synapsexcoder 6.0.0

package/dist/synapsexcoder/tool-bridge.js

@@ -0,0 +1,1356 @@
+/**
+ * OpenCode CLI Tool Bridge
+ *
+ * Provides a unified interface for all OpenCode CLI tool operations.
+ * All file operations use native Node.js APIs (NOT opencode read/write/edit/ls/grep/find).
+ * Web and search operations use global fetch() or valid `opencode run` commands.
+ * Verification methods delegate to opencode run with appropriate agents.
+ *
+ * Supported opencode subcommands used: run, serve, mcp, version, session
+ * INVALID subcommands NOT used: read, write, edit, ls, grep, find, search, fetch, ask, verify, audit
+ */
+import { spawn } from "child_process";
+import fs from "fs/promises";
+import path from "path";
+import { EventEmitter } from "events";
+import { v4 as uuidv4 } from "uuid";
+import { validateAndResolve, validateCommandArg, } from "../utils/path-validator.js";
+import { suggestOldString } from "./utils/fuzzy-match.js";
+import { validateCommandString } from "../utils/secure-exec.js";
+// Optional PluginInput import — only available when running as an OpenCode plugin
+// In standalone mode (CLI), this will be null and tool-bridge uses spawn instead.
+let _pluginInput = null;
+// ============================================================================
+// Configuration
+// ============================================================================
+const DEFAULT_CONFIG = {
+    mode: "embedded",
+    serverUrl: "http://localhost:4096",
+    configPath: "~/.config/opencode",
+    tools: {
+        readFile: "allow",
+        writeFile: "ask",
+        editFile: "ask",
+        runBash: "ask",
+        webSearch: "allow",
+        fetchUrl: "allow",
+        mcp: "ask",
+    },
+};
+// ============================================================================
+// OpenCode Process Manager
+// ============================================================================
+export class OpenCodeProcessManager {
+    config;
+    processes = new Map();
+    sessionId = uuidv4();
+    constructor(config) {
+        this.config = config;
+    }
+    async startSession(cwd) {
+        if (this.config.mode !== "embedded") {
+            throw new Error("Can only start sessions in embedded mode");
+        }
+        const args = ["--session", this.sessionId];
+        if (cwd)
+            args.push("--directory", cwd);
+        const proc = spawn("opencode", args, {
+            stdio: ["pipe", "pipe", "pipe"],
+            env: process.env,
+            cwd: cwd || process.cwd(),
+        });
+        this.processes.set(this.sessionId, proc);
+        return this.sessionId;
+    }
+    async stopSession(sessionId) {
+        const proc = this.processes.get(sessionId);
+        if (proc) {
+            proc.kill("SIGTERM");
+            this.processes.delete(sessionId);
+        }
+    }
+    getSessionProcess(sessionId) {
+        return this.processes.get(sessionId);
+    }
+}
+// ============================================================================
+// Tool Calling Bridge
+// ============================================================================
+export class OpenCodeToolBridge extends EventEmitter {
+    _processManager;
+    config;
+    toolHistory = [];
+    permissionCache = new Map();
+    projectRoot;
+    constructor(config = {}, projectRoot) {
+        super();
+        this.config = { ...DEFAULT_CONFIG, ...config };
+        this._processManager = new OpenCodeProcessManager(this.config);
+        this.projectRoot = projectRoot || process.cwd();
+        this.initializePermissions();
+    }
+    /**
+     * Set the global PluginInput reference for all tool-bridge instances.
+     * Called by the plugin entry point when it initializes. When set,
+     * tool-bridge operations may use BunShell ($) for shell execution and
+     * the SDK client for API calls instead of spawning opencode as a subprocess.
+     * Pass null to revert to standalone/spawn mode.
+     */
+    static setPluginInput(input) {
+        _pluginInput = input;
+    }
+    /**
+     * Validates a file path against the project root to prevent path traversal.
+     * @param filePath - The file path to validate
+     * @returns The validated and resolved absolute path
+     * @throws Error if path traversal is detected
+     */
+    validateFilePath(filePath) {
+        return validateAndResolve(filePath, this.projectRoot);
+    }
+    /**
+     * Validates a command string for dangerous patterns.
+     * @param command - The command to validate
+     * @throws Error if dangerous patterns are detected
+     */
+    validateCommand(command) {
+        validateCommandString(command);
+        validateCommandArg(command);
+    }
+    /** Validate and normalize a ToolPermission to PermissionState at the boundary (Law 3). */
+    toPermissionState(value) {
+        if (value === "allow" || value === "deny" || value === "ask")
+            return value;
+        // ToolCapability values are not valid cache states; default to "ask" for safety
+        return "ask";
+    }
+    initializePermissions() {
+        const tools = this.config.tools;
+        if (tools) {
+            if (tools.readFile)
+                this.permissionCache.set("read_file", this.toPermissionState(tools.readFile));
+            if (tools.writeFile)
+                this.permissionCache.set("write_file", this.toPermissionState(tools.writeFile));
+            if (tools.editFile)
+                this.permissionCache.set("edit_file", this.toPermissionState(tools.editFile));
+            if (tools.runBash)
+                this.permissionCache.set("run_bash", this.toPermissionState(tools.runBash));
+            if (tools.webSearch)
+                this.permissionCache.set("web_search", this.toPermissionState(tools.webSearch));
+            if (tools.fetchUrl)
+                this.permissionCache.set("fetch_url", this.toPermissionState(tools.fetchUrl));
+            if (tools.mcp)
+                this.permissionCache.set("call_mcp", this.toPermissionState(tools.mcp));
+            if (tools.verifyRepository)
+                this.permissionCache.set("verify_repository", this.toPermissionState(tools.verifyRepository));
+            if (tools.verifyFile)
+                this.permissionCache.set("verify_file", this.toPermissionState(tools.verifyFile));
+            if (tools.verifyClaim)
+                this.permissionCache.set("verify_claim", this.toPermissionState(tools.verifyClaim));
+            if (tools.auditRecursive)
+                this.permissionCache.set("audit_recursive", this.toPermissionState(tools.auditRecursive));
+        }
+    }
+    checkPermission(tool, action) {
+        const key = action ? `${tool}_${action}` : tool;
+        return this.permissionCache.get(key) || "ask";
+    }
+    /**
+     * Execute a native CLI command via spawn or BunShell (when running as a plugin).
