sanook-cli 0.5.2 → 0.5.7

package/dist/slash-completion.js

@@ -0,0 +1,155 @@
+import { existsSync, readdirSync } from 'node:fs';
+import { homedir } from 'node:os';
+import { basename, dirname, isAbsolute, resolve } from 'node:path';
+const PATH_TOKEN_RE = /((?:\.{1,2}\/|~\/?|\/|@|[^"'`\s]+\/)[^"'`\s]*)$/;
+const MAX_PATH_COMPLETIONS = 40;
+const DETAIL_SECTIONS = [
+    { text: 'thinking ', display: 'thinking', meta: 'details section' },
+    { text: 'tools ', display: 'tools', meta: 'details section' },
+];
+const DETAIL_MODES = [
+    { text: 'hidden', display: 'hidden', meta: 'details mode' },
+    { text: 'collapsed', display: 'collapsed', meta: 'details mode' },
+    { text: 'expanded', display: 'expanded', meta: 'details mode' },
+];
+const TRAIL_MODES = [
+    { text: 'compact', display: 'compact', meta: 'trail mode' },
+    { text: 'expanded', display: 'expanded', meta: 'trail mode' },
+];
+const COPY_TARGETS = [{ text: 'last', display: 'last', meta: 'copy target' }];
+const BUILTIN_SLASH_COMPLETIONS = [
+    { text: '/help', display: '/help', meta: 'command list + pager' },
+    { text: '/hotkeys', display: '/hotkeys', meta: 'keyboard shortcuts' },
+    { text: '/details', display: '/details', meta: 'thinking/tool trail visibility' },
+    { text: '/model', display: '/model', meta: 'pick provider then model' },
+    { text: '/setup', display: '/setup', meta: 'setup wizard sections' },
+    { text: '/dashboard', display: '/dashboard', meta: 'open web dashboard' },
+    { text: '/mcp', display: '/mcp', meta: 'browse MCP servers' },
+    { text: '/skills', display: '/skills', meta: 'browse loaded skills' },
+    { text: '/sessions', display: '/sessions', meta: 'resume saved sessions' },
+    { text: '/tasks', display: '/tasks', meta: 'background task_spawn jobs' },
+    { text: '/status', display: '/status', meta: 'session/model status' },
+    { text: '/platforms', display: '/platforms', meta: 'providers + gateways' },
+    { text: '/trail', display: '/trail', meta: 'toggle tool trail detail' },
+    { text: '/tools', display: '/tools', meta: 'agent tools' },
+    { text: '/diff', display: '/diff', meta: 'git diff stat' },
+    { text: '/copy', display: '/copy', meta: 'copy latest assistant response' },
+    { text: '/retry', display: '/retry', meta: 'rerun last prompt' },
+    { text: '/stop', display: '/stop', meta: 'stop current turn' },
+    { text: '/undo', display: '/undo', meta: 'stash recent file edits' },
+    { text: '/rewind', display: '/rewind', meta: 'restore previous turn' },
+    { text: '/cost', display: '/cost', meta: 'last usage/cost' },
+    { text: '/usage', display: '/usage', meta: 'last usage/cost' },
+    { text: '/insights', display: '/insights', meta: 'local usage insights' },
+    { text: '/personality', display: '/personality', meta: 'set response style' },
+    { text: '/compact', display: '/compact', meta: 'compress context' },
+    { text: '/compress', display: '/compress', meta: 'compress context' },
+    { text: '/new', display: '/new', meta: 'new conversation' },
+    { text: '/reset', display: '/reset', meta: 'new conversation' },
+    { text: '/clear', display: '/clear', meta: 'clear conversation' },
+    { text: '/quit', display: '/quit', meta: 'exit REPL' },
+];
+export function slashCompletionItems(input) {
+    if (!/^\/[a-z0-9-?]*$/i.test(input))
+        return [];
+    const query = input.slice(1).toLowerCase();
+    return BUILTIN_SLASH_COMPLETIONS.filter((item) => item.text.slice(1).startsWith(query));
+}
+export function completionForInput(input, cwd = process.cwd()) {
+    const slash = slashCompletionItems(input);
+    if (slash.length)
+        return { items: slash, replaceFrom: 0 };
+    const slashArgs = slashArgumentCompletion(input);
+    if (slashArgs.items.length)
+        return slashArgs;
