ralph-cli-sandboxed 0.6.6 → 0.7.1

package/dist/commands/fix-config.js

@@ -186,47 +186,6 @@ function extractSectionFromCorrupt(content, section) {
     }
     return undefined;
 }
-/**
- * Attempts to recover valid sections from a corrupt config.
- */
-function recoverSections(corruptContent, parsedPartial) {
-    const defaultConfig = getDefaultConfig();
-    const recoveredConfig = {};
-    const result = {
-        recovered: [],
-        reset: [],
-        errors: [],
-    };
-    for (const section of CONFIG_SECTIONS) {
-        let value = undefined;
-        let source = "default";
-        // First, try to get from parsed partial (if JSON was partially valid)
-        if (parsedPartial && section in parsedPartial) {
-            value = parsedPartial[section];
-            source = "parsed";
-        }
-        // If not found or invalid, try regex extraction for simple string fields
-        if ((value === undefined || !validateSection(section, value)) &&
-            typeof corruptContent === "string") {
-            const extracted = extractSectionFromCorrupt(corruptContent, section);
-            if (extracted !== undefined && validateSection(section, extracted)) {
-                value = extracted;
-                source = "extracted";
-            }
-        }
-        // Validate the value
-        if (validateSection(section, value)) {
-            recoveredConfig[section] = value;
-            result.recovered.push(section);
-        }
-        else {
-            // Use default value
-            recoveredConfig[section] = defaultConfig[section];
-            result.reset.push(section);
-        }
-    }
-    return result;
-}
 /**
  * Creates a backup of the config file.
  */

package/dist/commands/help.js

@@ -20,6 +20,7 @@ COMMANDS:
   docker <sub>      Manage Docker sandbox environment
   daemon <sub>      Host daemon for sandbox-to-host communication
   notify [msg]      Send notification to host from sandbox
+  ask <preset> msg  Run a responder preset from the CLI
   action [name]     Execute host actions from config.json
   chat <sub>        Chat client integration (Telegram, etc.)
   slack <sub>       Slack app setup and management
@@ -102,6 +103,12 @@ NOTIFY OPTIONS:
   --action, -a <name>    Execute specific daemon action (default: notify)
   --debug, -d            Show debug output
 
+ASK OPTIONS:
+  <preset>               Name of a built-in preset or config responder
+  <message...>           Message to send to the responder
+  --list, -l             List available presets and configured responders
+  --help, -h             Show ask help message
+
 ACTION OPTIONS:
   [name]                 Name of the action to execute
   [args...]              Arguments to pass to the action command
@@ -144,6 +151,9 @@ EXAMPLES:
   ralph chat start           # Start Telegram chat daemon
   ralph chat test 123456     # Test chat connection
   ralph slack setup          # Create new Slack app for this project
+  ralph ask --list             # List available responder presets
+  ralph ask qa "What does the config loader do?"  # Ask a question
+  ralph ask reviewer diff      # Review current git diff
   ralph action --list        # List available host actions
   ralph action build         # Execute 'build' action on host
   ralph branch list              # List all branches and their PRD status