+     * Uses PluginInput.$ (BunShell) when available, falls back to spawn otherwise.
+     */
+    async executeCommand(command, args, options = {}) {
+        const startTime = Date.now();
+        const toolName = command;
+        // When running as an OpenCode plugin, use BunShell for simple commands
+        if (_pluginInput?.$ && command !== "opencode") {
+            try {
+                const cmdStr = `${command} ${args.map(a => a.includes(" ") ? `"${a}"` : a).join(" ")}`;
+                const workdir = options.cwd || _pluginInput.directory || process.cwd();
+                const shellResult = await _pluginInput.$ `cd ${workdir} && ${cmdStr}`;
+                const output = await shellResult.quiet().text();
+                return {
+                    success: true,
+                    output,
+                    metadata: {
+                        executionTime: Date.now() - startTime,
+                        toolName,
+                        agentId: "bridge",
+                    },
+                };
+            }
+            catch (error) {
+                return {
+                    success: false,
+                    error: error instanceof Error ? error.message : String(error),
+                    metadata: {
+                        executionTime: Date.now() - startTime,
+                        toolName,
+                        agentId: "bridge",
+                    },
+                };
+            }
+        }
+        try {
+            const result = await new Promise((resolve, reject) => {
+                // Use AbortSignal.timeout() for reliable timeout (Node 20+)
+                const signal = options.timeout
+                    ? AbortSignal.timeout(options.timeout)
+                    : undefined;
+                let settled = false;
+                const proc = spawn(command, args, {
+                    cwd: options.cwd || process.cwd(),
+                    env: { ...process.env, ...options.env },
+                    signal,
+                });
+                let stdout = "";
+                let stderr = "";
+                proc.stdout?.on("data", (data) => {
+                    stdout += data.toString();
+                });
+                proc.stderr?.on("data", (data) => {
+                    stderr += data.toString();
+                });
+                const settle = (resolveFn, value) => {
+                    if (!settled) {
+                        settled = true;
+                        resolveFn(value);
+                    }
+                };
+                proc.on("close", (code) => {
+                    settle(resolve, {
+                        stdout,
+                        stderr,
+                        exitCode: code ?? 1,
+                    });
+                });
+                proc.on("error", (err) => {
+                    settle(reject, err);
+                });
+            });
+            const toolCall = {
+                tool: toolName,
+                args: { command, args, ...options },
+                timestamp: startTime,
+                agentId: "bridge",
+            };
+            this.toolHistory.push(toolCall);
+            return {
+                success: result.exitCode === 0,
+                output: result.stdout,
+                error: result.stderr || undefined,
+                metadata: {
+                    executionTime: Date.now() - startTime,
+                    toolName,
+                    agentId: "bridge",
+                },
+            };
+        }
+        catch (error) {
+            return {
+                success: false,
+                error: error instanceof Error ? error.message : String(error),
+                metadata: {
+                    executionTime: Date.now() - startTime,
+                    toolName,
+                    agentId: "bridge",
+                },
+            };
+        }
+    }
+    // ========================================================================
+    // File Operations — Native fs.promises (NOT opencode read/write/edit)
+    // ========================================================================
+    /**
+     * Read file contents with optional line range.
+     * Uses native fs.promises — no CLI delegation.
+     */
+    async readFile(filePath, options = {}) {
+        const permission = this.checkPermission("read_file");
+        if (permission === "deny") {
+            return { success: false, error: "Permission denied: read_file" };
+        }
+        // Validate path to prevent traversal attacks
+        let validatedPath;
+        try {
+            validatedPath = this.validateFilePath(filePath);
+        }
+        catch (error) {
+            return {
+                success: false,
+                error: `Path validation failed: ${error instanceof Error ? error.message : String(error)}`,
+            };
+        }
+        try {
+            const encoding = options.encoding || "utf8";
+            const fullContent = await fs.readFile(validatedPath, { encoding });
+            let output;
+            if (options.startLine !== undefined) {
+                const lines = fullContent.split("\n");
+                const start = Math.max(0, options.startLine - 1);
+                const end = options.endLine !== undefined
+                    ? Math.min(lines.length, options.endLine)
+                    : lines.length;
+                output = lines.slice(start, end).join("\n");
+            }
+            else {
+                output = fullContent;
+            }
+            const result = {
+                success: true,
+                output,
+                metadata: {
+                    executionTime: 0,
+                    toolName: "read_file",
+                    agentId: "bridge",
+                },
+            };
+            this.emit("tool-executed", {
+                tool: "read_file",
+                filePath: validatedPath,
+                timestamp: Date.now(),
+            });
+            return result;
+        }
+        catch (error) {
+            return {
+                success: false,
+                error: error instanceof Error ? error.message : String(error),
+                metadata: {
+                    executionTime: 0,
+                    toolName: "read_file",
+                    agentId: "bridge",
+                },
+            };
+        }
+    }
+    /**
+     * Read file and return structured content
+     */
+    async readFileContent(filePath) {
+        // Validate path to prevent traversal attacks
+        let validatedPath;
+        try {
+            validatedPath = this.validateFilePath(filePath);
+        }
+        catch {
+            return null;
+        }
+        try {
+            const content = await fs.readFile(validatedPath, { encoding: "utf8" });
+            return {
+                path: validatedPath,
+                content,
+                metadata: {
+                    size: content.length,
+                },
+            };
+        }
+        catch {
+            return null;
+        }
+    }
+    /**
+     * Write content to file.
