npm - sentinelayer-cli - Versions diffs - 0.6.2 → 0.8.0 - Mend

sentinelayer-cli 0.6.2 → 0.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (159) hide show

package/README.md +996 -996
package/bin/create-sentinelayer.js +5 -5
package/bin/sentinelayer-cli.js +4 -4
package/bin/sl.js +5 -5
package/package.json +64 -63
package/src/agents/jules/config/definition.js +160 -160
package/src/agents/jules/config/system-prompt.js +182 -182
package/src/agents/jules/error-intake.js +51 -51
package/src/agents/jules/fix-cycle.js +17 -17
package/src/agents/jules/loop.js +457 -450
package/src/agents/jules/pulse.js +10 -10
package/src/agents/jules/stream.js +187 -186
package/src/agents/jules/swarm/file-scanner.js +74 -74
package/src/agents/jules/swarm/index.js +11 -11
package/src/agents/jules/swarm/orchestrator.js +362 -362
package/src/agents/jules/swarm/pattern-hunter.js +123 -123
package/src/agents/jules/swarm/sub-agent.js +311 -309
package/src/agents/jules/tools/aidenid-email.js +189 -189
package/src/agents/jules/tools/auth-audit.js +1699 -1691
package/src/agents/jules/tools/dispatch.js +340 -335
package/src/agents/jules/tools/file-edit.js +2 -2
package/src/agents/jules/tools/file-read.js +2 -2
package/src/agents/jules/tools/frontend-analyze.js +570 -570
package/src/agents/jules/tools/glob.js +2 -2
package/src/agents/jules/tools/grep.js +2 -2
package/src/agents/jules/tools/index.js +29 -29
package/src/agents/jules/tools/path-guards.js +2 -2
package/src/agents/jules/tools/runtime-audit.js +507 -507
package/src/agents/jules/tools/shell.js +2 -2
package/src/agents/jules/tools/url-policy.js +100 -100
package/src/agents/persona-visuals.js +64 -61
package/src/agents/shared-tools/dispatch-core.js +320 -315
package/src/agents/shared-tools/file-edit.js +180 -180
package/src/agents/shared-tools/file-read.js +100 -100
package/src/agents/shared-tools/glob.js +168 -168
package/src/agents/shared-tools/grep.js +228 -228
package/src/agents/shared-tools/index.js +46 -46
package/src/agents/shared-tools/path-guards.js +161 -161
package/src/agents/shared-tools/shell.js +383 -383
package/src/ai/aidenid.js +1021 -1009
package/src/ai/client.js +553 -553
package/src/ai/domain-target-store.js +268 -268
package/src/ai/identity-store.js +270 -270
package/src/ai/proxy.js +137 -137
package/src/ai/site-store.js +145 -145
package/src/audit/agents/architecture.js +180 -180
package/src/audit/agents/compliance.js +179 -179
package/src/audit/agents/documentation.js +165 -165
package/src/audit/agents/performance.js +145 -145
package/src/audit/agents/security.js +215 -215
package/src/audit/agents/testing.js +172 -172
package/src/audit/orchestrator.js +557 -557
package/src/audit/package.js +204 -204
package/src/audit/registry.js +284 -284
package/src/audit/replay.js +103 -103
package/src/auth/gate.js +400 -371
package/src/auth/http.js +681 -611
package/src/auth/service.js +1106 -1106
package/src/auth/session-store.js +813 -813
package/src/cli.js +257 -252
package/src/commands/ai/identity-lifecycle.js +1338 -1338
package/src/commands/ai/provision-governance.js +1272 -1272
package/src/commands/ai/shared.js +147 -147
package/src/commands/ai.js +11 -11
package/src/commands/apply.js +12 -12
package/src/commands/audit.js +1171 -1166
package/src/commands/auth.js +419 -419
package/src/commands/chat.js +191 -191
package/src/commands/config.js +184 -184
package/src/commands/cost.js +311 -311
package/src/commands/daemon/core.js +850 -850
package/src/commands/daemon/extended.js +1048 -1048
package/src/commands/daemon/shared.js +213 -213
package/src/commands/daemon.js +11 -11
package/src/commands/guide.js +174 -174
package/src/commands/ingest.js +58 -58
package/src/commands/init.js +55 -55
package/src/commands/legacy-args.js +10 -10
package/src/commands/mcp.js +461 -461
package/src/commands/omargate.js +29 -29
package/src/commands/persona.js +20 -20
package/src/commands/plugin.js +260 -260
package/src/commands/policy.js +132 -132
package/src/commands/prompt.js +238 -238
package/src/commands/review.js +704 -704
package/src/commands/scan.js +872 -872
package/src/commands/session.js +590 -0
