vigthoria-cli 1.6.21 → 1.6.22

package/dist/commands/chat.d.ts

@@ -15,6 +15,7 @@ interface ChatOptions {
     stream?: boolean;
     prompt?: string;
     json?: boolean;
+    bridge?: string;
 }
 export declare class ChatCommand {
     private config;
@@ -64,6 +65,8 @@ export declare class ChatCommand {
     private updateOperatorSpinner;
     constructor(config: Config, logger: Logger);
     run(options: ChatOptions): Promise<void>;
+    /** Handle an inbound admin command from the Commando Bridge. */
+    private handleAdminCommand;
     private ensureProjectWorkspace;
     private resolveProjectPath;
     private shouldUseManagedWorkspace;

package/dist/commands/chat.js

@@ -46,6 +46,7 @@ const logger_js_1 = require("../utils/logger.js");
 const api_js_1 = require("../utils/api.js");
 const tools_js_1 = require("../utils/tools.js");
 const session_js_1 = require("../utils/session.js");
+const bridge_client_js_1 = require("../utils/bridge-client.js");
 const DEFAULT_V3_AGENT_TIMEOUT_MS = (() => {
     const rawValue = process.env.VIGTHORIA_AGENT_TIMEOUT_MS || process.env.V3_AGENT_TIMEOUT_MS || '3900000';
     const parsed = Number.parseInt(rawValue, 10);
@@ -395,6 +396,21 @@ class ChatCommand {
         this.directToolContinuationCount = 0;
         this.tools = new tools_js_1.AgenticTools(this.logger, this.currentProjectPath, async (action) => this.requestPermission(action), this.autoApprove);
         this.initializeSession(options.resume === true);
+        // ── Commando Bridge: connect if --bridge was specified ──────────
+        if (options.bridge) {
+            const bridgeClient = new bridge_client_js_1.BridgeClient({
+                bridgeUrl: options.bridge,
+                apiKey: this.config.get('authToken'),
+                onAdminCommand: (cmd) => this.handleAdminCommand(cmd),
+            });
+            await bridgeClient.connect();
+            const mode = this.operatorMode ? 'operator' : this.agentMode ? 'agent' : 'chat';
+            bridgeClient.emitStart({
+                command: mode,
+                flags: { model: this.currentModel, agent: this.agentMode, operator: this.operatorMode, autoApprove: this.autoApprove },
+                cwd: this.currentProjectPath,
+            });
+        }
         if (this.operatorMode && !this.hasOperatorAccess()) {
             if (this.currentSession) {
                 this.currentSession.operatorMode = false;
@@ -406,9 +422,35 @@ class ChatCommand {
         }
         if (options.prompt) {
             await this.handleDirectPrompt(options.prompt);
+            (0, bridge_client_js_1.getBridgeClient)()?.emitEnd({ reason: 'prompt-complete' });
             return;
         }
         await this.startInteractiveChat();
+        (0, bridge_client_js_1.getBridgeClient)()?.emitEnd({ reason: 'interactive-exit' });
+    }
+    /** Handle an inbound admin command from the Commando Bridge. */
+    handleAdminCommand(cmd) {
+        switch (cmd.action) {
+            case 'ping':
+                (0, bridge_client_js_1.getBridgeClient)()?.emitModelResponse({ model: this.currentModel, chars: 0, hasToolCalls: false, preview: 'pong' });
+                break;
+            case 'set-model':
+                if (cmd.params?.value && typeof cmd.params.value === 'string') {
+                    this.currentModel = cmd.params.value;
+                    (0, bridge_client_js_1.getBridgeClient)()?.emitModeChange({ mode: this.operatorMode ? 'operator' : this.agentMode ? 'agent' : 'chat', model: this.currentModel });
+                    if (!this.jsonOutput)
+                        console.log(chalk_1.default.yellow(`[bridge] Model changed to: ${this.currentModel}`));
+                }
+                break;
+            case 'abort':
+                if (!this.jsonOutput)
+                    console.log(chalk_1.default.red(`[bridge] Abort requested by admin`));
+                (0, bridge_client_js_1.getBridgeClient)()?.emitEnd({ reason: 'admin-abort' });
+                process.exit(0);
+                break;
+            default:
+                (0, bridge_client_js_1.getBridgeClient)()?.emitError({ message: `Unknown admin command: ${cmd.action}` });
+        }
     }
     ensureProjectWorkspace() {
         if (fs.existsSync(this.currentProjectPath)) {
@@ -635,12 +677,37 @@ class ChatCommand {
             this.logger.error(this.operatorAccessMessage());
             return;
         }
+        (0, bridge_client_js_1.getBridgeClient)()?.emitPrompt({ prompt, mode: 'operator', model: this.currentModel });
         const runtimeContext = await this.getPromptRuntimeContext(prompt);
         const spinner = this.jsonOutput ? null : (0, logger_js_1.createSpinner)({ text: 'Thinking like an operator...', spinner: 'clock' }).start();