+     * Uses native fs.promises — no CLI delegation.
+     */
+    async writeFile(filePath, content, options = {}) {
+        const permission = this.checkPermission("write_file");
+        if (permission === "deny") {
+            return { success: false, error: "Permission denied: write_file" };
+        }
+        // Validate path to prevent traversal attacks
+        let validatedPath;
+        try {
+            validatedPath = this.validateFilePath(filePath);
+        }
+        catch (error) {
+            return {
+                success: false,
+                error: `Path validation failed: ${error instanceof Error ? error.message : String(error)}`,
+            };
+        }
+        try {
+            // Create parent directories if requested
+            if (options.createDirectories) {
+                await fs.mkdir(path.dirname(validatedPath), { recursive: true });
+            }
+            await fs.writeFile(validatedPath, content, { encoding: "utf8" });
+            const result = {
+                success: true,
+                output: `Written ${content.length} bytes to ${validatedPath}`,
+                metadata: {
+                    executionTime: 0,
+                    toolName: "write_file",
+                    agentId: "bridge",
+                },
+            };
+            this.emit("tool-executed", {
+                tool: "write_file",
+                filePath: validatedPath,
+                timestamp: Date.now(),
+            });
+            return result;
+        }
+        catch (error) {
+            return {
+                success: false,
+                error: error instanceof Error ? error.message : String(error),
+                metadata: {
+                    executionTime: 0,
+                    toolName: "write_file",
+                    agentId: "bridge",
+                },
+            };
+        }
+    }
+    /**
+     * Edit specific parts of a file using search-and-replace.
+     * Uses native fs.promises — no CLI delegation.
+     */
+    async editFile(filePath, oldString, newString) {
+        const permission = this.checkPermission("edit_file");
+        if (permission === "deny") {
+            return { success: false, error: "Permission denied: edit_file" };
+        }
+        // Validate path to prevent traversal attacks
+        let validatedPath;
+        try {
+            validatedPath = this.validateFilePath(filePath);
+        }
+        catch (error) {
+            return {
+                success: false,
+                error: `Path validation failed: ${error instanceof Error ? error.message : String(error)}`,
+            };
+        }
+        try {
+            const content = await fs.readFile(validatedPath, { encoding: "utf8" });
+            // Check if oldString exists in the file
+            if (!content.includes(oldString)) {
+                const suggestion = suggestOldString(content, oldString);
+                const hint = suggestion
+                    ? ` Did you mean (line ${suggestion.line}, score ${suggestion.score.toFixed(2)}): ${JSON.stringify(suggestion.suggestion.slice(0, 80))}...`
+                    : "";
+                return {
+                    success: false,
+                    error: `oldString not found in ${validatedPath}.${hint}`,
+                    metadata: {
+                        executionTime: 0,
+                        toolName: "edit_file",
+                        agentId: "bridge",
+                        fuzzySuggestion: suggestion ?? undefined,
+                    },
+                };
+            }
+            const newContent = content.replace(oldString, newString);
+            // Verify something actually changed
+            if (newContent === content) {
+                return {
+                    success: false,
+                    error: `No changes made — oldString and newString are identical`,
+                    metadata: {
+                        executionTime: 0,
+                        toolName: "edit_file",
+                        agentId: "bridge",
+                    },
+                };
+            }
+            await fs.writeFile(validatedPath, newContent, { encoding: "utf8" });
+            const result = {
+                success: true,
+                output: `Edited ${validatedPath}`,
+                metadata: {
+                    executionTime: 0,
+                    toolName: "edit_file",
+                    agentId: "bridge",
+                },
+            };
+            this.emit("tool-executed", {
+                tool: "edit_file",
+                filePath: validatedPath,
+                timestamp: Date.now(),
+            });
+            return result;
+        }
+        catch (error) {
+            return {
+                success: false,
+                error: error instanceof Error ? error.message : String(error),
+                metadata: {
+                    executionTime: 0,
+                    toolName: "edit_file",
+                    agentId: "bridge",
+                },
+            };
+        }
+    }
+    /**
+     * Edit file using search and replace (alias for editFile).
+     */
+    async searchReplace(filePath, oldString, newString) {
+        return this.editFile(filePath, oldString, newString);
+    }
+    /**
+     * List directory contents.
+     * Uses native fs.promises — no CLI delegation.
