sanook-cli 0.5.2 → 0.5.5

package/dist/session-distill.js

@@ -0,0 +1,84 @@
+// Session knowledge distiller — extracts DURABLE facts (decisions, gotchas, preferences,
+// constraints) from a finished session transcript so they can be folded into the memory store
+// WITHOUT the model voluntarily calling `remember`. Pure + deterministic (heuristic): the offline,
+// zero-cost fallback. An LLM-based extractor can layer on top when a model is available.
+// Signal patterns — a sentence is a candidate only if it matches one (keeps precision up).
+const SIGNALS = [
+    { kind: 'decision', re: /\b(decided|we['’]?ll use|we will use|we use|going with|chose|switch(?:ed|ing)? to|standardiz(?:e|ed|ing) on|settled on|agreed to)\b/i },
+    { kind: 'preference', re: /\b(prefer(?:s|red)?|convention(?: is|:)|by convention|coding style|likes? to|always (?:use|run|prefer|name)|we name)\b/i },
+    { kind: 'constraint', re: /\b(must not|must|never|do ?n['’]?t|don['’]t|required to|is required|only (?:use|run|allow)|forbidden|not allowed|has to)\b/i },
+    { kind: 'gotcha', re: /\b(gotcha|caveat|watch out|the (?:bug|issue|problem|error) (?:was|is)|turned out|root cause|fix(?:ed)? (?:was|by|it by)|fails? (?:if|when|because)|breaks? (?:if|when)|broke because|because the|note that|important:|heads up)\b/i },
+];
+// Strong "X not Y" / "X instead of Y" decision signal (e.g. "pnpm not npm", "tabs over spaces").
+const X_NOT_Y = /\b[\w.@/+-]{2,}\s+(?:not|instead of|over|rather than)\s+[\w.@/+-]{2,}\b/i;
+const MAX_CANDIDATES = 12;
+const MIN_WORDS = 4;
+const MAX_WORDS = 45;
+function looksLikeCodeOrLog(s) {
+    if (/^\s*[$#>]/.test(s))
+        return true; // shell prompt / diff marker
+    if (/[{};=]\s*$/.test(s) && /[(){}\[\]=;]/.test(s))
+        return true; // code-ish line
+    if (/\b(at |Error:|Traceback|stack trace|node_modules\/)/.test(s) && /:\d+/.test(s))
+        return true; // stack trace
+    const symbolRatio = (s.replace(/[\w\s]/g, '').length || 0) / Math.max(1, s.length);
+    return symbolRatio > 0.3; // mostly punctuation/symbols
+}
+function splitSentences(text) {
+    return text
+        .split(/(?<=[.!?])\s+|\n+/)
+        .map((s) => s.trim())
+        .filter(Boolean);
+}
+function normalize(s) {
+    return s.replace(/\s+/g, ' ').replace(/^[-*•\d.)\s]+/, '').trim();
+}
+/**
+ * Extract durable-fact candidates from a transcript. Skips questions, chit-chat, code/log lines,
+ * and too-short/too-long sentences; requires a decision/gotcha/preference/constraint signal.
+ */
+export function distillSession(messages) {
+    const out = [];
+    const seen = new Set();
+    for (const msg of messages) {
+        if (msg.role !== 'user' && msg.role !== 'assistant')
+            continue;
+        for (const raw of splitSentences(msg.text)) {
+            const s = normalize(raw);
+            const words = s.split(/\s+/).filter(Boolean);
+            if (words.length < MIN_WORDS || words.length > MAX_WORDS)
+                continue;
+            if (s.endsWith('?'))
+                continue; // questions aren't durable facts
+            if (looksLikeCodeOrLog(s))
+                continue;
+            const signal = SIGNALS.find((sig) => sig.re.test(s));
+            const kind = signal?.kind ?? (X_NOT_Y.test(s) ? 'decision' : undefined);
+            if (!kind)
+                continue;
+            const key = s.toLowerCase().replace(/[^a-z0-9 ]/g, '').trim();
+            if (!key || seen.has(key))
+                continue;
+            seen.add(key);
+            out.push({ text: s, kind });
+            if (out.length >= MAX_CANDIDATES)
+                return out;
+        }
+    }
+    return out;
+}
+/** flatten an AI-SDK ModelMessage content (string | parts[]) to its plain text. */
+function messageText(content) {
+    if (typeof content === 'string')
+        return content;
+    if (!Array.isArray(content))
+        return '';
+    return content
+        .map((p) => (p && typeof p === 'object' && 'text' in p && typeof p.text === 'string' ? p.text : ''))
+        .join(' ')
+        .trim();
+}
+/** distill durable-fact texts from a finished conversation (ModelMessage[]-shaped). Pure. */
+export function distilledFactsFromMessages(messages) {
+    return distillSession(messages.map((m) => ({ role: m.role, text: messageText(m.content) }))).map((c) => c.text);
+}

