pi-crew 0.5.25 → 0.6.1

package/src/extension/team-tool/api.ts

@@ -25,9 +25,14 @@ import type { PiTeamsToolResult } from "../tool-result.ts";
 import { locateRunCwd } from "../team-tool.ts";
 import { configRecord, result, type TeamContext } from "./context.ts";
 
-function globMatch(value: string, pattern: string): boolean {
-	const escaped = pattern.replace(/[.+^${}()|[\]\\]/g, "\\$&").replace(/\?/g, "\\?").replace(/\*/g, ".*");
-	return new RegExp(`^${escaped}$`).test(value);
+export function globMatch(value: string, pattern: string): boolean {
+	// Prevent ReDoS: reject excessively long patterns
+	if (pattern.length > 200) return false;
+	const regex = pattern
+		.replace(/[.+^${}()|[\]\\]/g, "\\$&")  // escape regex special chars
+		.replace(/\*/g, "[^/]*")  // * matches non-slash characters only
+		.replace(/\?/g, "[^/]");  // ? matches single non-slash
+	return new RegExp(`^${regex}$`).test(value);
 }
 
 function safeReadContainedFile(baseDir: string, filePath: string | undefined): string | undefined {
@@ -364,7 +369,7 @@ export async function handleApi(params: TeamToolParamsValue, ctx: TeamContext):
 				const updatedTask = claimTask(task, owner);
 				const tasks = loaded.tasks.map((item) => item.id === task.id ? updatedTask : item);
 				saveRunTasks(loaded.manifest, tasks);
-				appendEvent(loaded.manifest.eventsPath, { type: "task.claimed", runId: loaded.manifest.runId, taskId: task.id, data: { owner, token: updatedTask.claim?.token, leasedUntil: updatedTask.claim?.leasedUntil } });
+				appendEvent(loaded.manifest.eventsPath, { type: "task.claimed", runId: loaded.manifest.runId, taskId: task.id, data: { owner, token: "[REDACTED]", leasedUntil: updatedTask.claim?.leasedUntil } });
 				return result(JSON.stringify(updatedTask.claim, null, 2), { action: "api", status: "ok", runId: loaded.manifest.runId, artifactsRoot: loaded.manifest.artifactsRoot });
 			});
 		} catch (error) {

package/src/extension/team-tool/config-patch.ts

@@ -1,5 +1,19 @@
 import { effectiveAutonomousConfig, parseConfig, type PiTeamsAutonomousConfig, type PiTeamsConfig } from "../../config/config.ts";
 
+const DANGEROUS_KEYS = new Set(["__proto__", "constructor", "prototype"]);
+
+/** Recursively strip dangerous prototype-pollution keys from all levels of an object. */
+export function sanitizeObject<T>(obj: T): T {
+	if (obj === null || obj === undefined || typeof obj !== "object") return obj;
+	if (Array.isArray(obj)) return obj.map((item) => sanitizeObject(item)) as T;
+	const safe: Record<string, unknown> = {};
+	for (const key of Object.keys(obj as Record<string, unknown>)) {
+		if (DANGEROUS_KEYS.has(key)) continue;
+		safe[key] = sanitizeObject((obj as Record<string, unknown>)[key]);
+	}
+	return safe as T;
+}
+
 export function autonomousPatchFromConfig(config: unknown): PiTeamsAutonomousConfig {
 	const rootPatch = parseConfig(config).autonomous;
 	if (rootPatch) return rootPatch;
@@ -11,7 +25,7 @@ export function configPatchFromConfig(config: unknown): PiTeamsConfig {
 }
 
 export function effectiveRunConfig(base: PiTeamsConfig, rawOverride: unknown): PiTeamsConfig {
-	const patch = parseConfig(rawOverride);
+	const patch = sanitizeObject(parseConfig(rawOverride));
 	return {
 		...base,
 		...patch,

package/src/extension/team-tool.ts

@@ -1258,7 +1258,8 @@ export function registerCrewGlobalRegistry(registry: CrewRegistry): void {
 		registry;
 }
 