+     */
+    async listDir(dirPath, options = {}) {
+        const permission = this.checkPermission("read_file");
+        if (permission === "deny") {
+            return { success: false, error: "Permission denied: list_dir" };
+        }
+        // Validate path to prevent traversal attacks
+        let validatedPath;
+        try {
+            validatedPath = this.validateFilePath(dirPath);
+        }
+        catch (error) {
+            return {
+                success: false,
+                error: `Path validation failed: ${error instanceof Error ? error.message : String(error)}`,
+            };
+        }
+        try {
+            let entries;
+            const dirEntries = await fs.readdir(validatedPath, { withFileTypes: true });
+            entries = dirEntries
+                .filter((entry) => {
+                if (options.ignore) {
+                    for (const ign of options.ignore) {
+                        if (entry.name.includes(ign) || entry.name.match(ign))
+                            return false;
+                    }
+                }
+                if (options.glob) {
+                    return simpleGlobMatch(entry.name, options.glob);
+                }
+                return true;
+            })
+                .map((entry) => (entry.isDirectory() ? entry.name + "/" : entry.name));
+            entries.sort();
+            return {
+                success: true,
+                output: entries.join("\n"),
+                metadata: {
+                    executionTime: 0,
+                    toolName: "list_dir",
+                    agentId: "bridge",
+                },
+            };
+        }
+        catch (error) {
+            return {
+                success: false,
+                error: error instanceof Error ? error.message : String(error),
+                metadata: {
+                    executionTime: 0,
+                    toolName: "list_dir",
+                    agentId: "bridge",
+                },
+            };
+        }
+    }
+    /**
+     * Search for regex patterns in file contents.
+     * Uses native fs.promises with recursive file walk — no CLI delegation.
+     */
+    async searchFiles(pattern, options = {}) {
+        const permission = this.checkPermission("read_file");
+        if (permission === "deny") {
+            return { success: false, error: "Permission denied: search_files" };
+        }
+        // Determine search root
+        let searchRoot = this.projectRoot;
+        if (options.path) {
+            try {
+                searchRoot = this.validateFilePath(options.path);
+            }
+            catch (error) {
+                return {
+                    success: false,
+                    error: `Path validation failed: ${error instanceof Error ? error.message : String(error)}`,
+                };
+            }
+        }
+        try {
+            const regex = options.caseSensitive
+                ? new RegExp(pattern)
+                : new RegExp(pattern, "i");
+            const results = [];
+            const includeFilter = options.include
+                ? new RegExp(options.include.replace(/\*/g, ".*"))
+                : null;
+            const excludeFilter = options.exclude
+                ? new RegExp(options.exclude.replace(/\*/g, ".*"))
+                : null;
+            // Recursively walk the directory
+            await walkDirectory(searchRoot, async (filePath) => {
+                if (results.length >= (options.maxResults || 1000))
+                    return;
+                // Apply include/exclude filters
+                const relativePath = path.relative(searchRoot, filePath);
+                if (includeFilter && !includeFilter.test(relativePath))
+                    return;
+                if (excludeFilter && excludeFilter.test(relativePath))
+                    return;
+                try {
+                    const content = await fs.readFile(filePath, { encoding: "utf8" });
+                    const lines = content.split("\n");
+                    for (let i = 0; i < lines.length; i++) {
+                        if (regex.test(lines[i])) {
+                            results.push(`${filePath}:${i + 1}:${lines[i].trim()}`);
+                            if (results.length >= (options.maxResults || 1000))
+                                break;
+                        }
+                    }
+                }
+                catch {
+                    // Skip binary or unreadable files
+                }
+            });
+            return {
+                success: true,
+                output: results.join("\n"),
+                metadata: {
+                    executionTime: 0,
+                    toolName: "search_files",
+                    agentId: "bridge",
+                },
+            };
+        }
+        catch (error) {
+            return {
+                success: false,
+                error: error instanceof Error ? error.message : String(error),
+                metadata: {
+                    executionTime: 0,
+                    toolName: "search_files",
+                    agentId: "bridge",
+                },
+            };
+        }
+    }
+    /**
+     * Find files by pattern (glob-like name matching).
+     * Uses native fs.promises — no CLI delegation.
+     */
+    async fileSearch(pattern, options = {}) {
+        // Determine search root
+        let searchRoot = this.projectRoot;
+        if (options.path) {
+            try {
+                searchRoot = this.validateFilePath(options.path);
+            }
+            catch (error) {
+                return {
+                    success: false,
+                    error: `Path validation failed: ${error instanceof Error ? error.message : String(error)}`,
+                };
+            }
+        }
+        try {
+            const results = [];
+            await walkDirectory(searchRoot, async (filePath) => {
+                const relativePath = path.relative(searchRoot, filePath);
+                // Match against the pattern (simple globe-like matching on filename or path)
+                if (simpleGlobMatch(path.basename(filePath), pattern) ||
+                    simpleGlobMatch(relativePath, pattern)) {
+                    results.push(relativePath);
+                }
+            });
+            results.sort();
+            return {
+                success: true,
+                output: results.join("\n"),
+                metadata: {
+                    executionTime: 0,
+                    toolName: "file_search",
+                    agentId: "bridge",
+                },
+            };
+        }
+        catch (error) {
+            return {
+                success: false,
+                error: error instanceof Error ? error.message : String(error),
+                metadata: {
+                    executionTime: 0,
+                    toolName: "file_search",
+                    agentId: "bridge",
+                },
+            };
+        }
+    }
+    // ========================================================================
+    // Bash Operations
+    // ========================================================================
+    /**
+     * Execute bash command.
+     * Uses BunShell ($) when running as a plugin, falls back to spawn otherwise.