package/src/commands/spec.js +778 -716
package/src/commands/swarm.js +651 -651
package/src/commands/telemetry.js +202 -202
package/src/commands/watch.js +511 -511
package/src/config/agent-dictionary.js +182 -182
package/src/config/io.js +56 -56
package/src/config/paths.js +18 -18
package/src/config/schema.js +55 -55
package/src/config/service.js +184 -184
package/src/cost/budget.js +235 -235
package/src/cost/history.js +188 -188
package/src/cost/tracker.js +171 -171
package/src/daemon/artifact-lineage.js +534 -534
package/src/daemon/assignment-ledger.js +966 -770
package/src/daemon/ast-parser-layer.js +258 -258
package/src/daemon/budget-governor.js +633 -633
package/src/daemon/callgraph-overlay.js +646 -646
package/src/daemon/error-worker.js +1209 -626
package/src/daemon/fix-cycle.js +384 -377
package/src/daemon/hybrid-mapper.js +929 -929
package/src/daemon/ingest-refresh.js +10 -9
package/src/daemon/jira-lifecycle.js +767 -632
package/src/daemon/operator-control.js +657 -657
package/src/daemon/pulse.js +327 -327
package/src/daemon/reliability-lane.js +471 -471
package/src/daemon/scope-engine.js +1068 -0
package/src/daemon/watchdog.js +971 -971
package/src/events/schema.js +190 -0
package/src/guide/generator.js +316 -316
package/src/ingest/engine.js +918 -918
package/src/interactive/index.js +97 -97
package/src/legacy-cli.js +3161 -2994
package/src/mcp/registry.js +695 -695
package/src/memory/blackboard.js +301 -301
package/src/memory/retrieval.js +581 -581
package/src/plugin/manifest.js +553 -553
package/src/policy/packs.js +144 -144
package/src/prompt/generator.js +136 -118
package/src/review/ai-review.js +679 -679
package/src/review/local-review.js +1351 -1305
package/src/review/omargate-interactive.js +68 -68
package/src/review/omargate-orchestrator.js +404 -300
package/src/review/persona-prompts.js +296 -296
package/src/review/replay.js +235 -235
package/src/review/report.js +664 -664
package/src/review/scan-modes.js +48 -42
package/src/review/spec-binding.js +487 -487
package/src/scaffold/generator.js +67 -67
package/src/scaffold/templates.js +150 -150
package/src/scan/generator.js +418 -418
package/src/scan/gh-secrets.js +107 -107
package/src/session/agent-registry.js +352 -0
package/src/session/daemon.js +801 -0
package/src/session/paths.js +33 -0
package/src/session/runtime-bridge.js +739 -0
package/src/session/store.js +388 -0
package/src/session/stream.js +325 -0
package/src/spec/generator.js +619 -519
package/src/spec/regenerate.js +237 -237
package/src/spec/templates.js +91 -91
package/src/swarm/dashboard.js +247 -247
package/src/swarm/factory.js +363 -363
package/src/swarm/pentest.js +934 -934
package/src/swarm/registry.js +419 -419
package/src/swarm/report.js +158 -158
package/src/swarm/runtime.js +576 -576
package/src/swarm/scenario-dsl.js +272 -272
package/src/telemetry/ledger.js +302 -302
package/src/telemetry/session-tracker.js +234 -234
package/src/telemetry/sync.js +203 -203
package/src/ui/command-hints.js +13 -13
package/src/ui/markdown.js +220 -220

package/src/agents/jules/loop.js CHANGED Viewed

@@ -1,450 +1,457 @@
-import { randomUUID } from "node:crypto";
-import { createMultiProviderApiClient } from "../../ai/client.js";
-import { evaluateBudget } from "../../cost/budget.js";
-import { dispatchTool, createAgentContext, BudgetExhaustedError } from "./tools/dispatch.js";
-import { JULES_DEFINITION } from "./config/definition.js";
-import { shouldSpawnSubAgents, runJulesSwarm } from "./swarm/orchestrator.js";
-import { frontendAnalyze } from "./tools/frontend-analyze.js";
-/**
- * Jules Tanaka — Agentic Loop
- *
- * Core state machine: LLM → tool_use → execute → result → LLM → repeat
- * With sub-agent swarm integration for large codebases.
- *
- * This loop is self-contained: it uses the existing ai/client.js for LLM calls,
- * the existing cost/budget.js for budget enforcement, and the Jules tool
- * dispatch for tool execution. No dependency on Batches O-Q.
- */
-const DEFAULT_MAX_TURNS = 25;
-const HEARTBEAT_INTERVAL_TURNS = 5;
-/**
- * Run Jules' agentic audit loop.
