ocuclaw 1.3.3 → 1.3.4

package/README.md

@@ -46,6 +46,18 @@ openclaw config set plugins.entries.ocuclaw.config.evenAiToken "your-even-ai-tok
 
 > **Note:** When `evenAiEnabled` is `true`, `evenAiToken` is required. Config validation will reject the change if you enable Even AI without setting the token.
 
+Optional Even AI tuning (only used when `evenAiEnabled` is `true`):
+
+- `evenAiRoutingMode`: `active` routes through the current session (default), `background` reuses a dedicated background session, `background_new` starts a fresh background session per request.
+- `evenAiSystemPrompt`: Extra system prompt appended to Even AI runs only.
+
+```bash
+openclaw config set plugins.entries.ocuclaw.config.evenAiRoutingMode "active"
+openclaw config set plugins.entries.ocuclaw.config.evenAiSystemPrompt "your-extra-prompt"
+```
+
+> **Note:** These two seed the Even AI settings on first boot. If you use the OcuClaw glasses client or phone WebUI, the in-app Even AI settings editor takes over afterward, and later changes to these config keys won't affect live behaviour unless the stored settings are reset. For deployments that use **only** the direct Even Realities Even AI pathway — never launching the OcuClaw client — these keys are the only way to configure routing mode and system prompt. `evenAiSystemPrompt` has no glasses-side editor, so set it via the phone WebUI or config.
+
 Advanced optional settings:
 
 ```bash
@@ -53,8 +65,24 @@ openclaw config set plugins.entries.ocuclaw.config.wsBind "127.0.0.1"
 # wsPort default is 9000; on Windows that port is often reserved by WinNAT, so the
 # setup assistant uses 47800. Pick any free port in 30000-49151 if you override it.
 openclaw config set plugins.entries.ocuclaw.config.wsPort 47800 --strict-json
-openclaw config set plugins.entries.ocuclaw.config.sessionLimit 10 --strict-json
+# Recent sessions fetched for the WebUI switcher/search list (default 80). Glasses
+# clamp to their own item-count cap, so this only widens the WebUI list.
+openclaw config set plugins.entries.ocuclaw.config.sessionLimit 80 --strict-json
+# Optional model override ("provider/model") for the background session-title
+# distiller. This is a lightweight background task, so a small, fast, inexpensive
+# model is a good choice (e.g. Anthropic's Haiku) — it keeps title generation off
+# your main model's tokens and latency. Leave unset to use your normal model.
+openclaw config set plugins.entries.ocuclaw.config.sessionTitleModel "anthropic/claude-haiku-4-5"
+# How long render_glasses_ui waits for a user pick before resolving { result: "timeout" }.
+# Default 1800000 (30 minutes); 0 disables the timeout (infinite wait).
+openclaw config set plugins.entries.ocuclaw.config.renderGlassesUiTimeoutMs 1800000 --strict-json
+# How long (ms) a fresh agent summary outranks a tool label in the glasses activity
+# status. Default 5000, clamped to 3000-8000.
+openclaw config set plugins.entries.ocuclaw.config.freshnessWindowMs 5000 --strict-json
+# Debug tooling (only relevant when externalDebugToolsEnabled is true):
 openclaw config set plugins.entries.ocuclaw.config.externalDebugToolsEnabled true --strict-json
+# Per-channel filters that suppress or sample noisy debug events.
+openclaw config set plugins.entries.ocuclaw.config.debugNoisyPolicies '{}' --strict-json
 ```
 
 Run `openclaw plugins inspect ocuclaw` to see all settings with their descriptions and defaults.

package/dist/config/runtime-config-session-title-model.test.js

@@ -2,9 +2,6 @@ import assert from "node:assert/strict";
 import test from "node:test";
 import { createRuntimeConfig } from "./runtime-config.ts";
 
