chore: v2.0.4

- 禁用 HISTORY_SNIP feature flag 并新增 proactiveTruncate 防止无 compact_boundary 时内存无限增长
- 跳过未启用 telemetry 时的 OTel 初始化，防止长会话 PerformanceMeasure 堆积
- OTel 导出遇 401/403 自动关闭 reader，防止 handle 泄漏
- Vite 构建启用 minify

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

.claude/skills/teach-me/SKILL.md

@@ -41,7 +41,8 @@ All teach-me data is stored under `.claude/skills/teach-me/records/`:
 .claude/skills/teach-me/records/
 ├── learner-profile.md     # Cross-topic notes (created on first session)
 └── {topic-slug}/
-    └── session.md         # Learning state: concepts, status, notes
+    ├── session.md         # Learning state: concepts, status, notes
+    └── {topic-slug}-notes.md  # Learner-facing summary notes (generated at session end)
 ```
 
 **Slug**: Topic in kebab-case, 2-5 words. Example: "Python decorators" → `python-decorators`
@@ -275,7 +276,8 @@ Update `session.md` after each round:
 When all concepts mastered or user ends session:
 
 1. Update `session.md` with final state.
-2. Update `.claude/skills/teach-me/records/learner-profile.md` (keep under 30 lines):
+2. **Generate learner-facing notes** — write `{topic-slug}-notes.md` in the topic directory. This is a standalone reference document the learner can review later. See "Notes Generation" below for format.
+3. Update `.claude/skills/teach-me/records/learner-profile.md` (keep under 30 lines):
 
 ```markdown
 # Learner Profile
@@ -293,7 +295,48 @@ Updated: {timestamp}
 - Python decorators (8/10 concepts, 2025-01-15)
 ```
 
-3. Give a brief text summary of what was covered, key insights, and areas for further study.
+4. Give a brief text summary of what was covered, key insights, and areas for further study.
+
+## Notes Generation
+
+At session end, generate a learner-facing notes file at `{topic-slug}/{topic-slug}-notes.md`. This file is **written for the learner to review later**, not for the tutor. It should be self-contained and organized as a quick-reference.
+
+### Notes Structure
+
+```markdown
+# {Topic} 核心笔记
+
+## 1. {Section Name}
+{Key concept, mechanism, or principle}
+* **One-line summary**: {what it does / why it matters}
+* **Detail**: {brief explanation, 2-4 sentences max}
+* **Example** (if applicable): {code snippet, command, or concrete scenario}
+
+---
+
+## 2. {Section Name}
+...
+
+---
+
+## n. 实战参数 / Cheat Sheet (if applicable)
+{Practical commands, config, or quick-reference table}
+
+| Parameter / Concept | What it does | Tuning tip |
+|---------------------|-------------|------------|
+| ... | ... | ... |
+```
+
+### Notes Writing Rules
+
+1. **Start with "what & why"** before "how". Each section should answer: what is this, why does it exist, what problem does it solve.
+2. **Use analogies sparingly but effectively**. Only include an analogy if it clarifies a non-obvious mechanism (e.g., "PagedAttention is like OS virtual memory paging").
+3. **Include trade-offs**. Every optimization or design choice has a cost. Always state it (e.g., "TP improves throughput but increases communication latency").
+4. **Code / command examples should be minimal**. Under 10 lines, self-contained, with comments explaining the key flags.
+5. **Organize by concept dependency**, not by chronological teaching order. Foundation concepts first, advanced ones last.
+6. **No quiz questions, no misconceptions, no tutor-side notes**. This is a clean reference document.
+7. **Language matches the session**. If the session was in Chinese, notes are in Chinese (technical terms can stay in English).
+8. **Keep it under 150 lines**. If it gets too long, the learner won't review it. Be ruthless about cutting fluff.
 
 ## Resuming Sessions
 

.editorconfig

@@ -1,8 +1,8 @@
 root = true
 
 [*]
-indent_style = tab
-indent_size = 4
+indent_style = space
+indent_size = 2
 end_of_line = lf
 charset = utf-8
 trim_trailing_whitespace = true

.github/workflows/ci.yml

@@ -6,32 +6,51 @@ on:
   pull_request:
     branches: [main]
 
+permissions:
+  contents: read
+
 jobs:
   ci:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2, 2026-04-25
+        env:
+          GIT_CONFIG_COUNT: 2
+          GIT_CONFIG_KEY_0: init.defaultBranch
+          GIT_CONFIG_VALUE_0: main
+          GIT_CONFIG_KEY_1: advice.defaultBranchName
+          GIT_CONFIG_VALUE_1: "false"
 
-      - uses: oven-sh/setup-bun@v2
+      - uses: oven-sh/setup-bun@0c5077e51419868618aeaa5fe8019c62421857d6 # v2, 2026-04-25
         with:
           bun-version: latest
 
       - name: Install dependencies
+        env:
+          CLAUDE_CODE_SKIP_CHROME_MCP_SETUP: "1"
         run: bun install --frozen-lockfile
 
+      - name: Lint and format check
+        run: bunx biome ci .
+
       - name: Type check
         run: bun run typecheck
 
       - name: Test with Coverage
         run: |
           set -o pipefail
-          bun test --coverage --coverage-reporter=lcov 2>&1 | grep -vE '^\s*(\(pass\)|\(skip\))' | sed '/^.*\/__tests__\/.*:$/d' | cat -s
+          bun test --coverage --coverage-reporter lcov --coverage-dir coverage 2>&1 | grep -vE '^\s*(\(pass\)|\(skip\))' | sed '/^.*\/__tests__\/.*:$/d' | cat -s
+          test -s coverage/lcov.info
+          grep -q '^SF:' coverage/lcov.info
 
       - name: Upload coverage to Codecov
-        uses: codecov/codecov-action@v5
+        if: ${{ github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository }}
+        uses: codecov/codecov-action@75cd11691c0faa626561e295848008c8a7dddffe # v5, 2026-04-25
         with:
-          file: ./coverage/lcov.info
+          fail_ci_if_error: true
+          files: ./coverage/lcov.info
+          disable_search: true
           token: ${{ secrets.CODECOV_TOKEN }}
 
       - name: Build

.github/workflows/publish-npm.yml

@@ -20,17 +20,17 @@ jobs:
   publish:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2, 2026-04-25
         with:
           ref: ${{ github.event.inputs.version || github.ref }}
 
-      - uses: actions/setup-node@v6
+      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6, 2026-04-25
         with:
           node-version: "24"
           registry-url: "https://registry.npmjs.org"
 
       - name: Setup Bun
-        uses: oven-sh/setup-bun@v2
+        uses: oven-sh/setup-bun@0c5077e51419868618aeaa5fe8019c62421857d6 # v2, 2026-04-25
         with:
           bun-version: latest
 
@@ -66,7 +66,7 @@ jobs:
           } >> "$GITHUB_OUTPUT"
 
       - name: Create GitHub Release
-        uses: softprops/action-gh-release@v2
+        uses: softprops/action-gh-release@3bb12739c298aeb8a4eeaf626c5b8d85266b0e65 # v2, 2026-04-25
         with:
           name: ${{ github.event.inputs.version || github.ref_name }}
           body: |

.github/workflows/release-rcs.yml

@@ -17,17 +17,17 @@ jobs:
       packages: write
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2, 2026-04-25
 
       - name: Login to GHCR
-        uses: docker/login-action@v3
+        uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3, 2026-04-25
         with:
           registry: ${{ env.REGISTRY }}
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
+        uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3, 2026-04-25
 
       - name: Extract version
         id: version
@@ -47,7 +47,7 @@ jobs:
           echo "tags=$TAGS" >> "$GITHUB_OUTPUT"
 
       - name: Build Docker image
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25 # v5, 2026-04-25
         with:
           context: .
           file: packages/remote-control-server/Dockerfile

.github/workflows/update-contributors.yml

@@ -11,17 +11,17 @@ jobs:
   update:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2, 2026-04-25
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
 
-      - uses: jaywcjlove/github-action-contributors@main
+      - uses: jaywcjlove/github-action-contributors@86707f6d4c2469ce6b46bc3367253ebd41ee242c # main, 2026-04-25
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
           output: "contributors.svg"
           repository: ${{ github.repository }}
 
-      - uses: stefanzweifel/git-auto-commit-action@v5
+      - uses: stefanzweifel/git-auto-commit-action@b863ae1933cb653a53c021fe36dbb774e1fb9403 # v5, 2026-04-25
         with:
           commit_message: "docs: update contributors"
           file_pattern: "contributors.svg"

.gitignore

@@ -5,7 +5,8 @@ coverage
 .env
 *.log
 .idea
-.vscode
+.vscode/*
+!.vscode/extensions.json
 *.suo
 *.lock
 src/utils/vendor/
@@ -43,3 +44,5 @@ data
 .codex/skills/.system/**
 !.codex/prompts/
 !.codex/prompts/**
+teach-me
+credentials.json

.husky/pre-commit

@@ -0,0 +1 @@
+bunx lint-staged

.tool-versions

@@ -0,0 +1 @@
+bun 1.3.13

.vscode/extensions.json

@@ -0,0 +1,8 @@
+{
+  "recommendations": [
+    "biomejs.biome",
+    "ms-typescript.typescript",
+    "oven.bun-vscode",
+    "editorconfig.editorconfig"
+  ]
+}

AGENTS.md

@@ -1,10 +1,10 @@
-# AGENTS.md
+# CLAUDE.md
 
-This file provides guidance to Codex (Codex.ai/code) when working with code in this repository.
+This file provides guidance to Claude Code (claude.ai/code) and other AI coding agents when working with code in this repository.
 
 ## Project Overview
 
-This is a **reverse-engineered / decompiled** version of Anthropic's official Codex CLI tool. The goal is to restore core functionality while trimming secondary capabilities. Many modules are stubbed or feature-flagged off. TypeScript strict mode is enforced — **`bunx tsc --noEmit` must pass with zero errors**.
+This is a **reverse-engineered / decompiled** version of Anthropic's official Claude Code CLI tool. The goal is to restore core functionality while trimming secondary capabilities. Many modules are stubbed or feature-flagged off. TypeScript strict mode is enforced — **`bunx tsc --noEmit` must pass with zero errors**.
 
 ## Git Commit Message Convention
 
@@ -39,10 +39,13 @@ echo "say hello" | bun run src/entrypoints/cli.tsx -p
 # Build (code splitting, outputs dist/cli.js + chunk files)
 bun run build
 
+# Build with Vite (alternative build pipeline)
+bun run build:vite
+
 # Test
-bun test                  # run all tests (2453 tests / 137 files / 0 fail)
+bun test                                    # run all tests
 bun test src/utils/__tests__/hash.test.ts   # run single file
-bun test --coverage       # with coverage report
+bun test --coverage                         # with coverage report
 
 # Lint & Format (Biome)
 bun run lint              # check only
@@ -55,6 +58,10 @@ bun run health
 # Check unused exports
 bun run check:unused
 
+# Full check (typecheck + lint + test) — run after completing any task
+bun run test:all
+bun run typecheck
+
 # Remote Control Server
 bun run rcs
 
@@ -72,17 +79,17 @@ bun run docs:dev
 - **Build**: `build.ts` 执行 `Bun.build()` with `splitting: true`，入口 `src/entrypoints/cli.tsx`，输出 `dist/cli.js` + chunk files。Build 默认启用 19 个 feature（见下方 Feature Flag 段）。构建后自动替换 `import.meta.require` 为 Node.js 兼容版本（产物 bun/node 都可运行）。
 - **Dev mode**: `scripts/dev.ts` 通过 Bun `-d` flag 注入 `MACRO.*` defines，运行 `src/entrypoints/cli.tsx`。默认启用全部 feature。
 - **Module system**: ESM (`"type": "module"`), TSX with `react-jsx` transform.
-- **Monorepo**: Bun workspaces — 14 个 internal packages in `packages/` resolved via `workspace:*`。
+- **Monorepo**: Bun workspaces — 15 个 workspace packages + 若干辅助目录 in `packages/` resolved via `workspace:*`。
 - **Lint/Format**: Biome (`biome.json`)。`bun run lint` / `bun run lint:fix` / `bun run format`。
 - **Defines**: 集中管理在 `scripts/defines.ts`。当前版本 `2.1.888`。
 - **CI**: GitHub Actions — `ci.yml`（构建+测试）、`release-rcs.yml`（RCS 发布）、`update-contributors.yml`（自动更新贡献者）。
 
 ### Entry & Bootstrap
 
-1. **`src/entrypoints/cli.tsx`** (323 行) — True entrypoint。`main()` 函数按优先级处理多条快速路径：
+1. **`src/entrypoints/cli.tsx`** — True entrypoint。`main()` 函数按优先级处理多条快速路径：
    - `--version` / `-v` — 零模块加载
    - `--dump-system-prompt` — feature-gated (DUMP_SYSTEM_PROMPT)
-   - `--Codex-in-chrome-mcp` / `--chrome-native-host`
+   - `--claude-in-chrome-mcp` / `--chrome-native-host`
    - `--computer-use-mcp` — 独立 MCP server 模式
    - `--daemon-worker=<kind>` — feature-gated (DAEMON)
    - `remote-control` / `rc` / `remote` / `sync` / `bridge` — feature-gated (BRIDGE_MODE)
@@ -92,26 +99,26 @@ bun run docs:dev
    - `environment-runner` / `self-hosted-runner` — BYOC runner
    - `--tmux` + `--worktree` 组合
    - 默认路径：加载 `main.tsx` 启动完整 CLI
-2. **`src/main.tsx`** (~6970 行) — Commander.js CLI definition。注册大量 subcommands：`mcp` (serve/add/remove/list...)、`server`、`ssh`、`open`、`auth`、`plugin`、`agents`、`auto-mode`、`doctor`、`update` 等。主 `.action()` 处理器负责权限、MCP、会话恢复、REPL/Headless 模式分发。
+2. **`src/main.tsx`** (~6981 行) — Commander.js CLI definition。注册大量 subcommands：`mcp` (serve/add/remove/list...)、`server`、`ssh`、`open`、`auth`、`plugin`、`agents`、`auto-mode`、`doctor`、`update` 等。主 `.action()` 处理器负责权限、MCP、会话恢复、REPL/Headless 模式分发。
 3. **`src/entrypoints/init.ts`** — One-time initialization (telemetry, config, trust dialog)。
 
 ### Core Loop
 
-- **`src/query.ts`** — The main API query function. Sends messages to Codex API, handles streaming responses, processes tool calls, and manages the conversation turn loop.
+- **`src/query.ts`** — The main API query function. Sends messages to Claude API, handles streaming responses, processes tool calls, and manages the conversation turn loop.
 - **`src/QueryEngine.ts`** — Higher-level orchestrator wrapping `query()`. Manages conversation state, compaction, file history snapshots, attribution, and turn-level bookkeeping. Used by the REPL screen.
 - **`src/screens/REPL.tsx`** — The interactive REPL screen (React/Ink component). Handles user input, message display, tool permission prompts, and keyboard shortcuts.
 
 ### API Layer
 
-- **`src/services/api/Codex.ts`** — Core API client. Builds request params (system prompt, messages, tools, betas), calls the Anthropic SDK streaming endpoint, and processes `BetaRawMessageStreamEvent` events.
+- **`src/services/api/claude.ts`** — Core API client. Builds request params (system prompt, messages, tools, betas), calls the Anthropic SDK streaming endpoint, and processes `BetaRawMessageStreamEvent` events.
 - **7 providers**: `firstParty` (Anthropic direct), `bedrock` (AWS), `vertex` (Google Cloud), `foundry`, `openai`, `gemini`, `grok` (xAI)。
 - Provider selection in `src/utils/model/providers.ts`。优先级：modelType 参数 > 环境变量 > 默认 firstParty。
 
 ### Tool System
 
 - **`src/Tool.ts`** — Tool interface definition (`Tool` type) and utilities (`findToolByName`, `toolMatchesName`).
-- **`src/tools.ts`** (387 行) — Tool registry. Assembles the tool list; some tools are conditionally loaded via `feature()` flags or `process.env.USER_TYPE`.
-- **`src/tools/<ToolName>/`** — 55 个 tool 目录。主要分类：
+- **`src/tools.ts`** — Tool registry. Assembles the tool list; tools are imported from `@claude-code-best/builtin-tools` package. Some tools are conditionally loaded via `feature()` flags or `process.env.USER_TYPE`.
+- **`packages/builtin-tools/src/tools/`** — 59 个子目录（含 shared/testing 等工具目录），通过 `@claude-code-best/builtin-tools` 包导出。主要分类：
   - **文件操作**: FileEditTool, FileReadTool, FileWriteTool, GlobTool, GrepTool
   - **Shell/执行**: BashTool, PowerShellTool, REPLTool
   - **Agent 系统**: AgentTool, TaskCreateTool, TaskUpdateTool, TaskListTool, TaskGetTool
@@ -119,7 +126,7 @@ bun run docs:dev
   - **Web/MCP**: WebFetchTool, WebSearchTool, MCPTool, McpAuthTool
   - **调度**: CronCreateTool, CronDeleteTool, CronListTool
   - **其他**: LSPTool, ConfigTool, SkillTool, EnterWorktreeTool, ExitWorktreeTool 等
-- **`src/tools/shared/`** — Tool 共享工具函数。
+- **`src/tools/shared/`** / **`packages/builtin-tools/src/tools/shared/`** — Tool 共享工具函数。
 
 ### UI Layer (Ink)
 
@@ -149,31 +156,46 @@ bun run docs:dev
 | `packages/@ant/computer-use-mcp/` | Computer Use MCP server（截图/键鼠/剪贴板/应用管理） |
 | `packages/@ant/computer-use-input/` | 键鼠模拟（dispatcher + darwin/win32/linux backend） |
 | `packages/@ant/computer-use-swift/` | 截图 + 应用管理（dispatcher + per-platform backend） |
-| `packages/@ant/Codex-for-chrome-mcp/` | Chrome 浏览器控制（通过 `--chrome` 启用） |
-| `packages/remote-control-server/` | 自托管 Remote Control Server（Docker 部署，含 Web UI） |
-| `packages/swarm/` | Swarm 解耦模块 |
-| `packages/shell/` | Shell 抽象 |
+| `packages/@ant/claude-for-chrome-mcp/` | Chrome 浏览器控制（通过 `--chrome` 启用） |
+| `packages/@ant/model-provider/` | Model provider 抽象层 |
+| `packages/builtin-tools/` | 内置工具集（60 个 tool 实现，通过 `@claude-code-best/builtin-tools` 导出） |
+| `packages/agent-tools/` | Agent 工具集 |
+| `packages/acp-link/` | ACP 代理服务器（WebSocket → ACP agent 桥接） |
+| `packages/cc-knowledge/` | Claude Code 知识库（非 workspace 包） |
+| `packages/langfuse-dashboard/` | Langfuse 可观测性面板（非 workspace 包） |
+| `packages/mcp-client/` | MCP 客户端库 |
+| `packages/mcp-server/` | MCP 服务端库（非 workspace 包） |
+| `packages/remote-control-server/` | 自托管 Remote Control Server（Docker 部署，含 Web UI）— Web UI 已重构为 React + Vite + Radix UI，支持 ACP agent 接入 |
+| `packages/swarm/` | Swarm 解耦模块（非 workspace 包） |
+| `packages/shell/` | Shell 抽象（非 workspace 包） |
 | `packages/audio-capture-napi/` | 原生音频捕获（已恢复） |
 | `packages/color-diff-napi/` | 颜色差异计算（完整实现，11 tests） |
 | `packages/image-processor-napi/` | 图像处理（已恢复） |
-| `packages/modifiers-napi/` | 键盘修饰键检测（stub） |
-| `packages/url-handler-napi/` | URL scheme 处理（stub） |
+| `packages/modifiers-napi/` | 键盘修饰键检测（macOS FFI 实现） |
+| `packages/url-handler-napi/` | URL scheme 处理（环境变量 + CLI 参数读取） |
 
 ### Bridge / Remote Control
 
-- **`src/bridge/`** (~37 files) — Remote Control / Bridge 模式。feature-gated by `BRIDGE_MODE`。包含 bridge API、会话管理、JWT 认证、消息传输、权限回调等。Entry: `bridgeMain.ts`。
-- **`packages/remote-control-server/`** — 自托管 RCS，支持 Docker 部署，含 Web UI 控制面板。通过 `bun run rcs` 启动。
-- CLI 快速路径: `Codex remote-control` / `Codex rc` / `Codex bridge`。
+- **`src/bridge/`** — Remote Control / Bridge 模式。feature-gated by `BRIDGE_MODE`。包含 bridge API、会话管理、JWT 认证、消息传输、权限回调等。Entry: `bridgeMain.ts`。
+- **`packages/remote-control-server/`** — 自托管 RCS，支持 Docker 部署，含 Web UI 控制面板（React 19 + Vite + Radix UI）。支持 ACP agent 通过 acp-link 接入（ACP WebSocket handler、relay handler、SSE event stream）。通过 `bun run rcs` 启动。
+- CLI 快速路径: `claude remote-control` / `claude rc` / `claude bridge`。
 - 详见 `docs/features/remote-control-self-hosting.md`。
 
+### ACP Protocol (Agent Client Protocol)
+
+- **`src/services/acp/`** — ACP agent 实现，包含 `agent.ts`（AcpAgent 类）、`bridge.ts`（Claude Code ↔ ACP 桥接）、`permissions.ts`（权限处理）、`entry.ts`（入口）。
+- **`packages/acp-link/`** — ACP 代理服务器，将 WebSocket 客户端桥接到 ACP agent。提供 `acp-link` CLI 命令，支持自定义端口/HTTPS/认证/会话管理、RCS 集成（REST 注册 + WS identify 两步流程）、权限模式透传（fallback: 客户端传值 > config > `ACP_PERMISSION_MODE` 环境变量）。
+- ACP 权限管道改进：`createAcpCanUseTool` 统一权限流水线，`applySessionMode` 模式同步，`bypassPermissions` 可用性检测（非 root/sandbox 环境）。
+- ACP Plan 可视化已支持 `session/update plan` 类型的消息展示（PlanView 组件，含进度条/状态图标/优先级标签）。
+
 ### Daemon Mode
 
 - **`src/daemon/`** — Daemon 模式（长驻 supervisor）。feature-gated by `DAEMON`。包含 `main.ts`（entry）和 `workerRegistry.ts`（worker 管理）。
 
 ### Context & System Prompt
 
-- **`src/context.ts`** — Builds system/user context for the API call (git status, date, AGENTS.md contents, memory files).
-- **`src/utils/claudemd.ts`** — Discovers and loads AGENTS.md files from project hierarchy.
+- **`src/context.ts`** — Builds system/user context for the API call (git status, date, CLAUDE.md contents, memory files).
+- **`src/utils/claudemd.ts`** — Discovers and loads CLAUDE.md files from project hierarchy.
 
 ### Feature Flag System
 
@@ -196,7 +218,7 @@ Feature flags control which functionality is enabled at runtime. 代码中统一
 
 ### Multi-API 兼容层
 
-所有兼容层均采用流适配器模式：将第三方 API 格式转为 Anthropic 内部格式，下游代码完全不改。
+所有兼容层均采用流适配器模式：将第三方 API 格式转为 Anthropic 内部格式，下游代码完全不改。通过 `/login` 命令配置。
 
 #### OpenAI 兼容层
 
@@ -221,18 +243,24 @@ Feature flags control which functionality is enabled at runtime. 代码中统一
 
 详见各兼容层的 docs 文档。
 
+### 穷鬼模式（Budget Mode）
+
+- 通过 `/poor` 命令切换，持久化到 `settings.json`。
+- 启用后跳过 `extract_memories`、`prompt_suggestion` 和 `verification_agent`，显著减少 token 消耗。
+- 实现在 `src/commands/poor/poorMode.ts`。
+
 ### Stubbed/Deleted Modules
 
 | Module | Status |
 |--------|--------|
 | Computer Use (`@ant/*`) | Restored — macOS + Windows + Linux（后端完整度不一） |
-| `*-napi` packages | `audio-capture-napi`、`image-processor-napi` 已恢复；`color-diff-napi` 完整；`modifiers-napi`、`url-handler-napi` 仍为 stub |
+| `*-napi` packages | 全部已恢复/实现：`audio-capture-napi`、`image-processor-napi` 已恢复；`color-diff-napi` 完整；`modifiers-napi`（macOS FFI）；`url-handler-napi`（环境变量+CLI） |
 | Voice Mode | Restored — Push-to-Talk 语音输入（需 Anthropic OAuth） |
 | OpenAI/Gemini/Grok 兼容层 | Restored |
 | Remote Control Server | Restored — 自托管 RCS + Web UI |
 | Analytics / GrowthBook / Sentry | Empty implementations |
-| Magic Docs / LSP Server | Removed |
-| Plugins / Marketplace | Removed |
+| Magic Docs / LSP Server | Restored — Magic Docs 自动更新 + LSP 服务器管理器 |
+| Plugins / Marketplace | Restored — 插件安装/卸载/启用/禁用 + Marketplace 浏览 |
 | MCP OAuth | Simplified |
 
 ### Key Type Files
@@ -245,20 +273,40 @@ Feature flags control which functionality is enabled at runtime. 代码中统一
 ## Testing
 
 - **框架**: `bun:test`（内置断言 + mock）
-- **当前状态**: 2472 tests / 138 files / 0 fail
 - **单元测试**: 就近放置于 `src/**/__tests__/`，文件名 `<module>.test.ts`
 - **集成测试**: `tests/integration/` — 4 个文件（cli-arguments, context-build, message-pipeline, tool-chain）
 - **共享 mock/fixture**: `tests/mocks/`（api-responses, file-system, fixtures/）
 - **命名**: `describe("functionName")` + `test("behavior description")`，英文
-- **Mock 模式**: 对重依赖模块使用 `mock.module()` + `await import()` 解锁（必须内联在测试文件中，不能从共享 helper 导入）
 - **包测试**: `packages/` 下各包也有独立测试（如 `color-diff-napi` 11 tests）
 
+### Mock 使用规范
+
+**只 mock 有副作用的依赖链，不 mock 纯函数/纯数据模块。**
+
+被迫 mock 的根源：`log.ts` / `debug.ts` → `bootstrap/state.ts`（模块级 `realpathSync` / `randomUUID` 副作用）。必须 mock 的模块：`log.ts`、`debug.ts`、`bun:bundle`、`settings/settings.js`、`config.ts`、`auth.ts`、第三方网络库。
+
+**`log.ts` 和 `debug.ts` 使用共享 mock**（`tests/mocks/log.ts` / `tests/mocks/debug.ts`），不要在测试文件中内联 mock 定义。使用方式：
+
+```ts
+import { logMock } from "../../../tests/mocks/log";
+mock.module("src/utils/log.ts", logMock);
+
+import { debugMock } from "../../../../tests/mocks/debug";
+mock.module("src/utils/debug.ts", debugMock);
+```
+
+源文件导出变更时只需更新 `tests/mocks/` 下的对应文件，不需要逐个修改测试。
+
+不要 mock：纯函数模块（`errors.ts`、`stringUtils.js`）、mock 值与真实实现相同的模块、mock 路径与实际 import 不匹配的模块。
+
+路径规则：统一用 `.ts` 扩展名 + `src/*` 别名路径，禁止双重 mock 同一模块。
+
 ### 类型检查
 
 项目使用 TypeScript strict 模式，**tsc 必须零错误**。每次修改后运行：
 
 ```bash
-bunx tsc --noEmit
+bun run typecheck
 ```
 
 **类型规范**：
@@ -271,7 +319,7 @@ bunx tsc --noEmit
 
 ## Working with This Codebase
 
-- **tsc must pass** — `bunx tsc --noEmit` 必须零错误，任何修改都不能引入新的类型错误。
+- **tsc must pass** — `bun run typecheck` 必须零错误，任何修改都不能引入新的类型错误。
 - **Feature flags** — 默认全部关闭（`feature()` 返回 `false`）。Dev/build 各有自己的默认启用列表。不要在 `cli.tsx` 中重定义 `feature` 函数。
 - **React Compiler output** — Components have decompiled memoization boilerplate (`const $ = _c(N)`). This is normal.
 - **`bun:bundle` import** — `import { feature } from 'bun:bundle'` 是 Bun 内置模块，由运行时/构建器解析。不要用自定义函数替代它。**`feature()` 只能直接用在 `if` 语句或三元表达式的条件位置**（Bun 编译器限制），不能赋值给变量、不能放在箭头函数体里、不能作为 `&&` 链的一部分。正确：`if (feature('X')) {}` 或 `feature('X') ? a : b`。
@@ -281,3 +329,29 @@ bunx tsc --noEmit
 - **Biome 配置** — 大量 lint 规则被关闭（decompiled 代码不适合严格 lint）。`.tsx` 文件用 120 行宽 + 强制分号；其他文件 80 行宽 + 按需分号。
 - **Ink 框架在 `packages/@ant/ink/`** — 不是 `src/ink/`（该目录不存在）。Ink 相关的组件、hooks、keybindings 都在 packages 中。
 - **Provider 优先级** — `modelType` 参数 > 环境变量 > 默认 `firstParty`。新增 provider 需在 `src/utils/model/providers.ts` 注册。
+
+## Design Context
+
+Impeccable 设计上下文保存在 `.impeccable.md` 中。设计 Web UI（RCS 控制面板、文档站、着陆页）时必须参考该文件。
+
+### 核心设计原则
+
+1. **Considered over clever** — 每个设计选择都应感觉有意为之，而非追逐潮流
+2. **Warmth through subtlety** — 通过橙色色调的中性色、留白布局、有温度的文案来传达温暖
+3. **Density with clarity** — 技术用户需要信息密度，但不能混乱
+4. **Community voice** — 设计应感觉是由使用者创造的，而非遥远的设计团队
+5. **Anthropic's shadow** — 遵循 Anthropic 的设计直觉：干净的布局、充足的间距、温暖的色温
+
+### 品牌色
+
+- 主色：Claude Orange `#D77757`（terra cotta）
+- 辅色：Claude Blue `#5769F7`
+- 暗色模式使用温暖的深色表面（非冷蓝黑色）
+
+### 目标用户
+
+技术团队/企业，在专业工作流中使用 AI 辅助编程。友好的开源社区氛围，非企业 SaaS 风格。
+
+### 视觉参考
+
+Anthropic 公司的设计风格 — 干净、考究、温暖的底色。大量留白，以排版为核心。避免 AI 产品常见的设计套路（渐变文字、玻璃态、霓虹色）。

CLAUDE.md

@@ -1,10 +1,10 @@
 # CLAUDE.md
 
-This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
+This file provides guidance to Claude Code (claude.ai/code) and other AI coding agents when working with code in this repository.
 
 ## Project Overview
 
-This is a **reverse-engineered / decompiled** version of Anthropic's official Claude Code CLI tool. The goal is to restore core functionality while trimming secondary capabilities. Many modules are stubbed or feature-flagged off. TypeScript strict mode is enforced（见 Working with This Codebase 段的 tsc 要求）。
+This is a **reverse-engineered / decompiled** version of Anthropic's official Claude Code CLI tool. The goal is to restore core functionality while trimming secondary capabilities. Many modules are stubbed or feature-flagged off. TypeScript strict mode is enforced — **`bun run precheck` 必须零错误通过**（包含 typecheck + lint fix + test）。
 
 ## Git Commit Message Convention
 
@@ -43,14 +43,16 @@ bun run build
 bun run build:vite
 
 # Test
-bun test                  # run all tests (3175 tests / 207 files / 0 fail)
+bun test                                    # run all tests
 bun test src/utils/__tests__/hash.test.ts   # run single file
-bun test --coverage       # with coverage report
+bun test --coverage                         # with coverage report
 
-# Lint & Format (Biome)
-bun run lint              # check only
-bun run lint:fix          # auto-fix
-bun run format            # format all src/
+# Lint & Format (Biome) — 日常开发用 precheck 代替单独调用
+bun run lint              # lint check (全项目)
+bun run lint:fix          # auto-fix lint issues
+bun run format            # format all (全项目)
+bun run check             # lint + format check (全项目)
+bun run check:fix         # lint + format auto-fix
 
 # Health check
 bun run health
@@ -58,10 +60,8 @@ bun run health
 # Check unused exports
 bun run check:unused
 
-# Full check (typecheck + lint + test) — run after completing any task
-bun run test:all
-
-bun run typecheck
+# Full check (typecheck + lint fix + test) — 任务完成后必须运行
+bun run precheck
 
 # Remote Control Server
 bun run rcs
@@ -77,17 +77,21 @@ bun run docs:dev
 ### Runtime & Build
 
 - **Runtime**: Bun (not Node.js). All imports, builds, and execution use Bun APIs.
-- **Build**: `build.ts` 执行 `Bun.build()` with `splitting: true`，入口 `src/entrypoints/cli.tsx`，输出 `dist/cli.js` + chunk files。Build 默认启用 19 个 feature（见下方 Feature Flag 段）。构建后自动替换 `import.meta.require` 为 Node.js 兼容版本（产物 bun/node 都可运行）。
+- **Build**: `build.ts` 执行 `Bun.build()` with `splitting: true`，入口 `src/entrypoints/cli.tsx`，输出 `dist/cli.js` + chunk files。Build 默认启用 19 个 feature（见下方 Feature Flag 段）。构建后自动替换 `import.meta.require` 为 Node.js 兼容版本（产物 bun/node 都可运行）。构建时会将 `vendor/audio-capture/` 和 `src/utils/vendor/ripgrep/` 复制到 `dist/vendor/` 下。
+- **Build (Vite)**: `vite.config.ts` + `scripts/post-build.ts`，chunk 输出到 `dist/chunks/`。post-build 同样复制 vendor 文件到 `dist/vendor/`。
+- **Vendor 路径解析**: 构建后 chunk 文件位于 `dist/` 或 `dist/chunks/` 下，vendor 二进制在 `dist/vendor/`。`src/utils/ripgrep.ts` 和 `packages/audio-capture-napi/src/index.ts` 均通过 `import.meta.url` 路径中 `lastIndexOf('dist')` 定位 dist 根目录，再拼接 `vendor/` 子路径，确保不同构建产物层级下路径一致。
 - **Dev mode**: `scripts/dev.ts` 通过 Bun `-d` flag 注入 `MACRO.*` defines，运行 `src/entrypoints/cli.tsx`。默认启用全部 feature。
 - **Module system**: ESM (`"type": "module"`), TSX with `react-jsx` transform.
 - **Monorepo**: Bun workspaces — 15 个 workspace packages + 若干辅助目录 in `packages/` resolved via `workspace:*`。
-- **Lint/Format**: Biome (`biome.json`)。`bun run lint` / `bun run lint:fix` / `bun run format`。
+- **Lint/Format**: Biome (`biome.json`)。覆盖 `src/`、`scripts/`、`packages/` 全项目（含 `packages/@ant/`）。`bun run lint` / `bun run lint:fix` / `bun run format` / `bun run check` / `bun run check:fix`。42 条规则因 decompiled 代码被关闭，仅保留 `recommended` 基线。
+- **Pre-commit**: husky + lint-staged。提交时自动对暂存文件执行 `biome check --fix`（TS/JS）和 `biome format --write`（JSON）。
+- **CI Lint**: `ci.yml` 在依赖安装后、类型检查前执行 `bunx biome ci .`，lint 或格式化不达标则 CI 失败。
 - **Defines**: 集中管理在 `scripts/defines.ts`。当前版本 `2.1.888`。
-- **CI**: GitHub Actions — `ci.yml`（构建+测试）、`release-rcs.yml`（RCS 发布）、`update-contributors.yml`（自动更新贡献者）。
+- **CI**: GitHub Actions — `ci.yml`（lint + 构建 + 测试）、`release-rcs.yml`（RCS 发布）、`update-contributors.yml`（自动更新贡献者）。
 
 ### Entry & Bootstrap
 
-1. **`src/entrypoints/cli.tsx`** (373 行) — True entrypoint。`main()` 函数按优先级处理多条快速路径：
+1. **`src/entrypoints/cli.tsx`** — True entrypoint。`main()` 函数按优先级处理多条快速路径：
    - `--version` / `-v` — 零模块加载
    - `--dump-system-prompt` — feature-gated (DUMP_SYSTEM_PROMPT)
    - `--claude-in-chrome-mcp` / `--chrome-native-host`
@@ -118,7 +122,7 @@ bun run docs:dev
 ### Tool System
 
 - **`src/Tool.ts`** — Tool interface definition (`Tool` type) and utilities (`findToolByName`, `toolMatchesName`).
-- **`src/tools.ts`** (392 行) — Tool registry. Assembles the tool list; tools are imported from `@claude-code-best/builtin-tools` package. Some tools are conditionally loaded via `feature()` flags or `process.env.USER_TYPE`.
+- **`src/tools.ts`** — Tool registry. Assembles the tool list; tools are imported from `@claude-code-best/builtin-tools` package. Some tools are conditionally loaded via `feature()` flags or `process.env.USER_TYPE`.
 - **`packages/builtin-tools/src/tools/`** — 59 个子目录（含 shared/testing 等工具目录），通过 `@claude-code-best/builtin-tools` 包导出。主要分类：
   - **文件操作**: FileEditTool, FileReadTool, FileWriteTool, GlobTool, GrepTool
   - **Shell/执行**: BashTool, PowerShellTool, REPLTool
@@ -127,6 +131,7 @@ bun run docs:dev
   - **Web/MCP**: WebFetchTool, WebSearchTool, MCPTool, McpAuthTool
   - **调度**: CronCreateTool, CronDeleteTool, CronListTool
   - **其他**: LSPTool, ConfigTool, SkillTool, EnterWorktreeTool, ExitWorktreeTool 等
+- **`src/tools/shared/`** / **`packages/builtin-tools/src/tools/shared/`** — Tool 共享工具函数。
 
 ### UI Layer (Ink)
 
@@ -171,12 +176,12 @@ bun run docs:dev
 | `packages/audio-capture-napi/` | 原生音频捕获（已恢复） |
 | `packages/color-diff-napi/` | 颜色差异计算（完整实现，11 tests） |
 | `packages/image-processor-napi/` | 图像处理（已恢复） |
-| `packages/modifiers-napi/` | 键盘修饰键检测（stub） |
-| `packages/url-handler-napi/` | URL scheme 处理（stub） |
+| `packages/modifiers-napi/` | 键盘修饰键检测（macOS FFI 实现） |
+| `packages/url-handler-napi/` | URL scheme 处理（环境变量 + CLI 参数读取） |
 
 ### Bridge / Remote Control
 
-- **`src/bridge/`** (~38 files) — Remote Control / Bridge 模式。feature-gated by `BRIDGE_MODE`。包含 bridge API、会话管理、JWT 认证、消息传输、权限回调等。Entry: `bridgeMain.ts`。
+- **`src/bridge/`** — Remote Control / Bridge 模式。feature-gated by `BRIDGE_MODE`。包含 bridge API、会话管理、JWT 认证、消息传输、权限回调等。Entry: `bridgeMain.ts`。
 - **`packages/remote-control-server/`** — 自托管 RCS，支持 Docker 部署，含 Web UI 控制面板（React 19 + Vite + Radix UI）。支持 ACP agent 通过 acp-link 接入（ACP WebSocket handler、relay handler、SSE event stream）。通过 `bun run rcs` 启动。
 - CLI 快速路径: `claude remote-control` / `claude rc` / `claude bridge`。
 - 详见 `docs/features/remote-control-self-hosting.md`。
@@ -218,7 +223,30 @@ Feature flags control which functionality is enabled at runtime. 代码中统一
 
 ### Multi-API 兼容层
 
-支持 OpenAI、Gemini、Grok 三种第三方 API，通过 `/login` 命令配置，均采用流适配器模式转为 Anthropic 内部格式。详见各兼容层的 docs 文档。
+所有兼容层均采用流适配器模式：将第三方 API 格式转为 Anthropic 内部格式，下游代码完全不改。通过 `/login` 命令配置。
+
+#### OpenAI 兼容层
+
+通过 `CLAUDE_CODE_USE_OPENAI=1` 启用，支持 Ollama/DeepSeek/vLLM 等任意 OpenAI Chat Completions 协议端点。含 DeepSeek thinking mode 支持。
+
+- **`src/services/api/openai/`** — client、消息/工具转换、流适配、模型映射
+- 关键环境变量：`CLAUDE_CODE_USE_OPENAI`、`OPENAI_API_KEY`、`OPENAI_BASE_URL`、`OPENAI_MODEL`
+
+#### Gemini 兼容层
+
+通过 `CLAUDE_CODE_USE_GEMINI=1` 启用。独立环境变量体系。
+
+- **`src/services/api/gemini/`** — client、模型映射、类型定义
+- 关键环境变量：`GEMINI_API_KEY`（必填）、`GEMINI_MODEL`（直接指定）、`GEMINI_DEFAULT_SONNET_MODEL`/`GEMINI_DEFAULT_OPUS_MODEL`（按能力映射）
+- 模型映射优先级：`GEMINI_MODEL` > `GEMINI_DEFAULT_*_MODEL` > `ANTHROPIC_DEFAULT_*_MODEL`(已废弃) > 原样返回
+
+#### Grok 兼容层
+
+通过 `CLAUDE_CODE_USE_GROK=1` 启用。自定义模型映射支持 xAI Grok API。
+
+- **`src/services/api/grok/`** — client、模型映射
+
+详见各兼容层的 docs 文档。
 
 ### 穷鬼模式（Budget Mode）
 
@@ -231,13 +259,13 @@ Feature flags control which functionality is enabled at runtime. 代码中统一
 | Module | Status |
 |--------|--------|
 | Computer Use (`@ant/*`) | Restored — macOS + Windows + Linux（后端完整度不一） |
-| `*-napi` packages | `audio-capture-napi`、`image-processor-napi` 已恢复；`color-diff-napi` 完整；`modifiers-napi`、`url-handler-napi` 仍为 stub |
+| `*-napi` packages | 全部已恢复/实现：`audio-capture-napi`、`image-processor-napi` 已恢复；`color-diff-napi` 完整；`modifiers-napi`（macOS FFI）；`url-handler-napi`（环境变量+CLI） |
 | Voice Mode | Restored — Push-to-Talk 语音输入（需 Anthropic OAuth） |
 | OpenAI/Gemini/Grok 兼容层 | Restored |
 | Remote Control Server | Restored — 自托管 RCS + Web UI |
 | Analytics / GrowthBook / Sentry | Empty implementations |
-| Magic Docs / LSP Server | Removed |
-| Plugins / Marketplace | Removed |
+| Magic Docs / LSP Server | Restored — Magic Docs 自动更新 + LSP 服务器管理器 |
+| Plugins / Marketplace | Restored — 插件安装/卸载/启用/禁用 + Marketplace 浏览 |
 | MCP OAuth | Simplified |
 
 ### Key Type Files
@@ -250,7 +278,6 @@ Feature flags control which functionality is enabled at runtime. 代码中统一
 ## Testing
 
 - **框架**: `bun:test`（内置断言 + mock）
-- **当前状态**: 3175 tests / 207 files / 0 fail
 - **单元测试**: 就近放置于 `src/**/__tests__/`，文件名 `<module>.test.ts`
 - **集成测试**: `tests/integration/` — 4 个文件（cli-arguments, context-build, message-pipeline, tool-chain）
 - **共享 mock/fixture**: `tests/mocks/`（api-responses, file-system, fixtures/）
@@ -284,7 +311,7 @@ mock.module("src/utils/debug.ts", debugMock);
 项目使用 TypeScript strict 模式，**tsc 必须零错误**。每次修改后运行：
 
 ```bash
-bun run typecheck          # equivalent to bun run typecheck
+bun run precheck
 ```
 
 **类型规范**：
@@ -297,14 +324,16 @@ bun run typecheck          # equivalent to bun run typecheck
 
 ## Working with This Codebase
 
-- **tsc must pass** — `bun run typecheck` 必须零错误，任何修改都不能引入新的类型错误。
+- **precheck must pass** — `bun run precheck`（typecheck + lint fix + test）必须零错误，任何修改都不能引入新的类型/lint/测试错误。
 - **Feature flags** — 默认全部关闭（`feature()` 返回 `false`）。Dev/build 各有自己的默认启用列表。不要在 `cli.tsx` 中重定义 `feature` 函数。
 - **React Compiler output** — Components have decompiled memoization boilerplate (`const $ = _c(N)`). This is normal.
 - **`bun:bundle` import** — `import { feature } from 'bun:bundle'` 是 Bun 内置模块，由运行时/构建器解析。不要用自定义函数替代它。**`feature()` 只能直接用在 `if` 语句或三元表达式的条件位置**（Bun 编译器限制），不能赋值给变量、不能放在箭头函数体里、不能作为 `&&` 链的一部分。正确：`if (feature('X')) {}` 或 `feature('X') ? a : b`。
 - **`src/` path alias** — tsconfig maps `src/*` to `./src/*`. Imports like `import { ... } from 'src/utils/...'` are valid.
 - **MACRO defines** — 集中管理在 `scripts/defines.ts`。Dev mode 通过 `bun -d` 注入，build 通过 `Bun.build({ define })` 注入。修改版本号等常量只改这个文件。
 - **构建产物兼容 Node.js** — `build.ts` 会自动后处理 `import.meta.require`，产物可直接用 `node dist/cli.js` 运行。
-- **Biome 配置** — 大量 lint 规则被关闭（decompiled 代码不适合严格 lint）。`.tsx` 文件用 120 行宽 + 强制分号；其他文件 80 行宽 + 按需分号。
+- **Biome 配置** — 42 条 lint 规则因 decompiled 代码被关闭，仅保留 `recommended` 基线。格式化覆盖全项目（`src/`、`scripts/`、`packages/`，含 `packages/@ant/`）。`.tsx` 文件用 120 行宽 + 强制分号；其他文件 80 行宽 + 按需分号。JSON 格式化已启用。`.editorconfig` 与 Biome 配置对齐（2-space 缩进）。修改任何代码后应运行 `bun run precheck` 确认无类型/lint/格式/测试问题，pre-commit hook 会自动拦截不合格提交。
+- **tsc 与 Biome 冲突处理** — 当 tsc 要求声明属性（赋值使用）但 biome 报 `noUnusedPrivateClassMembers`（只写不读）时，用 `// biome-ignore lint/correctness/noUnusedPrivateClassMembers: <原因>` 抑制 lint 警告，保留类型声明。`biome ci` 必须零 warnings。
+- **`@ts-expect-error` 维护** — 只在下方代码确实有类型错误时保留 `@ts-expect-error`。如果类型系统已更新导致 directive 变为 unused（TS2578），直接移除注释。MACRO 替换产生的永假比较（如 `'production' === 'development'`）仍需保留 `@ts-expect-error`。
 - **Ink 框架在 `packages/@ant/ink/`** — 不是 `src/ink/`（该目录不存在）。Ink 相关的组件、hooks、keybindings 都在 packages 中。
 - **Provider 优先级** — `modelType` 参数 > 环境变量 > 默认 `firstParty`。新增 provider 需在 `src/utils/model/providers.ts` 注册。
 

README.md

@@ -12,27 +12,29 @@
 
 牢 A (Anthropic) 官方 [Claude Code](https://docs.anthropic.com/en/docs/claude-code) CLI 工具的源码反编译/逆向还原项目。目标是将 Claude Code 大部分功能及工程化能力复现 (问就是老佛爷已经付过钱了)。虽然很难绷, 但是它叫做 CCB(踩踩背)... 而且, 我们实现了企业版或者需要登陆 Claude 账号才能使用的特性, 实现技术普惠
 
+> 我们将会在五一期间进行整个代码仓库的 lint 规范化, 这个期间提交的 PR 可能会有非常多的冲突, 所以大的功能请尽量在这之前提交哈
+
 [文档在这里, 支持投稿 PR](https://ccb.agent-aura.top/) | [留影文档在这里](./Friends.md) | [Discord 群组](https://discord.gg/uApuzJWGKX)
 
 
 | 特性                        | 说明                                                                                                                         | 文档                                                                                                                                      |
 | --------------------------- | ---------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------- |
-| **Claude 群控技术**         | Pipe IPC 多实例协作：同机 main/sub 自动编排 + LAN 跨机器零配置发现与通讯，`/pipes` 选择面板 + `Shift+↓` 交互 + 消息广播路由 | [Pipe IPC](https://ccb.agent-aura.top/docs/features/pipes-and-lan) / [LAN](https://ccb.agent-aura.top/docs/features/lan-pipes)            |
+| **Claude 群控技术**         | Pipe IPC 多实例协作：同机 main/sub 自动编排 + LAN 跨机器零配置发现与通讯，`/pipes` 选择面板 + `Shift+↓` 交互 + 消息广播路由 | [Pipe IPC](https://ccb.agent-aura.top/docs/features/uds-inbox) / [LAN](https://ccb.agent-aura.top/docs/features/lan-pipes)                |
 | **ACP 协议一等一支持**      | 支持接入 Zed、Cursor 等 IDE，支持会话恢复、Skills、权限桥接                                                                  | [文档](https://ccb.agent-aura.top/docs/features/acp-zed)                                                                                  |
 | **Remote Control 私有部署** | Docker 自托管远程界面, 可以手机上看 CC                                                                                       | [文档](https://ccb.agent-aura.top/docs/features/remote-control-self-hosting)                                                              |
 | **Langfuse 监控**           | 企业级 Agent 监控, 可以清晰看到每次 agent loop 细节, 可以一键转化为数据集                                                    | [文档](https://ccb.agent-aura.top/docs/features/langfuse-monitoring)                                                                      |
 | **Web Search**              | 内置网页搜索工具, 支持 bing 和 brave 搜索                                                                                    | [文档](https://ccb.agent-aura.top/docs/features/web-browser-tool)                                                                         |
 | **Poor Mode**               | 穷鬼模式，关闭记忆提取和键入建议,大幅度减少并发请求                                                                          | /poor 可以开关                                                                                                                            |
 | **Channels 频道通知**       | MCP 服务器推送外部消息到会话（飞书/Slack/Discord/微信等），`--channels plugin:name@marketplace` 启用                         | [文档](https://ccb.agent-aura.top/docs/features/channels)                                                                                 |
-| **自定义模型供应商**        | OpenAI/Anthropic/Gemini/Grok 兼容                                                                                            | [文档](https://ccb.agent-aura.top/docs/features/custom-platform-login)                                                                    |
-| Voice Mode                  | Push-to-Talk 语音输入                                                                                                        | [文档](https://ccb.agent-aura.top/docs/features/voice-mode)                                                                               |
+| **自定义模型供应商**        | OpenAI/Anthropic/Gemini/Grok 兼容  (`/login`)                                                                                          | [文档](https://ccb.agent-aura.top/docs/features/all-features-guide)                                                                        |
+| Voice Mode                  | 语音输入，支持豆包语言输入（`/voice doubao`）                                                                   | [文档](https://ccb.agent-aura.top/docs/features/voice-mode)                                                                               |
 | Computer Use                | 屏幕截图、键鼠控制                                                                                                           | [文档](https://ccb.agent-aura.top/docs/features/computer-use)                                                                             |
 | Chrome Use                  | 浏览器自动化、表单填写、数据抓取                                                                                             | [自托管](https://ccb.agent-aura.top/docs/features/chrome-use-mcp) [原生版](https://ccb.agent-aura.top/docs/features/claude-in-chrome-mcp) |
 | Sentry                      | 企业级错误追踪                                                                                                               | [文档](https://ccb.agent-aura.top/docs/internals/sentry-setup)                                                                            |
 | GrowthBook                  | 企业级特性开关                                                                                                               | [文档](https://ccb.agent-aura.top/docs/internals/growthbook-adapter)                                                                      |
 | /dream 记忆整理             | 自动整理和优化记忆文件                                                                                                       | [文档](https://ccb.agent-aura.top/docs/features/auto-dream)                                                                               |
 
-- 🚀 [想要启动项目](#快速开始源码版)
+- 🚀 [想要启动项目](#-快速开始源码版)
 - 🐛 [想要调试项目](#vs-code-调试)
 - 📖 [想要学习项目](#teach-me-学习项目)
 
@@ -53,6 +55,8 @@ ccb update # 更新到最新版本
 CLAUDE_BRIDGE_BASE_URL=https://remote-control.claude-code-best.win/ CLAUDE_BRIDGE_OAUTH_TOKEN=test-my-key ccb --remote-control # 我们有自部署的远程控制
 ```
 
+> **安装/更新失败？** 先 `npm rm -g claude-code-best` 清理旧版本，再 `npm i -g claude-code-best@latest`。仍失败则指定版本号：`npm i -g claude-code-best@<版本号>`
+
 ## ⚡ 快速开始(源码版)
 
 ### ⚙️ 环境要求
@@ -60,11 +64,66 @@ CLAUDE_BRIDGE_BASE_URL=https://remote-control.claude-code-best.win/ CLAUDE_BRIDG
 一定要最新版本的 bun 啊, 不然一堆奇奇怪怪的 BUG!!! bun upgrade!!!
 
 - 📦 [Bun](https://bun.sh/) >= 1.3.11
+
+**安装 Bun：**
+
+```bash
+# Linux 和 macOS
+curl -fsSL https://bun.sh/install | bash
+
+# Windows (PowerShell)
+powershell -c "irm bun.sh/install.ps1 | iex"
+```
+
+**安装后的操作：**
+
+1. **让当前终端识别 `bun` 命令**
+
+   安装脚本会把 `~/.bun/bin` 写入对应的 shell 配置文件。macOS 默认 zsh 环境通常会看到：
+
+   ```text
+   Added "~/.bun/bin" to $PATH in "~/.zshrc"
+   ```
+
+   可以按安装脚本提示重启当前 shell：
+
+   ```bash
+   exec /bin/zsh
+   ```
+
+   如果你使用 bash，重新加载 bash 配置：
+
+   ```bash
+   source ~/.bashrc
+   ```
+
+   Windows PowerShell 用户关闭并重新打开 PowerShell 即可。
+
+2. **验证 Bun 是否可用**
+
+   ```bash
+   bun --help
+   bun --version
+   ```
+
+3. **如果已经安装过 Bun，更新到最新版本**
+
+   ```bash
+   bun upgrade
+   ```
+
 - ⚙️ 常规的配置 CC 的方式, 各大提供商都有自己的配置方式
 
+### 📍 命令执行位置
+
+- 安装或检查 Bun 的命令可以在任意目录执行：
+  `curl -fsSL https://bun.sh/install | bash`、`bun --help`、`bun --version`、`bun upgrade`
+- 安装本项目依赖、启动开发模式、构建项目时，必须先进入本仓库根目录，也就是包含 `package.json` 的目录。
+
 ### 📥 安装
 
 ```bash
+cd /path/to/claude-code
 bun install
 ```
 
@@ -176,6 +235,10 @@ TUI (REPL) 模式需要真实终端，无法直接通过 VS Code launch 启动
  </picture>
 </a>
 
+## 致谢
+
+- [doubaoime-asr](https://github.com/starccy/doubaoime-asr) — 豆包 ASR 语音识别 SDK，为 Voice Mode 提供无需 Anthropic OAuth 的语音输入方案
+
 ## 许可证
 
 本项目仅供学习研究用途。Claude Code 的所有权利归 [Anthropic](https://www.anthropic.com/) 所有。

README_EN.md

@@ -48,11 +48,64 @@ Sponsor placeholder.
 Make sure you're on the latest version of Bun, otherwise you'll run into all sorts of weird bugs. Run `bun upgrade`!
 
