token-pilot 0.19.2 → 0.22.2

package/dist/core/session-registry.d.ts

@@ -0,0 +1,43 @@
+/**
+ * TP-69m — session-scoped ContextRegistry.
+ *
+ * The single `ContextRegistry` lived for the MCP server process lifetime,
+ * so a restart — or the way Claude Code spawns short-lived server
+ * instances — threw away "already loaded X" knowledge. This manager keeps
+ * one registry per `session_id`, persists each to disk under
+ * `.token-pilot/context-registries/<id>.json`, and LRU-evicts cold
+ * sessions from memory.
+ *
+ * Session IDs that fail slug validation (empty, traversal, path separators)
+ * get an ephemeral registry that is never persisted — a safe fallback for
+ * callers that don't know their session_id yet.
+ */
+import { ContextRegistry } from "./context-registry.js";
+export declare const REGISTRIES_SUBDIR = ".token-pilot/context-registries";
+export interface SessionRegistryManagerOptions {
+    inMemoryCap?: number;
+}
+export declare class SessionRegistryManager {
+    private readonly projectRoot;
+    private readonly inMemoryCap;
+    /** Insertion order = LRU order (re-insert on access). */
+    private readonly live;
+    /** Ephemeral (unsafe-id / empty) registries are kept apart from the LRU. */
+    private readonly ephemeral;
+    constructor(projectRoot: string, opts?: SessionRegistryManagerOptions);
+    /**
+     * Return the registry associated with a session id, creating / loading
+     * as needed. Ephemeral for unsafe ids; otherwise LRU-cached and
+     * disk-backed.
+     */
+    getFor(sessionId: string): ContextRegistry;
+    /** Flush one session's registry to disk. Silent on failure. */
+    flush(sessionId: string): Promise<void>;
+    /** Flush every live registry. Called on server shutdown. */
+    flushAll(): Promise<void>;
+    /** LRU insertion-order snapshot of in-memory session ids (for tests). */
+    inMemoryIds(): string[];
+    private pathFor;
+    private evict;
+}
+//# sourceMappingURL=session-registry.d.ts.map