+    const path = pathCompletion(input, cwd);
+    if (path.items.length)
+        return path;
+    return { items: [], replaceFrom: 0 };
+}
+function slashArgumentCompletion(input) {
+    const commandMatch = /^\/([a-z0-9-?]+)\s+/i.exec(input);
+    if (!commandMatch)
+        return { items: [], replaceFrom: 0 };
+    const command = commandMatch[1].toLowerCase();
+    const rawArgs = input.slice(commandMatch[0].length);
+    const hasTrailingSpace = /\s$/.test(input);
+    const args = rawArgs.trim() ? rawArgs.trim().split(/\s+/) : [];
+    const activeIndex = hasTrailingSpace ? args.length : Math.max(0, args.length - 1);
+    const prefix = hasTrailingSpace ? '' : (args.at(-1) ?? '');
+    const replaceFrom = input.length - prefix.length;
+    if (command === 'trail' && activeIndex === 0) {
+        return { items: filterArgumentItems(TRAIL_MODES, prefix), replaceFrom };
+    }
+    if (command === 'copy' && activeIndex === 0) {
+        return { items: filterArgumentItems(COPY_TARGETS, prefix), replaceFrom };
+    }
+    if (command === 'details') {
+        if (activeIndex === 0)
+            return { items: filterArgumentItems(DETAIL_SECTIONS, prefix), replaceFrom };
+        const section = args[0]?.toLowerCase();
+        if (activeIndex === 1 && (section === 'thinking' || section === 'tools')) {
+            return { items: filterArgumentItems(DETAIL_MODES, prefix), replaceFrom };
+        }
+    }
+    return { items: [], replaceFrom: 0 };
+}
+function filterArgumentItems(items, prefix) {
+    const query = prefix.toLowerCase();
+    return items.filter((item) => item.text.toLowerCase().startsWith(query));
+}
+function pathCompletion(input, cwd) {
+    const match = PATH_TOKEN_RE.exec(input);
+    if (!match)
+        return { items: [], replaceFrom: 0 };
+    const token = match[1];
+    const replaceFrom = input.length - token.length;
+    const mention = token.startsWith('@');
+    const rawToken = mention ? token.slice(1) : token;
+    const raw = rawToken === '~' ? '~/' : rawToken;
+    const hasTrailingSlash = raw.endsWith('/');
+    const rawDir = hasTrailingSlash ? raw : dirname(raw);
+    const prefix = hasTrailingSlash ? '' : basename(raw);
+    const dirPart = rawDir === '.' ? '' : rawDir;
+    const absoluteDir = resolveInputPath(dirPart || '.', cwd);
+    if (!existsSync(absoluteDir))
+        return { items: [], replaceFrom };
+    let entries;
+    try {
+        entries = readdirSync(absoluteDir, { withFileTypes: true });
+    }
+    catch {
+        return { items: [], replaceFrom };
+    }
+    const head = `${mention ? '@' : ''}${dirPart ? `${dirPart.replace(/\/?$/, '/')}` : ''}`;
+    const items = entries
+        .filter((entry) => !entry.name.startsWith('.') && entry.name.startsWith(prefix))
+        .sort((a, b) => Number(b.isDirectory()) - Number(a.isDirectory()) || a.name.localeCompare(b.name))
+        .slice(0, MAX_PATH_COMPLETIONS)
+        .map((entry) => {
+        const suffix = entry.isDirectory() ? '/' : '';
+        const text = `${head}${entry.name}${suffix}`;
+        return { display: text, meta: entry.isDirectory() ? 'dir' : 'file', text };
+    });
+    return { items, replaceFrom };
+}
+function resolveInputPath(input, cwd) {
+    if (input === '~')
+        return homedir();
+    if (input.startsWith('~/'))
+        return resolve(homedir(), input.slice(2));
+    if (isAbsolute(input))
+        return input;
+    return resolve(cwd, input);
+}
+export function clampCompletionIndex(index, count) {
+    if (count <= 0)
+        return 0;
+    return ((index % count) + count) % count;
+}
+export function completionReplaceValue(input, item, replaceFrom = 0) {
+    if (!item)
+        return null;
+    const next = `${input.slice(0, replaceFrom)}${item.text}`;
+    return next === input ? null : next;
+}