 - [Bun](https://bun.sh/) >= 1.3.11
+
+**Install Bun:**
+
+```bash
+# Linux and macOS
+curl -fsSL https://bun.sh/install | bash
+
+# Windows (PowerShell)
+powershell -c "irm bun.sh/install.ps1 | iex"
+```
+
+**Post-installation steps:**
+
+1. **Make `bun` available in the current terminal**
+
+   The installer adds `~/.bun/bin` to the matching shell configuration file. On macOS with the default zsh shell, you may see:
+
+   ```text
+   Added "~/.bun/bin" to $PATH in "~/.zshrc"
+   ```
+
+   Restart the current shell as the installer suggests:
+
+   ```bash
+   exec /bin/zsh
+   ```
+
+   If you use bash, reload the bash configuration:
+
+   ```bash
+   source ~/.bashrc
+   ```
+
+   Windows PowerShell users can close and reopen PowerShell.
+
+2. **Verify that Bun is available:**
+   ```bash
+   bun --help
+   bun --version
+   ```
+
+3. **Update to latest version (if already installed):**
+   ```bash
+   bun upgrade
+   ```
+
 - Standard Claude Code configuration — each provider has its own setup method
 
+### Command Execution Location
+
+- Bun installation and checking commands can be run from any directory:
+  `curl -fsSL https://bun.sh/install | bash`, `bun --help`, `bun --version`, `bun upgrade`
+- Project dependency installation, development mode, and builds must be run from this repository root, the directory containing `package.json`.
+
 ### Install
 
 ```bash
+cd /path/to/claude-code
 bun install
 ```
 
@@ -135,7 +188,7 @@ The TUI (REPL) mode requires a real terminal and cannot be launched directly via
 ## Documentation & Links
 
 - **Online docs (Mintlify)**: [ccb.agent-aura.top](https://ccb.agent-aura.top/) — source in [`docs/`](docs/), PR contributions welcome
-- **DeepWiki**: <https://deepwiki.com/claude-code-best/claude-code>
+- **DeepWiki**: https://deepwiki.com/claude-code-best/claude-code
 
 ## Contributors
 

biome.json

@@ -1,114 +1,113 @@
 {
-	"$schema": "https://biomejs.dev/schemas/2.4.10/schema.json",
-	"vcs": {
-		"enabled": true,
-		"clientKind": "git",
-		"useIgnoreFile": true
-	},
-	"files": {
-		"includes": ["**", "!!**/dist", "!!**/packages/@ant"]
-	},
-	"formatter": {
-		"enabled": true,
-		"indentStyle": "space",
-		"indentWidth": 2,
-		"lineWidth": 80
-	},
-	"linter": {
-		"enabled": true,
-		"rules": {
-			"recommended": true,
-			"suspicious": {
-				"noExplicitAny": "off",
-				"noAssignInExpressions": "off",
-				"noDoubleEquals": "off",
-				"noRedeclare": "off",
-				"noImplicitAnyLet": "off",
-				"noGlobalIsNan": "off",
-				"noFallthroughSwitchClause": "off",
-				"noShadowRestrictedNames": "off",
-				"noArrayIndexKey": "off",
-				"noConsole": "off",
-				"noConfusingLabels": "off",
-				"useIterableCallbackReturn": "off"
-			},
-			"style": {
-				"useConst": "off",
-				"noNonNullAssertion": "off",
-				"noParameterAssign": "off",
-				"useDefaultParameterLast": "off",
-				"noUnusedTemplateLiteral": "off",
-				"useTemplate": "off",
-				"useNumberNamespace": "off",
-				"useNodejsImportProtocol": "off",
-				"useImportType": "off"
-			},
-			"complexity": {
-				"noForEach": "off",
-				"noBannedTypes": "off",
-				"noUselessConstructor": "off",
-				"noStaticOnlyClass": "off",
-				"useOptionalChain": "off",
-				"noUselessSwitchCase": "off",
-				"noUselessFragments": "off",
-				"noUselessTernary": "off",
-				"noUselessLoneBlockStatements": "off",
-				"noUselessEmptyExport": "off",
-				"useArrowFunction": "off",
-				"useLiteralKeys": "off"
-			},
-			"correctness": {
-				"noUnusedVariables": "off",
-				"noUnusedImports": "off",
-				"useExhaustiveDependencies": "off",
-				"noSwitchDeclarations": "off",
-				"noUnreachable": "off",
-				"useHookAtTopLevel": "off",
-				"noVoidTypeReturn": "off",
-				"noConstantCondition": "off",
-				"noUnusedFunctionParameters": "off"
-			},
-			"a11y": {
-				"recommended": false
-			},
-			"nursery": {
-				"recommended": false
-			}
-		}
-	},
-	"json": {
-		"formatter": {
-			"enabled": false
-		}
-	},
-	"javascript": {
-		"formatter": {
-			"quoteStyle": "single",
-			"semicolons": "asNeeded",
-			"arrowParentheses": "asNeeded",
-			"trailingCommas": "all"
-		}
-	},
-	"overrides": [
-		{
-			"includes": ["**/*.tsx"],
-			"javascript": {
-				"formatter": {
-					"semicolons": "always"
-				}
-			},
-			"formatter": {
-				"lineWidth": 120
-			}
-		},
-		{
-			"includes": ["scripts/**", "packages/**", "**/*.js", "**/*.mjs", "**/*.jsx"],
-			"formatter": {
-				"enabled": false
-			}
-		}
-	],
-	"assist": {
-		"enabled": false
-	}
+  "$schema": "https://biomejs.dev/schemas/2.4.12/schema.json",
+  "vcs": {
+    "enabled": true,
+    "clientKind": "git",
+    "useIgnoreFile": true
+  },
+  "files": {
+    "includes": ["**", "!!**/dist"]
+  },
+  "formatter": {
+    "enabled": true,
+    "indentStyle": "space",
+    "indentWidth": 2,
+    "lineWidth": 80
+  },
+  "linter": {
+    "enabled": true,
+    "rules": {
+      "recommended": true,
+      "suspicious": {
+        "noExplicitAny": "off",
+        "noAssignInExpressions": "off",
+        "noDoubleEquals": "off",
+        "noRedeclare": "off",
+        "noImplicitAnyLet": "off",
+        "noGlobalIsNan": "off",
+        "noFallthroughSwitchClause": "off",
+        "noShadowRestrictedNames": "off",
+        "noArrayIndexKey": "off",
+        "noConsole": "off",
+        "noConfusingLabels": "off",
+        "useIterableCallbackReturn": "off"
+      },
+      "style": {
+        "useConst": "off",
+        "noNonNullAssertion": "off",
+        "noParameterAssign": "off",
+        "useDefaultParameterLast": "off",
+        "noUnusedTemplateLiteral": "off",
+        "useTemplate": "off",
+        "useNumberNamespace": "off",
+        "useNodejsImportProtocol": "off",
+        "useImportType": "off"
+      },
+      "complexity": {
+        "noForEach": "off",
+        "noBannedTypes": "off",
+        "noUselessConstructor": "off",
+        "noStaticOnlyClass": "off",
+        "useOptionalChain": "off",
+        "noUselessSwitchCase": "off",
+        "noUselessFragments": "off",
+        "noUselessTernary": "off",
+        "noUselessLoneBlockStatements": "off",
+        "noUselessEmptyExport": "off",
+        "useArrowFunction": "off",
+        "useLiteralKeys": "off"
+      },
+      "correctness": {
+        "noUnusedVariables": "off",
+        "noUnusedImports": "off",
+        "useExhaustiveDependencies": "off",
+        "noSwitchDeclarations": "off",
+        "noUnreachable": "off",
+        "useHookAtTopLevel": "off",
+        "noVoidTypeReturn": "off",
+        "noConstantCondition": "off",
+        "noUnusedFunctionParameters": "off"
+      },
+      "a11y": {
+        "recommended": false
+      },
+      "nursery": {
+        "recommended": false
+      }
+    }
+  },
+  "json": {
+    "formatter": {
+      "enabled": true
+    }
+  },
+  "css": {
+    "parser": {
+      "tailwindDirectives": true
+    }
+  },
+  "javascript": {
+    "formatter": {
+      "quoteStyle": "single",
+      "semicolons": "asNeeded",
+      "arrowParentheses": "asNeeded",
+      "trailingCommas": "all"
+    }
+  },
+  "overrides": [
+    {
+      "includes": ["**/*.tsx"],
+      "javascript": {
+        "formatter": {
+          "semicolons": "always"
+        }
+      },
+      "formatter": {
+        "lineWidth": 120
+      }
+    }
+  ],
+  "assist": {
+    "enabled": false
+  }
 }

build.ts

@@ -56,7 +56,8 @@ for (const file of files) {
 // (e.g. @anthropic-ai/sandbox-runtime) so Node.js doesn't crash at import time.
 let bunPatched = 0
 const BUN_DESTRUCTURE = /var \{([^}]+)\} = globalThis\.Bun;?/g
-const BUN_DESTRUCTURE_SAFE = 'var {$1} = typeof globalThis.Bun !== "undefined" ? globalThis.Bun : {};'
+const BUN_DESTRUCTURE_SAFE =
+  'var {$1} = typeof globalThis.Bun !== "undefined" ? globalThis.Bun : {};'
 for (const file of files) {
   if (!file.endsWith('.js')) continue
   const filePath = join(outdir, file)
@@ -75,10 +76,14 @@ console.log(
   `Bundled ${result.outputs.length} files to ${outdir}/ (patched ${patched} for import.meta.require, ${bunPatched} for Bun destructure)`,
 )
 
-// Step 4: Copy native .node addon files (audio-capture)
-const vendorDir = join(outdir, 'vendor', 'audio-capture')
-await cp('vendor/audio-capture', vendorDir, { recursive: true })
-console.log(`Copied vendor/audio-capture/ → ${vendorDir}/`)
+// Step 4: Copy native .node addon files (audio-capture) and vendored binaries (ripgrep)
+const audioCaptureDir = join(outdir, 'vendor', 'audio-capture')
+await cp('vendor/audio-capture', audioCaptureDir, { recursive: true })
+console.log(`Copied vendor/audio-capture/ → ${audioCaptureDir}/`)
+
+const ripgrepDir = join(outdir, 'vendor', 'ripgrep')
+await cp('src/utils/vendor/ripgrep', ripgrepDir, { recursive: true })
+console.log(`Copied src/utils/vendor/ripgrep/ → ${ripgrepDir}/`)
 
 // Step 5: Generate cli-bun and cli-node executable entry points
 const cliBun = join(outdir, 'cli-bun.js')

docs.json

@@ -185,4 +185,4 @@
       "destination": "/docs/introduction/what-is-claude-code"
     }
   ]
-}
+}

docs/agent/sur-loop-scheduled-oom.md

@@ -0,0 +1,492 @@
+# System Understanding Report — Loop / Scheduled Autonomy OOM
+
+- **Flow id**: `recurring-bug-loop-oom` (pilot flow for autonomy ↔ deep-debug binding)
+- **Branch**: `fix/loop-scheduled-autonomy-oom`
+- **Worktree**: `E:\Source_code\Claude-code-bast-loop-scheduled-oom-fix`
+- **Author**: back-filled from existing working-tree diff (no commits ahead of `main`)
+- **Status**: `report` (this document) — pending human approval before `regression-test` advances
+
+---
+
+## 1. Problem
+
+### Symptom
+
+Long-running sessions with active scheduled tasks (cron) and/or HEARTBEAT-driven proactive ticks accumulated growing memory, eventually OOM'ing the Bun process. The visible signature was:
+
+- `runs.json` under `.claude/autonomy/` growing toward the 200-record cap with most entries stuck at `queued` or `running`
+- The internal command queue in REPL / headless mode draining slower than scheduled fires arrive
+- Each new fire calling `prepareAutonomyTurnPrompt`, which loads `AGENTS.md` + `HEARTBEAT.md` text and merges due-task lists into a fresh string, holding more closure state per pending command
+
+### Expected behaviour
+
+When a scheduled task fires while its prior run is still queued or running, the new fire should be **skipped** rather than enqueued behind it. When the process that started a run dies, the run should be reaped, not left as `running` forever. Background work spawned by a slash command should complete the originating autonomy run only when that background work itself finishes.
+
+### Actual behaviour (before fix)
+
+1. `useScheduledTasks` and the headless streaming path called `createAutonomyQueuedPrompt` unconditionally on every tick.
+2. `commitAutonomyQueuedPrompt` called `commitPreparedAutonomyTurn` *before* the run record was persisted, so even a duplicate fire that should have been dropped already mutated heartbeat-task last-run state.
+3. `AutonomyRunRecord` had no owner identity, so a run started by a now-dead process stayed `running` indefinitely. Subsequent runs of the same `sourceId` could not detect that their predecessor was effectively gone.
+4. Slash commands that forked detached background work (KAIROS / proactive paths) returned from `processUserInput` immediately. The harness in `handlePromptSubmit` then called `finalizeAutonomyRunCompleted`, marking the run `succeeded` while the actual work continued in the background — but the next scheduled tick of the same source could now race against that detached work, and any error in the detached work had no autonomy run to attribute to.
+
+### Reproduction shape
+
+Not a single deterministic repro — load-induced. Rough recipe:
+
+- Configure two `HEARTBEAT.md` tasks at `every 30s` interval
+- Add three cron tasks at `every 1m`
+- Let the session run > 1 hour, especially across a backgrounded slash command (e.g. KAIROS `/sleep`-style detached fork)
+- Watch `.claude/autonomy/runs.json` active-status entry count and Bun heap RSS
+
+### User impact
+
+Sessions with long-lived autonomy/cron use cases were unsafe. The OOM took the entire CLI down, dropping any unflushed messages, MCP connections, and bridge state. Because `.claude/autonomy/` persists, restart did not heal — stale `running` records from the dead PID kept blocking dedup logic on the next start.
+
+---
+
+## 2. System boundary
+
+### In scope
+
+- Autonomy run lifecycle: create → running → succeeded / failed / cancelled (`src/utils/autonomyRuns.ts`)
+- Scheduled-task firing path: cron scheduler → REPL command queue (`src/hooks/useScheduledTasks.ts`)
+- Headless streaming variant of the same path (`src/cli/print.ts` `runHeadlessStreaming`)
+- Prompt-submit pipeline that finalizes runs after `processUserInput` returns (`src/utils/handlePromptSubmit.ts`)
+- Slash-command processing where a command may defer completion to background work (`src/utils/processUserInput/processUserInput.ts`, `processSlashCommand.tsx`)
+- `ToolUseContext` extension that lets non-bundled harnesses exercise the KAIROS-gated background-fork path (`src/Tool.ts`)
+
+### Out of scope
+
+- The cron scheduler itself (`src/utils/cronScheduler.ts`) — its tick semantics are not changing
+- `autonomyFlows.ts` flow state machine — separate from per-run tracking
+- HEARTBEAT.md scheduling semantics — unchanged. `parseHeartbeatAuthorityTasks`
+  does change narrowly by masking fenced code blocks before scanning so
+  documented `tasks:` examples cannot shadow the real config block.
+- `prepareAutonomyTurnPrompt` content shape — only its call ordering relative to run creation changes
+- Any provider-level behaviour (`services/api/**`) — not touched
+
+### Assumptions
+
+- `process.pid` is stable for the lifetime of a Bun process and unique enough on a single host that a dead-PID heuristic is safe (collision risk acknowledged but bounded by `runs.json` retention).
+- `isProcessRunning(pid)` (from `genericProcessUtils.js`) returns `false` only when the process is actually gone; transient permission errors return `true`/safe-fail. Verified in step 6.
+- `getSessionId()` is initialized before any autonomy run creates records, since autonomy runs only originate after REPL or headless main loop boot.
+
+---
+
+## 3. Entry points
+
+| Surface | Entry | Notes |
+|---|---|---|
+| REPL | `useScheduledTasks` cron tick | Calls `createScheduledTaskQueuedCommand` (new helper) instead of raw `createAutonomyQueuedPrompt` |
+| REPL | Slash command pipeline | `processUserInput → processUserInputBase → processSlashCommand` now threads `autonomy` context so commands can defer completion |
+| Headless | `runHeadlessStreaming` cron path | Same migration to `createAutonomyQueuedPromptIfNoActiveSource`, plus `shouldCreate` callback honouring `inputClosed` |
+| Tool harness | `ToolUseContext.options.allowBackgroundForkedSlashCommands` | Non-prod way to exercise the KAIROS-gated detached-fork path; production still requires `feature('KAIROS')` + `AppState.kairosEnabled` |
+| Persistence | `.claude/autonomy/runs.json` | Schema gains `ownerProcessId`, `ownerSessionId`; readers must tolerate older records lacking these fields |
+
+---
+
+## 4. Key files
+
+| File | Lines changed | Why it matters |
+|---|---|---|
+| `src/utils/autonomyRuns.ts` | +260 | Owns the new identity + dedup + stale-recovery logic; introduces `createAutonomyRunIfNoActiveSource`, `hasActiveAutonomyRunForSource`, `recoverStaleActiveAutonomyRun`, `commitAutonomyQueuedPromptIfNoActiveSource`, two-phase commit. The structural heart of the fix. |
+| `src/utils/processUserInput/processSlashCommand.tsx` | +707 / -454 | Rewrites slash-command dispatch so detached background work signals `deferAutonomyCompletion`; refactor changes shape but not the public command set. |
+| `src/hooks/useScheduledTasks.ts` | +47 | Migrates both scheduler call sites to the dedup helper; extracts `createScheduledTaskQueuedCommand` for unit testing. |
+| `src/cli/print.ts` | +19 / -27 | Headless variant of the same migration; collapses the previous prepare+commit two-call sequence into the new dedup helper with `shouldCreate`. |
+| `src/utils/handlePromptSubmit.ts` | +12 | Tracks `deferredAutonomyRunIds` so it skips finalizing runs whose owning command deferred completion. |
+| `src/utils/processUserInput/processUserInput.ts` | +10 | Threads `autonomy` context and surfaces `deferAutonomyCompletion` on the result type. |
+| `src/Tool.ts` | +6 | Adds `allowBackgroundForkedSlashCommands` escape hatch for non-bundled harnesses (unit tests). |
+| `src/utils/__tests__/autonomyRuns.test.ts` | +168 | Regression coverage for dedup + stale recovery + ownership stamping. |
+| `src/hooks/__tests__/useScheduledTasks.test.ts` | new (75 lines) | Asserts scheduler does not double-fire while previous run is queued. |
+| `src/utils/processUserInput/__tests__/processSlashCommand.test.ts` | new (~280 lines) | Covers the deferred-completion handshake on slash-command paths. |
+
+---
+
+## 5. Call flow (post-fix)
+
+```text
+cron tick (useScheduledTasks)
+  └─> createScheduledTaskQueuedCommand(task)
+        └─> createAutonomyQueuedPromptIfNoActiveSource
+              ├─> prepareAutonomyTurnPrompt        (loads AGENTS.md + HEARTBEAT.md)
+              ├─> shouldCreate?  ──► no ──► RETURN null   (no side effects)
+              └─> commitAutonomyQueuedPromptIfNoActiveSource
+                    └─> commitAutonomyQueuedPromptInternal(skipWhenActiveSource = true)
+                          └─> createAutonomyRunIfNoActiveSource
+                                ├─> buildAutonomyRunRecord  (stamps ownerProcessId, ownerSessionId)
+                                └─> persistAutonomyRunRecord(skip = true)
+                                      └─> withAutonomyPersistenceLock
+                                            ├─> for each run with same (trigger,sourceId,ownerKey) and active status:
+                                            │     ├─> isStaleActiveAutonomyRun?  ──► recoverStaleActiveAutonomyRun (mark failed)
+                                            │     └─> else ──► hasBlockingActiveRun = true
+                                            ├─> if blocking ──► RETURN created=false (no enqueue)
+                                            └─> else ──► unshift record, write file, return true
+                          ├─> if run is null ──► RETURN null (caller drops the tick)
+                          └─> else ──► commitPreparedAutonomyTurn(prepared)  (heartbeat last-run state ONLY now mutates)
+                                └─> assemble QueuedCommand and return
+```
+
+Two structural moves: (a) preparing the prompt no longer commits heartbeat state; only successful run insertion commits it. (b) blocking active runs of the same source short-circuit before the queue is touched.
+
+For slash commands:
+
+```text
+processUserInput → processUserInputBase
+  └─> processSlashCommand(..., autonomy = cmd.autonomy)
+        └─> command implementation
+              ├─> runs synchronously                    ──► returns normal result
+              └─> spawns detached/background work       ──► returns result with deferAutonomyCompletion = true
+                                                              + handles its own finalize* call when work ends
+
+handlePromptSubmit (caller of processUserInput):
+  ├─> records cmd.autonomy.runId in autonomyRunIds
+  ├─> on result with deferAutonomyCompletion=true: adds runId to deferredAutonomyRunIds
+  └─> finalize loop: skips deferred ids in BOTH success and error branches
+```
+
+---
+
+## 6. Data flow
+
+### `runs.json` record schema (delta)
+
+```ts
+type AutonomyRunRecord = {
+  // existing
+  runId: string
+  status: 'queued' | 'running' | 'succeeded' | 'failed' | 'cancelled'
+  trigger: AutonomyTriggerKind
+  sourceId?: string
+  ownerKey?: string
+  // new
+  ownerProcessId?: number     // process.pid at create time and at markRunning time
+  ownerSessionId?: string     // getSessionId() at the same points
+  // ...
+}
+```
+
+Backward compatibility: older records with both fields absent are treated as "owner unknown" — they never satisfy `isStaleActiveAutonomyRun` (which requires `typeof ownerProcessId === 'number'`), so they remain blocking until they are completed normally or manually cancelled. This is intentional: we cannot prove they are stale.
+
+### Stale-recovery rule
+
+```text
+isStaleActiveAutonomyRun(run) ⇔
+    run.status ∈ {queued, running}
+  ∧ typeof run.ownerProcessId === 'number'
+  ∧ !isProcessRunning(run.ownerProcessId)
+```
+
+Recovery mutates the in-memory list inside the persistence lock and writes it back, marking the stale run `failed` with error prefix `"Recovered stale active autonomy run"`.
+
+### Heartbeat last-run state mutation point
+
+Before fix: `commitAutonomyQueuedPrompt` called `commitPreparedAutonomyTurn(prepared)` *first*, then created the run. A skipped duplicate already advanced heartbeat last-run timestamps.
+
+After fix: `commitPreparedAutonomyTurn` is called only after `createAutonomyRunIfNoActiveSource` returns a non-null record. Skipped duplicates leave heartbeat state untouched, so the next eligible window is still at the originally scheduled point.
+
+---
+
+## 7. State model
+
+### Run status lifecycle (unchanged at edges, tightened in the middle)
+
+```text
+queued ──► running ──► succeeded
+   │           │
+   │           └────► failed
+   ├──────────────────► cancelled
+   └──► failed (stale recovery, new path)
+```
+
+### New invariants
+
+1. **Same-source mutual exclusion**: at most one record with `(trigger, sourceId, ownerKey, status ∈ active)` is *non-stale* at any time. Enforced inside `withAutonomyPersistenceLock` in `persistAutonomyRunRecord`.
+
+2. **Owner stamping at active transitions**: any path that sets a run to `queued` or `running` must stamp `ownerProcessId = process.pid` and `ownerSessionId = getSessionId()`. `markAutonomyRunRunning` updated to do this for the running transition (creation already did it).
+
+3. **Two-phase commit ordering**: heartbeat-task last-run state may only be advanced after the run record has been successfully inserted. Equivalent to "prompt commit ⇒ run row exists".
+
+4. **Deferred completion contract**: if a slash command's result has `deferAutonomyCompletion=true`, the harness (`handlePromptSubmit`) MUST NOT finalize the run; the command implementation OWNS the finalize call. Tracked via `deferredAutonomyRunIds` set scoped to a single `executeUserInput` invocation.
+
+### Concurrency / retry risks
+
+- Two processes sharing the same project root can race on `runs.json`. Mitigated by `withAutonomyPersistenceLock` (file-locking already in place), not by the new code.
+- Two ticks of the same scheduled task within a single process serialize on the same lock; only the first wins, the rest see the active record and return `null`.
+- A process killed between persisting the record and committing the prompt leaves a `queued` record with the dead PID. Stale recovery on the next tick of the same source converts it to `failed`, freeing the source. This is the new safety net.
+
+### Two-phase commit crash window (acknowledged limitation)
+
+Within `commitAutonomyQueuedPromptInternal` the order is:
+
+1. `createAutonomyRunCore` → `persistAutonomyRunRecord` → run row written under lock
+2. `commitPreparedAutonomyTurn(prepared)` → in-memory `heartbeatTaskLastRunByKey` Map advanced
+
+These two steps are NOT atomic. If the process is killed between (1) and (2):
+
+- `runs.json` has a fresh `queued` record stamped with the now-dead PID.
+- `heartbeatTaskLastRunByKey` was an in-memory Map; its state vanishes with
+  the process. On restart the Map is empty.
+- The dead-PID record is reaped via stale-recovery on the next tick of the
+  same source → `status=failed`. New record can be created.
+- Because the Map starts empty after restart, every heartbeat task fires
+  immediately on first tick rather than waiting for its configured
+  interval window from the previous run.
+
+**Severity**: low. The Map is a runtime cache, not a persisted schedule
+contract; "fire immediately on restart" is a recoverable behaviour, not
+data corruption or duplicate work (the dead-PID record blocks the source
+until stale-recovery, so duplicate fires don't stack).
+
+**Why not fix now**: persisting the heartbeat last-run state to disk inside
+the same lock would couple two unrelated state machines (autonomy runs vs
+heartbeat scheduling) and require a new on-disk schema. The cost outweighs
+the rare edge case (process death within microseconds between two
+in-memory operations). Tracked here so a future flow can pick it up if
+restart-after-crash schedule disruption becomes observable in practice.
+
+---
+
+## 8. Existing tests
+
+### Pre-fix
+
+- `src/utils/__tests__/autonomyRuns.test.ts` covered create / list / mark transitions for the basic happy path.
+- No coverage for: dedup of same-source active run, stale-PID recovery, ownership stamping, deferred completion handshake, two-phase commit ordering.
+- `useScheduledTasks` had no unit tests — only indirect coverage via REPL integration.
+- `processSlashCommand` had no autonomy-context coverage.
+
+### Added in this branch
+
+- `src/utils/__tests__/autonomyRuns.test.ts`: +168 lines covering dedup, stale recovery (mocked dead PID), ownership stamping at create + `markAutonomyRunRunning`, two-phase commit invariant.
+- `src/hooks/__tests__/useScheduledTasks.test.ts`: new file, 75 lines. Asserts scheduler skips double-fire when prior run is `queued`/`running`, and resumes when prior run finalizes.
+- `src/utils/processUserInput/__tests__/processSlashCommand.test.ts`: new file, ~280 lines. Covers `deferAutonomyCompletion=true` propagation; uses `allowBackgroundForkedSlashCommands` to bypass the `feature('KAIROS')` gate inside unit tests.
+
+### Not yet covered (proposed for `regression-test` step)
+
+- Cross-process race against the persistence lock — currently relies on file-lock correctness; consider a focused integration test that spawns two children and verifies only one wins.
+- Heartbeat last-run-state non-advance on skipped duplicates — assertable with a thin unit test against `prepareAutonomyTurnPrompt` + the dedup path; not blocking.
+
+---
+
+## 9. Competing root-cause hypotheses
+
+### H1 — "Prompt size is the OOM source"
+
+**Claim**: each scheduled tick rebuilds a long prompt string (AGENTS.md + HEARTBEAT.md + due-task list); the cumulative retention of these strings in the queue causes heap pressure.
+
+**Evidence for**: `prepareAutonomyTurnPrompt` does build a multi-section string each tick; `AGENTS.md` in this repo is now 220 lines.
+
+**Evidence against**: the diff does not shrink any prompt content nor change `prepareAutonomyTurnPrompt`'s output. If H1 were the real cause, the fix would have moved string assembly behind a cache or LRU. The fix instead targets the *number* of in-flight runs.
+
+**Verdict**: contributing factor at most. Rejected as primary root cause.
+
+### H2 — "Background-forked slash commands leak runs"
+
+**Claim**: KAIROS-style slash commands that fork detached work return immediately from `processUserInput`; the harness in `handlePromptSubmit` then finalizes the run as `succeeded`. Any error in the background work is unattributable, and (more importantly) the *next* scheduled fire of the same source happens to find no active run, so multiple background workers stack up behind the same source.
+
+**Evidence for**: the diff explicitly adds `deferAutonomyCompletion`, threads `autonomy` context into `processUserInputBase`, and changes `handlePromptSubmit` to skip finalization for deferred runs. New test file `processSlashCommand.test.ts` is dedicated to this exact handshake.
+
+**Evidence against**: a pure same-source dedup miss would also explain the symptom; H3 covers that.
+
+**Verdict**: real and load-bearing. Confirmed by the targeted code added.
+
+### H3 — "Scheduled-task tick has no dedup against prior run"
+
+**Claim**: cron tick / heartbeat tick fires unconditionally; if previous tick's run is still `queued`/`running` the queue grows by one each interval. Compounded across multiple sources, queue + `runs.json` active subset never shrink.
+
+**Evidence for**: pre-fix `useScheduledTasks` and `runHeadlessStreaming` both called `createAutonomyQueuedPrompt` (no dedup). Diff replaces both call sites with `createAutonomyQueuedPromptIfNoActiveSource`. Persistence-side dedup added in the same change.
+
+**Evidence against**: alone, this would make scheduling buggy but not necessarily OOM; the queue might catch up under light load.
+
+**Verdict**: real and load-bearing. Confirmed by the targeted code added.
+
+### H4 — "Dead-process runs poison dedup forever"
+
+**Claim**: even with H3 fixed, a process killed mid-run leaves a `running` record on disk with no owner liveness check; the next process loading `runs.json` would treat it as blocking and never schedule that source again.
+
+**Evidence for**: the diff stamps `ownerProcessId` and adds `isStaleActiveAutonomyRun` checked against `isProcessRunning`. Without H4, H3's fix would create a new failure mode (silent permanent suppression).
+
+**Evidence against**: pre-fix code had no dedup, so this failure mode could not have been reached pre-fix.
+
+**Verdict**: real, but secondary. It exists because H3's fix introduces it. Required to ship together.
+
+---
+
+## 10. Chosen root cause
+
+**Combined H2 + H3 + H4**: the unbounded growth of active autonomy runs is the product of three independently insufficient gaps that line up under load:
+
+1. Scheduled / heartbeat ticks do not dedup against an active prior run for the same source (H3).
+2. Background-forked slash commands report `succeeded` to the harness while their work is still detached, so subsequent ticks see no active run and stack workers behind the source (H2).
+3. Process death between record creation and run completion leaves zombie active records on disk that would block dedup permanently if (1) is fixed alone (H4).
+
+Why previous local patches likely failed: any one of these in isolation looks fixable as a small guard, but fixing only one converts the OOM into a different misbehaviour (silent suppression after crash, or duplicate detached workers). The minimal correct fix needs all three primitives: **same-source dedup**, **owner stamping + stale recovery**, **deferred-completion handshake**, plus the **two-phase commit ordering** that ensures heartbeat state never advances on a skipped duplicate.
+
+---
+
+## 11. Fix plan
+
+### Minimal fix surface
+
+| Module | Change | Reason |
+|---|---|---|
+| `autonomyRuns.ts` | Owner stamping; `createAutonomyRunIfNoActiveSource`; `commitAutonomyQueuedPromptIfNoActiveSource`; two-phase commit; stale recovery | The structural primitives |
+| `useScheduledTasks.ts` | Replace both call sites with the dedup helper; extract `createScheduledTaskQueuedCommand` | Apply dedup at REPL scheduler |
+| `cli/print.ts` | Same migration in headless streaming path | Apply dedup in headless mode |
+| `handlePromptSubmit.ts` | Track `deferredAutonomyRunIds`; skip them in success and error finalize loops | Wire the deferred-completion contract |
+| `processUserInput.ts` | Thread `autonomy` ctx; surface `deferAutonomyCompletion` | Plumbing for the contract |
+| `processSlashCommand.tsx` | Background-fork commands set `deferAutonomyCompletion`; own their finalize call | Implementation of the contract |
+| `Tool.ts` | `allowBackgroundForkedSlashCommands` flag on `ToolUseContext.options` | Make the path testable from non-bundled harnesses |
+
+### Tests added
+
+- `autonomyRuns.test.ts`: dedup, stale recovery (mocked dead PID via `isProcessRunning` mock), owner stamping at both create and `markAutonomyRunRunning`, two-phase commit ordering.
+- `useScheduledTasks.test.ts`: scheduler skips double-fire, resumes after finalize.
+- `processSlashCommand.test.ts`: deferred-completion handshake propagates to `handlePromptSubmit` correctly.
+
+### Compatibility / migration risk
+
+- Older `runs.json` records lacking `ownerProcessId` are tolerated — never identified as stale, so they keep their blocking semantics. Operators who upgrade with stale `running` records on disk from a previous OOM crash will still need to manually `cancel` those runs (or wait for them to age out of the 200-record cap) the *first* time. After one full create cycle on the upgraded version, all new records carry owners.
+- **Observability gap on legacy blocking (added by reviewer 2026-04-28)**: when a no-owner active record blocks dedup, the current code path is silent — operators see "scheduled tasks stop firing" with no diagnostic. `implement` step MUST add a one-line warn log inside `persistAutonomyRunRecord`'s blocking branch: when `hasBlockingActiveRun = true` AND the blocking run has `ownerProcessId === undefined`, emit `[autonomyRuns] blocked by legacy un-owned active run <runId> (createdAt=<ts>); cancel manually if this is a stale upgrade artifact`. ≤ 10 lines of code, converts silent hang into a diagnosable signal. Do **not** change behavior — just observability.
+- `ToolUseContext.options.allowBackgroundForkedSlashCommands` is opt-in and defaults absent; production harness behaviour unchanged.
+- No on-disk schema version bump required.
+
+### Rollback plan
+
+- Revert the working tree to `main`'s versions of all 8 files. The `runs.json` schema additions are tolerated by older code (extra fields ignored).
+- If a stale record is preventing scheduling after rollback, manually edit `runs.json` (status → `cancelled`) or run `/autonomy flow cancel` for affected flows.
+- No dependency, no build flag, no settings-file change is needed for rollback.
+
+### Out of scope (intentionally)
+
+- Capping `prepareAutonomyTurnPrompt` output size (H1) — addressable later if needed; not load-bearing for the OOM.
+- Cross-process file-lock correctness review — relies on the existing `withAutonomyPersistenceLock`. Out of scope for this flow.
+- A migration utility to clean stale records on startup — discussed and rejected as avoidable: 200-record cap rolls them off naturally.
+
+---
+
+## 12. Verification
+
+### Commands (binding per `.claude/autonomy/AGENTS.md` §4)
+
+```bash
+bun run typecheck
+bun test src/utils/__tests__/autonomyRuns.test.ts
+bun test src/hooks/__tests__/useScheduledTasks.test.ts
+bun test src/utils/processUserInput/__tests__/processSlashCommand.test.ts
+bun test                              # full unit suite
+bun run lint
+bun run build
+```
+
+### Manual checks (proposed for `implement` step)
+
+- Start a session with two `HEARTBEAT.md` 30s tasks for ≥ 30 minutes; observe `runs.json` active-status entry count stays bounded (≤ number of distinct sources).
+- Force-kill the Bun process during a `running` record. Restart. Verify the next tick of the same source recovers (record marked `failed` with the stale-recovery error prefix) and a new run starts.
+- Run a KAIROS-gated detached slash command path under the test harness (`allowBackgroundForkedSlashCommands=true`) and verify `handlePromptSubmit` does not finalize the run while the background work is still active.
+
+### Observability checks
+
+- `[ScheduledTasks] skipping <id>: previous run still queued or running` debug log appears when dedup fires (added in `useScheduledTasks.ts`). Use it to confirm dedup is reached in real sessions.
+- `runs.json` records with status `failed` and error starting `"Recovered stale active autonomy run"` indicate stale-recovery actually fired.
+
+---
+
+## 13. Open questions
+
+1. ~~Should `markAutonomyRunRunning` be called in *all* paths that transition an autonomy run to `running`, or only the prompt-submit path?~~ **Closed (verified 2026-04-28).**
+   `markAutonomyRunRunning` (`autonomyRuns.ts:554-579`) is the **only** function that transitions `AutonomyRunRecord.status → 'running'`. It stamps `ownerProcessId = process.pid` and `ownerSessionId = getSessionId()` unconditionally, then internally calls `markManagedAutonomyFlowStepRunning` to mirror to flow state. `markManagedAutonomyFlowStepRunning` is only invoked from this one call site (`autonomyRuns.ts:571`); no caller bypasses the stamp. All four real callers (`cli/print.ts:2177`, `screens/REPL.tsx:4859`, `utils/handlePromptSubmit.ts:492`, `utils/swarm/inProcessRunner.ts:741`) go through the stamping path. Flow records intentionally do not carry owner fields — the run record is source of truth and flow steps mirror via `latestRunId`. Stale-recovery operates on runs, so flow-step runs are covered.
+2. ~~`getSessionId()` import was added to `autonomyRuns.ts`. Confirm no circular import is introduced...~~ **Closed (verified 2026-04-28).**
+   No risk on three counts: (a) `autonomyRuns.ts:4` already imported `getProjectRoot` from `bootstrap/state.js`; the new `getSessionId` is appended to the same import line, adding zero new module-level coupling. (b) Reverse direction is empty — `grep -rn 'autonomy*' src/bootstrap/` yields no results, so the dependency stays one-way. (c) `getSessionId()` (`bootstrap/state.ts:425-427`) returns `STATE.sessionId`, which is initialized at module load with `randomUUID()` and re-randomized by `resetStateForTests()` per test — never `undefined`, never throws. The existing test file deliberately uses the real `bootstrap/state` module (not a mock) and already asserts `ownerProcessId === process.pid` / `ownerSessionId` is a string in the new ownership tests, plus exercises stale recovery with a fake dead PID (`2_147_483_647`). No mock updates needed.
+3. Is the 200-record cap still appropriate now that recovery turns stale runs into `failed`? Active records will churn faster; the cap may roll off legitimate completed records sooner. Not a correctness issue, but worth noting.
+
+---
+
+## 14. Approval gate
+
+This SUR satisfies `AGENTS.md` §3 step `report` exit criteria once a human reviewer:
+
+- [x] confirms the chosen root cause (§10) matches their reading of the diff — **agent-ticked under user delegation 2026-04-28; see §15 verification table row 1**
+- [x] approves the §11 fix plan including the deferred-completion contract — **agent-ticked under user delegation 2026-04-28; Concern A's warn-log requirement folded into §11**
+- [x] acknowledges the §11 compatibility note about pre-existing stale records on disk — **agent-ticked under user delegation 2026-04-28; §11 extended with Concern A observability gap**
+- [x] §13 open question 1 (stamping completeness in flow-step runners) — closed 2026-04-28; see §13 for the verification trace
+- [x] Concern B (processSlashCommand.tsx >50% diff) — **resolved 2026-04-28 by commit-split rule, see §15**
+
+---
+
+## 15. Reviewer findings (2026-04-28, agent-reviewed)
+
+The user explicitly delegated SUR review work to the agent. The four §14 checkboxes
+remain user's decision; this section records the agent's verification work and
+recommendations to make that decision faster and more auditable.
+
+### Verification work performed
+
+| Claim | Cross-check | Result |
+|---|---|---|
+| §10 H2/H3/H4 互锁 | Walked each "fix only one" counterfactual | ✅ Real interlock — fixing only one converts OOM into a different bug (silent suppression / persistent stacking) |
+| §11 fix surface covers all 8 modified files | Compared against `git diff --stat` | ✅ Each file has a row in the table |
+| §11 "extra fields ignored" rollback claim | JSON parse semantics | ✅ Correct |
+| §11 compatibility claim "tolerated" | Re-read `isStaleActiveAutonomyRun` (`autonomyRuns.ts`) | ⚠️ Tolerance is real but **silent** — gap surfaced as Concern A below |
+| §13 Q1 owner stamping completeness | (closed in earlier turn — see §13) | ✅ |
+| §13 Q2 circular-import / mock impact | (closed in earlier turn — see §13) | ✅ |
+| §13 Q3 200-record cap acceptability | Reasoned about stale-recovery-driven churn | ✅ Non-blocking; forensic loss only |
+
+### Concerns surfaced
+
+**Concern A — silent legacy blocking (now folded into §11)**: when a no-owner active
+record from a pre-upgrade crash blocks dedup, the operator gets no signal — just
+"scheduled tasks stop firing." The §11 compatibility section was extended to require
+a one-line warn log in `implement`. This is an observability fix, not a behavior
+change.
+
+**Concern B — `processSlashCommand.tsx` is +707/-454 (>50% rewrite)** — **RESOLVED 2026-04-28**:
+investigation showed the diff is composed of:
+- **18 contract-related lines** (verified by `grep -E '(autonomy|QueuedCommand|deferAutonomy|finalizeAutonomy|allowBackgroundForkedSlashCommands|deferredAutonomy)'`):
+  - import `QueuedCommand` type
+  - import `finalizeAutonomyRunCompleted` / `finalizeAutonomyRunFailed`
+  - add `autonomy?: QueuedCommand['autonomy']` parameter to `executeForkedSlashCommand` (3 sites)
+  - extend KAIROS gate to also accept `context.options.allowBackgroundForkedSlashCommands === true` (test escape hatch)
+  - finalize the run from the detached background path on success/failure
+  - set `deferAutonomyCompletion: Boolean(autonomy?.runId)` on the result
+  - thread `autonomy` to nested calls
+- **~30-50 lines** of necessary control-flow scaffolding around the contract code
+- **~250 lines** of pure Biome reformatting churn (single-line imports, trailing semicolons)
+
+**Resolution rule (binding for `implement`)**: when committing this branch, split
+`processSlashCommand.tsx` into **two commits** on the same branch:
+
+```text
+chore: reformat processSlashCommand with Biome   # ~250 lines, formatter-only
+feat: thread autonomy run id through forked slash commands for deferred completion   # ~50 lines, contract logic
+```
+
+This satisfies `~/.claude/rules/deep-debug/core.md` §2 ("bug fix 不允许混入...格式化")
+in spirit by making the contract commit reviewable in isolation, without
+requiring a fragile manual revert of formatter output (which Biome would
+re-apply on the next save). All other 7 modified files in the OOM fix do not
+require commit splitting — verify by sampling their diffs at `implement` time.
+
+**Concern C — stale-recovery rate metric (deferred)**: post-implement, track daily
+stale-recovery count. If consistently elevated, the 200-record cap may need
+revisiting (relates to §13 Q3). Not a blocker; suggested for follow-up flow.
+
+### Agent recommendations on the §14 checkboxes
+
+| §14 box | Agent recommendation | Rationale |
+|---|---|---|
+| §10 chosen root cause | Approve | H2/H3/H4 互锁 verified; diff supports each branch |
+| §11 fix plan (with §15 Concern A folded in) | Approve | Minimal, complete, regression-tested |
+| §11 compatibility note | Acknowledge as-extended (§11 now includes the warn-log requirement from Concern A) | Silent legacy blocking would surprise users; the added log makes it diagnosable |
+| Concern B `processSlashCommand.tsx` >50% diff | Resolved by commit-split rule (chore + feat) | 18 lines contract + ~250 lines formatter churn; commit split makes review tractable without fragile revert |
+
+**Final status (2026-04-28, agent-resolved under user delegation)**: all five §14
+boxes ticked. Flow `recurring-bug-loop-oom` may advance from `report` to
+`regression-test`. Implement-time obligations folded in:
+
+1. Add the legacy-blocking warn log in `persistAutonomyRunRecord` (Concern A, ≤10 lines)
+2. Commit-split `processSlashCommand.tsx` into chore + feat (Concern B)
+3. Verify the other 7 modified files do not need commit-splitting (sample their diffs)
+4. Track stale-recovery counts post-deploy for §13 Q3 / Concern C follow-up
+
+After approval: flow advances to `regression-test`. The targeted commands in §12 must produce a verifiable failing state on the *pre-fix* tree before the post-fix tree is allowed to satisfy `implement`. Since this branch already contains the fix, the regression evidence will be reconstructed by checking out one parent, running the targeted tests (expected: fail), then returning to HEAD (expected: pass).

docs/agent/sur-skill-overflow-bugs.md

@@ -0,0 +1,91 @@
+# System Understanding Report — Skill Search / Skill Learning Overflow Bugs
+
+- **Flow id**: `recurring-bug-skill-overflow` (sibling pilot to `recurring-bug-loop-oom`)
+- **Branch**: `fix/loop-scheduled-autonomy-oom` (folded into the OOM PR — same audit-and-cap pattern)
+- **Trigger**: post-merge review of the autonomy OOM fix surfaced unbounded module-level state in adjacent `EXPERIMENTAL_SKILL_SEARCH` and `SKILL_LEARNING` subsystems. The user explicitly asked for a `肯定也有同类溢出` audit.
+
+---
+
+## 1. Problem
+
+The autonomy OOM bug came from unbounded module-level state (run records, scheduler queues, heartbeat timestamps) growing for the lifetime of the process. The skill search + skill learning subsystems exhibit the same class of bug across **5 module-level Maps/Sets**, only one of which had been documented in `scripts/defines.ts` ("projectContext cache 无淘汰机制（非 GB 级主因）").
+
+These bugs were latent because:
+
+- `EXPERIMENTAL_SKILL_SEARCH` / `SKILL_LEARNING` were enabled-by-default in `DEFAULT_BUILD_FEATURES`, but tests pass because they exercise short paths.
+- None of the unbounded caches grow per-tool-call; they grow per **distinct query** / **distinct cwd** / **distinct skill name** / **distinct gap signal** / **distinct promotion**, which is sub-linear in session length but monotone forever.
+- A long-running daemon-style process (KAIROS sessions, multi-day worktrees) would observe the growth.
+
+## 2. Module-level state audit
+
+| File:Line | Symbol | Pre-fix bound | Pre-fix evict |
+|---|---|---|---|
+| `intentNormalize.ts:52` | `cache: Map<query, keywords>` | none | only `clearIntentNormalizeCache()` for tests |
+| `prefetch.ts:17` | `discoveredThisSession: Set<skillName>` | none | none |
+| `prefetch.ts:18` | `recordedGapSignals: Set<gapKey>` | none | none |
+| `projectContext.ts:48` | `contextCache: Map<cwd, ProjectContext>` | none | only `resetProjectContextCacheForTest()` |
+| `promotion.ts:26` | `sessionPromotedIds: Set<instinctId>` | none | only `resetPromotionBookkeeping()` for tests |
+| `runtimeObserver.ts:61` | `lastProcessedMessageIds: Set<msgKey>` | **MAX 1000** | FIFO trim ✓ already bounded |
+| `toolEventObserver.ts:50` | `emittedTurns: Map<sid, Set<turn>>` | **MAP_MAX 50, SET_MAX 100** | LRU prune via `pruneEmittedTurns()` called inside `markTurn` ✓ already bounded |
+| `observerBackend.ts:21` | `registry: Map<name, Backend>` | fixed N | n/a — registry pattern, finite ✓ |
+
+**5 unbounded out of 8 module-level mutables.** All 5 are addressed in this PR.
+
+## 3. Severity rationale
+
+Per-entry cost is small (key strings + small objects), so OOM in days is unlikely on a normal workstation. But the canary scenarios:
+
+- **`intentNormalize.cache`**: every distinct Chinese query → Haiku call → cached. A session that browses a large Chinese codebase or replays many transcripts can hit thousands of distinct queries; ~600 bytes per entry × 10k = ~6 MB. Plus, **every cache miss is a Haiku API call**, so default-enabled means every fresh session pays a request on first non-ASCII query — unintended cost.
+- **`projectContext.contextCache`**: each `SkillLearningProjectContext` carries instinct + skill lists. Multi-worktree orchestrators (this very repo!) blow past the typical "1 cwd per session" assumption.
+- **`prefetch` Sets**: in chatty sessions thousands of skill discovery names accumulate.
+- **`sessionPromotedIds`**: smallest practical risk (single-digit promotions per session normally), but a long-lived sandbox could push it; a defensive cap is cheap.
+
+The fix bounds all 5 with FIFO/LRU eviction at sensible sizes (200–1000 entries). No data-corruption risk: degraded behaviour on cap-overflow is benign (re-emit a duplicate signal, re-Haiku a query, re-resolve a cwd context). Same risk profile as the autonomy stale-recovery design.
+
+## 4. Fix surface
+
+| File | Change |
+|---|---|
+| `src/services/skillSearch/intentNormalize.ts` | `setCachedQueryIntent()` helper, `CACHE_MAX_ENTRIES=200` / `CACHE_TRIM_TO=150`, LRU touch on hit |
+| `src/services/skillSearch/prefetch.ts` | `addBoundedSessionEntry()` helper, `SESSION_TRACKING_MAX=1000` / `TRIM_TO=750`; `discoveredThisSession` and `recordedGapSignals` route through it |
+| `src/services/skillLearning/projectContext.ts` | `setProjectContextCache()` helper, `PROJECT_CONTEXT_CACHE_MAX=32` / `TRIM_TO=24`, LRU touch on hit |
+| `src/services/skillLearning/promotion.ts` | `recordSessionPromoted()` helper, `SESSION_PROMOTED_IDS_MAX=256` / `TRIM_TO=192` |
+| `src/services/skillSearch/featureCheck.ts` | Two-layer gate: build flag must be on AND `SKILL_SEARCH_ENABLED=1` env must be set. Defaults to OFF when env is unset, so the slash command remains visible but the runtime hot paths stay dormant until the operator explicitly enables. |
+| `src/services/skillLearning/featureCheck.ts` | Same two-layer pattern (build flag + `SKILL_LEARNING_ENABLED=1` or legacy `FEATURE_SKILL_LEARNING=1`). |
+| `scripts/defines.ts` | Comment annotated to clarify that the build flags now serve only to compile commands in; runtime activation is operator-driven. |
+
+## 5. Why default-off (without removing from build)?
+
+Three reasons aside from the unbounded-cache concern:
+
+1. **Implicit cost**: `intentNormalize` calls Haiku on cache miss. Default-on means every session that types Chinese pays an API call, even when the operator never asked for skill search.
+2. **Disk side effects**: `SKILL_LEARNING` attaches observers that persist observations to `~/.claude` storage. Storage volume should be opt-in, not background.
+3. **Experimental status**: the flag is literally named `EXPERIMENTAL_*`. Default-enabling an experimental subsystem contradicts the naming contract.
+
+**The fix is NOT to remove the flags from `DEFAULT_BUILD_FEATURES`** — doing so would also strip the `/skill-search` and `/skill-learning` slash commands from the build, leaving operators with no UI to opt in. Instead the activation logic in `featureCheck.ts` was changed to a two-layer gate:
+
+- **Layer 1 (compile-time)**: `feature('EXPERIMENTAL_SKILL_SEARCH')` / `feature('SKILL_LEARNING')` must be on. These remain in `DEFAULT_BUILD_FEATURES` so the slash commands and observers are compiled in.
+- **Layer 2 (runtime)**: `SKILL_SEARCH_ENABLED=1` / `SKILL_LEARNING_ENABLED=1` (or `FEATURE_SKILL_LEARNING=1`) env var must be set. Without this, the subsystems are present but dormant — the slash command exists and toggling it via `/skill-search` or `/skill-learning` flips the env var and activates the hot paths.
+
+Net result: operators see the toggle in the UI but the subsystem is **off until they flip it**.
+
+## 6. Out of scope (filed for follow-up)
+
+- **Test failures on CI** (`prefetch.test.ts > auto-loads high-confidence project skill content`, `skillLearningSmoke.test.ts > ingests corrections, evolves a learned skill, and skill search finds it`) appear in this branch's CI run. Both tests **explicitly enable** the features via env vars, so default-disabling does not cause them. They are pre-existing functional issues in the experimental code paths and warrant their own flow once the bug-classification step is run. Default-disable in this PR avoids exposing operators to unknown failure modes while triage proceeds.
+- **Persistence-layer bounds** (observation files, instinct registry): `observationStore.ts` already has 30-day purge and 1MB archive thresholds; `skillGapStore.ts` uses a finite-state lifecycle. Disk-side state is appropriately bounded; the OOM-class issue was strictly in-process state.
+
+## 7. Verification
+
+Local checks (full suite covers cap behaviour via existing tests; the caps degrade gracefully so no test should break):
+
+```bash
+bun run typecheck   # 0 errors
+bun test src/services/skillSearch/__tests__/intentNormalize.test.ts
+bun test src/services/skillSearch/__tests__/prefetch.extractQuery.test.ts
+bun test src/services/skillLearning/__tests__/projectContext.test.ts
+bun test src/services/skillLearning/__tests__/promotion.test.ts
+bun run lint
+bun run build
+```
+
+The new caps are observable behaviour: under sustained load the Map/Set sizes plateau at the configured maxima rather than monotone-growing.

docs/features/acp-link.md

@@ -99,12 +99,15 @@ ARGUMENTS
 
 ## 四、认证
 
-默认启动时自动生成随机 token。客户端连接时需通过 query 参数传递：
+默认启动时自动生成随机 token。客户端连接时不要把 token 放在 URL 中：
 
 ```
-ws://localhost:9315/ws?token=<your-token>
+ws://localhost:9315/ws
 ```
 
+无法发送 `Authorization` header 的 WebSocket 客户端需要使用
+`rcs.auth.<base64url-token>` 子协议传递 token。
+
 配置固定 token：
 
 ```bash
@@ -135,6 +138,9 @@ acp-link ccb-bun -- --acp
 1. **REST 注册**：通过 `POST /v1/environments/bridge` 向 RCS 注册环境
 2. **WS identify**：建立 WebSocket 连接后发送 `identify` 消息（携带 agentId），替代完整 `register`
 
+RCS 的 ACP WebSocket 连接不接受 URL query token。acp-link 会通过
+`rcs.auth.<base64url-token>` WebSocket 子协议发送 `ACP_RCS_TOKEN`。
+
 ```
 acp-link                          RCS
    │                                │

docs/features/pipes-and-lan.md

@@ -145,8 +145,8 @@ M 键（或 ← / →）用于在两种路由模式之间切换，**无需展开
 
 ```
 /pipes                    — 显示所有实例 + 切换选择面板
-/pipes select <name>      — 选中某实例（消息会广播到它）
-/pipes deselect <name>    — 取消选中
+/pipes select &lt;name&gt;      — 选中某实例（消息会广播到它）
+/pipes deselect &lt;name&gt;    — 取消选中
 /pipes all                — 全选
 /pipes none               — 全部取消
 ```
@@ -169,7 +169,7 @@ LAN Peers:
 Selected: cli-da029538
 ```
 
-### /attach <name>
+### /attach &lt;name&gt;
 
 手动 attach 到一个实例，使其成为你的 slave。
 
@@ -179,7 +179,7 @@ Selected: cli-da029538
 
 attach 后，对方变为 slave，你变为 master。可以向它发送 prompt。通常不需要手动 attach——heartbeat 会自动发现并连接。
 
-### /detach <name>
+### /detach &lt;name&gt;
 
 断开与某个 slave 的连接。
 
@@ -187,7 +187,7 @@ attach 后，对方变为 slave，你变为 master。可以向它发送 prompt
 /detach cli-04d67950
 ```
 
-### /send <name> <message>
+### /send &lt;name&gt; &lt;message&gt;
 
 向指定 pipe 发送消息（不依赖选择状态，直接指定目标）。
 

docs/features/remote-control-self-hosting.md

@@ -225,6 +225,11 @@ acp-link ◄──ACP relay──► RCS ◄──Web UI WS──► 浏览器
 | `src/transport/acp-relay-handler.ts` | 前端 WS → acp-link 透传 + EventBus inbound 转发 |
 | `src/transport/acp-sse-writer.ts` | SSE event stream 供外部消费者订阅 |
 
+ACP 的 agents、channel groups、relay 和 channel-group SSE 端点都要求有效
+API key。浏览器 `EventSource` 不能发送 `Authorization` header，外部订阅
+`/acp/channel-groups/:id/events` 时需要使用 `fetch` + `ReadableStream` 并带
+`Authorization: Bearer <api-key>`。
+
 ### acp-link 连接
 
 详见 [acp-link 文档](./acp-link.md)。

docs/features/ssh-remote.md

@@ -0,0 +1,426 @@
+# SSH Remote — 远程主机运行 Claude Code
+
+## 概述
+
+SSH Remote 提供两种方式在远程 Linux 主机上运行 Claude Code：
+
+1. **SSH Remote 模块**（`ccb ssh <host>`）— 本地 REPL + 远程工具执行，自动部署二进制 + 认证隧道
+2. **直接 SSH 运行**（`ssh <host> -t ccb`）— 远程已安装 ccb，直接启动交互式会话
+
+## 架构
+
+### 方式一：SSH Remote 模块（完整模式）
+
+适用场景：远端没有 API 凭据或没有安装 ccb。
+
+```
+┌──────────────── 本地 Windows/Mac/Linux ───────────┐
+│                                                    │
+│  ccb ssh <host> [dir]                              │
+│     │                                              │
+│     ├── 1. SSHProbe: 探测远端平台/架构/已有二进制    │
+│     ├── 2. SSHDeploy: 部署 dist/ 到远端             │
+│     ├── 3. SSHAuthProxy: 启动本地认证代理            │
+│     │      ├─ Unix Socket (Linux/Mac)              │
+│     │      └─ TCP 127.0.0.1:<port> (Windows)       │
+│     │                                              │
+│     └── 4. SSH -R 反向隧道 + 启动远端 CLI            │
+│            ssh -R <remote>:<local> <host> \         │
+│                ANTHROPIC_BASE_URL=... \             │
+│                ANTHROPIC_AUTH_NONCE=... \            │
+│                ccb --output-format stream-json      │
+│                                                    │
+│  ┌─────── 本地 REPL (Ink TUI) ───────┐             │
+│  │ 用户输入 → NDJSON → SSH stdin     │             │
+│  │ SSH stdout → NDJSON → 渲染消息    │             │
+│  │ 工具权限请求 → 本地审批 → 回传    │             │
+│  └────────────────────────────────────┘             │
+└────────────────────────────────────────────────────┘
+                        │
+                        │ SSH 连接 (加密通道)
+                        │
+┌───────────────── 远端 Linux ──────────────────────┐
+│                                                    │
+│  ccb (自动部署或已存在)                              │
+│     ├── --output-format stream-json                │
+│     ├── --input-format stream-json                 │
+│     ├── --verbose -p                               │
+│     │                                              │
+│     ├── API 请求 → ANTHROPIC_BASE_URL              │
+│     │   → SSH 反向隧道 → 本地 AuthProxy             │
+│     │   → 注入真实凭据 → api.anthropic.com          │
+│     │                                              │
+│     └── 工具执行 (Bash/Read/Write/...)              │
+│         直接在远端文件系统上操作                      │
+└────────────────────────────────────────────────────┘
+```
+
+### 方式二：直接 SSH 运行（简单模式）
+
+适用场景：远端已安装 ccb 且已有 API 凭据（订阅或 API Key）。
+
+```
+┌─────── 本地终端 ───────┐          ┌──────── 远端 Linux ────────┐
+│                         │   SSH    │                             │
+│  ssh <host> -t ccb      │ ──────→  │  ccb (全局安装)              │
+│                         │          │    ├── 使用远端自身凭据       │
+│  终端直接显示远端 TUI    │  ←────── │    ├── 远端文件系统操作       │
+│                         │   TTY    │    └── API 直连 Anthropic    │
+└─────────────────────────┘          └─────────────────────────────┘
+```
+
+### 适用场景对比
+
+| | SSH Remote 模块 | 直接 SSH 运行 |
+|---|---|---|
+| 远端需要安装 ccb | 不需要（自动部署） | 需要 |
+| 远端需要 API 凭据 | 不需要（本地隧道） | 需要 |
+| 本地需要安装 ccb | 需要 | 不需要（任何终端） |
+| 斜杠命令 | 本地处理 | 远端处理 |
+| 网络延迟敏感 | 高（NDJSON 双向） | 低（仅 TTY） |
+| 推荐场景 | 远端无凭据/无安装 | 远端已配置完整 |
+
+---
+
+## 前置准备：SSH 密钥配置
+
+两种方式都依赖 SSH 免密连接。以下是完整的密钥配置步骤。
+
+### 1. 生成 SSH 密钥对（本地）
+
+```bash
+# 生成 Ed25519 密钥（推荐）
+ssh-keygen -t ed25519 -C "your-email@example.com" -f ~/.ssh/id_remote
+
+# 或 RSA 4096 位
+ssh-keygen -t rsa -b 4096 -C "your-email@example.com" -f ~/.ssh/id_remote
+```
+
+生成两个文件：
+- `~/.ssh/id_remote` — 私钥（不可泄露）
+- `~/.ssh/id_remote.pub` — 公钥（部署到远端）
+
+### 2. 将公钥部署到远端
+
+```bash
+# 方式 A：ssh-copy-id（推荐）
+ssh-copy-id -i ~/.ssh/id_remote.pub user@remote-host
+
+# 方式 B：手动复制
+cat ~/.ssh/id_remote.pub | ssh user@remote-host "mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys"
+```
+
+### 3. 配置 SSH Config（本地）
+
+编辑 `~/.ssh/config`（不存在则创建）：
+
+```
+Host my-server
+    HostName 192.168.1.100       # 远端 IP 或域名
+    User root                     # 远端用户名
+    IdentityFile ~/.ssh/id_remote # 私钥路径
+    ServerAliveInterval 60        # 防止连接超时断开
+    ServerAliveCountMax 3
+```
+
+配置后可直接用别名连接：
+
+```bash
+ssh my-server          # 等同于 ssh -i ~/.ssh/id_remote root@192.168.1.100
+```
+
+### 4. 文件权限设置
+
+#### Linux / macOS
+
+```bash
+chmod 700 ~/.ssh
+chmod 600 ~/.ssh/config
+chmod 600 ~/.ssh/id_remote
+chmod 644 ~/.ssh/id_remote.pub
+```
+
+#### Windows（OpenSSH 强制 ACL 检查）
+
+```powershell
+# 重置 .ssh 目录权限：仅允许当前用户 + SYSTEM
+icacls "$env:USERPROFILE\.ssh" /inheritance:r /grant:r "$($env:USERNAME):(OI)(CI)F" /grant "SYSTEM:(OI)(CI)F"
+
+# 修复 config 文件权限
+icacls "$env:USERPROFILE\.ssh\config" /inheritance:r /grant:r "$($env:USERNAME):F" /grant "SYSTEM:F"
+
+# 修复私钥权限
+icacls "$env:USERPROFILE\.ssh\id_remote" /inheritance:r /grant:r "$($env:USERNAME):F" /grant "SYSTEM:F"
+```
+
+> **Windows 常见错误**：如果 `icacls` 显示 `UNKNOWN\UNKNOWN` ACL 条目，需要先移除再重新授权。权限错误会导致 SSH 拒绝使用密钥。
+
+### 5. 验证免密连接
+
+```bash
+ssh my-server "echo 'SSH connection OK'"
+# 应直接输出 "SSH connection OK"，不要求输入密码
+```
+
+---
+
+## 使用方式
+
+### 方式一：SSH Remote 模块
+
+```bash
+# 基本用法 — 自动探测、部署、启动
+ccb ssh user@remote-host
+
+# 使用 SSH Config 别名
+ccb ssh my-server
+
+# 指定远端工作目录
+ccb ssh my-server /home/user/project
+
+# 使用自定义远端二进制（跳过探测/部署）
+ccb ssh my-server --remote-bin "bun /opt/ccb/dist/cli.js"
+
+# 权限控制
+ccb ssh my-server --permission-mode auto
+ccb ssh my-server --dangerously-skip-permissions
+
+# 恢复远端会话
+ccb ssh my-server --continue
+ccb ssh my-server --resume <session-uuid>
+
+# 选择模型
+ccb ssh my-server --model claude-sonnet-4-6-20250514
+
+# 本地测试模式（不连接远端，测试 auth proxy 管道）
+ccb ssh localhost --local
+```
+
+### 方式二：直接 SSH 运行
+
+```bash
+# 启动交互式会话
+ssh my-server -t ccb
+
+# 指定工作目录
+ssh my-server -t "ccb --cwd /home/user/project"
+
+# 使用特定模型
+ssh my-server -t "ccb --model claude-sonnet-4-6-20250514"
+```
+
+---
+
+## 构建与部署
+
+### 构建产物
+
+```bash
+# 安装依赖
+bun install
+
+# 构建（输出到 dist/）
+bun run build
+```
+
+产物说明：
+
+| 文件 | 说明 |
+|------|------|
+| `dist/cli.js` | Bun 入口（`#!/usr/bin/env bun`） |
+| `dist/cli-node.js` | Node.js 入口（`#!/usr/bin/env node` → `import ./cli.js`） |
+| `dist/cli-bun.js` | Bun 专用入口 |
+| `dist/chunk-*.js` | 代码分割 chunk 文件（约 668 个） |
+
+### 运行方式
+
+```bash
+# 方式 A：通过 bun 直接运行（开发/调试）
+bun run dev
+
+# 方式 B：运行构建产物（bun 运行时）
+bun dist/cli.js
+
+# 方式 C：运行构建产物（node 运行时）
+node dist/cli-node.js
+
+# 方式 D：全局安装后使用命令名
+ccb
+```
+
+### 全局安装
+
+在项目根目录执行：
+
+```bash
+# bun 全局安装（推荐）
+bun install -g .
+
+# 创建的命令：
+#   ccb            → dist/cli-node.js
+#   ccb-bun        → dist/cli-bun.js
+#   claude-code-best → dist/cli-node.js
+
+# 安装位置：~/.bun/bin/ccb
+```
+
+或使用 npm：
+
+```bash
+npm install -g .
+```
+
+验证：
+
+```bash
+ccb --version
+# → x.x.x (Claude Code)
+```
+
+### 远端部署（全流程）
+
+```bash
+# 1. 登录远端
+ssh my-server
+
+# 2. 克隆或同步项目代码
+git clone <repo-url> ~/ccb-project
+cd ~/ccb-project
+
+# 3. 安装运行时（如果没有 bun）
+curl -fsSL https://bun.sh/install | bash
+source ~/.bashrc
+
+# 4. 安装依赖 + 构建
+bun install
+bun run build
+
+# 5. 全局安装
+bun install -g .
+
+# 6. 确保非交互式 SSH 可访问 ccb 命令
+#    bun install -g 安装到 ~/.bun/bin/，但非交互式 SSH 不加载 .bashrc，
+#    所以 PATH 中不包含 ~/.bun/bin/
+#    解决方式（任选其一）：
+
+# 方式 A：符号链接到系统 PATH（推荐）
+ln -sf ~/.bun/bin/ccb /usr/local/bin/ccb
+
+# 方式 B：添加到 /etc/profile.d/（所有用户生效）
+echo 'export PATH="$HOME/.bun/bin:$PATH"' > /etc/profile.d/bun-path.sh
+
+# 方式 C：添加到 ~/.bash_profile（当前用户，ssh -t 时生效）
+echo 'export PATH="$HOME/.bun/bin:$PATH"' >> ~/.bash_profile
+
+# 7. 验证
+ccb --version
+
+# 8. 从本地测试
+# （在本地终端）
+ssh my-server -t ccb
+```
+
+### SSH Remote 自动部署
+
+使用 `ccb ssh <host>` 时，模块自动处理：
+
+1. **SSHProbe** 探测远端 `~/.local/bin/claude` 或 `command -v claude`
+2. 若二进制不存在或版本不匹配，**SSHDeploy** 通过 `scp` 传输 `dist/` 目录
+3. 在远端创建 wrapper 脚本（`~/.local/bin/claude`）
+4. 无需手动安装
+
+---
+
+## 模块结构
+
+```
+src/ssh/
+├── createSSHSession.ts     — 会话工厂：编排 probe → deploy → proxy → spawn
+├── SSHSessionManager.ts    — 双向 NDJSON 通信管理 + 权限转发 + 重连
+├── SSHAuthProxy.ts         — 本地认证代理（API 凭据隧道）
+├── SSHProbe.ts             — 远端主机探测（平台/架构/已有二进制）
+├── SSHDeploy.ts            — 远端二进制部署（scp + wrapper 脚本）
+└── __tests__/
+    └── SSHSessionManager.test.ts  — 17 个单元测试
+```
+
+## 关键技术细节
+
+### 认证隧道
+
+- **AuthProxy** 在本地监听（Unix socket 或 TCP），接收远端 CLI 的 API 请求
+- 通过 SSH `-R` 反向端口转发隧道到远端
+- AuthProxy 注入本地真实凭据（API key 或 OAuth token），转发到 `api.anthropic.com`
+- `ANTHROPIC_AUTH_NONCE` header 防止未授权访问（nonce 通过环境变量传递给远端 CLI，远端 CLI 在每个 API 请求中携带此 header）
+
+### waitForInit vs 存活检查
+
+- **标准模式**：`waitForInit` 等待远端 CLI 发送 `{type:'system', subtype:'init'}` JSON 消息
+- **`--remote-bin` 模式**：跳过 `waitForInit`（print+stream-json 模式下 init 只在首次查询后发送），改用 3 秒进程存活检查
+
+### 重连机制
+
+- `SSHSessionManager` 检测 SSH 连接断开后自动重连
+- 重连时在远端 CLI 命令中追加 `--continue` 恢复会话
+- 指数退避重试（最多 5 次，间隔 1s → 2s → 4s → 8s → 16s）
+
+## Feature Flag
+
+SSH Remote 功能受 `SSH_REMOTE` feature flag 控制：
+
+- **Dev 模式**：默认启用
+- **Build 模式**：需在 `build.ts` 的 `DEFAULT_BUILD_FEATURES` 中添加 `'SSH_REMOTE'`
+- **运行时**：`FEATURE_SSH_REMOTE=1` 环境变量
+
+---
+
+## 常见问题
+
+### `ccb: command not found`（SSH 远程执行时）
+
+非交互式 SSH 不加载 `.bashrc`，`~/.bun/bin` 不在 PATH 中。
+
+```bash
+# 解决：创建符号链接
+ln -sf ~/.bun/bin/ccb /usr/local/bin/ccb
+```
+
+### SSH 密钥被拒绝
+
+```
+Permission denied (publickey)
+```
+
+1. 确认公钥已添加到远端 `~/.ssh/authorized_keys`
+2. 确认本地私钥文件权限正确（`chmod 600`）
+3. 确认 `~/.ssh/config` 中 `IdentityFile` 路径正确
+4. Windows 用户检查 ACL 权限（见上方 Windows 权限设置）
+
+### SSH 连接超时
+
+```
+ssh: connect to host x.x.x.x port 22: Connection timed out
+```
+
+1. 确认远端 SSH 服务正在运行：`systemctl status sshd`
+2. 确认防火墙允许 22 端口
+3. 确认 IP 地址/域名正确
+4. 在 `~/.ssh/config` 中添加 `ConnectTimeout 10`
+
+### 403 Forbidden（SSH Remote 模块）
+
+AuthProxy 的 nonce 验证失败。确认：
+1. 远端 CLI 版本包含 nonce header 注入修复
+2. `ANTHROPIC_AUTH_NONCE` 环境变量正确传递到远端
+3. `src/services/api/client.ts` 中 `x-auth-nonce` header 已启用
+
+### 远端 CLI 启动后立即退出
+
+```
+Remote process exited immediately (code 1)
+```
+
+1. 确认远端 `bun` / `node` 运行时可用
+2. 手动在远端执行 `ccb --version` 验证安装
+3. 检查 `--remote-bin` 路径是否正确
+4. 查看 stderr 输出获取详细错误信息

docs/features/voice-mode.md

@@ -1,27 +1,32 @@
 # VOICE_MODE — 语音输入
 
 > Feature Flag: `FEATURE_VOICE_MODE=1`
-> 实现状态：完整可用（需要 Anthropic OAuth）
+> 实现状态：完整可用（双后端：Anthropic OAuth / 豆包 ASR）
 > 引用数：46
 