- *
- * @param {object} config
- * @param {string} config.systemPrompt - Jules' full system prompt
- * @param {object} config.scopeMap - { primary, secondary, tertiary } file lists
- * @param {string} config.rootPath - Codebase root
- * @param {object} [config.omarBaseline] - Deterministic baseline findings (if available)
- * @param {object} [config.blackboard] - Shared blackboard for cross-agent findings
- * @param {object} [config.memory] - Memory index for cross-run recall
- * @param {object} [config.budget] - Budget overrides
- * @param {object} [config.provider] - LLM provider overrides
- * @param {string} [config.mode] - "primary" | "secondary" | "tertiary"
- * @param {number} [config.maxTurns] - Max loop iterations
- * @param {AbortController} [config.abortController]
- * @param {function} [config.onEvent] - Streaming event callback
- * @returns {AsyncGenerator<JulesEvent>} Yields events as they occur
- */
-export async function* julesAuditLoop(config) {
-  const {
-    systemPrompt,
-    scopeMap,
-    rootPath,
-    omarBaseline,
-    blackboard,
-    memory,
-    provider,
-    mode = "primary",
-    maxTurns = DEFAULT_MAX_TURNS,
-    abortController,
-    onEvent,
-  } = config;
-  const budget = { ...JULES_DEFINITION.budget, ...config.budget };
-  const runId = `jules-${Date.now()}-${randomUUID().slice(0, 8)}`;
-  const startedAt = Date.now();
-  const client = createMultiProviderApiClient(provider || {});
-  const ctx = createAgentContext({
-    agentIdentity: { id: JULES_DEFINITION.id, persona: JULES_DEFINITION.persona },
-    budget,
-    runId,
-    onEvent,
-  });
-  const emit = (event, payload) => {
-    const evt = {
-      stream: "sl_event",
-      event,
-      agent: { id: JULES_DEFINITION.id, persona: JULES_DEFINITION.persona, color: JULES_DEFINITION.color, avatar: JULES_DEFINITION.avatar },
-      payload,
-      usage: {
-        costUsd: ctx.usage.costUsd,
-        outputTokens: ctx.usage.outputTokens,
-        toolCalls: ctx.usage.toolCalls,
-        durationMs: Date.now() - startedAt,
-      },
-    };
-    if (onEvent) onEvent(evt);
-    return evt;
-  };
-  yield emit("agent_start", { mode, runId, maxTurns, budget });
-  // ── Phase 0: Prerequisites ────────────────────────────────────────
-  yield emit("progress", { phase: "prerequisites", message: "Detecting framework..." });
-  let framework = {};
-  try {
-    framework = frontendAnalyze({ operation: "detect_framework", path: rootPath });
-    ctx.usage.toolCalls++;
-    yield emit("tool_result", { tool: "FrontendAnalyze", operation: "detect_framework", result: { framework: framework.framework, componentCount: framework.componentCount } });
-  } catch { /* proceed without */ }
-  // ── Phase 1: Swarm or direct? ─────────────────────────────────────
-  const spawnDecision = shouldSpawnSubAgents(scopeMap);
-  let swarmFindings = [];
-  if (spawnDecision.spawn && blackboard) {
-    yield emit("progress", { phase: "swarm", message: `Large frontend (${spawnDecision.reason}). Spawning sub-agents...` });
-    const swarmResult = await runJulesSwarm({
-      scopeMap,
-      rootPath,
-      blackboard,
-      budget: { ...budget, maxCostUsd: budget.maxCostUsd * 0.6 }, // 60% for swarm
-      provider,
-      parentAbort: abortController,
-      onEvent,
-    });
-    swarmFindings = swarmResult.agentResults.flatMap(r => r.findings);
-    ctx.usage.costUsd += swarmResult.usage.totalCostUsd;
-    ctx.usage.toolCalls += swarmResult.usage.totalToolCalls;
-    yield emit("swarm_complete", {
-      totalFindings: swarmFindings.length,
-      totalAgents: swarmResult.usage.totalAgents,
-      totalCostUsd: swarmResult.usage.totalCostUsd,
-    });
-  }
-  // ── Phase 2: Jules primary deep analysis (agentic LLM loop) ──────
-  yield emit("progress", { phase: "deep_analysis", message: "Starting deep analysis..." });
-  // Build context for LLM — BLIND-FIRST: no Omar baseline or swarm findings
-  // in the initial context. Only codebase metadata and memory recall (past runs,
-  // not current-run findings). Swarm/baseline reconciliation happens AFTER the
-  // independent deep analysis completes.
-  const contextParts = [];
-  contextParts.push(`Framework: ${framework.framework || "unknown"}`);
-  contextParts.push(`Mode: ${mode}`);
-  contextParts.push(`Components: ${framework.componentCount || "unknown"}`);
-  contextParts.push(`Scope: ${(scopeMap.primary || []).length} primary files`);
-  if (memory) {
-    try {
-      const recalled = memory.query ? memory.query({
-        files: (scopeMap.primary || []).map(f => f.path || f),
-        limit: 10,
-      }) : [];
-      if (recalled.length > 0) {
-        contextParts.push(`\nPrevious findings recalled from memory (${recalled.length}):`);
-        for (const r of recalled) {
-          contextParts.push(`- ${r.content || r.text || JSON.stringify(r).slice(0, 100)}`);
-        }
-      }
-    } catch { /* memory recall failure is non-blocking */ }
-  }
-  const messages = [
-    { role: "user", content: contextParts.join("\n") +
-      "\n\nPerform your deep analysis now. Use FileRead, Grep, Glob, and FrontendAnalyze tools as needed. " +
-      "Return your findings in a ```json code block as an array of { severity, file, line, title, evidence, rootCause, recommendedFix, trafficLight, reproduction, user_impact, confidence }." },
-  ];
-  const allFindings = [...swarmFindings];
-  let turnCount = 0;
-  while (turnCount < maxTurns) {
