keystone-cli 0.4.4 → 0.5.1

package/README.md

@@ -247,6 +247,17 @@ steps:
       Result: ${{ steps.build.output }}
       Please write a concise 1-sentence summary for Slack.
 
+  - id: cleanup
+    type: shell
+    # Run whether previous steps succeeded or failed
+    if: true
+    run: rm -rf ./temp_build
+
+finally:
+  - id: final_cleanup
+    type: shell
+    run: echo "Workflow finished"
+
 outputs:
   slack_message: ${{ steps.notify.output }}
 ```
@@ -260,16 +271,20 @@ Keystone supports several specialized step types:
 - `shell`: Run arbitrary shell commands.
 - `llm`: Prompt an agent and get structured or unstructured responses. Supports `schema` (JSON Schema) for structured output.
   - `allowClarification`: Boolean (default `false`). If `true`, allows the LLM to ask clarifying questions back to the user or suspend the workflow if no human is available.
+  - `maxIterations`: Number (default `10`). Maximum number of tool-calling loops allowed for the agent.
 - `request`: Make HTTP requests (GET, POST, etc.).
 - `file`: Read, write, or append to files.
 - `human`: Pause execution for manual confirmation or text input.
   - `inputType: confirm`: Simple Enter-to-continue prompt.
   - `inputType: text`: Prompt for a string input, available via `${{ steps.id.output }}`.
 - `workflow`: Trigger another workflow as a sub-step.
-- `script`: Run arbitrary JavaScript in a secure sandbox (`isolated-vm` with fallback to `node:vm`).
+- `script`: Run arbitrary JavaScript in a sandbox. On Bun, uses `node:vm` (since `isolated-vm` requires V8).
+  - ⚠️ **Security Note:** The `node:vm` sandbox is not secure against malicious code. Only run scripts from trusted sources.
 - `sleep`: Pause execution for a specified duration.
 
-All steps support common features like `needs` (dependencies), `if` (conditionals), `retry`, `timeout`, `foreach` (parallel iteration), and `transform` (post-process output using expressions).
+All steps support common features like `needs` (dependencies), `if` (conditionals), `retry`, `timeout`, `foreach` (parallel iteration), `concurrency` (max parallel items for foreach), and `transform` (post-process output using expressions).
+
+Workflows also support a top-level `concurrency` field to limit how many steps can run in parallel across the entire workflow.
 
 #### Example: Transform & Foreach Concurrency
 ```yaml
@@ -284,6 +299,15 @@ All steps support common features like `needs` (dependencies), `if` (conditional
   foreach: ${{ steps.list_files.output }}
   concurrency: 5 # Process 5 files at a time
   run: echo "Processing ${{ item }}"
+
+#### Example: Script Step
+```yaml
+- id: calculate
+  type: script
+  run: |
+    const data = context.steps.fetch_data.output;
+    return data.map(i => i.value * 2).reduce((a, b) => a + b, 0);
+```
 ```
 
 ---
@@ -368,6 +392,7 @@ mcp_servers:
     type: local
     command: npx
     args: ["-y", "mcp-remote", "https://mcp.atlassian.com/v1/sse"]
+    timeout: 60000  # Optional connection timeout in ms
     oauth:
       scope: tools:read
 ```
@@ -402,12 +427,12 @@ In these examples, the agent will have access to all tools provided by the MCP s
 | Command | Description |
 | :--- | :--- |
 | `init` | Initialize a new Keystone project |
-| `run <workflow>` | Execute a workflow (use `-i key=val` for inputs) |
+| `run <workflow>` | Execute a workflow (use `-i key=val` for inputs, `--dry-run` to test) |
 | `resume <run_id>` | Resume a failed or paused workflow |
 | `validate [path]` | Check workflow files for errors |
 | `workflows` | List available workflows |
 | `history` | Show recent workflow runs |
-| `logs <run_id>` | View logs and step status for a specific run |
+| `logs <run_id>` | View logs, outputs, and errors for a specific run (`-v` for full output) |
 | `graph <workflow>` | Generate a Mermaid diagram of the workflow |
 | `config` | Show current configuration and providers |
 | `auth status [provider]` | Show authentication status |

