reasonix 0.32.0 → 0.33.0

package/dist/cli/chunk-VWFJNLIK.js

@@ -1,1031 +0,0 @@
-#!/usr/bin/env node
-
-// src/code/prompt.ts
-import { existsSync as existsSync4, readFileSync as readFileSync4 } from "fs";
-import { join as join4 } from "path";
-
-// src/memory/user.ts
-import { createHash } from "crypto";
-import {
-  existsSync as existsSync3,
-  mkdirSync as mkdirSync2,
-  readFileSync as readFileSync3,
-  readdirSync as readdirSync2,
-  unlinkSync,
-  writeFileSync as writeFileSync2
-} from "fs";
-import { homedir as homedir2 } from "os";
-import { join as join3, resolve as resolve2 } from "path";
-
-// src/skills.ts
-import { existsSync, mkdirSync, readFileSync, readdirSync, statSync, writeFileSync } from "fs";
-import { homedir } from "os";
-import { dirname, join, resolve } from "path";
-
-// src/prompt-fragments.ts
-var TUI_FORMATTING_RULES = `Formatting (rendered in a TUI with a real markdown renderer):
-- Tabular data \u2192 GitHub-Flavored Markdown tables with ASCII pipes (\`| col | col |\` header + \`| --- | --- |\` separator). Never use Unicode box-drawing characters (\u2502 \u2500 \u253C \u250C \u2510 \u2514 \u2518 \u251C \u2524) \u2014 they look intentional but break terminal word-wrap and render as garbled columns at narrow widths.
-- Keep table cells short (one phrase each). If a cell needs a paragraph, use bullets below the table instead.
-- Code, file paths with line ranges, and shell commands \u2192 fenced code blocks (\`\`\`).
-- Do NOT draw decorative frames around content with \`\u250C\u2500\u2500\u2510 \u2502 \u2514\u2500\u2500\u2518\` characters. The renderer adds its own borders; extra ASCII art adds noise and shatters at narrow widths.
-- For flow charts and diagrams: a plain bullet list with \`\u2192\` or \`\u2193\` between steps. Don't try to draw boxes-and-arrows in ASCII; it never survives word-wrap.`;
-var ESCALATION_CONTRACT = `Cost-aware escalation (when you're running on deepseek-v4-flash):
-
-If a task CLEARLY exceeds what flash can do well \u2014 complex cross-file architecture refactors, subtle concurrency / security / correctness invariants you can't resolve with confidence, or a design trade-off you'd be guessing at \u2014 output the marker as the FIRST line of your response (nothing before it, not even whitespace on a separate line). This aborts the current call and retries this turn on deepseek-v4-pro, one shot.
-
-Two accepted forms:
-- \`<<<NEEDS_PRO>>>\` \u2014 bare marker, no rationale.
-- \`<<<NEEDS_PRO: <one-sentence reason>>>>\` \u2014 preferred. The reason text appears in the user-visible warning ("\u21E7 flash requested escalation \u2014 <your reason>"), so they understand WHY a more expensive call is happening. Keep it under ~150 chars, no newlines, no nested \`>\` characters. Examples: \`<<<NEEDS_PRO: cross-file refactor across 6 modules with circular imports>>>\` or \`<<<NEEDS_PRO: subtle session-token race; flash would likely miss the locking invariant>>>\`.
-
-Do NOT emit any other content in the same response when you request escalation. Use this sparingly: normal tasks \u2014 reading files, small edits, clear bug fixes, straightforward feature additions \u2014 stay on flash. Request escalation ONLY when you would otherwise produce a guess or a visibly-mediocre answer. If in doubt, attempt the task on flash first; the system also escalates automatically if you hit 3+ repair / SEARCH-mismatch errors in a single turn (the user sees a typed breakdown).`;
-var NEGATIVE_CLAIM_RULE = `Negative claims ("X is missing", "Y isn't implemented", "there's no Z") are the #1 hallucination shape. They feel safe to write because no citation seems possible \u2014 but that's exactly why you must NOT write them on instinct.
-
-If you have a search tool (\`search_content\`, \`grep\`, web search), call it FIRST before asserting absence:
-- Returns matches \u2192 you were wrong; correct yourself and cite the matches.
-- Returns nothing \u2192 state the absence WITH the search query as evidence: \`No callers of \\\`foo()\\\` found (search_content "foo").\`
-
-If you have no search tool, qualify hard: "I haven't verified \u2014 this is a guess." Never assert absence with fake authority.`;
-
-// src/skills.ts
-var SKILLS_DIRNAME = "skills";
-var SKILL_FILE = "SKILL.md";
-var SKILLS_INDEX_MAX_CHARS = 4e3;
-var VALID_SKILL_NAME = /^[a-zA-Z0-9][a-zA-Z0-9._-]{0,63}$/;
-function parseFrontmatter(raw) {
-  const lines = raw.split(/\r?\n/);
-  if (lines[0] !== "---") return { data: {}, body: raw };
-  const end = lines.indexOf("---", 1);
-  if (end < 0) return { data: {}, body: raw };
-  const data = {};
-  for (let i = 1; i < end; i++) {
-    const line = lines[i];
-    if (!line) continue;
-    const m = line.match(/^([a-zA-Z_][a-zA-Z0-9_-]*):\s*(.*)$/);
-    if (m?.[1]) data[m[1]] = (m[2] ?? "").trim();
-  }
-  return {
-    data,
-    body: lines.slice(end + 1).join("\n").replace(/^\n+/, "")
-  };
-}
-function isValidSkillName(name) {
-  return VALID_SKILL_NAME.test(name);
-}
-function parseAllowedTools(raw) {
-  if (raw === void 0) return void 0;
-  const names = raw.split(",").map((s) => s.trim()).filter(Boolean);
-  return names.length > 0 ? Object.freeze(names) : void 0;
-}
-var SkillStore = class {
-  homeDir;
-  projectRoot;
-  disableBuiltins;
-  constructor(opts = {}) {
-    this.homeDir = opts.homeDir ?? homedir();
-    this.projectRoot = opts.projectRoot ? resolve(opts.projectRoot) : void 0;
-    this.disableBuiltins = opts.disableBuiltins === true;
-  }
-  /** True iff this store was configured with a project root. */
-  hasProjectScope() {
-    return this.projectRoot !== void 0;
-  }
-  /** Project scope first so per-repo skill overrides a global with the same name. */
-  roots() {
-    const out = [];
-    if (this.projectRoot) {
-      out.push({
-        dir: join(this.projectRoot, ".reasonix", SKILLS_DIRNAME),
-        scope: "project"
-      });
-    }
-    out.push({ dir: join(this.homeDir, ".reasonix", SKILLS_DIRNAME), scope: "global" });
-    return out;
-  }
-  /** Higher-priority root wins on collision (project > global > builtin); sorted for stable prefix hash. */
-  list() {
-    const byName = /* @__PURE__ */ new Map();
-    for (const { dir, scope } of this.roots()) {
-      if (!existsSync(dir)) continue;
-      let entries;
-      try {
-        entries = readdirSync(dir, { withFileTypes: true });
-      } catch {
-        continue;
-      }
-      for (const entry of entries) {
-        const skill = this.readEntry(dir, scope, entry);
-        if (!skill) continue;
-        if (!byName.has(skill.name)) byName.set(skill.name, skill);
-      }
-    }
-    if (!this.disableBuiltins) {