package/dist/session.js

@@ -1,7 +1,7 @@
 import { chmod, readFile, writeFile, mkdir, readdir, realpath, rm } from 'node:fs/promises';
 import { join, resolve } from 'node:path';
 import { appHomePath, persistenceEnabled } from './brand.js';
-import { redactKey } from './providers/keys.js';
+import { redactKey, redactUnknown } from './providers/keys.js';
 // session store — จำ conversation + ความคืบหน้า เพื่อ "ทำงานต่อได้" ไม่ลืมว่าทำถึงไหน
 const SESSION_DIR = appHomePath('sessions');
 function isRecord(value) {
@@ -45,16 +45,6 @@ function sessionFilePath(id) {
     }
     return join(SESSION_DIR, `${id}.json`);
 }
-function redactUnknown(value) {
-    if (typeof value === 'string')
-        return redactKey(value);
-    if (Array.isArray(value))
-        return value.map(redactUnknown);
-    if (value && typeof value === 'object') {
-        return Object.fromEntries(Object.entries(value).map(([k, v]) => [k, redactUnknown(v)]));
-    }
-    return value;
-}
 function sanitizeSession(s) {
     return {
         ...s,

package/dist/skill-install.js

@@ -6,7 +6,7 @@ import { promisify } from 'node:util';
 import { randomUUID } from 'node:crypto';
 import { lookup } from 'node:dns/promises';
 import { isIP } from 'node:net';
-import { parseFrontmatter, isValidSkillName } from './skills.js';
+import { parseFrontmatter, isValidSkillName, bundledSkillsDir, listBundledSkills } from './skills.js';
 import { appHomePath, BRAND } from './brand.js';
 const execFileAsync = promisify(execFile);
 const USER_SKILLS = appHomePath('skills');
@@ -172,6 +172,29 @@ async function fetchSkillMd(url) {
         throw new Error('SKILL.md ใหญ่เกิน 2MB');
     return text;
 }
+function bundledCatalogHint(name) {
+    const sample = ['git-commit-pr', 'write-tests', 'debug-root-cause'];
+    return `ไม่เจอ bundled skill "${name}" — ลอง ${sample.join(', ')} หรือ ${BRAND.cliName} skill list`;
+}
+/**
+ * ติดตั้ง skill จาก bundled catalog (ชื่อ slug) · local path · URL · GitHub
+ * ⚠️ skill = instruction ที่ agent จะ trust (ไม่ใช่ data) — ติดตั้งจาก source ที่เชื่อถือเท่านั้น
+ */
+export async function installNamedSkill(nameOrSource, onLog) {
+    if (await exists(nameOrSource))
+        return installFromLocal(nameOrSource, onLog);
+    if (isValidSkillName(nameOrSource)) {
+        const bundled = join(bundledSkillsDir(), nameOrSource);
+        if (await exists(join(bundled, 'SKILL.md')))
+            return [await installFromDir(bundled)];
+        const catalog = await listBundledSkills();
+        const match = catalog.find((skill) => skill.name === nameOrSource);
+        if (match)
+            return [await installFromDir(dirname(dirname(match.path)))];
+        throw new Error(bundledCatalogHint(nameOrSource));
+    }
+    return installSkill(nameOrSource, onLog);
+}
 /**
  * ติดตั้ง skill จาก source — local path · URL ของ SKILL.md (https) · GitHub ("user/repo" หรือ "user/repo/sub/path")
  * ⚠️ skill = instruction ที่ agent จะ trust (ไม่ใช่ data) — ติดตั้งจาก source ที่เชื่อถือเท่านั้น