-    if (abortController?.signal.aborted) {
-      yield emit("agent_abort", { reason: "user_cancelled" });
-      break;
-    }
-    // Budget check before LLM call
-    const preCheck = evaluateBudget({
-      sessionSummary: {
-        costUsd: ctx.usage.costUsd,
-        outputTokens: ctx.usage.outputTokens,
-        durationMs: Date.now() - startedAt,
-        toolCalls: ctx.usage.toolCalls,
-      },
-      ...budget,
-    });
-    if (preCheck.blocking) {
-      yield emit("budget_stop", { reasons: preCheck.reasons });
-      break;
-    }
-    if (preCheck.warnings.length > 0) {
-      yield emit("budget_warning", { warnings: preCheck.warnings });
-    }
-    turnCount++;
-    // Heartbeat
-    if (turnCount % HEARTBEAT_INTERVAL_TURNS === 0) {
-      yield emit("heartbeat", {
-        turnsCompleted: turnCount,
-        turnsMax: maxTurns,
-        findingsSoFar: allFindings.length,
-        budgetRemaining: {
-          costUsd: Math.max(0, budget.maxCostUsd - ctx.usage.costUsd),
-          pct: Math.max(0, 100 - (ctx.usage.costUsd / budget.maxCostUsd * 100)),
-        },
-      });
-    }
-    // Call LLM — format system prompt + messages into a single prompt
-    // for the MultiProviderApiClient which uses a completions-style API
-    let response;
-    try {
-      response = await client.invoke({
-        prompt: formatPromptForClient(systemPrompt, messages),
-      });
-    } catch (err) {
-      yield emit("llm_error", { error: err.message, turn: turnCount });
-      break;
-    }
-    const responseText = response.text || "";
-    ctx.usage.outputTokens += Math.ceil(responseText.length / 4);
-    ctx.usage.costUsd += (Math.ceil(responseText.length / 4) / 1_000_000) * 15;
-    yield emit("reasoning", {
-      phase: "deep_analysis",
-      turn: turnCount,
-      summary: responseText.slice(0, 200),
-    });
-    // Parse tool_use blocks
-    const toolCalls = parseToolUseBlocks(responseText);
-    if (toolCalls.length === 0) {
-      // No tools — extract findings from response
-      const parsed = extractJsonFindings(responseText);
-      for (const finding of parsed) {
-        allFindings.push(finding);
-        yield emit("finding", { ...finding });
-        if (blackboard) {
-          try {
-            await blackboard.appendEntry({
-              agentId: JULES_DEFINITION.id,
-              source: "jules-primary",
-              ...finding,
-            });
-          } catch { /* blackboard write failure non-blocking */ }
-        }
-      }
-      messages.push({ role: "assistant", content: responseText });
-      break; // LLM is done
-    }
-    // Execute tool calls
-    const results = [];
-    for (const call of toolCalls) {
-      try {
-        const result = await dispatchTool(call.tool, call.input, ctx);
-        results.push({ tool: call.tool, result });
-        yield emit("tool_call", { tool: call.tool, input: sanitizeForEvent(call.input) });
-      } catch (err) {
-        if (err instanceof BudgetExhaustedError) {
-          yield emit("budget_stop", { reason: err.message });
-          break;
-        }
-        results.push({ tool: call.tool, error: err.message });
-      }
-    }
-    // Feed results back
-    messages.push({ role: "assistant", content: responseText });
-    messages.push({
-      role: "user",
-      content: results.map(r =>
-        r.error
-          ? `Tool ${r.tool} failed: ${r.error}`
-          : `Tool ${r.tool} result:\n${JSON.stringify(r.result).slice(0, 3000)}`,
-      ).join("\n\n") + "\n\nContinue your analysis. If done, return findings in a ```json code block.",
-    });
-  }
-  // ── Phase 2b: Reconciliation (post-blind-pass) ─────────────────────
-  // Now that the independent analysis is complete, cross-reference with
-  // swarm findings and Omar baseline. This preserves blind-first: the
-  // persona formed its own opinion before seeing prior conclusions.
-  const hasSwarmContext = swarmFindings.length > 0;
-  const baselineFindings = omarBaseline
-    ? (omarBaseline.findings || omarBaseline.summary || [])
-    : [];
-  const hasBaselineContext = Array.isArray(baselineFindings) && baselineFindings.length > 0;
-  if (hasSwarmContext || hasBaselineContext) {
-    yield emit("progress", { phase: "reconciliation", message: "Cross-referencing with sub-agent and baseline findings..." });
-    const reconcileParts = [];
-    reconcileParts.push("Your independent analysis is complete. Now cross-reference with the following prior findings.");
-    reconcileParts.push("For each prior finding: confirm if your analysis agrees, dispute with evidence if you disagree, or flag as missed if you did not cover it.");
-    if (hasSwarmContext) {
-      reconcileParts.push(`\nYour sub-agents found ${swarmFindings.length} findings:`);
-      for (const f of swarmFindings.slice(0, 30)) {
-        reconcileParts.push(`- [${f.severity || "P3"}] ${f.file || ""}:${f.line || ""} ${f.title || f.type || ""}`);
-      }
-    }
-    if (hasBaselineContext) {
-      reconcileParts.push(`\nOmar baseline reported ${baselineFindings.length} findings:`);
-      for (const f of baselineFindings.slice(0, 20)) {
-        reconcileParts.push(`- [${f.severity || ""}] ${f.file || ""}:${f.line || ""} ${f.message || f.title || ""}`);
-      }
-    }
-    reconcileParts.push("\nReturn any additional or revised findings as a JSON array in a ```json code block. If no changes, return an empty array [].");