package/dist/core/session-registry.js

@@ -0,0 +1,113 @@
+/**
+ * TP-69m — session-scoped ContextRegistry.
+ *
+ * The single `ContextRegistry` lived for the MCP server process lifetime,
+ * so a restart — or the way Claude Code spawns short-lived server
+ * instances — threw away "already loaded X" knowledge. This manager keeps
+ * one registry per `session_id`, persists each to disk under
+ * `.token-pilot/context-registries/<id>.json`, and LRU-evicts cold
+ * sessions from memory.
+ *
+ * Session IDs that fail slug validation (empty, traversal, path separators)
+ * get an ephemeral registry that is never persisted — a safe fallback for
+ * callers that don't know their session_id yet.
+ */
+import { promises as fs, readFileSync } from "node:fs";
+import { join } from "node:path";
+import { ContextRegistry } from "./context-registry.js";
+export const REGISTRIES_SUBDIR = ".token-pilot/context-registries";
+const SAFE_ID_RE = /^[A-Za-z0-9._-]+$/;
+export class SessionRegistryManager {
+    projectRoot;
+    inMemoryCap;
+    /** Insertion order = LRU order (re-insert on access). */
+    live = new Map();
+    /** Ephemeral (unsafe-id / empty) registries are kept apart from the LRU. */
+    ephemeral = new Map();
+    constructor(projectRoot, opts = {}) {
+        this.projectRoot = projectRoot;
+        this.inMemoryCap = opts.inMemoryCap ?? 8;
+    }
+    /**
+     * Return the registry associated with a session id, creating / loading
+     * as needed. Ephemeral for unsafe ids; otherwise LRU-cached and
+     * disk-backed.
+     */
+    getFor(sessionId) {
+        if (!isSafeId(sessionId)) {
+            let reg = this.ephemeral.get(sessionId);
+            if (!reg) {
+                reg = new ContextRegistry();
+                this.ephemeral.set(sessionId, reg);
+            }
+            return reg;
+        }
+        const existing = this.live.get(sessionId);
+        if (existing) {
+            // Refresh LRU position.
+            this.live.delete(sessionId);
+            this.live.set(sessionId, existing);
+            return existing;
+        }
+        const reg = new ContextRegistry();
+        // Best-effort sync load from disk — hook path cannot await.
+        const path = this.pathFor(sessionId);
+        try {
+            const raw = readFileSync(path, "utf-8");
+            reg.loadSnapshot(JSON.parse(raw));
+        }
+        catch {
+            /* no prior state, or corrupt file — start empty */
+        }
+        this.live.set(sessionId, reg);
+        this.evict();
+        return reg;
+    }
+    /** Flush one session's registry to disk. Silent on failure. */
+    async flush(sessionId) {
+        if (!isSafeId(sessionId))
+            return;
+        const reg = this.live.get(sessionId);
+        if (!reg)
+            return;
+        const path = this.pathFor(sessionId);
+        try {
+            await fs.mkdir(join(this.projectRoot, REGISTRIES_SUBDIR), {
+                recursive: true,
+            });
+            await fs.writeFile(path, JSON.stringify(reg.toSnapshot()));
+        }
+        catch {
+            /* best-effort */
+        }
+    }
+    /** Flush every live registry. Called on server shutdown. */
+    async flushAll() {
+        const ids = Array.from(this.live.keys());
+        for (const id of ids)
+            await this.flush(id);
+    }
+    /** LRU insertion-order snapshot of in-memory session ids (for tests). */
+    inMemoryIds() {
+        return Array.from(this.live.keys());
+    }
+    pathFor(sessionId) {
+        return join(this.projectRoot, REGISTRIES_SUBDIR, `${sessionId}.json`);
+    }
+    evict() {
+        while (this.live.size > this.inMemoryCap) {
+            const oldest = this.live.keys().next().value;
+            if (!oldest)
+                break;
+            // Best-effort async flush before dropping from memory.
+            void this.flush(oldest);
+            this.live.delete(oldest);
+        }
+    }
+}
+function isSafeId(id) {
+    if (!id)
+        return false;
+    return SAFE_ID_RE.test(id);
+}
+//# sourceMappingURL=session-registry.js.map

package/dist/core/session-savings.d.ts

@@ -0,0 +1,19 @@
+/**
+ * Sum `savedTokens` for all hook-events matching a given session_id.
+ *
+ * Used by the adaptive-threshold path to estimate how much of the
+ * session's context budget has already been burned. Sync implementation
+ * because the hook process is short-lived and a blocking read is
+ * simpler than pulling in async plumbing.
+ *
+ * Silent on every error — telemetry must never break the hook.
+ */
+export declare function loadSessionSavedTokens(projectRoot: string, sessionId: string): number;
+export interface SessionStats {
+    savedTokens: number;
+    eventCount: number;
+    firstTsMs: number | null;
+    lastTsMs: number | null;
+}
+export declare function loadSessionStats(projectRoot: string, sessionId: string): SessionStats;
+//# sourceMappingURL=session-savings.d.ts.map