package/dist/support-dump.js

@@ -89,6 +89,12 @@ export async function buildSupportDump(options = {}) {
     const currentSessions = await listSessions({ cwd });
     const allSessions = await listSessions({ cwd: null });
     const { tools } = await import('./tools/index.js');
+    const polyglot = await import('./polyglot.js')
+        .then((m) => m.inspectPolyglotRuntimes({ cwd }))
+        .catch((e) => e);
+    const webSurface = await import('./web-surface.js')
+        .then((m) => m.inspectWebSurface({ cwd, loadConfig: async () => mcp }))
+        .catch((e) => e);
     lines.push(`${BRAND.productName} support dump`);
     lines.push(`version: ${options.version ?? '(dev)'}`);
     if (options.packageName)
@@ -123,6 +129,7 @@ export async function buildSupportDump(options = {}) {
         lines.push(`  brainPath: ${valueOrUnset(loadedConfig.brainPath)}`);
         lines.push(`  cacheTtl: ${loadedConfig.cacheTtl}`);
         lines.push(`  compaction: ${loadedConfig.compaction}`);
+        lines.push(`  contextCompression: ${loadedConfig.contextCompression}`);
         lines.push(`  thinking: ${valueOrUnset(loadedConfig.thinking)}`);
         lines.push(`  summaryModel: ${valueOrUnset(loadedConfig.summaryModel)}`);
         lines.push(`  embeddingModel: ${valueOrUnset(loadedConfig.embeddingModel)}`);
@@ -161,6 +168,20 @@ export async function buildSupportDump(options = {}) {
     for (const log of mcpLogs)
         lines.push(`  note: ${redactKey(log)}`);
     lines.push('');
+    lines.push('web search:');
+    if (webSurface instanceof Error) {
+        lines.push(`  load error: ${redactKey(webSurface.message)}`);
+    }
+    else {
+        lines.push(`  local search internet: ${yesNo(webSurface.localSearch.internet)}`);
+        lines.push(`  web candidates: ${webSurface.webCandidates.length}`);
+        for (const candidate of webSurface.webCandidates.slice(0, 10)) {
+            lines.push(`  ${candidate.name}: ${candidate.transport} ${candidate.reasons.join(' · ')}`);
+        }
+        if (webSurface.webCandidates.length > 10)
+            lines.push(`  ... ${webSurface.webCandidates.length - 10} more`);
+    }
+    lines.push('');
     lines.push('inventory:');
     lines.push(`  built-in tools: ${Object.keys(tools).length}`);
     lines.push(`  skills: ${skills.length}`);
@@ -170,6 +191,16 @@ export async function buildSupportDump(options = {}) {
     if (latest)
         lines.push(`  latest session: ${latest.id} updated ${latest.updated}`);
     lines.push('');
+    lines.push('runtimes:');
+    if (polyglot instanceof Error) {
+        lines.push(`  load error: ${redactKey(polyglot.message)}`);
+    }
+    else {
+        for (const runtime of polyglot.runtimes) {
+            lines.push(`  ${runtime.id}: ${runtime.status}${runtime.version ? ` (${runtime.version})` : ''}`);
+        }
+    }
+    lines.push('');
     lines.push(options.showKeys ? 'secrets: redacted prefixes/suffixes shown; raw keys are never printed' : 'secrets: hidden; use --show-keys to show redacted key fingerprints');
     return `${lines.join('\n')}\n`;
 }