-// Minimal valid config: relayToken (pluginConfig) + a gateway auth token
-// (openclawConfig) — createRuntimeConfig throws without a resolvable
-// gatewayUrl/gatewayToken (gatewayUrl defaults to ws://127.0.0.1:18789).
 const base = { relayToken: "tok" };
 const openclawConfig = { gateway: { auth: { token: "gw" } } };
 

package/dist/config/runtime-config.js

@@ -18,6 +18,15 @@ function parseIntOrDefault(value, defaultValue) {
   return parsed;
 }
 
+function clampInt(value, min, max, fallback) {
+  const n = Number(value);
+  if (!Number.isFinite(n)) return fallback;
+  const rounded = Math.floor(n);
+  if (rounded < min) return min;
+  if (rounded > max) return max;
+  return rounded;
+}
+
 function parseEvenAiRoutingMode(value) {
   return normalizeEvenAiRoutingMode(value);
 }
@@ -97,19 +106,6 @@ function resolveDebugNoisyPolicies(pluginValue, envValue) {
   return parseJsonOrUndefined(envValue, "debugNoisyPolicies");
 }
 
-// Supported live-refresh LLM backends — both are HTTP API backends. The two
-// CLI-spawn backends were removed: codex-cli because Codex's read-only sandbox
-// still permits filesystem reads (an agent prompt could exfil ~/.aws/credentials,
-// ~/.ssh/*, etc. via stdout into the glasses surface), and claude-cli to remove
-// the plugin's last child_process spawn so the OpenClaw installer's static
-// dangerous-code scanner passes without --dangerously-force-unsafe-install. (The
-// scanner can't see that --tools "" made the CLI tool-less; it just sees a spawn.
-// This is not an exploit claim about claude-cli — it removes spawn surface and
-// clears the static block.) The proper agentic tier — delegating ticks to the
-// native OpenClaw runtime instead of spawning a CLI — is tracked separately (the
-// glasses-ui L1/L2 delegation redesign) and blocked on request-scoped
-// api.runtime.subagent.run. Operators who want Claude/Codex point an *-api
-// backend at the provider endpoint (key resolved via the host modelAuth).
 const GLASSES_UI_LIVE_BACKENDS = new Set([
   "anthropic-api",
   "openai-compat",
@@ -122,8 +118,7 @@ const GLASSES_UI_LIVE_DEFAULT_MODEL = {
 