-        const executionPrompt = this.buildExecutionPrompt(prompt);
-        const workflowType = this.isDiagnosticPrompt(prompt) || this.isAnalysisLookupPrompt(prompt)
+        const isLookup = this.isAnalysisLookupPrompt(prompt);
+        const workflowType = this.isDiagnosticPrompt(prompt) || isLookup
             ? 'analysis_only'
             : 'full_autonomy';
+        // For lightweight lookup tasks, prepend a grounding constraint so
+        // the operator returns a concise answer rather than a verbose report.
+        let executionPrompt = this.buildExecutionPrompt(prompt);
+        if (isLookup) {
+            // Inject workspace file listing into the prompt so the operator
+            // can answer "which file defines X" without a full agent loop.
+            let fileListing = '';
+            try {
+                const snapshot = this.api.getAgentWorkspaceSnapshot(this.currentProjectPath);
+                if (snapshot && snapshot.paths.length > 0) {
+                    fileListing = '\n\nWorkspace file listing:\n' + snapshot.paths.slice(0, 80).join('\n');
+                }
+            }
+            catch { /* ignore */ }
+            executionPrompt = [
+                'INSTRUCTION: This is a lightweight lookup task. Return ONLY the concise answer the user asked for.',
+                'Do NOT produce a certification report, audit, or analysis blob.',
+                'Do NOT return files_analyzed counts or summary statistics.',
+                'Just answer the question directly.',
+                fileListing,
+                '',
+                executionPrompt,
+            ].join('\n');
+        }
         try {
             const response = await this.api.runOperatorWorkflow(executionPrompt, {
                 workspacePath: this.currentProjectPath,
@@ -728,6 +795,7 @@ class ChatCommand {
             });
         }
         this.messages.push({ role: 'user', content: this.buildExecutionPrompt(prompt) });
+        (0, bridge_client_js_1.getBridgeClient)()?.emitPrompt({ prompt, mode: 'chat', model: this.currentModel });
         const spinner = this.jsonOutput ? null : (0, logger_js_1.createSpinner)({ text: 'Thinking...', spinner: 'clock' }).start();
         try {
             const response = await this.api.chat(this.getMessagesForModel(), this.currentModel);
@@ -808,6 +876,7 @@ class ChatCommand {
         this.directToolContinuationCount = 0;
         this.agentToolEvidence = { discovery: 0, mutation: 0, searchFailed: 0 };
         this.tools.clearSessionApprovals();
+        (0, bridge_client_js_1.getBridgeClient)()?.emitPrompt({ prompt, mode: this.operatorMode ? 'operator' : 'agent', model: this.currentModel });
         this.ensureAgentSystemPrompt();
         this.messages.push({ role: 'user', content: this.buildScopedUserPrompt(prompt) });
         this.saveSession();
@@ -822,6 +891,12 @@ class ChatCommand {
                 this.messages.push({ role: 'assistant', content: assistantMessage });
                 const toolCalls = this.extractToolCalls(assistantMessage);
                 const visibleText = this.stripToolPayloads(assistantMessage).trim();
+                (0, bridge_client_js_1.getBridgeClient)()?.emitModelResponse({
+                    model: this.currentModel,
+                    chars: assistantMessage.length,
+                    hasToolCalls: toolCalls.length > 0,
+                    preview: visibleText.slice(0, 300),
+                });
                 if (toolCalls.length === 0) {
                     // Phase 5: Quality gate — if the agent tries to conclude on the first
                     // turn without any discovery, push it to gather evidence first.
@@ -1758,6 +1833,7 @@ class ChatCommand {
             if (!this.jsonOutput) {
                 console.log(chalk_1.default.cyan(`⚙ Executing: ${call.tool}`));
             }
+            (0, bridge_client_js_1.getBridgeClient)()?.emitToolCall({ tool: call.tool, args: call.args });
             let result = await this.tools.execute(call);
             // Phase 2: If a search tool failed (search_failed), retry with alternate approach
             const searchStatus = result.metadata?.searchStatus;
@@ -1779,6 +1855,7 @@ class ChatCommand {
                 console.log(result.success ? chalk_1.default.gray(summary) : chalk_1.default.red(summary));
             }
             this.messages.push({ role: 'system', content: summary });
+            (0, bridge_client_js_1.getBridgeClient)()?.emitToolResult({ tool: call.tool, success: result.success, preview: (result.output || result.error || '').slice(0, 300) });
             // Phase 5: Track tool evidence for quality gates
             const finalStatus = result.metadata?.searchStatus;
             if (finalStatus === 'search_failed') {