package/dist/tool-catalog.js

@@ -0,0 +1,59 @@
+export const TOOL_CATALOG = [
+    {
+        detail: 'Read, write, patch, list, glob, grep, and run bounded shell commands in the current workspace.',
+        group: 'Files',
+        name: 'workspace tools',
+        summary: 'read/write/edit/list/glob/grep/bash',
+    },
+    {
+        detail: 'Inspect diffs, status, logs, and create commits when the user explicitly wants a commit.',
+        group: 'Git',
+        name: 'git tools',
+        summary: 'status/diff/log/commit',
+    },
+    {
+        detail: 'Remember facts, recall local memory, discover skills, and create reusable skill workflows.',
+        group: 'Memory',
+        name: 'memory + skills',
+        summary: 'remember/recall/find_skills/create_skill',
+    },
+    {
+        detail: 'Fetch public pages via the ethical web ladder (robots.txt, SSRF guard, reader/Tavily/Wayback fallbacks).',
+        group: 'Research',
+        name: 'web fetch',
+        summary: 'web_fetch (ethical ladder)',
+    },
+    {
+        detail: 'Use local brain search for vault/session/skill retrieval, and configured MCP web/search/fetch servers for current external facts with citations.',
+        group: 'Research',
+        name: 'local + web grounding',
+        summary: 'sanook search + web MCP readiness',
+    },
+    {
+        detail: 'Schedule recurring or future tasks for the Sanook gateway service to run later.',
+        group: 'Gateway',
+        name: 'scheduled tasks',
+        summary: 'schedule/list/cancel',
+    },
+    {
+        detail: 'Fan work out to sub-agents, collect results, cancel background jobs, and inspect task status.',
+        group: 'Agents',
+        name: 'agent orchestration',
+        summary: 'task/task_parallel/task_spawn/task_collect',
+    },
+    {
+        detail: 'Ask the language server for type errors and lint-like diagnostics after code edits.',
+        group: 'Quality',
+        name: 'diagnostics',
+        summary: 'LSP diagnostics',
+    },
+    {
+        detail: 'Run optional Python or Rust snippets/files without shell strings for data analysis and native-helper prototypes.',
+        group: 'Polyglot',
+        name: 'python + rust runtime tools',
+        summary: 'run_python/run_rust',
+    },
+];
+export function formatToolCatalog(tools = TOOL_CATALOG) {
+    return tools.map((tool) => `${tool.group}: ${tool.summary}`).join('\n  ');
+}

package/dist/tools/index.js

@@ -12,6 +12,8 @@ import { taskTool, taskParallelTool, taskSpawnTool, taskCollectTool, taskCancelT
 import { diagnosticsTool } from './diagnostics.js';
 import { gitStatusTool, gitDiffTool, gitLogTool, gitCommitTool } from './git.js';
 import { haCallServiceTool, haGetStateTool, haListEntitiesTool, haListServicesTool } from './homeassistant.js';
+import { pythonTool, rustTool } from './polyglot.js';
+import { webFetchTool } from './web-fetch-tool.js';
 /** tool registry ที่ส่งให้ agent loop */
 export const tools = {
     read_file: readFileTool,
@@ -21,6 +23,8 @@ export const tools = {
     glob: globTool,
     grep: grepTool,
     run_bash: bashTool,
+    run_python: pythonTool,
+    run_rust: rustTool,
     remember: rememberTool,
     recall: recallTool,
     skill: skillTool,
@@ -44,5 +48,6 @@ export const tools = {
     ha_get_state: haGetStateTool,
     ha_list_services: haListServicesTool,
     ha_call_service: haCallServiceTool,
+    web_fetch: webFetchTool,
 };
 export { readFileTool, writeFileTool, editFileTool, listDirTool, globTool, grepTool, bashTool };