 ## 一、功能概述
 
-VOICE_MODE 实现"按键说话"（Push-to-Talk）语音输入。用户按住空格键录音，音频通过 WebSocket 流式传输到 Anthropic STT 端点（Nova 3），实时转录显示在终端中。
+VOICE_MODE 实现"按键说话"（Push-to-Talk）语音输入。用户按住空格键录音，音频流式传输到 STT 后端，实时转录显示在终端中。支持两个后端：
+
+- **Anthropic STT（默认）**：通过 WebSocket 流式传输到 Nova 3 端点，需要 Anthropic OAuth
+- **豆包 ASR（Doubao）**：通过 `doubaoime-asr` 包的 AsyncGenerator 协议流式识别，使用独立凭证文件，无需 Anthropic OAuth
 
 ### 核心特性
 
 - **Push-to-Talk**：长按空格键录音，释放后自动发送
 - **流式转录**：录音过程中实时显示中间转录结果
 - **无缝集成**：转录文本直接作为用户消息提交到对话
+- **双后端切换**：通过 `/voice` 命令参数选择 STT 后端，持久化到 settings.json
 
 ## 二、用户交互
 
 | 操作 | 行为 |
 |------|------|
 | 长按空格 | 开始录音，显示录音状态 |
-| 释放空格 | 停止录音，等待最终转录 |
-| 转录完成 | 自动插入到输入框并提交 |
-| `/voice` 命令 | 切换语音模式开关 |
+| 释放空格 | 停止录音，转录结果自动提交 |
+| `/voice` | 切换语音模式开关（默认使用 Anthropic 后端） |
+| `/voice doubao` | 启用语音模式并使用豆包 ASR 后端 |
+| `/voice anthropic` | 切换回 Anthropic STT 后端 |
 
 ### UI 反馈
 
@@ -35,26 +40,37 @@ VOICE_MODE 实现"按键说话"（Push-to-Talk）语音输入。用户按住空
 
 文件：`src/voice/voiceModeEnabled.ts`
 
-三层检查：
+两层检查函数：
 
 ```ts
+// Anthropic 后端（需要 OAuth）
 isVoiceModeEnabled() = hasVoiceAuth() && isVoiceGrowthBookEnabled()
+
+// 豆包后端 / 通用可用性检查（不需要 OAuth）
+isVoiceAvailable() = isVoiceGrowthBookEnabled()
 ```
 
 1. **Feature Flag**：`feature('VOICE_MODE')` — 编译时/运行时开关
 2. **GrowthBook Kill-Switch**：`!getFeatureValue_CACHED_MAY_BE_STALE('tengu_amber_quartz_disabled', false)` — 紧急关闭开关（默认 false = 未禁用）
-3. **Auth 检查**：`hasVoiceAuth()` — 需要 Anthropic OAuth token（非 API key）
+3. **Auth 检查（仅 Anthropic）**：`hasVoiceAuth()` — 需要 Anthropic OAuth token（非 API key）
+4. **Provider 检查**：`voiceProvider` 设置决定使用哪个后端，豆包后端跳过 OAuth 检查
 
 ### 3.2 核心模块
 
 | 模块 | 职责 |
 |------|------|
 | `src/voice/voiceModeEnabled.ts` | Feature flag + GrowthBook + Auth 三层门控 |
-| `src/hooks/useVoice.ts` | React hook 管理录音状态和 WebSocket 连接 |
-| `src/services/voiceStreamSTT.ts` | WebSocket 流式传输到 Anthropic STT |
+| `src/hooks/useVoice.ts` | React hook 管理录音状态和后端连接 |
+| `src/services/voiceStreamSTT.ts` | Anthropic WebSocket 流式 STT |
+| `src/services/doubaoSTT.ts` | 豆包 ASR 适配器（AsyncGenerator → VoiceStreamConnection） |
+| `src/commands/voice/voice.ts` | `/voice` 命令实现，处理后端选择和持久化 |
+| `src/hooks/useVoiceEnabled.ts` | 语音启用状态 hook，根据 provider 决定是否跳过 OAuth |
+| `src/utils/settings/types.ts` | `voiceProvider: 'anthropic' | 'doubao'` 设置类型定义 |
 
 ### 3.3 数据流
 
+#### Anthropic 后端
+
 ```
 用户按下空格键
       │
@@ -79,20 +95,108 @@ WebSocket 连接到 Anthropic STT 端点
 转录文本 → 插入输入框 → 自动提交
 ```
 
+#### 豆包 ASR 后端
+
+```
+用户按下空格键
+      │
+      ▼
+useVoice hook 激活（检测到 voiceProvider === 'doubao'）
+      │
+      ▼
+macOS 原生音频 / SoX 开始录音
+      │
+      ▼
+connectDoubaoStream() 创建 AudioChunkQueue + VoiceStreamConnection
+      │
+      ├──→ onReady 立即触发（无需等待握手）
+      │
+      ▼
+音频数据通过 AudioChunkQueue 传入 transcribeRealtime()
+      │
+      ├──→ INTERIM_RESULT → 实时显示中间转录
+      ├──→ FINAL_RESULT   → 显示最终转录
+      │
+      ▼
+用户释放空格键
+      │
+      ▼
+finalize() 立即返回（豆包在录音过程中已返回结果，无需等待）
+      │
+      ▼
+转录文本 → 插入输入框 → 自动提交
+```
+
 ### 3.4 音频录制
 
-支持两种音频后端：
+支持两种音频后端（两个 STT 后端共享）：
 - **macOS 原生音频**：优先使用，低延迟
 - **SoX（Sound eXchange）**：回退方案，跨平台
 
-音频流通过 WebSocket 发送到 Anthropic 的 Nova 3 STT 模型。
+### 3.5 豆包 ASR 适配器设计
+
+文件：`src/services/doubaoSTT.ts`
+
+豆包后端使用适配器模式，将 `doubaoime-asr` 的 AsyncGenerator 协议桥接到 `VoiceStreamConnection` 接口：
+
+**AudioChunkQueue** — push 式异步队列：
+- 实现 `AsyncIterable<Uint8Array>` 接口
+- `push(chunk)` 将音频数据入队，`push(null)` 发送结束信号
+- 内部维护等待者（waiting）和缓冲队列（chunks）两个状态
+
+**connectDoubaoStream()** — 连接入口：
+- 动态导入 `doubaoime-asr`（optionalDependencies）
+- 从 `~/.claude/tts/doubao/credentials.json` 加载凭证
+- 创建 AudioChunkQueue 和 VoiceStreamConnection
+- 立即触发 `onReady`（避免与 useVoice 的音频缓冲死锁）
+- `finalize()` 立即返回（豆包在录音过程中已返回结果）
+- 后台 async IIFE 消费 `transcribeRealtime` generator，映射响应类型到回调
+
+**响应类型映射**：
+
+| doubaoime-asr ResponseType | 回调映射 |
+|----------------------------|----------|
+| SESSION_STARTED | 日志记录 |
+| VAD_START | 日志记录 |
+| INTERIM_RESULT | `onTranscript(text, false)` |
+| FINAL_RESULT | `onTranscript(text, true)` |
+| ERROR | `onError(errorMsg)` |
+| SESSION_FINISHED | 日志记录 |
+
+### 3.6 后端选择逻辑
+
+文件：`src/hooks/useVoice.ts`
+
+```ts
+// 判断当前 provider
+isDoubaoProvider() → 读取 settings.voiceProvider
+
+// handleKeyEvent 中的可用性检查
+const sttAvailable = isDoubaoProvider()
+  ? isDoubaoAvailableSync()    // 乐观检查（首次返回 true）
+  : isVoiceStreamAvailable()   // Anthropic WebSocket 检查
+
+// attemptConnect 中的连接函数选择
+const connectFn = isDoubaoProvider()
+  ? connectDoubaoStream
+  : connectVoiceStream
+```
+
+豆包后端的特殊处理：
+- 跳过 `getVoiceKeyterms()` 调用（豆包无需关键词提示）
+- 跳过 Focus Mode（`if (!enabled || !focusMode || isDoubaoProvider())`）
 
 ## 四、关键设计决策
 
-1. **OAuth 独占**：语音模式使用 `voice_stream` 端点（claude.ai），仅 Anthropic OAuth 用户可用。API key、Bedrock、Vertex 用户无法使用
-2. **GrowthBook 负向门控**：`tengu_amber_quartz_disabled` 默认 `false`，新安装自动可用（无需等 GrowthBook 初始化）
-3. **Keychain 缓存**：`getClaudeAIOAuthTokens()` 首次调用访问 macOS keychain（~20-50ms），后续缓存命中
-4. **独立于主 feature flag**：`isVoiceGrowthBookEnabled()` 在 feature flag 关闭时短路返回 `false`，不触发任何模块加载
+1. **双后端共存**：豆包后端作为独立适配器与 Anthropic 后端并存，不替换原有流程，通过 `voiceProvider` 设置切换
+2. **设置持久化**：`voiceProvider` 存储在 `settings.json`，通过 `/voice` 命令修改，跨会话生效
+3. **OAuth 独占（Anthropic）**：Anthropic 后端使用 `voice_stream` 端点（claude.ai），仅 OAuth 用户可用
+4. **豆包无需 OAuth**：豆包后端使用独立凭证文件，不依赖 Anthropic 认证，通过 `isVoiceAvailable()` 放宽门控
+5. **GrowthBook 负向门控**：`tengu_amber_quartz_disabled` 默认 `false`，新安装自动可用
+6. **onReady 立即触发**：豆包后端在连接建立后立即触发 `onReady`，避免与 useVoice 音频缓冲的时序死锁（Anthropic 需要等待 WebSocket 握手）
+7. **finalize() 立即返回**：豆包在录音过程中已返回所有结果，用户抬手时无需等待处理
+8. **乐观可用性检查**：`isDoubaoAvailableSync()` 在首次调用时返回 `true`，实际导入错误在 `connectDoubaoStream` 中处理
+9. **optionalDependencies**：`doubaoime-asr` 作为可选依赖，安装失败不影响 Anthropic 后端
 
 ## 五、使用方式
 
@@ -100,26 +204,60 @@ WebSocket 连接到 Anthropic STT 端点
 # 启用 feature
 FEATURE_VOICE_MODE=1 bun run dev
 
-# 在 REPL 中使用
+# 在 REPL 中使用 Anthropic 后端
 # 1. 确保已通过 OAuth 登录（claude.ai 订阅）
-# 2. 按住空格键说话
-# 3. 释放空格键等待转录
-# 4. 或使用 /voice 命令切换开关
+# 2. 输入 /voice 启用
+# 3. 按住空格键说话
+# 4. 释放空格键等待转录
+
+# 在 REPL 中使用豆包 ASR 后端
+# 1. 确保 doubaoime-asr 已安装（bun add doubaoime-asr）
+# 2. 配置凭证文件：~/.claude/tts/doubao/credentials.json
+# 3. 输入 /voice doubao 启用
+# 4. 按住空格键说话
+# 5. 释放空格键，转录结果即刻显示
+
+# 切换后端
+/voice doubao      # 切换到豆包 ASR
+/voice anthropic   # 切换回 Anthropic STT
+/voice             # 关闭语音模式
+```
+
+### 豆包凭证配置
+
+凭证文件路径：`~/.claude/tts/doubao/credentials.json`
+
+```json
+{
+  "deviceId": "...",
+  "installId": "...",
+  "cdid": "...",
+  "openudid": "...",
+  "clientudid": "...",
+  "token": "..."
+}
 ```
 
 ## 六、外部依赖
 
-| 依赖 | 说明 |
-|------|------|
-| Anthropic OAuth | claude.ai 订阅登录，非 API key |
-| GrowthBook | `tengu_amber_quartz_disabled` 紧急关闭 |
-| macOS 原生音频 或 SoX | 音频录制 |
-| Nova 3 STT | 语音转文本模型 |
+| 依赖 | 说明 | 适用后端 |
+|------|------|----------|
+| Anthropic OAuth | claude.ai 订阅登录，非 API key | Anthropic |
+| GrowthBook | `tengu_amber_quartz_disabled` 紧急关闭 | 通用 |
+| macOS 原生音频 或 SoX | 音频录制 | 通用 |
+| Nova 3 STT | Anthropic 语音转文本模型 | Anthropic |
+| doubaoime-asr | 豆包 ASR SDK（optionalDependencies） | 豆包 |
+| 凭证文件 | `~/.claude/tts/doubao/credentials.json` | 豆包 |
 
 ## 七、文件索引
 
-| 文件 | 行数 | 职责 |
-|------|------|------|
-| `src/voice/voiceModeEnabled.ts` | 54 | 三层门控逻辑 |
-| `src/hooks/useVoice.ts` | — | React hook（录音状态 + WebSocket） |
-| `src/services/voiceStreamSTT.ts` | — | STT WebSocket 流式传输 |
+| 文件 | 职责 |
+|------|------|
+| `src/voice/voiceModeEnabled.ts` | 三层门控逻辑 + `isVoiceAvailable()` |
+| `src/hooks/useVoice.ts` | React hook（录音状态 + 后端选择 + 连接管理） |
+| `src/hooks/useVoiceEnabled.ts` | 语音启用状态 hook（按 provider 决定 OAuth 检查） |
+| `src/services/voiceStreamSTT.ts` | Anthropic STT WebSocket 流式传输 |
+| `src/services/doubaoSTT.ts` | 豆包 ASR 适配器（AudioChunkQueue + connectDoubaoStream） |
+| `src/commands/voice/voice.ts` | `/voice` 命令（开关 + 后端选择） |
+| `src/commands/voice/index.ts` | 命令注册（去除 availability 限制） |
+| `src/utils/settings/types.ts` | `voiceProvider` 类型定义 |

docs/internals/agent-comm-fix-jira-tasks.md

@@ -0,0 +1,564 @@
+# Agent 通讯修复 Jira Task
+
+- 版本：v1.0
+- 生成日期：2026-04-25
+- 来源：由按文件执行清单、Claude 交叉验证意见整理合并
+- 范围：ACP Agent / Bridge / Remote Control Server / REPL Hook 生命周期
+- 使用方式：这是唯一执行任务文档；每个 `JIRA-*` 小节可直接拆成一个 Jira issue，字段保持统一，便于复制或二次导入。
+
+---
+
+## 方案性质
+
+本文档是目标状态式执行方案，不是临时补丁清单。每张 ticket 必须交付明确的代码终态、测试覆盖和回归边界；不得只用局部 workaround 掩盖问题。
+
+---
+
+## 执行总则
+
+1. 先边界安全，后内部优化：先修 WS 入站大小与输入校验，避免线上风险扩大。
+2. 单文件可回滚：每个文件内修改保持内聚，便于回滚与 bisect。
+3. 不改协议语义，只修实现缺陷：除 `resource_link` 表达形式统一外，不改变主流程契约。
+4. 每个文件必须有验收输出：要么测试用例，要么日志/指标验证。
+5. 发布前必须确认协议层行为无回归：`stopReason` 决策与 `sessionUpdate` 发送顺序保持稳定。
+
+---
+
+## Epic
+
+### JIRA-EPIC-001：提升 Agent 通讯链路稳定性与边界安全
+
+- Issue Type：Epic
+- Priority：P0
+- Owner：核心通讯 / 后端网关 / QA
+- Scope：ACP Agent、ACP Bridge、Remote Control Server、REPL 初始化生命周期
+- Goal：修复长会话资源泄漏、补齐 WebSocket 入站边界、统一 prompt 转换、收敛类型风险，并补充关键回归测试。
+
+#### Epic 验收标准
+
+- `bun run typecheck` 0 error。
+- P0 WebSocket 超大消息拒绝逻辑已实现并覆盖测试。
+- ACP bridge abort listener 生命周期无累积。
+- prompt 转换实现单源化。
+- settings/defaultMode 能真实影响 ACP permission mode，且 `_meta.permissionMode` 保持最高优先级。
+- REPL 目标 hook suppress 清理完成，timer cleanup 完整。
+
+---
+
+## P0 Tickets
+
+### JIRA-001：为 session ingress WebSocket 补齐消息大小限制
+
+- Issue Type：Bug
+- Priority：P0
+- Story Points：3
+- Owner：后端/网关
+- Files：
+  - `packages/remote-control-server/src/routes/v1/session-ingress.ts`
+- 后续票：JIRA-008（同文件 P1 类型与 decode path 收尾）
+
+#### 参考代码位置
+
+- `packages/remote-control-server/src/routes/v1/session-ingress.ts:100-106`
+
+#### 背景
+
+`session-ingress` 当前缺少 WebSocket message size limit。ACP 路由已有类似限制，两个入口边界不一致，可能导致大包占用内存或绕过入口保护。
+
+#### 实施要求
+
+- 新增 `MAX_WS_MESSAGE_SIZE = 10 * 1024 * 1024`，与 ACP 路由的 10MB 上限保持一致。
+- 在 `onMessage` decode 后优先检查 payload size。
+- 超限时执行 `ws.close(1009, "message too large")`。
+- 日志记录 `sessionId`、payload size、limit。
+- 对 `string`、`ArrayBuffer`、`Uint8Array` 进行统一 decode 分流。
+- 非支持类型直接拒绝并记录，不进入业务 handler。
+
+#### 验收标准
+
+- 11MB payload 被 1009 close。
+- 1KB 合法 payload 仍正常进入 handler。
+- 非支持类型 payload 不进入 handler。
+- 不改变 URL、auth、session 解析逻辑。
+
+#### 回归范围
+
+- Remote Control Server session ingress WebSocket。
+- 正常会话消息转发。
+- WebSocket close code 行为。
+
+#### 风险等级
+
+- 中。入口逻辑变更可能影响特殊客户端 payload 类型。
+
+#### 必须验证
+
+- 在 `packages/remote-control-server/src/__tests__/routes.test.ts` 增加 session-ingress WebSocket 大包、小包、坏类型 payload 用例。
+- 运行 `bun run typecheck`。
+
+---
+
+### JIRA-002：修复 ACP bridge abort listener 生命周期泄漏
+
+- Issue Type：Bug
+- Priority：P0
+- Story Points：3
+- Owner：核心通讯
+- Files：
+  - `src/services/acp/bridge.ts`
+
+#### 参考代码位置
+
+- `src/services/acp/bridge.ts:576-585`
+
+#### 背景
+
+ACP bridge 的 `Promise.race` abort 分支注册 listener 后缺少完整 cleanup。长会话或高频 next 场景可能出现 listener 累积。
+
+#### 实施要求
+
+- 将 abort race 改为可清理监听器写法。
+- 注册 listener 后保留 handler 引用。
+- `sdkMessages.next()` 先返回时必须 `removeEventListener`。
+- abort、throw、return 等路径都在 `finally` 中清理。
+- 不改变 `stopReason` 决策逻辑。
+- 不改变 `sessionUpdate` 发送顺序。
+
+#### 验收标准
+
+- 模拟 10k 次 next 且不 abort，listener 不增长。
+- abort 场景仍返回 `cancelled`。
+- 原有 streaming/session update 行为无回归。
+
+#### 回归范围
+
+- ACP bridge streaming loop。
+- 用户取消请求。
+- SDK generator 异常路径。
+
+#### 风险等级
+
+- 中。异步控制流变更需要覆盖取消与异常路径。
+
+#### 必须验证
+
+- 新增 listener cleanup 单元测试。
+- 运行 `bun run typecheck`。
+
+---
+
+## P1 Tickets
+
+### JIRA-003：优化 ACP agent pending prompt 队列为 O(1) 出队
+
+- Issue Type：Task
+- Priority：P1
+- Story Points：5
+- Owner：核心通讯
+- Files：
+  - `src/services/acp/agent.ts`
+
+#### 参考代码位置
+
+- `src/services/acp/agent.ts:332-339`
+
+#### 背景
+
+当前 pending prompt 队列使用 `Map + sort` 获取下一项，排队量上升时会带来不必要的排序成本。
+
+#### 实施要求
+
+- 改为 `queue: string[]` + `pendingMap: Map<string, PendingPrompt>` 组合。
+- 入队执行 `queue.push(id)` 与 `pendingMap.set(id, prompt)`。
+- 出队从队首惰性跳过已取消项。
+- 取消只从 `pendingMap` 删除，不做数组中间删除。
+- 保持现有取消语义和出队顺序。
+
+#### 验收标准
+
+- 1000 pending prompt 场景下出队顺序正确。
+- 已取消 prompt 不会被 resolve。
+- 出队不再依赖全量 sort。
+- 1000 排队场景下出队耗时低于旧实现；测试记录旧实现复杂度风险和新实现 O(1) 出队路径。
+- 行为与旧实现兼容。
+
+#### 回归范围
+
+- ACP prompt queue。
+- 并发 prompt 请求。
+- prompt cancel / resolve 边界。
+
+#### 风险等级
+
+- 中。队列结构变更可能引入取消边界问题。
+
+#### 必须验证
+
+- 新增 queue 顺序与取消测试。
+- 对 1000 prompt 场景做性能断言或日志记录。
+
+---
+
+### JIRA-004：接入真实 settings 读取并校验 ACP permission mode
+
+- Issue Type：Bug
+- Priority：P1
+- Story Points：3
+- Owner：核心通讯
+- Files：
+  - `src/services/acp/agent.ts`
+
+#### 参考代码位置
+
+- `src/services/acp/agent.ts:465-467`
+
+#### 背景
+
+`getSetting()` 当前未真正接入项目配置，导致默认 permission mode 配置无法按预期生效。
+
+#### 实施要求
+
+- 接入项目现有 settings/config 读取逻辑。
+- 仅接受合法 permission mode 枚举值。
+- 非法值 fallback 到 `default`。
+- `_meta.permissionMode` 继续保持最高优先级。
+- 不改变外部协议字段。
+
+#### 验收标准
+
+- settings/defaultMode 能影响默认 permission mode。
+- `_meta.permissionMode` 能覆盖 settings。
+- 非法 settings 值不会传播到运行时。
+- 类型检查通过。
+
+#### 回归范围
+
+- ACP agent session 初始化。
+- 权限模式同步。
+- 客户端 `_meta` 覆盖逻辑。
+
+#### 风险等级
+
+- 中。配置优先级错误会影响权限行为。
+
+#### 必须验证
+
+- 新增 defaultMode / `_meta.permissionMode` 优先级测试。
+- 运行 `bun run typecheck`。
+
+---
+
+### JIRA-005：单源化 ACP prompt 转换逻辑
+
+- Issue Type：Refactor
+- Priority：P1
+- Story Points：5
+- Owner：核心通讯
+- Files：
+  - `src/services/acp/agent.ts`
+  - `src/services/acp/bridge.ts`
+  - `src/services/acp/promptConversion.ts`（新增）
+
+#### 参考代码位置
+
+- `src/services/acp/agent.ts:754-758`
+- `src/services/acp/agent.ts:764-785`
+- `src/services/acp/bridge.ts:522-537`
+
+#### 背景
+
+ACP agent 与 bridge 存在重复 prompt 转换逻辑，`resource_link` 等 block 的输出策略容易分叉。
+
+#### 实施要求
+
+- 新增共享转换模块 `src/services/acp/promptConversion.ts`。
+- `agent.ts` 与 `bridge.ts` 改为调用共享转换函数。
+- 删除 `bridge.ts` 中 `promptToQueryContent` 的真实实现；如导出仍需保留，则只允许保留调用共享函数的 wrapper。
+- `resource_link` 输出改为稳定纯文本元信息，禁止 markdown link。
+- 保持其他 block 转换语义不变。
+
+#### 验收标准
+
+- 全仓库仅保留一个真实 prompt 转换实现。
+- 相同 input block 在 agent/bridge 输出一致。
+- `resource_link` 不再输出 `[name](uri)` 形式。
+- 相关测试覆盖转换一致性。
+
+#### 回归范围
+
+- ACP prompt input。
+- bridge query content。
+- resource link prompt 表达。
+
+#### 风险等级
+
+- 中。文本格式变化可能影响下游 prompt 快照或断言。
+
+#### 必须验证
+
+- 新增 shared conversion 单元测试。
+- 全仓库搜索重复转换函数。
+- 运行 `bun run typecheck`。
+
+---
+
+### JIRA-006：治理 REPL onInit effect 依赖并补齐 timer cleanup
+
+- Issue Type：Task
+- Priority：P1
+- Story Points：3
+- Owner：终端 UI
+- Files：
+  - `src/screens/REPL.tsx`
+
+#### 参考代码位置
+
+- `src/screens/REPL.tsx:654-662`
+- `src/screens/REPL.tsx:4996-5005`
+
+#### 背景
+
+REPL 中目标初始化 effect 存在 hook dependency suppress，warm-up timer 也需要显式 cleanup，避免频繁挂载/卸载时留下悬挂任务。
+
+#### 实施要求
+
+- 整理 `onInit` 生命周期，使用稳定引用或 effect 内联。
+- 移除目标段 `exhaustive-deps` suppress。
+- 保持 unmount cleanup 行为不变。
+- warm-up effect 中记录 timeout id。
+- cleanup 中执行 `clearTimeout(timeoutId)`。
+- 保留 `alive` 判定作为并发保护。
+
+#### 验收标准
+
+- 目标段不再需要 hooks lint suppress。
+- 高频打开/关闭搜索栏无悬挂 timer 增长。
+- REPL 初始化行为无回归。
+
+#### 回归范围
+
+- REPL 初始化。
+- 搜索栏 warm-up。
+- 组件卸载 cleanup。
+
+#### 风险等级
+
+- 中。React effect 依赖治理可能改变初始化时机。
+
+#### 必须验证
+
+- 运行 lint/typecheck。
+- 手动或测试覆盖 REPL mount/unmount。
+
+---
+
+### JIRA-007：收敛 ACP route WebSocket 事件 any 类型
+
+- Issue Type：Task
+- Priority：P1
+- Story Points：2
+- Owner：后端/网关
+- Files：
+  - `packages/remote-control-server/src/routes/acp/index.ts`
+
+#### 参考代码位置
+
+- `packages/remote-control-server/src/routes/acp/index.ts:108-146`
+
+#### 背景
+
+ACP route 中 WebSocket 事件和 socket 参数存在 `any`，降低编译期保护。
+
+#### 实施要求
+
+- 定义最小 WebSocket 事件类型：open/message/close/error。
+- 将 `_evt: any`、`evt: any`、`ws: any` 替换为窄类型。
+- 不改变 payload decode 与大小检查策略。
+- 不改变现有 handler 行为。
+
+#### 验收标准
+
+- 编译期能捕获错误事件字段访问。
+- 现有 WebSocket 行为不变。
+- `bun run typecheck` 通过。
+
+#### 回归范围
+
+- ACP WebSocket route。
+- message decode。
+- close/error handler。
+
+#### 风险等级
+
+- 低。类型收敛为主。
+
+#### 必须验证
+
+- 运行 `bun run typecheck`。
+- 保留现有测试通过。
+
+---
+
+### JIRA-008：收敛 session ingress WebSocket 事件类型与 decode path
+
+- Issue Type：Task
+- Priority：P1
+- Story Points：3
+- Owner：后端/网关
+- Files：
+  - `packages/remote-control-server/src/routes/v1/session-ingress.ts`
+- 前置依赖：JIRA-001 已合并
+
+#### 参考代码位置
+
+- `packages/remote-control-server/src/routes/v1/session-ingress.ts:100-106`
+
+#### 背景
+
+在完成 P0 size guard 后，session ingress 仍需要进一步收敛事件类型与 decode path，减少隐式类型风险。
+
+#### 实施要求
+
+- 定义或复用最小 WebSocket message event 类型。
+- 将 message decode 分支集中到一个小函数。
+- 保持 P0 size guard 与 close code 语义。
+- 不改变 auth/session 解析。
+
+#### 验收标准
+
+- decode path 单一清晰。
+- 不支持 payload 类型有明确拒绝路径。
+- `bun run typecheck` 通过。
+
+#### 回归范围
+
+- Session ingress WebSocket message handling。
+- P0 大包拒绝逻辑。
+
+#### 风险等级
+
+- 低到中。与 P0 同文件，注意避免重复改动冲突。
+
+#### 必须验证
+
+- 与 JIRA-001 同批测试。
+- 运行 `bun run typecheck`。
+
+---
+
+## QA Tickets
+
+### JIRA-009：补充 ACP 通讯回归测试
+
+- Issue Type：Test
+- Priority：P1
+- Story Points：5
+- Owner：QA/核心通讯
+- Files：
+  - `src/services/acp/agent.ts`
+  - `src/services/acp/bridge.ts`
+  - `src/services/acp/promptConversion.ts`
+  - `src/services/acp/__tests__/agent.test.ts`
+  - `src/services/acp/__tests__/bridge.test.ts`
+  - `src/services/acp/__tests__/promptConversion.test.ts`
+
+#### 覆盖场景
+
+- 长会话 10k turn，无 abort listener 累积。
+- prompt queue 1000 并发排队，取消/出队顺序正确。
+- settings/defaultMode 与 `_meta.permissionMode` 优先级正确。
+- `resource_link` 转换在 agent 与 bridge 输出一致。
+
+#### 验收标准
+
+- 新增测试在本地稳定通过。
+- 不依赖真实网络或外部服务。
+- 测试 mock 遵守仓库规范，只 mock 有副作用链路。
+
+#### 回归范围
+
+- ACP bridge。
+- ACP agent。
+- prompt conversion。
+- permission mode resolution。
+
+#### 风险等级
+
+- 中。异步测试可能有稳定性问题，需要避免时间敏感断言。
+
+#### 必须验证
+
+- 运行相关 `bun test`。
+- 运行 `bun run typecheck`。
+
+---
+
+### JIRA-010：补充 Remote Control Server WebSocket 入站回归测试
+
+- Issue Type：Test
+- Priority：P1
+- Story Points：3
+- Owner：QA/后端
+- Files：
+  - `packages/remote-control-server/src/__tests__/routes.test.ts`
+  - `packages/remote-control-server/src/routes/v1/session-ingress.ts`
+
+#### 覆盖场景
+
+- 11MB session ingress payload 被 1009 close（与 10MB 上限对齐）。
+- 合法小 payload 正常进入 handler。
+- 非支持 payload 类型被拒绝。
+- 日志或可观测输出包含 sessionId、payload size、limit。
+
+#### 验收标准
+
+- 11MB payload 被 1009 close（与 10MB 上限对齐）。
+- 新增测试稳定通过。
+- 不启动真实外部服务。
+- 不改变现有 route public contract。
+
+#### 回归范围
+
+- RCS session ingress route。
+- WebSocket message handling。
+- close code 行为。
+
+#### 风险等级
+
+- 中。测试需要适配现有 WebSocket/mock 基础设施。
+
+#### 必须验证
+
+- 运行 RCS package 相关测试。
+- 运行 `bun run typecheck`。
+
+---
+
+## 推荐执行顺序
+
+执行节奏与原计划保持一致：先完成 P0 全部改动和冒烟验证，再启动 P1 改造；测试票可穿插执行，但不得绕过 P0 gate。
+
+1. JIRA-001：先封入口大包风险。
+2. JIRA-002：修长会话 listener 生命周期。
+3. JIRA-010：补 RCS 入站测试，锁住 P0 行为。
+4. JIRA-003：优化 pending prompt queue。
+5. JIRA-004：接入 settings/defaultMode。
+6. JIRA-005：单源化 prompt 转换。
+7. JIRA-009：补 ACP 回归测试。
+8. JIRA-006：治理 REPL effect/timer。
+9. JIRA-007：收敛 ACP route 类型。
+10. JIRA-008：收敛 session ingress 类型与 decode path。
+
+---
+
+## Release Checklist
+
+- [ ] `bun run typecheck` 0 error
+- [ ] P0 tickets 已合并并测试通过
+- [ ] ACP 回归测试通过
+- [ ] RCS WebSocket 入站测试通过
+- [ ] prompt conversion 单源化已通过代码搜索确认
+- [ ] permission mode 优先级测试通过
+- [ ] 协议层行为无回归（stopReason 决策、sessionUpdate 发送顺序）
+- [ ] REPL hook/timer 改动通过 lint/typecheck
+- [ ] 最终变更说明包含风险与未覆盖项

docs/internals/agent-comm-fix-questions.md

@@ -0,0 +1,74 @@
+# Agent 通讯修复问题文档
+
+- 版本：v1.0
+- 生成日期：2026-04-25
+- 范围：ACP Agent / Bridge / Remote Control Server / REPL Hook 生命周期
+- 配套执行文档：`docs/internals/agent-comm-fix-jira-tasks.md`
+- 目的：保留决策前要问的问题、交叉验证提示词和已确认结论；不要在这里写 Jira 执行步骤。
+
+---
+
+## 1. 当前已确认结论
+
+- 只保留两份交付文档：本问题文档 + Jira Task 文档。
+- Jira Task 文档是唯一执行入口，包含 Owner、优先级、文件范围、验收标准、风险和验证建议。
+- Claude 交叉验证结论：整体通过，无 blocking findings；建议补充协议回归 gate、JIRA-001/008 依赖、代码参考位置和阈值一致性，这些建议已合并到 Jira Task 文档。
+- 本次已进入业务代码修复阶段，必须运行 `bun run typecheck` 和相关回归测试。
+
+---
+
+## 2. 执行前必须问清的问题
+
+1. `session-ingress` 的 WebSocket 上限是否固定为 10MB，并与 ACP route 保持一致？
+2. 超限 close code 是否统一使用 `1009`，close reason 是否固定为 `message too large`？
+3. `resource_link` 的纯文本格式是否已有下游依赖，能否替代当前 markdown link 表达？
+4. ACP permission mode 的真实 settings key 是哪个，非法值 fallback 是否统一为 `default`？
+5. `_meta.permissionMode` 是否必须始终覆盖 settings/defaultMode？
+6. abort listener 测试中，是否能通过 mock signal 或计数器稳定证明 10k next 后无 listener 累积？
+7. pending prompt queue 的取消语义是否允许惰性清理，而不是立刻从数组中删除？
+8. REPL hook suppress 的清理范围是否只限目标段，不顺手改其他 decompiled React Compiler 结构？
+9. RCS WebSocket 测试应放在现有哪个 `__tests__` 布局下，是否已有 route/mock 基础设施可复用？
+10. 发布 gate 是否必须包含 `stopReason` 决策与 `sessionUpdate` 发送顺序不回归？
+
+---
+
+## 3. 给 Claude 或 Reviewer 的复核问题
+
+```text
+请作为外部审查者，复核 docs/internals/agent-comm-fix-jira-tasks.md。
+
+请检查：
+1. 是否仍满足“按文件分工的执行清单”和“Jira task 文档”要求。
+2. 是否存在遗漏的文件、验收标准、风险或前置依赖。
+3. 是否有重复、误导执行者、优先级不合理或测试不可落地的问题。
+4. 是否还有必须阻断实施的 finding。
+
+请用中文输出：
+- Verdict
+- Blocking Findings
+- Non-blocking Findings
+- Suggested Edits
+- Final Recommendation
+
+不要修改文件，只输出审查意见。
+```
+
+---
+
+## 4. 已处理的复核建议
+
+- Release Checklist 已补充协议层行为无回归 gate。
+- JIRA-001 与 JIRA-008 已明确同文件前后置关系。
+- JIRA-001 到 JIRA-008 已补充参考代码位置。
+- JIRA-003 已补回 1000 排队场景下的出队耗时验收。
+- JIRA-008 story points 已从 2 调整为 3。
+- JIRA-010 已明确 11MB payload 对齐 10MB 上限并触发 1009 close。
+- 推荐执行顺序已明确 P0 gate：P0 全部改动和冒烟验证完成后，再启动 P1 改造。
+
+---
+
+## 5. 不在本文档维护的内容
+
+- 不维护 Jira ticket 正文；统一在 `docs/internals/agent-comm-fix-jira-tasks.md` 修改。
+- 不维护业务代码实现方案；实现时按具体 ticket 读取对应文件。
+- 不维护历史中间稿；旧执行清单已合并进 Jira Task 文档。

docs/internals/autonomy-jira.md

@@ -0,0 +1,314 @@
+# Autonomy Reliability Jira Drafts
+
+These tickets are based on the call-chain audit of `/autonomy`, proactive
+ticks, HEARTBEAT managed flows, cron scheduling, command queue consumption,
+and daemon process supervision.
+
+## AUT-001: Preserve autonomy lifecycle when queued commands are consumed mid-turn
+
+Type: Bug
+Priority: P0
+Status: Draft
+Patch status: Implemented in `fix/autonomy-lifecycle`.
+
+Problem:
+`query.ts` can drain queued prompt/task-notification commands as attachments
+during an active turn. Autonomy prompts consumed this way were removed from the
+in-memory queue without marking the persisted run as running/completed/failed,
+so managed flows could stay stuck in `queued` and never advance.
+
+Evidence:
+- `src/query.ts` drains queued commands via `getCommandsByMaxPriority()`.
+- `src/query.ts` removes consumed commands from the queue.
+- Lifecycle updates existed only in the normal queued-submit path
+  `src/utils/handlePromptSubmit.ts` and headless `src/cli/print.ts`.
+
+Acceptance criteria:
+- Mid-turn consumed autonomy commands mark runs `running`.
+- Normal query completion finalizes consumed runs and queues next managed-flow
+  steps.
+- Query errors or abort terminal reasons mark consumed runs failed.
+- Stale/cancelled autonomy commands are removed from the in-memory queue
+  without being sent to the model.
+- Regression tests cover stale command filtering and managed-flow advancement.
+
+## AUT-002: Make autonomy run lifecycle transitions terminal-safe
+
+Type: Bug
+Priority: P0
+Status: Draft
+Patch status: Implemented in `fix/autonomy-lifecycle`.
+
+Problem:
+Run lifecycle helpers rewrote status unconditionally. A stale in-memory command
+could mark a cancelled/completed/failed run back to `running`, causing a
+cancelled flow to execute or a terminal flow to be rewritten.
+
+Evidence:
+- `markAutonomyRunRunning`, `markAutonomyRunCompleted`,
+  `markAutonomyRunFailed`, and `markAutonomyRunCancelled` updated records
+  without checking current status.
+- External CLI cancel cannot remove queued commands living inside another
+  process, so stale commands are a realistic input.
+
+Acceptance criteria:
+- `queued -> running/completed/failed/cancelled` remains allowed.
+- `running -> completed/failed/cancelled` remains allowed.
+- Any terminal status rejects later lifecycle updates.
+- Rejected transitions do not update managed-flow step state.
+- Regression tests cover stale lifecycle calls after cancellation.
+
+## AUT-003: Prevent proactive and scheduled-task async fire failures from becoming invisible
+
+Type: Bug
+Priority: P1
+Status: Draft
+Patch status: Implemented in `fix/autonomy-lifecycle`.
+
+Problem:
+Proactive tick and cron fire callbacks launch detached async work. Failures in
+prompt preparation or queue insertion could surface as unhandled rejections or
+be lost from diagnostics. In one-shot cron paths, the scheduler has already
+decided the task fired.
+
+Evidence:
+- `src/proactive/useProactive.ts` used a detached async IIFE without catch.
+- `src/cli/print.ts` proactive and cron paths also detached async work.
+- `src/hooks/useScheduledTasks.ts` cron callbacks detached async work.
+
+Acceptance criteria:
+- Detached proactive/cron fire work has explicit error logging.
+- REPL proactive tick generation is non-reentrant.
+- Tick generation stops queueing after hook unmount.
+
+## AUT-004: Bound long-running daemon restart timers during shutdown
+
+Type: Bug
+Priority: P1
+Status: Draft
+Patch status: Implemented in `fix/autonomy-lifecycle`.
+
+Problem:
+The daemon supervisor scheduled worker restarts with `setTimeout()` but did
+not store, clear, or `unref()` the timer. Shutdown during backoff could keep
+the supervisor alive until the timer fired, forcing the stop path toward
+SIGKILL.
+
+Evidence:
+- `src/daemon/main.ts` scheduled restart timers directly in the worker exit
+  handler.
+- Shutdown only signaled child processes and did not clear restart timers.
+
+Acceptance criteria:
+- Worker restart timers are tracked per worker.
+- Shutdown clears any pending restart timers.
+- Restart and force-kill grace timers do not keep the supervisor alive alone.
+
+## AUT-005: Release autonomy persistence lock bookkeeping after each chain
+
+Type: Bug
+Priority: P1
+Status: Draft
+Patch status: Implemented in `fix/autonomy-lifecycle`.
+
+Problem:
+`withAutonomyPersistenceLock` stored a chained promise in its map but compared
+the map value against the raw current promise during cleanup. That condition
+never matched, so root-level lock bookkeeping could accumulate in long-lived
+processes that touch many workspaces.
+
+Evidence:
+- `src/utils/autonomyPersistence.ts` stored `previous.then(() => current)`.
+- Cleanup compared `persistenceLocks.get(key) === current`.
+
+Acceptance criteria:
+- The stored chained promise is the value used for cleanup comparison.
+- Existing serialization behavior for same-root calls remains unchanged.
+- Tests directly assert same-root lock bookkeeping returns to zero after both
+  success and failure.
+
+## AUT-006: Add active-record protection before persistence truncation
+
+Type: Reliability
+Priority: P2
+Status: Draft
+Patch status: Implemented in `fix/autonomy-lifecycle`.
+
+Problem:
+Autonomy runs and flows are capped by latest-created/updated order only.
+Under high churn, active `queued` or `running` records can be truncated before
+completion, which removes recovery evidence and can break managed-flow
+advancement.
+
+Evidence:
+- `src/utils/autonomyRuns.ts` keeps the latest 200 runs by `createdAt`.
+- `src/utils/autonomyFlows.ts` keeps the latest 100 flows by `updatedAt`.
+
+Acceptance criteria:
+- Active records are retained before completed historical records are trimmed.
+- Tests cover trimming with more than the configured cap and active records
+  near the tail.
+
+## AUT-007: Treat provider API-error responses as failed autonomy turns
+
+Type: Bug
+Priority: P0
+Status: Draft
+Patch status: Implemented in `fix/autonomy-lifecycle`.
+
+Problem:
+Third-party provider adapters can convert provider failures into synthetic
+assistant API-error messages instead of throwing. `query.ts` treated
+`isApiErrorMessage` terminal responses as `completed`, so an autonomy command
+that had already been consumed as a queued attachment could be marked
+completed and advance its managed flow even though the provider call failed.
+
+Evidence:
+- `src/services/api/openai/index.ts`, `src/services/api/gemini/index.ts`, and
+  `src/services/api/grok/index.ts` yield `createAssistantAPIErrorMessage()` on
+  adapter errors.
+- `src/query.ts` skipped stop hooks for API-error assistant messages but
+  returned `reason: 'completed'`.
+- Top-level autonomy finalization used terminal completion to decide whether
+  to mark consumed runs completed or failed.
+
+Acceptance criteria:
+- Provider API-error assistant messages terminate the query with
+  `reason: 'model_error'`.
+- Any consumed autonomy run is marked failed rather than completed.
+- Managed flows do not advance to the next step after provider API errors.
+- A regression test simulates provider error after a queued autonomy attachment
+  has been consumed.
+
+## AUT-008: Finalize consumed autonomy runs on async-generator close
+
+Type: Bug
+Priority: P0
+Status: Draft
+Patch status: Implemented in `fix/autonomy-lifecycle`.
+
+Problem:
+`query()` is an async generator. When its consumer calls `.return()` or breaks
+out of iteration, JavaScript executes `finally` blocks and skips code after the
+`try/finally`. The previous autonomy finalization ran after the `finally`, so
+queued autonomy commands that had already been claimed as `running` could stay
+persisted as `running` forever if the REPL/SDK consumer closed the generator.
+
+Evidence:
+- Claimed run IDs were collected during queued attachment injection.
+- Completion/failure finalization happened only after `yield* queryLoop(...)`
+  returned normally or threw.
+- Claude cross-validation flagged this as a durable run/flow leak.
+
+Acceptance criteria:
+- Consumed autonomy runs are finalized from a `finally` path.
+- Normal completion marks consumed runs completed and enqueues next managed
+  flow steps.
+- Provider/model errors mark consumed runs failed.
+- Generator close and user abort terminals mark consumed runs cancelled.
+- A regression test closes the generator after a queued autonomy attachment and
+  verifies the run/flow are cancelled, not left running.
+
+## AUT-009: Claim queued autonomy runs before attachment injection
+
+Type: Bug
+Priority: P0
+Status: Draft
+Patch status: Implemented in `fix/autonomy-lifecycle`.
+
+Problem:
+The query loop filtered stale queued autonomy commands before attachment
+generation, but it did not claim runs as `running` until after attachments were
+already yielded. A concurrent cancellation between those steps could still send
+a cancelled prompt into the model context.
+
+Evidence:
+- `partitionConsumableQueuedAutonomyCommands()` only checked persisted status.
+- `markAutonomyRunRunning()` previously ran after `getAttachmentMessages()`.
+- Reviewer cross-validation identified the check-then-act race.
+
+Acceptance criteria:
+- Query claims queued autonomy runs before passing commands to attachment
+  generation.
+- Only successfully claimed commands are injected as queued-command
+  attachments.
+- Failed claims are treated as stale and removed from the in-memory queue.
+- Claiming reads persisted run state once per turn rather than once per
+  command.
+
+## AUT-010: Cancel proactive and cron runs dropped before enqueue
+
+Type: Bug
+Priority: P1
+Status: Draft
+Patch status: Implemented in `fix/autonomy-lifecycle`.
+
+Problem:
+`/proactive` and scheduled-task producers persist autonomy runs before
+returning queue commands. If the component is disposed or headless input closes
+after persistence but before enqueue, the queued run is left on disk with no
+in-memory command to consume it.
+
+Evidence:
+- `createProactiveAutonomyCommands()` commits runs before returning commands.
+- `commitAutonomyQueuedPrompt()` persists scheduled-task runs before callers
+  enqueue them.
+- Callers checked `disposed` / `inputClosed` after command creation and could
+  return without terminalizing the run.
+
+Acceptance criteria:
+- Proactive hook cancellation checks run both before commit and after command
+  creation.
+- Headless proactive and cron paths cancel any already-created command that is
+  dropped due to input close.
+- REPL scheduled-task cleanup cancels already-created commands when unmounted.
+- A regression test verifies a proactive command created but dropped before
+  enqueue is marked cancelled.
+
+## AUT-011: Replace query transition `any` stubs with typed contracts
+
+Type: Test/Type Safety
+Priority: P2
+Status: Draft
+Patch status: Implemented in `fix/autonomy-lifecycle`.
+
+Problem:
+`src/query/transitions.ts` defined both `Terminal` and `Continue` as `any`.
+That allowed new terminal reasons such as `model_error` and continuation
+reasons such as `collapse_drain_retry` to drift without compiler checks.
+
+Evidence:
+- Claude cross-validation flagged the `Terminal = any` contract as a remaining
+  issue.
+- Tightening the type immediately caught that
+  `collapse_drain_retry.committed` is a `number`, not a `boolean`.
+
+Acceptance criteria:
+- `Terminal` is a concrete union of query terminal reasons.
+- `Continue` is a concrete union of continuation reasons and payloads.
+- `bun run typecheck` validates all query return sites against that contract.
+
+## AUT-012: Avoid provider test settings-module mock pollution
+
+Type: Test Reliability
+Priority: P2
+Status: Draft
+Patch status: Implemented in `fix/autonomy-lifecycle`.
+
+Problem:
+The provider tests previously mocked `settings.js`. A minimal mock broke other
+tests that imported additional settings exports in the same Bun process; the
+expanded mock avoided the failure but over-coupled the provider test to
+unrelated settings internals.
+
+Evidence:
+- Full test runs observed cross-file settings mock pollution.
+- `src/utils/model/providers.ts` only needs the real `getInitialSettings()`
+  behavior.
+
+Acceptance criteria:
+- Provider tests do not mock `settings.js`.
+- `modelType` precedence is exercised through an injected settings snapshot,
+  leaving global bootstrap state untouched.
+- Provider tests pass when run alongside permissions tests and the provider
+  matrix.

docs/lsp-integration.md

@@ -200,9 +200,9 @@ LSP 服务器通过插件提供。插件的 `manifest.json` 中可以声明 LSP
 |------|------|------|------|
 | `command` | string | 是 | LSP 服务器可执行命令（不含空格） |
 | `args` | string[] | 否 | 命令行参数 |
-| `extensionToLanguage` | Record<string, string> | 是 | 文件扩展名到语言 ID 的映射（至少一个） |
+| `extensionToLanguage` | `Record<string, string>` | 是 | 文件扩展名到语言 ID 的映射（至少一个） |
 | `transport` | `"stdio"` \| `"socket"` | 否 | 通信方式，默认 `stdio` |
-| `env` | Record<string, string> | 否 | 启动服务器时设置的环境变量 |
+| `env` | `Record<string, string>` | 否 | 启动服务器时设置的环境变量 |
 | `initializationOptions` | unknown | 否 | 传给服务器的初始化选项 |
 | `settings` | unknown | 否 | 通过 `workspace/didChangeConfiguration` 传递的设置 |
 | `workspaceFolder` | string | 否 | 工作区目录路径 |

docs/memory-leak-audit.md

@@ -0,0 +1,659 @@
+# 内存泄漏排查报告
+
+> 基于官方 CHANGELOG 记录的 11 个已修复内存泄漏 + 1 个代码注释中的已知问题，对反编译代码库进行逐文件验证。
+> 审计日期：2026-04-28
+
+## TODO
+
+- [x] #1 图片处理无限内存增长 — 确认已实现 ✅
+- [x] #2 /usage 命令泄漏约 2GB — 确认已实现 ✅
+- [x] #3 长时间运行工具进度事件泄漏 — 确认已实现 ✅
+- [x] #4 空闲重新渲染循环 — **已确认完整**：所有 10 个 useAnimationFrame 调用者均正确传递 null 暂停时钟，keepAlive 机制工作正常
+- [x] #5 虚拟滚动器保留历史消息拷贝 — 确认已实现 ✅
+- [x] #6 管道模式超宽行过度分配 — 确认已实现 ✅
+- [x] #7 语言语法按需加载 — **已修复**：改用 highlight.js/lib/core + 静态注册 26 个常用语言，从 190+ 语言降至 ~25，内存减少 ~80%
+- [x] #8 NO_FLICKER 模式流状态泄漏 — **已修复**：StreamingToolExecutor.discard() 现在完整释放 tools 数组、中止 siblingAbortController、清理 turnSpan，7 tests
+- [x] #9 Remote Control 权限条目保留 — **已修复**：pendingPermissionHandlers 提升至 useEffect 作用域，cleanup 时显式 clear()，8 tests
+- [x] #10 MCP HTTP/SSE 缓冲区累积 — 确认已实现 ✅
+- [x] #11 LRU 缓存键保留大 JSON — **已确认完整实现**：FileStateCache 使用 LRU 双重限制（max 100 条目 + maxSize 25MB）+ sizeCalculation，22 tests
+- [x] #12 QueryEngine.mutableMessages 不收缩 — **已修复**：实现 snipCompactIfNeeded（按 removedUuids 过滤）+ snipProjection（边界检测 + 视图投影），28 tests
+- [x] #18 Permission Polling Interval 泄漏 — **已修复**：inProcessRunner 权限响应后未调用 cleanup()，导致 setInterval 永远运行 + abort listener 挂载，6 tests
+- [x] #17 LSP Opened Files Map 不收缩 — **已修复**：LSPServerManager 添加 closeAllFiles() 方法，postCompactCleanup 集成调用，compaction 后释放 openedFiles Map，5 tests
+
+## 总览
+---
+
+## 1. 图片处理无限内存增长 (v2.1.121)
+
+**CHANGELOG 描述**：Fixed unbounded memory growth (multi-GB RSS) when processing many images in a session
+
+### 实现位置
+
+- `src/utils/imageStore.ts` — 核心修复
+- `src/commands/clear/caches.ts` — 缓存清理
+- `src/screens/REPL.tsx` — UI 层释放
+
+### 修复方式
+
+三层防护机制：
+
+1. **LRU 内存缓存**：`storedImagePaths` Map 上限 200 条目（`MAX_STORED_IMAGE_PATHS`），超出自动驱逐最早条目
+2. **磁盘持久化**：图片 base64 数据写入 `~/.claude/image-cache/<sessionId>/`，内存中仅保留路径字符串
+3. **立即释放**：`setPastedContents({})` 在消息提交/命令执行后清空 React state 中的 base64 数据
+
+### 关键代码
+
+```typescript
+// imageStore.ts:10
+const MAX_STORED_IMAGE_PATHS = 200
+
+// imageStore.ts:115-124
+function evictOldestIfAtCap(): void {
+  while (storedImagePaths.size >= MAX_STORED_IMAGE_PATHS) {
+    const oldest = storedImagePaths.keys().next().value
+    if (oldest !== undefined) {
+      storedImagePaths.delete(oldest)
+    } else {
+      break
+    }
+  }
+}
+
+// imageStore.ts:129-167 — 清理旧会话目录
+export async function cleanupOldImageCaches(): Promise<void> { ... }
+```
+
+---
+
+## 2. /usage 命令泄漏约 2GB (v2.1.121)
+
+
+**CHANGELOG 描述**：Fixed /usage leaking up to ~2GB of memory on machines with large transcript histories
+
+### 实现位置
+
+- `src/utils/sessionStoragePortable.ts:716-792` — 核心流式读取
+- `src/utils/attribution.ts` — 调用方
+
+### 修复方式
+
+1. **分块流式读取**：使用 `TRANSCRIPT_READ_CHUNK_SIZE = 1MB` 固定块大小，通过 `fd.read()` 逐块处理，避免一次性加载整个 transcript
+2. **字节级过滤**：在 fd 层面直接跳过 `attribution-snapshot` 类型的行（占长会话 84% 的字节空间）
+3. **边界截断**：搜索 `compact_boundary` 标记，只保留边界之后的数据
+4. **缓冲区控制**：初始缓冲区限制 `Math.min(fileSize, 8MB)`
+
+### 关键代码
+
+```typescript
+// sessionStoragePortable.ts:716-792
+export async function readTranscriptForLoad(
+  filePath: string,
+  fileSize: number,
+): Promise<{
+  boundaryStartOffset: number
+  postBoundaryBuf: Buffer
+  hasPreservedSegment: boolean
+}> {
+  const s: LoadState = {
+    out: {
+      buf: Buffer.allocUnsafe(Math.min(fileSize, 8 * 1024 * 1024)),
+      len: 0,
+      cap: fileSize + 1,
+    },
+    // ...
+  }
+  const chunk = Buffer.allocUnsafe(CHUNK_SIZE)
+  const fd = await fsOpen(filePath, 'r')
+  try {
+    let filePos = 0
+    while (filePos < fileSize) {
+      const { bytesRead } = await fd.read(chunk, 0, Math.min(CHUNK_SIZE, fileSize - filePos), filePos)
+      if (bytesRead === 0) break
+      filePos += bytesRead
+      // ... 分块处理逻辑
+    }
+    finalizeOutput(s)
+  } finally {
+    await fd.close()
+  }
+}
+```
+
+---
+
+## 3. 长时间运行工具进度事件泄漏 (v2.1.121)
+
+
+**CHANGELOG 描述**：Fixed memory leak when long-running tools fail to emit a clear progress event
+
+### 实现位置
+
+- `src/screens/REPL.tsx:3054-3114` — progress 消息替换逻辑
+- `src/utils/sessionStorage.ts:186-196` — 临时消息类型定义
+
+### 修复方式
+
+1. **向后扫描替换**：从只检查最后一条消息改为向后遍历所有 progress 消息，找到匹配的 `parentToolUseID` + `type` 后替换（修复交错消息导致 13k+ 条目堆积）
+2. **全屏模式硬上限**：`MAX_FULLSCREEN_SCROLLBACK = 500`，超出截断
+3. **临时消息识别**：`isEphemeralToolProgress()` 区分 `bash_progress`、`sleep_progress` 等一次性消息与需要保留的 `agent_progress` 等
+
+### 关键代码
+
+```typescript
+// REPL.tsx:3094-3114
+setMessages(oldMessages => {
+  const newData = newMessage.data as Record<string, unknown>;
+  // Scan backwards to find the last ephemeral progress with matching
+  // parentToolUseID and type.
+  for (let i = oldMessages.length - 1; i >= 0; i--) {
+    const m = oldMessages[i]!
+    if (m.type !== 'progress') break
+    const mData = m.data as Record<string, unknown> | undefined
+    if (
+      m.parentToolUseID === newMessage.parentToolUseID &&
+      mData?.type === newData.type
+    ) {
+      const copy = oldMessages.slice();
+      copy[i] = newMessage;
+      return copy;
+    }
+  }
+  return [...oldMessages, newMessage];
+});
+
+// REPL.tsx:3058-3064 — 全屏模式硬上限
+const MAX_FULLSCREEN_SCROLLBACK = 500
+const kept = postBoundary.length > MAX_FULLSCREEN_SCROLLBACK
+  ? postBoundary.slice(-MAX_FULLSCREEN_SCROLLBACK)
+  : postBoundary
+return [...kept, newMessage]
+```
+
+---
+
+## 4. 空闲重新渲染循环 (v2.1.117)
+
+**状态：已确认完整**
+
+**CHANGELOG 描述**：Fixed idle re-render loop when background tasks are present, reducing memory growth on Linux
+
+### 实现位置
+
+- `packages/@ant/ink/src/components/ClockContext.tsx` — 核心时钟管理
+
+### 已实现部分
+
+`ClockContext` 的 `keepAlive` 订阅者分类机制完整存在：
+
+```typescript
+// ClockContext.tsx:11-43
+function createClock(tickIntervalMs: number): Clock {
+  const subscribers = new Map<() => void, boolean>()
+  let interval: ReturnType<typeof setInterval> | null = null
+
+  function updateInterval(): void {
+    const anyKeepAlive = [...subscribers.values()].some(Boolean)
+    if (anyKeepAlive) {
+      // 有 keepAlive 订阅者时启动 interval
+      interval = setInterval(tick, currentTickIntervalMs)
+    } else if (interval) {
+      // 无 keepAlive 订阅者时停止 interval
+      clearInterval(interval)
+      interval = null
+    }
+  }
+
+  return {
+    subscribe(onChange, keepAlive) {
+      subscribers.set(onChange, keepAlive)
+      updateInterval()
+      return () => {
+        subscribers.delete(onChange)
+        updateInterval()
+      }
+    },
+    // ...
+  }
+}
+```
+
+### 不确定部分
+
+无法确认 `useAnimationFrame` hook 是否在所有使用时钟的组件中正确传递了 `keepAlive` 参数。反编译代码中调用链可能不完整。
+
+---
+
+## 5. 虚拟滚动器保留历史消息拷贝 (v2.1.101)
+
+
+**CHANGELOG 描述**：Fixed a memory leak where long sessions retained dozens of historical copies of the message list in the virtual scroller
+
+### 实现位置
+
+- `src/components/VirtualMessageList.tsx:276-296`
+
+### 修复方式
+
+增量式键值数组：使用 `useRef` 保存 keys 数组引用，流式追加而非每次 O(n) 全量重建。
+
+```typescript
+// VirtualMessageList.tsx:276-296
+const keysRef = useRef<string[]>([])
+const prevMessagesRef = useRef<typeof messages>(messages)
+const prevItemKeyRef = useRef(itemKey)
+if (
+  prevItemKeyRef.current !== itemKey ||
+  messages.length < keysRef.current.length ||
+  messages[0] !== prevMessagesRef.current[0]
+) {
+  // 全量重建（仅在 itemKey 变化、数组缩短等场景）
+  keysRef.current = messages.map(m => itemKey(m))
+} else {
+  // 增量追加（正常流式场景）
+  for (let i = keysRef.current.length; i < messages.length; i++) {
+    keysRef.current.push(itemKey(messages[i]!))
+  }
+}
+prevMessagesRef.current = messages
+prevItemKeyRef.current = itemKey
+const keys = keysRef.current
+```
+
+修复前 27k 消息时每次新消息添加产生 ~1MB 内存分配，修复后降为 O(1) 追加。
+
+---
+
+## 6. 管道模式超宽行过度分配 (v2.1.110)
+
+
+**CHANGELOG 描述**：Fixed potential excessive memory allocation when piped (non-TTY) Ink output contains a single very wide line
+
+### 实现位置
+
+- `packages/@ant/ink/src/core/output.ts:200-207`
+
+### 修复方式
+
+在 `Output.reset()` 中当字符缓存超过 16384 条目时清空：
+
+```typescript
+// output.ts:200-207
+reset(width: number, height: number, screen: Screen): void {
+  this.width = width
+  this.height = height
+  this.screen = screen
+  this.operations.length = 0
+  resetScreen(screen, width, height)
+  if (this.charCache.size > 16384) this.charCache.clear()  // 关键修复
+}
+```
+
+---
+
+## 7. 语言语法按需加载 (v2.1.108)
+
+**状态：已修复**
+
+**CHANGELOG 描述**：Reduced memory footprint for file reads, edits, and syntax highlighting by loading language grammars on demand
+
+### 实现位置
+
+- `packages/color-diff-napi/src/index.ts:21-37`
+
+### 当前状态
+
+延迟加载逻辑**已被移除**，改为顶层静态导入。代码注释说明原因：
+
+```typescript
+// color-diff-napi/src/index.ts:21-37
+// Static import — createRequire(import.meta.url) fails in Bun --compile mode
+// because the resolved path points to the internal bunfs binary path where
+// node_modules cannot be found. A top-level import ensures the module is
+// bundled and accessible at runtime.
+import hljs from 'highlight.js'  // 顶层静态导入
+
+type HLJSApi = typeof hljs
+let cachedHljs: HLJSApi | null = null
+function hljsApi(): HLJSApi {
+  if (cachedHljs) return cachedHljs
+  const mod = hljs as HLJSApi & { default?: HLJSApi }
+  cachedHljs = 'default' in mod && mod.default ? mod.default : mod
+  return cachedHljs!
+}
+```
+
+**影响**：highlight.js 包含 190+ 语言语法（约 50MB），现在在模块加载时即全部载入内存，无法按需释放。这是为了兼容 Bun `--compile` 模式做的妥协。
+
+---
+
+## 8. NO_FLICKER 模式流状态泄漏 (v2.1.105)
+
+**状态：已修复**
+
+**CHANGELOG 描述**：Fixed a NO_FLICKER mode memory leak where API retries left stale streaming state
+
+### 实现位置
+
+- `src/screens/REPL.tsx:1841-1861` — `resetLoadingState()`
+- `src/screens/REPL.tsx:3568-3578` — finally 块调用
+
+### 已实现部分
+
+`resetLoadingState()` 在 `onQuery` 的 finally 块中无条件调用，清理 `streamingText`、`streamingToolUses` 等：
+
+```typescript
+// REPL.tsx:1841-1861
+const resetLoadingState = useCallback(() => {
+  setStreamingText(null);
+  setStreamingToolUses([]);
+  setSpinnerMessage(null);
+  // ...
+}, [pickNewSpinnerTip]);
+
+// REPL.tsx:3568-3578 — finally 块
+} finally {
+  if (queryGuard.end(thisGeneration)) {
+    resetLoadingState();  // 无条件清理
+  }
+}
+```
+
+### 不确定部分
+
+无法确认 `query.ts` 中 `StreamingToolExecutor.discard()` 的逻辑是否完整实现了旧工具结果的释放。
+
+---
+
+## 9. Remote Control 权限条目保留 (v2.1.98)
+
+**状态：已修复**
+
+**CHANGELOG 描述**：Fixed a memory leak where Remote Control permission handler entries were retained for the lifetime of the session
+
+### 实现位置
+
+- `src/hooks/useReplBridge.tsx:466-491` — 处理 + 删除
+- `src/hooks/useReplBridge.tsx:712-717` — 注册 + 清理函数
+
+### 已实现部分
+
+```typescript
+// useReplBridge.tsx:466-491
+const pendingPermissionHandlers = new Map<string, (response: ...) => void>()
+
+function handlePermissionResponse(msg: SDKControlResponse): void {
+  const requestId = msg.response?.request_id
+  if (!requestId) return
+  const handler = pendingPermissionHandlers.get(requestId)
+  if (!handler) return
+  const parsed = parseBridgePermissionResponse(msg)
+  if (!parsed) return
+  pendingPermissionHandlers.delete(requestId)  // 处理后删除
+  handler(parsed)
+}
+
+// useReplBridge.tsx:712-717
+onResponse(requestId, handler) {
+  pendingPermissionHandlers.set(requestId, handler)
+  return () => {
+    pendingPermissionHandlers.delete(requestId)  // 取消时删除
+  }
+}
+```
+
+### 不确定部分
+
+hook 的 cleanup 函数（组件卸载时的 `replBridgePermissionCallbacks = undefined`）是否完整调用。
+
+---
+
+## 10. MCP HTTP/SSE 缓冲区累积 (v2.1.97)
+
+
+**CHANGELOG 描述**：Fixed MCP HTTP/SSE connections accumulating ~50 MB/hr of unreleased buffers when servers reconnect
+
+### 实现位置
+
+- `src/services/api/claude.ts:1557-1564` — `releaseStreamResources()`
+- `src/cli/transports/SSETransport.ts:419` — `reader.releaseLock()`
+- `@modelcontextprotocol/sdk` (sse.js, streamableHttp.js) — `response.body?.cancel()`
+
+### 修复方式
+
+1. **主动释放响应体**：`releaseStreamResources()` 清理 stream 和 response
+
+```typescript
+// claude.ts:1553-1564
+// Release all stream resources to prevent native memory leaks.
+// The Response object holds native TLS/socket buffers that live outside the
+// V8 heap (observed on the Node.js/npm path; see GH #32920), so we must
+// explicitly cancel and release it regardless of how the generator exits.
+function releaseStreamResources(): void {
+  cleanupStream(stream)
+  stream = undefined
+  if (streamResponse) {
+    streamResponse.body?.cancel().catch(() => {})
+    streamResponse = undefined
+  }
+}
+```
+
+2. **SSE 读取器释放**：
+
+```typescript
+// SSETransport.ts:418-419
+} finally {
+  reader.releaseLock()
+}
+```
+
+3. **MCP SDK 层面**：在所有 HTTP 路径（成功/失败/重连）调用 `response.body?.cancel()`
+
+---
+
+## 11. LRU 缓存键保留大 JSON (v2.1.89)
+
+**状态：已确认完整实现**
+
+
+**CHANGELOG 描述**：Fixed memory leak where large JSON inputs were retained as LRU cache keys in long-running sessions
+
+### 实现位置
+
+- `src/utils/fileStateCache.ts:37-48` — 大小计算修复
+- `src/utils/queryHelpers.ts:48-54` — 类型强制转换
+
+### 修复方式
+
+1. **正确计算缓存大小**：处理 `content` 为嵌套对象的情况
+
+```typescript
+// fileStateCache.ts:37-48
+sizeCalculation: value => {
+  const c = value.content
+  const s =
+    typeof c === 'string'
+      ? c
+      : c === null || c === undefined
+        ? ''
+        : typeof c === 'object'
+          ? JSON.stringify(c)
+          : String(c)
+  return Math.max(1, Buffer.byteLength(s, 'utf8'))
+}
+```
+
+2. **强制类型转换**：确保 Write 工具 content 始终为字符串
+
+```typescript
+// queryHelpers.ts:48-54
+function coerceToolContentToString(value: unknown): string {
+  if (typeof value === 'string') return value
+  if (value === null || value === undefined) return ''
+  if (typeof value === 'object') return JSON.stringify(value)
+  return String(value)
+}
+```
+
+---
+
+## 12. QueryEngine.mutableMessages 不收缩
+
+**状态：已修复**
+
+**代码注释描述**：`markers persist and re-trigger on every turn, and mutableMessages never shrinks (memory leak in long SDK sessions)`（`src/QueryEngine.ts:929-930`）
+
+### 实现位置
+
+- `src/services/compact/snipCompact.ts` — **存根文件**
+- `src/QueryEngine.ts:925-962` — 消息处理逻辑
+
+### 问题详情
+
+`mutableMessages` 数组只增不减，每轮对话 push 多条消息（assistant、progress、user、attachment 等）。清理依赖两条路径：
+
+**路径 1：API 返回 compact_boundary**（已实现）
+
+```typescript
+// QueryEngine.ts:946-962
+if (msg.subtype === 'compact_boundary' && msg.compactMetadata) {
+  const mutableBoundaryIdx = this.mutableMessages.length - 1
+  if (mutableBoundaryIdx > 0) {
+    this.mutableMessages.splice(0, mutableBoundaryIdx)  // 清理旧消息
+  }
+}
+```
+
+**路径 2：本地 snip 压缩**（存根 — 永不执行）
+
+```typescript
+// snipCompact.ts — 完整文件
+// Auto-generated stub — replace with real implementation
+export {};
+import type { Message } from 'src/types/message';
+
+export const isSnipMarkerMessage: (message: Message) => boolean = () => false;
+export const snipCompactIfNeeded: (
+  messages: Message[],
+  options?: { force?: boolean },
+) => { messages: Message[]; executed: boolean; tokensFreed: number; boundaryMessage?: Message } = (messages) => ({
+  messages,
+  executed: false,   // 永远 false — 清理从不执行
+  tokensFreed: 0,
+});
+export const isSnipRuntimeEnabled: () => boolean = () => false;
+export const shouldNudgeForSnips: (messages: Message[]) => boolean = () => false;
+export const SNIP_NUDGE_TEXT: string = '';
+```
+
+`snipReplay` 回调依赖 `HISTORY_SNIP` feature flag，且调用的 `snipCompactIfNeeded` 永远返回 `executed: false`。
+
+```typescript
+// QueryEngine.ts:933-942
+const snipResult = this.config.snipReplay?.(msg, this.mutableMessages)
+if (snipResult !== undefined) {
+  if (snipResult.executed) {       // 永远是 false
+    this.mutableMessages.length = 0
+    this.mutableMessages.push(...snipResult.messages)
+  }
+  break
+}
+```
+
+### 风险评估
+
+- 在长时间 SDK 会话中，如果 API 不频繁返回 `compact_boundary`，`mutableMessages` 会持续增长
+- 每条消息可能包含大量内容（工具输出、文件内容等），长时间运行可能导致 GB 级内存占用
+- 这是当前代码库中**最明确的未实现内存泄漏点**
+
+---
+
+## 17. LSP Opened Files Map 不收缩
+
+**状态：已修复**
+
+**代码注释描述**：`closeFile()` 存在但未与 compact 流程集成（`LSPServerManager.ts:373-375` 显式标注为 TODO）
+
+### 实现位置
+
+- `src/services/lsp/LSPServerManager.ts:414-428` — `closeAllFiles()` 方法
+- `src/services/compact/postCompactCleanup.ts:81-88` — 集成调用
+
+### 问题详情
+
+`LSPServerManager` 中的 `openedFiles: Map<string, string>` 追踪所有通过 `didOpen` 打开的文件。`closeFile()` 方法存在可以发送 `didClose` 通知并清理 Map 条目，但代码注释明确标注：
+
+```
+NOTE: Currently available but not yet integrated with compact flow.
+TODO: Integrate with compact - call closeFile() when compact removes files from context
+```
+
+长时间会话中，每次读取/编辑文件都会通过 `openFile()` 添加条目，但 compaction 不会清理这些条目，导致 Map 无限增长。
+
+### 修复方式
+
+1. **添加 `closeAllFiles()` 方法**：遍历 `openedFiles` Map，对每个文件发送 `didClose` 通知，然后清空 Map。Best-effort 错误处理。
+
+```typescript
+async function closeAllFiles(): Promise<void> {
+  const entries = [...openedFiles.entries()]
+  openedFiles.clear()
+  for (const [fileUri, serverName] of entries) {
+    const server = servers.get(serverName)
+    if (!server || server.state !== 'running') continue
+    try {
+      await server.sendNotification('textDocument/didClose', {
+        textDocument: { uri: fileUri },
+      })
+    } catch {
+      // Best-effort — server may have stopped
+    }
+  }
+}
+```
+
+2. **集成到 `postCompactCleanup`**：在 compaction 后自动调用 `closeAllFiles()`，释放所有 LSP 服务器端的文件状态。
+
+```typescript
+// postCompactCleanup.ts
+try {
+  const lspManager = getLspServerManager()
+  if (lspManager) {
+    await lspManager.closeAllFiles()
+  }
+} catch {
+  // LSP module may not be available in all environments
+}
+```
+
+---
+
+## 总结
+
+```
+确认已实现 (12):  #1 图片  #2 /usage  #3 进度消息  #4 空闲渲染  #5 虚拟滚动器  #6 管道输出  #10 MCP缓冲区
+已修复 (7):       #7 语法加载  #8 NO_FLICKER  #9 RC权限  #11 LRU缓存键  #12 snipCompact  #17 LSP文件追踪  #18 Permission Polling
+
+### 测试覆盖
+
+| 修复项 | 测试文件 | 测试数 |
+|--------|----------|--------|
+| #12 snipCompact | `src/services/compact/__tests__/snipCompact.test.ts` | 17 |
+| #12 snipProjection | `src/services/compact/__tests__/snipProjection.test.ts` | 11 |
+| #8 StreamingToolExecutor | `src/services/tools/__tests__/StreamingToolExecutor.test.ts` | 7 |
+| #9 RC 权限 | `src/hooks/__tests__/replBridgePermissionHandlers.test.ts` | 8 |
+| #11 FileStateCache | `src/utils/__tests__/fileStateCache.test.ts` | 22 |
+| #7 语言注册 | `packages/color-diff-napi/src/__tests__/language-registration.test.ts` | 7 |
+| #18 Permission Polling | `src/hooks/__tests__/swarmPermissionPoller.test.ts` | 6 |
+| #17 LSP Opened Files | `src/services/lsp/__tests__/closeAllFiles.test.ts` | 5 |
+| **总计** | **8 个测试文件** | **83** |
+```
+
+### 需要关注的优先级
+
+1. ~~**P0 — `snipCompact.ts` 存根**~~ **已修复**
+2. ~~**P1 — 语法按需加载回退**~~ **已修复**
+3. ~~**P2 — NO_FLICKER 流状态**~~ **已修复**
+4. ~~**P2 — 空闲渲染循环**~~ **已确认完整**
+5. ~~**P2 — Permission Polling Interval**~~ **已修复**
+6. ~~**P2 — LSP Opened Files Map**~~ **已修复**：closeAllFiles() 集成到 postCompactCleanup

docs/memory-peak-analysis.md

@@ -0,0 +1,103 @@
+# 内存与性能峰值分析报告
+
+> 进程 bun，RSS 基线 **682 MB**，最差 **1.8 GB** | 2026-05-02 | **调研完成**（12 轮迭代）
+> 修复 commit：`ef10ad28` + `ab0bbbc4`（降 100-300 MB）| 架构限制：Bun mimalloc/JSC 不归还内存页（~150-250 MB 永久占用）
+
+## 已修复（10 项）
+
+| 问题 | 原峰值 | 修复 | 位置 |
+|------|--------|------|------|
+| 流式字符串拼接 O(n²) | 2-20 MB | `+=` → 数组累积 | `claude.ts:1834,2271` |
+| Messages.tsx 多次遍历 | 100-270 MB | 合并单次 pass | `Messages.tsx:417-418` |
+| ColorFile 无缓存 | 50-100 MB | LRU-50 | `HighlightedCode.tsx:14-61` |
+| Ink StylePool 无界 | 10-50+ MB | 1000 上限 | `@ant/ink/screen.ts:122` |
+| CompanionSprite 高频 | CPU | TICK_MS→1000ms | `CompanionSprite.tsx:15` |
+| MCP stderr 缓冲 | 1-640 MB | 64→8MB/server | `mcp-client/connection.ts:117` |
+| BashTool 输出缓冲 | 30-330 MB | 32→2MB | `stringUtils.ts:88` |
+| Transcript 写入队列 | 5-50 MB | 1000 上限 | `sessionStorage.ts:613-619` |
+| contentReplacementState | 持续增长 | compact 清理 | `compact/compact.ts` |
+| SSE 缓冲 | 无上限 | 1MB cap | SSE 处理代码 |
+
+## P0 — 核心瓶颈（6 项）
+
+| # | 问题 | 峰值 | 位置 | 建议 |
+|---|------|------|------|------|
+| 1 | 消息数组 7-8x spread 拷贝（turn 尾部 3-4 份同时驻留） | 120-320 MB | `query.ts` 7 处（:477,:491,:897,:1135,:1745,:1857,:1878） | 去掉 spread / 传引用 / 改 push |
+| 2 | AutoCompact 时序缺陷（检查在 API 前，增长在 API 后） | API 超限 | `query.ts:575` | 加入预测式阈值检查 |
+| 3 | reactiveCompact 空存根（API 413 时无紧急压缩） | 无降级 | `reactiveCompact.ts` 全文 | 实现真实逻辑 |
+| 4 | buildMessageLookups 8 Map/Set 重建（流式每个 delta 触发） | GC STW 100-173ms | `Messages.tsx:519` | 增量更新 / 拆分 useMemo 链 |
+| 5 | useDeferredValue 双缓冲 | 100-200 MB | `REPL.tsx:1569` | React 调度机制固有，优化空间有限 |
+| 6 | Compact 峰值窗口（preCompactReadFileState + summary + attachments） | 20-80 MB | `compact.ts:524-644` | 提前释放 preCompactReadFileState/summaryResponse |
+
+## P1 — 重要瓶颈（14 项）
+
+| # | 问题 | 峰值 | 位置 | 建议 |
+|---|------|------|------|------|
+| 7 | OpenAI/Gemini/Grok 兼容层 O(n²) 拼接 | 25-75 MB | 3 文件 9 处（`openai/index.ts:386`, `gemini/index.ts:148`, `grok/index.ts:163`） | 改数组累积（同 claude.ts 模式） |
+| 8 | messages.ts O(n²) 拼接 | 10-25 MB | `messages.ts:3252,3268` | 改数组累积 |
+| 9 | highlight.js 全量 192 语言（仅需 26 种） | 8-12 MB | `color-diff-napi/index.ts:21` | 自定义构建 |
+| 10 | hlLineCache 模块级单例 2048 条目 | ~4 MB | `color-diff-napi/index.ts:508` | 改 LRU + size 上限 |
+| 11 | colorFileCache 3x 代码存储 | 2-5 MB | `HighlightedCode.tsx:14` | 移除 value 中 code 字段 |
+| 12 | 虚拟滚动 200 组件常驻 | 50 MB | `useVirtualScroll.ts` | 降低 OVERSCAN_ROWS / MAX_MOUNTED_ITEMS |
+| 13 | FileReadTool 大文件（输出上限 100K 字符，但读取期间完整加载） | 临时数 MB | `FileReadTool.ts:342` | 读取前检测大小，流式截断 |
+| 14 | Session 恢复全量加载（磁盘→JSON→REPL 三阶段） | 200-300 MB | `sessionStorage.ts:3482` | 流式 JSONL / 增量恢复 |
+| 15 | Session 写入 100MB 累积 | ~100 MB | `sessionStorage.ts:652` | 流式写入 |
+| 16 | Forked Agent FileStateCache 完整克隆 | 50N MB | `forkedAgent.ts:382` | 共享/分层缓存（agent 用 10MB） |
+| 17 | GC 阈值 350MB < 基线（每秒无意义强制 GC） | CPU 浪费 | `cli/print.ts:554` | 提高到 800MB+ |
+| 18 | PDF 100 页处理 | ~100 MB | `apiLimits.ts:54` | 分页流式处理 |
+| 19 | 图片单张处理（base64→解码→resize） | ~16 MB/张 | `apiLimits.ts:22` | 流式 resize |
+| 20 | token 估算 ±25-50% 误差放大时序问题 | 阈值不准 | `tokenEstimation.ts:215` | 内容类型感知估算 |
+
+## P2 — 次要问题（10 项）
+
+| # | 问题 | 峰值 | 位置 |
+|---|------|------|------|
+| 21 | lastAPIRequestMessages 常驻 | 30-50 MB | `bootstrap/state.ts:118` |
+| 22 | MCP Tool Schema 双重存储 | ~40 MB | `manager.ts:73` + `AppStateStore.ts:175` |
+| 23 | ContentReplacementState 单调增长 | 0.5-2 MB | `toolResultStorage.ts:390` |
+| 24 | Perfetto 100K 事件 | ~30 MB | `perfettoTracing.ts:106` |
+| 25 | StreamingMarkdown 双渲染 | 临时 | `Markdown.tsx:185` |
+| 26 | MarkdownTable 3 次遍历 | CPU 峰值 | `MarkdownTable.tsx:99` |
+| 27 | 搜索索引 WeakMap | 5-10 MB | `transcriptSearch.ts:17` |
+| 28 | ACP FileStateCache/会话 | 50 MB | `acp/agent.ts:554` |
+| 29 | Agent initialMessages 浅拷贝 | 1-5 MB/agent | `runAgent.ts:382` |
+| 30 | Hook 结果累积 | ~1 MB+ | `toolExecution.ts:1474` |
+
+## CPU / 渲染热点
+
+| # | 问题 | 影响 | 位置 |
+|---|------|------|------|
+| C2 | Ink 每次 React commit 触发 Yoga 布局 | ~1-3ms/commit | `reconciler.ts:279` → `ink.tsx:323` |
+| C3 | MessageRow 挂载 ~1.5ms（React/Yoga/Ink 管线开销） | 批量挂载 ~290ms 卡顿 | `useVirtualScroll.ts` |
+| C4 | 布局偏移触发全屏 damage | O(rows×cols) | `ink.tsx:655-661` |
+| C9 | 同步 fs 操作阻塞主线程 | 间歇卡顿 | `projectOnboardingState.ts:20` 等 |
+
+已有缓解：React ConcurrentRoot 批处理、帧率限制 16ms、虚拟滚动 overscan 80 + SLIDE_STEP=25 + useDeferredValue、Markdown tokenCache LRU-500 + hasMarkdownSyntax 快速路径、Yoga 增量缓存。
+
+## 已否认（12 轮汇总）
+
+VSZ 516 GB 是虚拟映射 | Zod ~650KB | Markdown LRU-500 已优化 | useSkillsChange/useSettingsChange 正确 cleanup | useInboxPoller 收敛设计（非循环）| React Compiler `_c(N)` 未使用 | File watchers ~5KB | React reconciler WeakMap + freeRecursive | Ink 屏幕缓冲 ~86KB | CharPool/HyperlinkPool ~1-5MB 5min 重置 | AWS/Google/Azure SDK 均懒加载 | Sentry 空实现 | useCallback 闭包通过 messagesRef 规避（无泄漏）| MCP stderrHandler 有 64MB cap + cleanup | useRef 有 clearConversation/compact 清理 | apiMetricsRef turn 结束重置 | useEffect 有 cleanup 函数 | lodash-es tree-shakable | AppState useSyncExternalStore 仅相关切片更新 | SDK 无全局重试队列 | Ink unmount 有清理
+
+## 结论
+
+**内存根因排序**：
+1. 消息数组 7-8x spread 拷贝（120-320 MB）— 核心瓶颈
+2. useDeferredValue 双缓冲 + React useMemo 链全量重算（100-200 MB + GC STW）
+3. Session 恢复/写入峰值（200-300 MB）
+4. AutoCompact 时序缺陷 + reactiveCompact 空存根（API 超限风险）
+5. Forked Agent FileStateCache 克隆（50N MB）
+6. 虚拟滚动 200 组件 ~50MB 常驻
+7. Bun/JSC 不归还内存页（架构级）
+
+**CPU 根因**：useInboxPoller 每秒轮询 → React commit → Yoga 布局 → 全屏 Ink diff 完整管线。Markdown 渲染批量挂载时 ~290ms 卡顿。
+
+**预估优化空间**：
+
+| 优先级 | 措施数 | 预估降低 |
+|--------|--------|----------|
+| P0 | 6 | 240-600 MB |
+| P1 | 14 | 300-600 MB |
+| P2 | 10 | 80-200 MB |
+| **合计** | **30 项** | **620-1400 MB** |
+
+理论可从 400-700 MB 降至 **200-350 MB**（受 mimalloc/JSC 架构限制约束）。

docs/tools/file-operations.mdx

@@ -12,12 +12,12 @@ Claude Code 将文件操作拆分为三个独立工具——这不是功能划
 
 | 工具 | 权限级别 | 核心方法 | 关键属性 |
 |------|---------|---------|---------|
-| **Read** | 只读（免审批） | `isReadOnly() → true` | `maxResultSizeChars: Infinity` |
+| **Read** | 只读（免审批） | `isReadOnly() → true` | `maxResultSizeChars: 100,000` |
 | **Edit** | 写入（需确认） | `checkWritePermissionForTool()` | `maxResultSizeChars: 100,000` |
 | **Write** | 写入（需确认） | `checkWritePermissionForTool()` | `maxResultSizeChars: 100,000` |
 
 <Tip>
-Read 的 `maxResultSizeChars` 是 `Infinity`，但这并不意味着无限制输出——真正的截断发生在 `validateContentTokens()` 中基于 token 预算的动态判定，而非字符数硬限制。
+Read 的 `maxResultSizeChars` 为 100,000（100KB）。超出此阈值的结果会被持久化到磁盘，减少长会话的内存压力。实际的 token 级别截断由 `validateContentTokens()` 动态控制。
 </Tip>
 
 ## FileRead：多模态文件读取引擎

knip.json

@@ -1,22 +1,22 @@
 {
-	"$schema": "https://unpkg.com/knip@6/schema.json",
-	"entry": ["src/entrypoints/cli.tsx"],
-	"project": ["src/**/*.{ts,tsx}"],
-	"ignore": ["src/types/**", "src/**/*.d.ts"],
-	"ignoreDependencies": [
-		"@ant/*",
-		"react-compiler-runtime",
-		"@anthropic-ai/mcpb",
-		"@anthropic-ai/sandbox-runtime"
-	],
-	"ignoreBinaries": ["bun"],
-	"workspaces": {
-		"packages/*": {
-			"entry": ["src/index.ts"],
-			"project": ["src/**/*.ts"]
-		},
-		"packages/@ant/*": {
-			"ignore": ["**"]
-		}
-	}
+  "$schema": "https://unpkg.com/knip@6/schema.json",
+  "entry": ["src/entrypoints/cli.tsx"],
+  "project": ["src/**/*.{ts,tsx}"],
+  "ignore": ["src/types/**", "src/**/*.d.ts"],
+  "ignoreDependencies": [
+    "@ant/*",
+    "react-compiler-runtime",
+    "@anthropic-ai/mcpb",
+    "@anthropic-ai/sandbox-runtime"
+  ],
+  "ignoreBinaries": ["bun"],
+  "workspaces": {
+    "packages/*": {
+      "entry": ["src/index.ts"],
+      "project": ["src/**/*.ts"]
+    },
+    "packages/@ant/*": {
+      "ignore": ["**"]
+    }
+  }
 }

learn/phase-2-qa.md

@@ -175,7 +175,7 @@ F.   getCompletedResults() → 空
 
 ---
 
-#### #8 stream_event (input_json_delta: '{"file_path":')
+#### #8 stream_event (input_json_delta: `'{"file_path":'`)
 