package/dist/commands/run.js

@@ -1,5 +1,5 @@
-import { spawn, execSync } from "child_process";
-import { existsSync, readFileSync, writeFileSync, unlinkSync, appendFileSync, mkdirSync, copyFileSync } from "fs";
+import { spawn, execSync, execFileSync } from "child_process";
+import { existsSync, readFileSync, writeFileSync, unlinkSync, appendFileSync, mkdirSync, copyFileSync, } from "fs";
 import { extname, join } from "path";
 import { checkFilesExist, loadConfig, loadPrompt, getPaths, getCliConfig, requireContainer, saveBranchState, loadBranchState, clearBranchState, getProjectName, } from "../utils/config.js";
 import { resolvePromptVariables, getCliProviders, GEMINI_MD } from "../templates/prompts.js";
@@ -62,10 +62,14 @@ function ensureWorktree(branch, worktreesBase) {
         return worktreePath;
     }
     console.log(`\x1b[90m[ralph] Creating worktree for branch "${branch}" at ${worktreePath}\x1b[0m`);
+    // Validate branch name to prevent command injection
+    if (!/^[a-zA-Z0-9_\-./]+$/.test(branch)) {
+        throw new Error(`Invalid branch name "${branch}": contains disallowed characters`);
+    }
     // Check if the branch already exists
     let branchExists = false;
     try {
-        execSync(`git rev-parse --verify "${branch}"`, { stdio: "pipe" });
+        execFileSync("git", ["rev-parse", "--verify", branch], { stdio: "pipe" });
         branchExists = true;
     }
     catch {
@@ -73,11 +77,11 @@ function ensureWorktree(branch, worktreesBase) {
     }
     try {
         if (branchExists) {
-            execSync(`git worktree add "${worktreePath}" "${branch}"`, { stdio: "pipe" });
+            execFileSync("git", ["worktree", "add", worktreePath, branch], { stdio: "pipe" });
         }
         else {
             // Create new branch from current HEAD
-            execSync(`git worktree add -b "${branch}" "${worktreePath}"`, { stdio: "pipe" });
+            execFileSync("git", ["worktree", "add", "-b", branch, worktreePath], { stdio: "pipe" });
         }
     }
     catch (err) {
@@ -536,7 +540,11 @@ function validateAndRecoverPrd(prdPath, validPrd) {
     if (mergeResult.warnings.length > 0) {
         mergeResult.warnings.forEach((w) => console.log(`  ${w}`));
     }
-    return { recovered: true, itemsUpdated: mergeResult.itemsUpdated, newItemsPreserved: newItems.length };
+    return {
+        recovered: true,
+        itemsUpdated: mergeResult.itemsUpdated,
+        newItemsPreserved: newItems.length,
+    };
 }
 /**
  * Loads a valid copy of the PRD to keep in memory.
@@ -933,8 +941,6 @@ export async function run(args) {
             }
             let iterExitCode = 0;
             let iterOutput = "";
-            let iterSterr = "";
-            let iterSyncTotal = 0;
             // Get the base branch for branch state tracking
             let baseBranch = "main";
             const hasCommits = repoHasCommits();
@@ -1009,8 +1015,6 @@ export async function run(args) {
                     clearBranchState();
                     iterExitCode = result.exitCode;
                     iterOutput = result.output;
-                    iterSterr = result.stderr;
-                    iterSyncTotal += result.syncResult.count;
                 }
             }
             else if (targetBranch !== "" && !worktreesAvailable) {
@@ -1028,7 +1032,9 @@ export async function run(args) {
                 console.warn(`\x1b[33mSkipping ${branchItems.length} branch item(s).\x1b[0m\n`);
             }
             // Process no-branch items in /workspace (when target is no-branch, or branch was skipped)
-            if (targetBranch === "" || (!worktreesAvailable && targetBranch !== "") || (!hasCommits && targetBranch !== "")) {
+            if (targetBranch === "" ||
+                (!worktreesAvailable && targetBranch !== "") ||
+                (!hasCommits && targetBranch !== "")) {
                 const noBranchItems = branchGroups.get("") || [];
                 if (noBranchItems.length > 0) {
                     const hasBranches = [...branchGroups.keys()].some((key) => key !== "");
@@ -1047,8 +1053,6 @@ export async function run(args) {
                     filteredPrdPath = null;
                     iterExitCode = result.exitCode;
                     iterOutput = result.output;
-                    iterSterr = result.stderr;
-                    iterSyncTotal += result.syncResult.count;
                 }
             }
             // Validate and recover PRD if the LLM corrupted it

package/dist/config/languages.json

@@ -376,7 +376,8 @@
       "checkCommand": "deno check **/*.ts",
       "testCommand": "deno test",
       "docker": {
-        "install": "# Install Deno\nRUN curl -fsSL https://deno.land/install.sh | sh\nENV DENO_INSTALL=\"/root/.deno\"\nENV PATH=\"${DENO_INSTALL}/bin:${PATH}\""
+        "install": "# Install Deno (as node user so it installs to /home/node/.deno)\nRUN su - node -c 'curl -fsSL https://deno.land/install.sh | sh'\nENV DENO_INSTALL=\"/home/node/.deno\"\nENV PATH=\"${DENO_INSTALL}/bin:${PATH}\"",
+        "firewallDomains": ["deno.land", "jsr.io", "esm.sh"]
       },
       "technologies": [
         { "name": "Fresh", "description": "Next-gen web framework for Deno" },