-    messages.push({ role: "user", content: reconcileParts.join("\n") });
-    // Budget check before reconciliation turn
-    const reconcilePreCheck = evaluateBudget({
-      sessionSummary: {
-        costUsd: ctx.usage.costUsd,
-        outputTokens: ctx.usage.outputTokens,
-        durationMs: Date.now() - startedAt,
-        toolCalls: ctx.usage.toolCalls,
-      },
-      ...budget,
-    });
-    if (!reconcilePreCheck.blocking) {
-      try {
-        const reconcileResponse = await client.invoke({
-          prompt: formatPromptForClient(systemPrompt, messages),
-        });
-        const reconcileText = reconcileResponse.text || "";
-        ctx.usage.outputTokens += Math.ceil(reconcileText.length / 4);
-        ctx.usage.costUsd += (Math.ceil(reconcileText.length / 4) / 1_000_000) * 15;
-        yield emit("reasoning", { phase: "reconciliation", summary: reconcileText.slice(0, 200) });
-        const reconcileFindings = extractJsonFindings(reconcileText);
-        for (const finding of reconcileFindings) {
-          allFindings.push(finding);
-          yield emit("finding", { ...finding, source: "reconciliation" });
-          if (blackboard) {
-            try {
-              await blackboard.appendEntry({
-                agentId: JULES_DEFINITION.id,
-                source: "jules-reconciliation",
-                ...finding,
-              });
-            } catch { /* blackboard write failure non-blocking */ }
-          }
-        }
-        messages.push({ role: "assistant", content: reconcileText });
-      } catch (err) {
-        yield emit("llm_error", { error: err.message, phase: "reconciliation" });
-      }
-    } else {
-      yield emit("budget_stop", { reasons: reconcilePreCheck.reasons, phase: "reconciliation" });
-    }
-  }
-  // ── Phase 3: Build final report ───────────────────────────────────
-  const durationMs = Date.now() - startedAt;
-  const severityCounts = { P0: 0, P1: 0, P2: 0, P3: 0 };
-  for (const f of allFindings) {
-    const sev = (f.severity || "P3").toUpperCase();
-    if (severityCounts[sev] !== undefined) severityCounts[sev]++;
-    else severityCounts.P3++;
-  }
-  const report = {
-    runId,
-    persona: JULES_DEFINITION.persona,
-    mode,
-    framework: framework.framework || "unknown",
-    status: "completed",
-    findings: allFindings,
-    summary: {
-      total: allFindings.length,
-      ...severityCounts,
-      blocking: severityCounts.P0 > 0 || severityCounts.P1 > 0,
-    },
-    usage: {
-      turns: turnCount,
-      costUsd: ctx.usage.costUsd,
-      outputTokens: ctx.usage.outputTokens,
-      toolCalls: ctx.usage.toolCalls,
-      durationMs,
-    },
-    signature: JULES_DEFINITION.signature,
-  };
-  yield emit("agent_complete", {
-    ...report.summary,
-    costUsd: ctx.usage.costUsd,
-    durationMs,
-    turns: turnCount,
-  });
-  return report;
-}
-// ── Helpers ──────────────────────────────────────────────────────────
-function parseToolUseBlocks(text) {
-  const calls = [];
-  const regex = /```tool_use\s*\n([\s\S]*?)```/g;
-  let match;
-  while ((match = regex.exec(text)) !== null) {
-    try {
-      const parsed = JSON.parse(match[1].trim());
-      if (parsed.tool && parsed.input) calls.push(parsed);
-    } catch { /* skip malformed */ }
-  }
-  return calls;
-}
-function extractJsonFindings(text) {
-  const jsonMatch = text.match(/```json\s*\n([\s\S]*?)```/);
-  if (!jsonMatch) return [];
-  try {
-    const parsed = JSON.parse(jsonMatch[1].trim());
-    if (Array.isArray(parsed)) return parsed;
-    if (parsed.findings && Array.isArray(parsed.findings)) return parsed.findings;
-  } catch { /* skip malformed */ }
-  return [];
-}
-function sanitizeForEvent(input) {
-  const sanitized = { ...input };
-  if (typeof sanitized.content === "string" && sanitized.content.length > 200) {
-    sanitized.content = `[${sanitized.content.length} chars]`;
-  }
-  return sanitized;
-}
-/**
- * Format system prompt + chat messages into a single prompt string
- * for MultiProviderApiClient which uses a completions-style API.
- */
-function formatPromptForClient(systemPrompt, messages) {
-  const parts = [];
-  if (systemPrompt) parts.push(systemPrompt);
-  for (const msg of messages) {
-    const role = msg.role === "assistant" ? "ASSISTANT" : "USER";
-    parts.push(`\n${role}:\n${msg.content}`);
-  }
-  return parts.join("\n");
-}
+import { randomUUID } from "node:crypto";
+import { createMultiProviderApiClient } from "../../ai/client.js";
+import { evaluateBudget } from "../../cost/budget.js";
+import { dispatchTool, createAgentContext, BudgetExhaustedError } from "./tools/dispatch.js";
+import { JULES_DEFINITION } from "./config/definition.js";
+import { shouldSpawnSubAgents, runJulesSwarm } from "./swarm/orchestrator.js";
+import { frontendAnalyze } from "./tools/frontend-analyze.js";
+import { createAgentEvent } from "../../events/schema.js";
+/**
+ * Jules Tanaka — Agentic Loop
+ *
+ * Core state machine: LLM → tool_use → execute → result → LLM → repeat
+ * With sub-agent swarm integration for large codebases.
+ *
+ * This loop is self-contained: it uses the existing ai/client.js for LLM calls,
+ * the existing cost/budget.js for budget enforcement, and the Jules tool
+ * dispatch for tool execution. No dependency on Batches O-Q.
+ */
+const DEFAULT_MAX_TURNS = 25;
+const HEARTBEAT_INTERVAL_TURNS = 5;
+/**
+ * Run Jules' agentic audit loop.