package/dist/core/session-savings.js

@@ -0,0 +1,60 @@
+/**
+ * Sum `savedTokens` for all hook-events matching a given session_id.
+ *
+ * Used by the adaptive-threshold path to estimate how much of the
+ * session's context budget has already been burned. Sync implementation
+ * because the hook process is short-lived and a blocking read is
+ * simpler than pulling in async plumbing.
+ *
+ * Silent on every error — telemetry must never break the hook.
+ */
+import { readFileSync } from "node:fs";
+import { join } from "node:path";
+export function loadSessionSavedTokens(projectRoot, sessionId) {
+    return loadSessionStats(projectRoot, sessionId).savedTokens;
+}
+export function loadSessionStats(projectRoot, sessionId) {
+    const empty = {
+        savedTokens: 0,
+        eventCount: 0,
+        firstTsMs: null,
+        lastTsMs: null,
+    };
+    if (!sessionId)
+        return empty;
+    const path = join(projectRoot, ".token-pilot", "hook-events.jsonl");
+    let raw;
+    try {
+        raw = readFileSync(path, "utf-8");
+    }
+    catch {
+        return empty;
+    }
+    let savedTokens = 0;
+    let eventCount = 0;
+    let firstTsMs = null;
+    let lastTsMs = null;
+    for (const line of raw.split("\n")) {
+        if (!line.trim())
+            continue;
+        try {
+            const e = JSON.parse(line);
+            if (e.session_id !== sessionId)
+                continue;
+            if (typeof e.savedTokens === "number")
+                savedTokens += e.savedTokens;
+            eventCount += 1;
+            if (typeof e.ts === "number") {
+                if (firstTsMs == null || e.ts < firstTsMs)
+                    firstTsMs = e.ts;
+                if (lastTsMs == null || e.ts > lastTsMs)
+                    lastTsMs = e.ts;
+            }
+        }
+        catch {
+            /* skip malformed */
+        }
+    }
+    return { savedTokens, eventCount, firstTsMs, lastTsMs };
+}
+//# sourceMappingURL=session-savings.js.map

package/dist/handlers/session-budget.d.ts

@@ -0,0 +1,32 @@
+/**
+ * TP-hsz — `session_budget` MCP tool.
+ *
+ * Reports *hook pressure* for the current session: the total tokens the
+ * Read-hook has suppressed so far (`savedTokens` in hook-events.jsonl)
+ * divided by a configurable reference budget. This is a proxy for "how
+ * chatty is the agent being with big files", not a measurement of the
+ * Claude Code context window itself — Token Pilot has no visibility into
+ * what the model actually has in context.
+ *
+ * The adaptive threshold curve uses this same signal to tighten when
+ * pressure is high, so `burnFraction` here matches what the hook sees.
+ * An agent that Reads many files with bounded `offset/limit` will see a
+ * low `burnFraction` even if its context is nearly full — the budget is
+ * about Token Pilot interventions, not total window occupancy.
+ */
+export interface SessionBudgetArgs {
+    sessionId: string;
+}
+export interface SessionBudgetConfig {
+    baseThreshold: number;
+    adaptiveThreshold: boolean;
+    adaptiveBudgetTokens: number;
+}
+export interface SessionBudgetResult {
+    content: Array<{
+        type: "text";
+        text: string;
+    }>;
+}
+export declare function handleSessionBudget(args: SessionBudgetArgs, projectRoot: string, cfg: SessionBudgetConfig): Promise<SessionBudgetResult>;
+//# sourceMappingURL=session-budget.d.ts.map