package/dist/commands/edit.js

@@ -65,9 +65,16 @@ class EditCommand {
             const response = await this.api.chat([
                 {
                     role: 'system',
-                    content: `You are a code editor. Edit the provided code according to the user's instruction.
-Return ONLY the complete modified code without any explanation or markdown formatting.
-Preserve the original formatting and style unless the instruction specifically asks to change it.`,
+                    content: `You are a precise code editor. Edit the provided code EXACTLY as the user instructs.
+
+MANDATORY RULES:
+1. Return ONLY the complete modified file content. No explanation, no markdown.
+2. Preserve all original formatting, indentation, and style.
+3. Make ONLY the changes the instruction asks for — nothing more, nothing less.
+4. If the instruction says "Replace X with Y", then X must become Y verbatim.
+5. Do NOT add, remove, or rewrite lines the instruction didn't mention.
+6. Do NOT summarize, shorten, paraphrase, or "improve" the requested text.
+7. The instruction text is LITERAL — reproduce it character-for-character.`,
                 },
                 {
                     role: 'user',
@@ -81,7 +88,7 @@ ${file.content}
 
 Instruction: ${instruction}
 
-Return the complete modified code:`,
+Return the complete modified file content:`,
                 },
             ], options.model);
             spinner.stop();

package/dist/commands/generate.d.ts

@@ -18,6 +18,11 @@ export declare class GenerateCommand {
     private fileUtils;
     constructor(config: Config, logger: Logger);
     run(description: string, options: GenerateOptions): Promise<void>;
+    /**
+     * Strip markdown code fences the model may wrap around the output.
+     * The CLI asks for raw code but some models still wrap in ```lang ... ```.
+     */
+    private stripMarkdownFences;
     private highlightCode;
     private highlightLine;
     private saveToFile;

package/dist/commands/generate.js

@@ -81,13 +81,17 @@ class GenerateCommand {
                 code = await this.api.generateCode(description, options.language, options.model);
                 spinner.stop();
             }
-            // Display generated code
-            this.logger.section('Generated Code');
-            console.log(chalk_1.default.gray('─'.repeat(60)));
-            console.log(this.highlightCode(code, options.language));
-            console.log(chalk_1.default.gray('─'.repeat(60)));
-            console.log();
-            // Save options
+            // Strip any markdown fences the model may have wrapped around the code
+            code = this.stripMarkdownFences(code, options.language);
+            // Display generated code (skip display when --output is set to avoid noise)
+            if (!options.output) {
+                this.logger.section('Generated Code');
+                console.log(chalk_1.default.gray('─'.repeat(60)));
+                console.log(this.highlightCode(code, options.language));
+                console.log(chalk_1.default.gray('─'.repeat(60)));
+                console.log();
+            }
+            // Save options — when --output is specified, save directly (non-interactive)
             if (options.output) {
                 await this.saveToFile(options.output, code);
             }
@@ -100,6 +104,25 @@ class GenerateCommand {
             this.logger.error('Generation failed:', error.message);
         }
     }
+    /**
+     * Strip markdown code fences the model may wrap around the output.
+     * The CLI asks for raw code but some models still wrap in ```lang ... ```.
+     */
+    stripMarkdownFences(code, language) {
+        const trimmed = code.trim();
+        // Try language-specific fence first
+        const langFenceRe = new RegExp(`^\`\`\`(?:${language})?\\s*\\n([\\s\\S]*?)\\n?\`\`\`\\s*$`, 'i');
+        const langMatch = trimmed.match(langFenceRe);
+        if (langMatch) {
+            return langMatch[1].trim();
+        }
+        // Try generic fence
+        const genericMatch = trimmed.match(/^```\w*\s*\n([\s\S]*?)\n?```\s*$/);
+        if (genericMatch) {
+            return genericMatch[1].trim();
+        }
+        return code;
+    }
     highlightCode(code, language) {
         // Basic syntax highlighting
         // In production, use a proper library like highlight.js