package/dist/tools/permission.js

@@ -1,5 +1,5 @@
 import { homedir } from 'node:os';
-import { realpath, stat } from 'node:fs/promises';
+import { realpath, stat, lstat, readlink } from 'node:fs/promises';
 import { dirname, resolve, join, sep } from 'node:path';
 import { getBrainPath } from '../memory.js';
 import { BRAND_ENV, envFlag } from '../brand.js';
@@ -928,18 +928,60 @@ function readsProtectedEnvFile(cmd) {
         return true;
     return false;
 }
-export function checkBash(cmd, depth = 0) {
-    if (hasRmRecursiveForce(cmd) || hasDangerousGitOperation(cmd) || hasDestructiveCommand(cmd)) {
-        return { ok: false, reason: `คำสั่งทำลายล้าง/irreversible ถูกปฏิเสธ: "${cmd}"` };
+// Rebuild `cmd` with each segment's COMMAND token de-quoted/de-escaped (e.g. `r\m`, `'rm'`, `g\it`
+// → `rm`, `git`), leaving every other token byte-identical so the literal-search-pattern exemption
+// (e.g. `grep 'rm -rf'`) still holds. Lets the matchers below see the real command name.
+function deobfuscateCommandTokens(cmd) {
+    const entries = shellishTokenEntries(cmd);
+    if (entries.length === 0)
+        return cmd;
+    const bySegment = new Map();
+    for (const entry of entries) {
+        const seg = bySegment.get(entry.segment);
+        if (seg)
+            seg.push(entry);
+        else
+            bySegment.set(entry.segment, [entry]);
     }
-    if (PROTECTED_CMD_PATH.test(cmd) || mentionsProtectedEnvPath(cmd) || readsProtectedEnvFile(cmd)) {
-        return { ok: false, reason: `คำสั่งที่อ่าน/แตะ path ลับถูกปฏิเสธ: "${cmd}"` };
+    const replacements = [];
+    for (const segEntries of bySegment.values()) {
+        const ci = shellSegmentCommandIndex(segEntries);
+        if (ci < 0)
+            continue;
+        const entry = segEntries[ci];
+        const cleaned = cleanShellToken(entry.raw);
+        if (cleaned && cleaned !== entry.raw)
+            replacements.push({ start: entry.start, end: entry.end, text: cleaned });
     }
-    if (nestedShellCommandDenied(cmd, depth)) {
-        return { ok: false, reason: `คำสั่ง nested shell ที่อันตรายถูกปฏิเสธ: "${cmd}"` };
+    if (replacements.length === 0)
+        return cmd;
+    replacements.sort((a, b) => b.start - a.start); // right-to-left so offsets stay valid
+    let out = cmd;
+    for (const r of replacements)
+        out = out.slice(0, r.start) + r.text + out.slice(r.end);
+    return out;
+}
+export function checkBash(cmd, depth = 0) {
+    // Also test a de-obfuscated copy so a backslash/quote-mangled command name can't slip past.
+    const deob = deobfuscateCommandTokens(cmd);
+    const variants = deob === cmd ? [cmd] : [cmd, deob];
+    for (const c of variants) {
+        if (hasRmRecursiveForce(c) || hasDangerousGitOperation(c) || hasDestructiveCommand(c)) {
+            return { ok: false, reason: `คำสั่งทำลายล้าง/irreversible ถูกปฏิเสธ: "${cmd}"` };
+        }
     }
-    if (envWrappedCommandDenied(cmd, depth)) {
-        return { ok: false, reason: `คำสั่ง env wrapper ที่อันตรายถูกปฏิเสธ: "${cmd}"` };