package/dist/skills.js

@@ -9,6 +9,9 @@ import { projectConfigPathIfTrusted } from './trust.js';
 // 3 ชั้น: bundled (ship กับ CLI) → global (~/.sanook) → project (.sanook) — ชั้นหลัง override ชื่อซ้ำ
 const BUNDLED_SKILLS = join(dirname(fileURLToPath(import.meta.url)), '..', 'skills');
 const GLOBAL_SKILLS = appHomePath('skills');
+export function bundledSkillsDir() {
+    return BUNDLED_SKILLS;
+}
 /** minimal frontmatter parser (key: value ใน --- block) — ไม่พึ่ง YAML dep */
 export function parseFrontmatter(content) {
     const m = content.match(/^---\r?\n([\s\S]*?)\r?\n---\r?\n?([\s\S]*)$/);
@@ -33,6 +36,36 @@ export function parseFrontmatter(content) {
 export function isValidSkillName(name) {
     return /^[a-z0-9][a-z0-9-]{0,63}$/.test(name);
 }
+/** list bundled skills only (sanook skill install <name> catalog) */
+export async function listBundledSkills() {
+    const out = [];
+    let entries;
+    try {
+        entries = await readdir(BUNDLED_SKILLS, { withFileTypes: true });
+    }
+    catch {
+        return out;
+    }
+    for (const e of entries) {
+        if (!e.isDirectory() || !isValidSkillName(e.name))
+            continue;
+        const p = join(BUNDLED_SKILLS, e.name, 'SKILL.md');
+        try {
+            const { meta } = parseFrontmatter(await readFile(p, 'utf8'));
+            const name = meta.name && isValidSkillName(meta.name) ? meta.name : e.name;
+            out.push({
+                name,
+                description: meta.description ?? '',
+                whenToUse: meta.when_to_use,
+                path: p,
+            });
+        }
+        catch {
+            /* skip invalid entries */
+        }
+    }
+    return out.sort((a, b) => a.name.localeCompare(b.name));
+}
 /** scan project + global skills → list (name+description เท่านั้น สำหรับ inject). project ทับ global ชื่อซ้ำ */
 export async function loadSkills(cwd = process.cwd()) {
     const out = new Map();