package/dist/config/responder-presets.json

@@ -47,6 +47,16 @@
       "trigger": "@code",
       "timeout": 300000,
       "maxLength": 2000
+    },
+    "audit": {
+      "name": "Security Auditor",
+      "description": "Claude Code responder for running npm audit and fixing vulnerabilities",
+      "type": "claude-code",
+      "trigger": "@audit",
+      "systemPrompt": "You are a security auditor for the {{project}} project. Your task is to:\n\n1. Run `npm audit` to identify security vulnerabilities\n2. Analyze the severity and impact of each vulnerability\n3. Run `npm audit fix` to apply safe, non-breaking fixes\n4. For remaining issues that require `--force`, evaluate whether the breaking changes are acceptable and apply them if safe\n5. For vulnerabilities that cannot be auto-fixed, investigate alternatives:\n   - Check if a newer major version of the package resolves the issue\n   - Look for alternative packages without vulnerabilities\n   - Add overrides in package.json if the vulnerability is not exploitable in context\n6. Report a summary of what was fixed and what remains\n\nAlways run `npm audit` again after fixes to verify the final state. Prefer safe fixes over forced ones. Do not remove packages without confirming they are unused.\n\nIMPORTANT: After all fixes are applied, run `npm audit` one final time to verify the result. Include the full audit output in your response so the success pattern can be validated.",
+      "timeout": 300000,
+      "maxLength": 3000,
+      "successPattern": "found 0 vulnerabilities"
     }
   },
   "bundles": {

package/dist/config/skills.json

@@ -8,6 +8,14 @@
         "userInvocable": false
       }
     ],
+    "deno": [
+      {
+        "name": "deno-no-npm",
+        "description": "Prevents using npm/npx, yarn, or pnpm in Deno projects — use deno commands instead",
+        "instructions": "IMPORTANT: This project uses Deno as its runtime. Do NOT use npm, npx, yarn, or pnpm for package management or script execution.\n\nAVOID these commands:\n- `npm install`, `npm run`, `npm test`, `npm start`\n- `npx <package>`\n- `yarn add`, `yarn run`\n- `pnpm install`, `pnpm run`\n- Do NOT create or modify `package.json` for dependency management\n\nINSTEAD, use Deno's built-in tools:\n- Dependencies: Use `import` with URLs or `deno.json` imports map\n  - `import { serve } from \"https://deno.land/std/http/server.ts\";`\n  - Or add to `deno.json`: `{ \"imports\": { \"std/\": \"https://deno.land/std/\" } }`\n  - Use `jsr:` imports for JSR packages: `import { z } from \"jsr:@zod/zod\";`\n- Run scripts: `deno run`, `deno task`\n- Type checking: `deno check`\n- Testing: `deno test`\n- Formatting: `deno fmt`\n- Linting: `deno lint`\n- Install tools: `deno install`\n- Compile: `deno compile`\n\nDeno uses `deno.json` (or `deno.jsonc`) for project configuration, NOT `package.json`.\n\nIf you need an npm package that has no Deno equivalent, use the `npm:` specifier:\n  `import express from \"npm:express\";`\nThis uses Deno's built-in npm compatibility — no need to run `npm install`.",
+        "userInvocable": false
+      }
+    ],
     "swift": [
       {
         "name": "swift-main-naming",

package/dist/index.js

@@ -13,6 +13,7 @@ import { fixPrd } from "./commands/fix-prd.js";
 import { fixConfig } from "./commands/fix-config.js";
 import { daemon } from "./commands/daemon.js";
 import { notify } from "./commands/notify.js";
+import { ask } from "./commands/ask.js";
 import { chat } from "./commands/chat.js";
 import { listen } from "./commands/listen.js";
 import { config } from "./commands/config.js";
@@ -38,6 +39,7 @@ const commands = {
     docker,
     daemon,
     notify,
+    ask,
     chat,
     listen,
     config,