package/dist/index.js

@@ -98,7 +98,7 @@ function getVersion() {
     catch (e) {
         // Fallback to hardcoded version
     }
-    return '1.6.12';
+    return '1.6.22';
 }
 const VERSION = getVersion();
 /**
@@ -204,6 +204,7 @@ async function main() {
         .option('-w, --workflow <selector>', 'Route prompts through a named or explicit VigFlow workflow target')
         .option('--json', 'Emit machine-readable JSON output for direct prompt runs', false)
         .option('--auto-approve', 'Auto-approve agent actions (dangerous!)', false)
+        .option('--bridge <url>', 'Connect to Vigthoria Commando Bridge for remote admin observability')
         .action(async (options) => {
         const chat = new chat_js_1.ChatCommand(config, logger);
         await chat.run({
@@ -217,6 +218,7 @@ async function main() {
             autoApprove: options.autoApprove,
             resume: options.resume,
             prompt: options.prompt,
+            bridge: options.bridge,
         });
     });
     program
@@ -231,6 +233,7 @@ async function main() {
         .option('-w, --workflow <selector>', 'Route prompts through a named or explicit VigFlow workflow target')
         .option('--json', 'Emit machine-readable JSON output for direct prompt runs', false)
         .option('--auto-approve', 'Auto-approve agent actions (dangerous!)', false)
+        .option('--bridge <url>', 'Connect to Vigthoria Commando Bridge for remote admin observability')
         .action(async (options) => {
         const chat = new chat_js_1.ChatCommand(config, logger);
         await chat.run({
@@ -244,6 +247,7 @@ async function main() {
             autoApprove: options.autoApprove,
             resume: true,
             prompt: options.prompt,
+            bridge: options.bridge,
         });
     });
     // Agent command - Agentic mode (Vigthoria Autonomous)
@@ -259,6 +263,7 @@ async function main() {
         .option('-w, --workflow <selector>', 'Run the prompt through a named or explicit VigFlow workflow target')
         .option('--json', 'Emit machine-readable JSON output for direct prompt runs', false)
         .option('--auto-approve', 'Auto-approve all actions (dangerous!)', false)
+        .option('--bridge <url>', 'Connect to Vigthoria Commando Bridge for remote admin observability')
         .action(async (options) => {
         const chat = new chat_js_1.ChatCommand(config, logger);
         await chat.run({
@@ -272,6 +277,7 @@ async function main() {
             json: options.json,
             autoApprove: options.autoApprove,
             prompt: options.prompt,
+            bridge: options.bridge,
         });
     });
     program
@@ -285,6 +291,7 @@ async function main() {
         .option('-w, --workflow <selector>', 'Run the prompt through a named or explicit VigFlow workflow target')
         .option('--save-plan', 'Save the completed BMAD plan into VigFlow for rerun and audit', false)
         .option('--json', 'Emit machine-readable JSON output for direct prompt runs', false)
+        .option('--bridge <url>', 'Connect to Vigthoria Commando Bridge for remote admin observability')
         .action(async (options) => {
         const chat = new chat_js_1.ChatCommand(config, logger);
         await chat.run({
@@ -298,6 +305,7 @@ async function main() {
             savePlan: options.savePlan,
             json: options.json,
             prompt: options.prompt,
+            bridge: options.bridge,
         });
     });
     program

package/dist/utils/api.d.ts

@@ -348,7 +348,7 @@ export declare class APIClient {
     }>;
     /**
      * Lightweight client-side heuristic scan: catches common code smells
-     * so review never returns "score 30, no issues".
+     * AND logic/arithmetic bugs so review never returns "score 30, no issues".
      */
     private heuristicCodeIssues;
     fixCode(code: string, language: string, fixType: string): Promise<{