package/dist/slash-completion.js

@@ -0,0 +1,155 @@
+import { existsSync, readdirSync } from 'node:fs';
+import { homedir } from 'node:os';
+import { basename, dirname, isAbsolute, resolve } from 'node:path';
+const PATH_TOKEN_RE = /((?:\.{1,2}\/|~\/?|\/|@|[^"'`\s]+\/)[^"'`\s]*)$/;
+const MAX_PATH_COMPLETIONS = 40;
+const DETAIL_SECTIONS = [
+    { text: 'thinking ', display: 'thinking', meta: 'details section' },
+    { text: 'tools ', display: 'tools', meta: 'details section' },
+];
+const DETAIL_MODES = [
+    { text: 'hidden', display: 'hidden', meta: 'details mode' },
+    { text: 'collapsed', display: 'collapsed', meta: 'details mode' },
+    { text: 'expanded', display: 'expanded', meta: 'details mode' },
+];
+const TRAIL_MODES = [
+    { text: 'compact', display: 'compact', meta: 'trail mode' },
+    { text: 'expanded', display: 'expanded', meta: 'trail mode' },
+];
+const COPY_TARGETS = [{ text: 'last', display: 'last', meta: 'copy target' }];
+const BUILTIN_SLASH_COMPLETIONS = [
+    { text: '/help', display: '/help', meta: 'command list + pager' },
+    { text: '/hotkeys', display: '/hotkeys', meta: 'keyboard shortcuts' },
+    { text: '/details', display: '/details', meta: 'thinking/tool trail visibility' },
+    { text: '/model', display: '/model', meta: 'pick provider then model' },
+    { text: '/setup', display: '/setup', meta: 'setup wizard sections' },
+    { text: '/dashboard', display: '/dashboard', meta: 'open web dashboard' },
+    { text: '/mcp', display: '/mcp', meta: 'browse MCP servers' },
+    { text: '/skills', display: '/skills', meta: 'browse loaded skills' },
+    { text: '/sessions', display: '/sessions', meta: 'resume saved sessions' },
+    { text: '/tasks', display: '/tasks', meta: 'background task_spawn jobs' },
+    { text: '/status', display: '/status', meta: 'session/model status' },
+    { text: '/platforms', display: '/platforms', meta: 'providers + gateways' },
+    { text: '/trail', display: '/trail', meta: 'toggle tool trail detail' },
+    { text: '/tools', display: '/tools', meta: 'agent tools' },
+    { text: '/diff', display: '/diff', meta: 'git diff stat' },
+    { text: '/copy', display: '/copy', meta: 'copy latest assistant response' },
+    { text: '/retry', display: '/retry', meta: 'rerun last prompt' },
+    { text: '/stop', display: '/stop', meta: 'stop current turn' },
+    { text: '/undo', display: '/undo', meta: 'stash recent file edits' },
+    { text: '/rewind', display: '/rewind', meta: 'restore previous turn' },
+    { text: '/cost', display: '/cost', meta: 'last usage/cost' },
+    { text: '/usage', display: '/usage', meta: 'last usage/cost' },
+    { text: '/insights', display: '/insights', meta: 'local usage insights' },
+    { text: '/personality', display: '/personality', meta: 'set response style' },
+    { text: '/compact', display: '/compact', meta: 'compress context' },
+    { text: '/compress', display: '/compress', meta: 'compress context' },
+    { text: '/new', display: '/new', meta: 'new conversation' },
+    { text: '/reset', display: '/reset', meta: 'new conversation' },
+    { text: '/clear', display: '/clear', meta: 'clear conversation' },
+    { text: '/quit', display: '/quit', meta: 'exit REPL' },
+];
+export function slashCompletionItems(input) {
+    if (!/^\/[a-z0-9-?]*$/i.test(input))
+        return [];
+    const query = input.slice(1).toLowerCase();
+    return BUILTIN_SLASH_COMPLETIONS.filter((item) => item.text.slice(1).startsWith(query));
+}
+export function completionForInput(input, cwd = process.cwd()) {
+    const slash = slashCompletionItems(input);
+    if (slash.length)
+        return { items: slash, replaceFrom: 0 };
+    const slashArgs = slashArgumentCompletion(input);
+    if (slashArgs.items.length)
+        return slashArgs;