-      for (const skill of BUILTIN_SKILLS) {
-        if (!byName.has(skill.name)) byName.set(skill.name, skill);
-      }
-    }
-    return [...byName.values()].sort((a, b) => a.name.localeCompare(b.name));
-  }
-  /** Scaffold a new skill stub at the chosen scope. Refuses to overwrite. */
-  create(name, scope) {
-    if (!isValidSkillName(name)) {
-      return { error: `invalid skill name: "${name}" \u2014 use letters, digits, _, -, .` };
-    }
-    if (scope === "project" && !this.projectRoot) {
-      return { error: "project scope requires a workspace \u2014 run from `reasonix code`" };
-    }
-    const root = scope === "project" ? join(this.projectRoot ?? "", ".reasonix", SKILLS_DIRNAME) : join(this.homeDir, ".reasonix", SKILLS_DIRNAME);
-    const flat = join(root, `${name}.md`);
-    const folder = join(root, name, SKILL_FILE);
-    if (existsSync(folder)) {
-      return { error: `skill "${name}" already exists at ${folder}` };
-    }
-    mkdirSync(dirname(flat), { recursive: true });
-    try {
-      writeFileSync(flat, skillStubBody(name), { encoding: "utf8", flag: "wx" });
-    } catch (err) {
-      if (err.code === "EEXIST") {
-        return { error: `skill "${name}" already exists at ${flat}` };
-      }
-      throw err;
-    }
-    return { path: flat };
-  }
-  /** Resolve one skill by name. Returns `null` if not found or malformed. */
-  read(name) {
-    if (!isValidSkillName(name)) return null;
-    for (const { dir, scope } of this.roots()) {
-      if (!existsSync(dir)) continue;
-      const dirCandidate = join(dir, name, SKILL_FILE);
-      if (existsSync(dirCandidate) && statSync(dirCandidate).isFile()) {
-        return this.parse(dirCandidate, name, scope);
-      }
-      const flatCandidate = join(dir, `${name}.md`);
-      if (existsSync(flatCandidate) && statSync(flatCandidate).isFile()) {
-        return this.parse(flatCandidate, name, scope);
-      }
-    }
-    if (!this.disableBuiltins) {
-      for (const skill of BUILTIN_SKILLS) {
-        if (skill.name === name) return skill;
-      }
-    }
-    return null;
-  }
-  readEntry(dir, scope, entry) {
-    if (entry.isDirectory()) {
-      if (!isValidSkillName(entry.name)) return null;
-      const file = join(dir, entry.name, SKILL_FILE);
-      if (!existsSync(file)) return null;
-      return this.parse(file, entry.name, scope);
-    }
-    if (entry.isFile() && entry.name.endsWith(".md")) {
-      const stem = entry.name.slice(0, -3);
-      if (!isValidSkillName(stem)) return null;
-      return this.parse(join(dir, entry.name), stem, scope);
-    }
-    return null;
-  }
-  parse(path, stem, scope) {
-    let raw;
-    try {
-      raw = readFileSync(path, "utf8");
-    } catch {
-      return null;
-    }
-    const { data, body } = parseFrontmatter(raw);
-    const name = data.name && isValidSkillName(data.name) ? data.name : stem;
-    return {
-      name,
-      description: (data.description ?? "").trim(),
-      body: body.trim(),
-      scope,
-      path,
-      allowedTools: parseAllowedTools(data["allowed-tools"]),
-      runAs: parseRunAs(data.runAs),
-      model: data.model?.startsWith("deepseek-") ? data.model : void 0
-    };
-  }
-};
-function parseRunAs(raw) {
-  return raw?.trim() === "subagent" ? "subagent" : "inline";
-}
-function skillStubBody(name) {
-  return `---
-name: ${name}
-description: One-liner \u2014 what does this skill do?
----
-
-# ${name}
-
-Replace this body with the playbook the model should follow when this skill is invoked.
-
-Tips:
-- Reference tools by name (run_command, edit_file, search_content, ...)
-- Add \`runAs: subagent\` to frontmatter to spawn an isolated subagent loop
-- Add \`allowed-tools: read_file, search_content\` to scope a subagent's tools
-`;
-}
-function skillIndexLine(s) {
-  const safeDesc = s.description.replace(/\n/g, " ").trim();
-  const tag = s.runAs === "subagent" ? " [\u{1F9EC} subagent]" : "";
-  const max = 130 - s.name.length - tag.length;
-  const clipped = safeDesc.length > max ? `${safeDesc.slice(0, Math.max(1, max - 1))}\u2026` : safeDesc;
-  return clipped ? `- ${s.name}${tag} \u2014 ${clipped}` : `- ${s.name}${tag}`;
-}
-function applySkillsIndex(basePrompt, opts = {}) {
-  const store = new SkillStore(opts);
-  const skills = store.list().filter((s) => s.description);
-  if (skills.length === 0) return basePrompt;
-  const lines = skills.map(skillIndexLine);
-  const joined = lines.join("\n");
-  const truncated = joined.length > SKILLS_INDEX_MAX_CHARS ? `${joined.slice(0, SKILLS_INDEX_MAX_CHARS)}
-\u2026 (truncated ${joined.length - SKILLS_INDEX_MAX_CHARS} chars)` : joined;
-  return [
-    basePrompt,
-    "",
-    "# Skills \u2014 playbooks you can invoke",
-    "",
-    'One-liner index. Each entry is either a built-in or a user-authored playbook. Call `run_skill({ name: "<skill-name>", arguments: "<task>" })` \u2014 the `name` is JUST the skill identifier (e.g. `"explore"`), NOT the `[\u{1F9EC} subagent]` tag that appears after it. Entries tagged `[\u{1F9EC} subagent]` spawn an **isolated subagent** \u2014 its tool calls and reasoning never enter your context, only its final answer does. Use subagent skills for tasks that would otherwise flood your context (deep exploration, multi-step research, anything where you only need the conclusion). Plain skills are inlined: their body becomes a tool result you read and act on directly. The user can also invoke a skill via `/skill <name>`.',
-    "",
-    "```",
-    truncated,
-    "```"
-  ].join("\n");
-}
-var BUILTIN_EXPLORE_BODY = `You are running as an exploration subagent. Your job is to investigate the codebase the parent agent pointed you at, then return one focused, distilled answer.
-
-How to operate:
-- Use read_file, search_files, search_content, directory_tree, list_directory, get_file_info as your primary tools. Stay read-only.
-- For "find all places that call / reference / use X" questions, use \`search_content\` (content grep) \u2014 NOT \`search_files\` (which only matches file names). This is the most common subagent mistake; using the wrong tool gives empty results and you waste your iter budget chasing a phantom.
-- Cast a wide net first (search_content for symbol references, directory_tree for structure) to map the territory; then read the 3-10 most relevant files in full.
-- Don't read every file \u2014 be selective. Aim for breadth on the first pass, depth only where the question demands it.
-- Stop exploring as soon as you can answer the question. The parent doesn't see your tool calls, so over-exploration is pure waste.
-
-Your final answer:
-- One paragraph (or a few short bullets). Lead with the conclusion.