+ *
+ * @param {object} config
+ * @param {string} config.systemPrompt - Jules' full system prompt
+ * @param {object} config.scopeMap - { primary, secondary, tertiary } file lists
+ * @param {string} config.rootPath - Codebase root
+ * @param {object} [config.omarBaseline] - Deterministic baseline findings (if available)
+ * @param {object} [config.blackboard] - Shared blackboard for cross-agent findings
+ * @param {object} [config.memory] - Memory index for cross-run recall
+ * @param {object} [config.budget] - Budget overrides
+ * @param {object} [config.provider] - LLM provider overrides
+ * @param {string} [config.mode] - "primary" | "secondary" | "tertiary"
+ * @param {number} [config.maxTurns] - Max loop iterations
+ * @param {AbortController} [config.abortController]
+ * @param {function} [config.onEvent] - Streaming event callback
+ * @returns {AsyncGenerator<JulesEvent>} Yields events as they occur
+ */
+export async function* julesAuditLoop(config) {
+  const {
+    systemPrompt,
+    scopeMap,
+    rootPath,
+    omarBaseline,
+    blackboard,
+    memory,
+    provider,
+    mode = "primary",
+    maxTurns = DEFAULT_MAX_TURNS,
+    abortController,
+    onEvent,
+  } = config;
+  const budget = { ...JULES_DEFINITION.budget, ...config.budget };
+  const runId = `jules-${Date.now()}-${randomUUID().slice(0, 8)}`;
+  const startedAt = Date.now();
+  const client = createMultiProviderApiClient(provider || {});
+  const ctx = createAgentContext({
+    agentIdentity: { id: JULES_DEFINITION.id, persona: JULES_DEFINITION.persona },
+    budget,
+    runId,
+    onEvent,
+  });
+  const emit = (event, payload) => {
+    const evt = createAgentEvent({
+      event,
+      agent: {
+        id: JULES_DEFINITION.id,
+        persona: JULES_DEFINITION.persona,
+        color: JULES_DEFINITION.color,
+        avatar: JULES_DEFINITION.avatar,
+      },
+      payload,
+      usage: {
+        costUsd: ctx.usage.costUsd,
+        outputTokens: ctx.usage.outputTokens,
+        toolCalls: ctx.usage.toolCalls,
+        durationMs: Date.now() - startedAt,
+      },
+      runId,
+      sessionId: ctx.sessionId,
+    });
+    if (onEvent) onEvent(evt);
+    return evt;
+  };
+  yield emit("agent_start", { mode, runId, maxTurns, budget });
+  // ── Phase 0: Prerequisites ────────────────────────────────────────
+  yield emit("progress", { phase: "prerequisites", message: "Detecting framework..." });
+  let framework = {};
+  try {
+    framework = frontendAnalyze({ operation: "detect_framework", path: rootPath });
+    ctx.usage.toolCalls++;
+    yield emit("tool_result", { tool: "FrontendAnalyze", operation: "detect_framework", result: { framework: framework.framework, componentCount: framework.componentCount } });
+  } catch { /* proceed without */ }
+  // ── Phase 1: Swarm or direct? ─────────────────────────────────────
+  const spawnDecision = shouldSpawnSubAgents(scopeMap);
+  let swarmFindings = [];
+  if (spawnDecision.spawn && blackboard) {
+    yield emit("progress", { phase: "swarm", message: `Large frontend (${spawnDecision.reason}). Spawning sub-agents...` });
+    const swarmResult = await runJulesSwarm({
+      scopeMap,
+      rootPath,
+      blackboard,
+      budget: { ...budget, maxCostUsd: budget.maxCostUsd * 0.6 }, // 60% for swarm
+      provider,
+      parentAbort: abortController,
+      onEvent,
+    });
+    swarmFindings = swarmResult.agentResults.flatMap(r => r.findings);
+    ctx.usage.costUsd += swarmResult.usage.totalCostUsd;
+    ctx.usage.toolCalls += swarmResult.usage.totalToolCalls;
+    yield emit("swarm_complete", {
+      totalFindings: swarmFindings.length,
+      totalAgents: swarmResult.usage.totalAgents,
+      totalCostUsd: swarmResult.usage.totalCostUsd,
+    });
+  }
+  // ── Phase 2: Jules primary deep analysis (agentic LLM loop) ──────
+  yield emit("progress", { phase: "deep_analysis", message: "Starting deep analysis..." });
+  // Build context for LLM — BLIND-FIRST: no Omar baseline or swarm findings
+  // in the initial context. Only codebase metadata and memory recall (past runs,
+  // not current-run findings). Swarm/baseline reconciliation happens AFTER the
+  // independent deep analysis completes.