package/dist/mcp-server.d.ts

@@ -0,0 +1,2 @@
+#!/usr/bin/env node
+export {};

package/dist/mcp-server.js

@@ -0,0 +1,366 @@
+#!/usr/bin/env node
+import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
+import { existsSync, readFileSync, writeFileSync, mkdirSync, unlinkSync } from "fs";
+import { dirname, extname, join } from "path";
+import { fileURLToPath } from "url";
+import { z } from "zod";
+import YAML from "yaml";
+import { getRalphDir, getPrdFiles } from "./utils/config.js";
+import { DEFAULT_PRD_YAML } from "./templates/prompts.js";
+import { VALID_CATEGORIES } from "./utils/prd-validator.js";
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = dirname(__filename);
+const CATEGORIES = VALID_CATEGORIES;
+// Structured error codes for MCP tool error responses
+const ErrorCode = {
+    PRD_NOT_FOUND: "PRD_NOT_FOUND",
+    PRD_PARSE_ERROR: "PRD_PARSE_ERROR",
+    PRD_WRITE_ERROR: "PRD_WRITE_ERROR",
+    INVALID_INDEX: "INVALID_INDEX",
+    INTERNAL_ERROR: "INTERNAL_ERROR",
+};
+function classifyError(err) {
+    const message = err instanceof Error ? err.message : String(err);
+    if (message.includes("No PRD file found") || message.includes("ENOENT")) {
+        return { code: ErrorCode.PRD_NOT_FOUND, message };
+    }
+    if (message.includes("does not contain an array") ||
+        message.includes("JSON") ||
+        message.includes("YAML")) {
+        return { code: ErrorCode.PRD_PARSE_ERROR, message };
+    }
+    if (message.includes("EACCES") || message.includes("EPERM")) {
+        return { code: ErrorCode.PRD_WRITE_ERROR, message };
+    }
+    return { code: ErrorCode.INTERNAL_ERROR, message };
+}
+function errorResponse(code, message) {
+    return {
+        content: [
+            {
+                type: "text",
+                text: JSON.stringify({ code, message }),
+            },
+        ],
+        isError: true,
+    };
+}
+const PRD_FILE_JSON = "prd.json";
+/**
+ * Saves PRD entries to disk, auto-detecting format from file extension.
+ */
+function savePrd(entries) {
+    const prdFiles = getPrdFiles();
+    const path = prdFiles.primary ?? join(getRalphDir(), PRD_FILE_JSON);
+    const ext = extname(path).toLowerCase();
+    try {
+        if (ext === ".yaml" || ext === ".yml") {
+            writeFileSync(path, YAML.stringify(entries));
+        }
+        else {
+            writeFileSync(path, JSON.stringify(entries, null, 2) + "\n");
+        }
+        // One-time migration: if a secondary PRD file exists, remove it now that
+        // the merged entries have been written to the primary file.
+        if (prdFiles.secondary && existsSync(prdFiles.secondary)) {
+            unlinkSync(prdFiles.secondary);
+        }
+    }
+    catch (err) {
+        const msg = err instanceof Error ? err.message : String(err);
+        throw new Error(`Failed to save PRD file at ${path}: ${msg}`);
+    }
+}
+function getVersion() {
+    try {
+        const packagePath = join(__dirname, "..", "package.json");
+        const packageJson = JSON.parse(readFileSync(packagePath, "utf-8"));
+        return packageJson.version ?? "unknown";
+    }
+    catch {
+        return "unknown";
+    }
+}
+/**
+ * Parses a PRD file based on its extension (MCP-safe version that throws instead of process.exit).
+ */
+function parsePrdFile(path) {
+    const content = readFileSync(path, "utf-8");
+    const ext = extname(path).toLowerCase();
+    let result;
+    if (ext === ".yaml" || ext === ".yml") {
+        result = YAML.parse(content);
+    }
+    else {
+        result = JSON.parse(content);
+    }
+    if (result == null)
+        return [];
+    if (!Array.isArray(result)) {
+        throw new Error(`${path} does not contain an array`);
+    }
+    return result.map((entry, index) => {
+        if (typeof entry !== "object" || entry === null) {
+            throw new Error(`${path}[${index}]: entry must be an object`);
+        }
+        const obj = entry;
+        if (typeof obj.category !== "string" || !CATEGORIES.includes(obj.category)) {
+            throw new Error(`${path}[${index}]: missing or invalid "category" (expected one of: ${CATEGORIES.join(", ")})`);
+        }
+        if (typeof obj.description !== "string" || obj.description.trim().length === 0) {
+            throw new Error(`${path}[${index}]: missing or invalid "description" (expected string)`);
+        }
+        if (!Array.isArray(obj.steps) || !obj.steps.every((s) => typeof s === "string")) {