+    for (const c of variants) {
+        if (PROTECTED_CMD_PATH.test(c) || mentionsProtectedEnvPath(c) || readsProtectedEnvFile(c)) {
+            return { ok: false, reason: `คำสั่งที่อ่าน/แตะ path ลับถูกปฏิเสธ: "${cmd}"` };
+        }
+    }
+    for (const c of variants) {
+        if (nestedShellCommandDenied(c, depth)) {
+            return { ok: false, reason: `คำสั่ง nested shell ที่อันตรายถูกปฏิเสธ: "${cmd}"` };
+        }
+        if (envWrappedCommandDenied(c, depth)) {
+            return { ok: false, reason: `คำสั่ง env wrapper ที่อันตรายถูกปฏิเสธ: "${cmd}"` };
+        }
     }
     return { ok: true };
 }
@@ -951,6 +993,21 @@ async function canonicalExisting(path) {
         return resolve(path);
     }
 }
+// If `path`'s leaf is a symlink, return where it actually points (resolved against its
+// dir). A DANGLING leaf symlink (target missing, parent present) otherwise slips past
+// existingAncestor (which stat()s through the link, fails, and falls back to the parent),
+// letting a write follow the link outside the workspace.
+async function symlinkLeafTarget(path) {
+    try {
+        const st = await lstat(path);
+        if (!st.isSymbolicLink())
+            return null;
+        return resolve(dirname(path), await readlink(path));
+    }
+    catch {
+        return null;
+    }
+}
 async function existingAncestor(path) {
     let dir = resolve(path);
     for (;;) {
@@ -1009,17 +1066,26 @@ export async function checkReadPath(path) {
 export async function checkWritePath(path) {
     const abs = resolve(path);
     const canonical = await existingAncestor(path);
+    // Where a symlinked leaf would actually write (closes the dangling-leaf-symlink escape).
+    const linkTarget = await symlinkLeafTarget(path);
+    const targetReal = linkTarget ? await existingAncestor(linkTarget) : null;
+    const candidates = [abs, canonical, ...(linkTarget ? [linkTarget, targetReal] : [])];
     const inProtectedDir = (p) => PROTECTED_DIRS.some((d) => p === d || p.startsWith(d + sep));
-    if (PROTECTED_EXACT.has(abs) ||
-        PROTECTED_EXACT.has(canonical) ||
-        inProtectedDir(abs) ||
-        inProtectedDir(canonical) ||
-        protectedSegment(abs) ||
-        protectedSegment(canonical)) {
+    if (candidates.some((p) => PROTECTED_EXACT.has(p) || inProtectedDir(p) || protectedSegment(p))) {
         return {
             ok: false,
             reason: `path ที่ป้องกันถูกปฏิเสธ: "${path}" (secrets / shell-rc / .sanook / .git / .env / node_modules)`,
         };
     }
+    // A symlinked leaf must resolve INSIDE the workspace/brain, not just sit there as a link.
+    if (linkTarget) {
+        const roots = await allowedRoots();
+        if (!roots.some((root) => inside(targetReal, root))) {
+            return {
+                ok: false,
+                reason: `symlink ชี้ออกนอก workspace/brain ที่อนุญาต: "${path}" → "${linkTarget}" (ตั้ง ${BRAND_ENV.allowOutsideWorkspace}=1 เพื่อ opt-in)`,
+            };
+        }
+    }
     return checkPathScope(path, 'write');
 }