package/dist/handlers/session-budget.js

@@ -0,0 +1,61 @@
+/**
+ * TP-hsz — `session_budget` MCP tool.
+ *
+ * Reports *hook pressure* for the current session: the total tokens the
+ * Read-hook has suppressed so far (`savedTokens` in hook-events.jsonl)
+ * divided by a configurable reference budget. This is a proxy for "how
+ * chatty is the agent being with big files", not a measurement of the
+ * Claude Code context window itself — Token Pilot has no visibility into
+ * what the model actually has in context.
+ *
+ * The adaptive threshold curve uses this same signal to tighten when
+ * pressure is high, so `burnFraction` here matches what the hook sees.
+ * An agent that Reads many files with bounded `offset/limit` will see a
+ * low `burnFraction` even if its context is nearly full — the budget is
+ * about Token Pilot interventions, not total window occupancy.
+ */
+import { loadSessionStats } from "../core/session-savings.js";
+import { computeEffectiveThreshold } from "../hooks/adaptive-threshold.js";
+export async function handleSessionBudget(args, projectRoot, cfg) {
+    const sessionId = args.sessionId ?? "";
+    const stats = loadSessionStats(projectRoot, sessionId);
+    const savedTokens = stats.savedTokens;
+    const budget = cfg.adaptiveBudgetTokens > 0 ? cfg.adaptiveBudgetTokens : 0;
+    const burnRaw = budget > 0 ? savedTokens / budget : 0;
+    const burnFraction = Math.min(1, Math.max(0, burnRaw));
+    const effectiveThreshold = computeEffectiveThreshold({
+        baseThreshold: cfg.baseThreshold,
+        sessionSavedTokens: savedTokens,
+        sessionBudgetTokens: budget,
+        enabled: cfg.adaptiveThreshold,
+    });
+    // Time-to-compact projection. Silent (null fields) when we lack data.
+    let avgSavedPerEvent = null;
+    let eventsUntilExhaustion = null;
+    if (stats.eventCount > 0 && savedTokens > 0) {
+        avgSavedPerEvent = savedTokens / stats.eventCount;
+        if (budget > 0 && avgSavedPerEvent > 0) {
+            const remaining = Math.max(0, budget - savedTokens);
+            eventsUntilExhaustion = Math.floor(remaining / avgSavedPerEvent);
+        }
+    }
+    const payload = {
+        semantics: "burnFraction is hook-suppression pressure, NOT context-window occupancy. See session-budget.ts docs.",
+        sessionId,
+        savedTokens,
+        budgetTokens: budget,
+        burnFraction: Number(burnFraction.toFixed(4)),
+        baseThreshold: cfg.baseThreshold,
+        effectiveThreshold,
+        adaptive: cfg.adaptiveThreshold,
+        eventCount: stats.eventCount,
+        avgSavedPerEvent: avgSavedPerEvent != null ? Math.round(avgSavedPerEvent) : null,
+        eventsUntilExhaustion,
+        firstEventMs: stats.firstTsMs,
+        lastEventMs: stats.lastTsMs,
+    };
+    return {
+        content: [{ type: "text", text: JSON.stringify(payload, null, 2) }],
+    };
+}
+//# sourceMappingURL=session-budget.js.map

package/dist/handlers/session-snapshot-persist.d.ts

@@ -0,0 +1,22 @@
+export declare const SNAPSHOT_SUBDIR = ".token-pilot/snapshots";
+export declare const LATEST_FILE = "latest.md";
+export declare const MAX_ARCHIVED_SNAPSHOTS = 10;
+export interface PersistSnapshotInput {
+    projectRoot: string;
+    body: string;
+    /** For deterministic tests; defaults to `new Date()`. */
+    now?: Date;
+}
+export interface PersistSnapshotResult {
+    archivedPath: string | null;
+    latestPath: string;
+}
+export declare function persistSnapshot(input: PersistSnapshotInput): Promise<PersistSnapshotResult>;
+export interface LoadedSnapshot {
+    body: string;
+    mtimeMs: number;
+    ageMs: number;
+    path: string;
+}
+export declare function loadLatestSnapshot(projectRoot: string): Promise<LoadedSnapshot | null>;
+//# sourceMappingURL=session-snapshot-persist.d.ts.map