+  const contextParts = [];
+  contextParts.push(`Framework: ${framework.framework || "unknown"}`);
+  contextParts.push(`Mode: ${mode}`);
+  contextParts.push(`Components: ${framework.componentCount || "unknown"}`);
+  contextParts.push(`Scope: ${(scopeMap.primary || []).length} primary files`);
+  if (memory) {
+    try {
+      const recalled = memory.query ? memory.query({
+        files: (scopeMap.primary || []).map(f => f.path || f),
+        limit: 10,
+      }) : [];
+      if (recalled.length > 0) {
+        contextParts.push(`\nPrevious findings recalled from memory (${recalled.length}):`);
+        for (const r of recalled) {
+          contextParts.push(`- ${r.content || r.text || JSON.stringify(r).slice(0, 100)}`);
+        }
+      }
+    } catch { /* memory recall failure is non-blocking */ }
+  }
+  const messages = [
+    { role: "user", content: contextParts.join("\n") +
+      "\n\nPerform your deep analysis now. Use FileRead, Grep, Glob, and FrontendAnalyze tools as needed. " +
+      "Return your findings in a ```json code block as an array of { severity, file, line, title, evidence, rootCause, recommendedFix, trafficLight, reproduction, user_impact, confidence }." },
+  ];
+  const allFindings = [...swarmFindings];
+  let turnCount = 0;
+  while (turnCount < maxTurns) {
+    if (abortController?.signal.aborted) {
+      yield emit("agent_abort", { reason: "user_cancelled" });
+      break;
+    }
+    // Budget check before LLM call
+    const preCheck = evaluateBudget({
+      sessionSummary: {
+        costUsd: ctx.usage.costUsd,
+        outputTokens: ctx.usage.outputTokens,
+        durationMs: Date.now() - startedAt,
+        toolCalls: ctx.usage.toolCalls,
+      },
+      ...budget,
+    });
+    if (preCheck.blocking) {
+      yield emit("budget_stop", { reasons: preCheck.reasons });
+      break;
+    }
+    if (preCheck.warnings.length > 0) {
+      yield emit("budget_warning", { warnings: preCheck.warnings });
+    }
+    turnCount++;
+    // Heartbeat
+    if (turnCount % HEARTBEAT_INTERVAL_TURNS === 0) {
+      yield emit("heartbeat", {
+        turnsCompleted: turnCount,
+        turnsMax: maxTurns,
+        findingsSoFar: allFindings.length,
+        budgetRemaining: {
+          costUsd: Math.max(0, budget.maxCostUsd - ctx.usage.costUsd),
+          pct: Math.max(0, 100 - (ctx.usage.costUsd / budget.maxCostUsd * 100)),
+        },
+      });
+    }
+    // Call LLM — format system prompt + messages into a single prompt
+    // for the MultiProviderApiClient which uses a completions-style API
+    let response;
+    try {
+      response = await client.invoke({
+        prompt: formatPromptForClient(systemPrompt, messages),
+      });
+    } catch (err) {
+      yield emit("llm_error", { error: err.message, turn: turnCount });
+      break;
+    }
+    const responseText = response.text || "";
+    ctx.usage.outputTokens += Math.ceil(responseText.length / 4);
+    ctx.usage.costUsd += (Math.ceil(responseText.length / 4) / 1_000_000) * 15;
+    yield emit("reasoning", {
+      phase: "deep_analysis",
+      turn: turnCount,
+      summary: responseText.slice(0, 200),
+    });
+    // Parse tool_use blocks
+    const toolCalls = parseToolUseBlocks(responseText);
+    if (toolCalls.length === 0) {
+      // No tools — extract findings from response
+      const parsed = extractJsonFindings(responseText);
+      for (const finding of parsed) {
+        allFindings.push(finding);
+        yield emit("finding", { ...finding });
+        if (blackboard) {
+          try {
+            await blackboard.appendEntry({
+              agentId: JULES_DEFINITION.id,
+              source: "jules-primary",
+              ...finding,
+            });
+          } catch { /* blackboard write failure non-blocking */ }
+        }
+      }
+      messages.push({ role: "assistant", content: responseText });
+      break; // LLM is done
+    }
+    // Execute tool calls
+    const results = [];
+    for (const call of toolCalls) {
+      try {
+        const result = await dispatchTool(call.tool, call.input, ctx);
+        results.push({ tool: call.tool, result });
+        yield emit("tool_call", { tool: call.tool, input: sanitizeForEvent(call.input) });
+      } catch (err) {
+        if (err instanceof BudgetExhaustedError) {
+          yield emit("budget_stop", { reason: err.message });
+          break;
+        }
+        results.push({ tool: call.tool, error: err.message });
+      }
+    }
+    // Feed results back
+    messages.push({ role: "assistant", content: responseText });
+    messages.push({
+      role: "user",
+      content: results.map(r =>
+        r.error
+          ? `Tool ${r.tool} failed: ${r.error}`
+          : `Tool ${r.tool} result:\n${JSON.stringify(r.result).slice(0, 3000)}`,
+      ).join("\n\n") + "\n\nContinue your analysis. If done, return findings in a ```json code block.",
+    });
+  }
+  // ── Phase 2b: Reconciliation (post-blind-pass) ─────────────────────
+  // Now that the independent analysis is complete, cross-reference with
+  // swarm findings and Omar baseline. This preserves blind-first: the
+  // persona formed its own opinion before seeing prior conclusions.