 function resolveGlassesUiLive(value) {
   const raw = isObject(value) ? value : {};
-  // Unknown/removed backends (incl. a stale tickBackend: "claude-cli" or
-  // "codex-cli" from an operator's pre-removal config) coerce to this default.
+
   const tickBackend = GLASSES_UI_LIVE_BACKENDS.has(raw.tickBackend)
     ? raw.tickBackend
     : "anthropic-api";
@@ -136,20 +131,13 @@ function resolveGlassesUiLive(value) {
     tickApiBaseUrl,
     allowAgentModelOverride: parseBool(raw.allowAgentModelOverride, false),
     tickMaxOutputTokens: parseIntOrDefault(raw.tickMaxOutputTokens, 200),
-    // http recipes issue agent-influenced outbound network requests on a
-    // schedule. The recipe executor blocks loopback/RFC1918/link-local
-    // destinations and resolves hostnames through an SSRF-safe dispatcher,
-    // but the capability — "the plugin's gateway host can fetch arbitrary
-    // public URLs the agent chooses" — is itself worth an operator opt-in.
-    // Default to disabled; set
-    // plugins.entries.ocuclaw.config.glassesUiLive.httpEnabled = true to
-    // enable. The dispatcher protection still applies once enabled.
+
     httpEnabled: parseBool(raw.httpEnabled, false),
-    // llm ticks are agent-influenced model calls on a schedule (token spend +
-    // hallucinated-display risk); the tier is deliberately untaught in the
-    // skill, and an enabled-but-undocumented capability is the worst of both.
-    // Operator opt-in like httpEnabled (user decision 2026-06-10); the L1/L2
-    // agent tier is the sanctioned path to reasoning surfaces when it lands.
+
+    httpAllowHosts: Array.isArray(raw.httpAllowHosts)
+      ? raw.httpAllowHosts.filter((h) => typeof h === "string")
+      : [],
+
     llmEnabled: parseBool(raw.llmEnabled, false),
     maxConcurrentSurfacesPerHost: parseIntOrDefault(raw.maxConcurrentSurfacesPerHost, 4),
   };
@@ -206,12 +194,9 @@ export function createRuntimeConfig(opts = {}) {
     relayToken,
     wsBind: pickString(pluginConfig.wsBind, "127.0.0.1"),
     wsPort: parseIntOrDefault(pickValue(pluginConfig.wsPort), 9000),
-    sessionLimit: parseIntOrDefault(pickValue(pluginConfig.sessionLimit), 10),
+    sessionLimit: parseIntOrDefault(pickValue(pluginConfig.sessionLimit), 80),
     sonioxApiKey: pickString(pluginConfig.sonioxApiKey),
-    debugPayloadMaxBytes: parseIntOrDefault(
-      pickValue(pluginConfig.debugPayloadMaxBytes),
-      2048,
-    ),
+    cartesiaApiKey: pickString(pluginConfig.cartesiaApiKey),
     debugNoisyPolicies: resolveDebugNoisyPolicies(
       pluginConfig.debugNoisyPolicies,
       undefined,
@@ -220,6 +205,10 @@ export function createRuntimeConfig(opts = {}) {
       pluginConfig.externalDebugToolsEnabled,
       false,
     ),
+    allowDebugUpload: parseBool(pluginConfig.allowDebugUpload, false),
+    debugUploadMaxZipBytes: clampInt(pluginConfig.debugUploadMaxZipBytes, 100_000, 4_300_000, 4_000_000),
+    debugUploadCapturePreset: Array.isArray(pluginConfig.debugUploadCapturePreset) ? pluginConfig.debugUploadCapturePreset : undefined,
+    debugBundleSaveDir: pluginConfig.debugBundleSaveDir || "",
     evenAiEnabled,
     evenAiToken,
     evenAiSystemPrompt: pickString(pluginConfig.evenAiSystemPrompt),

package/dist/domain/activity-status-adapter.js

@@ -251,7 +251,6 @@ function createActivityStatusAdapter(opts) {
   const now =
     typeof options.now === "function" ? options.now : () => Date.now();
 
-  /** @type {Map<string, {seq: number, toolStartCount: number, currentActivityId: string|null, toolContextByActivityId: Map<string, {label: string, detail: string|null, category: string|null, intent: string|null}>}>} */
   const runStates = new Map();
 
   function getRunState(runKey) {
@@ -381,8 +380,6 @@ function createActivityStatusAdapter(opts) {
         detail = resolvedThinking.detail;
       }
 
-      // Agent-authored summaries get a clamp-only shortLabel when the
-      // 64-char header budget needs it; generic "Thinking..." never does.
       if (label && isExplanatoryThinkingLabel(label) && label.length > SHORT_LABEL_MAX_CHARS) {
         shortLabel = label;
       }
@@ -505,10 +502,6 @@ function createActivityStatusAdapter(opts) {
     result.candidateAtMs = now();
     result.freshnessWindowMs = freshnessWindowMs;
 
-    // Association ids (optional, normalized): trim, or drop when empty. The
-    // {...activity} spread already copies them, but normalize at the contract
-    // boundary so untrusted callers can't leak whitespace/empty ids. See
-    // transport spec docs/superpowers/specs/2026-06-01-...-redesign-design.md §4/§11.
     if (typeof activity.toolCallId === "string" && activity.toolCallId.trim()) {
       result.toolCallId = activity.toolCallId.trim();
     } else {

package/dist/domain/activity-status-arbiter.js

@@ -1,18 +1,9 @@
-// Pure ladder-ranking logic for the activity-status arbiter (Plan 2 core).
-//
-// LEAF MODULE: it may import small shared leaf helpers, but nothing it imports
-// may import it back. The CJS build (scripts/build.mjs#emitCjsFile) appends
-// `module.exports = {...}` at EOF and converts imports to eager in-place
-// requires, so a bidirectional import would resolve to `{}` mid-cycle and
-// crash at call time. Keep this module a strict leaf.
-
 const RANK_INTERVENTION = "intervention";
 const RANK_GENERATED_SUMMARY = "generated_summary";
 const RANK_TOOL = "tool";
 const RANK_GENERIC_THINKING = "generic_thinking";
 const RANK_QUIET = "quiet";
 