package/dist/handlers/session-snapshot-persist.js

@@ -0,0 +1,76 @@
+/**
+ * TP-340 — persistence layer for session_snapshot.
+ *
+ * When an agent calls `session_snapshot` we save the rendered block to
+ *   `.token-pilot/snapshots/<iso>.md`          (archived history)
+ *   `.token-pilot/snapshots/latest.md`         (always the newest)
+ *
+ * A SessionStart hook later reads `latest.md` and surfaces a short pointer
+ * so the next Claude Code turn after compaction / `/clear` / a new window
+ * can pick the thread back up without re-hydrating context manually.
+ *
+ * Retention: keep the last `MAX_ARCHIVED_SNAPSHOTS` (oldest trimmed first).
+ */
+import { promises as fs } from "node:fs";
+import { join } from "node:path";
+export const SNAPSHOT_SUBDIR = ".token-pilot/snapshots";
+export const LATEST_FILE = "latest.md";
+export const MAX_ARCHIVED_SNAPSHOTS = 10;
+function formatIsoStamp(d) {
+    // Safe-for-filename ISO: 2026-04-18T12-00-00Z
+    return d.toISOString().replace(/:/g, "-").replace(/\..+/, "Z");
+}
+export async function persistSnapshot(input) {
+    const now = input.now ?? new Date();
+    const dir = join(input.projectRoot, SNAPSHOT_SUBDIR);
+    await fs.mkdir(dir, { recursive: true });
+    const stamp = formatIsoStamp(now);
+    const archivedPath = join(dir, `${stamp}.md`);
+    const latestPath = join(dir, LATEST_FILE);
+    await fs.writeFile(archivedPath, input.body);
+    await fs.writeFile(latestPath, input.body);
+    await trimArchive(dir);
+    return { archivedPath, latestPath };
+}
+async function trimArchive(dir) {
+    let entries;
+    try {
+        entries = await fs.readdir(dir);
+    }
+    catch {
+        return;
+    }
+    const archived = entries
+        .filter((n) => n.endsWith(".md") && n !== LATEST_FILE)
+        .sort(); // ISO-stamped names sort chronologically
+    if (archived.length <= MAX_ARCHIVED_SNAPSHOTS)
+        return;
+    const excess = archived.length - MAX_ARCHIVED_SNAPSHOTS;
+    for (let i = 0; i < excess; i++) {
+        try {
+            await fs.unlink(join(dir, archived[i]));
+        }
+        catch {
+            /* best effort */
+        }
+    }
+}
+export async function loadLatestSnapshot(projectRoot) {
+    const path = join(projectRoot, SNAPSHOT_SUBDIR, LATEST_FILE);
+    try {
+        const [body, s] = await Promise.all([
+            fs.readFile(path, "utf-8"),
+            fs.stat(path),
+        ]);
+        return {
+            body,
+            mtimeMs: s.mtimeMs,
+            ageMs: Math.max(0, Date.now() - s.mtimeMs),
+            path,
+        };
+    }
+    catch {
+        return null;
+    }
+}
+//# sourceMappingURL=session-snapshot-persist.js.map

package/dist/hooks/adaptive-threshold.d.ts

@@ -0,0 +1,27 @@
+/**
+ * Adaptive threshold: lower the effective denyThreshold as the Read-hook
+ * sees more suppressed-token activity in this session, so large-file reads
+ * become stricter the chattier the agent has been with big files.
+ *
+ * Piecewise curve, opt-in only:
+ *   pressure <  30% of budget → base threshold unchanged
+ *   pressure ≥  30%, < 60%    → base × 0.75
+ *   pressure ≥  60%, < 80%    → base × 0.5
+ *   pressure ≥  80%           → base × 0.3 (minimum 50 lines)
+ *
+ * Burn fraction = sessionSavedTokens / sessionBudgetTokens, where
+ * `sessionSavedTokens` is the sum of `savedTokens` entries in
+ * hook-events.jsonl for the current session_id. This is a PROXY for how
+ * aggressively the agent has been trying to pull large files, not a
+ * measurement of Claude Code's actual context-window occupancy — Token
+ * Pilot has no visibility into that. If the agent reads many files with
+ * bounded `offset/limit`, none of that contributes to the burn signal.
+ */
+export interface AdaptiveThresholdInput {
+    baseThreshold: number;
+    sessionSavedTokens: number;
+    sessionBudgetTokens: number;
+    enabled: boolean;
+}
+export declare function computeEffectiveThreshold(input: AdaptiveThresholdInput): number;
+//# sourceMappingURL=adaptive-threshold.d.ts.map