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "keystone-cli",
-  "version": "0.4.4",
+  "version": "0.5.1",
   "description": "A local-first, declarative, agentic workflow orchestrator built on Bun",
   "type": "module",
   "bin": {
@@ -42,7 +42,6 @@
     "ink": "^6.5.1",
     "ink-select-input": "3.1.2",
     "ink-spinner": "^5.0.0",
-    "isolated-vm": "^6.0.2",
     "js-yaml": "^4.1.0",
     "jsep": "^1.4.0",
     "react": "^19.2.3",

package/src/cli.ts

@@ -225,6 +225,7 @@ program
   .description('Execute a workflow')
   .argument('<workflow>', 'Workflow name or path to workflow file')
   .option('-i, --input <key=value...>', 'Input values')
+  .option('--dry-run', 'Show what would be executed without actually running it')
   .action(async (workflowPath, options) => {
     // Parse inputs
     const inputs: Record<string, unknown> = {};
@@ -264,7 +265,11 @@ program
 
       // Import WorkflowRunner dynamically
       const { WorkflowRunner } = await import('./runner/workflow-runner.ts');
-      const runner = new WorkflowRunner(workflow, { inputs, workflowDir: dirname(resolvedPath) });
+      const runner = new WorkflowRunner(workflow, {
+        inputs,
+        workflowDir: dirname(resolvedPath),
+        dryRun: !!options.dryRun,
+      });
 
       const outputs = await runner.run();
 
@@ -417,7 +422,8 @@ program
   .command('logs')
   .description('Show logs for a workflow run')
   .argument('<run_id>', 'Run ID')
-  .action((runId) => {
+  .option('-v, --verbose', 'Show full output without truncation')
+  .action((runId, options) => {
     try {
       const db = new WorkflowDb();
       const run = db.getRun(runId);
@@ -430,13 +436,67 @@ program
       console.log(`\n📋 Workflow: ${run.workflow_name}`);
       console.log(`Status: ${run.status}`);
       console.log(`Started: ${new Date(run.started_at).toLocaleString()}`);
+      if (run.completed_at) {
+        console.log(`Completed: ${new Date(run.completed_at).toLocaleString()}`);
+      }
+      if (run.error) {
+        console.log(`\n❌ Error: ${run.error}`);
+      }
 
       const steps = db.getStepsByRun(runId);
       if (steps.length > 0) {
         console.log('\nSteps:');
         for (const step of steps) {
-          const status = step.status.toUpperCase().padEnd(10);
-          console.log(`  ${step.step_id.padEnd(20)}  ${status}`);
+          const statusColors: Record<string, string> = {
+            success: '\x1b[32m', // green
+            failed: '\x1b[31m', // red
+            pending: '\x1b[33m', // yellow
+            skipped: '\x1b[90m', // gray
+            suspended: '\x1b[35m', // magenta
+          };
+          const RESET = '\x1b[0m';
+          const color = statusColors[step.status] || '';
+          const status = `${color}${step.status.toUpperCase().padEnd(10)}${RESET}`;
+          const iteration = step.iteration_index !== null ? ` [${step.iteration_index}]` : '';
+          console.log(`  ${(step.step_id + iteration).padEnd(25)}  ${status}`);
+
+          // Show error if present
+          if (step.error) {
+            console.log(`    ❌ Error: ${step.error}`);
+          }
+
+          // Show output if present
+          if (step.output) {
+            try {
+              const output = JSON.parse(step.output);
+              let outputStr = JSON.stringify(output, null, 2);
+              if (!options.verbose && outputStr.length > 500) {
+                outputStr = `${outputStr.substring(0, 500)}... (use --verbose for full output)`;
+              }
+              // Indent output
+              const indentedOutput = outputStr
+                .split('\n')
+                .map((line: string) => `      ${line}`)
+                .join('\n');
+              console.log(`    📤 Output:\n${indentedOutput}`);
+            } catch {
+              console.log(`    📤 Output: ${step.output.substring(0, 200)}`);
+            }
+          }
+
+          // Show usage if present
+          if (step.usage) {
+            try {
+              const usage = JSON.parse(step.usage);
+              if (usage.total_tokens) {
+                console.log(
+                  `    📊 Tokens: ${usage.total_tokens} (prompt: ${usage.prompt_tokens}, completion: ${usage.completion_tokens})`
+                );
+              }
+            } catch {
+              // Ignore parse errors
+            }
+          }
         }
       }
 

package/src/db/workflow-db.ts

@@ -1,7 +1,14 @@
 import { Database } from 'bun:sqlite';
+import {
+  StepStatus as StepStatusConst,
+  type StepStatusType,
+  WorkflowStatus as WorkflowStatusConst,
+  type WorkflowStatusType,
+} from '../types/status';
 
