;gBAAE,QAAQ,CAAC,IAAI,CAAC,aAAa,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YAC3E,WAAW,GAAG,8DAA8D,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;QACpG,CAAC;QAED,qEAAqE;QACrE,IAAI,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC3B,MAAM,SAAS,GAAG,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CACjD,KAAK,CAAC,CAAC,MAAM,OAAO,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,CAAC,QAAQ,CAAC,IAAI,GAAG,CAClH,CAAC;YACF,aAAa,GAAG,6DAA6D,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACpG,IAAI,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,EAAE;gBAAE,aAAa,IAAI,eAAe,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,EAAE,OAAO,CAAC;QAC9F,CAAC;QAED,0EAA0E;QAC1E,8FAA8F;QAC9F,MAAM,oBAAoB,GAAG,KAAK,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE;YACtD,OAAO,CAAC,KAAK,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,KAAK,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,MAAM,CAAC,CAAC;QACpF,CAAC,CAAC,CAAC;QACH,IAAI,oBAAoB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACpC,MAAM,QAAQ,GAAG,oBAAoB,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CACzD,KAAK,CAAC,CAAC,KAAK,eAAe,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,QAAQ,IAAI,SAAS,MAAM,CAAC,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,CAAC,QAAQ,CAAC,IAAI,GAAG,CAC3G,CAAC;YACF,iBAAiB,GAAG,yHAAyH,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACnK,IAAI,oBAAoB,CAAC,MAAM,GAAG,EAAE;gBAAE,iBAAiB,IAAI,eAAe,oBAAoB,CAAC,MAAM,GAAG,EAAE,OAAO,CAAC;QACpH,CAAC;IACH,CAAC;IAED,OAAO;;uCAE8B,mBAAmB,CAAC,cAAc,CAAC;;;;;EAKxE,MAAM,CAAC,CAAC,CAAC,gDAAgD,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,EAAE;EAC/F,YAAY,GAAG,WAAW,GAAG,aAAa,GAAG,iBAAiB;;;EAG9D,UAAU;;EAEV,0BAA0B,CAAC,cAAc,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAwG1C,cAAc,KAAK,UAAU;QAC3B,CAAC,CAAC,8GAA8G;QAChH,CAAC,CAAC,kGAAkG;;;EAGtG,cAAc,KAAK,UAAU;QAC3B,CAAC,CAAC;YACE,4EAA4E;YAC5E,4DAA4D;YAC5D,4FAA4F;YAC5F,yGAAyG;YACzG,8DAA8D;YAC9D,EAAE;YACF,4DAA4D;YAC5D,yDAAyD;YACzD,aAAa;SACd,CAAC,IAAI,CAAC,IAAI,CAAC;QACd,CAAC,CAAC;YACE,iEAAiE;YACjE,IAAI;YACJ,sEAAsE;YACtE,gGAAgG;YAChG,IAAI;YACJ,gFAAgF;YAChF,wFAAwF;YACxF,yEAAyE;YACzE,IAAI;YACJ,gBAAgB;SACjB,CAAC,IAAI,CAAC,IAAI,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAgJjB,CAAC;AACF,CAAC"}

package/dist/analyze/prompts.js

@@ -23,7 +23,7 @@ Your job is to **produce a complete, standalone threat model** for a real codeba
 
 You will receive:
 1. **Project context** — language/framework, dependencies, deployment signals (Dockerfile, CI config, etc.)
-2. **Annotation graph** — structured security metadata extracted from source code comments (GuardLink annotations)
+2. **Annotation graph** — structured security metadata extracted from GuardLink annotations in source comments or standalone \`.gal\` files
 3. **Code snippets** — the actual source lines surrounding each annotation, so you can validate what developers claimed
 