-export function getCrewGlobalRegistry(): CrewRegistry | undefined {
+/** @internal */
+function getCrewGlobalRegistry(): CrewRegistry | undefined {
 	return (globalThis as Record<symbol | string, unknown>)[
 		CREW_REGISTRY_KEY
 	] as CrewRegistry | undefined;

package/src/hooks/registry.ts

@@ -35,6 +35,14 @@ export async function executeHook(name: HookName, ctx: HookContext): Promise<Hoo
 	// environments, all hooks should set workspaceId to prevent cross-workspace access.
 	const scopedHooks = hooks.filter((h) => !h.workspaceId || h.workspaceId === ctx.workspaceId);
 	if (scopedHooks.length === 0) return { hookName: name, outcome: "allow", durationMs: 0 };
+	const POLLUTED_KEYS = new Set(["__proto__", "constructor", "prototype"]);
+	function sanitizeMergeData(data: Record<string, unknown>): Record<string, unknown> {
+		const clean: Record<string, unknown> = {};
+		for (const [k, v] of Object.entries(data)) {
+			if (!POLLUTED_KEYS.has(k)) clean[k] = v;
+		}
+		return clean;
+	}
 	const start = Date.now();
 	const diagnostics: string[] = [];
 	let capturedModifications: Record<string, unknown> | undefined;
@@ -45,7 +53,7 @@ export async function executeHook(name: HookName, ctx: HookContext): Promise<Hoo
 					return { hookName: name, outcome: "block", durationMs: Date.now() - start, reason: result.reason };
 				}
 			if (result.outcome === "modify" && result.data) {
-				Object.assign(ctx, result.data);
+				Object.assign(ctx, sanitizeMergeData(result.data));
 				capturedModifications = { ...result.data };
 			}
 		} catch (error) {

package/src/hooks/types.ts

@@ -1,6 +1,8 @@
 export type HookName =
 	| "before_run_start"
+	| "after_run_complete"
 	| "before_task_start"
+	| "after_task_complete"
 	| "task_result"
 	| "before_cancel"
 	| "before_retry"
@@ -8,8 +10,20 @@ export type HookName =
 	| "before_cleanup"
 	| "before_publish"
 	| "session_before_switch"
+	| "session_after_connect"
+	| "session_after_disconnect"
 	| "run_recovery";
 
+/**
+ * Hook exit codes inspired by claude-mem's lifecycle architecture:
+ * - 0 = allow (success)
+ * - 1 = warn (non-blocking error, continue)
+ * - 2 = block (blocking error, stop)
+ */
+/** @internal */ const HOOK_EXIT_SUCCESS = 0 as const;
+/** @internal */ const HOOK_EXIT_WARN = 1 as const;
+/** @internal */ const HOOK_EXIT_BLOCK = 2 as const;
+
 export type HookMode = "blocking" | "non_blocking";
 export type HookOutcome = "allow" | "block" | "modify" | "diagnostic";
 

package/src/i18n.ts

@@ -129,13 +129,26 @@ export function t(key: Key, params?: Params): string {
  * @example
  * addTranslations("vi", { "agent.requiresPrompt": "Agent cần prompt." })
  */
+const DANGEROUS_KEYS = new Set(["__proto__", "constructor", "prototype"]);
+
+function stripDangerousKeys<T extends Record<string, unknown>>(obj: T): T {
+	const safe: Record<string, unknown> = {};
+	for (const key of Object.keys(obj)) {
+		if (!DANGEROUS_KEYS.has(key)) {
+			safe[key] = obj[key];
+		}
+	}
+	return safe as T;
+}
+
 export function addTranslations(locale: string, bundle: Partial<Record<Key, string>>): void {
 	if (!locale) return;
+	const safeBundle = stripDangerousKeys(bundle as Record<string, unknown>) as Partial<Record<Key, string>>;
 	const existing = translations[locale];
 	if (existing) {
-		Object.assign(existing, bundle);
+		Object.assign(existing, safeBundle);
 	} else {
-		translations[locale] = { ...bundle };
+		translations[locale] = { ...safeBundle };
 	}
 }
 

package/src/observability/exporters/otlp-exporter.ts

@@ -8,6 +8,78 @@ import type { MetricExporter } from "./adapter.ts";
 
 const gzipAsync = promisify(gzip);
 