-export type RunStatus = 'pending' | 'running' | 'completed' | 'failed' | 'paused';
-export type StepStatus = 'pending' | 'running' | 'success' | 'failed' | 'skipped' | 'suspended';
+// Re-export for backward compatibility - these map to the database column values
+export type RunStatus = WorkflowStatusType | 'pending' | 'completed';
+export type StepStatus = StepStatusType;
 
 export interface WorkflowRun {
   id: string;
@@ -35,6 +42,7 @@ export class WorkflowDb {
     this.db = new Database(dbPath, { create: true });
     this.db.exec('PRAGMA journal_mode = WAL;'); // Write-ahead logging
     this.db.exec('PRAGMA foreign_keys = ON;'); // Enable foreign key enforcement
+    this.db.exec('PRAGMA busy_timeout = 5000;'); // Retry busy signals for up to 5s
     this.initSchema();
   }
 
@@ -58,7 +66,7 @@ export class WorkflowDb {
    * Retry wrapper for SQLite operations that may encounter SQLITE_BUSY errors
    * during high concurrency scenarios (e.g., foreach loops)
    */
-  private async withRetry<T>(operation: () => T, maxRetries = 5): Promise<T> {
+  private async withRetry<T>(operation: () => T, maxRetries = 10): Promise<T> {
     let lastError: Error | undefined;
 
     for (let attempt = 0; attempt < maxRetries; attempt++) {
@@ -68,8 +76,8 @@ export class WorkflowDb {
         // Check if this is a SQLITE_BUSY error
         if (this.isSQLiteBusyError(error)) {
           lastError = error instanceof Error ? error : new Error(String(error));
-          // Exponential backoff: 10ms, 20ms, 40ms, 80ms, 160ms
-          const delayMs = 10 * 2 ** attempt;
+          // Exponential backoff with jitter: 20ms base
+          const delayMs = 20 * 1.5 ** attempt + Math.random() * 20;
           await Bun.sleep(delayMs);
           continue;
         }
@@ -262,13 +270,14 @@ export class WorkflowDb {
     return stmt.get(runId, stepId, iterationIndex) as StepExecution | null;
   }
 
-  getStepsByRun(runId: string): StepExecution[] {
+  getStepsByRun(runId: string, limit = -1, offset = 0): StepExecution[] {
     const stmt = this.db.prepare(`
       SELECT * FROM step_executions
       WHERE run_id = ?
       ORDER BY started_at ASC, iteration_index ASC, rowid ASC
+      LIMIT ? OFFSET ?
     `);
-    return stmt.all(runId) as StepExecution[];
+    return stmt.all(runId, limit, offset) as StepExecution[];
   }
 