package/dist/tools/polyglot.js

@@ -0,0 +1,126 @@
+import { tool } from 'ai';
+import { z } from 'zod';
+import { mkdtemp, rm, writeFile } from 'node:fs/promises';
+import { tmpdir } from 'node:os';
+import { join } from 'node:path';
+import { findBinary } from '../lsp/servers.js';
+import { runProcess, formatProcessResult } from '../process-runner.js';
+import { agentCwd } from '../agentContext.js';
+import { checkReadPath } from './permission.js';
+import { maybeSandboxExec } from './sandbox.js';
+import { resolveAgentPath } from './util.js';
+const MAX_TIMEOUT_MS = 300_000;
+// Run a runtime (python/rustc/compiled exe) under the same OS sandbox as run_bash so
+// inline code cannot write outside the workspace (cwd + brain + tmp). No-shell: argv is
+// wrapped directly, so there is no shell interpolation of the code/args.
+async function runConfined(file, args, cwd, opts) {
+    const sb = await maybeSandboxExec(file, args, cwd);
+    return sb ? runProcess(sb.file, sb.args, { cwd, ...opts }) : runProcess(file, args, { cwd, ...opts });
+}
+const RuntimeScriptSchema = z
+    .object({
+    code: z.string().optional().describe('source code to run as a temporary script'),
+    path: z.string().optional().describe('existing script/source file to run instead of code'),
+    args: z.array(z.string()).optional().describe('argv passed to the script/program'),
+    stdin: z.string().optional().describe('stdin content for the process'),
+    timeoutMs: z.number().int().positive().max(MAX_TIMEOUT_MS).optional().describe('timeout in ms (default 120000, max 300000)'),
+})
+    .refine((v) => Boolean(v.code) !== Boolean(v.path), 'provide exactly one of code or path');
+async function existingSourcePath(path) {
+    const full = resolveAgentPath(path);
+    const guard = await checkReadPath(full);
+    if (!guard.ok)
+        return { ok: false, reason: guard.reason };
+    return { ok: true, path: full };
+}
+async function tempSource(suffix, content) {
+    const dir = await mkdtemp(join(tmpdir(), 'sanook-polyglot-'));
+    const path = join(dir, `main${suffix}`);
+    await writeFile(path, content, 'utf8');
+    return { dir, path };
+}
+async function findRuntime(command) {
+    const bin = await findBinary(command, agentCwd());
+    return bin ?? findBinary(command, process.cwd()) ?? null;
+}
+async function runPython(input) {
+    const cwd = agentCwd();
+    const python = (await findRuntime('python3')) ?? (await findRuntime('python'));
+    if (!python)
+        return 'PYTHON: ยังไม่พบ python3/python — ติดตั้ง Python 3.11+ แล้วลองใหม่';
+    let tempDir;
+    let scriptPath;
+    try {
+        if (input.path) {
+            const source = await existingSourcePath(input.path);
+            if (!source.ok)
+                return `BLOCKED: ${source.reason}`;
+            scriptPath = source.path;
+        }
+        else {
+            const temp = await tempSource('.py', input.code ?? '');
+            tempDir = temp.dir;
+            scriptPath = temp.path;
+        }
+        const result = await runConfined(python, [scriptPath, ...(input.args ?? [])], cwd, {
+            input: input.stdin,
+            timeoutMs: input.timeoutMs,
+        });
+        return formatProcessResult(result);
+    }
+    finally {
+        if (tempDir)
+            await rm(tempDir, { recursive: true, force: true }).catch(() => { });
+    }
+}
+async function runRust(input) {
+    const cwd = agentCwd();
+    const rustc = await findRuntime('rustc');
+    if (!rustc)
+        return 'RUST: ยังไม่พบ rustc — ติดตั้ง Rust ผ่าน rustup แล้วลองใหม่';
+    let tempDir;
+    try {
+        const temp = await mkdtemp(join(tmpdir(), 'sanook-rust-'));
+        tempDir = temp;
+        const sourcePath = input.path
+            ? await (async () => {
+                const source = await existingSourcePath(input.path);
+                if (!source.ok)
+                    return source;
+                return { ok: true, path: source.path };
+            })()
+            : { ok: true, path: join(temp, 'main.rs') };
+        if (!sourcePath.ok)
+            return `BLOCKED: ${sourcePath.reason}`;
+        if (!input.path)
+            await writeFile(sourcePath.path, input.code ?? '', 'utf8');
+        const exe = join(temp, process.platform === 'win32' ? 'sanook-rust-helper.exe' : 'sanook-rust-helper');
+        const compile = await runConfined(rustc, ['--edition=2021', sourcePath.path, '-o', exe], cwd, {
+            timeoutMs: input.timeoutMs,
+        });
+        if (!compile.ok)
+            return `RUST COMPILE ${formatProcessResult(compile)}`;
+        const run = await runConfined(exe, input.args ?? [], cwd, {
+            input: input.stdin,
+            timeoutMs: input.timeoutMs,
+        });
+        return formatProcessResult(run);
+    }
+    finally {
+        if (tempDir)
+            await rm(tempDir, { recursive: true, force: true }).catch(() => { });
+    }
+}
+export const pythonTool = tool({
+    description: 'รัน Python แบบ no-shell สำหรับงานที่ Python ถนัด: data/JSON/CSV transform, document/text parsing, ML/OCR helper, research script. ' +
+        'ใช้ code สำหรับ snippet สั้น หรือ path สำหรับไฟล์ .py ใน workspace. ต้องมี python3/python ใน PATH.',
+    inputSchema: RuntimeScriptSchema,
+    execute: runPython,
+});
+export const rustTool = tool({
+    description: 'compile+run Rust single-file/snippet แบบ no-shell สำหรับงานที่ Rust ถนัด: parser/checker ที่เร็ว, algorithm ที่ต้อง type-safe, native helper prototype. ' +
+        'ใช้ code สำหรับ main.rs ชั่วคราว หรือ path สำหรับไฟล์ .rs เดี่ยวใน workspace. ต้องมี rustc ใน PATH; งาน Cargo project ให้ใช้ run_bash ตามปกติ.',
+    inputSchema: RuntimeScriptSchema,
+    execute: runRust,
+});
+export const runtimeScriptSchema = RuntimeScriptSchema;