-// Ladder order, highest first. Matches spec §5.
 const RANKS = [
   RANK_INTERVENTION,
   RANK_GENERATED_SUMMARY,
@@ -30,16 +21,6 @@ function isInterventionSignal(s) {
   );
 }
 
-// Classify an already-resolved activity into its ladder rank.
-// The branch order IS the ladder order. `intervention` and `tool` are
-// rankable regardless of includeThinking; the two thinking-derived ranks
-// (`generated_summary` and `generic_thinking`) are both gated by
-// `includeThinking === true` (spec §7.4: `includeThinking = false` →
-// no `generated_summary` override and no `generic_thinking` fallback).
-//
-// NOTE: the guard here enforces spec §7.4 directly — callers may pass
-// any value for `thinkingSummarySource` regardless of `includeThinking`
-// and will always get the correct answer.
 function classifyRank(signals) {
   const s = signals || {};
   if (isInterventionSignal(s)) return RANK_INTERVENTION;
@@ -57,8 +38,6 @@ function classifyRank(signals) {
   return RANK_QUIET;
 }
 
-// Exact generic stems that must never outrank a tool, even from a
-// summary/bold source. Compared against the normalized whole label.
 const GENERIC_SUMMARY_DENYLIST = new Set([
   "thinking",
   "working",
@@ -77,14 +56,11 @@ function normalizeSummaryLabel(label) {
   if (typeof label !== "string") return "";
   return label
     .replace(/\*\*/g, "")
-    .replace(/[.…]+$/g, "") // trailing dots / ellipsis
-    .trim() // leading/trailing whitespace
+    .replace(/[.…]+$/g, "")
+    .trim()
     .toLowerCase();
 }
 
-// A summary may outrank a tool only if it is an authored, concise, specific
-// signal: source ∈ {summary, bold}, non-empty, not a generic stem, and not a
-// bare verb with no object.
 function evaluateSummaryEligibility(thinkingSummarySource, label) {
   if (thinkingSummarySource !== "summary" && thinkingSummarySource !== "bold") {
     return false;
@@ -92,7 +68,7 @@ function evaluateSummaryEligibility(thinkingSummarySource, label) {
   const normalized = normalizeSummaryLabel(label);
   if (!normalized) return false;
   if (GENERIC_SUMMARY_DENYLIST.has(normalized)) return false;
-  // bare verb / single token = no object
+
   if (!/\s/.test(normalized)) return false;
   return true;
 }

package/dist/domain/activity-status-labels.js

@@ -1,11 +1,6 @@
 import path from "node:path";
 
 const DEFAULT_MAX_LABEL_CHARS = 120;
-// No plugin-side preview clipping below the overall label budget: the client's
-// display-width clip (pretext pixel truncation on glasses, Compose ellipsis on
-// phone) is the final physical backstop — see the activity-status redesign spec
-// §8.2. The old 30-char TOOL_PREVIEW_CHARS cap pre-truncated previews well under
-// the glasses line's real pixel capacity, leaving ~90-170px of dead space.
 
 const REDACT_QUERY_KEYS = "(token|access_token|api_key|key|password|secret)";
 