   close(): void {

package/src/expression/evaluator.audit.test.ts

@@ -0,0 +1,67 @@
+import { describe, expect, it } from 'bun:test';
+import { ExpressionEvaluator } from './evaluator';
+import type { ExpressionContext } from './evaluator';
+
+describe('ExpressionEvaluator Audit Fixes', () => {
+  const context = { inputs: { a: 1 } };
+
+  it('should use loose equality for ==', () => {
+    expect(ExpressionEvaluator.evaluate("${{ 5 == '5' }}", context)).toBe(true);
+    expect(ExpressionEvaluator.evaluate("${{ '5' == 5 }}", context)).toBe(true);
+    // Strict should still work
+    expect(ExpressionEvaluator.evaluate("${{ 5 === '5' }}", context)).toBe(false);
+  });
+
+  it('should use loose inequality for !=', () => {
+    expect(ExpressionEvaluator.evaluate("${{ 5 != '5' }}", context)).toBe(false);
+    expect(ExpressionEvaluator.evaluate("${{ '5' != 5 }}", context)).toBe(false);
+    expect(ExpressionEvaluator.evaluate("${{ 5 != '6' }}", context)).toBe(true);
+    // Strict should still work
+    expect(ExpressionEvaluator.evaluate("${{ 5 !== '5' }}", context)).toBe(true);
+  });
+
+  it('should block Array constructor', () => {
+    expect(() => ExpressionEvaluator.evaluate('${{ Array(10) }}', context)).toThrow();
+  });
+
+  it('should block repeat method', () => {
+    expect(() => ExpressionEvaluator.evaluate("${{ 'a'.repeat(10) }}", context)).toThrow();
+  });
+
+  describe('Nesting Support', () => {
+    const nestedContext: ExpressionContext = {
+      inputs: {
+        a: { b: { c: { d: 1 } } },
+        arr: [[[1]]],
+      },
+    };
+
+    it('should support level 1 nesting', () => {
+      // ${{ { a: 1 } }}
+      expect(ExpressionEvaluator.evaluate('${{ { x: 1 }.x }}', nestedContext)).toBe(1);
+    });
+
+    it('should support level 2 nesting', () => {
+      // ${{ { a: { b: 1 } } }}
+      expect(ExpressionEvaluator.evaluate('${{ { x: { y: 1 } }.x.y }}', nestedContext)).toBe(1);
+    });
+
+    it('should support level 3 nesting', () => {
+      // ${{ { a: { b: { c: 1 } } } }}
+      expect(
+        ExpressionEvaluator.evaluate('${{ { x: { y: { z: 1 } } }.x.y.z }}', nestedContext)
+      ).toBe(1);
+    });
+
+    it('should support level 3 object access in context', () => {
+      expect(ExpressionEvaluator.evaluate('${{ inputs.a.b.c.d }}', nestedContext)).toBe(1);
+    });
+
+    it('should support level 3 array nesting', () => {
+      // ${{ [ [ [ 1 ] ] ] }}
+      // biome-ignore lint/suspicious/noExplicitAny: generic loose validation for test
+      const res = ExpressionEvaluator.evaluate('${{ [ [ [ 1 ] ] ] }}', nestedContext) as any;
+      expect(res[0][0][0]).toBe(1);
+    });
+  });
+});

package/src/expression/evaluator.test.ts

@@ -74,6 +74,18 @@ describe('ExpressionEvaluator', () => {
     expect(ExpressionEvaluator.evaluate('${{ 1 >= 1 }}', context)).toBe(true);
   });
 
+  test('should support loose equality with type coercion', () => {
+    // == should perform type coercion (unlike ===)
+    expect(ExpressionEvaluator.evaluate('${{ 5 == "5" }}', context)).toBe(true);
+    expect(ExpressionEvaluator.evaluate('${{ 5 === "5" }}', context)).toBe(false);
+    // != should perform type coercion (unlike !==)
+    expect(ExpressionEvaluator.evaluate('${{ 5 != "6" }}', context)).toBe(true);
+    expect(ExpressionEvaluator.evaluate('${{ 5 != "5" }}', context)).toBe(false);
+    // null == undefined should be true
+    const ctxWithNull = { ...context, nullVal: null };
+    expect(ExpressionEvaluator.evaluate('${{ nullVal == undefined }}', ctxWithNull)).toBe(true);
+  });
+
   test('should support more globals and complex expressions', () => {
     expect(ExpressionEvaluator.evaluate('${{ Math.max(1, 2) }}', context)).toBe(2);
     expect(ExpressionEvaluator.evaluate('${{ JSON.stringify({a: 1}) }}', context)).toBe('{"a":1}');
@@ -196,7 +208,7 @@ describe('ExpressionEvaluator', () => {
 
   test('should throw error for forbidden properties', () => {
     expect(() => ExpressionEvaluator.evaluate("${{ inputs['constructor'] }}", context)).toThrow(
-      /Access to property constructor is forbidden/
+      /Access to property.*constructor.*is forbidden/
     );
   });
 