+/**
+ * SSRF protection: validate that an OTLP endpoint URL does not target
+ * private/reserved networks or dangerous protocols.
+ * Rejects: localhost, loopback, private IPs, link-local, cloud metadata,
+ * IPv6 private, file:// and javascript:// protocols.
+ * Only http:// and https:// to public hostnames are allowed.
+ */
+export function validateEndpoint(endpoint: string): void {
+	let url: URL;
+	try {
+		url = new URL(endpoint);
+	} catch {
+		throw new Error(`Invalid OTLP endpoint URL: ${endpoint}`);
+	}
+
+	// Only allow http and https protocols
+	if (url.protocol !== "http:" && url.protocol !== "https:") {
+		throw new Error(
+			`OTLP endpoint must use http:// or https:// protocol, got: ${url.protocol}`,
+		);
+	}
+
+	const hostname = url.hostname.toLowerCase();
+
+	// Reject known localhost names
+	if (hostname === "localhost" || hostname.endsWith(".localhost")) {
+		throw new Error(`OTLP endpoint must not target localhost: ${endpoint}`);
+	}
+
+	// Reject IPv6 loopback and private
+	if (hostname.startsWith("[")) {
+		const bare = hostname.replace(/^\[|\]$/g, "");
+		if (bare === "::1") {
+			throw new Error(`OTLP endpoint must not target loopback address: ${endpoint}`);
+		}
+		if (bare.toLowerCase().startsWith("fd") || bare.toLowerCase().startsWith("fc")) {
+			throw new Error(`OTLP endpoint must not target private IPv6 address: ${endpoint}`);
+		}
+	}
+
+	// Reject IPv4 private/reserved ranges
+	// Match plain IPv4 addresses (not hostnames that look like IPs)
+	const ipv4Match = hostname.match(/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/);
+	if (ipv4Match) {
+		const octets = [Number(ipv4Match[1]), Number(ipv4Match[2]), Number(ipv4Match[3]), Number(ipv4Match[4])];
+		// 127.x.x.x - loopback
+		if (octets[0] === 127) {
+			throw new Error(`OTLP endpoint must not target loopback address: ${endpoint}`);
+		}
+		// 10.x.x.x - private class A
+		if (octets[0] === 10) {
+			throw new Error(`OTLP endpoint must not target private network (10.0.0.0/8): ${endpoint}`);
+		}
+		// 172.16.x.x - 172.31.x.x - private class B
+		if (octets[0] === 172 && octets[1] >= 16 && octets[1] <= 31) {
+			throw new Error(`OTLP endpoint must not target private network (172.16.0.0/12): ${endpoint}`);
+		}
+		// 192.168.x.x - private class C
+		if (octets[0] === 192 && octets[1] === 168) {
+			throw new Error(`OTLP endpoint must not target private network (192.168.0.0/16): ${endpoint}`);
+		}
+		// 169.254.x.x - link-local / cloud metadata
+		if (octets[0] === 169 && octets[1] === 254) {
+			throw new Error(`OTLP endpoint must not target link-local/metadata endpoint (169.254.0.0/16): ${endpoint}`);
+		}
+		// 0.x.x.x - this network
+		if (octets[0] === 0) {
+			throw new Error(`OTLP endpoint must not target this-network address (0.0.0.0/8): ${endpoint}`);
+		}
+	}
+}
+
 // FIX (Round 15): Cap the number of snapshots per push to prevent OOM when
 // the metric registry has grown large. The OTLP HTTP spec allows many metrics
 // in one payload, but a single push > 10_000 metrics would balloon the
@@ -71,6 +143,7 @@ export class OTLPExporter implements MetricExporter {
 	private readonly registry: MetricRegistry;
 
 	constructor(opts: OTLPExporterOptions, registry: MetricRegistry) {
+		validateEndpoint(opts.endpoint);
 		this.opts = opts;
 		this.registry = registry;
 	}

package/src/runtime/adaptive-plan.ts

@@ -22,6 +22,7 @@ import type { TeamConfig } from "../teams/team-config.ts";
 import type { WorkflowConfig, WorkflowStep } from "../workflows/workflow-config.ts";
 import type { TeamRunManifest, TeamTaskState } from "../state/types.ts";
 import { refreshTaskGraphQueues } from "./task-graph-scheduler.ts";
+import { getPlanTemplate, renderPlanTemplate, listPlanTemplates } from "./plan-templates.ts";
 
 export interface AdaptivePlanTask {
 	role: string;
@@ -70,6 +71,29 @@ export function extractAdaptivePlanJson(text: string): string | undefined {
 }
 