package/dist/tools/sandbox.js

@@ -27,15 +27,12 @@ function seatbeltProfile(writable) {
         '  (literal "/dev/null") (literal "/dev/stdout") (literal "/dev/stderr"))',
     ].join('\n');
 }
-function bwrapArgs(writable, cmd) {
+function bwrapArgs(writable, tail) {
     const binds = writable.flatMap((w) => ['--bind', w, w]);
-    return ['--ro-bind', '/', '/', '--dev', '/dev', '--proc', '/proc', ...binds, '/bin/sh', '-c', cmd];
+    return ['--ro-bind', '/', '/', '--dev', '/dev', '--proc', '/proc', ...binds, ...tail];
 }
-/**
- * คืน {file,args} สำหรับรัน cmd แบบ sandbox (ผ่าน execFile) — หรือ null ถ้าไม่มี sandbox/ปิดไว้
- * (caller รัน cmd ตรงๆ ตามเดิม). path ที่มี '"' → ข้าม sandbox (กัน profile พัง)
- */
-export async function maybeSandbox(cmd, cwd = process.cwd()) {
+// writable dirs (cwd + tmp + brain) — or null when sandbox is disabled / unusable
+async function sandboxWritable(cwd) {
     if (envFlag(BRAND_ENV.allowOutsideWorkspace) || envFlag('SANOOK_NO_SANDBOX'))
         return null;
     const writable = [canon(cwd), canon(tmpdir())];
@@ -44,18 +41,46 @@ export async function maybeSandbox(cmd, cwd = process.cwd()) {
         writable.push(canon(brain));
     if (writable.some((w) => w.includes('"')))
         return null;
+    return writable;
+}
+function sandboxBin() {
     const os = platform();
     if (os === 'darwin') {
         const bin = ['/usr/bin/sandbox-exec', '/usr/sbin/sandbox-exec'].find((p) => existsSync(p));
-        if (!bin)
-            return null;
-        return { file: bin, args: ['-p', seatbeltProfile(writable), '/bin/sh', '-c', cmd] };
+        return bin ? { os, bin } : null;
     }
     if (os === 'linux') {
         const bin = ['/usr/bin/bwrap', '/bin/bwrap'].find((p) => existsSync(p));
-        if (!bin)
-            return null;
-        return { file: bin, args: bwrapArgs(writable, cmd) };
+        return bin ? { os, bin } : null;
     }
     return null;
 }
+// wrap an execFile-style argv (already split — no shell) under the sandbox tail
+function wrap(writable, tail) {
+    const sb = sandboxBin();
+    if (!sb)
+        return null;
+    if (sb.os === 'darwin')
+        return { file: sb.bin, args: ['-p', seatbeltProfile(writable), ...tail] };
+    return { file: sb.bin, args: bwrapArgs(writable, tail) };
+}
+/**
+ * คืน {file,args} สำหรับรัน cmd แบบ sandbox (ผ่าน execFile) — หรือ null ถ้าไม่มี sandbox/ปิดไว้
+ * (caller รัน cmd ตรงๆ ตามเดิม). path ที่มี '"' → ข้าม sandbox (กัน profile พัง)
+ */
+export async function maybeSandbox(cmd, cwd = process.cwd()) {
+    const writable = await sandboxWritable(cwd);
+    if (!writable)
+        return null;
+    return wrap(writable, ['/bin/sh', '-c', cmd]);
+}
+/**
+ * เหมือน maybeSandbox แต่สำหรับ "no-shell" exec (run_python/run_rust): ห่อ argv โดยตรง
+ * ผ่าน execFile (ไม่มี shell interpolation) — confine write ให้อยู่ใน cwd+brain+tmp เท่ากับ run_bash.
+ */
+export async function maybeSandboxExec(file, argv, cwd = process.cwd()) {
+    const writable = await sandboxWritable(cwd);
+    if (!writable)
+        return null;
+    return wrap(writable, [file, ...argv]);
+}

package/dist/tools/search.js

@@ -9,8 +9,15 @@ import { checkReadPath } from './permission.js';
 import { agentCwd } from '../agentContext.js';
 // pure-JS grep fallback — ใช้เมื่อ ripgrep (rg) ไม่ได้ติดตั้ง (เช่น Windows สะอาด) → grep ใช้ได้ทุกแพลตฟอร์ม
 const FALLBACK_IGNORE = new Set(['node_modules', '.git', 'dist', 'build', 'coverage', '.next', '.cache', '.turbo', '.vercel', 'vendor']);
+const FALLBACK_IGNORE_FILES = new Set(['.ds_store', '.localized', 'desktop.ini', 'thumbs.db']);
 const FALLBACK_MAX_FILE = 2 * 1024 * 1024; // ข้ามไฟล์ใหญ่ (กันช้า/binary)
 const PER_FILE_CAP = 50; // เหมือน rg --max-count 50
+function isFallbackIgnoredFile(name) {
+    return FALLBACK_IGNORE_FILES.has(name.toLowerCase()) || name.startsWith('._');
+}
+function isFallbackIgnoredDir(name) {
+    return FALLBACK_IGNORE.has(name.toLowerCase()) || name.startsWith('.');
+}
 function otherAsciiCase(ch) {
     const code = ch.charCodeAt(0);
     if (code >= 65 && code <= 90)
@@ -250,10 +257,10 @@ export async function jsGrep(pattern, base, target) {
             if (!guard.ok)
                 continue;
             if (e.isDirectory()) {
-                if (!FALLBACK_IGNORE.has(e.name) && !e.name.startsWith('.'))
+                if (!isFallbackIgnoredDir(e.name))
                     await walk(full);
             }
-            else if (e.isFile()) {
+            else if (e.isFile() && !isFallbackIgnoredFile(e.name)) {
                 await scanFile(full);
             }
         }