@@ -211,8 +223,9 @@ describe('ExpressionEvaluator', () => {
   });
 
   test('should throw error for method not allowed', () => {
+    // 'reverse' is now a safe method but strings don't have it
     expect(() => ExpressionEvaluator.evaluate("${{ 'abc'.reverse() }}", context)).toThrow(
-      /Method reverse is not allowed/
+      /Cannot call method reverse on string/
     );
   });
 

package/src/expression/evaluator.ts

@@ -56,18 +56,34 @@ interface ObjectExpression extends jsep.Expression {
 }
 
 export class ExpressionEvaluator {
+  // Pre-compiled regex for performance - handles nested braces (up to 3 levels)
+  private static readonly EXPRESSION_REGEX =
+    /\$\{\{(?:[^{}]|\{(?:[^{}]|\{(?:[^{}]|\{[^{}]*\})*\})*\})*\}\}/g;
+  private static readonly SINGLE_EXPRESSION_REGEX =
+    /^\s*\$\{\{(?:[^{}]|\{(?:[^{}]|\{(?:[^{}]|\{[^{}]*\})*\})*\})*\}\}\s*$/;
+  // Non-global version for hasExpression to avoid lastIndex state issues with global regex
+  private static readonly HAS_EXPRESSION_REGEX =
+    /\$\{\{(?:[^{}]|\{(?:[^{}]|\{(?:[^{}]|\{[^{}]*\})*\})*\})*\}\}/;
+
+  // Forbidden properties for security - prevents prototype pollution
+  private static readonly FORBIDDEN_PROPERTIES = new Set([
+    'constructor',
+    '__proto__',
+    'prototype',
+    '__defineGetter__',
+    '__defineSetter__',
+    '__lookupGetter__',
+    '__lookupSetter__',
+  ]);
+
   /**
    * Evaluate a string that may contain ${{ }} expressions
    */
   static evaluate(template: string, context: ExpressionContext): unknown {
-    // Improved regex that handles nested braces (up to 2 levels of nesting)
-    // Matches ${{ ... }} and allows { ... } inside for object literals and arrow functions
-    const expressionRegex = /\$\{\{(?:[^{}]|\{(?:[^{}]|\{[^{}]*\})*\})*\}\}/g;
+    const expressionRegex = new RegExp(ExpressionEvaluator.EXPRESSION_REGEX.source, 'g');
 
     // If the entire string is a single expression, return the evaluated value directly
-    const singleExprMatch = template.match(
-      /^\s*\$\{\{(?:[^{}]|\{(?:[^{}]|\{[^{}]*\})*\})*\}\}\s*$/
-    );
+    const singleExprMatch = template.match(ExpressionEvaluator.SINGLE_EXPRESSION_REGEX);
     if (singleExprMatch) {
       // Extract the expression content between ${{ and }}
       const expr = singleExprMatch[0].replace(/^\s*\$\{\{\s*|\s*\}\}\s*$/g, '');
@@ -91,7 +107,7 @@ export class ExpressionEvaluator {
           'exitCode' in result &&
           typeof (result as Record<string, unknown>).stdout === 'string'
         ) {
-          return (result as Record<string, unknown>).stdout.trim();
+          return ((result as Record<string, unknown>).stdout as string).trim();
         }
         return JSON.stringify(result, null, 2);
       }
@@ -150,7 +166,7 @@ export class ExpressionEvaluator {
           Boolean: Boolean,
           Number: Number,
           String: String,
-          Array: Array,
+          // Array: Array, // Disabled for security (DoS prevention)
           Object: Object,
           Math: Math,
           Date: Date,
@@ -162,23 +178,23 @@ export class ExpressionEvaluator {
           undefined: undefined,
           null: null,
           NaN: Number.NaN,
-          Infinity: Number.Infinity,
+          Infinity: Number.POSITIVE_INFINITY,
           true: true,
           false: false,
           escape: escapeShellArg, // Shell argument escaping for safe command execution
         };
 
-        // Check safe globals first
-        if (name in safeGlobals) {
-          return safeGlobals[name];
-        }
-
         // Check if it's an arrow function parameter (stored directly in context)
         const contextAsRecord = context as Record<string, unknown>;
         if (name in contextAsRecord && contextAsRecord[name] !== undefined) {
           return contextAsRecord[name];
         }
 