 export function parseAdaptivePlan(text: string, allowedRoles: string[]): AdaptivePlan | undefined {
+	// Check if the text is a plan template reference: "template:<name>" with optional JSON variables
+	const templateRefMatch = text.match(/^template:([a-zA-Z0-9_-]+)/);
+	if (templateRefMatch?.[1]) {
+		const template = getPlanTemplate(templateRefMatch[1]);
+		if (template) {
+			// Try to extract variables from the remaining text
+			let variables: Record<string, string> = {};
+			try {
+				const varsJson = text.slice(templateRefMatch[0].length).trim();
+				if (varsJson) variables = JSON.parse(varsJson);
+			} catch { /* use empty variables */ }
+			const rendered = renderPlanTemplate(templateRefMatch[1], variables);
+			if (rendered) {
+				// Convert RenderedPlan → AdaptivePlan
+				const phases: AdaptivePlanPhase[] = rendered.phases.map(phase => ({
+					name: phase.name,
+					tasks: [{ role: phase.role, task: phase.task }],
+				}));
+				return phases.length ? { phases } : undefined;
+			}
+		}
+	}
+
 	const raw = extractAdaptivePlanJson(text);
 	if (!raw) return undefined;
 	let parsed: unknown;

package/src/runtime/agent-control.ts

@@ -69,7 +69,8 @@ export function applyAttentionState(manifest: TeamRunManifest, agent: CrewAgentR
 	return updated;
 }
 
-export function applyLongRunningCheck(
+/** @internal */
+function applyLongRunningCheck(
 	manifest: TeamRunManifest,
 	agent: CrewAgentRecord,
 	config: CrewControlConfig,
@@ -105,7 +106,8 @@ export function applyLongRunningCheck(
 	return updated;
 }
 
-export function trackConsecutiveToolFailure(
+/** @internal */
+function trackConsecutiveToolFailure(
 	manifest: TeamRunManifest,
 	agent: CrewAgentRecord,
 	toolName: string,
@@ -140,7 +142,8 @@ export function trackConsecutiveToolFailure(
 	return updated;
 }
 
-export function resetConsecutiveToolFailures(
+/** @internal */
+function resetConsecutiveToolFailures(
 	manifest: TeamRunManifest,
 	agent: CrewAgentRecord,
 ): void {

package/src/runtime/async-runner.ts

@@ -5,6 +5,7 @@ import * as path from "node:path";
 import { fileURLToPath, pathToFileURL } from "node:url";
 import { logInternalError } from "../utils/internal-error.ts";
 import { appendEvent } from "../state/event-log.ts";
+import { sanitizeEnvSecrets } from "../utils/env-filter.ts";
 import type { TeamRunManifest } from "../state/types.ts";
 
 
@@ -131,8 +132,62 @@ export async function spawnBackgroundTeamRun(manifest: TeamRunManifest): Promise
 	const logPath = path.join(manifest.stateRoot, "background.log");
 	fs.mkdirSync(manifest.stateRoot, { recursive: true });
 