package/dist/utils/api.js

@@ -307,13 +307,19 @@ class APIClient {
     }
     getVigFlowBaseUrls() {
         const configuredApiUrl = String(this.config.get('apiUrl') || 'https://coder.vigthoria.io').replace(/\/$/, '');
+        // Put the remote gateway first, since local VigFlow servers are
+        // rarely running for end-user CLI installations. This avoids
+        // wasting connection-attempt time on 127.0.0.1 and hitting the
+        // remote gateway only after the local attempts have already
+        // errored — which surfaces as a confusing "last error" 404 in
+        // some setups.
         const urls = [
             process.env.VIGTHORIA_VIGFLOW_URL,
             process.env.VIGFLOW_URL,
             process.env.WORKFLOW_BUILDER_URL,
+            `${configuredApiUrl}/api/vigflow`,
             'http://127.0.0.1:5060',
             'http://127.0.0.1:5050',
-            `${configuredApiUrl}/api/vigflow`,
         ].filter(Boolean).map((url) => String(url).replace(/\/$/, ''));
         return [...new Set(urls)];
     }
@@ -2324,11 +2330,11 @@ document.addEventListener('DOMContentLoaded', () => {
             return result.message;
         }
         if (Array.isArray(data?.events)) {
-            const completionEvent = [...data.events].reverse().find((event) => event && event.type === 'complete' && typeof event.summary === 'string');
+            const completionEvent = [...data.events].reverse().find((event) => event && event.type === 'complete' && typeof event.summary === 'string' && event.summary.trim());
             if (completionEvent) {
                 return completionEvent.summary;
             }
-            const messageEvent = [...data.events].reverse().find((event) => event && event.type === 'message' && typeof event.content === 'string');
+            const messageEvent = [...data.events].reverse().find((event) => event && event.type === 'message' && typeof event.content === 'string' && event.content.trim());
             if (messageEvent) {
                 return messageEvent.content;
             }
@@ -2750,6 +2756,13 @@ document.addEventListener('DOMContentLoaded', () => {
         throw new Error(errors.join(' | '));
     }
     formatOperatorResponse(data = {}) {
+        // If the server returned a direct answer field, prefer it (for lookup tasks)
+        if (typeof data.answer === 'string' && data.answer.trim()) {
+            return data.answer.trim();
+        }
+        if (typeof data.result === 'string' && data.result.trim()) {
+            return data.result.trim();
+        }
         const lines = [];
         if (data.summary) {
             lines.push(String(data.summary).trim());
@@ -3277,33 +3290,50 @@ document.addEventListener('DOMContentLoaded', () => {
         const response = await this.client.post('/api/ai/review', {
             code,
             language,
-            instructions: 'Return concrete, line-specific issues with severity. Every issue MUST reference a line number. If the score is below 50, you MUST list at least 2 specific issues.',
+            instructions: [
+                'Return concrete, line-specific issues with severity.',
+                'Every issue MUST reference a line number.',
+                'If the score is below 50, you MUST list at least 2 specific issues.',
+                'Prioritize REAL BUGS over style issues:',
+                '- Wrong arithmetic operators (+ instead of -, * instead of /, etc.)',
+                '- Logic errors (function named "add" using subtraction, wrong comparisons)',
+                '- Off-by-one errors, incorrect return values',
+                '- Type mismatches, null/undefined access',
+                'Only report style issues (console.log, naming) AFTER listing all real bugs.',
+            ].join(' '),
         });
         const raw = response.data ?? {};
         const score = typeof raw.score === 'number' ? raw.score : 0;
         const issues = Array.isArray(raw.issues) ? raw.issues : [];
         const suggestions = Array.isArray(raw.suggestions) ? raw.suggestions : [];
+        // Always run client-side heuristics and merge any findings the
+        // server missed.  This ensures arithmetic/logic bugs are surfaced
+        // even when the server only reports style issues like console.log.
+        const heuristic = this.heuristicCodeIssues(code, language);
+        for (const h of heuristic) {
+            // Avoid duplicating issues the server already reported on the same line
+            const isDuplicate = issues.some((existing) => existing.line === h.line && existing.type === h.type);
+            if (!isDuplicate) {
+                issues.push(h);
+            }
+        }
+        // Sort: errors first, then warnings, then info
+        const severityOrder = { error: 0, warning: 1, info: 2 };
+        issues.sort((a, b) => (severityOrder[a.severity] ?? 3) - (severityOrder[b.severity] ?? 3));
         // Prevent contradictory output: low score but zero issues.
-        // Run lightweight client-side heuristics to produce concrete findings.
         if (score < 50 && issues.length === 0) {
-            const heuristic = this.heuristicCodeIssues(code, language);
-            if (heuristic.length > 0) {
-                issues.push(...heuristic);
-            }
-            else {
-                issues.push({
-                    type: 'quality',
-                    line: 1,
-                    message: `The analysis returned a low quality score (${score}/100) but did not enumerate specific issues. Re-run the review or inspect the file manually.`,
-                    severity: 'warning',
-                });
-            }
+            issues.push({
+                type: 'quality',
+                line: 1,
+                message: `The analysis returned a low quality score (${score}/100) but did not enumerate specific issues. Re-run the review or inspect the file manually.`,
+                severity: 'warning',
+            });
         }
         return { score, issues, suggestions };
     }
     /**
      * Lightweight client-side heuristic scan: catches common code smells
-     * so review never returns "score 30, no issues".
+     * AND logic/arithmetic bugs so review never returns "score 30, no issues".
      */
     heuristicCodeIssues(code, language) {
         const issues = [];
@@ -3327,8 +3357,38 @@ document.addEventListener('DOMContentLoaded', () => {
             if (line.length > 200) {
                 issues.push({ type: 'style', line: lineNum, message: `Line exceeds 200 characters (${line.length}).`, severity: 'info' });
             }
-            // Limit to 10 heuristic issues
-            if (issues.length >= 10)
+            // Arithmetic / logic bugs: function named 'add' but using subtraction
+            if (/\breturn\s+\w+\s*-\s*\w+/.test(line)) {
+                // Check if the enclosing function name implies addition
+                for (let j = i; j >= Math.max(0, i - 5); j--) {
+                    if (/function\s+add\b/i.test(lines[j]) || /\badd\s*[=(]/.test(lines[j])) {
+                        issues.push({ type: 'logic', line: lineNum, message: 'Subtraction operator in a function named "add" — likely should be addition (+).', severity: 'error' });
+                        break;
+                    }
+                }
+            }
+            // Multiplication where addition is expected
+            if (/\breturn\s+\w+\s*\*\s*\w+/.test(line)) {
+                for (let j = i; j >= Math.max(0, i - 5); j--) {
+                    if (/function\s+add\b/i.test(lines[j]) || /\badd\s*[=(]/.test(lines[j])) {
+                        issues.push({ type: 'logic', line: lineNum, message: 'Multiplication operator in a function named "add" — likely should be addition (+).', severity: 'error' });
+                        break;
+                    }
+                }
+            }
+            // Division where subtraction/addition is expected in subtract
+            if (/\breturn\s+\w+\s*\+\s*\w+/.test(line)) {
+                for (let j = i; j >= Math.max(0, i - 5); j--) {
+                    if (/function\s+subtract\b/i.test(lines[j]) || /\bsubtract\s*[=(]/.test(lines[j])) {
+                        issues.push({ type: 'logic', line: lineNum, message: 'Addition operator in a function named "subtract" — likely should be subtraction (-).', severity: 'error' });
+                        break;
+                    }
+                }
+            }
+            // Off-by-one: comparing with === where <= or >= may be needed
+            // (not implemented yet — would require more complex AST analysis)
+            // Limit to 15 heuristic issues
+            if (issues.length >= 15)
                 break;
         }
         return issues;