-- Cite specific file paths + line ranges when they support the answer.
-- If the question can't be answered from what you found, say so plainly and suggest where to look next.
-- No follow-up offers, no "let me know if you need more." The parent will ask again if they need more.
-
-${NEGATIVE_CLAIM_RULE}
-
-${TUI_FORMATTING_RULES}
-
-The 'task' the parent gave you is the question you must answer. Treat any other reading of it as scope creep.`;
-var BUILTIN_RESEARCH_BODY = `You are running as a research subagent. Your job is to gather information from code AND the web, synthesize it, and return one focused conclusion.
-
-How to operate:
-- Combine code reading (read_file, search_files) with web tools (web_search, web_fetch) as appropriate to the question.
-- For "how does X work" / "is Y supported" questions: web first to find the canonical reference, then verify against the local code.
-- For "what's our policy on Z" / "where do we use Q": local code first, web only if you need to compare against external standards.
-- Cap yourself at ~10 tool calls. If you can't converge in 10, return what you have plus a note about what's missing.
-
-Your final answer:
-- One paragraph (or short bullets). Lead with the conclusion.
-- Cite both code (file:line) AND web sources (URL) when they back the answer.
-- Distinguish "I verified this in code" from "I read this on a docs page" \u2014 the parent will trust the former more.
-- If the answer is uncertain, say so. Don't invent confidence.
-
-${NEGATIVE_CLAIM_RULE}
-
-${TUI_FORMATTING_RULES}
-
-The 'task' the parent gave you is the research question. Stay on it.`;
-var BUILTIN_REVIEW_BODY = `You are running as a code-review subagent. Your job is to inspect the changes the user is about to ship \u2014 usually the current git branch vs its upstream \u2014 and produce a focused review the parent can hand back to the user.
-
-How to operate:
-- Default scope: the current branch's diff vs the default branch. If the user's task names a specific commit range or files, honor that instead.
-- Discover scope first: \`run_command git status\`, \`git diff --stat\`, \`git log --oneline\` to see what changed. Then \`git diff\` (or \`git diff <base>...HEAD\`) for the actual hunks.
-- Read the touched files (\`read_file\`) when the diff alone doesn't carry enough context \u2014 function signatures, surrounding invariants, callers.
-- For "any callers depending on this?" questions: \`search_content\` against the symbol BEFORE asserting impact.
-- Stay read-only. Never \`run_command git commit\`, never write files, never propose SEARCH/REPLACE blocks. The parent decides whether to act on your findings.
-- Cap yourself at ~12 tool calls. If the diff is too big to review in one pass, pick the riskiest 2-3 files and say so explicitly.
-
-What to look for, in priority order:
-1. **Correctness bugs** \u2014 off-by-one, null/undefined handling, race conditions, wrong sign / wrong operator, edge cases the code doesn't handle.
-2. **Security** \u2014 injection (SQL, shell, path traversal), secrets in code, missing authz checks, unsafe deserialization.
-3. **Behavior changes the diff hides** \u2014 renames that miss callers, removed branches that were load-bearing, error-handling that now swallows what used to surface.
-4. **Tests** \u2014 does the change have tests for the new behavior? Are existing tests still meaningful, or did the change make them tautological?
-5. **Style + consistency** \u2014 only flag deviations that matter (unsafe \`any\`, missing types in TypeScript, inconsistent error shape). Don't pile on cosmetic nits if the substance is clean.
-
-Your final answer:
-- Lead with a one-sentence verdict: "ship as-is" / "minor nits, OK to ship after" / "blocking issues, do not ship".
-- Then a short bulleted list of issues, each with: file:line citation + the problem in one sentence + what to change.
-- Group by severity if you have more than 4 items: **Blocking**, **Should-fix**, **Nits**.
-- If everything looks clean, say so plainly. Don't manufacture concerns.
-
-${NEGATIVE_CLAIM_RULE}
-
-${TUI_FORMATTING_RULES}
-
-The 'task' the parent gave you describes WHAT to review (a branch, a file set, or "the pending changes"). Stay on it; don't redesign the feature.`;
-var BUILTIN_SECURITY_REVIEW_BODY = `You are running as a security-review subagent. Your job is to inspect the changes the user is about to ship \u2014 usually the current git branch vs its upstream \u2014 through a security lens specifically, and report exploitable issues.
-
-How to operate:
-- Default scope: the current branch's diff vs the default branch. If the user names a different range or a directory, honor that.
-- Discover scope first: \`git status\`, \`git diff --stat\`, \`git diff <base>...HEAD\`. Read touched files (\`read_file\`) when the diff alone doesn't carry security context \u2014 auth checks, input validation, the actual handler that calls into the changed function.
-- Use \`search_content\` to verify "is this user-controlled input ever sanitized later?" / "are there other call sites that depend on this validation?" before asserting impact.
-- Stay read-only. Never write, never run destructive commands, never propose SEARCH/REPLACE blocks. The parent decides what to act on.
-- Cap yourself at ~12 tool calls. If the diff is too big, focus on the riskiest 2-3 files and say so explicitly.
-
-Threat model \u2014 flag with severity:
-
-**CRITICAL** (do-not-ship):
-- SQL / NoSQL / shell / template injection \u2014 user input concatenated into a query, command, or template without parameterization.
-- Path traversal \u2014 user-controlled filenames touching the filesystem without canonicalization + sandbox check.
-- Authentication / authorization missing \u2014 endpoints / actions that should require a session check but don't.
-- Hardcoded secrets \u2014 API keys, passwords, signing tokens visible in the diff.
-- Deserialization of untrusted input \u2014 \`pickle.loads\`, \`yaml.load\` (non-safe), \`eval\`, \`Function()\`, \`unserialize()\`.
-- Cryptographic mistakes \u2014 homemade crypto, weak hashes (MD5/SHA-1) for passwords, missing IVs, ECB mode, predictable nonces.
-
-**HIGH**:
-- XSS \u2014 user input rendered into HTML without escaping (or wrong escaping context).
-- SSRF \u2014 fetching URLs from user input without an allowlist.
-- Race conditions in security-relevant code \u2014 TOCTOU on auth/file checks.
-- Open redirects \u2014 user-controlled URL passed to a redirect helper.
-- Insufficient logging on security events (login failure, permission denial) \u2014 only flag if the codebase clearly DOES log elsewhere.
-
-**MEDIUM**:
-- Verbose error messages leaking internal paths / stack traces / SQL.
-- Missing rate limiting on a credential / token endpoint.
-- Cross-origin / cookie-flag issues (missing \`Secure\` / \`HttpOnly\` / \`SameSite\`).
-
-Things to NOT pile on (out of scope here \u2014 the regular /review covers them):
-- Style, formatting, naming.
-- Performance, refactor opportunities, test coverage gaps that aren't security-relevant.
-- "Should be a constant" / "extract this helper" \u2014 irrelevant to ship-blocking.
-
-Your final answer:
-- Lead with a one-sentence verdict: "no security issues found", "minor concerns", or "blocking issues".
-- Then a list grouped by severity. Each item: file:line + 1-sentence threat + 1-sentence fix direction (no full SEARCH/REPLACE \u2014 the user / parent agent will write that).
-- If clean, say so plainly. Don't manufacture findings.