-	// NOTE: Do NOT set PI_CREW_PARENT_PID for the background runner.
-	const { PI_CREW_PARENT_PID: _, ...envWithoutParentPid } = process.env;
+	// SECURITY FIX: Use sanitizeEnvSecrets with same allow-list as child-pi.ts
+	// to prevent leaking all env vars (including secrets) to detached background runner.
+	// Previously, destructuring only removed PI_CREW_PARENT_PID but kept everything else.
+	const filteredEnv = sanitizeEnvSecrets(process.env, {
+		allowList: [
+			// Model provider API keys (same as child-pi.ts)
+			"MINIMAX_API_KEY",
+			"MINIMAX_GROUP_ID",
+			"OPENAI_API_KEY",
+			"OPENAI_ORG_ID",
+			"ANTHROPIC_API_KEY",
+			"GOOGLE_API_KEY",
+			"GOOGLE_GENERATIVE_LANGUAGE_API_KEY",
+			"AZURE_OPENAI_API_KEY",
+			"AZURE_OPENAI_ENDPOINT",
+			"AWS_ACCESS_KEY_ID",
+			"AWS_SECRET_ACCESS_KEY",
+			"AWS_REGION",
+			"ZEU_API_KEY",
+			"ZERODEV_API_KEY",
+			// Essential non-secret vars
+			"PATH",
+			"HOME",
+			"USER",
+			"SHELL",
+			"TERM",
+			"LANG",
+			"LC_ALL",
+			"LC_COLLATE",
+			"LC_CTYPE",
+			"LC_MESSAGES",
+			"LC_MONETARY",
+			"LC_NUMERIC",
+			"LC_TIME",
+			"XDG_CONFIG_HOME",
+			"XDG_DATA_HOME",
+			"XDG_CACHE_HOME",
+			"XDG_RUNTIME_DIR",
+			"NVM_BIN",
+			"NVM_DIR",
+			"NVM_INC",
+			"NODE_PATH",
+			"NODE_DISABLE_COLORS",
+			"NODE_EXTRA_CA_CERTS",
+			"NPM_CONFIG_REGISTRY",
+			"NPM_CONFIG_USERCONFIG",
+			"NPM_CONFIG_GLOBALCONFIG",
+			"PI_*",
+			"PI_CREW_*",
+			"PI_TEAMS_*",
+		],
+	});
+	// Block execution control vars from leaking
+	delete filteredEnv.PI_CREW_PARENT_PID;
+	delete filteredEnv.PI_CREW_EXECUTE_WORKERS;
+	delete filteredEnv.PI_TEAMS_EXECUTE_WORKERS;
 
 	const loader = resolveTypeScriptLoader();
 	if (!loader) {
@@ -159,7 +214,7 @@ export async function spawnBackgroundTeamRun(manifest: TeamRunManifest): Promise
 		detached: true,
 		setsid: true,
 		stdio: ["ignore", "pipe", "pipe"],
-		env: envWithoutParentPid,
+		env: filteredEnv,
 		windowsHide: true,
 	} as unknown as Parameters<typeof spawn>[2];
 	const child = spawn(process.execPath, command.args, spawnOpts);

package/src/runtime/background-runner.ts

@@ -138,7 +138,7 @@ async function main(): Promise<void> {
 		try {
 			const logPath = path.join(_cwd, ".crew/state/runs", _runId, "background.log");
 			logFd = fs.openSync(logPath, "a");
-			const origWrite = (prefix: string) => (data: any, ...args: any[]) => {
+			const origWrite = (_prefix: string) => (data: unknown, ...args: unknown[]) => {
 				const msg = [data, ...args].map(String).join(" ") + "\n";
 				fs.writeSync(logFd!, msg);
 			};