+            throw new Error(`${path}[${index}]: missing or invalid "steps" (expected string array)`);
+        }
+        if (typeof obj.passes !== "boolean") {
+            throw new Error(`${path}[${index}]: missing or invalid "passes" (expected boolean)`);
+        }
+        if (obj.branch !== undefined && typeof obj.branch !== "string") {
+            throw new Error(`${path}[${index}]: invalid "branch" (expected string)`);
+        }
+        return {
+            category: obj.category,
+            description: obj.description,
+            steps: obj.steps,
+            passes: obj.passes,
+            ...(obj.branch !== undefined && { branch: obj.branch }),
+        };
+    });
+}
+/**
+ * Loads PRD entries (MCP-safe version that throws instead of process.exit).
+ */
+function loadPrd() {
+    const prdFiles = getPrdFiles();
+    if (prdFiles.none) {
+        const ralphDir = getRalphDir();
+        const prdPath = join(ralphDir, "prd.yaml");
+        try {
+            if (!existsSync(ralphDir)) {
+                mkdirSync(ralphDir, { recursive: true });
+            }
+            writeFileSync(prdPath, DEFAULT_PRD_YAML);
+        }
+        catch (err) {
+            const msg = err instanceof Error ? err.message : String(err);
+            throw new Error(`Failed to save PRD file at ${prdPath}: ${msg}`);
+        }
+        return parsePrdFile(prdPath);
+    }
+    if (!prdFiles.primary) {
+        throw new Error("No PRD file found. Run `ralph init` to create one.");
+    }
+    const primary = parsePrdFile(prdFiles.primary);
+    if (prdFiles.both && prdFiles.secondary) {
+        const secondary = parsePrdFile(prdFiles.secondary);
+        return [...primary, ...secondary];
+    }
+    return primary;
+}
+const server = new McpServer({
+    name: "ralph-mcp",
+    version: getVersion(),
+});
+// ralph_prd_list tool
+server.tool("ralph_prd_list", "List PRD entries with optional category and status filters", {
+    category: z.enum(CATEGORIES).optional().describe("Filter by category"),
+    status: z
+        .enum(["all", "passing", "failing"])
+        .optional()
+        .describe("Filter by status: all (default), passing, or failing"),
+}, async ({ category, status }) => {
+    try {
+        const prd = loadPrd();
+        let filtered = prd.map((entry, i) => ({ ...entry, index: i + 1 }));
+        if (category) {
+            filtered = filtered.filter((entry) => entry.category === category);
+        }
+        if (status === "passing") {
+            filtered = filtered.filter((entry) => entry.passes);
+        }
+        else if (status === "failing") {
+            filtered = filtered.filter((entry) => !entry.passes);
+        }
+        return {
+            content: [
+                {
+                    type: "text",
+                    text: JSON.stringify(filtered, null, 2),
+                },
+            ],
+        };
+    }
+    catch (err) {
+        const { code, message } = classifyError(err);
+        return errorResponse(code, message);
+    }
+});
+// ralph_prd_add tool
+server.tool("ralph_prd_add", "Add a new PRD entry with category, description, and verification steps", {
+    category: z.enum(CATEGORIES).describe("Category for the new entry"),
+    description: z.string().min(1).describe("Description of the requirement"),
+    steps: z
+        .array(z.string().min(1))
+        .min(1)
+        .describe("Verification steps to check if requirement is met"),
+    branch: z.string().optional().describe("Git branch associated with this entry"),
+}, async ({ category, description, steps, branch }) => {
+    try {
+        const entry = {
+            category,
+            description,
+            steps,
+            passes: false,
+        };
+        if (branch) {
+            entry.branch = branch;
+        }
+        const prd = loadPrd();
+        prd.push(entry);
+        savePrd(prd);
+        return {
+            content: [
+                {
+                    type: "text",
+                    text: JSON.stringify({
+                        message: `Added entry #${prd.length}: "${description}"`,
+                        entry: { ...entry, index: prd.length },
+                    }, null, 2),
+                },
+            ],
+        };
+    }
+    catch (err) {
+        const { code, message } = classifyError(err);
+        return errorResponse(code, message);
+    }
+});
+// ralph_prd_status tool