-
-${NEGATIVE_CLAIM_RULE}
-
-${TUI_FORMATTING_RULES}
-
-The 'task' the parent gave you names what to review. Stay on it; don't redesign the feature.`;
-var BUILTIN_TEST_BODY = `You are running as the parent agent \u2014 this skill is INLINED, not a subagent. The user invoked /test (or asked you to "run the tests and fix failures"). Your job: run the project's test suite, diagnose any failure, propose fixes as SEARCH/REPLACE edit blocks, then re-run. Repeat until green or you hit a wall you should escalate.
-
-How to operate:
-
-1. **Detect the test command**.
-   - Look for \`package.json\` \u2192 \`scripts.test\` first (most common: \`npm test\`, \`pnpm test\`, \`yarn test\`).
-   - If no package.json or no test script: try \`pytest\`, \`go test ./...\`, \`cargo test\` based on what files exist (pyproject.toml/requirements.txt \u2192 pytest; go.mod \u2192 go test; Cargo.toml \u2192 cargo test).
-   - If you can't tell, ASK the user for the command \u2014 don't guess. One question, one tool call to confirm.
-
-2. **Run it via run_command** (typical timeout 120s, bigger if the suite is large). Capture stdout + stderr.
-
-3. **Read the failures**. Pull out: which test names failed, the actual error/traceback, the file + line that threw. Don't just paraphrase \u2014 locate the exact assertion or stack frame.
-
-4. **Propose fixes**. For each distinct failure:
-   - If the failure is in PRODUCTION code (test catches a real bug) \u2192 propose a SEARCH/REPLACE that fixes the production code.
-   - If the failure is in TEST code (test is wrong, codebase is right) \u2192 propose a SEARCH/REPLACE that updates the test, AND say so explicitly: "This is a test bug, not a production bug \u2014 updating the assertion."
-   - If the failure is environmental (missing dep, wrong node version, missing fixture file) \u2192 say so and stop. Don't try to install packages or change config without checking with the user.
-
-5. **Apply + re-run**. After the user accepts the edit blocks, run the test command again. Iterate.
-
-6. **Stop conditions**:
-   - All tests pass \u2192 report green, summarize what changed.
-   - Same test still failing after 2 fix attempts on the same line \u2192 STOP. Tell the user "I've tried twice, it's still failing \u2014 here's what I think is happening, want me to try a different angle?". Don't loop indefinitely.
-   - 3+ unrelated failures \u2192 fix one at a time, smallest first, so each pass narrows the surface.
-
-Don't:
-- Run \`npm install\` / \`pip install\` / \`cargo update\` without asking \u2014 those mutate lockfiles and have global effects.
-- Disable, skip, or delete failing tests to "make it green". If a test seems wrong, update its assertion with a one-sentence explanation, but never add \`.skip\` / \`it.skip\` / \`@pytest.mark.skip\`.
-- Modify the test runner config (vitest.config, jest.config, etc.) to silence failures.
-
-Lead each turn with a one-line status: "\u25B8 running \`npm test\` ..." \u2192 "\u25B8 2 failures in tests/foo.test.ts \u2014 first is \u2026" \u2192 so the user always knows where you are without scrolling tool output.`;
-var BUILTIN_SKILLS = Object.freeze([
-  Object.freeze({
-    name: "explore",
-    description: "Explore the codebase in an isolated subagent \u2014 wide-net read-only investigation that returns one distilled answer. Best for: 'find all places that...', 'how does X work across the project', 'survey the code for Y'.",
-    body: BUILTIN_EXPLORE_BODY,
-    scope: "builtin",
-    path: "(builtin)",
-    runAs: "subagent"
-  }),
-  Object.freeze({
-    name: "research",
-    description: "Research a question by combining web search + code reading in an isolated subagent. Best for: 'is X feature supported by lib Y', 'what's the canonical way to do Z', 'compare our impl against the spec'.",
-    body: BUILTIN_RESEARCH_BODY,
-    scope: "builtin",
-    path: "(builtin)",
-    runAs: "subagent"
-  }),
-  Object.freeze({
-    name: "review",
-    description: "Review the pending changes (current branch diff by default) in an isolated subagent \u2014 flags correctness, security, missing tests, hidden behavior changes; reports verdict + per-issue file:line. Read-only; the parent decides what to act on.",
-    body: BUILTIN_REVIEW_BODY,
-    scope: "builtin",
-    path: "(builtin)",
-    runAs: "subagent"
-  }),
-  Object.freeze({
-    name: "security-review",
-    description: "Security-focused review of the current branch diff in an isolated subagent \u2014 flags injection/authz/secrets/deserialization/path-traversal/crypto issues, severity-tagged. Read-only. Use when shipping changes that touch auth, input parsing, file IO, or external requests.",
-    body: BUILTIN_SECURITY_REVIEW_BODY,
-    scope: "builtin",
-    path: "(builtin)",
-    runAs: "subagent"
-  }),
-  Object.freeze({
-    name: "test",
-    description: "Run the project's test suite, diagnose failures, propose SEARCH/REPLACE fixes, re-run until green (or stop after 2 fix attempts on the same failure). Inlined \u2014 runs in the parent loop so you see the edit blocks and can /apply them. Detects npm/pnpm/yarn/pytest/go/cargo.",
-    body: BUILTIN_TEST_BODY,
-    scope: "builtin",
-    path: "(builtin)",
-    runAs: "inline"
-  })
-]);
-
-// src/memory/project.ts
-import { existsSync as existsSync2, readFileSync as readFileSync2 } from "fs";
-import { join as join2 } from "path";
-var PROJECT_MEMORY_FILE = "REASONIX.md";
-var PROJECT_MEMORY_MAX_CHARS = 8e3;
-function readProjectMemory(rootDir) {
-  const path = join2(rootDir, PROJECT_MEMORY_FILE);
-  if (!existsSync2(path)) return null;
-  let raw;
-  try {
-    raw = readFileSync2(path, "utf8");
-  } catch {
-    return null;
-  }
-  const trimmed = raw.trim();
-  if (!trimmed) return null;
-  const originalChars = trimmed.length;
-  const truncated = originalChars > PROJECT_MEMORY_MAX_CHARS;
-  const content = truncated ? `${trimmed.slice(0, PROJECT_MEMORY_MAX_CHARS)}
-\u2026 (truncated ${originalChars - PROJECT_MEMORY_MAX_CHARS} chars)` : trimmed;
-  return { path, content, originalChars, truncated };
-}
-function memoryEnabled() {
-  const env = process.env.REASONIX_MEMORY;
-  if (env === "off" || env === "false" || env === "0") return false;
-  return true;
-}
-function applyProjectMemory(basePrompt, rootDir) {
-  if (!memoryEnabled()) return basePrompt;
-  const mem = readProjectMemory(rootDir);
-  if (!mem) return basePrompt;
-  return `${basePrompt}
-
-# Project memory (REASONIX.md)
-
-The user pinned these notes about this project \u2014 treat them as authoritative context for every turn:
-
-\`\`\`
-${mem.content}
-\`\`\`
-`;
-}
-
-// src/memory/user.ts
-var USER_MEMORY_DIR = "memory";
-var MEMORY_INDEX_FILE = "MEMORY.md";