@@ -126,7 +121,7 @@ function filenameFromPath(pathValue) {
   const normalized = cleaned.replace(/[;,)]+$/g, "");
   if (!normalized) return null;
   if (isNullishToken(normalized)) return null;
-  // Ignore shell variable/subshell paths like "$f", "${file}", or "$(mktemp)".
+
   if (/\$[({]?[A-Za-z_][A-Za-z0-9_]*[)}]?/.test(normalized) || /\$\(.+\)/.test(normalized)) {
     return null;
   }
@@ -277,14 +272,14 @@ function unwrapShellCommand(raw) {
     let payload = match[2].trim();
     const quote = payload.charAt(0);
     if (quote === '"' || quote === "'") {
-      if (payload.length < 2 || !payload.endsWith(quote)) break; // unbalanced -- keep original
+      if (payload.length < 2 || !payload.endsWith(quote)) break;
       payload = payload.slice(1, -1);
       if (quote === '"') payload = payload.replace(/\\(["\\$`])/g, "$1");
     }
     if (!payload.trim()) break;
     cmd = payload.trim();
   }
-  // Strip ONE leading `cd <dir> &&` prefix so the real command classifies.
+
   const cdMatch = cmd.match(/^cd\s+[^;&|]+&&\s*([\s\S]+)$/);
   if (cdMatch) cmd = cdMatch[1].trim();
   return cmd;
@@ -295,11 +290,6 @@ const SHELL_KEYWORDS = new Set([
   "while", "for", "until", "case", "esac", "{", "}", "(", ")", "!", "time",
 ]);
 
-// Split into command-position token lists: one list per &&/||/;/|/
-// newline segment, with shell keywords, [ ... ] tests, and leading
-// VAR=value assignments stripped. Quoted separators are not shell-parsed
-// (deterministic v1); the head token of the first segment -- which drives
-// classification -- is unaffected by that limitation.
 function commandSegments(command) {
   const out = [];
   for (const rawSeg of String(command || "").split(/&&|\|\||[;|\n]/)) {
@@ -347,7 +337,7 @@ function classifyExecSegment(tokens) {
     if (fileName) return execResult(`Reading ${fileName}...`, "filesystem", "fs.read", fileName, "file");
   }
   if (bin === "sed") {
-    // In-place sed is a WRITE — label it honestly before the read arm.
+
     const inPlace = rest.some(
       (t) => t === "-i" || t.startsWith("-i.") || t === "--in-place" || t.startsWith("--in-place="),
     );
@@ -376,8 +366,7 @@ function classifyExecSegment(tokens) {
     return execResult("Searching files...", "search", "search.files", null, "phrase");
   }
   if (bin === "git") {
-    // Skip value-taking global flags (`git -C <path> status`, `git -c k=v
-    // commit`) so the flag's ARGUMENT is never mislabeled as the subcommand.
+
     let sub = null;
     for (let index = 0; index < rest.length; index += 1) {
       const token = rest[index];
@@ -423,7 +412,6 @@ function labelFromExecCommand(command) {
   }
   const raw = unwrapShellCommand(original);
 
-  // 1. agent-browser (substring, unchanged behavior)
   if (raw.includes("agent-browser")) {
     const query = extractBrowserQueryFromCommand(raw);
     if (query) {
@@ -442,9 +430,6 @@ function labelFromExecCommand(command) {
 
   const segments = commandSegments(raw);
 
-  // 2. curl/wget LEADING the command (first segment only — a trailing
-  //    `&& curl …` must not outrank the leading command's first-token arm;
-  //    pipelines ending in curl still resolve via the URL fallback below)
   if (segments.length > 0) {
     const leadBin = path.basename(segments[0][0]);
     if (leadBin === "curl" || leadBin === "wget") {
@@ -456,8 +441,6 @@ function labelFromExecCommand(command) {
     }
   }
 
-  // 3. redirects + mktemp (unchanged relative order, BEFORE the read arms —
-  //    preserves the pinned mktemp test)
   const appendMatch = raw.match(/(?:^|\s)>>\s*([^\s]+)/);
   if (appendMatch) {
     const fileName = filenameFromPath(appendMatch[1]);
@@ -485,7 +468,6 @@ function labelFromExecCommand(command) {
     }
   }
 
-  // 4. find/grep/rg piped into wc → counting
   if (
     segments.length >= 2 &&
     ["find", "grep", "rg"].includes(path.basename(segments[0][0])) &&
@@ -494,13 +476,11 @@ function labelFromExecCommand(command) {
     return execResult("Counting matches...", "search", "search.files");
   }
 