+server.tool("ralph_prd_status", "Get PRD completion status with counts, percentage, per-category breakdown, and remaining items", {}, async () => {
+    try {
+        const prd = loadPrd();
+        if (prd.length === 0) {
+            return {
+                content: [
+                    {
+                        type: "text",
+                        text: JSON.stringify({ passing: 0, total: 0, percentage: 0, categories: {}, remaining: [] }, null, 2),
+                    },
+                ],
+            };
+        }
+        const passing = prd.filter((e) => e.passes).length;
+        const total = prd.length;
+        const percentage = Math.round((passing / total) * 100);
+        const categories = {};
+        prd.forEach((entry) => {
+            if (!categories[entry.category]) {
+                categories[entry.category] = { passing: 0, total: 0 };
+            }
+            categories[entry.category].total++;
+            if (entry.passes)
+                categories[entry.category].passing++;
+        });
+        const remaining = prd.reduce((acc, entry, i) => {
+            if (!entry.passes) {
+                acc.push({ index: i + 1, category: entry.category, description: entry.description });
+            }
+            return acc;
+        }, []);
+        return {
+            content: [
+                {
+                    type: "text",
+                    text: JSON.stringify({ passing, total, percentage, categories, remaining }, null, 2),
+                },
+            ],
+        };
+    }
+    catch (err) {
+        const { code, message } = classifyError(err);
+        return errorResponse(code, message);
+    }
+});
+// ralph_prd_toggle tool
+server.tool("ralph_prd_toggle", "Toggle completion status (passes) for PRD entries by 1-based index", {
+    indices: z
+        .array(z.number().int().min(1))
+        .min(1)
+        .describe("1-based indices of PRD entries to toggle"),
+}, async ({ indices }) => {
+    try {
+        const prd = loadPrd();
+        // Validate all indices are in range
+        for (const index of indices) {
+            if (index > prd.length) {
+                return errorResponse(ErrorCode.INVALID_INDEX, `Invalid entry number: ${index}. Must be 1-${prd.length}`);
+            }
+        }
+        // Deduplicate and sort
+        const uniqueIndices = [...new Set(indices)].sort((a, b) => a - b);
+        const toggled = uniqueIndices.map((index) => {
+            const entry = prd[index - 1];
+            entry.passes = !entry.passes;
+            return {
+                index,
+                description: entry.description,
+                passes: entry.passes,
+            };
+        });
+        savePrd(prd);
+        return {
+            content: [
+                {
+                    type: "text",
+                    text: JSON.stringify({ message: `Toggled ${toggled.length} entry/entries`, toggled }, null, 2),
+                },
+            ],
+        };
+    }
+    catch (err) {
+        const { code, message } = classifyError(err);
+        return errorResponse(code, message);
+    }
+});
+function isConnectionError(error) {
+    const message = error instanceof Error ? error.message : String(error);
+    return (message.includes("EPIPE") ||
+        message.includes("ECONNRESET") ||
+        message.includes("ECONNREFUSED") ||
+        message.includes("ERR_USE_AFTER_CLOSE") ||
+        message.includes("write after end") ||
+        message.includes("This socket has been ended") ||
+        message.includes("transport") ||
+        message.includes("broken pipe"));
+}
+async function main() {
+    try {
+        const transport = new StdioServerTransport();
+        await server.connect(transport);
+    }
+    catch (error) {
+        if (isConnectionError(error)) {
+            console.error("MCP connection error: transport closed or unavailable.");
+            process.exit(0);
+        }
+        console.error("Server error:", error);
+        process.exit(1);
+    }
+}
+process.on("uncaughtException", (error) => {
+    if (isConnectionError(error)) {
+        process.exit(0);
+    }
+    console.error("Uncaught exception:", error);
+    process.exit(1);
+});
+process.on("unhandledRejection", (reason, promise) => {
+    if (isConnectionError(reason)) {
+        process.exit(0);
+    }
+    console.error("Unhandled rejection at:", promise, "reason:", reason);
+    process.exit(1);
+});
+main();