+     */
+    async runBash(command, options = {}) {
+        const permission = this.checkPermission("run_bash");
+        if (permission === "deny") {
+            return { success: false, error: "Permission denied: run_bash" };
+        }
+        // Validate command for dangerous patterns
+        try {
+            this.validateCommand(command);
+        }
+        catch (error) {
+            return {
+                success: false,
+                error: `Command validation failed: ${error instanceof Error ? error.message : String(error)}`,
+            };
+        }
+        // When running as an OpenCode plugin, use BunShell instead of spawn.
+        // BunShell is non-interactive by default and provides text()/json() output.
+        if (_pluginInput?.$) {
+            const startTime = Date.now();
+            try {
+                const workdir = options.cwd || _pluginInput.directory || process.cwd();
+                if (workdir !== process.cwd()) {
+                    // BunShell doesn't auto-cd; we use the shell's chaining mechanism
+                    // by prepending cd to the command
+                    const shellResult = await _pluginInput.$ `cd ${workdir} && ${command}`;
+                    const text = await shellResult.quiet().text();
+                    return {
+                        success: true,
+                        output: text,
+                        metadata: {
+                            executionTime: Date.now() - startTime,
+                            toolName: "run_bash",
+                            agentId: "bridge",
+                        },
+                    };
+                }
+                const result = await _pluginInput.$ `${command}`;
+                const output = await result.quiet().text();
+                return {
+                    success: true,
+                    output,
+                    metadata: {
+                        executionTime: Date.now() - startTime,
+                        toolName: "run_bash",
+                        agentId: "bridge",
+                    },
+                };
+            }
+            catch (error) {
+                return {
+                    success: false,
+                    error: error instanceof Error ? error.message : String(error),
+                    metadata: {
+                        executionTime: Date.now() - startTime,
+                        toolName: "run_bash",
+                        agentId: "bridge",
+                    },
+                };
+            }
+        }
+        // Standalone mode: use spawn
+        return this.executeCommand("bash", ["-c", command], {
+            cwd: options.cwd,
+            timeout: options.timeout,
+            env: options.env,
+        });
+    }
+    /**
+     * Run npm command securely using spawn with array arguments
+     */
+    async runNpm(command, args = []) {
+        const permission = this.checkPermission("run_bash");
+        if (permission === "deny") {
+            return { success: false, error: "Permission denied: run_bash" };
+        }
+        // Validate all arguments
+        try {
+            for (const arg of args) {
+                validateCommandArg(arg);
+            }
+        }
+        catch (error) {
+            return {
+                success: false,
+                error: `Argument validation failed: ${error instanceof Error ? error.message : String(error)}`,
+            };
+        }
+        // Use spawn with array arguments instead of string interpolation
+        return this.executeCommand("npm", [command, ...args], { timeout: 120000 });
+    }
+    /**
+     * Run git command securely using spawn with array arguments
+     */
+    async runGit(args) {
+        const permission = this.checkPermission("run_bash");
+        if (permission === "deny") {
+            return { success: false, error: "Permission denied: run_bash" };
+        }
+        // Validate all arguments
+        try {
+            for (const arg of args) {
+                validateCommandArg(arg);
+            }
+        }
+        catch (error) {
+            return {
+                success: false,
+                error: `Argument validation failed: ${error instanceof Error ? error.message : String(error)}`,
+            };
+        }
+        // Use spawn with array arguments instead of string interpolation
+        return this.executeCommand("git", args, { timeout: 60000 });
+    }
+    // ========================================================================
+    // Web Operations — Native fetch() + opencode run (NOT opencode search/fetch)
+    // ========================================================================
+    /**
+     * Search the web.
+     * Delegates to `opencode run` (valid subcommand) with search prompt.
+     */
+    async webSearch(query, options = {}) {
+        const permission = this.checkPermission("web_search");
+        if (permission === "deny") {
+            return { success: false, error: "Permission denied: web_search" };
+        }
+        const searchPrompt = `Search the web for: ${query}`;
+        const args = ["run", searchPrompt, "--format", "json"];
+        if (options.numResults)
+            args.push("--max-results", String(options.numResults));
+        return this.executeCommand("opencode", args, { timeout: 60000 });
+    }
+    /**
+     * Fetch URL content.
+     * Uses global fetch() (available in Node.js 20+) — no CLI delegation.
+     */
+    async fetchUrl(url, options = {}) {
+        const permission = this.checkPermission("fetch_url");
+        if (permission === "deny") {
+            return { success: false, error: "Permission denied: fetch_url" };
+        }
+        const startTime = Date.now();
+        try {
+            const response = await fetch(url);
+            if (!response.ok) {
+                return {
+                    success: false,
+                    error: `HTTP ${response.status}: ${response.statusText}`,
+                    metadata: {
+                        executionTime: Date.now() - startTime,
+                        toolName: "fetch_url",
+                        agentId: "bridge",
+                    },
+                };
+            }
+            let output;
+            const contentType = response.headers.get("content-type") || "";
+            if (options.format === "html" || contentType.includes("text/html")) {
+                output = await response.text();
+            }
+            else if (options.format === "markdown") {
+                // Simple markdown-ish conversion: strip HTML tags, keep text
+                const text = await response.text();
+                output = text
+                    .replace(/<[^>]+>/g, "")
+                    .replace(/\n{3,}/g, "\n\n")
+                    .trim();
+            }
+            else {
+                output = await response.text();
+            }
+            return {
+                success: true,
+                output,
+                metadata: {
+                    executionTime: Date.now() - startTime,
+                    toolName: "fetch_url",
+                    agentId: "bridge",
+                },
+            };
+        }
+        catch (error) {
+            return {
+                success: false,
+                error: error instanceof Error ? error.message : String(error),
+                metadata: {
+                    executionTime: Date.now() - startTime,
+                    toolName: "fetch_url",
+                    agentId: "bridge",
+                },
+            };
+        }
+    }
+    /**
+     * Call the configured model with a prompt.