-  // 5. first-token arms, first matching segment wins
   for (const tokens of segments) {
     const hit = classifyExecSegment(tokens);
     if (hit) return hit;
   }
 
-  // 6. bare-URL substring fallback (deliberately demoted below first-token arms)
   if (/https?:\/\//i.test(raw)) {
     const url = extractFirstUrl(raw);
     const host = hostFromUrl(url);
@@ -508,7 +488,6 @@ function labelFromExecCommand(command) {
     return execResult("Fetching data...", "network", "network.fetch");
   }
 
-  // 7. raw fallback on the UNWRAPPED inner command
   return execResult(`Running: ${sanitizeText(raw, DEFAULT_MAX_LABEL_CHARS)}`, "terminal", "terminal.exec");
 }
 
@@ -819,8 +798,6 @@ function mapToolLabel(toolName, activityPath, args, options) {
 const SHORT_LABEL_MAX_CHARS = 64;
 const SHORT_LABEL_TARGET_CHARS = 42;
 
-// Per-intent verb palettes (spec section 6.3, user-approved 2026-06-06). Applied
-// ONLY to deterministic fallback labels — never to agent-authored summaries.
 const VERB_PALETTES = {
   "search.web": ["researching", "looking up", "searching for"],
   "fs.read": ["reading", "checking", "opening"],
@@ -852,9 +829,6 @@ function fnv1aHash(text) {
   return hash >>> 0;
 }
 
-// Deterministic header-safe short label, or null when the intent has no
-// palette (fixed-phrase arms ARE their own short form; emit-when-differs
-// in the adapter keeps them off the wire).
 function buildShortLabel(input) {
   const obj = isObject(input) ? input : null;
   const intent = obj ? asString(obj.intent) : null;
@@ -869,17 +843,13 @@ function buildShortLabel(input) {
   if (!verbs) return null;
   let subject = obj && obj.subject ? String(obj.subject).trim() : "";
   if (!subject || subjectKind === "fixed") return null;
-  // Redact BEFORE trimming/truncation: slicing a raw secret below the
-  // redaction patterns' length floors (e.g. sk- + 16 chars) would let a
-  // partial token escape the adapter's emission-time sanitizeText.
+
   subject = redactSecrets(subject).trim();
   if (!subject) return null;
   if (subjectKind === "query") subject = trimQueryForShortLabel(subject);
   const verb = verbs[fnv1aHash(stabilityKey) % verbs.length];
-  // Informativeness floor: keep the distinguishing token; over budget the
-  // SUBJECT truncates and the trailing "..." doubles as the ellipsis
-  // (no mixed "…..." glyph run).
-  const budgetForSubject = SHORT_LABEL_TARGET_CHARS - verb.length - 4; // " " + "..."
+
+  const budgetForSubject = SHORT_LABEL_TARGET_CHARS - verb.length - 4;
   if (subject.length > budgetForSubject) {
     subject = subject.slice(0, Math.max(budgetForSubject, 8)).trimEnd();
   }

package/dist/domain/code-span-regions.js

@@ -1,28 +1,11 @@
-// Markdown code-region scanner for the tagged-span grammar passes.
-// Leaf module by design: no imports (CJS emitter import-cycle hazard).
-//
-// Computes [start, end) regions of text covered by markdown code so that
-// tagged-span grammar (<emoji:…>, <dwell>, <skim>) quoted inside backticks
-// or fenced blocks is treated as literal text instead of live tags.
-//
-// Streaming-partial semantics: an unclosed fence runs to end-of-text
-// (CommonMark), while an unclosed inline backtick stays literal until its
-// closer arrives — the cumulative re-parse on the next flush re-interprets,
-// matching how the markdown pass already behaves on partial text.
-
-/**
- * @param {string} text
- * @returns {Array<[number, number]>} sorted, non-overlapping [start, end) regions
- */
 export function computeCodeSpanRegions(text) {
   if (typeof text !== "string" || !text) return [];
   const n = text.length;
   const regions = [];
 