package/dist/utils/bridge-client.d.ts

@@ -0,0 +1,110 @@
+/**
+ * Vigthoria CLI → DevTools Bridge Telemetry Client
+ *
+ * Connects the local CLI to the remote bridge server in "commando" mode,
+ * streaming real-time activity (commands, tool calls, model responses,
+ * file edits, errors) and receiving admin-issued commands.
+ *
+ * Design principles:
+ *  - Fire-and-forget: never blocks the CLI main flow
+ *  - Auto-reconnects with exponential back-off
+ *  - Opt-in via --bridge <url> flag
+ *  - Sensitive data (API keys, tokens) is never transmitted
+ */
+export type TelemetryEventType = 'cli:start' | 'cli:command' | 'cli:prompt' | 'cli:model-response' | 'cli:tool-call' | 'cli:tool-result' | 'cli:file-edit' | 'cli:error' | 'cli:end' | 'cli:mode-change' | 'cli:heartbeat';
+export interface TelemetryEvent {
+    type: TelemetryEventType;
+    payload: Record<string, unknown>;
+    ts: number;
+    clientId: string;
+}
+export interface AdminCommand {
+    type: 'admin:command';
+    action: string;
+    params?: Record<string, unknown>;
+    requestId?: string;
+}
+export interface BridgeClientOptions {
+    bridgeUrl: string;
+    apiKey?: string;
+    machineLabel?: string;
+    onAdminCommand?: (cmd: AdminCommand) => void;
+}
+/** Get the active bridge client (may be null if --bridge was not used). */
+export declare function getBridgeClient(): BridgeClient | null;
+export declare class BridgeClient {
+    private ws;
+    private url;
+    private apiKey;
+    private machineLabel;
+    private clientId;
+    private connected;
+    private reconnectTimer;
+    private heartbeatTimer;
+    private queue;
+    private maxQueueSize;
+    private reconnectDelay;
+    private destroyed;
+    private onAdminCommand?;
+    constructor(opts: BridgeClientOptions);
+    connect(): Promise<void>;
+    destroy(): void;
+    get isConnected(): boolean;
+    /** CLI session started (command, flags, cwd). */
+    emitStart(data: {
+        command: string;
+        flags: Record<string, unknown>;
+        cwd: string;
+    }): void;
+    /** User entered a prompt / message. */
+    emitPrompt(data: {
+        prompt: string;
+        mode: string;
+        model: string;
+    }): void;
+    /** Model response received (summary only, not full content). */
+    emitModelResponse(data: {
+        model: string;
+        chars: number;
+        hasToolCalls: boolean;
+        preview: string;
+    }): void;
+    /** Tool is being called. */
+    emitToolCall(data: {
+        tool: string;
+        args: Record<string, string>;
+    }): void;
+    /** Tool finished executing. */
+    emitToolResult(data: {
+        tool: string;
+        success: boolean;
+        preview: string;
+    }): void;
+    /** File was written or edited. */
+    emitFileEdit(data: {
+        file: string;
+        action: 'write' | 'edit';
+        linesChanged: number;
+    }): void;
+    /** Error occurred. */
+    emitError(data: {
+        message: string;
+        code?: string;
+    }): void;
+    /** Mode changed (agent / operator / chat). */
+    emitModeChange(data: {
+        mode: string;
+        model: string;
+    }): void;
+    /** Session ended. */
+    emitEnd(data: {
+        reason: string;
+    }): void;
+    private emit;
+    private sendRaw;
+    private bufferEvent;
+    private flushQueue;
+    private scheduleReconnect;
+    private startHeartbeat;
+    private stopHeartbeat;
+}