package/dist/providers/telegram.js

@@ -175,7 +175,7 @@ export class TelegramChatClient {
                             reject(new Error(`Telegram API error: ${response.description || "Unknown error"} (code: ${response.error_code})`));
                         }
                     }
-                    catch (err) {
+                    catch {
                         reject(new Error(`Failed to parse Telegram response: ${data}`));
                     }
                 });

package/dist/responders/claude-code-responder.js

@@ -40,8 +40,15 @@ export async function executeClaudeCodeResponder(prompt, responderConfig, option
         let killed = false;
         let lastProgressSent = 0;
         let progressTimer = null;
+        // Build effective prompt: prepend systemPrompt if configured
+        let effectivePrompt = prompt;
+        if (responderConfig.systemPrompt) {
+            effectivePrompt = prompt
+                ? `${responderConfig.systemPrompt}\n\nUser request: ${prompt}`
+                : responderConfig.systemPrompt;
+        }
         // Build the command arguments
-        const args = ["-p", prompt, "--dangerously-skip-permissions", "--print"];
+        const args = ["-p", effectivePrompt, "--dangerously-skip-permissions", "--print"];
         // Spawn claude process
         let proc;
         try {
@@ -115,6 +122,21 @@ export async function executeClaudeCodeResponder(prompt, responderConfig, option
             if (code === 0 || code === null) {
                 // Success - format and truncate output
                 const output = formatClaudeCodeOutput(stdout);
+                // Check successPattern if configured - output must match for run to succeed
+                if (responderConfig.successPattern) {
+                    const pattern = new RegExp(responderConfig.successPattern, "i");
+                    if (!pattern.test(output)) {
+                        const { text, truncated, originalLength } = truncateResponse(output, maxLength);
+                        resolve({
+                            success: false,
+                            response: text,
+                            error: `Output did not match required success pattern: ${responderConfig.successPattern}`,
+                            truncated,
+                            originalLength: truncated ? originalLength : undefined,
+                        });
+                        return;
+                    }
+                }
                 const { text, truncated, originalLength } = truncateResponse(output, maxLength);
                 resolve({
                     success: true,
@@ -155,6 +177,7 @@ export async function executeClaudeCodeResponder(prompt, responderConfig, option
  */
 function formatClaudeCodeOutput(output) {
     // Remove ANSI escape codes
+    // oxlint-disable-next-line no-control-regex
     let cleaned = output.replace(/\x1B\[[0-9;]*[a-zA-Z]/g, "");
     // Remove carriage returns (used for progress overwriting)
     cleaned = cleaned.replace(/\r/g, "");

package/dist/responders/cli-responder.js

@@ -244,6 +244,7 @@ function formatCLIOutput(stdout, stderr) {
         output = output.trim() + "\n\n[stderr]\n" + stderr.trim();
     }
     // Remove ANSI escape codes
+    // oxlint-disable-next-line no-control-regex
     let cleaned = output.replace(/\x1B\[[0-9;]*[a-zA-Z]/g, "");
     // Remove carriage returns (used for progress overwriting)
     cleaned = cleaned.replace(/\r/g, "");

package/dist/responders/llm-responder.js

@@ -2,7 +2,7 @@
  * LLM Responder - Sends messages to LLM providers and returns responses.
  * Used by chat clients to respond to messages matched by the responder matcher.
  */
-import { getLLMProviders, loadConfig, } from "../utils/config.js";
+import { getLLMProviders, loadConfig } from "../utils/config.js";
 import { createLLMClient } from "../utils/llm-client.js";
 import { createResponderLog } from "../utils/responder-logger.js";
 import { basename, resolve } from "path";