package/src/runtime/chain-parser.ts

@@ -0,0 +1,192 @@
+/**
+ * Chain/Parallel DSL Parser — parses workflow chain expressions.
+ *
+ * Syntax:
+ *   step1 -> step2 -> parallel(step3, step4) -> step5
+ *   step1:3 -> step2 --with-context -> step3
+ *   parallel(a, b, parallel(c, d)) -> e
+ *
+ * Pattern origin: pi-prompt-template-model chain-parser.ts
+ */
+
+export interface ChainStep {
+	/** Step name (maps to agent or workflow step ID) */
+	name: string;
+	/** Nested parallel group */
+	parallel?: ChainStep[];
+	/** Loop count (default: 1) */
+	loopCount?: number;
+	/** Pass predecessor output as context */
+	withContext?: boolean;
+	/** Positional arguments */
+	args?: string[];
+}
+
+/**
+ * Parse a chain DSL string into an AST.
+ *
+ * @throws {Error} on syntax errors (unclosed parens, empty names, etc.)
+ */
+export function parseChainDSL(input: string): ChainStep[] {
+	const tokens = tokenize(input);
+	const parser = new ChainParser(tokens);
+	return parser.parse();
+}
+
+// ── Tokenizer ────────────────────────────────────────────────────────────
+
+type TokenType = "NAME" | "ARROW" | "LPAREN" | "RPAREN" | "COMMA" | "COLON" | "NUMBER" | "FLAG" | "QUOTED";
+
+interface Token {
+	type: TokenType;
+	value: string;
+}
+
+function tokenize(input: string): Token[] {
+	const tokens: Token[] = [];
+	let i = 0;
+
+	while (i < input.length) {
+		// Skip whitespace
+		if (/\s/.test(input[i]!)) { i++; continue; }
+
+		// Arrow ->
+		if (input[i] === "-" && input[i + 1] === ">") {
+			tokens.push({ type: "ARROW", value: "->" });
+			i += 2; continue;
+		}
+
+		// Punctuation
+		if (input[i] === "(") { tokens.push({ type: "LPAREN", value: "(" }); i++; continue; }
+		if (input[i] === ")") { tokens.push({ type: "RPAREN", value: ")" }); i++; continue; }
+		if (input[i] === ",") { tokens.push({ type: "COMMA", value: "," }); i++; continue; }
+		if (input[i] === ":") { tokens.push({ type: "COLON", value: ":" }); i++; continue; }
+
+		// Quoted argument
+		if (input[i] === '"' || input[i] === "'") {
+			const quote = input[i];
+			let str = "";
+			i++; // skip opening quote
+			while (i < input.length && input[i] !== quote) {
+				if (input[i] === "\\" && i + 1 < input.length) { i++; str += input[i]; }
+				else { str += input[i]!; }
+				i++;
+			}
+			if (i >= input.length) throw new Error("Unclosed quoted string in chain DSL");
+			i++; // skip closing quote
+			tokens.push({ type: "QUOTED", value: str });
+			continue;
+		}
+
+		// Flag --with-context
+		if (input[i] === "-" && input[i + 1] === "-") {
+			let flag = "";
+			i += 2;
+			while (i < input.length && /[a-zA-Z0-9_-]/.test(input[i]!)) { flag += input[i]; i++; }
+			tokens.push({ type: "FLAG", value: flag });
+			continue;
+		}
+
+		// Number
+		if (/[0-9]/.test(input[i]!)) {
+			let num = "";
+			while (i < input.length && /[0-9]/.test(input[i]!)) { num += input[i]; i++; }
+			tokens.push({ type: "NUMBER", value: num });
+			continue;
+		}
+
+		// Name
+		if (/[a-zA-Z_]/.test(input[i]!)) {
+			let name = "";
+			while (i < input.length && /[a-zA-Z0-9_.-]/.test(input[i]!)) { name += input[i]; i++; }
+			tokens.push({ type: "NAME", value: name });
+			continue;
+		}
+
+		throw new Error(`Unexpected character '${input[i]}' at position ${i} in chain DSL`);
+	}
+
+	return tokens;
+}
+
+// ── Recursive Descent Parser ─────────────────────────────────────────────
+
+class ChainParser {
+	private pos = 0;
+
+	constructor(private tokens: Token[]) {}
+
+	parse(): ChainStep[] {
+		const steps: ChainStep[] = [];
+		steps.push(this.parseStep());
+		while (this.peek("ARROW")) {
+			this.consume("ARROW");
+			steps.push(this.parseStep());
+		}
+		if (this.pos < this.tokens.length) {
+			throw new Error(`Unexpected token '${this.tokens[this.pos]?.value}' at position ${this.pos}`);
+		}
+		return steps;
+	}
+
+	private parseStep(): ChainStep {
+		// Check for parallel(...) construct
+		if (this.peek("NAME", "parallel")) {
+			this.consume("NAME"); // eat "parallel"
+			this.consume("LPAREN");
+			const parallel: ChainStep[] = [];
+			parallel.push(this.parseStep());
+			while (this.peek("COMMA")) {
+				this.consume("COMMA");
+				parallel.push(this.parseStep());
+			}
+			this.consume("RPAREN");
+			const step: ChainStep = { name: "parallel", parallel };
+			this.parseModifiers(step);
+			return step;
+		}
+
+		// Normal step name
+		const name = this.consume("NAME").value;
+		const step: ChainStep = { name };
+
+		// Parse modifiers
+		this.parseModifiers(step);
+		return step;
+	}
+
+	private parseModifiers(step: ChainStep): void {
+		while (this.pos < this.tokens.length) {
+			if (this.peek("COLON")) {
+				this.consume("COLON");
+				const num = this.consume("NUMBER");
+				step.loopCount = Number.parseInt(num.value, 10);
+			} else if (this.peek("FLAG", "with-context")) {
+				this.consume("FLAG");
+				step.withContext = true;
+			} else if (this.peek("QUOTED")) {
+				const arg = this.consume("QUOTED");
+				step.args = step.args ?? [];
+				step.args.push(arg.value);
+			} else {
+				break;
+			}
+		}
+	}
+
+	private peek(type: TokenType, value?: string): boolean {
+		const tok = this.tokens[this.pos];
+		if (!tok) return false;
+		if (tok.type !== type) return false;
+		if (value !== undefined && tok.value !== value) return false;
+		return true;
+	}
+
+	private consume(type: TokenType): Token {
+		const tok = this.tokens[this.pos];
+		if (!tok) throw new Error(`Expected ${type} but reached end of chain DSL`);
+		if (tok.type !== type) throw new Error(`Expected ${type} but got ${tok.type}('${tok.value}')`);
+		this.pos++;
+		return tok;
+	}
+}