-var MEMORY_INDEX_MAX_CHARS = 4e3;
-var VALID_NAME = /^[a-zA-Z0-9_-][a-zA-Z0-9_.-]{1,38}[a-zA-Z0-9]$/;
-function sanitizeMemoryName(raw) {
-  const trimmed = String(raw ?? "").trim();
-  if (!VALID_NAME.test(trimmed)) {
-    throw new Error(
-      `invalid memory name: ${JSON.stringify(raw)} \u2014 must be 3-40 chars, alnum/_/-, no path separators`
-    );
-  }
-  return trimmed;
-}
-function projectHash(rootDir) {
-  const abs = resolve2(rootDir);
-  return createHash("sha1").update(abs).digest("hex").slice(0, 16);
-}
-function scopeDir(opts) {
-  if (opts.scope === "global") {
-    return join3(opts.homeDir, USER_MEMORY_DIR, "global");
-  }
-  if (!opts.projectRoot) {
-    throw new Error("scope=project requires a projectRoot on MemoryStore");
-  }
-  return join3(opts.homeDir, USER_MEMORY_DIR, projectHash(opts.projectRoot));
-}
-function ensureDir(p) {
-  if (!existsSync3(p)) mkdirSync2(p, { recursive: true });
-}
-function parseFrontmatter2(raw) {
-  const lines = raw.split(/\r?\n/);
-  if (lines[0] !== "---") return { data: {}, body: raw };
-  const end = lines.indexOf("---", 1);
-  if (end < 0) return { data: {}, body: raw };
-  const data = {};
-  for (let i = 1; i < end; i++) {
-    const line = lines[i];
-    if (!line) continue;
-    const m = line.match(/^([a-zA-Z_][a-zA-Z0-9_-]*):\s*(.*)$/);
-    if (m?.[1]) data[m[1]] = (m[2] ?? "").trim();
-  }
-  return {
-    data,
-    body: lines.slice(end + 1).join("\n").replace(/^\n+/, "")
-  };
-}
-function formatFrontmatter(e) {
-  return [
-    "---",
-    `name: ${e.name}`,
-    `description: ${e.description.replace(/\n/g, " ")}`,
-    `type: ${e.type}`,
-    `scope: ${e.scope}`,
-    `created: ${e.createdAt}`,
-    "---",
-    ""
-  ].join("\n");
-}
-function todayIso() {
-  const d = /* @__PURE__ */ new Date();
-  return d.toISOString().slice(0, 10);
-}
-function indexLine(e) {
-  const safeDesc = e.description.replace(/\n/g, " ").trim();
-  const max = 130 - e.name.length;
-  const clipped = safeDesc.length > max ? `${safeDesc.slice(0, Math.max(1, max - 1))}\u2026` : safeDesc;
-  return `- [${e.name}](${e.name}.md) \u2014 ${clipped}`;
-}
-var MemoryStore = class {
-  homeDir;
-  projectRoot;
-  constructor(opts = {}) {
-    this.homeDir = opts.homeDir ?? join3(homedir2(), ".reasonix");
-    this.projectRoot = opts.projectRoot ? resolve2(opts.projectRoot) : void 0;
-  }
-  /** Directory this store writes `scope` files into, creating it if needed. */
-  dir(scope) {
-    const d = scopeDir({ homeDir: this.homeDir, scope, projectRoot: this.projectRoot });
-    ensureDir(d);
-    return d;
-  }
-  /** Absolute path to a memory file (no existence check). */
-  pathFor(scope, name) {
-    return join3(this.dir(scope), `${sanitizeMemoryName(name)}.md`);
-  }
-  /** True iff this store is configured with a project scope available. */
-  hasProjectScope() {
-    return this.projectRoot !== void 0;
-  }
-  loadIndex(scope) {
-    if (scope === "project" && !this.projectRoot) return null;
-    const file = join3(
-      scopeDir({ homeDir: this.homeDir, scope, projectRoot: this.projectRoot }),
-      MEMORY_INDEX_FILE
-    );
-    if (!existsSync3(file)) return null;
-    let raw;
-    try {
-      raw = readFileSync3(file, "utf8");
-    } catch {
-      return null;
-    }
-    const trimmed = raw.trim();
-    if (!trimmed) return null;
-    const originalChars = trimmed.length;
-    const truncated = originalChars > MEMORY_INDEX_MAX_CHARS;
-    const content = truncated ? `${trimmed.slice(0, MEMORY_INDEX_MAX_CHARS)}
-\u2026 (truncated ${originalChars - MEMORY_INDEX_MAX_CHARS} chars)` : trimmed;
-    return { content, originalChars, truncated };
-  }
-  /** Read one memory file's body (frontmatter stripped). Throws if missing. */
-  read(scope, name) {
-    const file = this.pathFor(scope, name);
-    if (!existsSync3(file)) {
-      throw new Error(`memory not found: scope=${scope} name=${name}`);
-    }
-    const raw = readFileSync3(file, "utf8");
-    const { data, body } = parseFrontmatter2(raw);
-    return {
-      name: data.name ?? name,
-      type: data.type ?? "project",
-      scope: data.scope ?? scope,
-      description: data.description ?? "",
-      body: body.trim(),
-      createdAt: data.created ?? ""
-    };
-  }
-  /** Skips malformed files — index stays queryable even if one file is hand-edited into nonsense. */
-  list() {
-    const out = [];
-    const scopes = this.projectRoot ? ["global", "project"] : ["global"];
-    for (const scope of scopes) {
-      const dir = scopeDir({ homeDir: this.homeDir, scope, projectRoot: this.projectRoot });
-      if (!existsSync3(dir)) continue;
-      let entries;
-      try {
-        entries = readdirSync2(dir);
-      } catch {
-        continue;
-      }
-      for (const entry of entries) {
-        if (entry === MEMORY_INDEX_FILE) continue;
-        if (!entry.endsWith(".md")) continue;
-        const name = entry.slice(0, -3);
-        try {
-          out.push(this.read(scope, name));
-        } catch {
-        }
-      }
-    }
-    return out;
-  }
-  write(input) {
-    if (input.scope === "project" && !this.projectRoot) {
-      throw new Error("cannot write project-scoped memory: no projectRoot configured");
-    }
-    const name = sanitizeMemoryName(input.name);
-    const desc = String(input.description ?? "").trim();
-    if (!desc) throw new Error("memory description cannot be empty");
-    const body = String(input.body ?? "").trim();
-    if (!body) throw new Error("memory body cannot be empty");
-    const entry = {
-      ...input,
-      name,
-      description: desc,
-      body,
-      createdAt: todayIso()
-    };
-    const dir = this.dir(input.scope);
-    const file = join3(dir, `${name}.md`);
-    const content = `${formatFrontmatter(entry)}${body}
-`;
-    writeFileSync2(file, content, "utf8");
-    this.regenerateIndex(input.scope);
-    return file;
-  }
-  /** Delete one memory + its index line. No-op if the file is already gone. */
-  delete(scope, rawName) {
-    if (scope === "project" && !this.projectRoot) {
-      throw new Error("cannot delete project-scoped memory: no projectRoot configured");
-    }
-    const file = this.pathFor(scope, rawName);
-    if (!existsSync3(file)) return false;
-    unlinkSync(file);
-    this.regenerateIndex(scope);
-    return true;
-  }
-  /** Sorted by name — same file set must produce byte-identical MEMORY.md for stable prefix hashing. */
-  regenerateIndex(scope) {
-    const dir = scopeDir({ homeDir: this.homeDir, scope, projectRoot: this.projectRoot });
-    if (!existsSync3(dir)) return;
-    let files;
-    try {
-      files = readdirSync2(dir);
-    } catch {
-      return;
-    }