+     * Uses valid `opencode run --model ... --format json` — NOT opencode ask.
+     */
+    async callModel(prompt, options = {}) {
+        const model = options.model || "default";
+        // Build the prompt to include configuration in the message
+        let fullPrompt = prompt;
+        if (options.temperature !== undefined) {
+            fullPrompt = `[temperature=${options.temperature}] ${fullPrompt}`;
+        }
+        if (options.maxTokens !== undefined) {
+            fullPrompt = `[max_tokens=${options.maxTokens}] ${fullPrompt}`;
+        }
+        const args = ["run", fullPrompt, "--model", model, "--format", "json"];
+        return this.executeCommand("opencode", args, { timeout: 120000 });
+    }
+    /**
+     * Call MCP server tool.
+     * Uses valid `opencode mcp` subcommands.
+     * Note: `opencode mcp call` is not a valid subcommand — MCP tool calling
+     * happens internally via OpenCode's agent runtime. This method provides
+     * best-effort delegation via `opencode run`.
+     *
+     * Valid opencode mcp subcommands: add, list, auth, logout, debug
+     * MCP tool invocation is handled via OpenCode agent sessions.
+     */
+    async callMCP(serverName, toolName, args) {
+        const permission = this.checkPermission("call_mcp");
+        if (permission === "deny") {
+            return { success: false, error: "Permission denied: call_mcp" };
+        }
+        // Delegate to opencode run with MCP context prompt
+        const argsString = JSON.stringify({ tool: toolName, args });
+        const mcpPrompt = `Call MCP tool "${toolName}" on server "${serverName}" with arguments: ${argsString}. Execute the tool and return the result.`;
+        const runArgs = ["run", mcpPrompt, "--format", "json"];
+        return this.executeCommand("opencode", runArgs, { timeout: 60000 });
+    }
+    // ========================================================================
+    // Utility Methods
+    // ========================================================================
+    /**
+     * Get the underlying process manager
+     */
+    getProcessManager() {
+        return this._processManager;
+    }
+    /**
+     * Get tool call history
+     */
+    getHistory() {
+        return [...this.toolHistory];
+    }
+    /**
+     * Clear tool call history
+     */
+    clearHistory() {
+        this.toolHistory = [];
+    }
+    /**
+     * Update permission for a tool
+     */
+    setPermission(tool, permission) {
+        this.permissionCache.set(tool, permission);
+    }
+    /**
+     * Check if OpenCode CLI is available by checking its version.
+     */
+    async checkAvailability() {
+        try {
+            const result = await this.runBash("opencode --version", {
+                timeout: 5000,
+            });
+            return result.success;
+        }
+        catch {
+            return false;
+        }
+    }
+    /**
+     * Get OpenCode version
+     */
+    async getVersion() {
+        try {
+            const result = await this.runBash("opencode --version", {
+                timeout: 5000,
+            });
+            if (result.success && typeof result.output === "string") {
+                return result.output.trim();
+            }
+            return null;
+        }
+        catch {
+            return null;
+        }
+    }
+    // ========================================================================
+    // Verification Operations (Synapse v4) — Native + opencode run delegation
+    // ========================================================================
+    /**
+     * Verify entire repository.
+     * Delegates to `opencode run` with synapse-analyzer agent.
+     */
+    async verifyRepository(repositoryRoot, options = {}) {
+        const permission = this.checkPermission("verify_repository");
+        if (permission === "deny") {
+            return { success: false, error: "Permission denied: verify_repository" };
+        }
+        let depthInfo = "";
+        if (options.maxAuditDepth)
+            depthInfo = ` (max depth: ${options.maxAuditDepth})`;
+        let failFastInfo = options.failFast ? " — stop on first critical issue" : "";
+        let severityInfo = options.severityThreshold
+            ? ` severity threshold: ${options.severityThreshold}`
+            : "";
+        const verifyPrompt = `Verify the repository at ${repositoryRoot} for correctness, completeness, and security issues.` +
+            `${depthInfo}${severityInfo}${failFastInfo ? ". " + failFastInfo : ""}. ` +
+            `Analyze all source files, check for common bugs, type errors, and logic issues.` +
+            ` Return a structured report of findings.`;
+        const args = ["run", verifyPrompt, "--format", "json"];
+        return this.executeCommand("opencode", args, { timeout: 600000 }); // 10 min
+    }
+    /**
+     * Verify a specific file.
+     * Uses native fs.promises to read and do basic file validation,
+     * then delegates additional analysis to opencode run.