package/src/runtime/chain-runner.ts

@@ -11,6 +11,8 @@
  */
 
 import type { HandoffSummary, HandoffManager, TaskPacket, TaskResult } from "./handoff-manager.ts";
+import { parseChainDSL } from "./chain-parser.ts";
+import type { ChainStep as DSLChainStep } from "./chain-parser.ts";
 
 /**
  * Single step in a chain.
@@ -123,10 +125,25 @@ export class ChainRunner {
 	 * parseChain('"Research AI trends" -> "Analyze findings"')
 	 * parseChain("@step1 --model claude-opus-3 -> @step2")
 	 * 
+	 * Also supports DSL syntax from chain-parser for advanced constructs:
+	 * parseChain("step1 -> parallel(step2, step3) -> step4")
+	 * parseChain("step1:3 -> step2 --with-context -> step3")
+	 * 
 	 * @param chainString - The chain string to parse
 	 * @returns Parsed chain specification
 	 */
 	parseChain(chainString: string): ChainSpec {
+		// Try DSL parser first for advanced syntax (parallel groups, loop counts, flags)
+		// Falls back to the simple split parser if DSL parsing fails
+		if (this.hasDSLConstructs(chainString)) {
+			try {
+				const dslSteps = parseChainDSL(chainString);
+				return this.dslToChainSpec(dslSteps, chainString);
+			} catch {
+				// DSL parse failed; fall through to simple parser
+			}
+		}
+
 		const stepStrings = chainString.split("->").map(s => s.trim());
 
 		const steps: ChainStep[] = stepStrings.map((step, index) => {
@@ -337,6 +354,47 @@ export class ChainRunner {
 		return parsed;
 	}
 
+	/**
+	 * Detect if chainString uses DSL constructs that require chain-parser.
+	 * DSL features: parallel(...), :loopCount, --with-context flag
+	 */
+	private hasDSLConstructs(chainString: string): boolean {
+		return /\bparallel\s*\(/.test(chainString) ||
+			/\w+:\d+\b/.test(chainString) ||
+			/--with-context/.test(chainString);
+	}
+
+	/**
+	 * Convert DSL AST steps (from chain-parser) to ChainSpec.
+	 */
+	private dslToChainSpec(dslSteps: DSLChainStep[], chainString: string): ChainSpec {
+		const steps: ChainStep[] = dslSteps.map((dslStep, index) => {
+			// For parallel groups, use a synthetic step name
+			if (dslStep.parallel) {
+				return {
+					name: dslStep.name,
+					context: {
+						parallel: dslStep.parallel.map(p => ({ name: p.name, loopCount: p.loopCount, withContext: p.withContext, args: p.args })),
+					},
+					loopCount: dslStep.loopCount,
+				};
+			}
+			const step: ChainStep = { name: dslStep.name };
+			if (dslStep.loopCount) step.context = { ...step.context, loopCount: dslStep.loopCount };
+			if (dslStep.withContext) step.context = { ...step.context, withContext: true };
+			if (dslStep.args && dslStep.args.length > 0) step.context = { ...step.context, args: dslStep.args };
+			return step;
+		});
+
+		// Extract global overrides using existing logic
+		const globalModel = this.extractGlobalFlag(chainString, "global-model");
+		const globalSkill = this.extractGlobalFlag(chainString, "global-skill");
+		const globalThinking = this.extractGlobalFlag(chainString, "global-thinking") as "fast" | "standard" | "deep" | undefined;
+		const continueOnError = this.extractGlobalFlag(chainString, "continue-on-error") === "true";
+
+		return { steps, globalModel, globalSkill, globalThinking, continueOnError };
+	}
+
 	/**
 	 * Sanitize identifier to prevent injection.
 	 */