-    const mdFiles = files.filter((f) => f !== MEMORY_INDEX_FILE && f.endsWith(".md")).sort((a, b) => a.localeCompare(b));
-    const indexPath = join3(dir, MEMORY_INDEX_FILE);
-    if (mdFiles.length === 0) {
-      if (existsSync3(indexPath)) unlinkSync(indexPath);
-      return;
-    }
-    const lines = [];
-    for (const f of mdFiles) {
-      const name = f.slice(0, -3);
-      try {
-        const entry = this.read(scope, name);
-        lines.push(indexLine({ name: entry.name || name, description: entry.description }));
-      } catch {
-        lines.push(`- [${name}](${name}.md) \u2014 (malformed, check frontmatter)`);
-      }
-    }
-    writeFileSync2(indexPath, `${lines.join("\n")}
-`, "utf8");
-  }
-};
-function readGlobalReasonixMemory(homeDir = join3(homedir2(), ".reasonix")) {
-  const path = join3(homeDir, "REASONIX.md");
-  if (!existsSync3(path)) return null;
-  let raw;
-  try {
-    raw = readFileSync3(path, "utf8");
-  } catch {
-    return null;
-  }
-  const trimmed = raw.trim();
-  if (!trimmed) return null;
-  const originalChars = trimmed.length;
-  const truncated = originalChars > 8e3;
-  const content = truncated ? `${trimmed.slice(0, 8e3)}
-\u2026 (truncated ${originalChars - 8e3} chars)` : trimmed;
-  return { path, content, originalChars, truncated };
-}
-function applyGlobalReasonixMemory(basePrompt, homeDir) {
-  if (!memoryEnabled()) return basePrompt;
-  const dir = homeDir ?? join3(homedir2(), ".reasonix");
-  const mem = readGlobalReasonixMemory(dir);
-  if (!mem) return basePrompt;
-  return [
-    basePrompt,
-    "",
-    "# Global memory (~/.reasonix/REASONIX.md)",
-    "",
-    "Cross-project notes the user pinned via the `#g` prompt prefix. Treat as authoritative \u2014 same level of trust as project memory.",
-    "",
-    "```",
-    mem.content,
-    "```"
-  ].join("\n");
-}
-function applyUserMemory(basePrompt, opts = {}) {
-  if (!memoryEnabled()) return basePrompt;
-  const store = new MemoryStore(opts);
-  const global = store.loadIndex("global");
-  const project = store.hasProjectScope() ? store.loadIndex("project") : null;
-  if (!global && !project) return basePrompt;
-  const parts = [basePrompt];
-  if (global) {
-    parts.push(
-      "",
-      "# User memory \u2014 global (~/.reasonix/memory/global/MEMORY.md)",
-      "",
-      "Cross-project facts and preferences the user has told you in prior sessions. TREAT AS AUTHORITATIVE \u2014 don't re-verify via filesystem or web. One-liners index detail files; call `recall_memory` for full bodies only when the one-liner isn't enough.",
-      "",
-      "```",
-      global.content,
-      "```"
-    );
-  }
-  if (project) {
-    parts.push(
-      "",
-      "# User memory \u2014 this project",
-      "",
-      "Per-project facts the user established in prior sessions (not committed to the repo). TREAT AS AUTHORITATIVE. Same recall pattern as global memory.",
-      "",
-      "```",
-      project.content,
-      "```"
-    );
-  }
-  return parts.join("\n");
-}
-function applyMemoryStack(basePrompt, rootDir) {
-  const withProject = applyProjectMemory(basePrompt, rootDir);
-  const withGlobal = applyGlobalReasonixMemory(withProject);
-  const withMemory = applyUserMemory(withGlobal, { projectRoot: rootDir });
-  return applySkillsIndex(withMemory, { projectRoot: rootDir });
-}
-
-// src/code/prompt.ts
-var CODE_SYSTEM_PROMPT = `You are Reasonix Code, a coding assistant. You have filesystem tools (read_file, write_file, edit_file, list_directory, directory_tree, search_files, search_content, get_file_info) rooted at the user's working directory, plus run_command / run_background for shell.
-
-# Cite or shut up \u2014 non-negotiable
-
-Every factual claim you make about THIS codebase must be backed by evidence. Reasonix VALIDATES the citations you write \u2014 broken paths or out-of-range lines render in **red strikethrough with \u274C** in front of the user.
-
-**Positive claims** (a file exists, a function does X, a feature IS implemented) \u2014 append a markdown link to the source:
-
-- \u2705 Correct: \`The MCP client supports listResources [listResources](src/mcp/client.ts:142).\`
-- \u274C Wrong:   \`The MCP client supports listResources.\` \u2190 no citation, looks authoritative but unverifiable.
-
-**Negative claims** (X is missing, Y is not implemented, lacks Z, doesn't have W) are the **most common hallucination shape**. They feel safe to write because no citation seems possible \u2014 but that's exactly why you must NOT write them on instinct.
-
-If you are about to write "X is missing" or "Y is not implemented" \u2014 **STOP**. Call \`search_content\` for the relevant symbol or term FIRST. Only then:
-
-- If the search returns matches \u2192 you were wrong; correct yourself and cite the matches.
-- If the search returns nothing \u2192 state the absence with the search query as your evidence: \`No callers of \\\`foo()\\\` found (search_content "foo").\`
-
-Asserting absence without a search is the #1 way evaluative answers go wrong. Treat the urge to write "missing" as a red flag in your own reasoning.
-
-# When to propose a plan (submit_plan)
-
-You have a \`submit_plan\` tool that shows the user a markdown plan and lets them Approve / Refine / Cancel before you execute. Use it proactively when the task is large enough to deserve a review gate:
-
-- Multi-file refactors or renames.
-- Architecture changes (moving modules, splitting / merging files, new abstractions).
-- Anything where "undo" after the fact would be expensive \u2014 migrations, destructive cleanups, API shape changes.
-- When the user's request is ambiguous and multiple reasonable interpretations exist \u2014 propose your reading as a plan and let them confirm.
-
-Skip submit_plan for small, obvious changes: one-line typo, clear bug with a clear fix, adding a missing import, renaming a local variable. Just do those.
-
-Plan body: one-sentence summary, then a file-by-file breakdown of what you'll change and why, and any risks or open questions. If some decisions are genuinely up to the user (naming, tradeoffs, out-of-scope possibilities), list them in an "Open questions" section \u2014 the user sees the plan in a picker and has a text input to answer your questions before approving. Don't pretend certainty you don't have; flagged questions are how the user tells you what they care about. After calling submit_plan, STOP \u2014 don't call any more tools, wait for the user's verdict.
-
-**Do NOT use submit_plan to present A/B/C route menus.** The approve/refine/cancel picker has no branch selector \u2014 a menu plan strands the user. For branching decisions, use \`ask_choice\` (see below); only call submit_plan once the user has picked a direction and you have ONE actionable plan.