+     */
+    async verifyFile(filePath, options = {}) {
+        const permission = this.checkPermission("verify_file");
+        if (permission === "deny") {
+            return { success: false, error: "Permission denied: verify_file" };
+        }
+        let validatedPath;
+        try {
+            validatedPath = this.validateFilePath(filePath);
+        }
+        catch (error) {
+            return {
+                success: false,
+                error: `Path validation failed: ${error instanceof Error ? error.message : String(error)}`,
+            };
+        }
+        // Basic native validation
+        try {
+            const stats = await fs.stat(validatedPath);
+            const content = await fs.readFile(validatedPath, { encoding: "utf8" });
+            const issues = [];
+            // Check file size
+            if (stats.size > 1000000) {
+                issues.push(`File size (${(stats.size / 1024 / 1024).toFixed(1)}MB) exceeds 1MB`);
+            }
+            // Check for common issues
+            if (content.length === 0) {
+                issues.push("File is empty");
+            }
+            // Build verification context
+            let checkContext = "";
+            if (options.checkRuntime)
+                checkContext += " Check runtime wiring and correctness.";
+            if (options.checkIntegration)
+                checkContext += " Check integration with other modules.";
+            if (options.checkSecurity)
+                checkContext += " Check for security vulnerabilities.";
+            const verifyPrompt = `Analyze the file at ${validatedPath} for issues.${checkContext} Content:\n\n${content.slice(0, 5000)}`;
+            const args = ["run", verifyPrompt, "--format", "json"];
+            return this.executeCommand("opencode", args, { timeout: 120000 });
+        }
+        catch (error) {
+            return {
+                success: false,
+                error: error instanceof Error ? error.message : String(error),
+                metadata: {
+                    executionTime: 0,
+                    toolName: "verify_file",
+                    agentId: "bridge",
+                },
+            };
+        }
+    }
+    /**
+     * Verify specific claims.
+     * Delegates to opencode run with synapse-verifier agent.
+     */
+    async verifyClaim(claims, options = {}) {
+        const permission = this.checkPermission("verify_claim");
+        if (permission === "deny") {
+            return { success: false, error: "Permission denied: verify_claim" };
+        }
+        const claimsList = claims.map((c, i) => `${i + 1}. ${c}`).join("\n");
+        let sourceInfo = options.source
+            ? ` Reference source: ${options.source}.`
+            : "";
+        let crossRefInfo = options.crossReference
+            ? " Cross-reference each claim against the implementation in the codebase."
+            : "";
+        const verifyPrompt = `I need to verify the following claims:${sourceInfo}${crossRefInfo}\n\n${claimsList}\n\n` +
+            `For each claim, check if it is true, partially true, or false. ` +
+            `Provide evidence for your determination.`;
+        const args = ["run", verifyPrompt, "--format", "json"];
+        return this.executeCommand("opencode", args, { timeout: 120000 });
+    }
+    /**
+     * Run recursive audit loop.
+     * Delegates to opencode run for iterative analysis.
+     */
+    async auditRecursive(repositoryRoot, options = {}) {
+        const permission = this.checkPermission("audit_recursive");
+        if (permission === "deny") {
+            return { success: false, error: "Permission denied: audit_recursive" };
+        }
+        let maxPassesInfo = options.maxPasses
+            ? ` maximum ${options.maxPasses} audit passes.`
+            : "";
+        let stopCriticalInfo = options.stopOnCritical
+            ? " Stop immediately if a critical issue is found."
+            : "";
+        const auditPrompt = `Perform a recursive audit of the repository at ${repositoryRoot}.` +
+            `${maxPassesInfo}${stopCriticalInfo} ` +
+            `Scan all source files for bugs, security vulnerabilities, type errors, logic errors, ` +
+            `and violations of best practices. After each pass, fix any issues found and re-audit. ` +
+            `Continue until no issues remain or the maximum pass count is reached.`;
+        const args = ["run", auditPrompt, "--format", "json"];
+        return this.executeCommand("opencode", args, { timeout: 600000 });
+    }
+    /**
+     * Call an OpenCode tool by name with parameters.
+     * Delegates to `opencode run` with the tool name in context.
+     */
+    async callTool(toolCall) {
+        const permission = this.checkPermission(toolCall.tool);
+        if (permission === "deny") {
+            return { success: false, error: `Permission denied: ${toolCall.tool}` };
+        }
+        const startTime = Date.now();
+        const toolName = toolCall.tool;
+        try {
+            const argsString = toolCall.args
+                ? JSON.stringify(toolCall.args)
+                : "{}";
+            const toolPrompt = `Execute tool "${toolName}" with these arguments: ${argsString}. ` +
+                `Return the result in JSON format.`;
+            const result = await new Promise((resolve, reject) => {
+                const proc = spawn("opencode", ["run", toolPrompt, "--format", "json"], {
+                    cwd: this.projectRoot,
+                    env: { ...process.env },
+                    timeout: 300000,
+                });
+                let stdout = "";
+                let stderr = "";
+                proc.stdout?.on("data", (data) => {
+                    stdout += data.toString();
+                });
+                proc.stderr?.on("data", (data) => {
+                    stderr += data.toString();
+                });
+                proc.on("close", (code) => {
+                    resolve({ stdout, stderr, exitCode: code || 0 });
+                });
+                proc.on("error", reject);
+            });
+            const toolCallRecord = {
+                tool: toolName,
+                args: toolCall.args || {},
+                timestamp: startTime,
+                agentId: "bridge",
+            };
+            this.toolHistory.push(toolCallRecord);
+            return {
+                success: result.exitCode === 0,
+                output: result.stdout,
+                error: result.stderr || undefined,
+                metadata: {
+                    executionTime: Date.now() - startTime,
+                    toolName,
+                    agentId: "bridge",
+                },
+            };
+        }
+        catch (error) {
+            return {
+                success: false,
+                error: error instanceof Error ? error.message : String(error),
+                metadata: {
+                    executionTime: Date.now() - startTime,
+                    toolName,
+                    agentId: "bridge",
+                },
+            };
+        }
+    }
+    /**
+     * Get verification report.
+     * Generates report from native data — no CLI delegation.