package/dist/hooks/adaptive-threshold.js

@@ -0,0 +1,46 @@
+/**
+ * Adaptive threshold: lower the effective denyThreshold as the Read-hook
+ * sees more suppressed-token activity in this session, so large-file reads
+ * become stricter the chattier the agent has been with big files.
+ *
+ * Piecewise curve, opt-in only:
+ *   pressure <  30% of budget → base threshold unchanged
+ *   pressure ≥  30%, < 60%    → base × 0.75
+ *   pressure ≥  60%, < 80%    → base × 0.5
+ *   pressure ≥  80%           → base × 0.3 (minimum 50 lines)
+ *
+ * Burn fraction = sessionSavedTokens / sessionBudgetTokens, where
+ * `sessionSavedTokens` is the sum of `savedTokens` entries in
+ * hook-events.jsonl for the current session_id. This is a PROXY for how
+ * aggressively the agent has been trying to pull large files, not a
+ * measurement of Claude Code's actual context-window occupancy — Token
+ * Pilot has no visibility into that. If the agent reads many files with
+ * bounded `offset/limit`, none of that contributes to the burn signal.
+ */
+const MIN_FLOOR_LINES = 50;
+export function computeEffectiveThreshold(input) {
+    const { baseThreshold, sessionSavedTokens, sessionBudgetTokens, enabled } = input;
+    if (!enabled)
+        return baseThreshold;
+    if (!Number.isFinite(sessionBudgetTokens) || sessionBudgetTokens <= 0) {
+        return baseThreshold;
+    }
+    if (!Number.isFinite(sessionSavedTokens) || sessionSavedTokens <= 0) {
+        return baseThreshold;
+    }
+    const burn = sessionSavedTokens / sessionBudgetTokens;
+    let multiplier;
+    if (burn < 0.3)
+        multiplier = 1;
+    else if (burn < 0.6)
+        multiplier = 0.75;
+    else if (burn < 0.8)
+        multiplier = 0.5;
+    else
+        multiplier = 0.3;
+    const scaled = Math.round(baseThreshold * multiplier);
+    if (multiplier === 1)
+        return baseThreshold;
+    return Math.max(scaled, MIN_FLOOR_LINES);
+}
+//# sourceMappingURL=adaptive-threshold.js.map

package/dist/hooks/format-deny-message.d.ts

@@ -0,0 +1,21 @@
+/**
+ * Render a HookSummary into the body of a PreToolUse deny message.
+ *
+ * The formatted string becomes `hookSpecificOutput.permissionDecisionReason`
+ * when the hook decides to block a Read. It is the ONLY output the agent
+ * sees for the blocked call, so it carries both the structural summary and
+ * the escape-hatch instructions.
+ *
+ * Kept separate from the hook entry point for unit-testability.
+ */
+import type { HookSummary } from "./summary-types.js";
+import type { PipelineTier } from "./summary-pipeline.js";
+export interface FormatOptions {
+    filePath: string;
+    summary: HookSummary;
+    tier: PipelineTier;
+    /** Soft cap on the rendered message token count (estimated). Default 1200. */
+    maxTokens?: number;
+}
+export declare function formatDenyMessage(opts: FormatOptions): string;
+//# sourceMappingURL=format-deny-message.d.ts.map