-
-# When to ask the user to pick (ask_choice)
-
-You have an \`ask_choice\` tool. **If the user is supposed to pick between alternatives, the tool picks \u2014 you don't enumerate the choices as prose.** Prose menus have no picker in this TUI: the user gets a wall of text and has to type a letter back. The tool fires an arrow-key picker that's strictly better.
-
-Call it when:
-- The user has asked for options / doesn't want a recommendation / wants to decide.
-- You've analyzed multiple approaches and the final call is theirs.
-- It's a preference fork you can't resolve without them (deployment target, team convention, taste).
-
-Skip it when one option is clearly correct (just do it, or submit_plan) or a free-form text answer fits (ask in prose).
-
-Each option: short stable id (A/B/C), one-line title, optional summary. \`allowCustom: true\` when their real answer might not fit. Max 6. A ~1-sentence lead-in before the call is fine ("I see three directions \u2014 letting you pick"); don't repeat the options in it. After the call, STOP.
-
-# Plan mode (/plan)
-
-The user can ALSO enter "plan mode" via /plan, which is a stronger, explicit constraint:
-- Write tools (edit_file, write_file, create_directory, move_file) and non-allowlisted run_command calls are BOUNCED at dispatch \u2014 you'll get a tool result like "unavailable in plan mode". Don't retry them.
-- Read tools (read_file, list_directory, search_files, directory_tree, get_file_info) and allowlisted read-only / test shell commands still work \u2014 use them to investigate.
-- You MUST call submit_plan before anything will execute. Approve exits plan mode; Refine stays in; Cancel exits without implementing.
-
-
-# Delegating to subagents via Skills
-
-The pinned Skills index below lists playbooks you can invoke with \`run_skill\`. Entries tagged \`[\u{1F9EC} subagent]\` spawn an **isolated subagent** \u2014 a fresh child loop that runs the playbook in its own context and returns only the final answer. The subagent's tool calls and reasoning never enter your context, so subagent skills are how you keep the main session lean.
-
-**When you call \`run_skill\`, the \`name\` is ONLY the identifier before the tag** \u2014 e.g. \`run_skill({ name: "explore", arguments: "..." })\`, NOT \`"[\u{1F9EC} subagent] explore"\` and NOT \`"explore [\u{1F9EC} subagent]"\`. The tag is display sugar; the name argument is just the bare identifier.
-
-Two built-ins ship by default:
-- **explore** \`[\u{1F9EC} subagent]\` \u2014 read-only investigation across the codebase. Use when the user says things like "find all places that...", "how does X work across the project", "survey the code for Y". Pass \`arguments\` describing the concrete question.
-- **research** \`[\u{1F9EC} subagent]\` \u2014 combines web search + code reading. Use for "is X supported by lib Y", "what's the canonical way to Z", "compare our impl to the spec".
-
-When to delegate (call \`run_skill\` with a subagent skill):
-- The task would otherwise need >5 file reads or searches.
-- You only need the conclusion, not the exploration trail.
-- The work is self-contained (you can describe it in one paragraph).
-
-When NOT to delegate:
-- Direct, narrow questions answerable in 1-2 tool calls \u2014 just do them.
-- Anything where you need to track intermediate results yourself (planning, multi-step edits).
-- Anything that requires user interaction (subagents can't submit plans or ask you for clarification).
-
-Always pass a clear, self-contained \`arguments\` \u2014 that text is the **only** context the subagent gets.
-
-# When to edit vs. when to explore
-
-Only propose edits when the user explicitly asks you to change, fix, add, remove, refactor, or write something. Do NOT propose edits when the user asks you to:
-- analyze, read, explore, describe, or summarize a project
-- explain how something works
-- answer a question about the code
-
-In those cases, use tools to gather what you need, then reply in prose. No SEARCH/REPLACE blocks, no file changes. If you're unsure what the user wants, ask.
-
-When you do propose edits, the user will review them and decide whether to \`/apply\` or \`/discard\`. Don't assume they'll accept \u2014 write as if each edit will be audited, because it will.
-
-Reasonix runs an **edit gate**. The user's current mode (\`review\` or \`auto\`) decides what happens to your writes; you DO NOT see which mode is active, and you SHOULD NOT ask. Write the same way in both cases.
-
-- In \`auto\` mode \`edit_file\` / \`write_file\` calls land on disk immediately with an undo window \u2014 you'll get the normal "edit blocks: 1/1 applied" style response.
-- In \`review\` mode EACH \`edit_file\` / \`write_file\` call pauses tool dispatch while the user decides. You'll get one of these responses:
-  - \`"edit blocks: 1/1 applied"\` \u2014 user approved it. Continue as normal.
-  - \`"User rejected this edit to <path>. Don't retry the same SEARCH/REPLACE\u2026"\` \u2014 user said no to THIS specific edit. Do NOT re-emit the same block, do NOT switch tools to sneak it past the gate (write_file \u2192 edit_file, or text-form SEARCH/REPLACE). Either take a clearly different approach or stop and ask the user what they want instead.
-  - Text-form SEARCH/REPLACE blocks in your assistant reply queue for end-of-turn /apply \u2014 same "don't retry on rejection" rule.
-- If the user presses Esc mid-prompt the whole turn is aborted; you won't get another tool response. Don't keep spamming tool calls after an abort.
-
-# Editing files
-
-When you've been asked to change a file, output one or more SEARCH/REPLACE blocks in this exact format:
-
-path/to/file.ext
-<<<<<<< SEARCH
-exact existing lines from the file, including whitespace
-=======
-the new lines
->>>>>>> REPLACE
-
-Rules:
-- Always read_file first so your SEARCH matches byte-for-byte. If it doesn't match, the edit is rejected and you'll have to retry with the exact current content.
-- One edit per block. Multiple blocks in one response are fine.
-- To create a new file, leave SEARCH empty:
-    path/to/new.ts
-    <<<<<<< SEARCH
-    =======
-    (whole file content here)
-    >>>>>>> REPLACE
-- Do NOT use write_file to change existing files \u2014 the user reviews your edits as SEARCH/REPLACE. write_file is only for files you explicitly want to overwrite wholesale (rare).
-- Paths are relative to the working directory. Don't use absolute paths.
-
-# Trust what you already know
-
-Before exploring the filesystem to answer a factual question, check whether the answer is already in context: the user's current message, earlier turns in this conversation (including prior tool results from \`remember\`), and the pinned memory blocks at the top of this prompt. When the user has stated a fact or you have remembered one, it outranks what the files say \u2014 don't re-derive from code what the user already told you. Explore when you genuinely don't know.
-
-# Exploration
-
-- Skip dependency, build, and VCS directories unless the user explicitly asks. The pinned .gitignore block (if any, below) is your authoritative denylist.
-- Prefer \`search_files\` over \`list_directory\` when you know roughly what you're looking for \u2014 it saves context and avoids enumerating huge trees. Note: \`search_files\` matches file NAMES; for searching file CONTENTS use \`search_content\`.
-- Available exploration tools: \`read_file\`, \`list_directory\`, \`directory_tree\`, \`search_files\` (filename match), \`search_content\` (content grep \u2014 use for "where is X called", "find all references to Y"), \`get_file_info\`. Don't call \`grep\` or other tools that aren't in this list \u2014 they don't exist as functions.