+    const path = pathCompletion(input, cwd);
+    if (path.items.length)
+        return path;
+    return { items: [], replaceFrom: 0 };
+}
+function slashArgumentCompletion(input) {
+    const commandMatch = /^\/([a-z0-9-?]+)\s+/i.exec(input);
+    if (!commandMatch)
+        return { items: [], replaceFrom: 0 };
+    const command = commandMatch[1].toLowerCase();
+    const rawArgs = input.slice(commandMatch[0].length);
+    const hasTrailingSpace = /\s$/.test(input);
+    const args = rawArgs.trim() ? rawArgs.trim().split(/\s+/) : [];
+    const activeIndex = hasTrailingSpace ? args.length : Math.max(0, args.length - 1);
+    const prefix = hasTrailingSpace ? '' : (args.at(-1) ?? '');
+    const replaceFrom = input.length - prefix.length;
+    if (command === 'trail' && activeIndex === 0) {
+        return { items: filterArgumentItems(TRAIL_MODES, prefix), replaceFrom };
+    }
+    if (command === 'copy' && activeIndex === 0) {
+        return { items: filterArgumentItems(COPY_TARGETS, prefix), replaceFrom };
+    }
+    if (command === 'details') {
+        if (activeIndex === 0)
+            return { items: filterArgumentItems(DETAIL_SECTIONS, prefix), replaceFrom };
+        const section = args[0]?.toLowerCase();
+        if (activeIndex === 1 && (section === 'thinking' || section === 'tools')) {
+            return { items: filterArgumentItems(DETAIL_MODES, prefix), replaceFrom };
+        }
+    }
+    return { items: [], replaceFrom: 0 };
+}
+function filterArgumentItems(items, prefix) {
+    const query = prefix.toLowerCase();
+    return items.filter((item) => item.text.toLowerCase().startsWith(query));
+}
+function pathCompletion(input, cwd) {
+    const match = PATH_TOKEN_RE.exec(input);
+    if (!match)
+        return { items: [], replaceFrom: 0 };
+    const token = match[1];
+    const replaceFrom = input.length - token.length;
+    const mention = token.startsWith('@');
+    const rawToken = mention ? token.slice(1) : token;
+    const raw = rawToken === '~' ? '~/' : rawToken;
+    const hasTrailingSlash = raw.endsWith('/');
+    const rawDir = hasTrailingSlash ? raw : dirname(raw);
+    const prefix = hasTrailingSlash ? '' : basename(raw);
+    const dirPart = rawDir === '.' ? '' : rawDir;
+    const absoluteDir = resolveInputPath(dirPart || '.', cwd);
+    if (!existsSync(absoluteDir))
+        return { items: [], replaceFrom };
+    let entries;
+    try {
+        entries = readdirSync(absoluteDir, { withFileTypes: true });
+    }
+    catch {
+        return { items: [], replaceFrom };
+    }
+    const head = `${mention ? '@' : ''}${dirPart ? `${dirPart.replace(/\/?$/, '/')}` : ''}`;
+    const items = entries
+        .filter((entry) => !entry.name.startsWith('.') && entry.name.startsWith(prefix))
+        .sort((a, b) => Number(b.isDirectory()) - Number(a.isDirectory()) || a.name.localeCompare(b.name))
+        .slice(0, MAX_PATH_COMPLETIONS)
+        .map((entry) => {
+        const suffix = entry.isDirectory() ? '/' : '';
+        const text = `${head}${entry.name}${suffix}`;
+        return { display: text, meta: entry.isDirectory() ? 'dir' : 'file', text };
+    });
+    return { items, replaceFrom };
+}
+function resolveInputPath(input, cwd) {
+    if (input === '~')
+        return homedir();
+    if (input.startsWith('~/'))
+        return resolve(homedir(), input.slice(2));
+    if (isAbsolute(input))
+        return input;
+    return resolve(cwd, input);
+}
+export function clampCompletionIndex(index, count) {
+    if (count <= 0)
+        return 0;
+    return ((index % count) + count) % count;
+}
+export function completionReplaceValue(input, item, replaceFrom = 0) {
+    if (!item)
+        return null;
+    const next = `${input.slice(0, replaceFrom)}${item.text}`;
+    return next === input ? null : next;
+}