package/dist/utils/bridge-client.js

@@ -0,0 +1,278 @@
+"use strict";
+/**
+ * Vigthoria CLI → DevTools Bridge Telemetry Client
+ *
+ * Connects the local CLI to the remote bridge server in "commando" mode,
+ * streaming real-time activity (commands, tool calls, model responses,
+ * file edits, errors) and receiving admin-issued commands.
+ *
+ * Design principles:
+ *  - Fire-and-forget: never blocks the CLI main flow
+ *  - Auto-reconnects with exponential back-off
+ *  - Opt-in via --bridge <url> flag
+ *  - Sensitive data (API keys, tokens) is never transmitted
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.BridgeClient = void 0;
+exports.getBridgeClient = getBridgeClient;
+const ws_1 = __importDefault(require("ws"));
+const os = __importStar(require("os"));
+// ── Singleton accessor ───────────────────────────────────────────────
+let _instance = null;
+/** Get the active bridge client (may be null if --bridge was not used). */
+function getBridgeClient() {
+    return _instance;
+}
+// ── BridgeClient ─────────────────────────────────────────────────────
+class BridgeClient {
+    ws = null;
+    url;
+    apiKey;
+    machineLabel;
+    clientId;
+    connected = false;
+    reconnectTimer = null;
+    heartbeatTimer = null;
+    queue = []; // buffered events while disconnected
+    maxQueueSize = 500;
+    reconnectDelay = 2000; // ms, doubles on failure up to 30 s
+    destroyed = false;
+    onAdminCommand;
+    constructor(opts) {
+        this.url = opts.bridgeUrl.replace(/\/$/, '');
+        if (!this.url.includes('/ws')) {
+            this.url = this.url.replace(/^http/, 'ws') + '/ws';
+        }
+        this.apiKey = opts.apiKey;
+        this.machineLabel = opts.machineLabel || os.hostname();
+        this.clientId = `cli-${this.machineLabel}-${Date.now().toString(36)}`;
+        this.onAdminCommand = opts.onAdminCommand;
+        _instance = this;
+    }
+    // ── Lifecycle ────────────────────────────────────────────────────
+    async connect() {
+        if (this.destroyed)
+            return;
+        return new Promise((resolve) => {
+            try {
+                this.ws = new ws_1.default(this.url, { handshakeTimeout: 8000 });
+                this.ws.on('open', () => {
+                    this.connected = true;
+                    this.reconnectDelay = 2000;
+                    // Authenticate as CLI commando client
+                    this.sendRaw({
+                        type: 'auth',
+                        payload: {
+                            source: 'cli-commando',
+                            clientId: this.clientId,
+                            machineLabel: this.machineLabel,
+                            hostname: os.hostname(),
+                            platform: os.platform(),
+                            arch: os.arch(),
+                            nodeVersion: process.version,
+                            auth: this.apiKey ? { apiKey: this.apiKey } : undefined,
+                        },
+                    });
+                    // Flush buffered events
+                    this.flushQueue();
+                    this.startHeartbeat();
+                    resolve();
+                });
+                this.ws.on('message', (raw) => {
+                    try {
+                        const msg = JSON.parse(raw.toString());
+                        if (msg.type === 'admin:command' && this.onAdminCommand) {
+                            this.onAdminCommand(msg);
+                        }
+                    }
+                    catch {
+                        // ignore unparseable messages
+                    }
+                });
+                this.ws.on('close', () => {
+                    this.connected = false;
+                    this.stopHeartbeat();
+                    this.scheduleReconnect();
+                });
+                this.ws.on('error', () => {
+                    this.connected = false;
+                    this.stopHeartbeat();
+                    this.scheduleReconnect();
+                    resolve(); // resolve even on failure – must never block CLI
+                });
+            }
+            catch {
+                resolve(); // swallow – bridge is optional
+            }
+        });
+    }
+    destroy() {
+        this.destroyed = true;
+        this.stopHeartbeat();
+        if (this.reconnectTimer)
+            clearTimeout(this.reconnectTimer);
+        if (this.ws) {
+            try {
+                this.ws.close();
+            }
+            catch { /* ignore */ }
+        }
+        this.ws = null;
+        this.connected = false;
+        if (_instance === this)
+            _instance = null;
+    }
+    get isConnected() {
+        return this.connected;
+    }
+    // ── Telemetry emitters (public API used by CLI code) ─────────────
+    /** CLI session started (command, flags, cwd). */
+    emitStart(data) {
+        this.emit('cli:start', data);
+    }
+    /** User entered a prompt / message. */
+    emitPrompt(data) {
+        this.emit('cli:prompt', data);
+    }
+    /** Model response received (summary only, not full content). */
+    emitModelResponse(data) {
+        this.emit('cli:model-response', data);
+    }
+    /** Tool is being called. */
+    emitToolCall(data) {
+        // Redact sensitive arg values
+        const safeArgs = {};
+        for (const [k, v] of Object.entries(data.args)) {
+            if (/key|token|password|secret|auth/i.test(k)) {
+                safeArgs[k] = '***';
+            }
+            else if (typeof v === 'string' && v.length > 2000) {
+                safeArgs[k] = v.slice(0, 200) + `...[${v.length} chars]`;
+            }
+            else {
+                safeArgs[k] = v;
+            }
+        }
+        this.emit('cli:tool-call', { tool: data.tool, args: safeArgs });
+    }
+    /** Tool finished executing. */
+    emitToolResult(data) {
+        this.emit('cli:tool-result', data);
+    }
+    /** File was written or edited. */
+    emitFileEdit(data) {
+        this.emit('cli:file-edit', data);
+    }
+    /** Error occurred. */
+    emitError(data) {
+        this.emit('cli:error', data);
+    }
+    /** Mode changed (agent / operator / chat). */
+    emitModeChange(data) {
+        this.emit('cli:mode-change', data);
+    }
+    /** Session ended. */
+    emitEnd(data) {
+        this.emit('cli:end', data);
+    }
+    // ── Internals ────────────────────────────────────────────────────
+    emit(type, payload) {
+        const event = {
+            type,
+            payload,
+            ts: Date.now(),
+            clientId: this.clientId,
+        };
+        const json = JSON.stringify(event);
+        if (this.connected && this.ws?.readyState === ws_1.default.OPEN) {
+            try {
+                this.ws.send(json);
+            }
+            catch {
+                this.bufferEvent(json);
+            }
+        }
+        else {
+            this.bufferEvent(json);
+        }
+    }
+    sendRaw(obj) {
+        if (this.ws?.readyState === ws_1.default.OPEN) {
+            this.ws.send(JSON.stringify(obj));
+        }
+    }
+    bufferEvent(json) {
+        if (this.queue.length >= this.maxQueueSize) {
+            this.queue.shift(); // drop oldest
+        }
+        this.queue.push(json);
+    }
+    flushQueue() {
+        while (this.queue.length > 0 && this.ws?.readyState === ws_1.default.OPEN) {
+            const msg = this.queue.shift();
+            try {
+                this.ws.send(msg);
+            }
+            catch {
+                break;
+            }
+        }
+    }
+    scheduleReconnect() {
+        if (this.destroyed || this.reconnectTimer)
+            return;
+        this.reconnectTimer = setTimeout(() => {
+            this.reconnectTimer = null;
+            this.connect();
+        }, this.reconnectDelay);
+        this.reconnectDelay = Math.min(this.reconnectDelay * 2, 30000);
+    }
+    startHeartbeat() {
+        this.heartbeatTimer = setInterval(() => {
+            this.emit('cli:heartbeat', { uptime: process.uptime() });
+        }, 30000);
+    }
+    stopHeartbeat() {
+        if (this.heartbeatTimer) {
+            clearInterval(this.heartbeatTimer);
+            this.heartbeatTimer = null;
+        }
+    }
+}
+exports.BridgeClient = BridgeClient;