+  const hasSwarmContext = swarmFindings.length > 0;
+  const baselineFindings = omarBaseline
+    ? (omarBaseline.findings || omarBaseline.summary || [])
+    : [];
+  const hasBaselineContext = Array.isArray(baselineFindings) && baselineFindings.length > 0;
+  if (hasSwarmContext || hasBaselineContext) {
+    yield emit("progress", { phase: "reconciliation", message: "Cross-referencing with sub-agent and baseline findings..." });
+    const reconcileParts = [];
+    reconcileParts.push("Your independent analysis is complete. Now cross-reference with the following prior findings.");
+    reconcileParts.push("For each prior finding: confirm if your analysis agrees, dispute with evidence if you disagree, or flag as missed if you did not cover it.");
+    if (hasSwarmContext) {
+      reconcileParts.push(`\nYour sub-agents found ${swarmFindings.length} findings:`);
+      for (const f of swarmFindings.slice(0, 30)) {
+        reconcileParts.push(`- [${f.severity || "P3"}] ${f.file || ""}:${f.line || ""} ${f.title || f.type || ""}`);
+      }
+    }
+    if (hasBaselineContext) {
+      reconcileParts.push(`\nOmar baseline reported ${baselineFindings.length} findings:`);
+      for (const f of baselineFindings.slice(0, 20)) {
+        reconcileParts.push(`- [${f.severity || ""}] ${f.file || ""}:${f.line || ""} ${f.message || f.title || ""}`);
+      }
+    }
+    reconcileParts.push("\nReturn any additional or revised findings as a JSON array in a ```json code block. If no changes, return an empty array [].");
+    messages.push({ role: "user", content: reconcileParts.join("\n") });
+    // Budget check before reconciliation turn
+    const reconcilePreCheck = evaluateBudget({
+      sessionSummary: {
+        costUsd: ctx.usage.costUsd,
+        outputTokens: ctx.usage.outputTokens,
+        durationMs: Date.now() - startedAt,
+        toolCalls: ctx.usage.toolCalls,
+      },
+      ...budget,
+    });
+    if (!reconcilePreCheck.blocking) {
+      try {
+        const reconcileResponse = await client.invoke({
+          prompt: formatPromptForClient(systemPrompt, messages),
+        });
+        const reconcileText = reconcileResponse.text || "";
+        ctx.usage.outputTokens += Math.ceil(reconcileText.length / 4);
+        ctx.usage.costUsd += (Math.ceil(reconcileText.length / 4) / 1_000_000) * 15;
+        yield emit("reasoning", { phase: "reconciliation", summary: reconcileText.slice(0, 200) });
+        const reconcileFindings = extractJsonFindings(reconcileText);
+        for (const finding of reconcileFindings) {
+          allFindings.push(finding);
+          yield emit("finding", { ...finding, source: "reconciliation" });
+          if (blackboard) {
+            try {
+              await blackboard.appendEntry({
+                agentId: JULES_DEFINITION.id,
+                source: "jules-reconciliation",
+                ...finding,
+              });
+            } catch { /* blackboard write failure non-blocking */ }
+          }
+        }
+        messages.push({ role: "assistant", content: reconcileText });
+      } catch (err) {
+        yield emit("llm_error", { error: err.message, phase: "reconciliation" });
+      }
+    } else {
+      yield emit("budget_stop", { reasons: reconcilePreCheck.reasons, phase: "reconciliation" });
+    }
+  }
+  // ── Phase 3: Build final report ───────────────────────────────────
+  const durationMs = Date.now() - startedAt;
+  const severityCounts = { P0: 0, P1: 0, P2: 0, P3: 0 };
+  for (const f of allFindings) {
+    const sev = (f.severity || "P3").toUpperCase();
+    if (severityCounts[sev] !== undefined) severityCounts[sev]++;
+    else severityCounts.P3++;
+  }
+  const report = {
+    runId,
+    persona: JULES_DEFINITION.persona,
+    mode,
+    framework: framework.framework || "unknown",
+    status: "completed",
+    findings: allFindings,
+    summary: {
+      total: allFindings.length,
+      ...severityCounts,
+      blocking: severityCounts.P0 > 0 || severityCounts.P1 > 0,
+    },
+    usage: {
+      turns: turnCount,
+      costUsd: ctx.usage.costUsd,
+      outputTokens: ctx.usage.outputTokens,
+      toolCalls: ctx.usage.toolCalls,
+      durationMs,
+    },
+    signature: JULES_DEFINITION.signature,
+  };
+  yield emit("agent_complete", {
+    ...report.summary,
+    costUsd: ctx.usage.costUsd,
+    durationMs,
+    turns: turnCount,
+  });
+  return report;
+}
+// ── Helpers ──────────────────────────────────────────────────────────
+function parseToolUseBlocks(text) {
+  const calls = [];
+  const regex = /```tool_use\s*\n([\s\S]*?)```/g;
+  let match;
+  while ((match = regex.exec(text)) !== null) {
+    try {
+      const parsed = JSON.parse(match[1].trim());
+      if (parsed.tool && parsed.input) calls.push(parsed);
+    } catch { /* skip malformed */ }
+  }
+  return calls;
+}
+function extractJsonFindings(text) {
+  const jsonMatch = text.match(/```json\s*\n([\s\S]*?)```/);
+  if (!jsonMatch) return [];
+  try {
+    const parsed = JSON.parse(jsonMatch[1].trim());
+    if (Array.isArray(parsed)) return parsed;
+    if (parsed.findings && Array.isArray(parsed.findings)) return parsed.findings;
+  } catch { /* skip malformed */ }
+  return [];
+}
+function sanitizeForEvent(input) {
+  const sanitized = { ...input };
+  if (typeof sanitized.content === "string" && sanitized.content.length > 200) {
+    sanitized.content = `[${sanitized.content.length} chars]`;
+  }
+  return sanitized;
+}
+/**
+ * Format system prompt + chat messages into a single prompt string
+ * for MultiProviderApiClient which uses a completions-style API.
+ */
+function formatPromptForClient(systemPrompt, messages) {
+  const parts = [];
+  if (systemPrompt) parts.push(systemPrompt);
+  for (const msg of messages) {
+    const role = msg.role === "assistant" ? "ASSISTANT" : "USER";
+    parts.push(`\n${role}:\n${msg.content}`);
+  }
+  return parts.join("\n");
+}