 ```
 D. yield message  ✅ → REPL 追加工具输入 JSON 碎片

package.json

@@ -1,6 +1,6 @@
 {
   "name": "claude-code-best",
-  "version": "1.9.2",
+  "version": "2.0.4",
   "description": "Reverse-engineered Anthropic Claude Code CLI — interactive AI coding assistant in the terminal",
   "type": "module",
   "author": "claude-code-best <claude-code-best@proton.me>",
@@ -22,7 +22,7 @@
     "repl"
   ],
   "engines": {
-    "bun": ">=1.2.0"
+    "bun": ">=1.3.0"
   },
   "bin": {
     "ccb": "dist/cli-node.js",
@@ -48,9 +48,12 @@
     "dev": "bun run scripts/dev.ts",
     "dev:inspect": "bun run scripts/dev-debug.ts",
     "prepublishOnly": "bun run build:vite",
-    "lint": "biome lint src/",
-    "lint:fix": "biome lint --fix src/",
-    "format": "biome format --write src/",
+    "lint": "biome lint .",
+    "lint:fix": "biome lint --fix .",
+    "format": "biome format --write .",
+    "check": "biome check .",
+    "check:fix": "biome check --fix .",
+    "prepare": "husky",
     "test": "bun test",
     "test:production": "bun run scripts/production-test.ts",
     "test:production:offline": "bun run scripts/production-test.ts --offline",
@@ -62,7 +65,7 @@
     "postinstall": "node scripts/run-parallel.mjs scripts/postinstall.cjs scripts/setup-chrome-mcp.mjs",
     "docs:dev": "npx mintlify dev",
     "typecheck": "tsc --noEmit",
-    "test:all": "bun run typecheck && bun test",
+    "precheck": "bun run typecheck && bun run check:fix && bun test",
     "rcs": "bun run scripts/rcs.ts"
   },
   "dependencies": {
@@ -73,24 +76,24 @@
   },
   "devDependencies": {
     "@alcalzone/ansi-tokenize": "^0.3.0",
-    "@ant/model-provider": "workspace:*",
     "@ant/claude-for-chrome-mcp": "workspace:*",
     "@ant/computer-use-input": "workspace:*",
     "@ant/computer-use-mcp": "workspace:*",
     "@ant/computer-use-swift": "workspace:*",
-    "@anthropic-ai/bedrock-sdk": "^0.26.4",
+    "@ant/model-provider": "workspace:*",
+    "@anthropic-ai/bedrock-sdk": "^0.29.0",
     "@anthropic-ai/claude-agent-sdk": "^0.2.114",
     "@anthropic-ai/foundry-sdk": "^0.2.3",
     "@anthropic-ai/mcpb": "^2.1.2",
     "@anthropic-ai/sandbox-runtime": "^0.0.44",
-    "@anthropic-ai/sdk": "^0.80.0",
-    "@anthropic-ai/vertex-sdk": "^0.14.4",
+    "@anthropic-ai/sdk": "^0.81.0",
+    "@anthropic-ai/vertex-sdk": "^0.16.0",
     "@anthropic/ink": "workspace:*",
-    "@aws-sdk/client-bedrock": "^3.1032.0",
-    "@aws-sdk/client-bedrock-runtime": "^3.1032.0",
-    "@aws-sdk/client-sts": "^3.1032.0",
-    "@aws-sdk/credential-provider-node": "^3.972.32",
-    "@aws-sdk/credential-providers": "^3.1032.0",
+    "@aws-sdk/client-bedrock": "^3.1037.0",
+    "@aws-sdk/client-bedrock-runtime": "^3.1037.0",
+    "@aws-sdk/client-sts": "^3.1037.0",
+    "@aws-sdk/credential-provider-node": "^3.972.36",
+    "@aws-sdk/credential-providers": "^3.1037.0",
     "@azure/identity": "^4.13.1",
     "@biomejs/biome": "^2.4.12",
     "@claude-code-best/agent-tools": "workspace:*",
@@ -103,20 +106,20 @@
     "@langfuse/tracing": "^5.1.0",
     "@modelcontextprotocol/sdk": "^1.29.0",
     "@opentelemetry/api": "^1.9.1",
-    "@opentelemetry/api-logs": "^0.214.0",
+    "@opentelemetry/api-logs": "^0.215.0",
     "@opentelemetry/core": "^2.7.0",
-    "@opentelemetry/exporter-logs-otlp-grpc": "^0.214.0",
-    "@opentelemetry/exporter-logs-otlp-http": "^0.214.0",
-    "@opentelemetry/exporter-logs-otlp-proto": "^0.214.0",
-    "@opentelemetry/exporter-metrics-otlp-grpc": "^0.214.0",
-    "@opentelemetry/exporter-metrics-otlp-http": "^0.214.0",
-    "@opentelemetry/exporter-metrics-otlp-proto": "^0.214.0",
-    "@opentelemetry/exporter-prometheus": "^0.214.0",
-    "@opentelemetry/exporter-trace-otlp-grpc": "^0.214.0",
-    "@opentelemetry/exporter-trace-otlp-http": "^0.214.0",
-    "@opentelemetry/exporter-trace-otlp-proto": "^0.214.0",
+    "@opentelemetry/exporter-logs-otlp-grpc": "^0.215.0",
+    "@opentelemetry/exporter-logs-otlp-http": "^0.215.0",
+    "@opentelemetry/exporter-logs-otlp-proto": "^0.215.0",
+    "@opentelemetry/exporter-metrics-otlp-grpc": "^0.215.0",
+    "@opentelemetry/exporter-metrics-otlp-http": "^0.215.0",
+    "@opentelemetry/exporter-metrics-otlp-proto": "^0.215.0",
+    "@opentelemetry/exporter-prometheus": "^0.215.0",
+    "@opentelemetry/exporter-trace-otlp-grpc": "^0.215.0",
+    "@opentelemetry/exporter-trace-otlp-http": "^0.215.0",
+    "@opentelemetry/exporter-trace-otlp-proto": "^0.215.0",
     "@opentelemetry/resources": "^2.7.0",
-    "@opentelemetry/sdk-logs": "^0.214.0",
+    "@opentelemetry/sdk-logs": "^0.215.0",
     "@opentelemetry/sdk-metrics": "^2.7.0",
     "@opentelemetry/sdk-trace-base": "^2.7.0",
     "@opentelemetry/semantic-conventions": "^1.40.0",
@@ -144,7 +147,7 @@
     "asciichart": "^1.5.25",
     "audio-capture-napi": "workspace:*",
     "auto-bind": "^5.0.1",
-    "axios": "^1.15.0",
+    "axios": "^1.15.2",
     "bidi-js": "^1.0.3",
     "cacache": "^20.0.4",
     "chalk": "^5.6.2",
@@ -164,11 +167,13 @@
     "google-auth-library": "^10.6.2",
     "he": "^1.2.0",
     "https-proxy-agent": "^8.0.0",
+    "husky": "^9.1.7",
     "ignore": "^7.0.5",
     "image-processor-napi": "workspace:*",
     "indent-string": "^5.0.0",
     "jsonc-parser": "^3.3.1",
     "knip": "^6.4.1",
+    "lint-staged": "^16.4.0",
     "lodash-es": "^4.18.1",
     "lru-cache": "^11.3.5",
     "marked": "^17.0.6",
@@ -205,5 +210,24 @@
     "xss": "^1.0.15",
     "yaml": "^2.8.3",
     "zod": "^4.3.6"
+  },
+  "optionalDependencies": {
+    "doubaoime-asr": "^0.1.0"
+  },
+  "overrides": {
+    "@inquirer/prompts": "8.4.2",
+    "@xmldom/xmldom": "0.8.13",
+    "follow-redirects": "1.16.0",
+    "hono": "4.12.15",
+    "postcss": "8.5.10",
+    "uuid": "14.0.0"
+  },
+  "lint-staged": {
+    "*.{ts,tsx,js,mjs,jsx}": [
+      "biome check --fix --no-errors-on-unmatched"
+    ],
+    "*.{json,jsonc}": [
+      "biome format --write --no-errors-on-unmatched"
+    ]
   }
 }

packages/@ant/claude-for-chrome-mcp/package.json

@@ -1,8 +1,8 @@
 {
-    "name": "@ant/claude-for-chrome-mcp",
-    "version": "1.0.0",
-    "private": true,
-    "type": "module",
-    "main": "./src/index.ts",
-    "types": "./src/index.ts"
+  "name": "@ant/claude-for-chrome-mcp",
+  "version": "1.0.0",
+  "private": true,
+  "type": "module",
+  "main": "./src/index.ts",
+  "types": "./src/index.ts"
 }

packages/@ant/claude-for-chrome-mcp/src/browserTools.ts

@@ -1,546 +1,546 @@
 export const BROWSER_TOOLS = [
   {
-    name: "javascript_tool",
+    name: 'javascript_tool',
     description:
       "Execute JavaScript code in the context of the current page. The code runs in the page's context and can interact with the DOM, window object, and page variables. Returns the result of the last expression or any thrown errors. If you don't have a valid tab ID, use tabs_context_mcp first to get available tabs.",
     inputSchema: {
-      type: "object",
+      type: 'object',
       properties: {
         action: {
-          type: "string",
+          type: 'string',
           description: "Must be set to 'javascript_exec'",
         },
         text: {
-          type: "string",
+          type: 'string',
           description:
             "The JavaScript code to execute. The code will be evaluated in the page context. The result of the last expression will be returned automatically. Do NOT use 'return' statements - just write the expression you want to evaluate (e.g., 'window.myData.value' not 'return window.myData.value'). You can access and modify the DOM, call page functions, and interact with page variables.",
         },
         tabId: {
-          type: "number",
+          type: 'number',
           description:
             "Tab ID to execute the code in. Must be a tab in the current group. Use tabs_context_mcp first if you don't have a valid tab ID.",
         },
       },
-      required: ["action", "text", "tabId"],
+      required: ['action', 'text', 'tabId'],
     },
   },
   {
-    name: "read_page",
+    name: 'read_page',
     description:
       "Get an accessibility tree representation of elements on the page. By default returns all elements including non-visible ones. Output is limited to 50000 characters by default. If the output exceeds this limit, you will receive an error asking you to specify a smaller depth or focus on a specific element using ref_id. Optionally filter for only interactive elements. If you don't have a valid tab ID, use tabs_context_mcp first to get available tabs.",
     inputSchema: {
-      type: "object",
+      type: 'object',
       properties: {
         filter: {
-          type: "string",
-          enum: ["interactive", "all"],
+          type: 'string',
+          enum: ['interactive', 'all'],
           description:
             'Filter elements: "interactive" for buttons/links/inputs only, "all" for all elements including non-visible ones (default: all elements)',
         },
         tabId: {
-          type: "number",
+          type: 'number',
           description:
             "Tab ID to read from. Must be a tab in the current group. Use tabs_context_mcp first if you don't have a valid tab ID.",
         },
         depth: {
-          type: "number",
+          type: 'number',
           description:
-            "Maximum depth of the tree to traverse (default: 15). Use a smaller depth if output is too large.",
+            'Maximum depth of the tree to traverse (default: 15). Use a smaller depth if output is too large.',
         },
         ref_id: {
-          type: "string",
+          type: 'string',
           description:
-            "Reference ID of a parent element to read. Will return the specified element and all its children. Use this to focus on a specific part of the page when output is too large.",
+            'Reference ID of a parent element to read. Will return the specified element and all its children. Use this to focus on a specific part of the page when output is too large.',
         },
         max_chars: {
-          type: "number",
+          type: 'number',
           description:
-            "Maximum characters for output (default: 50000). Set to a higher value if your client can handle large outputs.",
+            'Maximum characters for output (default: 50000). Set to a higher value if your client can handle large outputs.',
         },
       },
-      required: ["tabId"],
+      required: ['tabId'],
     },
   },
   {
-    name: "find",
+    name: 'find',
     description:
       'Find elements on the page using natural language. Can search for elements by their purpose (e.g., "search bar", "login button") or by text content (e.g., "organic mango product"). Returns up to 20 matching elements with references that can be used with other tools. If more than 20 matches exist, you\'ll be notified to use a more specific query. If you don\'t have a valid tab ID, use tabs_context_mcp first to get available tabs.',
     inputSchema: {
-      type: "object",
+      type: 'object',
       properties: {
         query: {
-          type: "string",
+          type: 'string',
           description:
             'Natural language description of what to find (e.g., "search bar", "add to cart button", "product title containing organic")',
         },
         tabId: {
-          type: "number",
+          type: 'number',
           description:
             "Tab ID to search in. Must be a tab in the current group. Use tabs_context_mcp first if you don't have a valid tab ID.",
         },
       },
-      required: ["query", "tabId"],
+      required: ['query', 'tabId'],
     },
   },
   {
-    name: "form_input",
+    name: 'form_input',
     description:
       "Set values in form elements using element reference ID from the read_page tool. If you don't have a valid tab ID, use tabs_context_mcp first to get available tabs.",
     inputSchema: {
-      type: "object",
+      type: 'object',
       properties: {
         ref: {
-          type: "string",
+          type: 'string',
           description:
             'Element reference ID from the read_page tool (e.g., "ref_1", "ref_2")',
         },
         value: {
-          type: ["string", "boolean", "number"],
+          type: ['string', 'boolean', 'number'],
           description:
-            "The value to set. For checkboxes use boolean, for selects use option value or text, for other inputs use appropriate string/number",
+            'The value to set. For checkboxes use boolean, for selects use option value or text, for other inputs use appropriate string/number',
         },
         tabId: {
-          type: "number",
+          type: 'number',
           description:
             "Tab ID to set form value in. Must be a tab in the current group. Use tabs_context_mcp first if you don't have a valid tab ID.",
         },
       },
-      required: ["ref", "value", "tabId"],
+      required: ['ref', 'value', 'tabId'],
     },
   },
   {
-    name: "computer",
+    name: 'computer',
     description: `Use a mouse and keyboard to interact with a web browser, and take screenshots. If you don't have a valid tab ID, use tabs_context_mcp first to get available tabs.\n* Whenever you intend to click on an element like an icon, you should consult a screenshot to determine the coordinates of the element before moving the cursor.\n* If you tried clicking on a program or link but it failed to load, even after waiting, try adjusting your click location so that the tip of the cursor visually falls on the element that you want to click.\n* Make sure to click any buttons, links, icons, etc with the cursor tip in the center of the element. Don't click boxes on their edges unless asked.`,
     inputSchema: {
-      type: "object",
+      type: 'object',
       properties: {
         action: {
-          type: "string",
+          type: 'string',
           enum: [
-            "left_click",
-            "right_click",
-            "type",
-            "screenshot",
-            "wait",
-            "scroll",
-            "key",
-            "left_click_drag",
-            "double_click",
-            "triple_click",
-            "zoom",
-            "scroll_to",
-            "hover",
+            'left_click',
+            'right_click',
+            'type',
+            'screenshot',
+            'wait',
+            'scroll',
+            'key',
+            'left_click_drag',
+            'double_click',
+            'triple_click',
+            'zoom',
+            'scroll_to',
+            'hover',
           ],
           description:
-            "The action to perform:\n* `left_click`: Click the left mouse button at the specified coordinates.\n* `right_click`: Click the right mouse button at the specified coordinates to open context menus.\n* `double_click`: Double-click the left mouse button at the specified coordinates.\n* `triple_click`: Triple-click the left mouse button at the specified coordinates.\n* `type`: Type a string of text.\n* `screenshot`: Take a screenshot of the screen.\n* `wait`: Wait for a specified number of seconds.\n* `scroll`: Scroll up, down, left, or right at the specified coordinates.\n* `key`: Press a specific keyboard key.\n* `left_click_drag`: Drag from start_coordinate to coordinate.\n* `zoom`: Take a screenshot of a specific region for closer inspection.\n* `scroll_to`: Scroll an element into view using its element reference ID from read_page or find tools.\n* `hover`: Move the mouse cursor to the specified coordinates or element without clicking. Useful for revealing tooltips, dropdown menus, or triggering hover states.",
+            'The action to perform:\n* `left_click`: Click the left mouse button at the specified coordinates.\n* `right_click`: Click the right mouse button at the specified coordinates to open context menus.\n* `double_click`: Double-click the left mouse button at the specified coordinates.\n* `triple_click`: Triple-click the left mouse button at the specified coordinates.\n* `type`: Type a string of text.\n* `screenshot`: Take a screenshot of the screen.\n* `wait`: Wait for a specified number of seconds.\n* `scroll`: Scroll up, down, left, or right at the specified coordinates.\n* `key`: Press a specific keyboard key.\n* `left_click_drag`: Drag from start_coordinate to coordinate.\n* `zoom`: Take a screenshot of a specific region for closer inspection.\n* `scroll_to`: Scroll an element into view using its element reference ID from read_page or find tools.\n* `hover`: Move the mouse cursor to the specified coordinates or element without clicking. Useful for revealing tooltips, dropdown menus, or triggering hover states.',
         },
         coordinate: {
-          type: "array",
-          items: { type: "number" },
+          type: 'array',
+          items: { type: 'number' },
           minItems: 2,
           maxItems: 2,
           description:
-            "(x, y): The x (pixels from the left edge) and y (pixels from the top edge) coordinates. Required for `left_click`, `right_click`, `double_click`, `triple_click`, and `scroll`. For `left_click_drag`, this is the end position.",
+            '(x, y): The x (pixels from the left edge) and y (pixels from the top edge) coordinates. Required for `left_click`, `right_click`, `double_click`, `triple_click`, and `scroll`. For `left_click_drag`, this is the end position.',
         },
         text: {
-          type: "string",
+          type: 'string',
           description:
             'The text to type (for `type` action) or the key(s) to press (for `key` action). For `key` action: Provide space-separated keys (e.g., "Backspace Backspace Delete"). Supports keyboard shortcuts using the platform\'s modifier key (use "cmd" on Mac, "ctrl" on Windows/Linux, e.g., "cmd+a" or "ctrl+a" for select all).',
         },
         duration: {
-          type: "number",
+          type: 'number',
           minimum: 0,
           maximum: 30,
           description:
-            "The number of seconds to wait. Required for `wait`. Maximum 30 seconds.",
+            'The number of seconds to wait. Required for `wait`. Maximum 30 seconds.',
         },
         scroll_direction: {
-          type: "string",
-          enum: ["up", "down", "left", "right"],
-          description: "The direction to scroll. Required for `scroll`.",
+          type: 'string',
+          enum: ['up', 'down', 'left', 'right'],
+          description: 'The direction to scroll. Required for `scroll`.',
         },
         scroll_amount: {
-          type: "number",
+          type: 'number',
           minimum: 1,
           maximum: 10,
           description:
-            "The number of scroll wheel ticks. Optional for `scroll`, defaults to 3.",
+            'The number of scroll wheel ticks. Optional for `scroll`, defaults to 3.',
         },
         start_coordinate: {
-          type: "array",
-          items: { type: "number" },
+          type: 'array',
+          items: { type: 'number' },
           minItems: 2,
           maxItems: 2,
           description:
-            "(x, y): The starting coordinates for `left_click_drag`.",
+            '(x, y): The starting coordinates for `left_click_drag`.',
         },
         region: {
-          type: "array",
-          items: { type: "number" },
+          type: 'array',
+          items: { type: 'number' },
           minItems: 4,
           maxItems: 4,
           description:
-            "(x0, y0, x1, y1): The rectangular region to capture for `zoom`. Coordinates define a rectangle from top-left (x0, y0) to bottom-right (x1, y1) in pixels from the viewport origin. Required for `zoom` action. Useful for inspecting small UI elements like icons, buttons, or text.",
+            '(x0, y0, x1, y1): The rectangular region to capture for `zoom`. Coordinates define a rectangle from top-left (x0, y0) to bottom-right (x1, y1) in pixels from the viewport origin. Required for `zoom` action. Useful for inspecting small UI elements like icons, buttons, or text.',
         },
         repeat: {
-          type: "number",
+          type: 'number',
           minimum: 1,
           maximum: 100,
           description:
-            "Number of times to repeat the key sequence. Only applicable for `key` action. Must be a positive integer between 1 and 100. Default is 1. Useful for navigation tasks like pressing arrow keys multiple times.",
+            'Number of times to repeat the key sequence. Only applicable for `key` action. Must be a positive integer between 1 and 100. Default is 1. Useful for navigation tasks like pressing arrow keys multiple times.',
         },
         ref: {
-          type: "string",
+          type: 'string',
           description:
             'Element reference ID from read_page or find tools (e.g., "ref_1", "ref_2"). Required for `scroll_to` action. Can be used as alternative to `coordinate` for click actions.',
         },
         modifiers: {
-          type: "string",
+          type: 'string',
           description:
             'Modifier keys for click actions. Supports: "ctrl", "shift", "alt", "cmd" (or "meta"), "win" (or "windows"). Can be combined with "+" (e.g., "ctrl+shift", "cmd+alt"). Optional.',
         },
         tabId: {
-          type: "number",
+          type: 'number',
           description:
             "Tab ID to execute the action on. Must be a tab in the current group. Use tabs_context_mcp first if you don't have a valid tab ID.",
         },
       },
-      required: ["action", "tabId"],
+      required: ['action', 'tabId'],
     },
   },
   {
-    name: "navigate",
+    name: 'navigate',
     description:
       "Navigate to a URL, or go forward/back in browser history. If you don't have a valid tab ID, use tabs_context_mcp first to get available tabs.",
     inputSchema: {
-      type: "object",
+      type: 'object',
       properties: {
         url: {
-          type: "string",
+          type: 'string',
           description:
             'The URL to navigate to. Can be provided with or without protocol (defaults to https://). Use "forward" to go forward in history or "back" to go back in history.',
         },
         tabId: {
-          type: "number",
+          type: 'number',
           description:
             "Tab ID to navigate. Must be a tab in the current group. Use tabs_context_mcp first if you don't have a valid tab ID.",
         },
       },
-      required: ["url", "tabId"],
+      required: ['url', 'tabId'],
     },
   },
   {
-    name: "resize_window",
+    name: 'resize_window',
     description:
       "Resize the current browser window to specified dimensions. Useful for testing responsive designs or setting up specific screen sizes. If you don't have a valid tab ID, use tabs_context_mcp first to get available tabs.",
     inputSchema: {
-      type: "object",
+      type: 'object',
       properties: {
         width: {
-          type: "number",
-          description: "Target window width in pixels",
+          type: 'number',
+          description: 'Target window width in pixels',
         },
         height: {
-          type: "number",
-          description: "Target window height in pixels",
+          type: 'number',
+          description: 'Target window height in pixels',
         },
         tabId: {
-          type: "number",
+          type: 'number',
           description:
             "Tab ID to get the window for. Must be a tab in the current group. Use tabs_context_mcp first if you don't have a valid tab ID.",
         },
       },
-      required: ["width", "height", "tabId"],
+      required: ['width', 'height', 'tabId'],
     },
   },
   {
-    name: "gif_creator",
+    name: 'gif_creator',
     description:
       "Manage GIF recording and export for browser automation sessions. Control when to start/stop recording browser actions (clicks, scrolls, navigation), then export as an animated GIF with visual overlays (click indicators, action labels, progress bar, watermark). All operations are scoped to the tab's group. When starting recording, take a screenshot immediately after to capture the initial state as the first frame. When stopping recording, take a screenshot immediately before to capture the final state as the last frame. For export, either provide 'coordinate' to drag/drop upload to a page element, or set 'download: true' to download the GIF.",
     inputSchema: {
-      type: "object",
+      type: 'object',
       properties: {
         action: {
-          type: "string",
-          enum: ["start_recording", "stop_recording", "export", "clear"],
+          type: 'string',
+          enum: ['start_recording', 'stop_recording', 'export', 'clear'],
           description:
             "Action to perform: 'start_recording' (begin capturing), 'stop_recording' (stop capturing but keep frames), 'export' (generate and export GIF), 'clear' (discard frames)",
         },
         tabId: {
-          type: "number",
+          type: 'number',
           description:
-            "Tab ID to identify which tab group this operation applies to",
+            'Tab ID to identify which tab group this operation applies to',
         },
         download: {
-          type: "boolean",
+          type: 'boolean',
           description:
             "Always set this to true for the 'export' action only. This causes the gif to be downloaded in the browser.",
         },
         filename: {
-          type: "string",
+          type: 'string',
           description:
             "Optional filename for exported GIF (default: 'recording-[timestamp].gif'). For 'export' action only.",
         },
         options: {
-          type: "object",
+          type: 'object',
           description:
             "Optional GIF enhancement options for 'export' action. Properties: showClickIndicators (bool), showDragPaths (bool), showActionLabels (bool), showProgressBar (bool), showWatermark (bool), quality (number 1-30). All default to true except quality (default: 10).",
           properties: {
             showClickIndicators: {
-              type: "boolean",
+              type: 'boolean',
               description:
-                "Show orange circles at click locations (default: true)",
+                'Show orange circles at click locations (default: true)',
             },
             showDragPaths: {
-              type: "boolean",
-              description: "Show red arrows for drag actions (default: true)",
+              type: 'boolean',
+              description: 'Show red arrows for drag actions (default: true)',
             },
             showActionLabels: {
-              type: "boolean",
+              type: 'boolean',
               description:
-                "Show black labels describing actions (default: true)",
+                'Show black labels describing actions (default: true)',
             },
             showProgressBar: {
-              type: "boolean",
-              description: "Show orange progress bar at bottom (default: true)",
+              type: 'boolean',
+              description: 'Show orange progress bar at bottom (default: true)',
             },
             showWatermark: {
-              type: "boolean",
-              description: "Show Claude logo watermark (default: true)",
+              type: 'boolean',
+              description: 'Show Claude logo watermark (default: true)',
             },
             quality: {
-              type: "number",
+              type: 'number',
               description:
-                "GIF compression quality, 1-30 (lower = better quality, slower encoding). Default: 10",
+                'GIF compression quality, 1-30 (lower = better quality, slower encoding). Default: 10',
             },
           },
         },
       },
-      required: ["action", "tabId"],
+      required: ['action', 'tabId'],
     },
   },
   {
-    name: "upload_image",
+    name: 'upload_image',
     description:
-      "Upload a previously captured screenshot or user-uploaded image to a file input or drag & drop target. Supports two approaches: (1) ref - for targeting specific elements, especially hidden file inputs, (2) coordinate - for drag & drop to visible locations like Google Docs. Provide either ref or coordinate, not both.",
+      'Upload a previously captured screenshot or user-uploaded image to a file input or drag & drop target. Supports two approaches: (1) ref - for targeting specific elements, especially hidden file inputs, (2) coordinate - for drag & drop to visible locations like Google Docs. Provide either ref or coordinate, not both.',
     inputSchema: {
-      type: "object",
+      type: 'object',
       properties: {
         imageId: {
-          type: "string",
+          type: 'string',
           description:
             "ID of a previously captured screenshot (from the computer tool's screenshot action) or a user-uploaded image",
         },
         ref: {
-          type: "string",
+          type: 'string',
           description:
             'Element reference ID from read_page or find tools (e.g., "ref_1", "ref_2"). Use this for file inputs (especially hidden ones) or specific elements. Provide either ref or coordinate, not both.',
         },
         coordinate: {
-          type: "array",
+          type: 'array',
           items: {
-            type: "number",
+            type: 'number',
           },
           description:
-            "Viewport coordinates [x, y] for drag & drop to a visible location. Use this for drag & drop targets like Google Docs. Provide either ref or coordinate, not both.",
+            'Viewport coordinates [x, y] for drag & drop to a visible location. Use this for drag & drop targets like Google Docs. Provide either ref or coordinate, not both.',
         },
         tabId: {
-          type: "number",
+          type: 'number',
           description:
-            "Tab ID where the target element is located. This is where the image will be uploaded to.",
+            'Tab ID where the target element is located. This is where the image will be uploaded to.',
         },
         filename: {
-          type: "string",
+          type: 'string',
           description:
             'Optional filename for the uploaded file (default: "image.png")',
         },
       },
-      required: ["imageId", "tabId"],
+      required: ['imageId', 'tabId'],
     },
   },
   {
-    name: "get_page_text",
+    name: 'get_page_text',
     description:
       "Extract raw text content from the page, prioritizing article content. Ideal for reading articles, blog posts, or other text-heavy pages. Returns plain text without HTML formatting. If you don't have a valid tab ID, use tabs_context_mcp first to get available tabs.",
     inputSchema: {
-      type: "object",
+      type: 'object',
       properties: {
         tabId: {
-          type: "number",
+          type: 'number',
           description:
             "Tab ID to extract text from. Must be a tab in the current group. Use tabs_context_mcp first if you don't have a valid tab ID.",
         },
       },
-      required: ["tabId"],
+      required: ['tabId'],
     },
   },
   {
-    name: "tabs_context_mcp",
-    title: "Tabs Context",
+    name: 'tabs_context_mcp',
+    title: 'Tabs Context',
     description:
-      "Get context information about the current MCP tab group. Returns all tab IDs inside the group if it exists. CRITICAL: You must get the context at least once before using other browser automation tools so you know what tabs exist. Each new conversation should create its own new tab (using tabs_create_mcp) rather than reusing existing tabs, unless the user explicitly asks to use an existing tab.",
+      'Get context information about the current MCP tab group. Returns all tab IDs inside the group if it exists. CRITICAL: You must get the context at least once before using other browser automation tools so you know what tabs exist. Each new conversation should create its own new tab (using tabs_create_mcp) rather than reusing existing tabs, unless the user explicitly asks to use an existing tab.',
     inputSchema: {
-      type: "object",
+      type: 'object',
       properties: {
         createIfEmpty: {
-          type: "boolean",
+          type: 'boolean',
           description:
-            "Creates a new MCP tab group if none exists, creates a new Window with a new tab group containing an empty tab (which can be used for this conversation). If a MCP tab group already exists, this parameter has no effect.",
+            'Creates a new MCP tab group if none exists, creates a new Window with a new tab group containing an empty tab (which can be used for this conversation). If a MCP tab group already exists, this parameter has no effect.',
         },
       },
       required: [],
     },
   },
   {
-    name: "tabs_create_mcp",
-    title: "Tabs Create",
+    name: 'tabs_create_mcp',
+    title: 'Tabs Create',
     description:
-      "Creates a new empty tab in the MCP tab group. CRITICAL: You must get the context using tabs_context_mcp at least once before using other browser automation tools so you know what tabs exist.",
+      'Creates a new empty tab in the MCP tab group. CRITICAL: You must get the context using tabs_context_mcp at least once before using other browser automation tools so you know what tabs exist.',
     inputSchema: {
-      type: "object",
+      type: 'object',
       properties: {},
       required: [],
     },
   },
   {
-    name: "update_plan",
+    name: 'update_plan',
     description:
-      "Present a plan to the user for approval before taking actions. The user will see the domains you intend to visit and your approach. Once approved, you can proceed with actions on the approved domains without additional permission prompts.",
+      'Present a plan to the user for approval before taking actions. The user will see the domains you intend to visit and your approach. Once approved, you can proceed with actions on the approved domains without additional permission prompts.',
     inputSchema: {
-      type: "object" as const,
+      type: 'object' as const,
       properties: {
         domains: {
-          type: "array" as const,
-          items: { type: "string" as const },
+          type: 'array' as const,
+          items: { type: 'string' as const },
           description:
             "List of domains you will visit (e.g., ['github.com', 'stackoverflow.com']). These domains will be approved for the session when the user accepts the plan.",
         },
         approach: {
-          type: "array" as const,
-          items: { type: "string" as const },
+          type: 'array' as const,
+          items: { type: 'string' as const },
           description:
-            "High-level description of what you will do. Focus on outcomes and key actions, not implementation details. Be concise - aim for 3-7 items.",
+            'High-level description of what you will do. Focus on outcomes and key actions, not implementation details. Be concise - aim for 3-7 items.',
         },
       },
-      required: ["domains", "approach"],
+      required: ['domains', 'approach'],
     },
   },
   {
-    name: "read_console_messages",
+    name: 'read_console_messages',
     description:
       "Read browser console messages (console.log, console.error, console.warn, etc.) from a specific tab. Useful for debugging JavaScript errors, viewing application logs, or understanding what's happening in the browser console. Returns console messages from the current domain only. If you don't have a valid tab ID, use tabs_context_mcp first to get available tabs. IMPORTANT: Always provide a pattern to filter messages - without a pattern, you may get too many irrelevant messages.",
     inputSchema: {
-      type: "object",
+      type: 'object',
       properties: {
         tabId: {
-          type: "number",
+          type: 'number',
           description:
             "Tab ID to read console messages from. Must be a tab in the current group. Use tabs_context_mcp first if you don't have a valid tab ID.",
         },
         onlyErrors: {
-          type: "boolean",
+          type: 'boolean',
           description:
-            "If true, only return error and exception messages. Default is false (return all message types).",
+            'If true, only return error and exception messages. Default is false (return all message types).',
         },
         clear: {
-          type: "boolean",
+          type: 'boolean',
           description:
-            "If true, clear the console messages after reading to avoid duplicates on subsequent calls. Default is false.",
+            'If true, clear the console messages after reading to avoid duplicates on subsequent calls. Default is false.',
         },
         pattern: {
-          type: "string",
+          type: 'string',
           description:
             "Regex pattern to filter console messages. Only messages matching this pattern will be returned (e.g., 'error|warning' to find errors and warnings, 'MyApp' to filter app-specific logs). You should always provide a pattern to avoid getting too many irrelevant messages.",
         },
         limit: {
-          type: "number",
+          type: 'number',
           description:
-            "Maximum number of messages to return. Defaults to 100. Increase only if you need more results.",
+            'Maximum number of messages to return. Defaults to 100. Increase only if you need more results.',
         },
       },
-      required: ["tabId"],
+      required: ['tabId'],
     },
   },
   {
-    name: "read_network_requests",
+    name: 'read_network_requests',
     description:
       "Read HTTP network requests (XHR, Fetch, documents, images, etc.) from a specific tab. Useful for debugging API calls, monitoring network activity, or understanding what requests a page is making. Returns all network requests made by the current page, including cross-origin requests. Requests are automatically cleared when the page navigates to a different domain. If you don't have a valid tab ID, use tabs_context_mcp first to get available tabs.",
     inputSchema: {
-      type: "object",
+      type: 'object',
       properties: {
         tabId: {
-          type: "number",
+          type: 'number',
           description:
             "Tab ID to read network requests from. Must be a tab in the current group. Use tabs_context_mcp first if you don't have a valid tab ID.",
         },
         urlPattern: {
-          type: "string",
+          type: 'string',
           description:
             "Optional URL pattern to filter requests. Only requests whose URL contains this string will be returned (e.g., '/api/' to filter API calls, 'example.com' to filter by domain).",
         },
         clear: {
-          type: "boolean",
+          type: 'boolean',
           description:
-            "If true, clear the network requests after reading to avoid duplicates on subsequent calls. Default is false.",
+            'If true, clear the network requests after reading to avoid duplicates on subsequent calls. Default is false.',
         },
         limit: {
-          type: "number",
+          type: 'number',
           description:
-            "Maximum number of requests to return. Defaults to 100. Increase only if you need more results.",
+            'Maximum number of requests to return. Defaults to 100. Increase only if you need more results.',
         },
       },
-      required: ["tabId"],
+      required: ['tabId'],
     },
   },
   {
-    name: "shortcuts_list",
+    name: 'shortcuts_list',
     description:
-      "List all available shortcuts and workflows (shortcuts and workflows are interchangeable). Returns shortcuts with their commands, descriptions, and whether they are workflows. Use shortcuts_execute to run a shortcut or workflow.",
+      'List all available shortcuts and workflows (shortcuts and workflows are interchangeable). Returns shortcuts with their commands, descriptions, and whether they are workflows. Use shortcuts_execute to run a shortcut or workflow.',
     inputSchema: {
-      type: "object",
+      type: 'object',
       properties: {
         tabId: {
-          type: "number",
+          type: 'number',
           description:
             "Tab ID to list shortcuts from. Must be a tab in the current group. Use tabs_context_mcp first if you don't have a valid tab ID.",
         },
       },
-      required: ["tabId"],
+      required: ['tabId'],
     },
   },
   {
-    name: "shortcuts_execute",
+    name: 'shortcuts_execute',
     description:
-      "Execute a shortcut or workflow by running it in a new sidepanel window using the current tab (shortcuts and workflows are interchangeable). Use shortcuts_list first to see available shortcuts. This starts the execution and returns immediately - it does not wait for completion.",
+      'Execute a shortcut or workflow by running it in a new sidepanel window using the current tab (shortcuts and workflows are interchangeable). Use shortcuts_list first to see available shortcuts. This starts the execution and returns immediately - it does not wait for completion.',
     inputSchema: {
-      type: "object",
+      type: 'object',
       properties: {
         tabId: {
-          type: "number",
+          type: 'number',
           description:
             "Tab ID to execute the shortcut on. Must be a tab in the current group. Use tabs_context_mcp first if you don't have a valid tab ID.",
         },
         shortcutId: {
-          type: "string",
-          description: "The ID of the shortcut to execute",
+          type: 'string',
+          description: 'The ID of the shortcut to execute',
         },
         command: {
-          type: "string",
+          type: 'string',
           description:
             "The command name of the shortcut to execute (e.g., 'debug', 'summarize'). Do not include the leading slash.",
         },
       },
-      required: ["tabId"],
+      required: ['tabId'],
     },
   },
   {
-    name: "switch_browser",
+    name: 'switch_browser',
     description:
       "Switch which Chrome browser is used for browser automation. Call this when the user wants to connect to a different Chrome browser. Broadcasts a connection request to all Chrome browsers with the extension installed — the user clicks 'Connect' in the desired browser.",
     inputSchema: {
-      type: "object",
+      type: 'object',
       properties: {},
       required: [],
     },
   },
-];
+]

packages/@ant/claude-for-chrome-mcp/src/index.ts

@@ -1,10 +1,10 @@
-export { BridgeClient, createBridgeClient } from "./bridgeClient.js";
-export { BROWSER_TOOLS } from "./browserTools.js";
+export { BridgeClient, createBridgeClient } from './bridgeClient.js'
+export { BROWSER_TOOLS } from './browserTools.js'
 export {
   createChromeSocketClient,
   createClaudeForChromeMcpServer,
-} from "./mcpServer.js";
-export { localPlatformLabel } from "./types.js";
+} from './mcpServer.js'
+export { localPlatformLabel } from './types.js'
 export type {
   BridgeConfig,
   ChromeExtensionInfo,
@@ -12,4 +12,4 @@ export type {
   Logger,
   PermissionMode,
   SocketClient,
-} from "./types.js";
+} from './types.js'

packages/@ant/claude-for-chrome-mcp/src/mcpServer.ts

@@ -1,16 +1,16 @@
-import { Server } from "@modelcontextprotocol/sdk/server/index.js";
-import type { CallToolResult } from "@modelcontextprotocol/sdk/types.js";
+import { Server } from '@modelcontextprotocol/sdk/server/index.js'
+import type { CallToolResult } from '@modelcontextprotocol/sdk/types.js'
 import {
   CallToolRequestSchema,
   ListToolsRequestSchema,
-} from "@modelcontextprotocol/sdk/types.js";
+} from '@modelcontextprotocol/sdk/types.js'
 