 ## How to use these inputs

package/dist/cli/index.js

@@ -45,7 +45,7 @@ import { generateSarif } from '../analyzer/index.js';
 import { startStdioServer } from '../mcp/index.js';
 import { generateThreatReport, listThreatReports, loadThreatReportsForDashboard, buildConfig, FRAMEWORK_LABELS, FRAMEWORK_PROMPTS, serializeModel, buildUserMessage } from '../analyze/index.js';
 import { generateDashboardHTML } from '../dashboard/index.js';
-import { AGENTS, agentFromOpts, launchAgent, launchAgentInline, buildAnnotatePrompt } from '../agents/index.js';
+import { AGENTS, agentFromOpts, launchAgent, launchAgentInline, buildAnnotatePrompt, resolveAnnotationMode } from '../agents/index.js';
 import { resolveConfig, saveProjectConfig, saveGlobalConfig, loadProjectConfig, loadGlobalConfig, maskKey, describeConfigSource } from '../agents/config.js';
 import { getReviewableExposures, applyReviewAction, formatExposureForReview, summarizeReview } from '../review/index.js';
 import { populateMetadata, mergeReports, formatMergeSummary, diffMergedReports, formatDiffSummary, linkProject, addToWorkspace, removeFromWorkspace } from '../workspace/index.js';
@@ -95,7 +95,7 @@ function detectProjectName(root, explicit) {
 program
     .name('guardlink')
     .description('GuardLink — Security annotations for code. Threat modeling that lives in your codebase.')
-    .version('1.4.1')
+    .version('1.4.2')
     .addHelpText('before', gradient(['#00ff41', '#00d4ff'])(ASCII_LOGO));
 // ─── init ────────────────────────────────────────────────────────────
 program
@@ -104,6 +104,7 @@ program
     .argument('[dir]', 'Project directory', '.')
     .option('-p, --project <n>', 'Override project name')
     .option('-a, --agent <agents>', 'Agent(s) to create files for: claude,cursor,codex,copilot,windsurf,cline,none (comma-separated)')
+    .option('--mode <mode>', 'Annotation mode: inline (default) or external. external restricts all writes to .guardlink/ — no agent files, no .mcp.json at root', 'inline')
     .option('--skip-agent-files', 'Only create .guardlink/, skip agent file updates')
     .option('--force', 'Overwrite existing GuardLink config and instructions')
     .option('--dry-run', 'Show what would be created without writing files')
@@ -140,6 +141,7 @@ program
     const result = initProject({
         root,
         project: opts.project,
+        mode: resolveAnnotationMode(opts.mode),
         skipAgentFiles: opts.skipAgentFiles,
         force: opts.force,
         dryRun: opts.dryRun,
@@ -586,15 +588,25 @@ program
     .argument('<prompt>', 'Annotation instructions (e.g., "annotate auth endpoints for OWASP Top 10")')
     .argument('[dir]', 'Project directory', '.')
     .option('-p, --project <n>', 'Project name', 'unknown')
+    .option('--mode <mode>', 'Annotation placement mode: inline (default) or external (externalized .gal files)', 'inline')
     .option('--claude-code', 'Launch Claude Code in foreground')
     .option('--codex', 'Launch Codex CLI in foreground')
     .option('--gemini', 'Launch Gemini CLI in foreground')
     .option('--cursor', 'Open Cursor IDE with prompt on clipboard')
     .option('--windsurf', 'Open Windsurf IDE with prompt on clipboard')
     .option('--clipboard', 'Copy annotation prompt to clipboard only')
+    .option('--stdout', 'Print annotation prompt to stdout and exit (for piping)')
     .action(async (prompt, dir, opts) => {
     const root = resolve(dir);
     const project = detectProjectName(root, opts.project);
+    let annotationMode;
+    try {
+        annotationMode = resolveAnnotationMode(opts.mode);
+    }
+    catch (err) {
+        console.error(err.message);
+        process.exit(1);
+    }
     // Resolve agent
     const agent = agentFromOpts(opts);
     if (!agent) {
@@ -614,13 +626,18 @@ program
     }
     catch { /* no model yet — that's fine */ }
     // Build prompt
-    const fullPrompt = buildAnnotatePrompt(prompt, root, model);
+    const fullPrompt = buildAnnotatePrompt(prompt, root, model, annotationMode);
     // Launch agent
-    console.log(`Launching ${agent.name} for annotation...`);
-    if (agent.cmd) {
-        console.log(`${agent.name} will take over this terminal. Exit the agent to return.\n`);
+    if (agent.id !== 'stdout') {
+        console.log(`Launching ${agent.name} for annotation...`);
+        if (agent.cmd) {
+            console.log(`${agent.name} will take over this terminal. Exit the agent to return.\n`);
+        }
     }
     const result = launchAgent(agent, fullPrompt, root);
+    // stdout mode: prompt already written to stdout — nothing else to do
+    if (agent.id === 'stdout')
+        return;
     if (result.clipboardCopied) {
         console.log(`✓ Prompt copied to clipboard (${fullPrompt.length.toLocaleString()} chars)`);
     }
@@ -803,7 +820,7 @@ program
             }
             const result = await applyReviewAction(root, reviewable, { decision: 'accept', justification });
             results.push(result);
-            console.error(`  ✓ Accepted — ${result.linesInserted} line(s) written to ${reviewable.exposure.location.file}\n`);
+            console.error(`  ✓ Accepted — ${result.linesInserted} line(s) written to ${result.targetFile}\n`);
         }
         else if (choice === 'r') {
             let note = '';
@@ -814,10 +831,10 @@ program
             }
             const result = await applyReviewAction(root, reviewable, { decision: 'remediate', justification: note });
             results.push(result);
-            console.error(`  ✓ Marked for remediation — ${result.linesInserted} line(s) written to ${reviewable.exposure.location.file}\n`);
+            console.error(`  ✓ Marked for remediation — ${result.linesInserted} line(s) written to ${result.targetFile}\n`);
         }
         else {
-            results.push({ exposure: reviewable, action: { decision: 'skip', justification: '' }, linesInserted: 0 });
+            results.push({ exposure: reviewable, action: { decision: 'skip', justification: '' }, linesInserted: 0, targetFile: reviewable.exposure.location.file });
             console.error('  — Skipped\n');
         }
     }
@@ -1238,10 +1255,12 @@ program
         console.log(H('  GAL — GuardLink Annotation Language'));
         console.log(H('  ══════════════════════════════════════════════════════════'));
         console.log('');
-        console.log(D('  Annotations live in source code comments. GuardLink parses'));
-        console.log(D('  them to build a live threat model from your codebase.'));
+        console.log(D('  Annotations live in source comments or standalone .gal files.'));
+        console.log(D('  GuardLink parses them into a live threat model for your codebase.'));
         console.log('');
         console.log(D('  Syntax:  @verb  subject  [preposition  object]  [-- "description"]'));
+        console.log(D('  Inline examples below use comment prefixes; raw .gal files use the same lines without // or #.'));
+        console.log(D('  In .gal files, use @source file:<path> line:<n> [symbol:<name>] to anchor following annotations.'));
         console.log('');
         // ── DEFINITIONS ──
         console.log(H('  ── Definitions ─────────────────────────────────────────────'));