package/dist/support-dump.js

@@ -89,6 +89,12 @@ export async function buildSupportDump(options = {}) {
     const currentSessions = await listSessions({ cwd });
     const allSessions = await listSessions({ cwd: null });
     const { tools } = await import('./tools/index.js');
+    const polyglot = await import('./polyglot.js')
+        .then((m) => m.inspectPolyglotRuntimes({ cwd }))
+        .catch((e) => e);
+    const webSurface = await import('./web-surface.js')
+        .then((m) => m.inspectWebSurface({ cwd, loadConfig: async () => mcp }))
+        .catch((e) => e);
     lines.push(`${BRAND.productName} support dump`);
     lines.push(`version: ${options.version ?? '(dev)'}`);
     if (options.packageName)
@@ -123,6 +129,7 @@ export async function buildSupportDump(options = {}) {
         lines.push(`  brainPath: ${valueOrUnset(loadedConfig.brainPath)}`);
         lines.push(`  cacheTtl: ${loadedConfig.cacheTtl}`);
         lines.push(`  compaction: ${loadedConfig.compaction}`);
+        lines.push(`  contextCompression: ${loadedConfig.contextCompression}`);
         lines.push(`  thinking: ${valueOrUnset(loadedConfig.thinking)}`);
         lines.push(`  summaryModel: ${valueOrUnset(loadedConfig.summaryModel)}`);
         lines.push(`  embeddingModel: ${valueOrUnset(loadedConfig.embeddingModel)}`);
@@ -161,6 +168,20 @@ export async function buildSupportDump(options = {}) {
     for (const log of mcpLogs)
         lines.push(`  note: ${redactKey(log)}`);
     lines.push('');
+    lines.push('web search:');
+    if (webSurface instanceof Error) {
+        lines.push(`  load error: ${redactKey(webSurface.message)}`);
+    }
+    else {
+        lines.push(`  local search internet: ${yesNo(webSurface.localSearch.internet)}`);
+        lines.push(`  web candidates: ${webSurface.webCandidates.length}`);
+        for (const candidate of webSurface.webCandidates.slice(0, 10)) {
+            lines.push(`  ${candidate.name}: ${candidate.transport} ${candidate.reasons.join(' · ')}`);
+        }
+        if (webSurface.webCandidates.length > 10)
+            lines.push(`  ... ${webSurface.webCandidates.length - 10} more`);
+    }
+    lines.push('');
     lines.push('inventory:');
     lines.push(`  built-in tools: ${Object.keys(tools).length}`);
     lines.push(`  skills: ${skills.length}`);
@@ -170,6 +191,16 @@ export async function buildSupportDump(options = {}) {
     if (latest)
         lines.push(`  latest session: ${latest.id} updated ${latest.updated}`);
     lines.push('');
+    lines.push('runtimes:');
+    if (polyglot instanceof Error) {
+        lines.push(`  load error: ${redactKey(polyglot.message)}`);
+    }
+    else {
+        for (const runtime of polyglot.runtimes) {
+            lines.push(`  ${runtime.id}: ${runtime.status}${runtime.version ? ` (${runtime.version})` : ''}`);
+        }
+    }
+    lines.push('');
     lines.push(options.showKeys ? 'secrets: redacted prefixes/suffixes shown; raw keys are never printed' : 'secrets: hidden; use --show-keys to show redacted key fingerprints');
     return `${lines.join('\n')}\n`;
 }

package/dist/tool-catalog.js

@@ -0,0 +1,59 @@
+export const TOOL_CATALOG = [
+    {
+        detail: 'Read, write, patch, list, glob, grep, and run bounded shell commands in the current workspace.',
+        group: 'Files',
+        name: 'workspace tools',
+        summary: 'read/write/edit/list/glob/grep/bash',
+    },
+    {
+        detail: 'Inspect diffs, status, logs, and create commits when the user explicitly wants a commit.',
+        group: 'Git',
+        name: 'git tools',
+        summary: 'status/diff/log/commit',
+    },
+    {
+        detail: 'Remember facts, recall local memory, discover skills, and create reusable skill workflows.',
+        group: 'Memory',
+        name: 'memory + skills',
+        summary: 'remember/recall/find_skills/create_skill',
+    },
+    {
+        detail: 'Fetch public pages via the ethical web ladder (robots.txt, SSRF guard, reader/Tavily/Wayback fallbacks).',
+        group: 'Research',
+        name: 'web fetch',
+        summary: 'web_fetch (ethical ladder)',
+    },
+    {
+        detail: 'Use local brain search for vault/session/skill retrieval, and configured MCP web/search/fetch servers for current external facts with citations.',
+        group: 'Research',
+        name: 'local + web grounding',
+        summary: 'sanook search + web MCP readiness',
+    },
+    {
+        detail: 'Schedule recurring or future tasks for the Sanook gateway service to run later.',
+        group: 'Gateway',
+        name: 'scheduled tasks',
+        summary: 'schedule/list/cancel',
+    },
+    {
+        detail: 'Fan work out to sub-agents, collect results, cancel background jobs, and inspect task status.',
+        group: 'Agents',
+        name: 'agent orchestration',
+        summary: 'task/task_parallel/task_spawn/task_collect',
+    },
+    {
+        detail: 'Ask the language server for type errors and lint-like diagnostics after code edits.',
+        group: 'Quality',
+        name: 'diagnostics',
+        summary: 'LSP diagnostics',
+    },
+    {
+        detail: 'Run optional Python or Rust snippets/files without shell strings for data analysis and native-helper prototypes.',
+        group: 'Polyglot',
+        name: 'python + rust runtime tools',
+        summary: 'run_python/run_rust',
+    },
+];
+export function formatToolCatalog(tools = TOOL_CATALOG) {
+    return tools.map((tool) => `${tool.group}: ${tool.summary}`).join('\n  ');
+}