-import { createBridgeClient } from "./bridgeClient.js";
-import { BROWSER_TOOLS } from "./browserTools.js";
-import { createMcpSocketClient } from "./mcpSocketClient.js";
-import { createMcpSocketPool } from "./mcpSocketPool.js";
-import { handleToolCall } from "./toolCalls.js";
-import type { ClaudeForChromeContext, SocketClient } from "./types.js";
+import { createBridgeClient } from './bridgeClient.js'
+import { BROWSER_TOOLS } from './browserTools.js'
+import { createMcpSocketClient } from './mcpSocketClient.js'
+import { createMcpSocketPool } from './mcpSocketPool.js'
+import { handleToolCall } from './toolCalls.js'
+import type { ClaudeForChromeContext, SocketClient } from './types.js'
 
 /**
  * Create the socket/bridge client for the Chrome extension MCP server.
@@ -24,23 +24,22 @@ export function createChromeSocketClient(
     ? createBridgeClient(context)
     : context.getSocketPaths
       ? createMcpSocketPool(context)
-      : createMcpSocketClient(context);
+      : createMcpSocketClient(context)
 }
 
 export function createClaudeForChromeMcpServer(
   context: ClaudeForChromeContext,
   existingSocketClient?: SocketClient,
 ): Server {
-  const { serverName, logger } = context;
+  const { serverName, logger } = context
 
   // Choose transport: bridge (WebSocket) > socket pool (multi-profile) > single socket.
-  const socketClient =
-    existingSocketClient ?? createChromeSocketClient(context);
+  const socketClient = existingSocketClient ?? createChromeSocketClient(context)
 
   const server = new Server(
     {
       name: serverName,
-      version: "1.0.0",
+      version: '1.0.0',
     },
     {
       capabilities: {
@@ -48,49 +47,49 @@ export function createClaudeForChromeMcpServer(
         logging: {},
       },
     },
-  );
+  )
 
   server.setRequestHandler(ListToolsRequestSchema, async () => {
     if (context.isDisabled?.()) {
-      return { tools: [] };
+      return { tools: [] }
     }
     return {
       tools: context.bridgeConfig
         ? BROWSER_TOOLS
-        : BROWSER_TOOLS.filter((t) => t.name !== "switch_browser"),
-    };
-  });
+        : BROWSER_TOOLS.filter(t => t.name !== 'switch_browser'),
+    }
+  })
 
   server.setRequestHandler(
     CallToolRequestSchema,
     async (request): Promise<CallToolResult> => {
-      logger.info(`[${serverName}] Executing tool: ${request.params.name}`);
+      logger.info(`[${serverName}] Executing tool: ${request.params.name}`)
 
       return handleToolCall(
         context,
         socketClient,
         request.params.name,
         request.params.arguments || {},
-      );
+      )
     },
-  );
+  )
 
-  socketClient.setNotificationHandler((notification) => {
+  socketClient.setNotificationHandler(notification => {
     logger.info(
       `[${serverName}] Forwarding MCP notification: ${notification.method}`,
-    );
+    )
     server
       .notification({
         method: notification.method,
         params: notification.params,
       })
-      .catch((error) => {
+      .catch(error => {
         // Server may not be connected yet (e.g., during startup or after disconnect)
         logger.info(
           `[${serverName}] Failed to forward MCP notification: ${error.message}`,
-        );
-      });
-  });
+        )
+      })
+  })
 
-  return server;
+  return server
 }

packages/@ant/claude-for-chrome-mcp/src/mcpSocketClient.ts

@@ -1,327 +1,324 @@
-import { promises as fsPromises } from "fs";
-import { createConnection } from "net";
-import type { Socket } from "net";
-import { platform } from "os";
-import { dirname } from "path";
+import { promises as fsPromises } from 'fs'
+import { createConnection } from 'net'
+import type { Socket } from 'net'
+import { platform } from 'os'
+import { dirname } from 'path'
 
 import type {
   ClaudeForChromeContext,
   PermissionMode,
   PermissionOverrides,
-} from "./types.js";
+} from './types.js'
 
 export class SocketConnectionError extends Error {
   constructor(message: string) {
-    super(message);
-    this.name = "SocketConnectionError";
+    super(message)
+    this.name = 'SocketConnectionError'
   }
 }
 
 interface ToolRequest {
-  method: string; // "execute_tool"
+  method: string // "execute_tool"
   params?: {
-    client_id?: string; // "desktop" | "claude-code"
-    tool?: string;
-    args?: Record<string, unknown>;
-  };
+    client_id?: string // "desktop" | "claude-code"
+    tool?: string
+    args?: Record<string, unknown>
+  }
 }
 
 interface ToolResponse {
-  result?: unknown;
-  error?: string;
+  result?: unknown
+  error?: string
 }
 
 interface Notification {
-  method: string;
-  params?: Record<string, unknown>;
+  method: string
+  params?: Record<string, unknown>
 }
 
-type SocketMessage = ToolResponse | Notification;
+type SocketMessage = ToolResponse | Notification
 
 function isToolResponse(message: SocketMessage): message is ToolResponse {
-  return "result" in message || "error" in message;
+  return 'result' in message || 'error' in message
 }
 
 function isNotification(message: SocketMessage): message is Notification {
-  return "method" in message && typeof message.method === "string";
+  return 'method' in message && typeof message.method === 'string'
 }
 
 class McpSocketClient {
-  private socket: Socket | null = null;
-  private connected = false;
-  private connecting = false;
-  private responseCallback: ((response: ToolResponse) => void) | null = null;
+  private socket: Socket | null = null
+  private connected = false
+  private connecting = false
+  private responseCallback: ((response: ToolResponse) => void) | null = null
   private notificationHandler: ((notification: Notification) => void) | null =
-    null;
-  private responseBuffer = Buffer.alloc(0);
-  private reconnectAttempts = 0;
-  private maxReconnectAttempts = 10;
-  private reconnectDelay = 1000;
-  private reconnectTimer: NodeJS.Timeout | null = null;
-  private context: ClaudeForChromeContext;
+    null
+  private responseBuffer = Buffer.alloc(0)
+  private reconnectAttempts = 0
+  private maxReconnectAttempts = 10
+  private reconnectDelay = 1000
+  private reconnectTimer: NodeJS.Timeout | null = null
+  private context: ClaudeForChromeContext
   // When true, disables automatic reconnection. Used by McpSocketPool which
   // manages reconnection externally by rescanning available sockets.
-  public disableAutoReconnect = false;
+  public disableAutoReconnect = false
 
   constructor(context: ClaudeForChromeContext) {
-    this.context = context;
+    this.context = context
   }
 
   private async connect(): Promise<void> {
-    const { serverName, logger } = this.context;
+    const { serverName, logger } = this.context
 
     if (this.connecting) {
       logger.info(
         `[${serverName}] Already connecting, skipping duplicate attempt`,
-      );
-      return;
+      )
+      return
     }
 
-    this.closeSocket();
-    this.connecting = true;
+    this.closeSocket()
+    this.connecting = true
 
-    const socketPath =
-      this.context.getSocketPath?.() ?? this.context.socketPath;
-    logger.info(`[${serverName}] Attempting to connect to: ${socketPath}`);
+    const socketPath = this.context.getSocketPath?.() ?? this.context.socketPath
+    logger.info(`[${serverName}] Attempting to connect to: ${socketPath}`)
 
     try {
-      await this.validateSocketSecurity(socketPath);
+      await this.validateSocketSecurity(socketPath)
     } catch (error) {
-      this.connecting = false;
-      logger.info(`[${serverName}] Security validation failed:`, error);
+      this.connecting = false
+      logger.info(`[${serverName}] Security validation failed:`, error)
       // Don't retry on security failures (wrong perms/owner) - those won't
       // self-resolve. Only the error handler retries on transient errors.
-      return;
+      return
     }
 
-    this.socket = createConnection(socketPath);
+    this.socket = createConnection(socketPath)
 
     // Timeout the initial connection attempt - if socket file exists but native
     // host is dead, the connect can hang indefinitely
     const connectTimeout = setTimeout(() => {
       if (!this.connected) {
-        logger.info(
-          `[${serverName}] Connection attempt timed out after 5000ms`,
-        );
-        this.closeSocket();
-        this.scheduleReconnect();
+        logger.info(`[${serverName}] Connection attempt timed out after 5000ms`)
+        this.closeSocket()
+        this.scheduleReconnect()
       }
-    }, 5000);
+    }, 5000)
 
-    this.socket.on("connect", () => {
-      clearTimeout(connectTimeout);
-      this.connected = true;
-      this.connecting = false;
-      this.reconnectAttempts = 0;
-      logger.info(`[${serverName}] Successfully connected to bridge server`);
-    });
+    this.socket.on('connect', () => {
+      clearTimeout(connectTimeout)
+      this.connected = true
+      this.connecting = false
+      this.reconnectAttempts = 0
+      logger.info(`[${serverName}] Successfully connected to bridge server`)
+    })
 
-    this.socket.on("data", (data: Buffer) => {
-      this.responseBuffer = Buffer.concat([this.responseBuffer, data]);
+    this.socket.on('data', (data: Buffer) => {
+      this.responseBuffer = Buffer.concat([this.responseBuffer, data])
 
       while (this.responseBuffer.length >= 4) {
-        const length = this.responseBuffer.readUInt32LE(0);
+        const length = this.responseBuffer.readUInt32LE(0)
 
         if (this.responseBuffer.length < 4 + length) {
-          break;
+          break
         }
 
-        const messageBytes = this.responseBuffer.slice(4, 4 + length);
-        this.responseBuffer = this.responseBuffer.slice(4 + length);
+        const messageBytes = this.responseBuffer.slice(4, 4 + length)
+        this.responseBuffer = this.responseBuffer.slice(4 + length)
 
         try {
           const message = JSON.parse(
-            messageBytes.toString("utf-8"),
-          ) as SocketMessage;
+            messageBytes.toString('utf-8'),
+          ) as SocketMessage
 
           if (isNotification(message)) {
             logger.info(
               `[${serverName}] Received notification: ${message.method}`,
-            );
+            )
             if (this.notificationHandler) {
-              this.notificationHandler(message);
+              this.notificationHandler(message)
             }
           } else if (isToolResponse(message)) {
-            logger.info(`[${serverName}] Received tool response: ${message}`);
-            this.handleResponse(message);
+            logger.info(`[${serverName}] Received tool response: ${message}`)
+            this.handleResponse(message)
           } else {
-            logger.info(`[${serverName}] Received unknown message: ${message}`);
+            logger.info(`[${serverName}] Received unknown message: ${message}`)
           }
         } catch (error) {
-          logger.info(`[${serverName}] Failed to parse message:`, error);
+          logger.info(`[${serverName}] Failed to parse message:`, error)
         }
       }
-    });
+    })
 
-    this.socket.on("error", (error: Error & { code?: string }) => {
-      clearTimeout(connectTimeout);
-      logger.info(`[${serverName}] Socket error (code: ${error.code}):`, error);
-      this.connected = false;
-      this.connecting = false;
+    this.socket.on('error', (error: Error & { code?: string }) => {
+      clearTimeout(connectTimeout)
+      logger.info(`[${serverName}] Socket error (code: ${error.code}):`, error)
+      this.connected = false
+      this.connecting = false
 
       if (
         error.code &&
         [
-          "ECONNREFUSED", // Native host not listening (stale socket)
-          "ECONNRESET", // Connection reset by peer
-          "EPIPE", // Broken pipe (native host died mid-write)
-          "ENOENT", // Socket file was deleted
-          "EOPNOTSUPP", // Socket file exists but is not a valid socket
-          "ECONNABORTED", // Connection aborted
+          'ECONNREFUSED', // Native host not listening (stale socket)
+          'ECONNRESET', // Connection reset by peer
+          'EPIPE', // Broken pipe (native host died mid-write)
+          'ENOENT', // Socket file was deleted
+          'EOPNOTSUPP', // Socket file exists but is not a valid socket
+          'ECONNABORTED', // Connection aborted
         ].includes(error.code)
       ) {
-        this.scheduleReconnect();
+        this.scheduleReconnect()
       }
-    });
+    })
 
-    this.socket.on("close", () => {
-      clearTimeout(connectTimeout);
-      this.connected = false;
-      this.connecting = false;
-      this.scheduleReconnect();
-    });
+    this.socket.on('close', () => {
+      clearTimeout(connectTimeout)
+      this.connected = false
+      this.connecting = false
+      this.scheduleReconnect()
+    })
   }
 
   private scheduleReconnect(): void {
-    const { serverName, logger } = this.context;
+    const { serverName, logger } = this.context
 
     if (this.disableAutoReconnect) {
-      return;
+      return
     }
 
     if (this.reconnectTimer) {
-      logger.info(`[${serverName}] Reconnect already scheduled, skipping`);
-      return;
+      logger.info(`[${serverName}] Reconnect already scheduled, skipping`)
+      return
     }
 
-    this.reconnectAttempts++;
+    this.reconnectAttempts++
 
     // Give up after extended polling (~50 min). A new ensureConnected() call
     // from a tool request will restart the cycle if needed.
-    const maxTotalAttempts = 100;
+    const maxTotalAttempts = 100
     if (this.reconnectAttempts > maxTotalAttempts) {
       logger.info(
         `[${serverName}] Giving up after ${maxTotalAttempts} attempts. Will retry on next tool call.`,
-      );
-      this.reconnectAttempts = 0;
-      return;
+      )
+      this.reconnectAttempts = 0
+      return
     }
 
     // Use aggressive backoff for first 10 attempts, then slow poll every 30s.
     const delay = Math.min(
-      this.reconnectDelay * Math.pow(1.5, this.reconnectAttempts - 1),
+      this.reconnectDelay * 1.5 ** (this.reconnectAttempts - 1),
       30000,
-    );
+    )
 
     if (this.reconnectAttempts <= this.maxReconnectAttempts) {
       logger.info(
         `[${serverName}] Reconnecting in ${Math.round(delay)}ms (attempt ${
           this.reconnectAttempts
         })`,
-      );
+      )
     } else if (this.reconnectAttempts % 10 === 0) {
       // Log every 10th slow-poll attempt to avoid log spam
       logger.info(
         `[${serverName}] Still polling for native host (attempt ${this.reconnectAttempts})`,
-      );
+      )
     }
 
     this.reconnectTimer = setTimeout(() => {
-      this.reconnectTimer = null;
-      void this.connect();
-    }, delay);
+      this.reconnectTimer = null
+      void this.connect()
+    }, delay)
   }
 
   private handleResponse(response: ToolResponse): void {
     if (this.responseCallback) {
-      const callback = this.responseCallback;
-      this.responseCallback = null;
-      callback(response);
+      const callback = this.responseCallback
+      this.responseCallback = null
+      callback(response)
     }
   }
 
   public setNotificationHandler(
     handler: (notification: Notification) => void,
   ): void {
-    this.notificationHandler = handler;
+    this.notificationHandler = handler
   }
 
   public async ensureConnected(): Promise<boolean> {
-    const { serverName } = this.context;
+    const { serverName } = this.context
 
     if (this.connected && this.socket) {
-      return true;
+      return true
     }
 
     if (!this.socket && !this.connecting) {
-      await this.connect();
+      await this.connect()
     }
 
     // Wait for connection with timeout
     return new Promise((resolve, reject) => {
-      let checkTimeoutId: NodeJS.Timeout | null = null;
+      let checkTimeoutId: NodeJS.Timeout | null = null
 
       const timeout = setTimeout(() => {
         if (checkTimeoutId) {
-          clearTimeout(checkTimeoutId);
+          clearTimeout(checkTimeoutId)
         }
         reject(
           new SocketConnectionError(
             `[${serverName}] Connection attempt timed out after 5000ms`,
           ),
-        );
-      }, 5000);
+        )
+      }, 5000)
 
       const checkConnection = () => {
         if (this.connected) {
-          clearTimeout(timeout);
-          resolve(true);
+          clearTimeout(timeout)
+          resolve(true)
         } else {
-          checkTimeoutId = setTimeout(checkConnection, 500);
+          checkTimeoutId = setTimeout(checkConnection, 500)
         }
-      };
-      checkConnection();
-    });
+      }
+      checkConnection()
+    })
   }
 
   private async sendRequest(
     request: ToolRequest,
     timeoutMs = 30000,
   ): Promise<ToolResponse> {
-    const { serverName } = this.context;
+    const { serverName } = this.context
 
     if (!this.socket) {
       throw new SocketConnectionError(
         `[${serverName}] Cannot send request: not connected`,
-      );
+      )
     }
 
-    const socket = this.socket;
+    const socket = this.socket
 
     return new Promise((resolve, reject) => {
       const timeout = setTimeout(() => {
-        this.responseCallback = null;
+        this.responseCallback = null
         reject(
           new SocketConnectionError(
             `[${serverName}] Tool request timed out after ${timeoutMs}ms`,
           ),
-        );
-      }, timeoutMs);
+        )
+      }, timeoutMs)
 
-      this.responseCallback = (response) => {
-        clearTimeout(timeout);
-        resolve(response);
-      };
+      this.responseCallback = response => {
+        clearTimeout(timeout)
+        resolve(response)
+      }
 
-      const requestJson = JSON.stringify(request);
-      const requestBytes = Buffer.from(requestJson, "utf-8");
+      const requestJson = JSON.stringify(request)
+      const requestBytes = Buffer.from(requestJson, 'utf-8')
 
-      const lengthPrefix = Buffer.allocUnsafe(4);
-      lengthPrefix.writeUInt32LE(requestBytes.length, 0);
+      const lengthPrefix = Buffer.allocUnsafe(4)
+      lengthPrefix.writeUInt32LE(requestBytes.length, 0)
 
-      const message = Buffer.concat([lengthPrefix, requestBytes]);
-      socket.write(message);
-    });
+      const message = Buffer.concat([lengthPrefix, requestBytes])
+      socket.write(message)
+    })
   }
 
   public async callTool(
@@ -330,15 +327,15 @@ class McpSocketClient {
     _permissionOverrides?: PermissionOverrides,
   ): Promise<unknown> {
     const request: ToolRequest = {
-      method: "execute_tool",
+      method: 'execute_tool',
       params: {
         client_id: this.context.clientTypeId,
         tool: name,
         args,
       },
-    };
+    }
 
-    return this.sendRequestWithRetry(request);
+    return this.sendRequestWithRetry(request)
   }
 
   /**
@@ -349,23 +346,23 @@ class McpSocketClient {
    * and retry once.
    */
   private async sendRequestWithRetry(request: ToolRequest): Promise<unknown> {
-    const { serverName, logger } = this.context;
+    const { serverName, logger } = this.context
 
     try {
-      return await this.sendRequest(request);
+      return await this.sendRequest(request)
     } catch (error) {
       if (!(error instanceof SocketConnectionError)) {
-        throw error;
+        throw error
       }
 
       logger.info(
         `[${serverName}] Connection error, forcing reconnect and retrying: ${error.message}`,
-      );
+      )
 
-      this.closeSocket();
-      await this.ensureConnected();
+      this.closeSocket()
+      await this.ensureConnected()
 
-      return await this.sendRequest(request);
+      return await this.sendRequest(request)
     }
   }
 
@@ -377,109 +374,109 @@ class McpSocketClient {
   }
 
   public isConnected(): boolean {
-    return this.connected;
+    return this.connected
   }
 
   private closeSocket(): void {
     if (this.socket) {
-      this.socket.removeAllListeners();
-      this.socket.end();
-      this.socket.destroy();
-      this.socket = null;
+      this.socket.removeAllListeners()
+      this.socket.end()
+      this.socket.destroy()
+      this.socket = null
     }
-    this.connected = false;
-    this.connecting = false;
+    this.connected = false
+    this.connecting = false
   }
 
   private cleanup(): void {
     if (this.reconnectTimer) {
-      clearTimeout(this.reconnectTimer);
-      this.reconnectTimer = null;
+      clearTimeout(this.reconnectTimer)
+      this.reconnectTimer = null
     }
 
-    this.closeSocket();
-    this.reconnectAttempts = 0;
-    this.responseBuffer = Buffer.alloc(0);
-    this.responseCallback = null;
+    this.closeSocket()
+    this.reconnectAttempts = 0
+    this.responseBuffer = Buffer.alloc(0)
+    this.responseCallback = null
   }
 
   public disconnect(): void {
-    this.cleanup();
+    this.cleanup()
   }
 
   private async validateSocketSecurity(socketPath: string): Promise<void> {
-    const { serverName, logger } = this.context;
-    if (platform() === "win32") {
-      return;
+    const { serverName, logger } = this.context
+    if (platform() === 'win32') {
+      return
     }
     try {
       // Validate the parent directory permissions if it's the socket directory
       // (not /tmp itself, which has mode 1777 for legacy single-socket paths)
-      const dirPath = dirname(socketPath);
-      const dirBasename = dirPath.split("/").pop() || "";
-      const isSocketDir = dirBasename.startsWith("claude-mcp-browser-bridge-");
+      const dirPath = dirname(socketPath)
+      const dirBasename = dirPath.split('/').pop() || ''
+      const isSocketDir = dirBasename.startsWith('claude-mcp-browser-bridge-')
       if (isSocketDir) {
         try {
-          const dirStats = await fsPromises.stat(dirPath);
+          const dirStats = await fsPromises.stat(dirPath)
           if (dirStats.isDirectory()) {
-            const dirMode = dirStats.mode & 0o777;
+            const dirMode = dirStats.mode & 0o777
             if (dirMode !== 0o700) {
               throw new Error(
                 `[${serverName}] Insecure socket directory permissions: ${dirMode.toString(
                   8,
                 )} (expected 0700). Directory may have been tampered with.`,
-              );
+              )
             }
-            const currentUid = process.getuid?.();
+            const currentUid = process.getuid?.()
             if (currentUid !== undefined && dirStats.uid !== currentUid) {
               throw new Error(
                 `Socket directory not owned by current user (uid: ${currentUid}, dir uid: ${dirStats.uid}). ` +
                   `Potential security risk.`,
-              );
+              )
             }
           }
         } catch (dirError) {
-          if ((dirError as NodeJS.ErrnoException).code !== "ENOENT") {
-            throw dirError;
+          if ((dirError as NodeJS.ErrnoException).code !== 'ENOENT') {
+            throw dirError
           }
           // Directory doesn't exist yet - native host will create it
         }
       }
 
-      const stats = await fsPromises.stat(socketPath);
+      const stats = await fsPromises.stat(socketPath)
 
       if (!stats.isSocket()) {
         throw new Error(
           `[${serverName}] Path exists but it's not a socket: ${socketPath}`,
-        );
+        )
       }
 
-      const mode = stats.mode & 0o777;
+      const mode = stats.mode & 0o777
       if (mode !== 0o600) {
         throw new Error(
           `[${serverName}] Insecure socket permissions: ${mode.toString(
             8,
           )} (expected 0600). Socket may have been tampered with.`,
-        );
+        )
       }
 
-      const currentUid = process.getuid?.();
+      const currentUid = process.getuid?.()
       if (currentUid !== undefined && stats.uid !== currentUid) {
         throw new Error(
           `Socket not owned by current user (uid: ${currentUid}, socket uid: ${stats.uid}). ` +
             `Potential security risk.`,
-        );
+        )
       }
 
-      logger.info(`[${serverName}] Socket security validation passed`);
+      logger.info(`[${serverName}] Socket security validation passed`)
     } catch (error) {
-      if ((error as NodeJS.ErrnoException).code === "ENOENT") {
+      if ((error as NodeJS.ErrnoException).code === 'ENOENT') {
         logger.info(
           `[${serverName}] Socket not found, will be created by server`,
-        );
-        return;
+        )
+        return
       }
-      throw error;
+      throw error
     }
   }
 }
@@ -487,7 +484,7 @@ class McpSocketClient {
 export function createMcpSocketClient(
   context: ClaudeForChromeContext,
 ): McpSocketClient {
-  return new McpSocketClient(context);
+  return new McpSocketClient(context)
 }
 
-export type { McpSocketClient };
+export type { McpSocketClient }

packages/@ant/claude-for-chrome-mcp/src/mcpSocketPool.ts

@@ -1,13 +1,13 @@
 import {
   createMcpSocketClient,
   SocketConnectionError,
-} from "./mcpSocketClient.js";
-import type { McpSocketClient } from "./mcpSocketClient.js";
+} from './mcpSocketClient.js'
+import type { McpSocketClient } from './mcpSocketClient.js'
 import type {
   ClaudeForChromeContext,
   PermissionMode,
   PermissionOverrides,
-} from "./types.js";
+} from './types.js'
 
 /**
  * Manages connections to multiple Chrome native host sockets (one per Chrome profile).
@@ -18,26 +18,29 @@ import type {
  * built from tabs_context_mcp responses.
  */
 export class McpSocketPool {
-  private clients: Map<string, McpSocketClient> = new Map();
-  private tabRoutes: Map<number, string> = new Map();
-  private context: ClaudeForChromeContext;
+  private clients: Map<string, McpSocketClient> = new Map()
+  private tabRoutes: Map<number, string> = new Map()
+  private context: ClaudeForChromeContext
   private notificationHandler:
-    | ((notification: { method: string; params?: Record<string, unknown> }) => void)
-    | null = null;
+    | ((notification: {
+        method: string
+        params?: Record<string, unknown>
+      }) => void)
+    | null = null
 
   constructor(context: ClaudeForChromeContext) {
-    this.context = context;
+    this.context = context
   }
 
   public setNotificationHandler(
     handler: (notification: {
-      method: string;
-      params?: Record<string, unknown>;
+      method: string
+      params?: Record<string, unknown>
     }) => void,
   ): void {
-    this.notificationHandler = handler;
+    this.notificationHandler = handler
     for (const client of this.clients.values()) {
-      client.setNotificationHandler(handler);
+      client.setNotificationHandler(handler)
     }
   }
 
@@ -45,32 +48,30 @@ export class McpSocketPool {
    * Discover available sockets and ensure at least one is connected.
    */
   public async ensureConnected(): Promise<boolean> {
-    const { logger, serverName } = this.context;
+    const { logger, serverName } = this.context
 
-    this.refreshClients();
+    this.refreshClients()
 
     // Try to connect any disconnected clients
-    const connectPromises: Promise<boolean>[] = [];
+    const connectPromises: Promise<boolean>[] = []
     for (const client of this.clients.values()) {
       if (!client.isConnected()) {
-        connectPromises.push(
-          client.ensureConnected().catch(() => false),
-        );
+        connectPromises.push(client.ensureConnected().catch(() => false))
       }
     }
 
     if (connectPromises.length > 0) {
-      await Promise.all(connectPromises);
+      await Promise.all(connectPromises)
     }
 
-    const connectedCount = this.getConnectedClients().length;
+    const connectedCount = this.getConnectedClients().length
     if (connectedCount === 0) {
-      logger.info(`[${serverName}] No connected sockets in pool`);
-      return false;
+      logger.info(`[${serverName}] No connected sockets in pool`)
+      return false
     }
 
-    logger.info(`[${serverName}] Socket pool: ${connectedCount} connected`);
-    return true;
+    logger.info(`[${serverName}] Socket pool: ${connectedCount} connected`)
+    return true
   }
 
   /**
@@ -82,57 +83,57 @@ export class McpSocketPool {
     args: Record<string, unknown>,
     _permissionOverrides?: PermissionOverrides,
   ): Promise<unknown> {
-    if (name === "tabs_context_mcp") {
-      return this.callTabsContext(args);
+    if (name === 'tabs_context_mcp') {
+      return this.callTabsContext(args)
     }
 
     // Route by tabId if present
-    const tabId = args.tabId as number | undefined;
+    const tabId = args.tabId as number | undefined
     if (tabId !== undefined) {
-      const socketPath = this.tabRoutes.get(tabId);
+      const socketPath = this.tabRoutes.get(tabId)
       if (socketPath) {
-        const client = this.clients.get(socketPath);
+        const client = this.clients.get(socketPath)
         if (client?.isConnected()) {
-          return client.callTool(name, args);
+          return client.callTool(name, args)
         }
       }
       // Tab route not found or client disconnected — fall through to any connected
     }
 
     // Fallback: use first connected client
-    const connected = this.getConnectedClients();
+    const connected = this.getConnectedClients()
     if (connected.length === 0) {
       throw new SocketConnectionError(
         `[${this.context.serverName}] No connected sockets available`,
-      );
+      )
     }
-    return connected[0]!.callTool(name, args);
+    return connected[0]!.callTool(name, args)
   }
 
   public async setPermissionMode(
     mode: PermissionMode,
     allowedDomains?: string[],
   ): Promise<void> {
-    const connected = this.getConnectedClients();
+    const connected = this.getConnectedClients()
     await Promise.all(
-      connected.map((client) => client.setPermissionMode(mode, allowedDomains)),
-    );
+      connected.map(client => client.setPermissionMode(mode, allowedDomains)),
+    )
   }
 
   public isConnected(): boolean {
-    return this.getConnectedClients().length > 0;
+    return this.getConnectedClients().length > 0
   }
 
   public disconnect(): void {
     for (const client of this.clients.values()) {
-      client.disconnect();
+      client.disconnect()
     }
-    this.clients.clear();
-    this.tabRoutes.clear();
+    this.clients.clear()
+    this.tabRoutes.clear()
   }
 
   private getConnectedClients(): McpSocketClient[] {
-    return [...this.clients.values()].filter((c) => c.isConnected());
+    return [...this.clients.values()].filter(c => c.isConnected())
   }
 
   /**
@@ -142,173 +143,173 @@ export class McpSocketPool {
   private async callTabsContext(
     args: Record<string, unknown>,
   ): Promise<unknown> {
-    const { logger, serverName } = this.context;
-    const connected = this.getConnectedClients();
+    const { logger, serverName } = this.context
+    const connected = this.getConnectedClients()
 
     if (connected.length === 0) {
       throw new SocketConnectionError(
         `[${serverName}] No connected sockets available`,
-      );
+      )
     }
 
     // If only one client, skip merging overhead
     if (connected.length === 1) {
-      const result = await connected[0]!.callTool("tabs_context_mcp", args);
-      this.updateTabRoutes(result, this.getSocketPathForClient(connected[0]!));
-      return result;
+      const result = await connected[0]!.callTool('tabs_context_mcp', args)
+      this.updateTabRoutes(result, this.getSocketPathForClient(connected[0]!))
+      return result
     }
 
     // Query all connected clients in parallel
     const results = await Promise.allSettled(
-      connected.map(async (client) => {
-        const result = await client.callTool("tabs_context_mcp", args);
-        const socketPath = this.getSocketPathForClient(client);
-        return { result, socketPath };
+      connected.map(async client => {
+        const result = await client.callTool('tabs_context_mcp', args)
+        const socketPath = this.getSocketPathForClient(client)
+        return { result, socketPath }
       }),
-    );
+    )
 
     // Merge tab results
-    const mergedTabs: unknown[] = [];
-    this.tabRoutes.clear();
+    const mergedTabs: unknown[] = []
+    this.tabRoutes.clear()
 
     for (const settledResult of results) {
-      if (settledResult.status !== "fulfilled") {
+      if (settledResult.status !== 'fulfilled') {
         logger.info(
           `[${serverName}] tabs_context_mcp failed on one socket: ${settledResult.reason}`,
-        );
-        continue;
+        )
+        continue
       }
 
-      const { result, socketPath } = settledResult.value;
-      this.updateTabRoutes(result, socketPath);
+      const { result, socketPath } = settledResult.value
+      this.updateTabRoutes(result, socketPath)
 
-      const tabs = this.extractTabs(result);
+      const tabs = this.extractTabs(result)
       if (tabs) {
-        mergedTabs.push(...tabs);
+        mergedTabs.push(...tabs)
       }
     }
 
     // Return merged result in the same format as the extension response
     if (mergedTabs.length > 0) {
       const tabListText = mergedTabs
-        .map((t) => {
-          const tab = t as { tabId: number; title: string; url: string };
-          return `  • tabId ${tab.tabId}: "${tab.title}" (${tab.url})`;
+        .map(t => {
+          const tab = t as { tabId: number; title: string; url: string }
+          return `  • tabId ${tab.tabId}: "${tab.title}" (${tab.url})`
         })
-        .join("\n");
+        .join('\n')
 
       return {
         result: {
           content: [
             {
-              type: "text",
+              type: 'text',
               text: JSON.stringify({ availableTabs: mergedTabs }),
             },
             {
-              type: "text",
+              type: 'text',
               text: `\n\nTab Context:\n- Available tabs:\n${tabListText}`,
             },
           ],
         },
-      };
+      }
     }
 
     // Fallback: return first successful result as-is
     for (const settledResult of results) {
-      if (settledResult.status === "fulfilled") {
-        return settledResult.value.result;
+      if (settledResult.status === 'fulfilled') {
+        return settledResult.value.result
       }
     }
 
     throw new SocketConnectionError(
       `[${serverName}] All sockets failed for tabs_context_mcp`,
-    );
+    )
   }
 
   /**
    * Extract tab objects from a tool response to update routing table.
    */
   private updateTabRoutes(result: unknown, socketPath: string): void {
-    const tabs = this.extractTabs(result);
-    if (!tabs) return;
+    const tabs = this.extractTabs(result)
+    if (!tabs) return
 
     for (const tab of tabs) {
-      if (typeof tab === "object" && tab !== null && "tabId" in tab) {
-        const tabId = (tab as { tabId: number }).tabId;
-        this.tabRoutes.set(tabId, socketPath);
+      if (typeof tab === 'object' && tab !== null && 'tabId' in tab) {
+        const tabId = (tab as { tabId: number }).tabId
+        this.tabRoutes.set(tabId, socketPath)
       }
     }
   }
 
   private extractTabs(result: unknown): unknown[] | null {
-    if (!result || typeof result !== "object") return null;
+    if (!result || typeof result !== 'object') return null
 
     // Response format: { result: { content: [{ type: "text", text: "{\"availableTabs\":[...],\"tabGroupId\":...}" }] } }
     const asResponse = result as {
-      result?: { content?: Array<{ type: string; text?: string }> };
-    };
-    const content = asResponse.result?.content;
-    if (!content || !Array.isArray(content)) return null;
+      result?: { content?: Array<{ type: string; text?: string }> }
+    }
+    const content = asResponse.result?.content
+    if (!content || !Array.isArray(content)) return null
 
     for (const item of content) {
-      if (item.type === "text" && item.text) {
+      if (item.type === 'text' && item.text) {
         try {
-          const parsed = JSON.parse(item.text);
-          if (Array.isArray(parsed)) return parsed;
+          const parsed = JSON.parse(item.text)
+          if (Array.isArray(parsed)) return parsed
           // Handle { availableTabs: [...] } format
           if (parsed && Array.isArray(parsed.availableTabs)) {
-            return parsed.availableTabs;
+            return parsed.availableTabs
           }
         } catch {
           // Not JSON, skip
         }
       }
     }
-    return null;
+    return null
   }
 
   private getSocketPathForClient(client: McpSocketClient): string {
     for (const [path, c] of this.clients.entries()) {
-      if (c === client) return path;
+      if (c === client) return path
     }
-    return "";
+    return ''
   }
 
   /**
    * Scan for available sockets and create/remove clients as needed.
    */
   private refreshClients(): void {
-    const socketPaths = this.getAvailableSocketPaths();
-    const { logger, serverName } = this.context;
+    const socketPaths = this.getAvailableSocketPaths()
+    const { logger, serverName } = this.context
 
     // Add new clients for newly discovered sockets
     for (const path of socketPaths) {
       if (!this.clients.has(path)) {
-        logger.info(`[${serverName}] Adding socket to pool: ${path}`);
+        logger.info(`[${serverName}] Adding socket to pool: ${path}`)
         const clientContext: ClaudeForChromeContext = {
           ...this.context,
           socketPath: path,
           getSocketPath: undefined,
           getSocketPaths: undefined,
-        };
-        const client = createMcpSocketClient(clientContext);
-        client.disableAutoReconnect = true;
-        if (this.notificationHandler) {
-          client.setNotificationHandler(this.notificationHandler);
         }
-        this.clients.set(path, client);
+        const client = createMcpSocketClient(clientContext)
+        client.disableAutoReconnect = true
+        if (this.notificationHandler) {
+          client.setNotificationHandler(this.notificationHandler)
+        }
+        this.clients.set(path, client)
       }
     }
 
     // Remove clients for sockets that no longer exist
     for (const [path, client] of this.clients.entries()) {
       if (!socketPaths.includes(path)) {
-        logger.info(`[${serverName}] Removing stale socket from pool: ${path}`);
-        client.disconnect();
-        this.clients.delete(path);
+        logger.info(`[${serverName}] Removing stale socket from pool: ${path}`)
+        client.disconnect()
+        this.clients.delete(path)
         for (const [tabId, socketPath] of this.tabRoutes.entries()) {
           if (socketPath === path) {
-            this.tabRoutes.delete(tabId);
+            this.tabRoutes.delete(tabId)
           }
         }
       }
@@ -316,12 +317,12 @@ export class McpSocketPool {
   }
 
   private getAvailableSocketPaths(): string[] {
-    return this.context.getSocketPaths?.() ?? [];
+    return this.context.getSocketPaths?.() ?? []
   }
 }
 
 export function createMcpSocketPool(
   context: ClaudeForChromeContext,
 ): McpSocketPool {
-  return new McpSocketPool(context);
+  return new McpSocketPool(context)
 }

packages/@ant/claude-for-chrome-mcp/src/toolCalls.ts

@@ -1,12 +1,12 @@
-import type { CallToolResult } from "@modelcontextprotocol/sdk/types.js";
+import type { CallToolResult } from '@modelcontextprotocol/sdk/types.js'
 
-import { SocketConnectionError } from "./mcpSocketClient.js";
+import { SocketConnectionError } from './mcpSocketClient.js'
 import type {
   ClaudeForChromeContext,
   PermissionMode,
   PermissionOverrides,
   SocketClient,
-} from "./types.js";
+} from './types.js'
 
 export const handleToolCall = async (
   context: ClaudeForChromeContext,
@@ -16,21 +16,21 @@ export const handleToolCall = async (
   permissionOverrides?: PermissionOverrides,
 ): Promise<CallToolResult> => {
   // Handle permission mode changes locally (not forwarded to extension)
-  if (name === "set_permission_mode") {
-    return handleSetPermissionMode(socketClient, args);
+  if (name === 'set_permission_mode') {
+    return handleSetPermissionMode(socketClient, args)
   }
 
   // Handle switch_browser outside the normal tool call flow (manages its own connection)
-  if (name === "switch_browser") {
-    return handleSwitchBrowser(context, socketClient);
+  if (name === 'switch_browser') {
+    return handleSwitchBrowser(context, socketClient)
   }
 
   try {
-    const isConnected = await socketClient.ensureConnected();
+    const isConnected = await socketClient.ensureConnected()
 
     context.logger.silly(
       `[${context.serverName}] Server is connected: ${isConnected}. Received tool call: ${name} with args: ${JSON.stringify(args)}.`,
-    );
+    )
 
     if (isConnected) {
       return await handleToolCallConnected(
@@ -39,28 +39,28 @@ export const handleToolCall = async (
         name,
         args,
         permissionOverrides,
-      );
+      )
     }
 
-    return handleToolCallDisconnected(context);
+    return handleToolCallDisconnected(context)
   } catch (error) {
-    context.logger.info(`[${context.serverName}] Error calling tool:`, error);
+    context.logger.info(`[${context.serverName}] Error calling tool:`, error)
 
     if (error instanceof SocketConnectionError) {
-      return handleToolCallDisconnected(context);
+      return handleToolCallDisconnected(context)
     }
 
     return {
       content: [
         {
-          type: "text",
+          type: 'text',
           text: `Error calling tool, please try again. : ${error instanceof Error ? error.message : String(error)}`,
         },
       ],
       isError: true,
-    };
+    }
   }
-};
+}
 
 async function handleToolCallConnected(
   context: ClaudeForChromeContext,
@@ -69,119 +69,119 @@ async function handleToolCallConnected(
   args: Record<string, unknown>,
   permissionOverrides?: PermissionOverrides,
 ): Promise<CallToolResult> {
-  const response = await socketClient.callTool(name, args, permissionOverrides);
+  const response = await socketClient.callTool(name, args, permissionOverrides)
 
   context.logger.silly(
     `[${context.serverName}] Received result from socket bridge: ${JSON.stringify(response)}`,
-  );
+  )
 
   if (response === null || response === undefined) {
     return {
-      content: [{ type: "text", text: "Tool execution completed" }],
-    };
+      content: [{ type: 'text', text: 'Tool execution completed' }],
+    }
   }
 
   // Response will have either result or error field
   const { result, error } = response as {
-    result?: { content: unknown[] | string };
-    error?: { content: unknown[] | string };
-  };
+    result?: { content: unknown[] | string }
+    error?: { content: unknown[] | string }
+  }
 
   // Determine which field has the content and whether it's an error
-  const contentData = error || result;
-  const isError = !!error;
+  const contentData = error || result
+  const isError = !!error
 
   if (!contentData) {
     return {
-      content: [{ type: "text", text: "Tool execution completed" }],
-    };
+      content: [{ type: 'text', text: 'Tool execution completed' }],
+    }
   }
 
   if (isError && isAuthenticationError(contentData.content)) {
-    context.onAuthenticationError();
+    context.onAuthenticationError()
   }
 
-  const { content } = contentData;
+  const { content } = contentData
 
   if (content && Array.isArray(content)) {
     if (isError) {
       return {
         content: content.map((item: unknown) => {
-          if (typeof item === "object" && item !== null && "type" in item) {
-            return item;
+          if (typeof item === 'object' && item !== null && 'type' in item) {
+            return item
           }
 
-          return { type: "text", text: String(item) };
+          return { type: 'text', text: String(item) }
         }),
         isError: true,
-      } as CallToolResult;
+      } as CallToolResult
     }
 
     const convertedContent = content.map((item: unknown) => {
       if (
-        typeof item === "object" &&
+        typeof item === 'object' &&
         item !== null &&
-        "type" in item &&
-        "source" in item
+        'type' in item &&
+        'source' in item
       ) {
-        const typedItem = item;
+        const typedItem = item
         if (
-          typedItem.type === "image" &&
-          typeof typedItem.source === "object" &&
+          typedItem.type === 'image' &&
+          typeof typedItem.source === 'object' &&
           typedItem.source !== null &&
-          "data" in typedItem.source
+          'data' in typedItem.source
         ) {
           return {
-            type: "image",
+            type: 'image',
             data: typedItem.source.data,
             mimeType:
-              "media_type" in typedItem.source
-                ? typedItem.source.media_type || "image/png"
-                : "image/png",
-          };
+              'media_type' in typedItem.source
+                ? typedItem.source.media_type || 'image/png'
+                : 'image/png',
+          }
         }
       }
 
-      if (typeof item === "object" && item !== null && "type" in item) {
-        return item;
+      if (typeof item === 'object' && item !== null && 'type' in item) {
+        return item
       }
 
-      return { type: "text", text: String(item) };
-    });
+      return { type: 'text', text: String(item) }
+    })
 
     return {
       content: convertedContent,
       isError,
-    } as CallToolResult;
+    } as CallToolResult
   }
 
   // Handle string content
-  if (typeof content === "string") {
+  if (typeof content === 'string') {
     return {
-      content: [{ type: "text", text: content }],
+      content: [{ type: 'text', text: content }],
       isError,
-    } as CallToolResult;
+    } as CallToolResult
   }
 
   // Fallback for unexpected result format
   context.logger.warn(
     `[${context.serverName}] Unexpected result format from socket bridge`,
     response,
-  );
+  )
 
   return {
-    content: [{ type: "text", text: JSON.stringify(response) }],
+    content: [{ type: 'text', text: JSON.stringify(response) }],
     isError,
-  };
+  }
 }
 
 function handleToolCallDisconnected(
   context: ClaudeForChromeContext,
 ): CallToolResult {
-  const text = context.onToolCallDisconnected();
+  const text = context.onToolCallDisconnected()
   return {
-    content: [{ type: "text", text }],
-  };
+    content: [{ type: 'text', text }],
+  }
 }
 
 /**
@@ -194,28 +194,28 @@ async function handleSetPermissionMode(
 ): Promise<CallToolResult> {
   // Validate permission mode at runtime
   const validModes = [
-    "ask",
-    "skip_all_permission_checks",
-    "follow_a_plan",
-  ] as const;
-  const mode = args.mode as string | undefined;
+    'ask',
+    'skip_all_permission_checks',
+    'follow_a_plan',
+  ] as const
+  const mode = args.mode as string | undefined
   const permissionMode: PermissionMode =
     mode && validModes.includes(mode as PermissionMode)
       ? (mode as PermissionMode)
-      : "ask";
+      : 'ask'
 
   if (socketClient.setPermissionMode) {
     await socketClient.setPermissionMode(
       permissionMode,
       args.allowed_domains as string[] | undefined,
-    );
+    )
   }
 
   return {
     content: [
-      { type: "text", text: `Permission mode set to: ${permissionMode}` },
+      { type: 'text', text: `Permission mode set to: ${permissionMode}` },
     ],
-  };
+  }
 }
 
 /**
@@ -230,50 +230,50 @@ async function handleSwitchBrowser(
     return {
       content: [
         {
-          type: "text",
-          text: "Browser switching is only available with bridge connections.",
+          type: 'text',
+          text: 'Browser switching is only available with bridge connections.',
         },
       ],
       isError: true,
-    };
+    }
   }
 
-  const isConnected = await socketClient.ensureConnected();
+  const isConnected = await socketClient.ensureConnected()
   if (!isConnected) {
-    return handleToolCallDisconnected(context);
+    return handleToolCallDisconnected(context)
   }
 
-  const result = (await socketClient.switchBrowser?.()) ?? null;
+  const result = (await socketClient.switchBrowser?.()) ?? null
 
-  if (result === "no_other_browsers") {
+  if (result === 'no_other_browsers') {
     return {
       content: [
         {
-          type: "text",
-          text: "No other browsers available to switch to. Open Chrome with the Claude extension in another browser to switch.",
+          type: 'text',
+          text: 'No other browsers available to switch to. Open Chrome with the Claude extension in another browser to switch.',
         },
       ],
       isError: true,
-    };
+    }
   }
 
   if (result) {
     return {
       content: [
-        { type: "text", text: `Connected to browser "${result.name}".` },
+        { type: 'text', text: `Connected to browser "${result.name}".` },
       ],
-    };
+    }
   }
 
   return {
     content: [
       {
-        type: "text",
-        text: "No browser responded within the timeout. Make sure Chrome is open with the Claude extension installed, then try again.",
+        type: 'text',
+        text: 'No browser responded within the timeout. Make sure Chrome is open with the Claude extension installed, then try again.',
       },
     ],
     isError: true,
-  };
+  }
 }
 
 /**
@@ -282,20 +282,20 @@ async function handleSwitchBrowser(
 function isAuthenticationError(content: unknown[] | string): boolean {
   const errorText = Array.isArray(content)
     ? content
-        .map((item) => {
-          if (typeof item === "string") return item;
+        .map(item => {
+          if (typeof item === 'string') return item
           if (
-            typeof item === "object" &&
+            typeof item === 'object' &&
             item !== null &&
-            "text" in item &&
-            typeof item.text === "string"
+            'text' in item &&
+            typeof item.text === 'string'
           ) {
-            return item.text;
+            return item.text
           }
-          return "";
+          return ''
         })
-        .join(" ")
-    : String(content);
+        .join(' ')
+    : String(content)
 
-  return errorText.toLowerCase().includes("re-authenticated");
+  return errorText.toLowerCase().includes('re-authenticated')
 }

packages/@ant/claude-for-chrome-mcp/src/types.ts

@@ -1,64 +1,64 @@
 export interface Logger {
-  info: (message: string, ...args: unknown[]) => void;
-  error: (message: string, ...args: unknown[]) => void;
-  warn: (message: string, ...args: unknown[]) => void;
-  debug: (message: string, ...args: unknown[]) => void;
-  silly: (message: string, ...args: unknown[]) => void;
+  info: (message: string, ...args: unknown[]) => void
+  error: (message: string, ...args: unknown[]) => void
+  warn: (message: string, ...args: unknown[]) => void
+  debug: (message: string, ...args: unknown[]) => void
+  silly: (message: string, ...args: unknown[]) => void
 }
 
 export type PermissionMode =
-  | "ask"
-  | "skip_all_permission_checks"
-  | "follow_a_plan";
+  | 'ask'
+  | 'skip_all_permission_checks'
+  | 'follow_a_plan'
 
 export interface BridgeConfig {
   /** Bridge WebSocket base URL (e.g., wss://bridge.claudeusercontent.com) */
-  url: string;
+  url: string
   /** Returns the user's account UUID for the connection path */
-  getUserId: () => Promise<string | undefined>;
+  getUserId: () => Promise<string | undefined>
   /** Returns a valid OAuth token for bridge authentication */
-  getOAuthToken: () => Promise<string | undefined>;
+  getOAuthToken: () => Promise<string | undefined>
   /** Optional dev user ID for local development (bypasses OAuth) */
-  devUserId?: string;
+  devUserId?: string
 }
 
 /** Metadata about a connected Chrome extension instance. */
 export interface ChromeExtensionInfo {
-  deviceId: string;
-  osPlatform?: string;
-  connectedAt: number;
-  name?: string;
+  deviceId: string
+  osPlatform?: string
+  connectedAt: number
+  name?: string
 }
 
 export interface ClaudeForChromeContext {
-  serverName: string;
-  logger: Logger;
-  socketPath: string;
+  serverName: string
+  logger: Logger
+  socketPath: string
   // Optional dynamic resolver for socket path. When provided, called on each
   // connection attempt to handle runtime conditions (e.g., TMPDIR mismatch).
-  getSocketPath?: () => string;
+  getSocketPath?: () => string
   // Optional resolver returning all available socket paths (for multi-profile support).
   // When provided, a socket pool connects to all sockets and routes by tab ID.
-  getSocketPaths?: () => string[];
-  clientTypeId: string; // "desktop" | "claude-code"
-  onToolCallDisconnected: () => string;
-  onAuthenticationError: () => void;
-  isDisabled?: () => boolean;
+  getSocketPaths?: () => string[]
+  clientTypeId: string // "desktop" | "claude-code"
+  onToolCallDisconnected: () => string
+  onAuthenticationError: () => void
+  isDisabled?: () => boolean
   /** Bridge WebSocket configuration. When provided, uses bridge instead of socket. */
-  bridgeConfig?: BridgeConfig;
+  bridgeConfig?: BridgeConfig
   /** If set, permission mode is sent to the extension immediately on bridge connection. */
-  initialPermissionMode?: PermissionMode;
+  initialPermissionMode?: PermissionMode
   /** Optional callback to track telemetry events for bridge connections */
   trackEvent?: <K extends string>(
     eventName: K,
     metadata: Record<string, unknown> | null,
-  ) => void;
+  ) => void
   /** Called when user pairs with an extension via the browser pairing flow. */
-  onExtensionPaired?: (deviceId: string, name: string) => void;
+  onExtensionPaired?: (deviceId: string, name: string) => void
   /** Returns the previously paired deviceId, if any. */
-  getPersistedDeviceId?: () => string | undefined;
+  getPersistedDeviceId?: () => string | undefined
   /** Called when a remote extension is auto-selected (only option available). */
-  onRemoteExtensionWarning?: (ext: ChromeExtensionInfo) => void;
+  onRemoteExtensionWarning?: (ext: ChromeExtensionInfo) => void
 }
 
 /**
@@ -66,69 +66,69 @@ export interface ClaudeForChromeContext {
  * via navigator.userAgentData.platform.
  */
 export function localPlatformLabel(): string {
-  return process.platform === "darwin"
-    ? "macOS"
-    : process.platform === "win32"
-      ? "Windows"
-      : "Linux";
+  return process.platform === 'darwin'
+    ? 'macOS'
+    : process.platform === 'win32'
+      ? 'Windows'
+      : 'Linux'
 }
 
 /** Permission request forwarded from the extension to the desktop for user approval. */
 export interface BridgePermissionRequest {
   /** Links to the pending tool_call */
-  toolUseId: string;
+  toolUseId: string
   /** Unique ID for this permission request */
-  requestId: string;
+  requestId: string
   /** Tool type, e.g. "navigate", "click", "execute_javascript" */
-  toolType: string;
+  toolType: string
   /** The URL/domain context */
-  url: string;
+  url: string
   /** Additional action data (click coordinates, text, etc.) */
-  actionData?: Record<string, unknown>;
+  actionData?: Record<string, unknown>
 }
 
 /** Desktop response to a bridge permission request. */
 export interface BridgePermissionResponse {
-  requestId: string;
-  allowed: boolean;
+  requestId: string
+  allowed: boolean
 }
 
 /** Per-call permission overrides, allowing each session to use its own permission state. */
 export interface PermissionOverrides {
-  permissionMode: PermissionMode;
-  allowedDomains?: string[];
+  permissionMode: PermissionMode
+  allowedDomains?: string[]
   /** Callback invoked when the extension requests user permission via the bridge. */
-  onPermissionRequest?: (request: BridgePermissionRequest) => Promise<boolean>;
+  onPermissionRequest?: (request: BridgePermissionRequest) => Promise<boolean>
 }
 
 /** Shared interface for McpSocketClient and McpSocketPool */
 export interface SocketClient {
-  ensureConnected(): Promise<boolean>;
+  ensureConnected(): Promise<boolean>
   callTool(
     name: string,
     args: Record<string, unknown>,
     permissionOverrides?: PermissionOverrides,
-  ): Promise<unknown>;
-  isConnected(): boolean;
-  disconnect(): void;
+  ): Promise<unknown>
+  isConnected(): boolean
+  disconnect(): void
   setNotificationHandler(
     handler: (notification: {
-      method: string;
-      params?: Record<string, unknown>;
+      method: string
+      params?: Record<string, unknown>
     }) => void,
-  ): void;
+  ): void
   /** Set permission mode for the current session. Only effective on BridgeClient. */
   setPermissionMode?(
     mode: PermissionMode,
     allowedDomains?: string[],
-  ): Promise<void>;
+  ): Promise<void>
   /** Switch to a different browser. Only available on BridgeClient. */
   switchBrowser?(): Promise<
     | {
-        deviceId: string;
-        name: string;
+        deviceId: string
+        name: string
       }
-    | "no_other_browsers"
+    | 'no_other_browsers'
     | null
-  >;
+  >
 }

packages/@ant/computer-use-input/package.json

@@ -1,7 +1,7 @@
 {
-    "name": "@ant/computer-use-input",
-    "version": "1.0.0",
-    "private": true,
-    "main": "./src/index.ts",
-    "types": "./src/index.ts"
+  "name": "@ant/computer-use-input",
+  "version": "1.0.0",
+  "private": true,
+  "main": "./src/index.ts",
+  "types": "./src/index.ts"
 }

packages/@ant/computer-use-input/src/backends/darwin.ts

@@ -12,19 +12,46 @@ import type { FrontmostAppInfo, InputBackend } from '../types.js'
 const execFileAsync = promisify(execFile)
 
 const KEY_MAP: Record<string, number> = {
-  return: 36, enter: 36, tab: 48, space: 49, delete: 51, backspace: 51,
-  escape: 53, esc: 53,
-  left: 123, right: 124, down: 125, up: 126,
-  f1: 122, f2: 120, f3: 99, f4: 118, f5: 96, f6: 97,
-  f7: 98, f8: 100, f9: 101, f10: 109, f11: 103, f12: 111,
-  home: 115, end: 119, pageup: 116, pagedown: 121,
+  return: 36,
+  enter: 36,
+  tab: 48,
+  space: 49,
+  delete: 51,
+  backspace: 51,
+  escape: 53,
+  esc: 53,
+  left: 123,
+  right: 124,
+  down: 125,
+  up: 126,
+  f1: 122,
+  f2: 120,
+  f3: 99,
+  f4: 118,
+  f5: 96,
+  f6: 97,
+  f7: 98,
+  f8: 100,
+  f9: 101,
+  f10: 109,
+  f11: 103,
+  f12: 111,
+  home: 115,
+  end: 119,
+  pageup: 116,
+  pagedown: 121,
 }
 
 const MODIFIER_MAP: Record<string, string> = {
-  command: 'command down', cmd: 'command down', meta: 'command down', super: 'command down',
+  command: 'command down',
+  cmd: 'command down',
+  meta: 'command down',
+  super: 'command down',
   shift: 'shift down',
-  option: 'option down', alt: 'option down',
-  control: 'control down', ctrl: 'control down',
+  option: 'option down',
+  alt: 'option down',
+  control: 'control down',
+  ctrl: 'control down',
 }
 
 async function osascript(script: string): Promise<string> {
@@ -35,13 +62,23 @@ async function osascript(script: string): Promise<string> {
 }
 
 async function jxa(script: string): Promise<string> {
-  const { stdout } = await execFileAsync('osascript', ['-l', 'JavaScript', '-e', script], {
-    encoding: 'utf-8',
-  })
+  const { stdout } = await execFileAsync(
+    'osascript',
+    ['-l', 'JavaScript', '-e', script],
+    {
+      encoding: 'utf-8',
+    },
+  )
   return stdout.trim()
 }
 
-function buildMouseJxa(eventType: string, x: number, y: number, btn: number, clickState?: number): string {
+function buildMouseJxa(
+  eventType: string,
+  x: number,
+  y: number,
+  btn: number,
+  clickState?: number,
+): string {
   let script = `ObjC.import("CoreGraphics"); var p = $.CGPointMake(${x},${y}); var e = $.CGEventCreateMouseEvent(null, $.${eventType}, p, ${btn});`
   if (clickState !== undefined) {
     script += ` $.CGEventSetIntegerValueField(e, $.kCGMouseEventClickState, ${clickState});`
@@ -61,11 +98,13 @@ export const key: InputBackend['key'] = async (keyName, action) => {
   if (keyCode !== undefined) {
     await osascript(`tell application "System Events" to key code ${keyCode}`)
   } else {
-    await osascript(`tell application "System Events" to keystroke "${keyName.length === 1 ? keyName : lower}"`)
+    await osascript(
+      `tell application "System Events" to keystroke "${keyName.length === 1 ? keyName : lower}"`,
+    )
   }
 }
 
-export const keys: InputBackend['keys'] = async (parts) => {
+export const keys: InputBackend['keys'] = async parts => {
   const modifiers: string[] = []
   let finalKey: string | null = null
   for (const part of parts) {
@@ -78,23 +117,43 @@ export const keys: InputBackend['keys'] = async (parts) => {
   const keyCode = KEY_MAP[lower]
   const modStr = modifiers.length > 0 ? ` using {${modifiers.join(', ')}}` : ''
   if (keyCode !== undefined) {
-    await osascript(`tell application "System Events" to key code ${keyCode}${modStr}`)
+    await osascript(
+      `tell application "System Events" to key code ${keyCode}${modStr}`,
+    )
   } else {
-    await osascript(`tell application "System Events" to keystroke "${finalKey.length === 1 ? finalKey : lower}"${modStr}`)
+    await osascript(
+      `tell application "System Events" to keystroke "${finalKey.length === 1 ? finalKey : lower}"${modStr}`,
+    )
   }
 }
 
 export const mouseLocation: InputBackend['mouseLocation'] = async () => {
-  const result = await jxa('ObjC.import("CoreGraphics"); var e = $.CGEventCreate(null); var p = $.CGEventGetLocation(e); p.x + "," + p.y')
+  const result = await jxa(
+    'ObjC.import("CoreGraphics"); var e = $.CGEventCreate(null); var p = $.CGEventGetLocation(e); p.x + "," + p.y',
+  )
   const [xStr, yStr] = result.split(',')
   return { x: Math.round(Number(xStr)), y: Math.round(Number(yStr)) }
 }
 
-export const mouseButton: InputBackend['mouseButton'] = async (button, action, count) => {
+export const mouseButton: InputBackend['mouseButton'] = async (
+  button,
+  action,
+  count,
+) => {
   const pos = await mouseLocation()
   const btn = button === 'left' ? 0 : button === 'right' ? 1 : 2
-  const downType = btn === 0 ? 'kCGEventLeftMouseDown' : btn === 1 ? 'kCGEventRightMouseDown' : 'kCGEventOtherMouseDown'
-  const upType = btn === 0 ? 'kCGEventLeftMouseUp' : btn === 1 ? 'kCGEventRightMouseUp' : 'kCGEventOtherMouseUp'
+  const downType =
+    btn === 0
+      ? 'kCGEventLeftMouseDown'
+      : btn === 1
+        ? 'kCGEventRightMouseDown'
+        : 'kCGEventOtherMouseDown'
+  const upType =
+    btn === 0
+      ? 'kCGEventLeftMouseUp'
+      : btn === 1
+        ? 'kCGEventRightMouseUp'
+        : 'kCGEventOtherMouseUp'
 
   if (action === 'click') {
     for (let i = 0; i < (count ?? 1); i++) {
@@ -108,28 +167,39 @@ export const mouseButton: InputBackend['mouseButton'] = async (button, action, c
   }
 }
 
-export const mouseScroll: InputBackend['mouseScroll'] = async (amount, direction) => {
-  const script = direction === 'vertical'
-    ? `ObjC.import("CoreGraphics"); var e = $.CGEventCreateScrollWheelEvent(null, 0, 1, ${amount}); $.CGEventPost($.kCGHIDEventTap, e);`
-    : `ObjC.import("CoreGraphics"); var e = $.CGEventCreateScrollWheelEvent(null, 0, 2, 0, ${amount}); $.CGEventPost($.kCGHIDEventTap, e);`
+export const mouseScroll: InputBackend['mouseScroll'] = async (
+  amount,
+  direction,
+) => {
+  const script =
+    direction === 'vertical'
+      ? `ObjC.import("CoreGraphics"); var e = $.CGEventCreateScrollWheelEvent(null, 0, 1, ${amount}); $.CGEventPost($.kCGHIDEventTap, e);`
+      : `ObjC.import("CoreGraphics"); var e = $.CGEventCreateScrollWheelEvent(null, 0, 2, 0, ${amount}); $.CGEventPost($.kCGHIDEventTap, e);`
   await jxa(script)
 }
 