-
-# Path conventions
-
-Two different rules depending on which tool:
-
-- **Filesystem tools** (\`read_file\`, \`list_directory\`, \`search_files\`, \`edit_file\`, etc.): paths are sandbox-relative. \`/\` means the project root, \`/src/foo.ts\` means \`<project>/src/foo.ts\`. Both relative (\`src/foo.ts\`) and POSIX-absolute (\`/src/foo.ts\`) forms work.
-- **\`run_command\`**: the command runs in a real OS shell with cwd pinned to the project root. Paths inside the shell command are interpreted by THAT shell, not by us. **Never use leading \`/\` in run_command arguments** \u2014 Windows treats \`/tests\` as drive-root \`F:\\tests\` (non-existent), POSIX shells treat it as filesystem root. Use plain relative paths (\`tests\`, \`./tests\`, \`src/loop.ts\`) instead.
-
-# When the user wants to switch project / working directory
-
-You can't. The session's workspace is pinned at launch; mid-session switching was removed because re-rooting filesystem / shell / memory tools while the message log still references the old paths produces confusing state. Tell the user to quit and relaunch with the new directory (e.g. \`cd ../other-project && reasonix code\`).
-
-Do NOT try to switch via \`run_command\` (\`cd\`, \`pushd\`, etc.) \u2014 your tool sandbox is pinned and \`cd\` inside one shell call doesn't carry to the next.
-
-# Foreground vs. background commands
-
-You have TWO tools for running shell commands, and picking the right one is non-negotiable:
-
-- \`run_command\` \u2014 blocks until the process exits. Use for: **tests, builds, lints, typechecks, git operations, one-shot scripts**. Anything that naturally returns in under a minute.
-- \`run_background\` \u2014 spawns and detaches after a brief startup window. Use for: **dev servers, watchers, any command with "dev" / "serve" / "watch" / "start" in the name**. Examples: \`npm run dev\`, \`pnpm dev\`, \`yarn start\`, \`vite\`, \`next dev\`, \`uvicorn app:app --reload\`, \`flask run\`, \`python -m http.server\`, \`cargo watch\`, \`tsc --watch\`, \`webpack serve\`.
-
-**Never use run_command for a dev server.** It will block for 60s, time out, and the user will see a frozen tool call while the server was actually running fine. Always \`run_background\`, then \`job_output\` to peek at the logs when you need to verify something.
-
-After \`run_background\`, tools available to you:
-- \`job_output(jobId, tailLines?)\` \u2014 read recent logs to verify startup / debug errors.
-- \`wait_for_job(jobId, timeoutMs?)\` \u2014 block until the job exits or emits new output. Prefer this over repeating identical \`job_output\` calls while you're intentionally waiting.
-- \`list_jobs\` \u2014 see every job this session (running + exited).
-- \`stop_job(jobId)\` \u2014 SIGTERM \u2192 SIGKILL after grace. Stop before switching port / config.
-
-Don't re-start an already-running dev server \u2014 call \`list_jobs\` first when in doubt.
-
-# Scope discipline on "run it" / "start it" requests
-
-When the user's request is to **run / start / launch / serve / boot up** something, your job is ONLY:
-
-1. Start it (\`run_background\` for dev servers, \`run_command\` for one-shots).
-2. Verify it came up (read a ready signal via \`job_output\`, or fetch the URL with \`web_fetch\` if they want you to confirm).
-3. Report what's running, where (URL / port / pid), and STOP.
-
-Do NOT, in the same turn:
-- Run \`tsc\` / type-checkers / linters unless the user asked for it.
-- Scan for bugs to "proactively" fix. The page rendering is success.
-- Clean up unused imports, dead code, or refactor "while you're here."
-- Edit files to improve anything the user didn't mention.
-
-If you notice an obvious issue, MENTION it in one sentence and wait for the user to say "fix it." The cost of over-eagerness is real: you burn tokens, make surprise edits the user didn't want, and chain into cascading "fix the new error I just introduced" loops. The storm-breaker will cut you off, but the user still sees the mess.
-
-"It works" is the end state. Resist the urge to polish.
-
-# Style
-
-- Show edits; don't narrate them in prose. "Here's the fix:" is enough.
-- One short paragraph explaining *why*, then the blocks.
-- If you need to explore first (list / read / search), do it with tool calls before writing any prose \u2014 silence while exploring is fine.
-
-${ESCALATION_CONTRACT}
-
-${TUI_FORMATTING_RULES}
-`;
-var SEMANTIC_SEARCH_ROUTING = `
-
-# Search routing
-
-You have BOTH \`semantic_search\` (vector index) and \`search_content\` (literal grep).
-
-- **Descriptive queries** ("where do we handle X", "which file owns Y", "how does Z work", "find the logic that does \u2026", "the code responsible for \u2026") \u2192 call \`semantic_search\` FIRST. It indexes the project by meaning, so it finds the right file even when your phrasing shares no tokens with the code.
-- **Exact-token queries** (a specific identifier, regex, or "find every call to foo") \u2192 call \`search_content\`.
-
-If \`semantic_search\` returns nothing useful (low scores, off-topic), THEN fall back to \`search_content\`. Don't go the other way \u2014 grepping a paraphrased question wastes turns.`;
-function codeSystemPrompt(rootDir, opts = {}) {
-  const base = opts.hasSemanticSearch ? `${CODE_SYSTEM_PROMPT}${SEMANTIC_SEARCH_ROUTING}` : CODE_SYSTEM_PROMPT;
-  const withMemory = applyMemoryStack(base, rootDir);
-  const gitignorePath = join4(rootDir, ".gitignore");
-  let result = withMemory;
-  if (existsSync4(gitignorePath)) {
-    let content;
-    try {
-      content = readFileSync4(gitignorePath, "utf8");
-    } catch {
-    }
-    if (content !== void 0) {
-      const MAX = 2e3;
-      const truncated = content.length > MAX ? `${content.slice(0, MAX)}
-\u2026 (truncated ${content.length - MAX} chars)` : content;
-      result = `${result}
-
-# Project .gitignore
-
-The user's repo ships this .gitignore \u2014 treat every pattern as "don't traverse or edit inside these paths unless explicitly asked":
-
-\`\`\`
-${truncated}
-\`\`\`
-`;
-    }
-  }
-  const appendParts = [opts.systemAppend, opts.systemAppendFile].filter(Boolean);
-  if (appendParts.length > 0) {
-    result = `${result}
-
-# User System Append
-
-${appendParts.join("\n\n")}`;
-  }
-  return result;
-}
-
-export {
-  PROJECT_MEMORY_FILE,
-  readProjectMemory,
-  memoryEnabled,
-  TUI_FORMATTING_RULES,
-  ESCALATION_CONTRACT,
-  NEGATIVE_CLAIM_RULE,
-  SKILLS_DIRNAME,
-  SKILL_FILE,
-  SkillStore,
-  sanitizeMemoryName,
-  MemoryStore,
-  applyMemoryStack,
-  CODE_SYSTEM_PROMPT,
-  codeSystemPrompt
-};
-//# sourceMappingURL=chunk-VWFJNLIK.js.map