package/dist/tools/index.js

@@ -12,6 +12,8 @@ import { taskTool, taskParallelTool, taskSpawnTool, taskCollectTool, taskCancelT
 import { diagnosticsTool } from './diagnostics.js';
 import { gitStatusTool, gitDiffTool, gitLogTool, gitCommitTool } from './git.js';
 import { haCallServiceTool, haGetStateTool, haListEntitiesTool, haListServicesTool } from './homeassistant.js';
+import { pythonTool, rustTool } from './polyglot.js';
+import { webFetchTool } from './web-fetch-tool.js';
 /** tool registry ที่ส่งให้ agent loop */
 export const tools = {
     read_file: readFileTool,
@@ -21,6 +23,8 @@ export const tools = {
     glob: globTool,
     grep: grepTool,
     run_bash: bashTool,
+    run_python: pythonTool,
+    run_rust: rustTool,
     remember: rememberTool,
     recall: recallTool,
     skill: skillTool,
@@ -44,5 +48,6 @@ export const tools = {
     ha_get_state: haGetStateTool,
     ha_list_services: haListServicesTool,
     ha_call_service: haCallServiceTool,
+    web_fetch: webFetchTool,
 };
 export { readFileTool, writeFileTool, editFileTool, listDirTool, globTool, grepTool, bashTool };