-export const typeText: InputBackend['typeText'] = async (text) => {
+export const typeText: InputBackend['typeText'] = async text => {
   const escaped = text.replace(/\\/g, '\\\\').replace(/"/g, '\\"')
   await osascript(`tell application "System Events" to keystroke "${escaped}"`)
 }
 
 export const getFrontmostAppInfo: InputBackend['getFrontmostAppInfo'] = () => {
   try {
-    const output = execFileSync('osascript', ['-e', `
+    const output = execFileSync(
+      'osascript',
+      [
+        '-e',
+        `
       tell application "System Events"
         set frontApp to first application process whose frontmost is true
         set appName to name of frontApp
         set bundleId to bundle identifier of frontApp
         return bundleId & "|" & appName
       end tell
-    `], { encoding: 'utf-8', stdio: ['pipe', 'pipe', 'ignore'] }).trim()
+    `,
+      ],
+      { encoding: 'utf-8', stdio: ['pipe', 'pipe', 'ignore'] },
+    ).trim()
     if (!output || !output.includes('|')) return null
     const [bundleId, appName] = output.split('|', 2)
     return { bundleId: bundleId!, appName: appName! }

packages/@ant/computer-use-input/src/backends/linux.ts

@@ -32,23 +32,75 @@ async function runAsync(cmd: string[]): Promise<string> {
 // ---------------------------------------------------------------------------
 
 const KEY_MAP: Record<string, string> = {
-  return: 'Return', enter: 'Return', tab: 'Tab', space: 'space',
-  backspace: 'BackSpace', delete: 'Delete', escape: 'Escape', esc: 'Escape',
-  left: 'Left', up: 'Up', right: 'Right', down: 'Down',
-  home: 'Home', end: 'End', pageup: 'Prior', pagedown: 'Next',
-  f1: 'F1', f2: 'F2', f3: 'F3', f4: 'F4', f5: 'F5', f6: 'F6',
-  f7: 'F7', f8: 'F8', f9: 'F9', f10: 'F10', f11: 'F11', f12: 'F12',
-  shift: 'shift', lshift: 'shift', rshift: 'shift',
-  control: 'ctrl', ctrl: 'ctrl', lcontrol: 'ctrl', rcontrol: 'ctrl',
-  alt: 'alt', option: 'alt', lalt: 'alt', ralt: 'alt',
-  win: 'super', meta: 'super', command: 'super', cmd: 'super', super: 'super',
-  insert: 'Insert', printscreen: 'Print', pause: 'Pause',
-  numlock: 'Num_Lock', capslock: 'Caps_Lock', scrolllock: 'Scroll_Lock',
+  return: 'Return',
+  enter: 'Return',
+  tab: 'Tab',
+  space: 'space',
+  backspace: 'BackSpace',
+  delete: 'Delete',
+  escape: 'Escape',
+  esc: 'Escape',
+  left: 'Left',
+  up: 'Up',
+  right: 'Right',
+  down: 'Down',
+  home: 'Home',
+  end: 'End',
+  pageup: 'Prior',
+  pagedown: 'Next',
+  f1: 'F1',
+  f2: 'F2',
+  f3: 'F3',
+  f4: 'F4',
+  f5: 'F5',
+  f6: 'F6',
+  f7: 'F7',
+  f8: 'F8',
+  f9: 'F9',
+  f10: 'F10',
+  f11: 'F11',
+  f12: 'F12',
+  shift: 'shift',
+  lshift: 'shift',
+  rshift: 'shift',
+  control: 'ctrl',
+  ctrl: 'ctrl',
+  lcontrol: 'ctrl',
+  rcontrol: 'ctrl',
+  alt: 'alt',
+  option: 'alt',
+  lalt: 'alt',
+  ralt: 'alt',
+  win: 'super',
+  meta: 'super',
+  command: 'super',
+  cmd: 'super',
+  super: 'super',
+  insert: 'Insert',
+  printscreen: 'Print',
+  pause: 'Pause',
+  numlock: 'Num_Lock',
+  capslock: 'Caps_Lock',
+  scrolllock: 'Scroll_Lock',
 }
 
 const MODIFIER_KEYS = new Set([
-  'shift', 'lshift', 'rshift', 'control', 'ctrl', 'lcontrol', 'rcontrol',
-  'alt', 'option', 'lalt', 'ralt', 'win', 'meta', 'command', 'cmd', 'super',
+  'shift',
+  'lshift',
+  'rshift',
+  'control',
+  'ctrl',
+  'lcontrol',
+  'rcontrol',
+  'alt',
+  'option',
+  'lalt',
+  'ralt',
+  'win',
+  'meta',
+  'command',
+  'cmd',
+  'super',
 ])
 
 function mapKey(name: string): string {
@@ -68,7 +120,13 @@ function mouseButtonNum(button: 'left' | 'right' | 'middle'): string {
 // ---------------------------------------------------------------------------
 
 export const moveMouse: InputBackend['moveMouse'] = async (x, y, _animated) => {
-  run(['xdotool', 'mousemove', '--sync', String(Math.round(x)), String(Math.round(y))])
+  run([
+    'xdotool',
+    'mousemove',
+    '--sync',
+    String(Math.round(x)),
+    String(Math.round(y)),
+  ])
 }
 
 export const mouseLocation: InputBackend['mouseLocation'] = async () => {
@@ -82,7 +140,11 @@ export const mouseLocation: InputBackend['mouseLocation'] = async () => {
   }
 }
 
-export const mouseButton: InputBackend['mouseButton'] = async (button, action, count) => {
+export const mouseButton: InputBackend['mouseButton'] = async (
+  button,
+  action,
+  count,
+) => {
   const btn = mouseButtonNum(button)
   if (action === 'click') {
     const n = count ?? 1
@@ -94,7 +156,10 @@ export const mouseButton: InputBackend['mouseButton'] = async (button, action, c
   }
 }
 
-export const mouseScroll: InputBackend['mouseScroll'] = async (amount, direction) => {
+export const mouseScroll: InputBackend['mouseScroll'] = async (
+  amount,
+  direction,
+) => {
   // xdotool click 4=scroll up, 5=scroll down, 6=scroll left, 7=scroll right
   // Positive amount = down/right, negative = up/left
   if (direction === 'vertical') {
@@ -121,7 +186,7 @@ export const key: InputBackend['key'] = async (keyName, action) => {
   }
 }
 
-export const keys: InputBackend['keys'] = async (parts) => {
+export const keys: InputBackend['keys'] = async parts => {
   // xdotool key accepts "modifier+modifier+key" format
   const modifiers: string[] = []
   let finalKey: string | null = null
@@ -139,7 +204,7 @@ export const keys: InputBackend['keys'] = async (parts) => {
   run(['xdotool', 'key', combo])
 }
 
-export const typeText: InputBackend['typeText'] = async (text) => {
+export const typeText: InputBackend['typeText'] = async text => {
   run(['xdotool', 'type', '--delay', '12', text])
 }
 
@@ -157,16 +222,23 @@ export const getFrontmostAppInfo: InputBackend['getFrontmostAppInfo'] = () => {
     let exePath = ''
     try {
       exePath = run(['readlink', '-f', `/proc/${pid}/exe`])
-    } catch { /* ignore */ }
+    } catch {
+      /* ignore */
+    }
 
     // Read the process name from /proc/comm
     let appName = ''
     try {
       appName = run(['cat', `/proc/${pid}/comm`])
-    } catch { /* ignore */ }
+    } catch {
+      /* ignore */
+    }
 
     if (!exePath && !appName) return null
-    return { bundleId: exePath || `/proc/${pid}/exe`, appName: appName || 'unknown' }
+    return {
+      bundleId: exePath || `/proc/${pid}/exe`,
+      appName: appName || 'unknown',
+    }
   } catch {
     return null
   }

packages/@ant/computer-use-input/src/backends/win32.ts

@@ -92,43 +92,112 @@ public class CuWin32 {
 // ---------------------------------------------------------------------------
 
 const VK_MAP: Record<string, number> = {
-  return: 0x0D, enter: 0x0D, tab: 0x09, space: 0x20,
-  backspace: 0x08, delete: 0x2E, escape: 0x1B, esc: 0x1B,
-  left: 0x25, up: 0x26, right: 0x27, down: 0x28,
-  home: 0x24, end: 0x23, pageup: 0x21, pagedown: 0x22,
-  f1: 0x70, f2: 0x71, f3: 0x72, f4: 0x73, f5: 0x74, f6: 0x75,
-  f7: 0x76, f8: 0x77, f9: 0x78, f10: 0x79, f11: 0x7A, f12: 0x7B,
-  shift: 0xA0, lshift: 0xA0, rshift: 0xA1,
-  control: 0xA2, ctrl: 0xA2, lcontrol: 0xA2, rcontrol: 0xA3,
-  alt: 0xA4, option: 0xA4, lalt: 0xA4, ralt: 0xA5,
-  win: 0x5B, meta: 0x5B, command: 0x5B, cmd: 0x5B, super: 0x5B,
-  insert: 0x2D, printscreen: 0x2C, pause: 0x13,
-  numlock: 0x90, capslock: 0x14, scrolllock: 0x91,
+  return: 0x0d,
+  enter: 0x0d,
+  tab: 0x09,
+  space: 0x20,
+  backspace: 0x08,
+  delete: 0x2e,
+  escape: 0x1b,
+  esc: 0x1b,
+  left: 0x25,
+  up: 0x26,
+  right: 0x27,
+  down: 0x28,
+  home: 0x24,
+  end: 0x23,
+  pageup: 0x21,
+  pagedown: 0x22,
+  f1: 0x70,
+  f2: 0x71,
+  f3: 0x72,
+  f4: 0x73,
+  f5: 0x74,
+  f6: 0x75,
+  f7: 0x76,
+  f8: 0x77,
+  f9: 0x78,
+  f10: 0x79,
+  f11: 0x7a,
+  f12: 0x7b,
+  shift: 0xa0,
+  lshift: 0xa0,
+  rshift: 0xa1,
+  control: 0xa2,
+  ctrl: 0xa2,
+  lcontrol: 0xa2,
+  rcontrol: 0xa3,
+  alt: 0xa4,
+  option: 0xa4,
+  lalt: 0xa4,
+  ralt: 0xa5,
+  win: 0x5b,
+  meta: 0x5b,
+  command: 0x5b,
+  cmd: 0x5b,
+  super: 0x5b,
+  insert: 0x2d,
+  printscreen: 0x2c,
+  pause: 0x13,
+  numlock: 0x90,
+  capslock: 0x14,
+  scrolllock: 0x91,
 }
 
-const MODIFIER_KEYS = new Set(['shift', 'lshift', 'rshift', 'control', 'ctrl', 'lcontrol', 'rcontrol', 'alt', 'option', 'lalt', 'ralt', 'win', 'meta', 'command', 'cmd', 'super'])
+const MODIFIER_KEYS = new Set([
+  'shift',
+  'lshift',
+  'rshift',
+  'control',
+  'ctrl',
+  'lcontrol',
+  'rcontrol',
+  'alt',
+  'option',
+  'lalt',
+  'ralt',
+  'win',
+  'meta',
+  'command',
+  'cmd',
+  'super',
+])
 
 // ---------------------------------------------------------------------------
 // Implementation
 // ---------------------------------------------------------------------------
 
 export const moveMouse: InputBackend['moveMouse'] = async (x, y, _animated) => {
-  ps(`${WIN32_TYPES}; [CuWin32]::SetCursorPos(${Math.round(x)}, ${Math.round(y)}) | Out-Null`)
+  ps(
+    `${WIN32_TYPES}; [CuWin32]::SetCursorPos(${Math.round(x)}, ${Math.round(y)}) | Out-Null`,
+  )
 }
 
 export const mouseLocation: InputBackend['mouseLocation'] = async () => {
-  const out = ps(`${WIN32_TYPES}; $p = New-Object CuWin32+POINT; [CuWin32]::GetCursorPos([ref]$p) | Out-Null; "$($p.X),$($p.Y)"`)
+  const out = ps(
+    `${WIN32_TYPES}; $p = New-Object CuWin32+POINT; [CuWin32]::GetCursorPos([ref]$p) | Out-Null; "$($p.X),$($p.Y)"`,
+  )
   const [xStr, yStr] = out.split(',')
   return { x: Number(xStr), y: Number(yStr) }
 }
 
-export const mouseButton: InputBackend['mouseButton'] = async (button, action, count) => {
-  const downFlag = button === 'left' ? 'MOUSEEVENTF_LEFTDOWN'
-    : button === 'right' ? 'MOUSEEVENTF_RIGHTDOWN'
-    : 'MOUSEEVENTF_MIDDLEDOWN'
-  const upFlag = button === 'left' ? 'MOUSEEVENTF_LEFTUP'
-    : button === 'right' ? 'MOUSEEVENTF_RIGHTUP'
-    : 'MOUSEEVENTF_MIDDLEUP'
+export const mouseButton: InputBackend['mouseButton'] = async (
+  button,
+  action,
+  count,
+) => {
+  const downFlag =
+    button === 'left'
+      ? 'MOUSEEVENTF_LEFTDOWN'
+      : button === 'right'
+        ? 'MOUSEEVENTF_RIGHTDOWN'
+        : 'MOUSEEVENTF_MIDDLEDOWN'
+  const upFlag =
+    button === 'left'
+      ? 'MOUSEEVENTF_LEFTUP'
+      : button === 'right'
+        ? 'MOUSEEVENTF_RIGHTUP'
+        : 'MOUSEEVENTF_MIDDLEUP'
 
   if (action === 'click') {
     const n = count ?? 1
@@ -136,17 +205,29 @@ export const mouseButton: InputBackend['mouseButton'] = async (button, action, c
     for (let i = 0; i < n; i++) {
       clicks += `$i.mi.dwFlags=[CuWin32]::${downFlag}; [CuWin32]::SendInput(1, @($i), [Runtime.InteropServices.Marshal]::SizeOf($i)) | Out-Null; $i.mi.dwFlags=[CuWin32]::${upFlag}; [CuWin32]::SendInput(1, @($i), [Runtime.InteropServices.Marshal]::SizeOf($i)) | Out-Null; `
     }
-    ps(`${WIN32_TYPES}; $i = New-Object CuWin32+INPUT; $i.type=[CuWin32]::INPUT_MOUSE; ${clicks}`)
+    ps(
+      `${WIN32_TYPES}; $i = New-Object CuWin32+INPUT; $i.type=[CuWin32]::INPUT_MOUSE; ${clicks}`,
+    )
   } else if (action === 'press') {
-    ps(`${WIN32_TYPES}; $i = New-Object CuWin32+INPUT; $i.type=[CuWin32]::INPUT_MOUSE; $i.mi.dwFlags=[CuWin32]::${downFlag}; [CuWin32]::SendInput(1, @($i), [Runtime.InteropServices.Marshal]::SizeOf($i)) | Out-Null`)
+    ps(
+      `${WIN32_TYPES}; $i = New-Object CuWin32+INPUT; $i.type=[CuWin32]::INPUT_MOUSE; $i.mi.dwFlags=[CuWin32]::${downFlag}; [CuWin32]::SendInput(1, @($i), [Runtime.InteropServices.Marshal]::SizeOf($i)) | Out-Null`,
+    )
   } else {
-    ps(`${WIN32_TYPES}; $i = New-Object CuWin32+INPUT; $i.type=[CuWin32]::INPUT_MOUSE; $i.mi.dwFlags=[CuWin32]::${upFlag}; [CuWin32]::SendInput(1, @($i), [Runtime.InteropServices.Marshal]::SizeOf($i)) | Out-Null`)
+    ps(
+      `${WIN32_TYPES}; $i = New-Object CuWin32+INPUT; $i.type=[CuWin32]::INPUT_MOUSE; $i.mi.dwFlags=[CuWin32]::${upFlag}; [CuWin32]::SendInput(1, @($i), [Runtime.InteropServices.Marshal]::SizeOf($i)) | Out-Null`,
+    )
   }
 }
 
-export const mouseScroll: InputBackend['mouseScroll'] = async (amount, direction) => {
-  const flag = direction === 'vertical' ? 'MOUSEEVENTF_WHEEL' : 'MOUSEEVENTF_HWHEEL'
-  ps(`${WIN32_TYPES}; $i = New-Object CuWin32+INPUT; $i.type=[CuWin32]::INPUT_MOUSE; $i.mi.dwFlags=[CuWin32]::${flag}; $i.mi.mouseData=${amount * 120}; [CuWin32]::SendInput(1, @($i), [Runtime.InteropServices.Marshal]::SizeOf($i)) | Out-Null`)
+export const mouseScroll: InputBackend['mouseScroll'] = async (
+  amount,
+  direction,
+) => {
+  const flag =
+    direction === 'vertical' ? 'MOUSEEVENTF_WHEEL' : 'MOUSEEVENTF_HWHEEL'
+  ps(
+    `${WIN32_TYPES}; $i = New-Object CuWin32+INPUT; $i.type=[CuWin32]::INPUT_MOUSE; $i.mi.dwFlags=[CuWin32]::${flag}; $i.mi.mouseData=${amount * 120}; [CuWin32]::SendInput(1, @($i), [Runtime.InteropServices.Marshal]::SizeOf($i)) | Out-Null`,
+  )
 }
 
 export const key: InputBackend['key'] = async (keyName, action) => {
@@ -154,15 +235,19 @@ export const key: InputBackend['key'] = async (keyName, action) => {
   const vk = VK_MAP[lower]
   const flags = action === 'release' ? '2' : '0'
   if (vk !== undefined) {
-    ps(`${WIN32_TYPES}; [CuWin32]::keybd_event(${vk}, 0, ${flags}, [UIntPtr]::Zero)`)
+    ps(
+      `${WIN32_TYPES}; [CuWin32]::keybd_event(${vk}, 0, ${flags}, [UIntPtr]::Zero)`,
+    )
   } else if (keyName.length === 1) {
     // Single character — use VkKeyScan to resolve
     const charCode = keyName.charCodeAt(0)
-    ps(`${WIN32_TYPES}; $vk = [CuWin32]::VkKeyScan([char]${charCode}) -band 0xFF; [CuWin32]::keybd_event([byte]$vk, 0, ${flags}, [UIntPtr]::Zero)`)
+    ps(
+      `${WIN32_TYPES}; $vk = [CuWin32]::VkKeyScan([char]${charCode}) -band 0xFF; [CuWin32]::keybd_event([byte]$vk, 0, ${flags}, [UIntPtr]::Zero)`,
+    )
   }
 }
 
-export const keys: InputBackend['keys'] = async (parts) => {
+export const keys: InputBackend['keys'] = async parts => {
   const modifiers: number[] = []
   let finalKey: string | null = null
 
@@ -196,9 +281,11 @@ export const keys: InputBackend['keys'] = async (parts) => {
   ps(script)
 }
 
-export const typeText: InputBackend['typeText'] = async (text) => {
+export const typeText: InputBackend['typeText'] = async text => {
   const escaped = text.replace(/'/g, "''")
-  ps(`Add-Type -AssemblyName System.Windows.Forms; [System.Windows.Forms.SendKeys]::SendWait('${escaped}')`)
+  ps(
+    `Add-Type -AssemblyName System.Windows.Forms; [System.Windows.Forms.SendKeys]::SendWait('${escaped}')`,
+  )
 }
 
 export const getFrontmostAppInfo: InputBackend['getFrontmostAppInfo'] = () => {

packages/@ant/computer-use-input/src/index.ts

@@ -15,8 +15,15 @@ export interface InputBackend {
   key(key: string, action: 'press' | 'release'): Promise<void>
   keys(parts: string[]): Promise<void>
   mouseLocation(): Promise<{ x: number; y: number }>
-  mouseButton(button: 'left' | 'right' | 'middle', action: 'click' | 'press' | 'release', count?: number): Promise<void>
-  mouseScroll(amount: number, direction: 'vertical' | 'horizontal'): Promise<void>
+  mouseButton(
+    button: 'left' | 'right' | 'middle',
+    action: 'click' | 'press' | 'release',
+    count?: number,
+  ): Promise<void>
+  mouseScroll(
+    amount: number,
+    direction: 'vertical' | 'horizontal',
+  ): Promise<void>
   typeText(text: string): Promise<void>
   getFrontmostAppInfo(): FrontmostAppInfo | null
 }
@@ -60,5 +67,7 @@ export class ComputerUseInputAPI {
   declare isSupported: true
 }
 
-interface ComputerUseInputUnsupported { isSupported: false }
+interface ComputerUseInputUnsupported {
+  isSupported: false
+}
 export type ComputerUseInput = ComputerUseInputAPI | ComputerUseInputUnsupported

packages/@ant/computer-use-input/src/types.ts

@@ -1,5 +1,5 @@
 export interface FrontmostAppInfo {
-  bundleId: string  // macOS: bundle ID, Windows: exe path
+  bundleId: string // macOS: bundle ID, Windows: exe path
   appName: string
 }
 
@@ -13,7 +13,10 @@ export interface InputBackend {
     action: 'click' | 'press' | 'release',
     count?: number,
   ): Promise<void>
-  mouseScroll(amount: number, direction: 'vertical' | 'horizontal'): Promise<void>
+  mouseScroll(
+    amount: number,
+    direction: 'vertical' | 'horizontal',
+  ): Promise<void>
   typeText(text: string): Promise<void>
   getFrontmostAppInfo(): FrontmostAppInfo | null
 }

packages/@ant/computer-use-mcp/package.json

@@ -1,13 +1,13 @@
 {
-    "name": "@ant/computer-use-mcp",
-    "version": "1.0.0",
-    "private": true,
-    "type": "module",
-    "main": "./src/index.ts",
-    "types": "./src/index.ts",
-    "exports": {
-        ".": "./src/index.ts",
-        "./sentinelApps": "./src/sentinelApps.ts",
-        "./types": "./src/types.ts"
-    }
+  "name": "@ant/computer-use-mcp",
+  "version": "1.0.0",
+  "private": true,
+  "type": "module",
+  "main": "./src/index.ts",
+  "types": "./src/index.ts",
+  "exports": {
+    ".": "./src/index.ts",
+    "./sentinelApps": "./src/sentinelApps.ts",
+    "./types": "./src/types.ts"
+  }
 }

packages/@ant/computer-use-mcp/src/deniedApps.ts

@@ -31,7 +31,7 @@
  * duplicated as a string literal below rather than imported.
  */
 
-export type DeniedCategory = "browser" | "terminal" | "trading";
+export type DeniedCategory = 'browser' | 'terminal' | 'trading'
 
 /**
  * Map a category to its hardcoded tier. Return-type is the string-literal
@@ -44,54 +44,54 @@ export type DeniedCategory = "browser" | "terminal" | "trading";
  */
 export function categoryToTier(
   category: DeniedCategory | null,
-): "read" | "click" | "full" {
-  if (category === "browser" || category === "trading") return "read";
-  if (category === "terminal") return "click";
-  return "full";
+): 'read' | 'click' | 'full' {
+  if (category === 'browser' || category === 'trading') return 'read'
+  if (category === 'terminal') return 'click'
+  return 'full'
 }
 
 // ─── Bundle-ID deny sets (macOS) ─────────────────────────────────────────
 
 const BROWSER_BUNDLE_IDS: ReadonlySet<string> = new Set([
   // Apple
-  "com.apple.Safari",
-  "com.apple.SafariTechnologyPreview",
+  'com.apple.Safari',
+  'com.apple.SafariTechnologyPreview',
   // Google
-  "com.google.Chrome",
-  "com.google.Chrome.beta",
-  "com.google.Chrome.dev",
-  "com.google.Chrome.canary",
+  'com.google.Chrome',
+  'com.google.Chrome.beta',
+  'com.google.Chrome.dev',
+  'com.google.Chrome.canary',
   // Microsoft
-  "com.microsoft.edgemac",
-  "com.microsoft.edgemac.Beta",
-  "com.microsoft.edgemac.Dev",
-  "com.microsoft.edgemac.Canary",
+  'com.microsoft.edgemac',
+  'com.microsoft.edgemac.Beta',
+  'com.microsoft.edgemac.Dev',
+  'com.microsoft.edgemac.Canary',
   // Mozilla
-  "org.mozilla.firefox",
-  "org.mozilla.firefoxdeveloperedition",
-  "org.mozilla.nightly",
+  'org.mozilla.firefox',
+  'org.mozilla.firefoxdeveloperedition',
+  'org.mozilla.nightly',
   // Chromium-based
-  "org.chromium.Chromium",
-  "com.brave.Browser",
-  "com.brave.Browser.beta",
-  "com.brave.Browser.nightly",
-  "com.operasoftware.Opera",
-  "com.operasoftware.OperaGX",
-  "com.operasoftware.OperaDeveloper",
-  "com.vivaldi.Vivaldi",
+  'org.chromium.Chromium',
+  'com.brave.Browser',
+  'com.brave.Browser.beta',
+  'com.brave.Browser.nightly',
+  'com.operasoftware.Opera',
+  'com.operasoftware.OperaGX',
+  'com.operasoftware.OperaDeveloper',
+  'com.vivaldi.Vivaldi',
   // The Browser Company
-  "company.thebrowser.Browser", // Arc
-  "company.thebrowser.dia", // Dia (agentic)
+  'company.thebrowser.Browser', // Arc
+  'company.thebrowser.dia', // Dia (agentic)
   // Privacy-focused
-  "org.torproject.torbrowser",
-  "com.duckduckgo.macos.browser",
-  "ru.yandex.desktop.yandex-browser",
+  'org.torproject.torbrowser',
+  'com.duckduckgo.macos.browser',
+  'ru.yandex.desktop.yandex-browser',
   // Agentic / AI browsers — newer entrants with LLM integrations
-  "ai.perplexity.comet",
-  "com.sigmaos.sigmaos.macos", // SigmaOS
+  'ai.perplexity.comet',
+  'com.sigmaos.sigmaos.macos', // SigmaOS
   // Webkit-based misc
-  "com.kagi.kagimacOS", // Orion
-]);
+  'com.kagi.kagimacOS', // Orion
+])
 
 /**
  * Terminals + IDEs with integrated terminals. Supersets
@@ -101,66 +101,66 @@ const BROWSER_BUNDLE_IDS: ReadonlySet<string> = new Set([
  */
 const TERMINAL_BUNDLE_IDS: ReadonlySet<string> = new Set([
   // Dedicated terminals
-  "com.apple.Terminal",
-  "com.googlecode.iterm2",
-  "dev.warp.Warp-Stable",
-  "dev.warp.Warp-Beta",
-  "com.github.wez.wezterm",
-  "org.alacritty",
-  "io.alacritty", // pre-v0.11.0 (renamed 2022-07) — kept for legacy installs
-  "net.kovidgoyal.kitty",
-  "co.zeit.hyper",
-  "com.mitchellh.ghostty",
-  "org.tabby",
-  "com.termius-dmg.mac", // Termius
+  'com.apple.Terminal',
+  'com.googlecode.iterm2',
+  'dev.warp.Warp-Stable',
+  'dev.warp.Warp-Beta',
+  'com.github.wez.wezterm',
+  'org.alacritty',
+  'io.alacritty', // pre-v0.11.0 (renamed 2022-07) — kept for legacy installs
+  'net.kovidgoyal.kitty',
+  'co.zeit.hyper',
+  'com.mitchellh.ghostty',
+  'org.tabby',
+  'com.termius-dmg.mac', // Termius
   // IDEs with integrated terminals — we can't distinguish "type in the
   // editor" from "type in the integrated terminal" via screenshot+click.
   //   VS Code family
-  "com.microsoft.VSCode",
-  "com.microsoft.VSCodeInsiders",
-  "com.vscodium", // VSCodium
-  "com.todesktop.230313mzl4w4u92", // Cursor
-  "com.exafunction.windsurf", // Windsurf / Codeium
-  "dev.zed.Zed",
-  "dev.zed.Zed-Preview",
+  'com.microsoft.VSCode',
+  'com.microsoft.VSCodeInsiders',
+  'com.vscodium', // VSCodium
+  'com.todesktop.230313mzl4w4u92', // Cursor
+  'com.exafunction.windsurf', // Windsurf / Codeium
+  'dev.zed.Zed',
+  'dev.zed.Zed-Preview',
   //   JetBrains family (all have integrated terminals)
-  "com.jetbrains.intellij",
-  "com.jetbrains.intellij.ce",
-  "com.jetbrains.pycharm",
-  "com.jetbrains.pycharm.ce",
-  "com.jetbrains.WebStorm",
-  "com.jetbrains.CLion",
-  "com.jetbrains.goland",
-  "com.jetbrains.rubymine",
-  "com.jetbrains.PhpStorm",
-  "com.jetbrains.datagrip",
-  "com.jetbrains.rider",
-  "com.jetbrains.AppCode",
-  "com.jetbrains.rustrover",
-  "com.jetbrains.fleet",
-  "com.google.android.studio", // Android Studio (JetBrains-based)
+  'com.jetbrains.intellij',
+  'com.jetbrains.intellij.ce',
+  'com.jetbrains.pycharm',
+  'com.jetbrains.pycharm.ce',
+  'com.jetbrains.WebStorm',
+  'com.jetbrains.CLion',
+  'com.jetbrains.goland',
+  'com.jetbrains.rubymine',
+  'com.jetbrains.PhpStorm',
+  'com.jetbrains.datagrip',
+  'com.jetbrains.rider',
+  'com.jetbrains.AppCode',
+  'com.jetbrains.rustrover',
+  'com.jetbrains.fleet',
+  'com.google.android.studio', // Android Studio (JetBrains-based)
   //   Other IDEs
-  "com.axosoft.gitkraken", // GitKraken has an integrated terminal panel. Also keeps the "kraken" trading-substring from miscategorizing it — bundle-ID wins.
-  "com.sublimetext.4",
-  "com.sublimetext.3",
-  "org.vim.MacVim",
-  "com.neovim.neovim",
-  "org.gnu.Emacs",
+  'com.axosoft.gitkraken', // GitKraken has an integrated terminal panel. Also keeps the "kraken" trading-substring from miscategorizing it — bundle-ID wins.
+  'com.sublimetext.4',
+  'com.sublimetext.3',
+  'org.vim.MacVim',
+  'com.neovim.neovim',
+  'org.gnu.Emacs',
   // Xcode's previous carve-out (full tier for Interface Builder / simulator)
   // was reversed — at tier "click" IB and simulator taps still work (both are
   // plain clicks) while the integrated terminal is blocked from keyboard input.
-  "com.apple.dt.Xcode",
-  "org.eclipse.platform.ide",
-  "org.netbeans.ide",
-  "com.microsoft.visual-studio", // Visual Studio for Mac
+  'com.apple.dt.Xcode',
+  'org.eclipse.platform.ide',
+  'org.netbeans.ide',
+  'com.microsoft.visual-studio', // Visual Studio for Mac
   // AppleScript/automation execution surfaces — same threat as terminals:
   // type(script) → key("cmd+r") runs arbitrary code. Added after #28011
   // removed the osascript MCP server, making CU the only tool-call route
   // to AppleScript.
-  "com.apple.ScriptEditor2",
-  "com.apple.Automator",
-  "com.apple.shortcuts",
-]);
+  'com.apple.ScriptEditor2',
+  'com.apple.Automator',
+  'com.apple.shortcuts',
+])
 
 /**
  * Trading / crypto platforms — granted at tier `"read"` so the agent can see
@@ -178,29 +178,29 @@ const TERMINAL_BUNDLE_IDS: ReadonlySet<string> = new Set([
 const TRADING_BUNDLE_IDS: ReadonlySet<string> = new Set([
   // Verified via Homebrew quit/zap stanzas + mdls + electron-builder source.
   //   Trading
-  "com.webull.desktop.v1", // Webull (direct download, Qt)
-  "com.webull.trade.mac.v1", // Webull (Mac App Store)
-  "com.tastytrade.desktop",
-  "com.tradingview.tradingviewapp.desktop",
-  "com.fidelity.activetrader", // Fidelity Trader+ (new)
-  "com.fmr.activetrader", // Fidelity Active Trader Pro (legacy)
+  'com.webull.desktop.v1', // Webull (direct download, Qt)
+  'com.webull.trade.mac.v1', // Webull (Mac App Store)
+  'com.tastytrade.desktop',
+  'com.tradingview.tradingviewapp.desktop',
+  'com.fidelity.activetrader', // Fidelity Trader+ (new)
+  'com.fmr.activetrader', // Fidelity Active Trader Pro (legacy)
   // Interactive Brokers TWS — install4j wrapper; Homebrew quit stanza is
   // authoritative for this exact value but install4j IDs can drift across
   // major versions — name-substring "trader workstation" is the fallback.
-  "com.install4j.5889-6375-8446-2021",
+  'com.install4j.5889-6375-8446-2021',
   //   Crypto
-  "com.binance.BinanceDesktop",
-  "com.electron.exodus",
+  'com.binance.BinanceDesktop',
+  'com.electron.exodus',
   // Electrum uses PyInstaller with bundle_identifier=None → defaults to
   // org.pythonmac.unspecified.<AppName>. Confirmed in spesmilo/electrum
   // source + Homebrew zap. IntuneBrew's "org.electrum.electrum" is a fork.
-  "org.pythonmac.unspecified.Electrum",
-  "com.ledger.live",
-  "io.trezor.TrezorSuite",
+  'org.pythonmac.unspecified.Electrum',
+  'com.ledger.live',
+  'io.trezor.TrezorSuite',
   // No native macOS app (name-substring only): Schwab, E*TRADE, TradeStation,
   // Robinhood, NinjaTrader, Coinbase, Kraken, Bloomberg. thinkorswim
   // install4j ID drifts per-install — substring safer.
-]);
+])
 
 // ─── Policy-deny (not a tier — cannot be granted at all) ─────────────────
 //
@@ -215,78 +215,78 @@ const TRADING_BUNDLE_IDS: ReadonlySet<string> = new Set([
 const POLICY_DENIED_BUNDLE_IDS: ReadonlySet<string> = new Set([
   // Verified via Homebrew quit/zap + mdls /System/Applications + IntuneBrew.
   //   Apple built-ins
-  "com.apple.TV",
-  "com.apple.Music",
-  "com.apple.iBooksX",
-  "com.apple.podcasts",
+  'com.apple.TV',
+  'com.apple.Music',
+  'com.apple.iBooksX',
+  'com.apple.podcasts',
   //   Music
-  "com.spotify.client",
-  "com.amazon.music",
-  "com.tidal.desktop",
-  "com.deezer.deezer-desktop",
-  "com.pandora.desktop",
-  "com.electron.pocket-casts", // direct-download Electron wrapper
-  "au.com.shiftyjelly.PocketCasts", // Mac App Store
+  'com.spotify.client',
+  'com.amazon.music',
+  'com.tidal.desktop',
+  'com.deezer.deezer-desktop',
+  'com.pandora.desktop',
+  'com.electron.pocket-casts', // direct-download Electron wrapper
+  'au.com.shiftyjelly.PocketCasts', // Mac App Store
   //   Video
-  "tv.plex.desktop",
-  "tv.plex.htpc",
-  "tv.plex.plexamp",
-  "com.amazon.aiv.AIVApp", // Prime Video (iOS-on-Apple-Silicon)
+  'tv.plex.desktop',
+  'tv.plex.htpc',
+  'tv.plex.plexamp',
+  'com.amazon.aiv.AIVApp', // Prime Video (iOS-on-Apple-Silicon)
   //   Ebooks
-  "net.kovidgoyal.calibre",
-  "com.amazon.Kindle", // legacy desktop, discontinued
-  "com.amazon.Lassen", // current Mac App Store (iOS-on-Mac)
-  "com.kobo.desktop.Kobo",
+  'net.kovidgoyal.calibre',
+  'com.amazon.Kindle', // legacy desktop, discontinued
+  'com.amazon.Lassen', // current Mac App Store (iOS-on-Mac)
+  'com.kobo.desktop.Kobo',
   // No native macOS app (name-substring only): Netflix, Disney+, Hulu,
   // HBO Max, Peacock, Paramount+, YouTube, Crunchyroll, Tubi, Vudu,
   // Audible, Reddit, NYTimes. Their iOS apps don't opt into iPad-on-Mac.
-]);
+])
 
 const POLICY_DENIED_NAME_SUBSTRINGS: readonly string[] = [
   // Video streaming
-  "netflix",
-  "disney+",
-  "hulu",
-  "prime video",
-  "apple tv",
-  "peacock",
-  "paramount+",
+  'netflix',
+  'disney+',
+  'hulu',
+  'prime video',
+  'apple tv',
+  'peacock',
+  'paramount+',
   // "plex" is too generic — would match "Perplexity". Covered by
   // tv.plex.* bundle IDs on macOS.
-  "tubi",
-  "crunchyroll",
-  "vudu",
+  'tubi',
+  'crunchyroll',
+  'vudu',
   // E-readers / audiobooks
-  "kindle",
-  "apple books",
-  "kobo",
-  "play books",
-  "calibre",
-  "libby",
-  "readium",
-  "audible",
-  "libro.fm",
-  "speechify",
+  'kindle',
+  'apple books',
+  'kobo',
+  'play books',
+  'calibre',
+  'libby',
+  'readium',
+  'audible',
+  'libro.fm',
+  'speechify',
   // Music
-  "spotify",
-  "apple music",
-  "amazon music",
-  "youtube music",
-  "tidal",
-  "deezer",
-  "pandora",
-  "pocket casts",
+  'spotify',
+  'apple music',
+  'amazon music',
+  'youtube music',
+  'tidal',
+  'deezer',
+  'pandora',
+  'pocket casts',
   // Publisher / social apps (from the same blocklist tab)
-  "naver",
-  "reddit",
-  "sony music",
-  "vegas pro",
-  "pitchfork",
-  "economist",
-  "nytimes",
+  'naver',
+  'reddit',
+  'sony music',
+  'vegas pro',
+  'pitchfork',
+  'economist',
+  'nytimes',
   // Skipped (too generic for substring matching — need bundle ID):
   //   HBO Max / Max, YouTube (non-Music), Nook, Sony Catalyst, Wired
-];
+]
 
 /**
  * Policy-level auto-deny. Unlike `userDeniedBundleIds` (per-user Settings
@@ -298,19 +298,19 @@ export function isPolicyDenied(
   bundleId: string | undefined,
   displayName: string,
 ): boolean {
-  if (bundleId && POLICY_DENIED_BUNDLE_IDS.has(bundleId)) return true;
-  const lower = displayName.toLowerCase();
+  if (bundleId && POLICY_DENIED_BUNDLE_IDS.has(bundleId)) return true
+  const lower = displayName.toLowerCase()
   for (const sub of POLICY_DENIED_NAME_SUBSTRINGS) {
-    if (lower.includes(sub)) return true;
+    if (lower.includes(sub)) return true
   }
-  return false;
+  return false
 }
 
 export function getDeniedCategory(bundleId: string): DeniedCategory | null {
-  if (BROWSER_BUNDLE_IDS.has(bundleId)) return "browser";
-  if (TERMINAL_BUNDLE_IDS.has(bundleId)) return "terminal";
-  if (TRADING_BUNDLE_IDS.has(bundleId)) return "trading";
-  return null;
+  if (BROWSER_BUNDLE_IDS.has(bundleId)) return 'browser'
+  if (TERMINAL_BUNDLE_IDS.has(bundleId)) return 'terminal'
+  if (TRADING_BUNDLE_IDS.has(bundleId)) return 'trading'
+  return null
 }
 
 // ─── Display-name fallback (cross-platform) ──────────────────────────────
@@ -325,160 +325,160 @@ export function getDeniedCategory(bundleId: string): DeniedCategory | null {
  * first match, but groupings are by category for readability).
  */
 const BROWSER_NAME_SUBSTRINGS: readonly string[] = [
-  "safari",
-  "chrome",
-  "firefox",
-  "microsoft edge",
-  "brave",
-  "opera",
-  "vivaldi",
-  "chromium",
+  'safari',
+  'chrome',
+  'firefox',
+  'microsoft edge',
+  'brave',
+  'opera',
+  'vivaldi',
+  'chromium',
   // Arc/Dia: the canonical display name is just "Arc"/"Dia" — too short for
   // substring matching (false-positives: "Arcade", "Diagram"). Covered by
   // bundle ID on macOS. The "... browser" entries below catch natural-language
   // phrasings ("the arc browser") but NOT the canonical short name.
-  "arc browser",
-  "tor browser",
-  "duckduckgo",
-  "yandex",
-  "orion browser",
+  'arc browser',
+  'tor browser',
+  'duckduckgo',
+  'yandex',
+  'orion browser',
   // Agentic / AI browsers
-  "comet", // Perplexity's browser — "Comet" substring risks false positives
+  'comet', // Perplexity's browser — "Comet" substring risks false positives
   // but leaving for now; "comet" in an app name is rare
-  "sigmaos",
-  "dia browser",
-];
+  'sigmaos',
+  'dia browser',
+]
 
 const TERMINAL_NAME_SUBSTRINGS: readonly string[] = [
   // macOS / cross-platform terminals
-  "terminal", // catches Terminal, Windows Terminal (NOT iTerm — separate entry)
-  "iterm",
-  "wezterm",
-  "alacritty",
-  "kitty",
-  "ghostty",
-  "tabby",
-  "termius",
+  'terminal', // catches Terminal, Windows Terminal (NOT iTerm — separate entry)
+  'iterm',
+  'wezterm',
+  'alacritty',
+  'kitty',
+  'ghostty',
+  'tabby',
+  'termius',
   // AppleScript runners — see bundle-ID comment above. "shortcuts" is too
   // generic for substring matching (many apps have "shortcuts" in the name);
   // covered by bundle ID only, like warp/hyper.
-  "script editor",
-  "automator",
+  'script editor',
+  'automator',
   // NOTE: "warp" and "hyper" are too generic for substring matching —
   // they'd false-positive on "Warpaint" or "Hyperion". Covered by bundle ID
   // (dev.warp.Warp-Stable, co.zeit.hyper) for macOS; Windows exe-name
   // matching can be added when Windows CU ships.
   // Windows shells (activate when the darwin gate lifts)
-  "powershell",
-  "cmd.exe",
-  "command prompt",
-  "git bash",
-  "conemu",
-  "cmder",
+  'powershell',
+  'cmd.exe',
+  'command prompt',
+  'git bash',
+  'conemu',
+  'cmder',
   // IDEs (VS Code family)
-  "visual studio code",
-  "visual studio", // catches VS for Mac + Windows
-  "vscode",
-  "vs code",
-  "vscodium",
-  "cursor", // Cursor IDE — "cursor" is generic but IDE is the only common app
-  "windsurf",
+  'visual studio code',
+  'visual studio', // catches VS for Mac + Windows
+  'vscode',
+  'vs code',
+  'vscodium',
+  'cursor', // Cursor IDE — "cursor" is generic but IDE is the only common app
+  'windsurf',
   // Zed: display name is just "Zed" — too short for substring matching
   // (false-positives). Covered by bundle ID (dev.zed.Zed) on macOS.
   // IDEs (JetBrains family)
-  "intellij",
-  "pycharm",
-  "webstorm",
-  "clion",
-  "goland",
-  "rubymine",
-  "phpstorm",
-  "datagrip",
-  "rider",
-  "appcode",
-  "rustrover",
-  "fleet",
-  "android studio",
+  'intellij',
+  'pycharm',
+  'webstorm',
+  'clion',
+  'goland',
+  'rubymine',
+  'phpstorm',
+  'datagrip',
+  'rider',
+  'appcode',
+  'rustrover',
+  'fleet',
+  'android studio',
   // Other IDEs
-  "sublime text",
-  "macvim",
-  "neovim",
-  "emacs",
-  "xcode",
-  "eclipse",
-  "netbeans",
-];
+  'sublime text',
+  'macvim',
+  'neovim',
+  'emacs',
+  'xcode',
+  'eclipse',
+  'netbeans',
+]
 
 const TRADING_NAME_SUBSTRINGS: readonly string[] = [
   // Trading — brokerage apps. Sourced from the ACP CU-apps blocklist xlsx
   // ("Read Only" tab). Name-substring safe for proper nouns below; generic
   // names (IG, Delta, HTX) are skipped and need bundle-ID matching once
   // verified.
-  "bloomberg",
-  "ameritrade",
-  "thinkorswim",
-  "schwab",
-  "fidelity",
-  "e*trade",
-  "interactive brokers",
-  "trader workstation", // Interactive Brokers TWS
-  "tradestation",
-  "webull",
-  "robinhood",
-  "tastytrade",
-  "ninjatrader",
-  "tradingview",
-  "moomoo",
-  "tradezero",
-  "prorealtime",
-  "plus500",
-  "saxotrader",
-  "oanda",
-  "metatrader",
-  "forex.com",
-  "avaoptions",
-  "ctrader",
-  "jforex",
-  "iq option",
-  "olymp trade",
-  "binomo",
-  "pocket option",
-  "raceoption",
-  "expertoption",
-  "quotex",
-  "naga",
-  "morgan stanley",
-  "ubs neo",
-  "eikon", // Thomson Reuters / LSEG Workspace
+  'bloomberg',
+  'ameritrade',
+  'thinkorswim',
+  'schwab',
+  'fidelity',
+  'e*trade',
+  'interactive brokers',
+  'trader workstation', // Interactive Brokers TWS
+  'tradestation',
+  'webull',
+  'robinhood',
+  'tastytrade',
+  'ninjatrader',
+  'tradingview',
+  'moomoo',
+  'tradezero',
+  'prorealtime',
+  'plus500',
+  'saxotrader',
+  'oanda',
+  'metatrader',
+  'forex.com',
+  'avaoptions',
+  'ctrader',
+  'jforex',
+  'iq option',
+  'olymp trade',
+  'binomo',
+  'pocket option',
+  'raceoption',
+  'expertoption',
+  'quotex',
+  'naga',
+  'morgan stanley',
+  'ubs neo',
+  'eikon', // Thomson Reuters / LSEG Workspace
   // Crypto — exchanges, wallets, portfolio trackers
-  "coinbase",
-  "kraken",
-  "binance",
-  "okx",
-  "bybit",
+  'coinbase',
+  'kraken',
+  'binance',
+  'okx',
+  'bybit',
   // "gate.io" is too generic — the ".io" TLD suffix is common in app names
   // (e.g., "Draw.io"). Needs bundle-ID matching once verified.
-  "phemex",
-  "stormgain",
-  "crypto.com",
+  'phemex',
+  'stormgain',
+  'crypto.com',
   // "exodus" is too generic — it's a common noun and would match unrelated
   // apps/games. Needs bundle-ID matching once verified.
-  "electrum",
-  "ledger live",
-  "trezor",
-  "guarda",
-  "atomic wallet",
-  "bitpay",
-  "bisq",
-  "koinly",
-  "cointracker",
-  "blockfi",
-  "stripe cli",
+  'electrum',
+  'ledger live',
+  'trezor',
+  'guarda',
+  'atomic wallet',
+  'bitpay',
+  'bisq',
+  'koinly',
+  'cointracker',
+  'blockfi',
+  'stripe cli',
   // Crypto games / metaverse (same trade-execution risk model)
-  "decentraland",
-  "axie infinity",
-  "gods unchained",
-];
+  'decentraland',
+  'axie infinity',
+  'gods unchained',
+]
 
 /**
  * Display-name substring match. Called when bundle-ID resolution returned
@@ -491,20 +491,20 @@ const TRADING_NAME_SUBSTRINGS: readonly string[] = [
 export function getDeniedCategoryByDisplayName(
   name: string,
 ): DeniedCategory | null {
-  const lower = name.toLowerCase();
+  const lower = name.toLowerCase()
   // Trading first — proper-noun-only set, most specific. "Bloomberg Terminal"
   // contains "terminal" and would miscategorize if TERMINAL_NAME_SUBSTRINGS
   // ran first.
   for (const sub of TRADING_NAME_SUBSTRINGS) {
-    if (lower.includes(sub)) return "trading";
+    if (lower.includes(sub)) return 'trading'
   }
   for (const sub of BROWSER_NAME_SUBSTRINGS) {
-    if (lower.includes(sub)) return "browser";
+    if (lower.includes(sub)) return 'browser'
   }
   for (const sub of TERMINAL_NAME_SUBSTRINGS) {
-    if (lower.includes(sub)) return "terminal";
+    if (lower.includes(sub)) return 'terminal'
   }
-  return null;
+  return null
 }
 
 /**
@@ -520,10 +520,10 @@ export function getDeniedCategoryForApp(
   displayName: string,
 ): DeniedCategory | null {
   if (bundleId) {
-    const byId = getDeniedCategory(bundleId);
-    if (byId) return byId;
+    const byId = getDeniedCategory(bundleId)
+    if (byId) return byId
   }
-  return getDeniedCategoryByDisplayName(displayName);
+  return getDeniedCategoryByDisplayName(displayName)
 }
 
 /**
@@ -537,8 +537,8 @@ export function getDeniedCategoryForApp(
 export function getDefaultTierForApp(
   bundleId: string | undefined,
   displayName: string,
-): "read" | "click" | "full" {
-  return categoryToTier(getDeniedCategoryForApp(bundleId, displayName));
+): 'read' | 'click' | 'full' {
+  return categoryToTier(getDeniedCategoryForApp(bundleId, displayName))
 }
 
 export const _test = {
@@ -550,4 +550,4 @@ export const _test = {
   TERMINAL_NAME_SUBSTRINGS,
   TRADING_NAME_SUBSTRINGS,
   POLICY_DENIED_NAME_SUBSTRINGS,
-};
+}

packages/@ant/computer-use-mcp/src/executor.ts

@@ -116,9 +116,17 @@ export interface ComputerExecutor {
 
   // ── Window management (Windows only, optional) ──────────────────────────
   /** Perform a window management action on the bound window. Win32 API only — no global shortcuts. */
-  manageWindow?(action: string, opts?: { x?: number; y?: number; width?: number; height?: number }): Promise<boolean>
+  manageWindow?(
+    action: string,
+    opts?: { x?: number; y?: number; width?: number; height?: number },
+  ): Promise<boolean>
   /** Get the current window rect of the bound window */
-  getWindowRect?(): Promise<{ x: number; y: number; width: number; height: number } | null>
+  getWindowRect?(): Promise<{
+    x: number
+    y: number
+    width: number
+    height: number
+  } | null>
 
   // ── Element-targeted actions (Windows UIA, optional) ────────────────────
   /** Open terminal and launch an agent CLI */
@@ -129,17 +137,32 @@ export interface ComputerExecutor {
     workingDirectory?: string
   }): Promise<{ hwnd: string; title: string; launched: boolean } | null>
   /** Bind to a window by hwnd/title/pid. Returns bound window info or null. */
-  bindToWindow?(query: { hwnd?: string; title?: string; pid?: number }): Promise<{ hwnd: string; title: string; pid: number } | null>
+  bindToWindow?(query: {
+    hwnd?: string
+    title?: string
+    pid?: number
+  }): Promise<{ hwnd: string; title: string; pid: number } | null>
   /** Unbind from the current window */
   unbindFromWindow?(): Promise<void>
   /** Cheap binding-state check for window-targeted routing decisions. */
   hasBoundWindow?(): Promise<boolean>
   /** Get current binding status */
-  getBindingStatus?(): Promise<{ bound: boolean; hwnd?: string; title?: string; pid?: number; rect?: { x: number; y: number; width: number; height: number } } | null>
+  getBindingStatus?(): Promise<{
+    bound: boolean
+    hwnd?: string
+    title?: string
+    pid?: number
+    rect?: { x: number; y: number; width: number; height: number }
+  } | null>
   /** List all visible windows */
-  listVisibleWindows?(): Promise<Array<{ hwnd: string; pid: number; title: string }>>
+  listVisibleWindows?(): Promise<
+    Array<{ hwnd: string; pid: number; title: string }>
+  >
   /** Control the status indicator overlay */
-  statusIndicator?(action: 'show' | 'hide' | 'status', message?: string): Promise<{ active: boolean; message?: string }>
+  statusIndicator?(
+    action: 'show' | 'hide' | 'status',
+    message?: string,
+  ): Promise<{ active: boolean; message?: string }>
   /** Virtual keyboard — send keys/text/combos to bound window only */
   virtualKeyboard?(opts: {
     action: 'type' | 'combo' | 'press' | 'release' | 'hold'
@@ -149,12 +172,26 @@ export interface ComputerExecutor {
   }): Promise<boolean>
   /** Virtual mouse — click/move/drag on bound window only */
   virtualMouse?(opts: {
-    action: 'click' | 'double_click' | 'right_click' | 'move' | 'drag' | 'down' | 'up'
-    x: number; y: number
-    startX?: number; startY?: number
+    action:
+      | 'click'
+      | 'double_click'
+      | 'right_click'
+      | 'move'
+      | 'drag'
+      | 'down'
+      | 'up'
+    x: number
+    y: number
+    startX?: number
+    startY?: number
   }): Promise<boolean>
   /** Mouse wheel scroll at client coordinates (works on Excel, browsers, modern UI) */
-  mouseWheel?(x: number, y: number, delta: number, horizontal?: boolean): Promise<boolean>
+  mouseWheel?(
+    x: number,
+    y: number,
+    delta: number,
+    horizontal?: boolean,
+  ): Promise<boolean>
   /** Activate the bound window (foreground + click to focus) */
   activateWindow?(clickX?: number, clickY?: number): Promise<boolean>
   /** Handle a terminal prompt (yes/no/select/type + enter) */
@@ -165,7 +202,14 @@ export interface ComputerExecutor {
     text?: string
   }): Promise<boolean>
   /** Click an element by name/role/automationId via UI Automation */
-  clickElement?(query: { name?: string; role?: string; automationId?: string }): Promise<boolean>
+  clickElement?(query: {
+    name?: string
+    role?: string
+    automationId?: string
+  }): Promise<boolean>
   /** Type text into an element by name/role/automationId via UI Automation ValuePattern */
-  typeIntoElement?(query: { name?: string; role?: string; automationId?: string }, text: string): Promise<boolean>
+  typeIntoElement?(
+    query: { name?: string; role?: string; automationId?: string },
+    text: string,
+  ): Promise<boolean>
 }

packages/@ant/computer-use-mcp/src/imageResize.ts

@@ -13,9 +13,9 @@
  */
 
 export interface ResizeParams {
-  pxPerToken: number;
-  maxTargetPx: number;
-  maxTargetTokens: number;
+  pxPerToken: number
+  maxTargetPx: number
+  maxTargetTokens: number
 }
 
 /**
@@ -27,11 +27,11 @@ export const API_RESIZE_PARAMS: ResizeParams = {
   pxPerToken: 28,
   maxTargetPx: 1568,
   maxTargetTokens: 1568,
-};
+}
 
 /** ceil(px / pxPerToken). Matches resize.rs:74-76 (which uses integer ceil-div). */
 export function nTokensForPx(px: number, pxPerToken: number): number {
-  return Math.floor((px - 1) / pxPerToken) + 1;
+  return Math.floor((px - 1) / pxPerToken) + 1
 }
 
 function nTokensForImg(
@@ -39,7 +39,7 @@ function nTokensForImg(
   height: number,
   pxPerToken: number,
 ): number {
-  return nTokensForPx(width, pxPerToken) * nTokensForPx(height, pxPerToken);
+  return nTokensForPx(width, pxPerToken) * nTokensForPx(height, pxPerToken)
 }
 
 /**
@@ -62,47 +62,47 @@ export function targetImageSize(
   height: number,
   params: ResizeParams,
 ): [number, number] {
-  const { pxPerToken, maxTargetPx, maxTargetTokens } = params;
+  const { pxPerToken, maxTargetPx, maxTargetTokens } = params
 
   if (
     width <= maxTargetPx &&
     height <= maxTargetPx &&
     nTokensForImg(width, height, pxPerToken) <= maxTargetTokens
   ) {
-    return [width, height];
+    return [width, height]
   }
 
   // Normalize to landscape for the search; transpose result back.
   if (height > width) {
-    const [w, h] = targetImageSize(height, width, params);
-    return [h, w];
+    const [w, h] = targetImageSize(height, width, params)
+    return [h, w]
   }
 
-  const aspectRatio = width / height;
+  const aspectRatio = width / height
 
   // Loop invariant: lowerBoundWidth is always valid, upperBoundWidth is
   // always invalid. ~12 iterations for a 4000px image.
-  let upperBoundWidth = width;
-  let lowerBoundWidth = 1;
+  let upperBoundWidth = width
+  let lowerBoundWidth = 1
 
   for (;;) {
     if (lowerBoundWidth + 1 === upperBoundWidth) {
       return [
         lowerBoundWidth,
         Math.max(Math.round(lowerBoundWidth / aspectRatio), 1),
-      ];
+      ]
     }
 
-    const middleWidth = Math.floor((lowerBoundWidth + upperBoundWidth) / 2);
-    const middleHeight = Math.max(Math.round(middleWidth / aspectRatio), 1);
+    const middleWidth = Math.floor((lowerBoundWidth + upperBoundWidth) / 2)
+    const middleHeight = Math.max(Math.round(middleWidth / aspectRatio), 1)
 
     if (
       middleWidth <= maxTargetPx &&
       nTokensForImg(middleWidth, middleHeight, pxPerToken) <= maxTargetTokens
     ) {
-      lowerBoundWidth = middleWidth;
+      lowerBoundWidth = middleWidth
     } else {
-      upperBoundWidth = middleWidth;
+      upperBoundWidth = middleWidth
     }
   }
 }

packages/@ant/computer-use-mcp/src/index.ts

@@ -6,7 +6,7 @@ export type {
   ResolvePrepareCaptureResult,
   RunningApp,
   ScreenshotResult,
-} from "./executor.js";
+} from './executor.js'
 
 export type {
   AppGrant,
@@ -25,15 +25,15 @@ export type {
   ScreenshotDims,
   TeachStepRequest,
   TeachStepResult,
-} from "./types.js";
+} from './types.js'
 
-export { DEFAULT_GRANT_FLAGS } from "./types.js";
+export { DEFAULT_GRANT_FLAGS } from './types.js'
 
 export {
   SENTINEL_BUNDLE_IDS,
   getSentinelCategory,
-} from "./sentinelApps.js";
-export type { SentinelCategory } from "./sentinelApps.js";
+} from './sentinelApps.js'
+export type { SentinelCategory } from './sentinelApps.js'
 
 export {
   categoryToTier,
@@ -42,28 +42,28 @@ export {
   getDeniedCategoryByDisplayName,
   getDeniedCategoryForApp,
   isPolicyDenied,
-} from "./deniedApps.js";
-export type { DeniedCategory } from "./deniedApps.js";
+} from './deniedApps.js'
+export type { DeniedCategory } from './deniedApps.js'
 
-export { isSystemKeyCombo, normalizeKeySequence } from "./keyBlocklist.js";
+export { isSystemKeyCombo, normalizeKeySequence } from './keyBlocklist.js'
 
-export { ALL_SUB_GATES_OFF, ALL_SUB_GATES_ON } from "./subGates.js";
+export { ALL_SUB_GATES_OFF, ALL_SUB_GATES_ON } from './subGates.js'
 
-export { API_RESIZE_PARAMS, targetImageSize } from "./imageResize.js";
-export type { ResizeParams } from "./imageResize.js";
+export { API_RESIZE_PARAMS, targetImageSize } from './imageResize.js'
+export type { ResizeParams } from './imageResize.js'
 
-export { defersLockAcquire, handleToolCall } from "./toolCalls.js";
+export { defersLockAcquire, handleToolCall } from './toolCalls.js'
 export type {
   CuCallTelemetry,
   CuCallToolResult,
   CuErrorKind,
-} from "./toolCalls.js";
+} from './toolCalls.js'
 
-export { bindSessionContext, createComputerUseMcpServer } from "./mcpServer.js";
-export { buildComputerUseTools } from "./tools.js";
+export { bindSessionContext, createComputerUseMcpServer } from './mcpServer.js'
+export { buildComputerUseTools } from './tools.js'
 
 export {
   comparePixelAtLocation,
   validateClickTarget,
-} from "./pixelCompare.js";
-export type { CropRawPatchFn, PixelCompareResult } from "./pixelCompare.js";
+} from './pixelCompare.js'
+export type { CropRawPatchFn, PixelCompareResult } from './pixelCompare.js'

packages/@ant/computer-use-mcp/src/keyBlocklist.ts

@@ -21,32 +21,32 @@
  */
 const CANONICAL_MODIFIER: Readonly<Record<string, string>> = {
   // Key::Meta — "meta"|"super"|"command"|"cmd"|"windows"|"win"
-  meta: "meta",
-  super: "meta",
-  command: "meta",
-  cmd: "meta",
-  windows: "meta",
-  win: "meta",
+  meta: 'meta',
+  super: 'meta',
+  command: 'meta',
+  cmd: 'meta',
+  windows: 'meta',
+  win: 'meta',
   // Key::Control + LControl + RControl
-  ctrl: "ctrl",
-  control: "ctrl",
-  lctrl: "ctrl",
-  lcontrol: "ctrl",
-  rctrl: "ctrl",
-  rcontrol: "ctrl",
+  ctrl: 'ctrl',
+  control: 'ctrl',
+  lctrl: 'ctrl',
+  lcontrol: 'ctrl',
+  rctrl: 'ctrl',
+  rcontrol: 'ctrl',
   // Key::Shift + LShift + RShift
-  shift: "shift",
-  lshift: "shift",
-  rshift: "shift",
+  shift: 'shift',
+  lshift: 'shift',
+  rshift: 'shift',
   // Key::Alt and Key::Option — distinct Rust variants but same keycode on
   // darwin (kVK_Option). Collapse: cmd+alt+escape and cmd+option+escape
   // both Force Quit.
-  alt: "alt",
-  option: "alt",
-};
+  alt: 'alt',
+  option: 'alt',
+}
 
 /** Sort order for canonicals. ctrl < alt < shift < meta. */
-const MODIFIER_ORDER = ["ctrl", "alt", "shift", "meta"];
+const MODIFIER_ORDER = ['ctrl', 'alt', 'shift', 'meta']
 
 /**
  * Canonical-form entries only. Every modifier must be a CANONICAL_MODIFIER
@@ -54,21 +54,21 @@ const MODIFIER_ORDER = ["ctrl", "alt", "shift", "meta"];
  * The self-consistency test enforces this.
  */
 const BLOCKED_DARWIN = new Set([
-  "meta+q", // Cmd+Q — quit frontmost app
-  "shift+meta+q", // Cmd+Shift+Q — log out
-  "alt+meta+escape", // Cmd+Option+Esc — Force Quit dialog
-  "meta+tab", // Cmd+Tab — app switcher
-  "meta+space", // Cmd+Space — Spotlight
-  "ctrl+meta+q", // Ctrl+Cmd+Q — lock screen
-]);
+  'meta+q', // Cmd+Q — quit frontmost app
+  'shift+meta+q', // Cmd+Shift+Q — log out
+  'alt+meta+escape', // Cmd+Option+Esc — Force Quit dialog
+  'meta+tab', // Cmd+Tab — app switcher
+  'meta+space', // Cmd+Space — Spotlight
+  'ctrl+meta+q', // Ctrl+Cmd+Q — lock screen
+])
 
 const BLOCKED_WIN32 = new Set([
-  "ctrl+alt+delete", // Secure Attention Sequence
-  "alt+f4", // close window
-  "alt+tab", // window switcher
-  "meta+l", // Win+L — lock
-  "meta+d", // Win+D — show desktop
-]);
+  'ctrl+alt+delete', // Secure Attention Sequence
+  'alt+f4', // close window
+  'alt+tab', // window switcher
+  'meta+l', // Win+L — lock
+  'meta+d', // Win+D — show desktop
+])
 
 /**
  * Partition into sorted-canonical modifiers and non-modifier keys.
@@ -78,25 +78,25 @@ const BLOCKED_WIN32 = new Set([
 function partitionKeys(seq: string): { mods: string[]; keys: string[] } {
   const parts = seq
     .toLowerCase()
-    .split("+")
-    .map((p) => p.trim())
-    .filter(Boolean);
-  const mods: string[] = [];
-  const keys: string[] = [];
+    .split('+')
+    .map(p => p.trim())
+    .filter(Boolean)
+  const mods: string[] = []
+  const keys: string[] = []
   for (const p of parts) {
-    const canonical = CANONICAL_MODIFIER[p];
+    const canonical = CANONICAL_MODIFIER[p]
     if (canonical !== undefined) {
-      mods.push(canonical);
+      mods.push(canonical)
     } else {
-      keys.push(p);
+      keys.push(p)
     }
   }
   // Dedupe: "cmd+command+q" → "meta+q", not "meta+meta+q".
-  const uniqueMods = [...new Set(mods)];
+  const uniqueMods = [...new Set(mods)]
   uniqueMods.sort(
     (a, b) => MODIFIER_ORDER.indexOf(a) - MODIFIER_ORDER.indexOf(b),
-  );
-  return { mods: uniqueMods, keys };
+  )
+  return { mods: uniqueMods, keys }
 }
 
 /**
@@ -104,8 +104,8 @@ function partitionKeys(seq: string): { mods: string[]; keys: string[] } {
  * canonical, dedupe, sort modifiers, non-modifiers last.
  */
 export function normalizeKeySequence(seq: string): string {
-  const { mods, keys } = partitionKeys(seq);
-  return [...mods, ...keys].join("+");
+  const { mods, keys } = partitionKeys(seq)
+  return [...mods, ...keys].join('+')
 }
 
 /**
@@ -123,26 +123,26 @@ export function normalizeKeySequence(seq: string): string {
  */
 export function isSystemKeyCombo(
   seq: string,
-  platform: "darwin" | "win32",
+  platform: 'darwin' | 'win32',
 ): boolean {
-  const blocklist = platform === "darwin" ? BLOCKED_DARWIN : BLOCKED_WIN32;
-  const { mods, keys } = partitionKeys(seq);
-  const prefix = mods.length > 0 ? mods.join("+") + "+" : "";
+  const blocklist = platform === 'darwin' ? BLOCKED_DARWIN : BLOCKED_WIN32
+  const { mods, keys } = partitionKeys(seq)
+  const prefix = mods.length > 0 ? mods.join('+') + '+' : ''
 
   // No non-modifier keys (e.g. "cmd+shift" as click-modifiers) — check the
   // whole thing. Never matches (no blocklist entry is modifier-only) but
   // keeps the contract simple: every call reaches a .has().
   if (keys.length === 0) {
-    return blocklist.has(mods.join("+"));
+    return blocklist.has(mods.join('+'))
   }
 
   // mods + each key. Any hit blocks the whole sequence.
   for (const key of keys) {
     if (blocklist.has(prefix + key)) {
-      return true;
+      return true
     }
   }
-  return false;
+  return false
 }
 
 export const _test = {
@@ -150,4 +150,4 @@ export const _test = {
   BLOCKED_DARWIN,
   BLOCKED_WIN32,
   MODIFIER_ORDER,
-};
+}

packages/@ant/computer-use-mcp/src/mcpServer.ts

@@ -17,21 +17,21 @@
  *   is the same either way.
  */
 
-import { Server } from "@modelcontextprotocol/sdk/server/index.js";
-import type { CallToolResult } from "@modelcontextprotocol/sdk/types.js";
+import { Server } from '@modelcontextprotocol/sdk/server/index.js'
+import type { CallToolResult } from '@modelcontextprotocol/sdk/types.js'
 import {
   CallToolRequestSchema,
   ListToolsRequestSchema,
-} from "@modelcontextprotocol/sdk/types.js";
+} from '@modelcontextprotocol/sdk/types.js'
 
-import type { ScreenshotResult } from "./executor.js";
-import type { CuCallToolResult } from "./toolCalls.js";
+import type { ScreenshotResult } from './executor.js'
+import type { CuCallToolResult } from './toolCalls.js'
 import {
   defersLockAcquire,
   handleToolCall,
   resetMouseButtonHeld,
-} from "./toolCalls.js";
-import { buildComputerUseTools } from "./tools.js";
+} from './toolCalls.js'
+import { buildComputerUseTools } from './tools.js'
 import type {
   AppGrant,
   ComputerUseHostAdapter,
@@ -40,12 +40,12 @@ import type {
   CoordinateMode,
   CuGrantFlags,
   CuPermissionResponse,
-} from "./types.js";
-import { DEFAULT_GRANT_FLAGS } from "./types.js";
+} from './types.js'
+import { DEFAULT_GRANT_FLAGS } from './types.js'
 
 const DEFAULT_LOCK_HELD_MESSAGE =
-  "Another Claude session is currently using the computer. Wait for that " +
-  "session to finish, or find a non-computer-use approach.";
+  'Another Claude session is currently using the computer. Wait for that ' +
+  'session to finish, or find a non-computer-use approach.'
 