+     */
+    async getVerificationReport(reportPath) {
+        try {
+            if (reportPath) {
+                const validatedPath = this.validateFilePath(reportPath);
+                const content = await fs.readFile(validatedPath, { encoding: "utf8" });
+                return {
+                    success: true,
+                    output: content,
+                    metadata: {
+                        executionTime: 0,
+                        toolName: "get_verification_report",
+                        agentId: "bridge",
+                    },
+                };
+            }
+            // Generate a summary report from recent tool history
+            const recentTools = this.toolHistory.slice(-20);
+            const report = {
+                generatedAt: new Date().toISOString(),
+                toolCalls: recentTools.length,
+                recentOperations: recentTools.map((t) => ({
+                    tool: t.tool,
+                    timestamp: new Date(t.timestamp).toISOString(),
+                })),
+            };
+            return {
+                success: true,
+                output: JSON.stringify(report, null, 2),
+                metadata: {
+                    executionTime: 0,
+                    toolName: "get_verification_report",
+                    agentId: "bridge",
+                },
+            };
+        }
+        catch (error) {
+            return {
+                success: false,
+                error: error instanceof Error ? error.message : String(error),
+                metadata: {
+                    executionTime: 0,
+                    toolName: "get_verification_report",
+                    agentId: "bridge",
+                },
+            };
+        }
+    }
+    /**
+     * Cross-reference claims with implementation.
+     * Delegates to opencode run for analysis.
+     */
+    async crossReference(source, target) {
+        const xrefPrompt = `Cross-reference the following source against the target to check consistency:\n\n` +
+            `Source: ${source}\n\nTarget: ${target}\n\n` +
+            `Check if the source claims are implemented in the target. ` +
+            `Report any discrepancies, missing implementations, or inconsistencies.`;
+        const args = ["run", xrefPrompt, "--format", "json"];
+        return this.executeCommand("opencode", args, { timeout: 60000 });
+    }
+}
+// ============================================================================
+// Helper Functions
+// ============================================================================
+/**
+ * Simple glob pattern matching (supports * and ? wildcards).
+ */
+function simpleGlobMatch(name, pattern) {
+    // Convert glob pattern to regex
+    const regexStr = pattern
+        .replace(/\./g, "\\.")
+        .replace(/\*/g, ".*")
+        .replace(/\?/g, ".");
+    try {
+        return new RegExp(`^${regexStr}$`).test(name);
+    }
+    catch {
+        return name.includes(pattern);
+    }
+}
+/**
+ * Recursively walk a directory tree, calling callback for each file.
+ * Skips node_modules, .git, dist, and other common excluded dirs.
+ */
+async function walkDirectory(dirPath, callback) {
+    const excludeDirs = new Set([
+        "node_modules",
+        ".git",
+        "dist",
+        ".next",
+        "build",
+        "coverage",
+        ".cache",
+        "target",
+        "__pycache__",
+        ".opencode",
+    ]);
+    try {
+        const entries = await fs.readdir(dirPath, { withFileTypes: true });
+        for (const entry of entries) {
+            const fullPath = path.join(dirPath, entry.name);
+            if (entry.isDirectory()) {
+                if (!excludeDirs.has(entry.name)) {
+                    await walkDirectory(fullPath, callback);
+                }
+            }
+            else if (entry.isFile()) {
+                await callback(fullPath);
+            }
+        }
+    }
+    catch {
+        // Skip directories we can't read
+    }
+}
+// ============================================================================
+// Factory Function
+// ============================================================================
+export function createToolBridge(config) {
+    return new OpenCodeToolBridge(config);
+}
+// ============================================================================
+// Standalone Tool Functions (for use by verification modules)
+//
+// These are convenience wrappers that delegate to a default bridge instance.
+// The bridge instance is lazily created on first use.
+// ============================================================================
+let defaultToolBridge = null;
+function getDefaultBridge() {
+    if (!defaultToolBridge) {
+        defaultToolBridge = createToolBridge();
+    }
+    return defaultToolBridge;
+}
+export async function readFile(filePath, options) {
+    return getDefaultBridge().readFile(filePath, options);
+}
+export async function readFileContent(filePath) {
+    return getDefaultBridge().readFileContent(filePath);
+}
+export async function writeFile(filePath, content, options) {
+    return getDefaultBridge().writeFile(filePath, content, options);
+}
+export async function editFile(filePath, oldString, newString) {
+    return getDefaultBridge().editFile(filePath, oldString, newString);
+}
+export async function listDir(dirPath, options) {
+    return getDefaultBridge().listDir(dirPath, options);
+}
+export async function searchFiles(pattern, options) {
+    return getDefaultBridge().searchFiles(pattern, options);
+}
+export async function fileSearch(pattern, options) {
+    return getDefaultBridge().fileSearch(pattern, options);
+}
+export async function runBash(command, options) {
+    return getDefaultBridge().runBash(command, options);
+}
+export async function webSearch(query, options) {
+    return getDefaultBridge().webSearch(query, options);
+}
+export async function grep(pattern, options) {
+    const result = await getDefaultBridge().searchFiles(pattern, options);
+    if (result.success && typeof result.output === "string") {
+        return result.output.split("\n").filter(line => line.trim());
+    }
+    return [];
+}
+export async function glob(options) {
+    const result = await getDefaultBridge().fileSearch(options.pattern, { path: options.path });
+    if (result.success && typeof result.output === "string") {
+        return result.output.split("\n").filter(line => line.trim());
+    }
+    return [];
+}
+// ============================================================================
+// Default Export
+// ============================================================================
+export default OpenCodeToolBridge;
+//# sourceMappingURL=tool-bridge.js.map