package/dist/tools/permission.js

@@ -1,5 +1,5 @@
 import { homedir } from 'node:os';
-import { realpath, stat } from 'node:fs/promises';
+import { realpath, stat, lstat, readlink } from 'node:fs/promises';
 import { dirname, resolve, join, sep } from 'node:path';
 import { getBrainPath } from '../memory.js';
 import { BRAND_ENV, envFlag } from '../brand.js';
@@ -928,18 +928,60 @@ function readsProtectedEnvFile(cmd) {
         return true;
     return false;
 }
-export function checkBash(cmd, depth = 0) {
-    if (hasRmRecursiveForce(cmd) || hasDangerousGitOperation(cmd) || hasDestructiveCommand(cmd)) {
-        return { ok: false, reason: `คำสั่งทำลายล้าง/irreversible ถูกปฏิเสธ: "${cmd}"` };
+// Rebuild `cmd` with each segment's COMMAND token de-quoted/de-escaped (e.g. `r\m`, `'rm'`, `g\it`
+// → `rm`, `git`), leaving every other token byte-identical so the literal-search-pattern exemption
+// (e.g. `grep 'rm -rf'`) still holds. Lets the matchers below see the real command name.
+function deobfuscateCommandTokens(cmd) {
+    const entries = shellishTokenEntries(cmd);
+    if (entries.length === 0)
+        return cmd;
+    const bySegment = new Map();
+    for (const entry of entries) {
+        const seg = bySegment.get(entry.segment);
+        if (seg)
+            seg.push(entry);
+        else
+            bySegment.set(entry.segment, [entry]);
     }
-    if (PROTECTED_CMD_PATH.test(cmd) || mentionsProtectedEnvPath(cmd) || readsProtectedEnvFile(cmd)) {
-        return { ok: false, reason: `คำสั่งที่อ่าน/แตะ path ลับถูกปฏิเสธ: "${cmd}"` };
+    const replacements = [];
+    for (const segEntries of bySegment.values()) {
+        const ci = shellSegmentCommandIndex(segEntries);
+        if (ci < 0)
+            continue;
+        const entry = segEntries[ci];
+        const cleaned = cleanShellToken(entry.raw);
+        if (cleaned && cleaned !== entry.raw)
+            replacements.push({ start: entry.start, end: entry.end, text: cleaned });
     }
-    if (nestedShellCommandDenied(cmd, depth)) {
-        return { ok: false, reason: `คำสั่ง nested shell ที่อันตรายถูกปฏิเสธ: "${cmd}"` };
+    if (replacements.length === 0)
+        return cmd;
+    replacements.sort((a, b) => b.start - a.start); // right-to-left so offsets stay valid
+    let out = cmd;
+    for (const r of replacements)
+        out = out.slice(0, r.start) + r.text + out.slice(r.end);
+    return out;
+}
+export function checkBash(cmd, depth = 0) {
+    // Also test a de-obfuscated copy so a backslash/quote-mangled command name can't slip past.
+    const deob = deobfuscateCommandTokens(cmd);
+    const variants = deob === cmd ? [cmd] : [cmd, deob];
+    for (const c of variants) {
+        if (hasRmRecursiveForce(c) || hasDangerousGitOperation(c) || hasDestructiveCommand(c)) {
+            return { ok: false, reason: `คำสั่งทำลายล้าง/irreversible ถูกปฏิเสธ: "${cmd}"` };
+        }
     }
-    if (envWrappedCommandDenied(cmd, depth)) {
-        return { ok: false, reason: `คำสั่ง env wrapper ที่อันตรายถูกปฏิเสธ: "${cmd}"` };
+    for (const c of variants) {
+        if (PROTECTED_CMD_PATH.test(c) || mentionsProtectedEnvPath(c) || readsProtectedEnvFile(c)) {
+            return { ok: false, reason: `คำสั่งที่อ่าน/แตะ path ลับถูกปฏิเสธ: "${cmd}"` };
+        }
+    }
+    for (const c of variants) {
+        if (nestedShellCommandDenied(c, depth)) {
+            return { ok: false, reason: `คำสั่ง nested shell ที่อันตรายถูกปฏิเสธ: "${cmd}"` };
+        }
+        if (envWrappedCommandDenied(c, depth)) {
+            return { ok: false, reason: `คำสั่ง env wrapper ที่อันตรายถูกปฏิเสธ: "${cmd}"` };
+        }
     }
     return { ok: true };
 }
@@ -951,6 +993,21 @@ async function canonicalExisting(path) {
         return resolve(path);
     }
 }
+// If `path`'s leaf is a symlink, return where it actually points (resolved against its
+// dir). A DANGLING leaf symlink (target missing, parent present) otherwise slips past
+// existingAncestor (which stat()s through the link, fails, and falls back to the parent),
+// letting a write follow the link outside the workspace.
+async function symlinkLeafTarget(path) {
+    try {
+        const st = await lstat(path);
+        if (!st.isSymbolicLink())
+            return null;
+        return resolve(dirname(path), await readlink(path));
+    }
+    catch {
+        return null;
+    }
+}
 async function existingAncestor(path) {
     let dir = resolve(path);
     for (;;) {
@@ -1009,17 +1066,26 @@ export async function checkReadPath(path) {
 export async function checkWritePath(path) {
     const abs = resolve(path);
     const canonical = await existingAncestor(path);
+    // Where a symlinked leaf would actually write (closes the dangling-leaf-symlink escape).
+    const linkTarget = await symlinkLeafTarget(path);
+    const targetReal = linkTarget ? await existingAncestor(linkTarget) : null;
+    const candidates = [abs, canonical, ...(linkTarget ? [linkTarget, targetReal] : [])];
     const inProtectedDir = (p) => PROTECTED_DIRS.some((d) => p === d || p.startsWith(d + sep));
-    if (PROTECTED_EXACT.has(abs) ||
-        PROTECTED_EXACT.has(canonical) ||
-        inProtectedDir(abs) ||
-        inProtectedDir(canonical) ||
-        protectedSegment(abs) ||
-        protectedSegment(canonical)) {
+    if (candidates.some((p) => PROTECTED_EXACT.has(p) || inProtectedDir(p) || protectedSegment(p))) {
         return {
             ok: false,
             reason: `path ที่ป้องกันถูกปฏิเสธ: "${path}" (secrets / shell-rc / .sanook / .git / .env / node_modules)`,
         };
     }
+    // A symlinked leaf must resolve INSIDE the workspace/brain, not just sit there as a link.
+    if (linkTarget) {
+        const roots = await allowedRoots();
+        if (!roots.some((root) => inside(targetReal, root))) {
+            return {
+                ok: false,
+                reason: `symlink ชี้ออกนอก workspace/brain ที่อนุญาต: "${path}" → "${linkTarget}" (ตั้ง ${BRAND_ENV.allowOutsideWorkspace}=1 เพื่อ opt-in)`,
+            };
+        }
+    }
     return checkPathScope(path, 'write');
 }