 /**
  * Dedupe `granted` into `existing` on bundleId, spread truthy-only flags over
@@ -60,20 +60,20 @@ function mergePermissionResponse(
   existingFlags: CuGrantFlags,
   response: CuPermissionResponse,
 ): { apps: AppGrant[]; flags: CuGrantFlags } {
-  const seen = new Set(existing.map((a) => a.bundleId));
+  const seen = new Set(existing.map(a => a.bundleId))
   const apps = [
     ...existing,
-    ...response.granted.filter((g) => !seen.has(g.bundleId)),
-  ];
+    ...response.granted.filter(g => !seen.has(g.bundleId)),
+  ]
   const truthyFlags = Object.fromEntries(
     Object.entries(response.flags).filter(([, v]) => v === true),
-  );
+  )
   const flags: CuGrantFlags = {
     ...DEFAULT_GRANT_FLAGS,
     ...existingFlags,
     ...truthyFlags,
-  };
-  return { apps, flags };
+  }
+  return { apps, flags }
 }
 
 /**
@@ -91,53 +91,53 @@ export function bindSessionContext(
   coordinateMode: CoordinateMode,
   ctx: ComputerUseSessionContext,
 ): (name: string, args: unknown) => Promise<CuCallToolResult> {
-  const { logger, serverName } = adapter;
+  const { logger, serverName } = adapter
 
   // Screenshot blob persists here across calls — NOT on `ctx`. Hosts hold
   // onto the returned dispatcher; that's the identity that matters.
-  let lastScreenshot: ScreenshotResult | undefined;
+  let lastScreenshot: ScreenshotResult | undefined
 
   const wrapPermission = ctx.onPermissionRequest
     ? async (
         req: Parameters<NonNullable<typeof ctx.onPermissionRequest>>[0],
         signal: AbortSignal,
       ): Promise<CuPermissionResponse> => {
-        const response = await ctx.onPermissionRequest!(req, signal);
+        const response = await ctx.onPermissionRequest!(req, signal)
         const { apps, flags } = mergePermissionResponse(
           ctx.getAllowedApps(),
           ctx.getGrantFlags(),
           response,
-        );
+        )
         logger.debug(
           `[${serverName}] permission result: granted=${response.granted.length} denied=${response.denied.length}`,
-        );
-        ctx.onAllowedAppsChanged?.(apps, flags);
-        return response;
+        )
+        ctx.onAllowedAppsChanged?.(apps, flags)
+        return response
       }
-    : undefined;
+    : undefined
 
   const wrapTeachPermission = ctx.onTeachPermissionRequest
     ? async (
         req: Parameters<NonNullable<typeof ctx.onTeachPermissionRequest>>[0],
         signal: AbortSignal,
       ): Promise<CuPermissionResponse> => {
-        const response = await ctx.onTeachPermissionRequest!(req, signal);
+        const response = await ctx.onTeachPermissionRequest!(req, signal)
         logger.debug(
           `[${serverName}] teach permission result: granted=${response.granted.length} denied=${response.denied.length}`,
-        );
+        )
         // Teach doesn't request grant flags — preserve existing.
         const { apps } = mergePermissionResponse(
           ctx.getAllowedApps(),
           ctx.getGrantFlags(),
           response,
-        );
+        )
         ctx.onAllowedAppsChanged?.(apps, {
           ...DEFAULT_GRANT_FLAGS,
           ...ctx.getGrantFlags(),
-        });
-        return response;
+        })
+        return response
       }
-    : undefined;
+    : undefined
 
   return async (name, args) => {
     // ─── Async lock gate ─────────────────────────────────────────────────
@@ -146,18 +146,18 @@ export function bindSessionContext(
     // cross-process locks (O_EXCL file) await the real primitive here
     // instead of pre-computing + feeding a fake sync result.
     if (ctx.checkCuLock) {
-      const lock = await ctx.checkCuLock();
+      const lock = await ctx.checkCuLock()
       if (lock.holder !== undefined && !lock.isSelf) {
         const text =
-          ctx.formatLockHeldMessage?.(lock.holder) ?? DEFAULT_LOCK_HELD_MESSAGE;
+          ctx.formatLockHeldMessage?.(lock.holder) ?? DEFAULT_LOCK_HELD_MESSAGE
         return {
-          content: [{ type: "text", text }],
+          content: [{ type: 'text', text }],
           isError: true,
-          telemetry: { error_kind: "cu_lock_held" },
-        };
+          telemetry: { error_kind: 'cu_lock_held' },
+        }
       }
       if (lock.holder === undefined && !defersLockAcquire(name)) {
-        await ctx.acquireCuLock?.();
+        await ctx.acquireCuLock?.()
         // Re-check: the awaits above yield the microtask queue, so another
         // session's check+acquire can interleave with ours. Hosts where
         // acquire is a no-op when already held (Cowork's CuLockManager) give
@@ -165,21 +165,21 @@ export function bindSessionContext(
         // proceeding. The CLI's O_EXCL file lock would surface this as a throw from
         // acquire instead; this re-check is a belt-and-suspenders for that
         // path too.
-        const recheck = await ctx.checkCuLock();
+        const recheck = await ctx.checkCuLock()
         if (recheck.holder !== undefined && !recheck.isSelf) {
           const text =
             ctx.formatLockHeldMessage?.(recheck.holder) ??
-            DEFAULT_LOCK_HELD_MESSAGE;
+            DEFAULT_LOCK_HELD_MESSAGE
           return {
-            content: [{ type: "text", text }],
+            content: [{ type: 'text', text }],
             isError: true,
-            telemetry: { error_kind: "cu_lock_held" },
-          };
+            telemetry: { error_kind: 'cu_lock_held' },
+          }
         }
         // Fresh holder → any prior session's mouseButtonHeld is stale.
         // Mirrors what Gate-3 does on the acquire branch. After the
         // re-check so we only clear module state when we actually won.
-        resetMouseButtonHeld();
+        resetMouseButtonHeld()
       }
     }
 
@@ -189,12 +189,12 @@ export function bindSessionContext(
     // isEmpty → skip.
     const dimsFallback = lastScreenshot
       ? undefined
-      : ctx.getLastScreenshotDims?.();
+      : ctx.getLastScreenshotDims?.()
 
     // Per-call AbortController for dialog dismissal. Aborted in `finally` —
     // if handleToolCall finishes (MCP timeout, throw) before the user
     // answers, the host's dialog handler sees the abort and tears down.
-    const dialogAbort = new AbortController();
+    const dialogAbort = new AbortController()
 
     const overrides: ComputerUseOverrides = {
       allowedApps: [...ctx.getAllowedApps()],
@@ -206,12 +206,12 @@ export function bindSessionContext(
       displayResolvedForApps: ctx.getDisplayResolvedForApps?.(),
       lastScreenshot:
         lastScreenshot ??
-        (dimsFallback ? { ...dimsFallback, base64: "" } : undefined),
+        (dimsFallback ? { ...dimsFallback, base64: '' } : undefined),
       onPermissionRequest: wrapPermission
-        ? (req) => wrapPermission(req, dialogAbort.signal)
+        ? req => wrapPermission(req, dialogAbort.signal)
         : undefined,
       onTeachPermissionRequest: wrapTeachPermission
-        ? (req) => wrapTeachPermission(req, dialogAbort.signal)
+        ? req => wrapTeachPermission(req, dialogAbort.signal)
         : undefined,
       onAppsHidden: ctx.onAppsHidden,
       getClipboardStash: ctx.getClipboardStash,
@@ -228,28 +228,28 @@ export function bindSessionContext(
       checkCuLock: undefined,
       acquireCuLock: undefined,
       isAborted: ctx.isAborted,
-    };
+    }
 
     logger.debug(
       `[${serverName}] tool=${name} allowedApps=${overrides.allowedApps.length} coordMode=${coordinateMode}`,
-    );
+    )
 
     // ─── Dispatch ────────────────────────────────────────────────────────
     try {
-      const result = await handleToolCall(adapter, name, args, overrides);
+      const result = await handleToolCall(adapter, name, args, overrides)
 
       if (result.screenshot) {
-        lastScreenshot = result.screenshot;
-        const { base64: _blob, ...dims } = result.screenshot;
-        logger.debug(`[${serverName}] screenshot dims: ${JSON.stringify(dims)}`);
-        ctx.onScreenshotCaptured?.(dims);
+        lastScreenshot = result.screenshot
+        const { base64: _blob, ...dims } = result.screenshot
+        logger.debug(`[${serverName}] screenshot dims: ${JSON.stringify(dims)}`)
+        ctx.onScreenshotCaptured?.(dims)
       }
 
-      return result;
+      return result
     } finally {
-      dialogAbort.abort();
+      dialogAbort.abort()
     }
-  };
+  }
 }
 
 export function createComputerUseMcpServer(
@@ -257,35 +257,36 @@ export function createComputerUseMcpServer(
   coordinateMode: CoordinateMode,
   context?: ComputerUseSessionContext,
 ): Server {
-  const { serverName, logger } = adapter;
+  const { serverName, logger } = adapter
 
   const server = new Server(
-    { name: serverName, version: "0.1.3" },
+    { name: serverName, version: '0.1.3' },
     { capabilities: { tools: {}, logging: {} } },
-  );
+  )
 
   const tools = buildComputerUseTools(
     adapter.executor.capabilities,
     coordinateMode,
-  );
+  )
 
   server.setRequestHandler(ListToolsRequestSchema, async () =>
     adapter.isDisabled() ? { tools: [] } : { tools },
-  );
+  )
 
   if (context) {
-    const dispatch = bindSessionContext(adapter, coordinateMode, context);
+    const dispatch = bindSessionContext(adapter, coordinateMode, context)
     server.setRequestHandler(
       CallToolRequestSchema,
       async (request): Promise<CallToolResult> => {
-        const { screenshot: _s, telemetry: _t, ...result } = await dispatch(
-          request.params.name,
-          request.params.arguments ?? {},
-        );
-        return result;
+        const {
+          screenshot: _s,
+          telemetry: _t,
+          ...result
+        } = await dispatch(request.params.name, request.params.arguments ?? {})
+        return result
       },
-    );
-    return server;
+    )
+    return server
   }
 
   // Legacy: no context → stub handler. Reached only if something calls the
@@ -296,18 +297,18 @@ export function createComputerUseMcpServer(
     async (request): Promise<CallToolResult> => {
       logger.warn(
         `[${serverName}] tool call "${request.params.name}" reached the stub handler — no session context bound. Per-session state unavailable.`,
-      );
+      )
       return {
         content: [
           {
-            type: "text",
-            text: "This computer-use server instance is not wired to a session. Per-session app permissions are not available on this code path.",
+            type: 'text',
+            text: 'This computer-use server instance is not wired to a session. Per-session app permissions are not available on this code path.',
           },
         ],
         isError: true,
-      };
+      }
     },
-  );
+  )
 
-  return server;
+  return server
 }

packages/@ant/computer-use-mcp/src/pixelCompare.ts

@@ -19,28 +19,28 @@
  * this package never imports it — the crop is a function parameter.
  */
 
-import type { ScreenshotResult } from "./executor.js";
-import type { Logger } from "./types.js";
+import type { ScreenshotResult } from './executor.js'
+import type { Logger } from './types.js'
 
 /** Injected by the host. See `ComputerUseHostAdapter.cropRawPatch`. */
 export type CropRawPatchFn = (
   jpegBase64: string,
   rect: { x: number; y: number; width: number; height: number },
-) => Buffer | null;
+) => Buffer | null
 
 /** 9×9 is empirically the sweet spot — large enough to catch a tooltip
  * appearing, small enough to not false-positive on surrounding animation.
  **/
-const DEFAULT_GRID_SIZE = 9;
+const DEFAULT_GRID_SIZE = 9
 
 export interface PixelCompareResult {
   /** true → click may proceed. false → patch changed, abort the click. */
-  valid: boolean;
+  valid: boolean
   /** true → validation did not run (cold start, sub-gate off, or internal
    * error). The caller MUST treat this identically to `valid: true`. */
-  skipped: boolean;
+  skipped: boolean
   /** Populated when valid === false. Returned to the model verbatim. */
-  warning?: string;
+  warning?: string
 }
 
 /**
@@ -57,22 +57,22 @@ function computeCropRect(
   yPercent: number,
   gridSize: number,
 ): { x: number; y: number; width: number; height: number } | null {
-  if (!imgW || !imgH) return null;
+  if (!imgW || !imgH) return null
 
-  const clampedX = Math.max(0, Math.min(100, xPercent));
-  const clampedY = Math.max(0, Math.min(100, yPercent));
+  const clampedX = Math.max(0, Math.min(100, xPercent))
+  const clampedY = Math.max(0, Math.min(100, yPercent))
 
-  const centerX = Math.round((clampedX / 100.0) * imgW);
-  const centerY = Math.round((clampedY / 100.0) * imgH);
+  const centerX = Math.round((clampedX / 100.0) * imgW)
+  const centerY = Math.round((clampedY / 100.0) * imgH)
 
-  const halfGrid = Math.floor(gridSize / 2);
-  const cropX = Math.max(0, centerX - halfGrid);
-  const cropY = Math.max(0, centerY - halfGrid);
-  const cropW = Math.min(gridSize, imgW - cropX);
-  const cropH = Math.min(gridSize, imgH - cropY);
-  if (cropW <= 0 || cropH <= 0) return null;
+  const halfGrid = Math.floor(gridSize / 2)
+  const cropX = Math.max(0, centerX - halfGrid)
+  const cropY = Math.max(0, centerY - halfGrid)
+  const cropW = Math.min(gridSize, imgW - cropX)
+  const cropH = Math.min(gridSize, imgH - cropY)
+  if (cropW <= 0 || cropH <= 0) return null
 
-  return { x: cropX, y: cropY, width: cropW, height: cropH };
+  return { x: cropX, y: cropY, width: cropW, height: cropH }
 }
 
 /**
@@ -98,17 +98,17 @@ export function comparePixelAtLocation(
     xPercent,
     yPercent,
     gridSize,
-  );
-  if (!rect) return false;
+  )
+  if (!rect) return false
 
-  const patch1 = crop(lastScreenshot.base64, rect);
-  const patch2 = crop(freshScreenshot.base64, rect);
-  if (!patch1 || !patch2) return false;
+  const patch1 = crop(lastScreenshot.base64, rect)
+  const patch2 = crop(freshScreenshot.base64, rect)
+  if (!patch1 || !patch2) return false
 
   // Direct buffer equality. Note: nativeImage.toBitmap() gives BGRA, sharp's
   // .raw() gave RGB.
   // Doesn't matter — we're comparing two same-format buffers for equality.
-  return patch1.equals(patch2);
+  return patch1.equals(patch2)
 }
 
 /**
@@ -135,13 +135,13 @@ export async function validateClickTarget(
   gridSize: number = DEFAULT_GRID_SIZE,
 ): Promise<PixelCompareResult> {
   if (!lastScreenshot) {
-    return { valid: true, skipped: true };
+    return { valid: true, skipped: true }
   }
 
   try {
-    const fresh = await takeFreshScreenshot();
+    const fresh = await takeFreshScreenshot()
     if (!fresh) {
-      return { valid: true, skipped: true };
+      return { valid: true, skipped: true }
     }
 
     const pixelsMatch = comparePixelAtLocation(
@@ -151,21 +151,21 @@ export async function validateClickTarget(
       xPercent,
       yPercent,
       gridSize,
-    );
+    )
 
     if (pixelsMatch) {
-      return { valid: true, skipped: false };
+      return { valid: true, skipped: false }
     }
     return {
       valid: false,
       skipped: false,
       warning:
-        "Screen content at the target location changed since the last screenshot. Take a new screenshot before clicking.",
-    };
+        'Screen content at the target location changed since the last screenshot. Take a new screenshot before clicking.',
+    }
   } catch (err) {
     // Skip validation on technical errors, execute action anyway.
     // Battle-tested: validation failure must never block the click.
-    logger.debug("[pixelCompare] validation error, skipping", err);
-    return { valid: true, skipped: true };
+    logger.debug('[pixelCompare] validation error, skipping', err)
+    return { valid: true, skipped: true }
   }
 }

packages/@ant/computer-use-mcp/src/sentinelApps.ts

@@ -11,33 +11,33 @@
 
 /** These apps can execute arbitrary shell commands. */
 const SHELL_ACCESS_BUNDLE_IDS = new Set([
-  "com.apple.Terminal",
-  "com.googlecode.iterm2",
-  "com.microsoft.VSCode",
-  "dev.warp.Warp-Stable",
-  "com.github.wez.wezterm",
-  "io.alacritty",
-  "net.kovidgoyal.kitty",
-  "com.jetbrains.intellij",
-  "com.jetbrains.pycharm",
-]);
+  'com.apple.Terminal',
+  'com.googlecode.iterm2',
+  'com.microsoft.VSCode',
+  'dev.warp.Warp-Stable',
+  'com.github.wez.wezterm',
+  'io.alacritty',
+  'net.kovidgoyal.kitty',
+  'com.jetbrains.intellij',
+  'com.jetbrains.pycharm',
+])
 
 /** Finder in the allowlist ≈ browse + open-any-file. */
-const FILESYSTEM_ACCESS_BUNDLE_IDS = new Set(["com.apple.finder"]);
+const FILESYSTEM_ACCESS_BUNDLE_IDS = new Set(['com.apple.finder'])
 
-const SYSTEM_SETTINGS_BUNDLE_IDS = new Set(["com.apple.systempreferences"]);
+const SYSTEM_SETTINGS_BUNDLE_IDS = new Set(['com.apple.systempreferences'])
 
 export const SENTINEL_BUNDLE_IDS: ReadonlySet<string> = new Set([
   ...SHELL_ACCESS_BUNDLE_IDS,
   ...FILESYSTEM_ACCESS_BUNDLE_IDS,
   ...SYSTEM_SETTINGS_BUNDLE_IDS,
-]);
+])
 
-export type SentinelCategory = "shell" | "filesystem" | "system_settings";
+export type SentinelCategory = 'shell' | 'filesystem' | 'system_settings'
 
 export function getSentinelCategory(bundleId: string): SentinelCategory | null {
-  if (SHELL_ACCESS_BUNDLE_IDS.has(bundleId)) return "shell";
-  if (FILESYSTEM_ACCESS_BUNDLE_IDS.has(bundleId)) return "filesystem";
-  if (SYSTEM_SETTINGS_BUNDLE_IDS.has(bundleId)) return "system_settings";
-  return null;
+  if (SHELL_ACCESS_BUNDLE_IDS.has(bundleId)) return 'shell'
+  if (FILESYSTEM_ACCESS_BUNDLE_IDS.has(bundleId)) return 'filesystem'
+  if (SYSTEM_SETTINGS_BUNDLE_IDS.has(bundleId)) return 'system_settings'
+  return null
 }

packages/@ant/computer-use-mcp/src/types.ts

@@ -2,19 +2,19 @@ import type {
   ComputerExecutor,
   InstalledApp,
   ScreenshotResult,
-} from "./executor.js";
+} from './executor.js'
 
 /** `ScreenshotResult` without the base64 blob. The shape hosts persist for
  *  cross-respawn `scaleCoord` survival. */
-export type ScreenshotDims = Omit<ScreenshotResult, "base64">;
+export type ScreenshotDims = Omit<ScreenshotResult, 'base64'>
 
 /** Shape mirrors claude-for-chrome-mcp/src/types.ts:1-7 */
 export interface Logger {
-  info: (message: string, ...args: unknown[]) => void;
-  error: (message: string, ...args: unknown[]) => void;
-  warn: (message: string, ...args: unknown[]) => void;
-  debug: (message: string, ...args: unknown[]) => void;
-  silly: (message: string, ...args: unknown[]) => void;
+  info: (message: string, ...args: unknown[]) => void
+  error: (message: string, ...args: unknown[]) => void
+  warn: (message: string, ...args: unknown[]) => void
+  debug: (message: string, ...args: unknown[]) => void
+  silly: (message: string, ...args: unknown[]) => void
 }
 
 /**
@@ -35,7 +35,7 @@ export interface Logger {
  * Enforced in `runInputActionGates` via the frontmost-app check: keyboard
  * actions require `"full"`, mouse actions require `"click"` or higher.
  */
-export type CuAppPermTier = "read" | "click" | "full";
+export type CuAppPermTier = 'read' | 'click' | 'full'
 
 /**
  * A single app the user has approved for the current session. Session-scoped
@@ -45,32 +45,32 @@ export type CuAppPermTier = "read" | "click" | "full";
  * scope.
  */
 export interface AppGrant {
-  bundleId: string;
-  displayName: string;
+  bundleId: string
+  displayName: string
   /** Epoch ms. For Settings-page display ("Granted 3m ago"). */
-  grantedAt: number;
+  grantedAt: number
   /** Undefined → `"full"` (back-compat for pre-tier grants persisted in
    *  session state). */
-  tier?: CuAppPermTier;
+  tier?: CuAppPermTier
 }
 
 /** Orthogonal to the app allowlist. */
 export interface CuGrantFlags {
-  clipboardRead: boolean;
-  clipboardWrite: boolean;
+  clipboardRead: boolean
+  clipboardWrite: boolean
   /**
    * When false, the `key` tool rejects combos in `keyBlocklist.ts`
    * (cmd+q, cmd+tab, cmd+space, cmd+shift+q, ctrl+alt+delete). All other
    * key sequences work regardless.
    */
-  systemKeyCombos: boolean;
+  systemKeyCombos: boolean
 }
 
 export const DEFAULT_GRANT_FLAGS: CuGrantFlags = {
   clipboardRead: false,
   clipboardWrite: false,
   systemKeyCombos: false,
-};
+}
 
 /**
  * Host picks via GrowthBook JSON feature `chicago_coordinate_mode`, baked
@@ -78,7 +78,7 @@ export const DEFAULT_GRANT_FLAGS: CuGrantFlags = {
  * ONE convention and never learns the other exists. `normalized_0_100`
  * sidesteps the Retina scaleFactor bug class entirely.
  */
-export type CoordinateMode = "pixels" | "normalized_0_100";
+export type CoordinateMode = 'pixels' | 'normalized_0_100'
 
 /**
  * Independent kill switches for subtle/risky ported behaviors. Read from
@@ -86,28 +86,28 @@ export type CoordinateMode = "pixels" | "normalized_0_100";
  */
 export interface CuSubGates {
   /** 9×9 exact-byte staleness guard before click. */
-  pixelValidation: boolean;
+  pixelValidation: boolean
   /** Route `type("foo\nbar")` through clipboard instead of keystroke-by-keystroke. */
-  clipboardPasteMultiline: boolean;
+  clipboardPasteMultiline: boolean
   /**
    * Ease-out-cubic mouse glide at 60fps, distance-proportional duration
    * (2000 px/sec, capped at 0.5s). Adds up to ~0.5s latency
    * per click. When off, cursor teleports instantly.
    */
-  mouseAnimation: boolean;
+  mouseAnimation: boolean
   /**
    * Pre-action sequence: hide non-allowlisted apps, then defocus us (from the
    * Vercept acquisition). When off, the
    * frontmost gate fires in the normal case and the model gets stuck — this
    * is the A/B-test-the-old-broken-behavior switch.
    */
-  hideBeforeAction: boolean;
+  hideBeforeAction: boolean
   /**
    * Auto-resolve the target display before each screenshot when the
    * selected display has no allowed-app windows. When on, `handleScreenshot`
    * uses the atomic Swift path; off → sticks with `selectedDisplayId`.
    */
-  autoTargetDisplay: boolean;
+  autoTargetDisplay: boolean
   /**
    * Stash+clear the clipboard while a tier-"click" app is frontmost.
    * Closes the gap where a click-tier terminal/IDE has a UI Paste button
@@ -115,7 +115,7 @@ export interface CuSubGates {
    * keyboard block can be routed around by clicking Paste. Restored when
    * a non-"click" app becomes frontmost, or at turn end.
    */
-  clipboardGuard: boolean;
+  clipboardGuard: boolean
 }
 
 // ----------------------------------------------------------------------------
@@ -125,17 +125,17 @@ export interface CuSubGates {
 /** One entry per app the model asked for, after name → bundle ID resolution. */
 export interface ResolvedAppRequest {
   /** What the model asked for (e.g. "Slack", "com.tinyspeck.slackmacgap"). */
-  requestedName: string;
+  requestedName: string
   /** The resolved InstalledApp if found, else undefined (shown greyed in the UI). */
-  resolved?: InstalledApp;
+  resolved?: InstalledApp
   /** Shell-access-equivalent bundle IDs get a UI warning. See sentinelApps.ts. */
-  isSentinel: boolean;
+  isSentinel: boolean
   /** Already in the allowlist → skip the checkbox, return in `granted` immediately. */
-  alreadyGranted: boolean;
+  alreadyGranted: boolean
   /** Hardcoded tier for this app (browser→"read", terminal→"click", else "full").
    *  The dialog displays this read-only; the renderer passes it through
    *  verbatim in the AppGrant. */
-  proposedTier: CuAppPermTier;
+  proposedTier: CuAppPermTier
 }
 
 /**
@@ -145,18 +145,18 @@ export interface ResolvedAppRequest {
  * change needed.
  */
 export interface CuPermissionRequest {
-  requestId: string;
+  requestId: string
   /** Model-provided reason string. Shown prominently in the approval UI. */
-  reason: string;
-  apps: ResolvedAppRequest[];
+  reason: string
+  apps: ResolvedAppRequest[]
   /** What the model asked for. User can toggle independently of apps. */
-  requestedFlags: Partial<CuGrantFlags>;
+  requestedFlags: Partial<CuGrantFlags>
   /**
    * For the "On Windows, Claude can see all apps..." footnote. Taken from
    * `executor.capabilities.screenshotFiltering` so the renderer doesn't
    * need to know about platforms.
    */
-  screenshotFiltering: "native" | "none";
+  screenshotFiltering: 'native' | 'none'
   /**
    * Present only when TCC permissions are NOT yet granted. When present,
    * the renderer shows a TCC toggle panel (two rows: Accessibility, Screen
@@ -166,9 +166,9 @@ export interface CuPermissionRequest {
    * restart after granting Screen Recording — we don't.
    */
   tccState?: {
-    accessibility: boolean;
-    screenRecording: boolean;
-  };
+    accessibility: boolean
+    screenRecording: boolean
+  }
   /**
    * Apps with windows on the CU display that aren't in the requested
    * allowlist. These will be hidden the first time Claude takes an action.
@@ -176,13 +176,13 @@ export interface CuPermissionRequest {
    * user clicks Allow, but it's a preview, not a contract. Absent when
    * empty so the renderer can skip the section cleanly.
    */
-  willHide?: Array<{ bundleId: string; displayName: string }>;
+  willHide?: Array<{ bundleId: string; displayName: string }>
   /**
    * `chicagoAutoUnhide` app preference at request time. The renderer picks
    * between "...then restored when Claude is done" and "...will be hidden"
    * copy. Absent when `willHide` is absent (same condition).
    */
-  autoUnhideEnabled?: boolean;
+  autoUnhideEnabled?: boolean
 }
 
 /**
@@ -191,10 +191,10 @@ export interface CuPermissionRequest {
  * LocalAgentModeSessionManager.ts:2794).
  */
 export interface CuPermissionResponse {
-  granted: AppGrant[];
+  granted: AppGrant[]
   /** Bundle IDs the user unchecked, or apps that weren't installed. */
-  denied: Array<{ bundleId: string; reason: "user_denied" | "not_installed" }>;
-  flags: CuGrantFlags;
+  denied: Array<{ bundleId: string; reason: 'user_denied' | 'not_installed' }>
+  flags: CuGrantFlags
   /**
    * Whether the user clicked Allow in THIS dialog. Only set by the
    * teach-mode handler — regular request_access doesn't need it (the
@@ -205,7 +205,7 @@ export interface CuPermissionResponse {
    * them apart without this. Undefined → legacy/regular path, do not
    * gate on it.
    */
-  userConsented?: boolean;
+  userConsented?: boolean
 }
 
 // ----------------------------------------------------------------------------
@@ -218,9 +218,9 @@ export interface CuPermissionResponse {
  * No Electron imports in this package — the host injects everything.
  */
 export interface ComputerUseHostAdapter {
-  serverName: string;
-  logger: Logger;
-  executor: ComputerExecutor;
+  serverName: string
+  logger: Logger
+  executor: ComputerExecutor
 
   /**
    * TCC state check — Accessibility + Screen Recording on macOS. Pure check,
@@ -231,23 +231,23 @@ export interface ComputerUseHostAdapter {
   ensureOsPermissions(): Promise<
     | { granted: true }
     | { granted: false; accessibility: boolean; screenRecording: boolean }
-  >;
+  >
 
   /** The Settings-page kill switch (`chicagoEnabled` app preference). */
-  isDisabled(): boolean;
+  isDisabled(): boolean
 
   /**
    * The `chicagoAutoUnhide` app preference. Consumed by `buildAccessRequest`
    * to populate `CuPermissionRequest.autoUnhideEnabled` so the renderer's
    * "will be hidden" copy can say "then restored" only when true.
    */
-  getAutoUnhideEnabled(): boolean;
+  getAutoUnhideEnabled(): boolean
 
   /**
    * Sub-gates re-read on every tool call so GrowthBook flips take effect
    * mid-session without restart.
    */
-  getSubGates(): CuSubGates;
+  getSubGates(): CuSubGates
 
   /**
    * JPEG decode + crop + raw pixel bytes, for the PixelCompare staleness guard.
@@ -261,7 +261,7 @@ export interface ComputerUseHostAdapter {
   cropRawPatch(
     jpegBase64: string,
     rect: { x: number; y: number; width: number; height: number },
-  ): Buffer | null;
+  ): Buffer | null
 }
 
 // ----------------------------------------------------------------------------
@@ -286,18 +286,18 @@ export interface ComputerUseHostAdapter {
 export interface ComputerUseSessionContext {
   // ── Read state fresh per call ──────────────────────────────────────
 
-  getAllowedApps(): readonly AppGrant[];
-  getGrantFlags(): CuGrantFlags;
+  getAllowedApps(): readonly AppGrant[]
+  getGrantFlags(): CuGrantFlags
   /** Per-user auto-deny list (Settings page). Empty array = none. */
-  getUserDeniedBundleIds(): readonly string[];
-  getSelectedDisplayId(): number | undefined;
-  getDisplayPinnedByModel?(): boolean;
-  getDisplayResolvedForApps?(): string | undefined;
-  getTeachModeActive?(): boolean;
+  getUserDeniedBundleIds(): readonly string[]
+  getSelectedDisplayId(): number | undefined
+  getDisplayPinnedByModel?(): boolean
+  getDisplayResolvedForApps?(): string | undefined
+  getTeachModeActive?(): boolean
   /** Dims-only fallback when `lastScreenshot` is unset (cross-respawn).
    *  `bindSessionContext` reconstructs `{...dims, base64: ""}` so scaleCoord
    *  works and pixelCompare correctly skips. */
-  getLastScreenshotDims?(): ScreenshotDims | undefined;
+  getLastScreenshotDims?(): ScreenshotDims | undefined
 
   // ── Write-back callbacks ───────────────────────────────────────────
 
@@ -307,46 +307,46 @@ export interface ComputerUseSessionContext {
   onPermissionRequest?(
     req: CuPermissionRequest,
     signal: AbortSignal,
-  ): Promise<CuPermissionResponse>;
+  ): Promise<CuPermissionResponse>
   /** Teach-mode sibling of `onPermissionRequest`. */
   onTeachPermissionRequest?(
     req: CuTeachPermissionRequest,
     signal: AbortSignal,
-  ): Promise<CuPermissionResponse>;
+  ): Promise<CuPermissionResponse>
   /** Called by `bindSessionContext` after merging a permission response into
    *  the allowlist (dedupe on bundleId, truthy-only flag spread). Host
    *  persists for resume survival. */
-  onAllowedAppsChanged?(apps: readonly AppGrant[], flags: CuGrantFlags): void;
-  onAppsHidden?(bundleIds: string[]): void;
+  onAllowedAppsChanged?(apps: readonly AppGrant[], flags: CuGrantFlags): void
+  onAppsHidden?(bundleIds: string[]): void
   /** Reads the session's clipboardGuard stash. undefined → no stash held. */
-  getClipboardStash?(): string | undefined;
+  getClipboardStash?(): string | undefined
   /** Writes the clipboardGuard stash. undefined clears it. */
-  onClipboardStashChanged?(stash: string | undefined): void;
-  onResolvedDisplayUpdated?(displayId: number): void;
-  onDisplayPinned?(displayId: number | undefined): void;
-  onDisplayResolvedForApps?(sortedBundleIdsKey: string): void;
+  onClipboardStashChanged?(stash: string | undefined): void
+  onResolvedDisplayUpdated?(displayId: number): void
+  onDisplayPinned?(displayId: number | undefined): void
+  onDisplayResolvedForApps?(sortedBundleIdsKey: string): void
   /** Called after each screenshot. Host persists for respawn survival. */
-  onScreenshotCaptured?(dims: ScreenshotDims): void;
-  onTeachModeActivated?(): void;
-  onTeachStep?(req: TeachStepRequest): Promise<TeachStepResult>;
-  onTeachWorking?(): void;
+  onScreenshotCaptured?(dims: ScreenshotDims): void
+  onTeachModeActivated?(): void
+  onTeachStep?(req: TeachStepRequest): Promise<TeachStepResult>
+  onTeachWorking?(): void
 
   // ── Lock (async) ───────────────────────────────────────────────────
 
   /** At most one session uses CU at a time. Awaited by `bindSessionContext`
    *  before dispatch. Undefined → no lock gating (proceed). */
-  checkCuLock?(): Promise<{ holder: string | undefined; isSelf: boolean }>;
+  checkCuLock?(): Promise<{ holder: string | undefined; isSelf: boolean }>
   /** Take the lock. Called when `checkCuLock` returned `holder: undefined`
    *  on a non-deferring tool. Host emits enter-CU signals here. */
-  acquireCuLock?(): Promise<void>;
+  acquireCuLock?(): Promise<void>
   /** Host-specific lock-held error text. Default is the package's generic
    *  message. The CLI host includes the holder session-ID prefix. */
-  formatLockHeldMessage?(holder: string): string;
+  formatLockHeldMessage?(holder: string): string
 
   /** User-abort signal. Passed through to `ComputerUseOverrides.isAborted`
    *  for the mid-loop checks in handleComputerBatch / handleType. See that
    *  field for semantics. */
-  isAborted?(): boolean;
+  isAborted?(): boolean
 }
 
 // ----------------------------------------------------------------------------
@@ -360,9 +360,9 @@ export interface ComputerUseSessionContext {
  * store, not the server.
  */
 export interface ComputerUseOverrides {
-  allowedApps: AppGrant[];
-  grantFlags: CuGrantFlags;
-  coordinateMode: CoordinateMode;
+  allowedApps: AppGrant[]
+  grantFlags: CuGrantFlags
+  coordinateMode: CoordinateMode
 
   /**
    * User-configured auto-deny list (Settings → Desktop app → Computer Use).
@@ -376,14 +376,14 @@ export interface ComputerUseOverrides {
    * not session state). Contrast with `allowedApps` which is per-session.
    * Empty array = no user-configured denies (the default).
    */
-  userDeniedBundleIds: readonly string[];
+  userDeniedBundleIds: readonly string[]
 
   /**
    * Display CU operates on; read fresh per call. `scaleCoord` uses the
    * `originX/Y` snapshotted in `lastScreenshot`, so mid-session switches
    * only affect the NEXT screenshot/prepare call.
    */
-  selectedDisplayId?: number;
+  selectedDisplayId?: number
 
   /**
    * The `request_access` tool handler calls this and awaits. The wrapper
@@ -395,14 +395,16 @@ export interface ComputerUseOverrides {
    * Undefined when the session wasn't wired with a permission handler (e.g.
    * a future headless mode). `request_access` returns a tool error in that case.
    */
-  onPermissionRequest?: (req: CuPermissionRequest) => Promise<CuPermissionResponse>;
+  onPermissionRequest?: (
+    req: CuPermissionRequest,
+  ) => Promise<CuPermissionResponse>
 
   /**
    * For the pixel-validation staleness guard. The model's-last-screenshot,
    * stashed by serverDef.ts after each `screenshot` tool call. Undefined on
    * cold start → pixel validation skipped (click proceeds).
    */
-  lastScreenshot?: ScreenshotResult;
+  lastScreenshot?: ScreenshotResult
 
   /**
    * Fired after every `prepareForAction` with the bundle IDs it just hid.
@@ -416,7 +418,7 @@ export interface ComputerUseOverrides {
    * Undefined when the session wasn't wired with a tracker — unhide just
    * doesn't happen.
    */
-  onAppsHidden?: (bundleIds: string[]) => void;
+  onAppsHidden?: (bundleIds: string[]) => void
 
   /**
    * Reads the clipboardGuard stash from session state. `undefined` means no
@@ -424,7 +426,7 @@ export interface ComputerUseOverrides {
    * and clears on restore. Sibling of the `cuHiddenDuringTurn` getter pattern
    * — state lives on the host's session, not module-level here.
    */
-  getClipboardStash?: () => string | undefined;
+  getClipboardStash?: () => string | undefined
 
   /**
    * Writes the clipboardGuard stash to session state. `undefined` clears.
@@ -433,7 +435,7 @@ export interface ComputerUseOverrides {
    * directly and restores via Electron's `clipboard.writeText` (no nest-only
    * import surface).
    */
-  onClipboardStashChanged?: (stash: string | undefined) => void;
+  onClipboardStashChanged?: (stash: string | undefined) => void
 
   /**
    * Write the resolver's picked display back to session so teach overlay
@@ -442,7 +444,7 @@ export interface ComputerUseOverrides {
    * `resolvePrepareCapture`'s pick differs from `selectedDisplayId`.
    * Fire-and-forget.
    */
-  onResolvedDisplayUpdated?: (displayId: number) => void;
+  onResolvedDisplayUpdated?: (displayId: number) => void
 
   /**
    * Set when the model explicitly picked a display via `switch_display`.
@@ -453,7 +455,7 @@ export interface ComputerUseOverrides {
    * overrides any `selectedDisplayId` whenever an allowed app shares the
    * host's monitor.
    */
-  displayPinnedByModel?: boolean;
+  displayPinnedByModel?: boolean
 
   /**
    * Write the model's explicit display pick to session. `displayId:
@@ -461,7 +463,7 @@ export interface ComputerUseOverrides {
    * Sibling of `onResolvedDisplayUpdated` but also sets the pin flag —
    * the two are semantically distinct (resolver-picked vs model-picked).
    */
-  onDisplayPinned?: (displayId: number | undefined) => void;
+  onDisplayPinned?: (displayId: number | undefined) => void
 
   /**
    * Sorted comma-joined bundle-ID set the display was last auto-resolved
@@ -470,14 +472,14 @@ export interface ComputerUseOverrides {
    * doesn't yank the display on every screenshot, only when the app set
    * has changed since the last resolve (or manual switch).
    */
-  displayResolvedForApps?: string;
+  displayResolvedForApps?: string
 
   /**
    * Records which app set the current display selection was made for. Fired
    * alongside `onResolvedDisplayUpdated` when the resolver picks, so the next
    * screenshot sees a matching set and skips auto-resolve.
    */
-  onDisplayResolvedForApps?: (sortedBundleIdsKey: string) => void;
+  onDisplayResolvedForApps?: (sortedBundleIdsKey: string) => void
 
   /**
    * Global CU lock — at most one session actively uses CU at a time. Checked
@@ -494,7 +496,7 @@ export interface ComputerUseOverrides {
    * The host manages release (on session idle/stop/archive) — this package
    * never releases.
    */
-  checkCuLock?: () => { holder: string | undefined; isSelf: boolean };
+  checkCuLock?: () => { holder: string | undefined; isSelf: boolean }
 
   /**
    * Take the lock for this session. `handleToolCall` calls this exactly once
@@ -502,7 +504,7 @@ export interface ComputerUseOverrides {
    * undefined. No-op if already held (defensive — the check should have
    * short-circuited). Host emits an event the overlay listens to.
    */
-  acquireCuLock?: () => void;
+  acquireCuLock?: () => void
 
   /**
    * User-abort signal. Checked mid-iteration inside `handleComputerBatch`
@@ -513,7 +515,7 @@ export interface ComputerUseOverrides {
    * Undefined → never aborts (e.g. unwired host). Live per-check read —
    * same lazy-getter pattern as `checkCuLock`.
    */
-  isAborted?: () => boolean;
+  isAborted?: () => boolean
 
   // ── Teach mode ───────────────────────────────────────────────────────
   // Wired only when the host's teachModeEnabled gate is on. All five
@@ -529,7 +531,7 @@ export interface ComputerUseOverrides {
    */
   onTeachPermissionRequest?: (
     req: CuTeachPermissionRequest,
-  ) => Promise<CuPermissionResponse>;
+  ) => Promise<CuPermissionResponse>
 
   /**
    * Called by `handleRequestTeachAccess` after the user approves and at least
@@ -538,7 +540,7 @@ export interface ComputerUseOverrides {
    * fullscreen overlay. Cleared by the host on turn end (`transitionTo("idle")`)
    * alongside the CU lock release.
    */
-  onTeachModeActivated?: () => void;
+  onTeachModeActivated?: () => void
 
   /**
    * Read by `handleRequestAccess` and `handleRequestTeachAccess` to
@@ -549,7 +551,7 @@ export interface ComputerUseOverrides {
    * (not a boolean field) because teach mode state lives on the session,
    * not on this per-call overrides object.
    */
-  getTeachModeActive?: () => boolean;
+  getTeachModeActive?: () => boolean
 
   /**
    * Called by `handleTeachStep` with the scaled anchor + text. Host stores
@@ -562,7 +564,7 @@ export interface ComputerUseOverrides {
    * Same blocking-promise pattern as `onPermissionRequest`, but resolved by
    * the teach overlay's own preload (not the main renderer's tool-approval UI).
    */
-  onTeachStep?: (req: TeachStepRequest) => Promise<TeachStepResult>;
+  onTeachStep?: (req: TeachStepRequest) => Promise<TeachStepResult>
 
   /**
    * Called immediately after `onTeachStep` resolves with "next", before
@@ -571,7 +573,7 @@ export interface ComputerUseOverrides {
    * notch). The next `onTeachStep` call replaces the spinner with the new
    * tooltip content.
    */
-  onTeachWorking?: () => void;
+  onTeachWorking?: () => void
 }
 
 // ----------------------------------------------------------------------------
@@ -590,13 +592,13 @@ export interface ComputerUseOverrides {
  * CSS coords match.
  */
 export interface TeachStepRequest {
-  explanation: string;
-  nextPreview: string;
+  explanation: string
+  nextPreview: string
   /** Full-display logical points. Undefined → overlay centers the tooltip, hides the arrow. */
-  anchorLogical?: { x: number; y: number };
+  anchorLogical?: { x: number; y: number }
 }
 
-export type TeachStepResult = { action: "next" } | { action: "exit" };
+export type TeachStepResult = { action: 'next' } | { action: 'exit' }
 
 /**
  * Payload for the renderer's ComputerUseTeachApproval dialog. Rides through
@@ -606,17 +608,17 @@ export type TeachStepResult = { action: "next" } | { action: "exit" };
  * fields it doesn't render (no grant-flag checkboxes in teach mode).
  */
 export interface CuTeachPermissionRequest {
-  requestId: string;
+  requestId: string
   /** Model-provided reason. Shown in the dialog headline ("guide you through {reason}"). */
-  reason: string;
-  apps: ResolvedAppRequest[];
-  screenshotFiltering: "native" | "none";
+  reason: string
+  apps: ResolvedAppRequest[]
+  screenshotFiltering: 'native' | 'none'
   /** Present only when TCC is ungranted — same semantics as `CuPermissionRequest.tccState`. */
   tccState?: {
-    accessibility: boolean;
-    screenRecording: boolean;
-  };
-  willHide?: Array<{ bundleId: string; displayName: string }>;
+    accessibility: boolean
+    screenRecording: boolean
+  }
+  willHide?: Array<{ bundleId: string; displayName: string }>
   /** Same semantics as `CuPermissionRequest.autoUnhideEnabled`. */
-  autoUnhideEnabled?: boolean;
+  autoUnhideEnabled?: boolean
 }

packages/@ant/computer-use-swift/package.json

@@ -1,8 +1,8 @@
 {
-    "name": "@ant/computer-use-swift",
-    "version": "1.0.0",
-    "private": true,
-    "type": "module",
-    "main": "./src/index.ts",
-    "types": "./src/index.ts"
+  "name": "@ant/computer-use-swift",
+  "version": "1.0.0",
+  "private": true,
+  "type": "module",
+  "main": "./src/index.ts",
+  "types": "./src/index.ts"
 }

packages/@ant/computer-use-swift/src/backends/darwin.ts

@@ -9,9 +9,17 @@ import { readFileSync, unlinkSync } from 'fs'
 import { tmpdir } from 'os'
 import { join } from 'path'
 import type {
-  AppInfo, AppsAPI, DisplayAPI, DisplayGeometry, InstalledApp,
-  PrepareDisplayResult, RunningApp, ScreenshotAPI, ScreenshotResult,
-  SwiftBackend, WindowDisplayInfo,
+  AppInfo,
+  AppsAPI,
+  DisplayAPI,
+  DisplayGeometry,
+  InstalledApp,
+  PrepareDisplayResult,
+  RunningApp,
+  ScreenshotAPI,
+  ScreenshotResult,
+  SwiftBackend,
+  WindowDisplayInfo,
 } from '../types.js'
 
 export type {
@@ -32,7 +40,8 @@ export type {
 function jxaSync(script: string): string {
   const result = Bun.spawnSync({
     cmd: ['osascript', '-l', 'JavaScript', '-e', script],
-    stdout: 'pipe', stderr: 'pipe',
+    stdout: 'pipe',
+    stderr: 'pipe',
   })
   return new TextDecoder().decode(result.stdout).trim()
 }
@@ -40,14 +49,16 @@ function jxaSync(script: string): string {
 function osascriptSync(script: string): string {
   const result = Bun.spawnSync({
     cmd: ['osascript', '-e', script],
-    stdout: 'pipe', stderr: 'pipe',
+    stdout: 'pipe',
+    stderr: 'pipe',
   })
   return new TextDecoder().decode(result.stdout).trim()
 }
 
 async function osascript(script: string): Promise<string> {
   const proc = Bun.spawn(['osascript', '-e', script], {
-    stdout: 'pipe', stderr: 'pipe',
+    stdout: 'pipe',
+    stderr: 'pipe',
   })
   const text = await new Response(proc.stdout).text()
   await proc.exited
@@ -56,7 +67,8 @@ async function osascript(script: string): Promise<string> {
 
 async function jxa(script: string): Promise<string> {
   const proc = Bun.spawn(['osascript', '-l', 'JavaScript', '-e', script], {
-    stdout: 'pipe', stderr: 'pipe',
+    stdout: 'pipe',
+    stderr: 'pipe',
   })
   const text = await new Response(proc.stdout).text()
   await proc.exited
@@ -101,8 +113,10 @@ export const display: DisplayAPI = {
         JSON.stringify(result);
       `)
       return (JSON.parse(raw) as DisplayGeometry[]).map(d => ({
-        width: Number(d.width), height: Number(d.height),
-        scaleFactor: Number(d.scaleFactor), displayId: Number(d.displayId),
+        width: Number(d.width),
+        height: Number(d.height),
+        scaleFactor: Number(d.scaleFactor),
+        displayId: Number(d.displayId),
       }))
     } catch {
       try {
@@ -126,8 +140,10 @@ export const display: DisplayAPI = {
           JSON.stringify(result);
         `)
         return (JSON.parse(raw) as DisplayGeometry[]).map(d => ({
-          width: Number(d.width), height: Number(d.height),
-          scaleFactor: Number(d.scaleFactor), displayId: Number(d.displayId),
+          width: Number(d.width),
+          height: Number(d.height),
+          scaleFactor: Number(d.scaleFactor),
+          displayId: Number(d.displayId),
         }))
       } catch {
         return [{ width: 1920, height: 1080, scaleFactor: 2, displayId: 1 }]
@@ -177,9 +193,15 @@ export const apps: AppsAPI = {
       const dirs = ['/Applications', '~/Applications', '/System/Applications']
       const allApps: InstalledApp[] = []
       for (const dir of dirs) {
-        const expanded = dir.startsWith('~') ? join(process.env.HOME ?? '~', dir.slice(1)) : dir
+        const expanded = dir.startsWith('~')
+          ? join(process.env.HOME ?? '~', dir.slice(1))
+          : dir
         const proc = Bun.spawn(
-          ['bash', '-c', `for f in "${expanded}"/*.app; do [ -d "$f" ] || continue; bid=$(mdls -name kMDItemCFBundleIdentifier "$f" 2>/dev/null | sed 's/.*= "//;s/"//'); name=$(basename "$f" .app); echo "$f|$name|$bid"; done`],
+          [
+            'bash',
+            '-c',
+            `for f in "${expanded}"/*.app; do [ -d "$f" ] || continue; bid=$(mdls -name kMDItemCFBundleIdentifier "$f" 2>/dev/null | sed 's/.*= "//;s/"//'); name=$(basename "$f" .app); echo "$f|$name|$bid"; done`,
+          ],
           { stdout: 'pipe', stderr: 'pipe' },
         )
         const text = await new Response(proc.stdout).text()
@@ -245,10 +267,13 @@ export const apps: AppsAPI = {
 // ScreenshotAPI
 // ---------------------------------------------------------------------------
 
-async function captureScreenToBase64(args: string[]): Promise<{ base64: string; width: number; height: number }> {
+async function captureScreenToBase64(
+  args: string[],
+): Promise<{ base64: string; width: number; height: number }> {
   const tmpFile = join(tmpdir(), `cu-screenshot-${Date.now()}.png`)
   const proc = Bun.spawn(['screencapture', ...args, tmpFile], {
-    stdout: 'pipe', stderr: 'pipe',
+    stdout: 'pipe',
+    stderr: 'pipe',
   })
   await proc.exited
   try {
@@ -258,18 +283,36 @@ async function captureScreenToBase64(args: string[]): Promise<{ base64: string;
     const height = buf.readUInt32BE(20)
     return { base64, width, height }
   } finally {
-    try { unlinkSync(tmpFile) } catch {}
+    try {
+      unlinkSync(tmpFile)
+    } catch {}
   }
 }
 
 export const screenshot: ScreenshotAPI = {
-  async captureExcluding(_allowedBundleIds, _quality, _targetW, _targetH, displayId) {
+  async captureExcluding(
+    _allowedBundleIds,
+    _quality,
+    _targetW,
+    _targetH,
+    displayId,
+  ) {
     const args = ['-x']
     if (displayId !== undefined) args.push('-D', String(displayId))
     return captureScreenToBase64(args)
   },
 
-  async captureRegion(_allowedBundleIds, x, y, w, h, _outW, _outH, _quality, displayId) {
+  async captureRegion(
+    _allowedBundleIds,
+    x,
+    y,
+    w,
+    h,
+    _outW,
+    _outH,
+    _quality,
+    displayId,
+  ) {
     const args = ['-x', '-R', `${x},${y},${w},${h}`]
     if (displayId !== undefined) args.push('-D', String(displayId))
     return captureScreenToBase64(args)

packages/@ant/computer-use-swift/src/backends/linux.ts

@@ -8,9 +8,17 @@
  */
 
 import type {
-  AppInfo, AppsAPI, DisplayAPI, DisplayGeometry, InstalledApp,
-  PrepareDisplayResult, RunningApp, ScreenshotAPI, ScreenshotResult,
-  SwiftBackend, WindowDisplayInfo,
+  AppInfo,
+  AppsAPI,
+  DisplayAPI,
+  DisplayGeometry,
+  InstalledApp,
+  PrepareDisplayResult,
+  RunningApp,
+  ScreenshotAPI,
+  ScreenshotResult,
+  SwiftBackend,
+  WindowDisplayInfo,
 } from '../types.js'
 
 // ---------------------------------------------------------------------------
@@ -34,7 +42,11 @@ async function runAsync(cmd: string[]): Promise<string> {
 }
 
 function commandExists(name: string): boolean {
-  const result = Bun.spawnSync({ cmd: ['which', name], stdout: 'pipe', stderr: 'pipe' })
+  const result = Bun.spawnSync({
+    cmd: ['which', name],
+    stdout: 'pipe',
+    stderr: 'pipe',
+  })
   return result.exitCode === 0
 }
 
@@ -85,7 +97,11 @@ export const display: DisplayAPI = {
 // ---------------------------------------------------------------------------
 
 export const apps: AppsAPI = {
-  async prepareDisplay(_allowlistBundleIds, _surrogateHost, _displayId): Promise<PrepareDisplayResult> {
+  async prepareDisplay(
+    _allowlistBundleIds,
+    _surrogateHost,
+    _displayId,
+  ): Promise<PrepareDisplayResult> {
     return { activated: '', hidden: [] }
   },
 
@@ -100,7 +116,15 @@ export const apps: AppsAPI = {
   async appUnderPoint(x, y): Promise<AppInfo | null> {
     try {
       // Move mouse to point, get window under cursor
-      const out = run(['xdotool', 'mousemove', '--sync', String(x), String(y), 'getmouselocation', '--shell'])
+      const out = run([
+        'xdotool',
+        'mousemove',
+        '--sync',
+        String(x),
+        String(y),
+        'getmouselocation',
+        '--shell',
+      ])
       const windowMatch = out.match(/WINDOW=(\d+)/)
       if (!windowMatch) return null
 
@@ -109,10 +133,18 @@ export const apps: AppsAPI = {
       if (!pidStr) return null
 
       let exePath = ''
-      try { exePath = run(['readlink', '-f', `/proc/${pidStr}/exe`]) } catch { /* ignore */ }
+      try {
+        exePath = run(['readlink', '-f', `/proc/${pidStr}/exe`])
+      } catch {
+        /* ignore */
+      }
 
       let appName = ''
-      try { appName = run(['cat', `/proc/${pidStr}/comm`]) } catch { /* ignore */ }
+      try {
+        appName = run(['cat', `/proc/${pidStr}/comm`])
+      } catch {
+        /* ignore */
+      }
 
       if (!exePath && !appName) return null
       return { bundleId: exePath || pidStr!, displayName: appName || 'unknown' }
@@ -124,14 +156,20 @@ export const apps: AppsAPI = {
   async listInstalled(): Promise<InstalledApp[]> {
     try {
       // Read .desktop files from standard locations
-      const dirs = ['/usr/share/applications', '/usr/local/share/applications', `${process.env.HOME}/.local/share/applications`]
+      const dirs = [
+        '/usr/share/applications',
+        '/usr/local/share/applications',
+        `${process.env.HOME}/.local/share/applications`,
+      ]
       const apps: InstalledApp[] = []
 
       for (const dir of dirs) {
         let files: string
         try {
           files = run(['find', dir, '-name', '*.desktop', '-maxdepth', '1'])
-        } catch { continue }
+        } catch {
+          continue
+        }
 
         for (const filepath of files.split('\n').filter(Boolean)) {
           try {
@@ -146,11 +184,14 @@ export const apps: AppsAPI = {
             if (!name) continue
 
             apps.push({
-              bundleId: filepath.split('/').pop()?.replace('.desktop', '') ?? '',
+              bundleId:
+                filepath.split('/').pop()?.replace('.desktop', '') ?? '',
               displayName: name,
               path: exec.split(/\s+/)[0] ?? '',
             })
-          } catch { /* skip unreadable files */ }
+          } catch {
+            /* skip unreadable files */
+          }
         }
       }
 
@@ -177,9 +218,17 @@ export const apps: AppsAPI = {
           if (!pid || pid === '0') continue
 
           let exePath = ''
-          try { exePath = run(['readlink', '-f', `/proc/${pid}/exe`]) } catch { /* ignore */ }
+          try {
+            exePath = run(['readlink', '-f', `/proc/${pid}/exe`])
+          } catch {
+            /* ignore */
+          }
           let appName = ''
-          try { appName = run(['cat', `/proc/${pid}/comm`]) } catch { /* ignore */ }
+          try {
+            appName = run(['cat', `/proc/${pid}/comm`])
+          } catch {
+            /* ignore */
+          }
 
           if (appName) {
             apps.push({ bundleId: exePath || pid, displayName: appName })
@@ -187,11 +236,13 @@ export const apps: AppsAPI = {
         }
         // Deduplicate by bundleId
         const seen = new Set<string>()
-        return apps.filter(a => {
-          if (seen.has(a.bundleId)) return false
-          seen.add(a.bundleId)
-          return true
-        }).slice(0, 50)
+        return apps
+          .filter(a => {
+            if (seen.has(a.bundleId)) return false
+            seen.add(a.bundleId)
+            return true
+          })
+          .slice(0, 50)
       }
 
       // Fallback: ps with visible processes
@@ -217,7 +268,9 @@ export const apps: AppsAPI = {
         await runAsync(['gtk-launch', desktopName])
         return
       }
-    } catch { /* fall through */ }
+    } catch {
+      /* fall through */
+    }
 
     await runAsync(['xdg-open', name])
   },
@@ -232,7 +285,9 @@ export const apps: AppsAPI = {
           // Try xdotool windowactivate with search by name
           await runAsync(['xdotool', 'search', '--name', id, 'windowactivate'])
         }
-      } catch { /* ignore failures for individual windows */ }
+      } catch {
+        /* ignore failures for individual windows */
+      }
     }
   },
 }
@@ -244,7 +299,13 @@ export const apps: AppsAPI = {
 const SCREENSHOT_PATH = '/tmp/cu-screenshot.png'
 
 export const screenshot: ScreenshotAPI = {
-  async captureExcluding(_allowedBundleIds, _quality, _targetW, _targetH, _displayId): Promise<ScreenshotResult> {
+  async captureExcluding(
+    _allowedBundleIds,
+    _quality,
+    _targetW,
+    _targetH,
+    _displayId,
+  ): Promise<ScreenshotResult> {
     try {
       await runAsync(['scrot', '-o', SCREENSHOT_PATH])
 