package/dist/hooks/format-deny-message.js

@@ -0,0 +1,147 @@
+/**
+ * Render a HookSummary into the body of a PreToolUse deny message.
+ *
+ * The formatted string becomes `hookSpecificOutput.permissionDecisionReason`
+ * when the hook decides to block a Read. It is the ONLY output the agent
+ * sees for the blocked call, so it carries both the structural summary and
+ * the escape-hatch instructions.
+ *
+ * Kept separate from the hook entry point for unit-testability.
+ */
+const DEFAULT_MAX_TOKENS = 1200;
+function estimateTokens(text) {
+    if (text.length === 0)
+        return 0;
+    const charEstimate = Math.ceil(text.length / 4);
+    const whitespaceRatio = (text.match(/\s/g)?.length ?? 0) / text.length;
+    const adjustment = 1 - whitespaceRatio * 0.3;
+    return Math.ceil(charEstimate * adjustment);
+}
+function formatSignalLine(s) {
+    return `L${s.line}: ${s.text}`;
+}
+function header(opts) {
+    const { filePath, summary } = opts;
+    return (`File "${filePath}" has ${summary.totalLines} lines (~${summary.estimatedTokens} tokens).\n` +
+        `Read denied to save context; structural summary follows.`);
+}
+function footer() {
+    return [
+        "How to proceed:",
+        "- Structural overview (preferred): mcp__token-pilot__smart_read(path).",
+        "- For specific lines: Read(path, offset, limit) — bounded reads are passed through.",
+        "- For a single symbol: mcp__token-pilot__read_symbol(path, name).",
+        "- For edit context: mcp__token-pilot__read_for_edit(path, symbol).",
+        "- Full read (expensive): set TOKEN_PILOT_BYPASS=1 for this session.",
+    ].join("\n");
+}
+function partition(signals) {
+    const sections = {
+        imports: [],
+        exports: [],
+        declarations: [],
+        raws: [],
+    };
+    for (const s of signals) {
+        if (s.kind === "import")
+            sections.imports.push(s);
+        else if (s.kind === "export")
+            sections.exports.push(s);
+        else if (s.kind === "raw")
+            sections.raws.push(s);
+        else
+            sections.declarations.push(s);
+    }
+    return sections;
+}
+function renderSections(sections, note) {
+    const lines = [];
+    let signalLineCount = 0;
+    if (note) {
+        lines.push(`Note: ${note}`);
+        lines.push("");
+    }
+    if (sections.imports.length > 0) {
+        lines.push("=== Imports ===");
+        sections.imports.forEach((s) => {
+            lines.push(formatSignalLine(s));
+            signalLineCount++;
+        });
+        lines.push("");
+    }
+    if (sections.exports.length > 0) {
+        lines.push("=== Exports / Public symbols ===");
+        sections.exports.forEach((s) => {
+            lines.push(formatSignalLine(s));
+            signalLineCount++;
+        });
+        lines.push("");
+    }
+    if (sections.declarations.length > 0) {
+        lines.push("=== Declarations ===");
+        sections.declarations.forEach((s) => {
+            lines.push(formatSignalLine(s));
+            signalLineCount++;
+        });
+        lines.push("");
+    }
+    if (sections.raws.length > 0) {
+        lines.push("=== Content preview (head + tail) ===");
+        sections.raws.forEach((s) => {
+            lines.push(formatSignalLine(s));
+            signalLineCount++;
+        });
+        lines.push("");
+    }
+    return { body: lines.join("\n"), signalLineCount };
+}
+export function formatDenyMessage(opts) {
+    const maxTokens = opts.maxTokens ?? DEFAULT_MAX_TOKENS;
+    // Build with full signal list first.
+    let sections = partition(opts.summary.signals);
+    let { body } = renderSections(sections, opts.summary.note);
+    let message = [header(opts), "", body, footer()].join("\n");
+    let trimmed = false;
+    // If we overflow, drop signals from the END of each section in lockstep
+    // until we fit. Keeps the overall signal distribution intact.
+    while (estimateTokens(message) > maxTokens) {
+        const totalSignals = sections.imports.length +
+            sections.exports.length +
+            sections.declarations.length +
+            sections.raws.length;
+        if (totalSignals === 0)
+            break;
+        // Trim 10 % of remaining signals per pass (minimum 1) to converge quickly.
+        const drop = Math.max(1, Math.floor(totalSignals * 0.1));
+        let toDrop = drop;
+        for (const bucket of [
+            "raws",
+            "declarations",
+            "exports",
+            "imports",
+        ]) {
+            while (toDrop > 0 && sections[bucket].length > 0) {
+                sections[bucket].pop();
+                toDrop--;
+            }
+            if (toDrop === 0)
+                break;
+        }
+        trimmed = true;
+        ({ body } = renderSections(sections, opts.summary.note));
+        message = [header(opts), "", body, footer()].join("\n");
+    }
+    if (trimmed) {
+        const trimmedNote = "\n(trimmed to fit budget; call mcp__token-pilot__outline(path) for full structure)";
+        message = [
+            header(opts),
+            "",
+            body.trimEnd(),
+            trimmedNote,
+            "",
+            footer(),
+        ].join("\n");
+    }
+    return message;
+}
+//# sourceMappingURL=format-deny-message.js.map