package/dist/utils/tools.js

@@ -356,6 +356,10 @@ class AgenticTools {
      * Execute a tool call with enhanced error handling and retry logic
      */
     async execute(call) {
+        // Guard against malformed tool calls with undefined or empty tool names
+        if (!call.tool || typeof call.tool !== 'string' || !call.tool.trim()) {
+            return this.createErrorResult(ToolErrorType.INVALID_ARGS, `Invalid tool call: tool name is ${call.tool === undefined ? 'undefined' : 'empty'}`, `Provide a valid tool name. Available tools: ${AgenticTools.getToolDefinitions().map(t => t.name).join(', ')}`);
+        }
         const normalizedCall = this.normalizeToolCall(call);
         const tool = AgenticTools.getToolDefinitions().find(t => t.name === normalizedCall.tool);
         if (!tool) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "vigthoria-cli",
-  "version": "1.6.21",
+  "version": "1.6.22",
   "description": "Vigthoria Coder CLI - AI-powered terminal coding assistant",
   "main": "dist/index.js",
   "files": [
@@ -21,6 +21,7 @@
     "dev": "ts-node src/index.ts",
     "test": "npm run test:cli",
     "test:cli": "npm run build && node scripts/test-cli-suite.js",
+    "test:regression": "npm run build && node scripts/test-regression-1.6.22.js",
     "test:agent:smoke": "npm run build && node scripts/test-agent-smoke.js",
     "test:agent:routing": "npm run build && node scripts/test-agent-routing-policy.js",
     "test:agent:context": "npm run build && node scripts/test-agent-context-trace-e2e.js",