+        // Check safe globals
+        if (name in safeGlobals) {
+          return safeGlobals[name];
+        }
+
         // Root context variables
         const rootContext: Record<string, unknown> = {
           inputs: context.inputs || {},
@@ -218,10 +234,21 @@ export class ExpressionEvaluator {
 
         const propertyAsRecord = object as Record<string | number, unknown>;
 
-        // Security check for sensitive properties
-        const forbiddenProperties = ['constructor', '__proto__', 'prototype'];
-        if (typeof property === 'string' && forbiddenProperties.includes(property)) {
-          throw new Error(`Access to property ${property} is forbidden`);
+        // Security check for sensitive properties - normalize and check
+        if (typeof property === 'string') {
+          // Normalize the property name to catch bypass attempts (e.g., via unicode or encoded strings)
+          const normalizedProperty = property.normalize('NFKC').toLowerCase();
+          const propertyLower = property.toLowerCase();
+
+          // Check both original and normalized forms
+          if (
+            ExpressionEvaluator.FORBIDDEN_PROPERTIES.has(property) ||
+            ExpressionEvaluator.FORBIDDEN_PROPERTIES.has(propertyLower) ||
+            normalizedProperty.includes('proto') ||
+            normalizedProperty.includes('constructor')
+          ) {
+            throw new Error(`Access to property "${property}" is forbidden for security reasons`);
+          }
         }
 
         return propertyAsRecord[property];
@@ -253,11 +280,15 @@ export class ExpressionEvaluator {
           case '%':
             return (left as number) % (right as number);
           case '==':
-            return left === right;
+            // Use loose equality to match non-programmer expectations (e.g. "5" == 5)
+            // Strict equality is available via ===
+            // biome-ignore lint/suspicious/noDoubleEquals: Intentional loose equality for expression language
+            return left == right;
           case '===':
             return left === right;
           case '!=':
-            return left !== right;
+            // biome-ignore lint/suspicious/noDoubleEquals: Intentional loose inequality for expression language
+            return left != right;
           case '!==':
             return left !== right;
           case '<':
@@ -290,7 +321,7 @@ export class ExpressionEvaluator {
       }
 
       case 'LogicalExpression': {
-        const logicalNode = node as jsep.LogicalExpression;
+        const logicalNode = node as unknown as { left: ASTNode; right: ASTNode; operator: string };
         const left = ExpressionEvaluator.evaluateNode(logicalNode.left, context);
 
         // Short-circuit evaluation
@@ -314,7 +345,9 @@ export class ExpressionEvaluator {
 
       case 'ArrayExpression': {
         const arrayNode = node as jsep.ArrayExpression;
-        return arrayNode.elements.map((elem) => ExpressionEvaluator.evaluateNode(elem, context));
+        return arrayNode.elements.map((elem) =>
+          elem ? ExpressionEvaluator.evaluateNode(elem, context) : null
+        );
       }
 
       case 'ObjectExpression': {
@@ -337,7 +370,14 @@ export class ExpressionEvaluator {
         if (callNode.callee.type === 'MemberExpression') {
           const memberNode = callNode.callee as jsep.MemberExpression;
           const object = ExpressionEvaluator.evaluateNode(memberNode.object, context);
-          const methodName = (memberNode.property as jsep.Identifier).name;
+
+          let methodName: string;
+          if (memberNode.computed) {
+            const evaluated = ExpressionEvaluator.evaluateNode(memberNode.property, context);
+            methodName = String(evaluated);
+          } else {
+            methodName = (memberNode.property as jsep.Identifier).name;
+          }
 
           // Evaluate arguments, handling arrow functions specially
           const args = callNode.arguments.map((arg) => {
@@ -350,8 +390,9 @@ export class ExpressionEvaluator {
             return ExpressionEvaluator.evaluateNode(arg, context);
           });
 