-  // --- Pass 1: fenced code blocks (line-oriented, ``` or ~~~) ---
   const FENCE_OPEN_RE = /^ {0,3}(`{3,}|~{3,})(.*)$/;
   const FENCE_CLOSE_RE = /^ {0,3}(`{3,}|~{3,})[ \t]*$/;
-  let fence = null; // { char, len, start }
+  let fence = null;
   let lineStart = 0;
   while (lineStart < n) {
     const nl = text.indexOf("\n", lineStart);
@@ -30,7 +13,7 @@ export function computeCodeSpanRegions(text) {
     const line = text.slice(lineStart, lineEnd);
     if (!fence) {
       const open = FENCE_OPEN_RE.exec(line);
-      // Backtick fence info strings must not contain backticks (CommonMark).
+
       if (open && !(open[1][0] === "`" && open[2].includes("`"))) {
         fence = { char: open[1][0], len: open[1].length, start: lineStart };
       }
@@ -53,9 +36,6 @@ export function computeCodeSpanRegions(text) {
     return false;
   };
 
-  // --- Pass 2: inline backtick code spans outside fences ---
-  // CommonMark: a run of N backticks closes only on the next run of exactly
-  // N backticks, and a code span cannot cross a blank line.
   let i = 0;
   while (i < n) {
     if (text[i] !== "`" || inFence(i)) {
@@ -81,7 +61,7 @@ export function computeCodeSpanRegions(text) {
         continue;
       }
       if (ch === "\n") {
-        // Blank line ends the paragraph — no closer for this opener.
+
         let p = k + 1;
         while (p < n && (text[p] === " " || text[p] === "\t")) p += 1;
         if (p < n && text[p] === "\n") break scan;
@@ -90,7 +70,7 @@ export function computeCodeSpanRegions(text) {
     }
 
     if (close === -1) {
-      // Unmatched run: literal backticks, keep scanning after the run.
+
       i = runEnd;
       continue;
     }

package/dist/domain/constant-time-equal.js

@@ -0,0 +1,9 @@
+import { createHash, timingSafeEqual } from "node:crypto";
+
+export function constantTimeEqual(a, b) {
+  if (typeof a !== "string" || typeof b !== "string") return false;
+  if (a.length === 0 || b.length === 0) return false;
+  const da = createHash("sha256").update(a, "utf8").digest();
+  const db = createHash("sha256").update(b, "utf8").digest();
+  return timingSafeEqual(da, db);
+}

package/dist/domain/constant-time-equal.test.js

@@ -0,0 +1,28 @@
+import assert from "node:assert/strict";
+import test from "node:test";
+import { constantTimeEqual } from "./constant-time-equal.ts";
+
+test("constantTimeEqual: equal non-empty strings compare equal", () => {
+  assert.equal(constantTimeEqual("s3cr3t-token", "s3cr3t-token"), true);
+  assert.equal(constantTimeEqual("a", "a"), true);
+});
+
+test("constantTimeEqual: any difference compares unequal", () => {
+  assert.equal(constantTimeEqual("s3cr3t-token", "s3cr3t-toke"), false);
+  assert.equal(constantTimeEqual("s3cr3t-token", "s3cr3t-tokeN"), false);
+  assert.equal(constantTimeEqual("abc", "xbc"), false);
+});
+
+test("constantTimeEqual: length mismatch never throws (hashed to fixed width)", () => {
+  assert.doesNotThrow(() => constantTimeEqual("short", "a much much longer candidate value"));
+  assert.equal(constantTimeEqual("short", "a much much longer candidate value"), false);
+});
+
+test("constantTimeEqual: non-string or empty inputs are always false", () => {
+  assert.equal(constantTimeEqual("", ""), false);
+  assert.equal(constantTimeEqual("x", ""), false);
+  assert.equal(constantTimeEqual(null, "x"), false);
+  assert.equal(constantTimeEqual("x", undefined), false);
+  assert.equal(constantTimeEqual(undefined, undefined), false);
+  assert.equal(constantTimeEqual(123, 123), false);
+});