-          // Allow only safe array/string methods
+          // Allow only safe array/string/number methods
           const safeMethods = [
+            // Array methods
             'map',
             'filter',
             'reduce',
@@ -364,27 +405,56 @@ export class ExpressionEvaluator {
             'slice',
             'concat',
             'join',
+            'flat',
+            'flatMap',
+            'reverse',
+            'sort',
+            // String methods
             'split',
             'toLowerCase',
             'toUpperCase',
             'trim',
+            'trimStart',
+            'trimEnd',
             'startsWith',
             'endsWith',
             'replace',
+            'replaceAll',
             'match',
             'toString',
-            'length',
+            'charAt',
+            'charCodeAt',
+            'substring',
+            'substr',
+            'padStart',
+            'padEnd',
+            // 'repeat', // Disabled for security (DoS prevention)
+            'normalize',
+            'localeCompare',
+            // Number methods
+            'toFixed',
+            'toPrecision',
+            'toExponential',
+            'toLocaleString',
+            // Math methods
             'max',
             'min',
             'abs',
             'round',
             'floor',
             'ceil',
+            'pow',
+            'sqrt',
+            'random',
+            // Object/JSON methods
             'stringify',
             'parse',
             'keys',
             'values',
             'entries',
+            'hasOwnProperty',
+            // General
+            'length',
           ];
 
           if (!safeMethods.includes(methodName)) {
@@ -394,7 +464,10 @@ export class ExpressionEvaluator {
           // For methods that take callbacks (map, filter, etc.), we need special handling
           // Since we can't pass AST nodes directly, we'll handle the most common patterns
           if (object && typeof (object as Record<string, unknown>)[methodName] === 'function') {
-            return (object as Record<string, unknown>)[methodName](...args);
+            const method = (object as Record<string, unknown>)[methodName] as (
+              ...args: unknown[]
+            ) => unknown;
+            return method.call(object, ...args);
           }
 
           throw new Error(`Cannot call method ${methodName} on ${typeof object}`);
@@ -466,8 +539,8 @@ export class ExpressionEvaluator {
    * Check if a string contains any expressions
    */
   static hasExpression(str: string): boolean {
-    // Use same improved regex that handles nested braces (up to 2 levels)
-    return /\$\{\{(?:[^{}]|\{(?:[^{}]|\{[^{}]*\})*\})*\}\}/.test(str);
+    // Use non-global regex to avoid lastIndex state issues
+    return ExpressionEvaluator.HAS_EXPRESSION_REGEX.test(str);
   }
 
   /**
@@ -498,7 +571,7 @@ export class ExpressionEvaluator {
    */
   static findStepDependencies(template: string): string[] {
     const dependencies = new Set<string>();
-    const expressionRegex = /\$\{\{(?:[^{}]|\{(?:[^{}]|\{[^{}]*\})*\})*\}\}/g;
+    const expressionRegex = new RegExp(ExpressionEvaluator.EXPRESSION_REGEX.source, 'g');
     const matches = template.matchAll(expressionRegex);
 
     for (const match of matches) {

package/src/parser/agent-parser.test.ts

@@ -18,7 +18,9 @@ describe('agent-parser', () => {
   afterAll(() => {
     try {
       rmSync(tempDir, { recursive: true, force: true });
-    } catch (e) {}
+    } catch (e) {
+      // Ignore cleanup error
+    }
   });
 
   describe('parseAgent', () => {
@@ -100,7 +102,9 @@ Prompt`;
       const agentsDir = join(process.cwd(), '.keystone', 'workflows', 'agents');
       try {
         mkdirSync(agentsDir, { recursive: true });
-      } catch (e) {}
+      } catch (e) {
+        // Ignore cleanup error
+      }
 
       const filePath = join(agentsDir, 'my-agent.md');
       writeFileSync(filePath, '---name: my-agent---');

package/src/parser/schema.ts

@@ -38,6 +38,7 @@ const ShellStepSchema = BaseStepSchema.extend({
   run: z.string(),
   dir: z.string().optional(),
   env: z.record(z.string()).optional(),
+  allowInsecure: z.boolean().optional(),
 });
 
 // Forward declaration for AgentToolSchema which depends on StepSchema
@@ -71,6 +72,7 @@ const LlmStepSchema = BaseStepSchema.extend({
           env: z.record(z.string()).optional(),
           url: z.string().optional(),
           headers: z.record(z.string()).optional(),
+          timeout: z.number().int().positive().optional(),
         }),
       ])
     )