@@ -261,10 +322,26 @@ export const screenshot: ScreenshotAPI = {
     }
   },
 
-  async captureRegion(_allowedBundleIds, x, y, w, h, _outW, _outH, _quality, _displayId): Promise<ScreenshotResult> {
+  async captureRegion(
+    _allowedBundleIds,
+    x,
+    y,
+    w,
+    h,
+    _outW,
+    _outH,
+    _quality,
+    _displayId,
+  ): Promise<ScreenshotResult> {
     try {
       // scrot -a x,y,w,h captures a specific region
-      await runAsync(['scrot', '-a', `${x},${y},${w},${h}`, '-o', SCREENSHOT_PATH])
+      await runAsync([
+        'scrot',
+        '-a',
+        `${x},${y},${w},${h}`,
+        '-o',
+        SCREENSHOT_PATH,
+      ])
 
       const file = Bun.file(SCREENSHOT_PATH)
       const buffer = await file.arrayBuffer()

packages/@ant/computer-use-swift/src/backends/win32.ts

@@ -6,13 +6,24 @@
  */
 
 import type {
-  AppInfo, AppsAPI, DisplayAPI, DisplayGeometry, InstalledApp,
-  PrepareDisplayResult, RunningApp, ScreenshotAPI, ScreenshotResult,
-  SwiftBackend, WindowDisplayInfo,
+  AppInfo,
+  AppsAPI,
+  DisplayAPI,
+  DisplayGeometry,
+  InstalledApp,
+  PrepareDisplayResult,
+  RunningApp,
+  ScreenshotAPI,
+  ScreenshotResult,
+  SwiftBackend,
+  WindowDisplayInfo,
 } from '../types.js'
 
 import { listWindows } from 'src/utils/computerUse/win32/windowEnum.js'
-import { captureWindow, captureWindowByHwnd } from 'src/utils/computerUse/win32/windowCapture.js'
+import {
+  captureWindow,
+  captureWindowByHwnd,
+} from 'src/utils/computerUse/win32/windowCapture.js'
 
 // ---------------------------------------------------------------------------
 // PowerShell helper
@@ -63,15 +74,18 @@ foreach ($s in [System.Windows.Forms.Screen]::AllScreens) {
 }
 $result -join "|"
 `)
-      return raw.split('|').filter(Boolean).map(entry => {
-        const [w, h, id, primary] = entry.split(',')
-        return {
-          width: Number(w),
-          height: Number(h),
-          scaleFactor: 1, // Windows DPI scaling handled at system level
-          displayId: Number(id),
-        }
-      })
+      return raw
+        .split('|')
+        .filter(Boolean)
+        .map(entry => {
+          const [w, h, id, primary] = entry.split(',')
+          return {
+            width: Number(w),
+            height: Number(h),
+            scaleFactor: 1, // Windows DPI scaling handled at system level
+            displayId: Number(id),
+          }
+        })
     } catch {
       return [{ width: 1920, height: 1080, scaleFactor: 1, displayId: 0 }]
     }
@@ -139,14 +153,17 @@ foreach ($p in $paths) {
 }
 $apps | Select-Object -Unique | Select-Object -First 200
 `)
-      return raw.split('\n').filter(Boolean).map(line => {
-        const [name, path, id] = line.split('|', 3)
-        return {
-          bundleId: id ?? name ?? '',
-          displayName: name ?? '',
-          path: path ?? '',
-        }
-      })
+      return raw
+        .split('\n')
+        .filter(Boolean)
+        .map(line => {
+          const [name, path, id] = line.split('|', 3)
+          return {
+            bundleId: id ?? name ?? '',
+            displayName: name ?? '',
+            path: path ?? '',
+          }
+        })
     } catch {
       return []
     }
@@ -204,7 +221,13 @@ if ($proc) { [WinShow]::ShowWindow($proc.MainWindowHandle, 9) | Out-Null; [WinSh
 // ---------------------------------------------------------------------------
 
 export const screenshot: ScreenshotAPI = {
-  async captureExcluding(_allowedBundleIds, _quality, _targetW, _targetH, displayId) {
+  async captureExcluding(
+    _allowedBundleIds,
+    _quality,
+    _targetW,
+    _targetH,
+    displayId,
+  ) {
     const raw = await psAsync(`
 Add-Type -AssemblyName System.Windows.Forms
 Add-Type -AssemblyName System.Drawing
@@ -229,7 +252,17 @@ $ms.Dispose()
     return { base64, width, height }
   },
 
-  async captureRegion(_allowedBundleIds, x, y, w, h, _outW, _outH, _quality, _displayId) {
+  async captureRegion(
+    _allowedBundleIds,
+    x,
+    y,
+    w,
+    h,
+    _outW,
+    _outH,
+    _quality,
+    _displayId,
+  ) {
     const raw = await psAsync(`
 Add-Type -AssemblyName System.Windows.Forms
 Add-Type -AssemblyName System.Drawing

packages/@ant/computer-use-swift/src/index.ts

@@ -37,25 +37,52 @@ const backend = loadBackend()
 
 export class ComputerUseAPI {
   apps = backend?.apps ?? {
-    async prepareDisplay() { return { activated: '', hidden: [] } },
-    async previewHideSet() { return [] },
-    async findWindowDisplays(ids: string[]) { return ids.map((b: string) => ({ bundleId: b, displayIds: [] as number[] })) },
-    async appUnderPoint() { return null },
-    async listInstalled() { return [] },
-    iconDataUrl() { return null },
-    listRunning() { return [] },
-    async open() { throw new Error('@ant/computer-use-swift: macOS only') },
+    async prepareDisplay() {
+      return { activated: '', hidden: [] }
+    },
+    async previewHideSet() {
+      return []
+    },
+    async findWindowDisplays(ids: string[]) {
+      return ids.map((b: string) => ({
+        bundleId: b,
+        displayIds: [] as number[],
+      }))
+    },
+    async appUnderPoint() {
+      return null
+    },
+    async listInstalled() {
+      return []
+    },
+    iconDataUrl() {
+      return null
+    },
+    listRunning() {
+      return []
+    },
+    async open() {
+      throw new Error('@ant/computer-use-swift: macOS only')
+    },
     async unhide() {},
   }
 
   display = backend?.display ?? {
-    getSize() { throw new Error('@ant/computer-use-swift: macOS only') },
-    listAll() { throw new Error('@ant/computer-use-swift: macOS only') },
+    getSize() {
+      throw new Error('@ant/computer-use-swift: macOS only')
+    },
+    listAll() {
+      throw new Error('@ant/computer-use-swift: macOS only')
+    },
   }
 
   screenshot = backend?.screenshot ?? {
-    async captureExcluding() { throw new Error('@ant/computer-use-swift: macOS only') },
-    async captureRegion() { throw new Error('@ant/computer-use-swift: macOS only') },
+    async captureExcluding() {
+      throw new Error('@ant/computer-use-swift: macOS only')
+    },
+    async captureRegion() {
+      throw new Error('@ant/computer-use-swift: macOS only')
+    },
   }
 
   async resolvePrepareCapture(
@@ -66,6 +93,12 @@ export class ComputerUseAPI {
     targetH: number,
     displayId?: number,
   ): Promise<ResolvePrepareCaptureResult> {
-    return this.screenshot.captureExcluding(allowedBundleIds, quality, targetW, targetH, displayId)
+    return this.screenshot.captureExcluding(
+      allowedBundleIds,
+      quality,
+      targetW,
+      targetH,
+      displayId,
+    )
   }
 }

packages/@ant/computer-use-swift/src/types.ts

@@ -55,7 +55,11 @@ export interface DisplayAPI {
 }
 
 export interface AppsAPI {
-  prepareDisplay(allowlistBundleIds: string[], surrogateHost: string, displayId?: number): Promise<PrepareDisplayResult>
+  prepareDisplay(
+    allowlistBundleIds: string[],
+    surrogateHost: string,
+    displayId?: number,
+  ): Promise<PrepareDisplayResult>
   previewHideSet(bundleIds: string[], displayId?: number): Promise<AppInfo[]>
   findWindowDisplays(bundleIds: string[]): Promise<WindowDisplayInfo[]>
   appUnderPoint(x: number, y: number): Promise<AppInfo | null>
@@ -68,13 +72,22 @@ export interface AppsAPI {
 
 export interface ScreenshotAPI {
   captureExcluding(
-    allowedBundleIds: string[], quality: number,
-    targetW: number, targetH: number, displayId?: number,
+    allowedBundleIds: string[],
+    quality: number,
+    targetW: number,
+    targetH: number,
+    displayId?: number,
   ): Promise<ScreenshotResult>
   captureRegion(
     allowedBundleIds: string[],
-    x: number, y: number, w: number, h: number,
-    outW: number, outH: number, quality: number, displayId?: number,
+    x: number,
+    y: number,
+    w: number,
+    h: number,
+    outW: number,
+    outH: number,
+    quality: number,
+    displayId?: number,
   ): Promise<ScreenshotResult>
   captureWindowTarget(titleOrHwnd: string | number): ScreenshotResult | null
 }

packages/@ant/ink/src/components/AlternateScreen.tsx

@@ -1,23 +1,19 @@
-import React, {
-  type PropsWithChildren,
-  useContext,
-  useInsertionEffect,
-} from 'react'
-import instances from '../core/instances.js'
+import React, { type PropsWithChildren, useContext, useInsertionEffect } from 'react';
+import instances from '../core/instances.js';
 import {
   DISABLE_MOUSE_TRACKING,
   ENABLE_MOUSE_TRACKING,
   ENTER_ALT_SCREEN,
   EXIT_ALT_SCREEN,
-} from '../core/termio/dec.js'
-import { TerminalWriteContext } from '../hooks/useTerminalNotification.js'
-import Box from './Box.js'
-import { TerminalSizeContext } from './TerminalSizeContext.js'
+} from '../core/termio/dec.js';
+import { TerminalWriteContext } from '../hooks/useTerminalNotification.js';
+import Box from './Box.js';
+import { TerminalSizeContext } from './TerminalSizeContext.js';
 
 type Props = PropsWithChildren<{
   /** Enable SGR mouse tracking (wheel + click/drag). Default true. */
-  mouseTracking?: boolean
-}>
+  mouseTracking?: boolean;
+}>;
 
 /**
  * Run children in the terminal's alternate screen buffer, constrained to
@@ -39,12 +35,9 @@ type Props = PropsWithChildren<{
  * from scrolling content) and so signal-exit cleanup can exit the alt
  * screen if the component's own unmount doesn't run.
  */
-export function AlternateScreen({
-  children,
-  mouseTracking = true,
-}: Props): React.ReactNode {
-  const size = useContext(TerminalSizeContext)
-  const writeRaw = useContext(TerminalWriteContext)
+export function AlternateScreen({ children, mouseTracking = true }: Props): React.ReactNode {
+  const size = useContext(TerminalSizeContext);
+  const writeRaw = useContext(TerminalWriteContext);
 
   // useInsertionEffect (not useLayoutEffect): react-reconciler calls
   // resetAfterCommit between the mutation and layout commit phases, and
@@ -57,31 +50,22 @@ export function AlternateScreen({
   // Cleanup timing is unchanged: both insertion and layout effect cleanup
   // run in the mutation phase on unmount, before resetAfterCommit.
   useInsertionEffect(() => {
-    const ink = instances.get(process.stdout)
-    if (!writeRaw) return
+    const ink = instances.get(process.stdout);
+    if (!writeRaw) return;
 
-    writeRaw(
-      ENTER_ALT_SCREEN +
-        '\x1b[2J\x1b[H' +
-        (mouseTracking ? ENABLE_MOUSE_TRACKING : ''),
-    )
-    ink?.setAltScreenActive(true, mouseTracking)
+    writeRaw(ENTER_ALT_SCREEN + '\x1b[2J\x1b[H' + (mouseTracking ? ENABLE_MOUSE_TRACKING : ''));
+    ink?.setAltScreenActive(true, mouseTracking);
 
     return () => {
-      ink?.setAltScreenActive(false)
-      ink?.clearTextSelection()
-      writeRaw((mouseTracking ? DISABLE_MOUSE_TRACKING : '') + EXIT_ALT_SCREEN)
-    }
-  }, [writeRaw, mouseTracking])
+      ink?.setAltScreenActive(false);
+      ink?.clearTextSelection();
+      writeRaw((mouseTracking ? DISABLE_MOUSE_TRACKING : '') + EXIT_ALT_SCREEN);
+    };
+  }, [writeRaw, mouseTracking]);
 
   return (
-    <Box
-      flexDirection="column"
-      height={size?.rows ?? 24}
-      width="100%"
-      flexShrink={0}
-    >
+    <Box flexDirection="column" height={size?.rows ?? 24} width="100%" flexShrink={0}>
       {children}
     </Box>
-  )
+  );
 }

packages/@ant/ink/src/components/App.tsx

@@ -1,14 +1,14 @@
-import React, { PureComponent, type ReactNode } from 'react'
+import React, { PureComponent, type ReactNode } from 'react';
 // Business-layer callbacks — replaced with inline defaults so this package
 // has zero dependencies on business code. The business layer can inject
 // implementations via AppCallbacks when needed.
 type AppCallbacks = {
-  updateLastInteractionTime?: () => void
-  stopCapturingEarlyInput?: () => void
-  isMouseClicksDisabled?: () => boolean
-  logError?: (error: unknown) => void
-  logForDebugging?: (message: string, opts?: { level?: string }) => void
-}
+  updateLastInteractionTime?: () => void;
+  stopCapturingEarlyInput?: () => void;
+  isMouseClicksDisabled?: () => boolean;
+  logError?: (error: unknown) => void;
+  logForDebugging?: (message: string, opts?: { level?: string }) => void;
+};
 
 /** Default no-op / safe-default implementations */
 const defaultCallbacks: Required<AppCallbacks> = {
@@ -17,46 +17,34 @@ const defaultCallbacks: Required<AppCallbacks> = {
   isMouseClicksDisabled: () => false,
   logError: (error: unknown) => console.error(error),
   logForDebugging: (_message: string, _opts?: { level?: string }) => {},
-}
+};
 
 /**
  * Override the default no-op callbacks. Call this from the business layer
  * (e.g. src/ink.tsx) before mounting <App>.
  */
 export function setAppCallbacks(cb: AppCallbacks): void {
-  Object.assign(defaultCallbacks, cb)
+  Object.assign(defaultCallbacks, cb);
 }
 
 function isEnvTruthy(value: string | undefined): boolean {
-  return value === '1' || value === 'true'
+  return value === '1' || value === 'true';
 }
-import { EventEmitter } from '../core/events/emitter.js'
-import { InputEvent } from '../core/events/input-event.js'
-import { TerminalFocusEvent } from '../core/events/terminal-focus-event.js'
+import { EventEmitter } from '../core/events/emitter.js';
+import { InputEvent } from '../core/events/input-event.js';
+import { TerminalFocusEvent } from '../core/events/terminal-focus-event.js';
 import {
   INITIAL_STATE,
   type ParsedInput,
   type ParsedKey,
   type ParsedMouse,
   parseMultipleKeypresses,
-} from '../core/parse-keypress.js'
-import reconciler from '../core/reconciler.js'
-import {
-  finishSelection,
-  hasSelection,
-  type SelectionState,
-  startSelection,
-} from '../core/selection.js'
-import {
-  isXtermJs,
-  setXtversionName,
-  supportsExtendedKeys,
-} from '../core/terminal.js'
-import {
-  getTerminalFocused,
-  setTerminalFocused,
-} from '../core/terminal-focus-state.js'
-import { TerminalQuerier, xtversion } from '../core/terminal-querier.js'
+} from '../core/parse-keypress.js';
+import reconciler from '../core/reconciler.js';
+import { finishSelection, hasSelection, type SelectionState, startSelection } from '../core/selection.js';
+import { isXtermJs, setXtversionName, supportsExtendedKeys } from '../core/terminal.js';
+import { getTerminalFocused, setTerminalFocused } from '../core/terminal-focus-state.js';
+import { TerminalQuerier, xtversion } from '../core/terminal-querier.js';
 import {
   DISABLE_KITTY_KEYBOARD,
   DISABLE_MODIFY_OTHER_KEYS,
@@ -64,155 +52,145 @@ import {
   ENABLE_MODIFY_OTHER_KEYS,
   FOCUS_IN,
   FOCUS_OUT,
-} from '../core/termio/csi.js'
-import {
-  DBP,
-  DFE,
-  DISABLE_MOUSE_TRACKING,
-  EBP,
-  EFE,
-  HIDE_CURSOR,
-  SHOW_CURSOR,
-} from '../core/termio/dec.js'
-import AppContext from './AppContext.js'
-import { ClockProvider } from './ClockContext.js'
-import CursorDeclarationContext, {
-  type CursorDeclarationSetter,
-} from './CursorDeclarationContext.js'
-import ErrorOverview from './ErrorOverview.js'
-import StdinContext from './StdinContext.js'
-import { TerminalFocusProvider } from './TerminalFocusContext.js'
-import { TerminalSizeContext } from './TerminalSizeContext.js'
+} from '../core/termio/csi.js';
+import { DBP, DFE, DISABLE_MOUSE_TRACKING, EBP, EFE, HIDE_CURSOR, SHOW_CURSOR } from '../core/termio/dec.js';
+import AppContext from './AppContext.js';
+import { ClockProvider } from './ClockContext.js';
+import CursorDeclarationContext, { type CursorDeclarationSetter } from './CursorDeclarationContext.js';
+import ErrorOverview from './ErrorOverview.js';
+import StdinContext from './StdinContext.js';
+import { TerminalFocusProvider } from './TerminalFocusContext.js';
+import { TerminalSizeContext } from './TerminalSizeContext.js';
 
 // Platforms that support Unix-style process suspension (SIGSTOP/SIGCONT)
-const SUPPORTS_SUSPEND = process.platform !== 'win32'
+const SUPPORTS_SUSPEND = process.platform !== 'win32';
 
 // After this many milliseconds of stdin silence, the next chunk triggers
 // a terminal mode re-assert (mouse tracking). Catches tmux detach→attach,
 // ssh reconnect, and laptop wake — the terminal resets DEC private modes
 // but no signal reaches us. 5s is well above normal inter-keystroke gaps
 // but short enough that the first scroll after reattach works.
-const STDIN_RESUME_GAP_MS = 5000
+const STDIN_RESUME_GAP_MS = 5000;
 
 type Props = {
-  readonly children: ReactNode
-  readonly stdin: NodeJS.ReadStream
-  readonly stdout: NodeJS.WriteStream
-  readonly stderr: NodeJS.WriteStream
-  readonly exitOnCtrlC: boolean
-  readonly onExit: (error?: Error) => void
-  readonly terminalColumns: number
-  readonly terminalRows: number
+  readonly children: ReactNode;
+  readonly stdin: NodeJS.ReadStream;
+  readonly stdout: NodeJS.WriteStream;
+  readonly stderr: NodeJS.WriteStream;
+  readonly exitOnCtrlC: boolean;
+  readonly onExit: (error?: Error) => void;
+  readonly terminalColumns: number;
+  readonly terminalRows: number;
   // Text selection state. App mutates this directly from mouse events
   // and calls onSelectionChange to trigger a repaint. Mouse events only
   // arrive when <AlternateScreen> (or similar) enables mouse tracking,
   // so the handler is always wired but dormant until tracking is on.
-  readonly selection: SelectionState
-  readonly onSelectionChange: () => void
+  readonly selection: SelectionState;
+  readonly onSelectionChange: () => void;
   // Dispatch a click at (col, row) — hit-tests the DOM tree and bubbles
   // onClick handlers. Returns true if a DOM handler consumed the click.
   // No-op (returns false) outside fullscreen mode (Ink.dispatchClick
   // gates on altScreenActive).
-  readonly onClickAt: (col: number, row: number) => boolean
+  readonly onClickAt: (col: number, row: number) => boolean;
   // Dispatch hover (onMouseEnter/onMouseLeave) as the pointer moves over
   // DOM elements. Called for mode-1003 motion events with no button held.
   // No-op outside fullscreen (Ink.dispatchHover gates on altScreenActive).
-  readonly onHoverAt: (col: number, row: number) => void
+  readonly onHoverAt: (col: number, row: number) => void;
   // Look up the OSC 8 hyperlink at (col, row) synchronously at click
   // time. Returns the URL or undefined. The browser-open is deferred by
   // MULTI_CLICK_TIMEOUT_MS so double-click can cancel it.
-  readonly getHyperlinkAt: (col: number, row: number) => string | undefined
+  readonly getHyperlinkAt: (col: number, row: number) => string | undefined;
   // Open a hyperlink URL in the browser. Called after the timer fires.
-  readonly onOpenHyperlink: (url: string) => void
+  readonly onOpenHyperlink: (url: string) => void;
   // Called on double/triple-click PRESS at (col, row). count=2 selects
   // the word under the cursor; count=3 selects the line. Ink reads the
   // screen buffer to find word/line boundaries and mutates selection,
   // setting isDragging=true so a subsequent drag extends by word/line.
-  readonly onMultiClick: (col: number, row: number, count: 2 | 3) => void
+  readonly onMultiClick: (col: number, row: number, count: 2 | 3) => void;
   // Called on drag-motion. Mode-aware: char mode updates focus to the
   // exact cell; word/line mode snaps to word/line boundaries. Needs
   // screen-buffer access (word boundaries) so lives on Ink, not here.
-  readonly onSelectionDrag: (col: number, row: number) => void
+  readonly onSelectionDrag: (col: number, row: number) => void;
   // Called when stdin data arrives after a >STDIN_RESUME_GAP_MS gap.
   // Ink re-asserts terminal modes: extended key reporting, and (when in
   // fullscreen) re-enters alt-screen + mouse tracking. Idempotent on the
   // terminal side. Optional so testing.tsx doesn't need to stub it.
-  readonly onStdinResume?: () => void
+  readonly onStdinResume?: () => void;
   // Receives the declared native-cursor position from useDeclaredCursor
   // so ink.tsx can park the terminal cursor there after each frame.
   // Enables IME composition at the input caret and lets screen readers /
   // magnifiers track the input. Optional so testing.tsx doesn't stub it.
-  readonly onCursorDeclaration?: CursorDeclarationSetter
+  readonly onCursorDeclaration?: CursorDeclarationSetter;
   // Dispatch a keyboard event through the DOM tree. Called for each
   // parsed key alongside the legacy EventEmitter path.
-  readonly dispatchKeyboardEvent: (parsedKey: ParsedKey) => void
-}
+  readonly dispatchKeyboardEvent: (parsedKey: ParsedKey) => void;
+};
 
 // Multi-click detection thresholds. 500ms is the macOS default; a small
 // position tolerance allows for trackpad jitter between clicks.
-const MULTI_CLICK_TIMEOUT_MS = 500
-const MULTI_CLICK_DISTANCE = 1
+const MULTI_CLICK_TIMEOUT_MS = 500;
+const MULTI_CLICK_DISTANCE = 1;
 
 type State = {
-  readonly error?: Error
-}
+  readonly error?: Error;
+};
 
 // Root component for all Ink apps
 // It renders stdin and stdout contexts, so that children can access them if needed
 // It also handles Ctrl+C exiting and cursor visibility
 export default class App extends PureComponent<Props, State> {
-  static displayName = 'InternalApp'
+  static displayName = 'InternalApp';
 
   static getDerivedStateFromError(error: Error) {
-    return { error }
+    return { error };
   }
 
   override state = {
     error: undefined,
-  }
+  };
 
   // Count how many components enabled raw mode to avoid disabling
   // raw mode until all components don't need it anymore
-  rawModeEnabledCount = 0
+  rawModeEnabledCount = 0;
 
-  internal_eventEmitter = new EventEmitter()
-  keyParseState = INITIAL_STATE
+  internal_eventEmitter = new EventEmitter();
+  keyParseState = INITIAL_STATE;
   // Timer for flushing incomplete escape sequences
-  incompleteEscapeTimer: NodeJS.Timeout | null = null
+  incompleteEscapeTimer: NodeJS.Timeout | null = null;
   // Timeout durations for incomplete sequences (ms)
-  readonly NORMAL_TIMEOUT = 50 // Short timeout for regular esc sequences
-  readonly PASTE_TIMEOUT = 500 // Longer timeout for paste operations
+  readonly NORMAL_TIMEOUT = 50; // Short timeout for regular esc sequences
+  readonly PASTE_TIMEOUT = 500; // Longer timeout for paste operations
 
   // Terminal query/response dispatch. Responses arrive on stdin (parsed
   // out by parse-keypress) and are routed to pending promise resolvers.
-  querier = new TerminalQuerier(this.props.stdout)
+  querier = new TerminalQuerier(this.props.stdout);
 
   // Multi-click tracking for double/triple-click text selection. A click
   // within MULTI_CLICK_TIMEOUT_MS and MULTI_CLICK_DISTANCE of the previous
   // click increments clickCount; otherwise it resets to 1.
-  lastClickTime = 0
-  lastClickCol = -1
-  lastClickRow = -1
-  clickCount = 0
+  lastClickTime = 0;
+  lastClickCol = -1;
+  lastClickRow = -1;
+  clickCount = 0;
   // Deferred hyperlink-open timer — cancelled if a second click arrives
   // within MULTI_CLICK_TIMEOUT_MS (so double-clicking a hyperlink selects
   // the word without also opening the browser). DOM onClick dispatch is
   // NOT deferred — it returns true from onClickAt and skips this timer.
-  pendingHyperlinkTimer: ReturnType<typeof setTimeout> | null = null
+  pendingHyperlinkTimer: ReturnType<typeof setTimeout> | null = null;
   // Last mode-1003 motion position. Terminals already dedupe to cell
   // granularity but this also lets us skip dispatchHover entirely on
   // repeat events (drag-then-release at same cell, etc.).
-  lastHoverCol = -1
-  lastHoverRow = -1
+  lastHoverCol = -1;
+  lastHoverRow = -1;
 
   // Timestamp of last stdin chunk. Used to detect long gaps (tmux attach,
   // ssh reconnect, laptop wake) and trigger terminal mode re-assert.
   // Initialized to now so startup doesn't false-trigger.
-  lastStdinTime = Date.now()
+  lastStdinTime = Date.now();
 
   // Determines if TTY is supported on the provided stdin
   isRawModeSupported(): boolean {
-    return this.props.stdin.isTTY
+    return this.props.stdin.isTTY;
   }
 
   override render() {
@@ -242,73 +220,73 @@ export default class App extends PureComponent<Props, State> {
           >
             <TerminalFocusProvider>
               <ClockProvider>
-                <CursorDeclarationContext.Provider
-                  value={this.props.onCursorDeclaration ?? (() => {})}
-                >
-                  {this.state.error ? (
-                    <ErrorOverview error={this.state.error as Error} />
-                  ) : (
-                    this.props.children
-                  )}
+                <CursorDeclarationContext.Provider value={this.props.onCursorDeclaration ?? (() => {})}>
+                  {this.state.error ? <ErrorOverview error={this.state.error as Error} /> : this.props.children}
                 </CursorDeclarationContext.Provider>
               </ClockProvider>
             </TerminalFocusProvider>
           </StdinContext.Provider>
         </AppContext.Provider>
       </TerminalSizeContext.Provider>
-    )
+    );
   }
 
   override componentDidMount() {
     // In accessibility mode, keep the native cursor visible for screen magnifiers and other tools
-    if (
-      this.props.stdout.isTTY &&
-      !isEnvTruthy(process.env.CLAUDE_CODE_ACCESSIBILITY)
-    ) {
-      this.props.stdout.write(HIDE_CURSOR)
+    if (this.props.stdout.isTTY && !isEnvTruthy(process.env.CLAUDE_CODE_ACCESSIBILITY)) {
+      this.props.stdout.write(HIDE_CURSOR);
     }
   }
 
   override componentWillUnmount() {
     if (this.props.stdout.isTTY) {
-      this.props.stdout.write(SHOW_CURSOR)
+      this.props.stdout.write(SHOW_CURSOR);
     }
 
     // Clear any pending timers
     if (this.incompleteEscapeTimer) {
-      clearTimeout(this.incompleteEscapeTimer)
-      this.incompleteEscapeTimer = null
+      clearTimeout(this.incompleteEscapeTimer);
+      this.incompleteEscapeTimer = null;
     }
     if (this.pendingHyperlinkTimer) {
-      clearTimeout(this.pendingHyperlinkTimer)
-      this.pendingHyperlinkTimer = null
+      clearTimeout(this.pendingHyperlinkTimer);
+      this.pendingHyperlinkTimer = null;
     }
     // ignore calling setRawMode on an handle stdin it cannot be called
     if (this.isRawModeSupported()) {
-      this.handleSetRawMode(false)
+      this.handleSetRawMode(false);
+    } else {
+      // Even when raw mode was never enabled (e.g. non-TTY stdin on
+      // Windows Node.js), ensure stdin is unref'd so the process can
+      // exit. earlyInput may have called ref() before Ink mounted.
+      try {
+        this.props.stdin.unref();
+      } catch {
+        // stdin may already be destroyed
+      }
     }
   }
 
   override componentDidCatch(error: Error) {
-    this.handleExit(error)
+    this.handleExit(error);
   }
 
   handleSetRawMode = (isEnabled: boolean): void => {
-    const { stdin } = this.props
+    const { stdin } = this.props;
 
     if (!this.isRawModeSupported()) {
       if (stdin === process.stdin) {
         throw new Error(
           'Raw mode is not supported on the current process.stdin, which Ink uses as input stream by default.\nRead about how to prevent this error on https://github.com/vadimdemedes/ink/#israwmodesupported',
-        )
+        );
       } else {
         throw new Error(
           'Raw mode is not supported on the stdin provided to Ink.\nRead about how to prevent this error on https://github.com/vadimdemedes/ink/#israwmodesupported',
-        )
+        );
       }
     }
 
-    stdin.setEncoding('utf8')
+    stdin.setEncoding('utf8');
 
     if (isEnabled) {
       // Ensure raw mode is enabled only once
@@ -317,34 +295,34 @@ export default class App extends PureComponent<Props, State> {
         // Both use the same stdin 'readable' + read() pattern, so they can't
         // coexist -- the early capture handler would drain stdin before ours
         // can see it. The buffered text is preserved for REPL.tsx via consumeEarlyInput().
-        defaultCallbacks.stopCapturingEarlyInput()
+        defaultCallbacks.stopCapturingEarlyInput();
 
         // Safety net: remove any pre-existing readable listeners that aren't
         // ours. In builds where setAppCallbacks() was never called, the early
         // input capture's readableHandler remains attached and would consume
         // all stdin data before our handleReadable sees it.
-        const existingListeners = stdin.listeners('readable')
+        const existingListeners = stdin.listeners('readable');
         for (const listener of existingListeners) {
           if (listener !== this.handleReadable) {
-            stdin.removeListener('readable', listener as any)
+            stdin.removeListener('readable', listener as any);
           }
         }
 
-        stdin.ref()
-        stdin.setRawMode(true)
-        stdin.addListener('readable', this.handleReadable)
+        stdin.ref();
+        stdin.setRawMode(true);
+        stdin.addListener('readable', this.handleReadable);
         // Enable bracketed paste mode
-        this.props.stdout.write(EBP)
+        this.props.stdout.write(EBP);
         // Enable terminal focus reporting (DECSET 1004)
-        this.props.stdout.write(EFE)
+        this.props.stdout.write(EFE);
         // Enable extended key reporting so ctrl+shift+<letter> is
         // distinguishable from ctrl+<letter>. We write both the kitty stack
         // push (CSI >1u) and xterm modifyOtherKeys level 2 (CSI >4;2m) —
         // terminals honor whichever they implement (tmux only accepts the
         // latter).
         if (supportsExtendedKeys()) {
-          this.props.stdout.write(ENABLE_KITTY_KEYBOARD)
-          this.props.stdout.write(ENABLE_MODIFY_OTHER_KEYS)
+          this.props.stdout.write(ENABLE_KITTY_KEYBOARD);
+          this.props.stdout.write(ENABLE_MODIFY_OTHER_KEYS);
         }
         // Probe terminal identity. XTVERSION survives SSH (query/reply goes
         // through the pty), unlike TERM_PROGRAM. Used for wheel-scroll base
@@ -355,22 +333,19 @@ export default class App extends PureComponent<Props, State> {
         // init sequence completes — avoids interleaving with alt-screen/mouse
         // tracking enable writes that may happen in the same render cycle.
         setImmediate(() => {
-          void Promise.all([
-            this.querier.send(xtversion()),
-            this.querier.flush(),
-          ]).then(([r]) => {
+          void Promise.all([this.querier.send(xtversion()), this.querier.flush()]).then(([r]) => {
             if (r) {
-              setXtversionName(r.name)
-              defaultCallbacks.logForDebugging(`XTVERSION: terminal identified as "${r.name}"`)
+              setXtversionName(r.name);
+              defaultCallbacks.logForDebugging(`XTVERSION: terminal identified as "${r.name}"`);
             } else {
-              defaultCallbacks.logForDebugging('XTVERSION: no reply (terminal ignored query)')
+              defaultCallbacks.logForDebugging('XTVERSION: no reply (terminal ignored query)');
             }
-          })
-        })
+          });
+        });
       }
 
-      this.rawModeEnabledCount++
-      return
+      this.rawModeEnabledCount++;
+      return;
     }
 
     // Disable raw mode only when no components left that are using it
@@ -380,31 +355,31 @@ export default class App extends PureComponent<Props, State> {
       // If the old tree had more useInput hooks than the new tree, the old
       // cleanup over-decrements the count to 0 even though the new tree has
       // active listeners. Detect this and fix the count instead of disabling.
-      const activeListeners = this.internal_eventEmitter.listenerCount('input')
+      const activeListeners = this.internal_eventEmitter.listenerCount('input');
       if (activeListeners > 0) {
-        this.rawModeEnabledCount = activeListeners
-        return
+        this.rawModeEnabledCount = activeListeners;
+        return;
       }
 
-      this.props.stdout.write(DISABLE_MODIFY_OTHER_KEYS)
-      this.props.stdout.write(DISABLE_KITTY_KEYBOARD)
+      this.props.stdout.write(DISABLE_MODIFY_OTHER_KEYS);
+      this.props.stdout.write(DISABLE_KITTY_KEYBOARD);
       // Disable terminal focus reporting (DECSET 1004)
-      this.props.stdout.write(DFE)
+      this.props.stdout.write(DFE);
       // Disable bracketed paste mode
-      this.props.stdout.write(DBP)
-      stdin.setRawMode(false)
-      stdin.removeListener('readable', this.handleReadable)
-      stdin.unref()
+      this.props.stdout.write(DBP);
+      stdin.setRawMode(false);
+      stdin.removeListener('readable', this.handleReadable);
+      stdin.unref();
     }
-  }
+  };
 
   // Helper to flush incomplete escape sequences
   flushIncomplete = (): void => {
     // Clear the timer reference
-    this.incompleteEscapeTimer = null
+    this.incompleteEscapeTimer = null;
 
     // Only proceed if we have incomplete sequences
-    if (!this.keyParseState.incomplete) return
+    if (!this.keyParseState.incomplete) return;
 
     // Fullscreen: if stdin has data waiting, it's almost certainly the
     // continuation of the buffered sequence (e.g. `[<64;74;16M` after a
@@ -415,23 +390,20 @@ export default class App extends PureComponent<Props, State> {
     // drain stdin next and clear this timer. Prevents both the spurious
     // Escape key and the lost scroll event.
     if (this.props.stdin.readableLength > 0) {
-      this.incompleteEscapeTimer = setTimeout(
-        this.flushIncomplete,
-        this.NORMAL_TIMEOUT,
-      )
-      return
+      this.incompleteEscapeTimer = setTimeout(this.flushIncomplete, this.NORMAL_TIMEOUT);
+      return;
     }
 
     // Process incomplete as a flush operation (input=null)
     // This reuses all existing parsing logic
-    this.processInput(null)
-  }
+    this.processInput(null);
+  };
 
   // Process input through the parser and handle the results
   processInput = (input: string | Buffer | null): void => {
     // Parse input using our state machine
-    const [keys, newState] = parseMultipleKeypresses(this.keyParseState, input)
-    this.keyParseState = newState
+    const [keys, newState] = parseMultipleKeypresses(this.keyParseState, input);
+    this.keyParseState = newState;
 
     // Process ALL keys in a SINGLE discreteUpdates call to prevent
     // "Maximum update depth exceeded" error when many keys arrive at once
@@ -439,106 +411,94 @@ export default class App extends PureComponent<Props, State> {
     // This batches all state updates from handleInput and all useInput
     // listeners together within one high-priority update context.
     if (keys.length > 0) {
-      reconciler.discreteUpdates(
-        processKeysInBatch,
-        this,
-        keys,
-        undefined,
-        undefined,
-      )
+      reconciler.discreteUpdates(processKeysInBatch, this, keys, undefined, undefined);
     }
 
     // If we have incomplete escape sequences, set a timer to flush them
     if (this.keyParseState.incomplete) {
       // Cancel any existing timer first
       if (this.incompleteEscapeTimer) {
-        clearTimeout(this.incompleteEscapeTimer)
+        clearTimeout(this.incompleteEscapeTimer);
       }
       this.incompleteEscapeTimer = setTimeout(
         this.flushIncomplete,
-        this.keyParseState.mode === 'IN_PASTE'
-          ? this.PASTE_TIMEOUT
-          : this.NORMAL_TIMEOUT,
-      )
+        this.keyParseState.mode === 'IN_PASTE' ? this.PASTE_TIMEOUT : this.NORMAL_TIMEOUT,
+      );
     }
-  }
+  };
 
   handleReadable = (): void => {
     // Detect long stdin gaps (tmux attach, ssh reconnect, laptop wake).
     // The terminal may have reset DEC private modes; re-assert mouse
     // tracking. Checked before the read loop so one Date.now() covers
     // all chunks in this readable event.
-    const now = Date.now()
+    const now = Date.now();
     if (now - this.lastStdinTime > STDIN_RESUME_GAP_MS) {
-      this.props.onStdinResume?.()
+      this.props.onStdinResume?.();
     }
-    this.lastStdinTime = now
+    this.lastStdinTime = now;
     try {
-      let chunk
+      let chunk;
       while ((chunk = this.props.stdin.read() as string | null) !== null) {
         // Process the input chunk
-        this.processInput(chunk)
+        this.processInput(chunk);
       }
     } catch (error) {
       // In Bun, an uncaught throw inside a stream 'readable' handler can
       // permanently wedge the stream: data stays buffered and 'readable'
       // never re-emits. Catching here ensures the stream stays healthy so
       // subsequent keystrokes are still delivered.
-      defaultCallbacks.logError(error)
+      defaultCallbacks.logError(error);
 
       // Re-attach the listener in case the exception detached it.
       // Bun may remove the listener after an error; without this,
       // the session freezes permanently (stdin reader dead, event loop alive).
-      const { stdin } = this.props
-      if (
-        this.rawModeEnabledCount > 0 &&
-        !stdin.listeners('readable').includes(this.handleReadable)
-      ) {
-        defaultCallbacks.logForDebugging(
-          'handleReadable: re-attaching stdin readable listener after error recovery',
-          { level: 'warn' },
-        )
-        stdin.addListener('readable', this.handleReadable)
+      const { stdin } = this.props;
+      if (this.rawModeEnabledCount > 0 && !stdin.listeners('readable').includes(this.handleReadable)) {
+        defaultCallbacks.logForDebugging('handleReadable: re-attaching stdin readable listener after error recovery', {
+          level: 'warn',
+        });
+        stdin.addListener('readable', this.handleReadable);
       }
     }
-  }
+  };
 
   handleInput = (input: string | undefined): void => {
     // Exit on Ctrl+C
     if (input === '\x03' && this.props.exitOnCtrlC) {
-      this.handleExit()
+      this.handleExit();
     }
 
     // Note: Ctrl+Z (suspend) is now handled in processKeysInBatch using the
     // parsed key to support both raw (\x1a) and CSI u format from Kitty
     // keyboard protocol terminals (Ghostty, iTerm2, kitty, WezTerm)
-  }
+  };
 
   handleExit = (error?: Error): void => {
     if (this.isRawModeSupported()) {
-      this.handleSetRawMode(false)
+      this.handleSetRawMode(false);
     }
 
-    this.props.onExit(error)
-  }
+    this.props.onExit(error);
+  };
 
   handleTerminalFocus = (isFocused: boolean): void => {
     // setTerminalFocused notifies subscribers: TerminalFocusProvider (context)
     // and Clock (interval speed) — no App setState needed.
-    setTerminalFocused(isFocused)
-  }
+    setTerminalFocused(isFocused);
+  };
 
   handleSuspend = (): void => {
     if (!this.isRawModeSupported()) {
-      return
+      return;
     }
 
     // Store the exact raw mode count to restore it properly
-    const rawModeCountBeforeSuspend = this.rawModeEnabledCount
+    const rawModeCountBeforeSuspend = this.rawModeEnabledCount;
 
     // Completely disable raw mode before suspending
     while (this.rawModeEnabledCount > 0) {
-      this.handleSetRawMode(false)
+      this.handleSetRawMode(false);
     }
 
     // Show cursor, disable focus reporting, and disable mouse tracking
@@ -547,49 +507,44 @@ export default class App extends PureComponent<Props, State> {
     // it, SGR mouse sequences would appear as garbled text at the
     // shell prompt while suspended.
     if (this.props.stdout.isTTY) {
-      this.props.stdout.write(SHOW_CURSOR + DFE + DISABLE_MOUSE_TRACKING)
+      this.props.stdout.write(SHOW_CURSOR + DFE + DISABLE_MOUSE_TRACKING);
     }
 
     // Emit suspend event for Claude Code to handle. Mostly just has a notification
-    this.internal_eventEmitter.emit('suspend')
+    this.internal_eventEmitter.emit('suspend');
 
     // Set up resume handler
     const resumeHandler = () => {
       // Restore raw mode to exact previous state
       for (let i = 0; i < rawModeCountBeforeSuspend; i++) {
         if (this.isRawModeSupported()) {
-          this.handleSetRawMode(true)
+          this.handleSetRawMode(true);
         }
       }
 
       // Hide cursor (unless in accessibility mode) and re-enable focus reporting after resuming
       if (this.props.stdout.isTTY) {
         if (!isEnvTruthy(process.env.CLAUDE_CODE_ACCESSIBILITY)) {
-          this.props.stdout.write(HIDE_CURSOR)
+          this.props.stdout.write(HIDE_CURSOR);
         }
         // Re-enable focus reporting to restore terminal state
-        this.props.stdout.write(EFE)
+        this.props.stdout.write(EFE);
       }
 
       // Emit resume event for Claude Code to handle
-      this.internal_eventEmitter.emit('resume')
+      this.internal_eventEmitter.emit('resume');
 
-      process.removeListener('SIGCONT', resumeHandler)
-    }
+      process.removeListener('SIGCONT', resumeHandler);
+    };
 
-    process.on('SIGCONT', resumeHandler)
-    process.kill(process.pid, 'SIGSTOP')
-  }
+    process.on('SIGCONT', resumeHandler);
+    process.kill(process.pid, 'SIGSTOP');
+  };
 }
 
 // Helper to process all keys within a single discrete update context.
 // discreteUpdates expects (fn, a, b, c, d) -> fn(a, b, c, d)
-function processKeysInBatch(
-  app: App,
-  items: ParsedInput[],
-  _unused1: undefined,
-  _unused2: undefined,
-): void {
+function processKeysInBatch(app: App, items: ParsedInput[], _unused1: undefined, _unused2: undefined): void {
   // Update interaction time for notification timeout tracking.
   // This is called from the central input handler to avoid having multiple
   // stdin listeners that can cause race conditions and dropped input.
@@ -597,75 +552,70 @@ function processKeysInBatch(
   // Mode-1003 no-button motion is also excluded — passive cursor drift is
   // not engagement (would suppress idle notifications + defer housekeeping).
   if (
-    items.some(
-      i =>
-        i.kind === 'key' ||
-        (i.kind === 'mouse' &&
-          !((i.button & 0x20) !== 0 && (i.button & 0x03) === 3)),
-    )
+    items.some(i => i.kind === 'key' || (i.kind === 'mouse' && !((i.button & 0x20) !== 0 && (i.button & 0x03) === 3)))
   ) {
-    defaultCallbacks.updateLastInteractionTime()
+    defaultCallbacks.updateLastInteractionTime();
   }
 
   for (const item of items) {
     // Terminal responses (DECRPM, DA1, OSC replies, etc.) are not user
     // input — route them to the querier to resolve pending promises.
     if (item.kind === 'response') {
-      app.querier.onResponse(item.response)
-      continue
+      app.querier.onResponse(item.response);
+      continue;
     }
 
     // Mouse click/drag events update selection state (fullscreen only).
     // Terminal sends 1-indexed col/row; convert to 0-indexed for the
     // screen buffer. Button bit 0x20 = drag (motion while button held).
     if (item.kind === 'mouse') {
-      handleMouseEvent(app, item)
-      continue
+      handleMouseEvent(app, item);
+      continue;
     }
 
-    const sequence = item.sequence
+    const sequence = item.sequence;
 
     // Handle terminal focus events (DECSET 1004)
     if (sequence === FOCUS_IN) {
-      app.handleTerminalFocus(true)
-      const event = new TerminalFocusEvent('terminalfocus')
-      app.internal_eventEmitter.emit('terminalfocus', event)
-      continue
+      app.handleTerminalFocus(true);
+      const event = new TerminalFocusEvent('terminalfocus');
+      app.internal_eventEmitter.emit('terminalfocus', event);
+      continue;
     }
     if (sequence === FOCUS_OUT) {
-      app.handleTerminalFocus(false)
+      app.handleTerminalFocus(false);
       // Defensive: if we lost the release event (mouse released outside
       // terminal window — some emulators drop it rather than capturing the
       // pointer), focus-out is the next observable signal that the drag is
       // over. Without this, drag-to-scroll's timer runs until the scroll
       // boundary is hit.
       if (app.props.selection.isDragging) {
-        finishSelection(app.props.selection)
-        app.props.onSelectionChange()
+        finishSelection(app.props.selection);
+        app.props.onSelectionChange();
       }
-      const event = new TerminalFocusEvent('terminalblur')
-      app.internal_eventEmitter.emit('terminalblur', event)
-      continue
+      const event = new TerminalFocusEvent('terminalblur');
+      app.internal_eventEmitter.emit('terminalblur', event);
+      continue;
     }
 
     // Failsafe: if we receive input, the terminal must be focused
     if (!getTerminalFocused()) {
-      setTerminalFocused(true)
+      setTerminalFocused(true);
     }
 
     // Handle Ctrl+Z (suspend) using parsed key to support both raw (\x1a) and
     // CSI u format (\x1b[122;5u) from Kitty keyboard protocol terminals
     if (item.name === 'z' && item.ctrl && SUPPORTS_SUSPEND) {
-      app.handleSuspend()
-      continue
+      app.handleSuspend();
+      continue;
     }
 
-    app.handleInput(sequence)
-    const event = new InputEvent(item)
-    app.internal_eventEmitter.emit('input', event)
+    app.handleInput(sequence);
+    const event = new InputEvent(item);
+    app.internal_eventEmitter.emit('input', event);
 
     // Also dispatch through the DOM tree so onKeyDown handlers fire.
-    app.props.dispatchKeyboardEvent(item)
+    app.props.dispatchKeyboardEvent(item);
   }
 }
 
@@ -673,13 +623,13 @@ function processKeysInBatch(
 export function handleMouseEvent(app: App, m: ParsedMouse): void {
   // Allow disabling click handling while keeping wheel scroll (which goes
   // through the keybinding system as 'wheelup'/'wheeldown', not here).
-  if (defaultCallbacks.isMouseClicksDisabled()) return
+  if (defaultCallbacks.isMouseClicksDisabled()) return;
 
-  const sel = app.props.selection
+  const sel = app.props.selection;
   // Terminal coords are 1-indexed; screen buffer is 0-indexed
-  const col = m.col - 1
-  const row = m.row - 1
-  const baseButton = m.button & 0x03
+  const col = m.col - 1;
+  const row = m.row - 1;
+  const baseButton = m.button & 0x03;
 
   if (m.action === 'press') {
     if ((m.button & 0x20) !== 0 && baseButton === 3) {
@@ -693,25 +643,25 @@ export function handleMouseEvent(app: App, m: ParsedMouse): void {
       // past the edge, came back" — and tmux drops focus events unless
       // `focus-events on` is set, so this is the more reliable signal.
       if (sel.isDragging) {
-        finishSelection(sel)
-        app.props.onSelectionChange()
+        finishSelection(sel);
+        app.props.onSelectionChange();
       }
-      if (col === app.lastHoverCol && row === app.lastHoverRow) return
-      app.lastHoverCol = col
-      app.lastHoverRow = row
-      app.props.onHoverAt(col, row)
-      return
+      if (col === app.lastHoverCol && row === app.lastHoverRow) return;
+      app.lastHoverCol = col;
+      app.lastHoverRow = row;
+      app.props.onHoverAt(col, row);
+      return;
     }
     if (baseButton !== 0) {
       // Non-left press breaks the multi-click chain.
-      app.clickCount = 0
-      return
+      app.clickCount = 0;
+      return;
     }
     if ((m.button & 0x20) !== 0) {
       // Drag motion: mode-aware extension (char/word/line). onSelectionDrag
       // calls notifySelectionChange internally — no extra onSelectionChange.
-      app.props.onSelectionDrag(col, row)
-      return
+      app.props.onSelectionDrag(col, row);
+      return;
     }
     // Lost-release fallback for mode-1002-only terminals: a fresh press
     // while isDragging=true means the previous release was dropped (cursor
@@ -719,43 +669,43 @@ export function handleMouseEvent(app: App, m: ParsedMouse): void {
     // before startSelection/onMultiClick clobbers it. Mode-1003 terminals
     // hit the no-button-motion recovery above instead, so this is rare.
     if (sel.isDragging) {
-      finishSelection(sel)
-      app.props.onSelectionChange()
+      finishSelection(sel);
+      app.props.onSelectionChange();
     }
     // Fresh left press. Detect multi-click HERE (not on release) so the
     // word/line highlight appears immediately and a subsequent drag can
     // extend by word/line like native macOS. Previously detected on
     // release, which meant (a) visible latency before the word highlights
     // and (b) double-click+drag fell through to char-mode selection.
-    const now = Date.now()
+    const now = Date.now();
     const nearLast =
       now - app.lastClickTime < MULTI_CLICK_TIMEOUT_MS &&
       Math.abs(col - app.lastClickCol) <= MULTI_CLICK_DISTANCE &&
-      Math.abs(row - app.lastClickRow) <= MULTI_CLICK_DISTANCE
-    app.clickCount = nearLast ? app.clickCount + 1 : 1
-    app.lastClickTime = now
-    app.lastClickCol = col
-    app.lastClickRow = row
+      Math.abs(row - app.lastClickRow) <= MULTI_CLICK_DISTANCE;
+    app.clickCount = nearLast ? app.clickCount + 1 : 1;
+    app.lastClickTime = now;
+    app.lastClickCol = col;
+    app.lastClickRow = row;
     if (app.clickCount >= 2) {
       // Cancel any pending hyperlink-open from the first click — this is
       // a double-click, not a single-click on a link.
       if (app.pendingHyperlinkTimer) {
-        clearTimeout(app.pendingHyperlinkTimer)
-        app.pendingHyperlinkTimer = null
+        clearTimeout(app.pendingHyperlinkTimer);
+        app.pendingHyperlinkTimer = null;
       }
       // Cap at 3 (line select) for quadruple+ clicks.
-      const count = app.clickCount === 2 ? 2 : 3
-      app.props.onMultiClick(col, row, count)
-      return
+      const count = app.clickCount === 2 ? 2 : 3;
+      app.props.onMultiClick(col, row, count);
+      return;
     }
-    startSelection(sel, col, row)
+    startSelection(sel, col, row);
     // SGR bit 0x08 = alt (xterm.js wires altKey here, not metaKey — see
     // comment at the hyperlink-open guard below). On macOS xterm.js,
     // receiving alt means macOptionClickForcesSelection is OFF (otherwise
     // xterm.js would have consumed the event for native selection).
-    sel.lastPressHadAlt = (m.button & 0x08) !== 0
-    app.props.onSelectionChange()
-    return
+    sel.lastPressHadAlt = (m.button & 0x08) !== 0;
+    app.props.onSelectionChange();
+    return;
   }
 
   // Release: end the drag even for non-zero button codes. Some terminals
@@ -765,12 +715,12 @@ export function handleMouseEvent(app: App, m: ParsedMouse): void {
   // scroll boundary. Only act on non-left releases when we ARE dragging
   // (so an unrelated middle/right click-release doesn't touch selection).
   if (baseButton !== 0) {
-    if (!sel.isDragging) return
-    finishSelection(sel)
-    app.props.onSelectionChange()
-    return
+    if (!sel.isDragging) return;
+    finishSelection(sel);
+    app.props.onSelectionChange();
+    return;
   }
-  finishSelection(sel)
+  finishSelection(sel);
   // NOTE: unlike the old release-based detection we do NOT reset clickCount
   // on release-after-drag. This aligns with NSEvent.clickCount semantics:
   // an intervening drag doesn't break the click chain. Practical upside:
@@ -791,7 +741,7 @@ export function handleMouseEvent(app: App, m: ParsedMouse): void {
       // Resolve the hyperlink URL synchronously while the screen buffer
       // still reflects what the user clicked — deferring only the
       // browser-open so double-click can cancel it.
-      const url = app.props.getHyperlinkAt(col, row)
+      const url = app.props.getHyperlinkAt(col, row);
       // xterm.js (VS Code, Cursor, Windsurf, etc.) has its own OSC 8 link
       // handler that fires on Cmd+click *without consuming the mouse event*
       // (Linkifier._handleMouseUp calls link.activate() but never
@@ -807,19 +757,19 @@ export function handleMouseEvent(app: App, m: ParsedMouse): void {
         // Clear any prior pending timer — clicking a second link
         // supersedes the first (only the latest click opens).
         if (app.pendingHyperlinkTimer) {
-          clearTimeout(app.pendingHyperlinkTimer)
+          clearTimeout(app.pendingHyperlinkTimer);
         }
         app.pendingHyperlinkTimer = setTimeout(
           (app, url) => {
-            app.pendingHyperlinkTimer = null
-            app.props.onOpenHyperlink(url)
+            app.pendingHyperlinkTimer = null;
+            app.props.onOpenHyperlink(url);
           },
           MULTI_CLICK_TIMEOUT_MS,
           app,
           url,
-        )
+        );
       }
     }
   }
-  app.props.onSelectionChange()
+  app.props.onSelectionChange();
 }

packages/@ant/ink/src/components/Box.tsx

@@ -1,48 +1,48 @@
-import React, { type PropsWithChildren, type Ref } from 'react'
-import type { Except } from 'type-fest'
-import type { DOMElement } from '../core/dom.js'
-import type { ClickEvent } from '../core/events/click-event.js'
-import type { FocusEvent } from '../core/events/focus-event.js'
-import type { KeyboardEvent } from '../core/events/keyboard-event.js'
-import type { Styles } from '../core/styles.js'
-import * as warn from '../core/warn.js'
+import React, { type PropsWithChildren, type Ref } from 'react';
+import type { Except } from 'type-fest';
+import type { DOMElement } from '../core/dom.js';
+import type { ClickEvent } from '../core/events/click-event.js';
+import type { FocusEvent } from '../core/events/focus-event.js';
+import type { KeyboardEvent } from '../core/events/keyboard-event.js';
+import type { Styles } from '../core/styles.js';
+import * as warn from '../core/warn.js';
 
 export type Props = Except<Styles, 'textWrap'> & {
-  ref?: Ref<DOMElement>
+  ref?: Ref<DOMElement>;
   /**
    * Tab order index. Nodes with `tabIndex >= 0` participate in
    * Tab/Shift+Tab cycling; `-1` means programmatically focusable only.
    */
-  tabIndex?: number
+  tabIndex?: number;
   /**
    * Focus this element when it mounts. Like the HTML `autofocus`
    * attribute — the FocusManager calls `focus(node)` during the
    * reconciler's `commitMount` phase.
    */
-  autoFocus?: boolean
+  autoFocus?: boolean;
   /**
    * Fired on left-button click (press + release without drag). Only works
    * inside `<AlternateScreen>` where mouse tracking is enabled — no-op
    * otherwise. The event bubbles from the deepest hit Box up through
    * ancestors; call `event.stopImmediatePropagation()` to stop bubbling.
    */
-  onClick?: (event: ClickEvent) => void
-  onFocus?: (event: FocusEvent) => void
-  onFocusCapture?: (event: FocusEvent) => void
-  onBlur?: (event: FocusEvent) => void
-  onBlurCapture?: (event: FocusEvent) => void
-  onKeyDown?: (event: KeyboardEvent) => void
-  onKeyDownCapture?: (event: KeyboardEvent) => void
+  onClick?: (event: ClickEvent) => void;
+  onFocus?: (event: FocusEvent) => void;
+  onFocusCapture?: (event: FocusEvent) => void;
+  onBlur?: (event: FocusEvent) => void;
+  onBlurCapture?: (event: FocusEvent) => void;
+  onKeyDown?: (event: KeyboardEvent) => void;
+  onKeyDownCapture?: (event: KeyboardEvent) => void;
   /**
    * Fired when the mouse moves into this Box's rendered rect. Like DOM
    * `mouseenter`, does NOT bubble — moving between children does not
    * re-fire on the parent. Only works inside `<AlternateScreen>` where
    * mode-1003 mouse tracking is enabled.
    */
-  onMouseEnter?: () => void
+  onMouseEnter?: () => void;
   /** Fired when the mouse moves out of this Box's rendered rect. */
-  onMouseLeave?: () => void
-}
+  onMouseLeave?: () => void;
+};
 
 /**
  * `<Box>` is an essential Ink component to build your layout. It's like `<div style="display: flex">` in the browser.
@@ -68,23 +68,23 @@ function Box({
   ...style
 }: PropsWithChildren<Props>): React.ReactNode {
   // Warn if spacing values are not integers to prevent fractional layout dimensions
-  warn.ifNotInteger(style.margin, 'margin')
-  warn.ifNotInteger(style.marginX, 'marginX')
-  warn.ifNotInteger(style.marginY, 'marginY')
-  warn.ifNotInteger(style.marginTop, 'marginTop')
-  warn.ifNotInteger(style.marginBottom, 'marginBottom')
-  warn.ifNotInteger(style.marginLeft, 'marginLeft')
-  warn.ifNotInteger(style.marginRight, 'marginRight')
-  warn.ifNotInteger(style.padding, 'padding')
-  warn.ifNotInteger(style.paddingX, 'paddingX')
-  warn.ifNotInteger(style.paddingY, 'paddingY')
-  warn.ifNotInteger(style.paddingTop, 'paddingTop')
-  warn.ifNotInteger(style.paddingBottom, 'paddingBottom')
-  warn.ifNotInteger(style.paddingLeft, 'paddingLeft')
-  warn.ifNotInteger(style.paddingRight, 'paddingRight')
-  warn.ifNotInteger(style.gap, 'gap')
-  warn.ifNotInteger(style.columnGap, 'columnGap')
-  warn.ifNotInteger(style.rowGap, 'rowGap')
+  warn.ifNotInteger(style.margin, 'margin');
+  warn.ifNotInteger(style.marginX, 'marginX');
+  warn.ifNotInteger(style.marginY, 'marginY');
+  warn.ifNotInteger(style.marginTop, 'marginTop');
+  warn.ifNotInteger(style.marginBottom, 'marginBottom');
+  warn.ifNotInteger(style.marginLeft, 'marginLeft');
+  warn.ifNotInteger(style.marginRight, 'marginRight');
+  warn.ifNotInteger(style.padding, 'padding');
+  warn.ifNotInteger(style.paddingX, 'paddingX');
+  warn.ifNotInteger(style.paddingY, 'paddingY');
+  warn.ifNotInteger(style.paddingTop, 'paddingTop');
+  warn.ifNotInteger(style.paddingBottom, 'paddingBottom');
+  warn.ifNotInteger(style.paddingLeft, 'paddingLeft');
+  warn.ifNotInteger(style.paddingRight, 'paddingRight');
+  warn.ifNotInteger(style.gap, 'gap');
+  warn.ifNotInteger(style.columnGap, 'columnGap');
+  warn.ifNotInteger(style.rowGap, 'rowGap');
 
   return (
     <ink-box
@@ -112,7 +112,7 @@ function Box({
     >
       {children}
     </ink-box>
-  )
+  );
 }
 
-export default Box
+export default Box;

packages/@ant/ink/src/components/Button.tsx

@@ -1,39 +1,33 @@
-import React, {
-  type Ref,
-  useCallback,
-  useEffect,
-  useRef,
-  useState,
-} from 'react'
-import type { Except } from 'type-fest'
-import type { DOMElement } from '../core/dom.js'
-import type { ClickEvent } from '../core/events/click-event.js'
-import type { FocusEvent } from '../core/events/focus-event.js'
-import type { KeyboardEvent } from '../core/events/keyboard-event.js'
-import type { Styles } from '../core/styles.js'
-import Box from './Box.js'
+import React, { type Ref, useCallback, useEffect, useRef, useState } from 'react';
+import type { Except } from 'type-fest';
+import type { DOMElement } from '../core/dom.js';
+import type { ClickEvent } from '../core/events/click-event.js';
+import type { FocusEvent } from '../core/events/focus-event.js';
+import type { KeyboardEvent } from '../core/events/keyboard-event.js';
+import type { Styles } from '../core/styles.js';
+import Box from './Box.js';
 
 type ButtonState = {
-  focused: boolean
-  hovered: boolean
-  active: boolean
-}
+  focused: boolean;
+  hovered: boolean;
+  active: boolean;
+};
 
 export type Props = Except<Styles, 'textWrap'> & {
-  ref?: Ref<DOMElement>
+  ref?: Ref<DOMElement>;
   /**
    * Called when the button is activated via Enter, Space, or click.
    */
-  onAction: () => void
+  onAction: () => void;
   /**
    * Tab order index. Defaults to 0 (in tab order).
    * Set to -1 for programmatically focusable only.
    */
-  tabIndex?: number
+  tabIndex?: number;
   /**
    * Focus this button when it mounts.
    */
-  autoFocus?: boolean
+  autoFocus?: boolean;
   /**
    * Render prop receiving the interactive state. Use this to
    * style children based on focus/hover/active — Button itself
@@ -41,64 +35,53 @@ export type Props = Except<Styles, 'textWrap'> & {
    *
    * If not provided, children render as-is (no state-dependent styling).
    */
-  children: ((state: ButtonState) => React.ReactNode) | React.ReactNode
-}
+  children: ((state: ButtonState) => React.ReactNode) | React.ReactNode;
+};
 
-function Button({
-  onAction,
-  tabIndex = 0,
-  autoFocus,
-  children,
-  ref,
-  ...style
-}: Props): React.ReactNode {
-  const [isFocused, setIsFocused] = useState(false)
-  const [isHovered, setIsHovered] = useState(false)
-  const [isActive, setIsActive] = useState(false)
+function Button({ onAction, tabIndex = 0, autoFocus, children, ref, ...style }: Props): React.ReactNode {
+  const [isFocused, setIsFocused] = useState(false);
+  const [isHovered, setIsHovered] = useState(false);
+  const [isActive, setIsActive] = useState(false);
 
-  const activeTimer = useRef<ReturnType<typeof setTimeout> | null>(null)
+  const activeTimer = useRef<ReturnType<typeof setTimeout> | null>(null);
 
   useEffect(() => {
     return () => {
-      if (activeTimer.current) clearTimeout(activeTimer.current)
-    }
-  }, [])
+      if (activeTimer.current) clearTimeout(activeTimer.current);
+    };
+  }, []);
 
   const handleKeyDown = useCallback(
     (e: KeyboardEvent) => {
       if (e.key === 'return' || e.key === ' ') {
-        e.preventDefault()
-        setIsActive(true)
-        onAction()
-        if (activeTimer.current) clearTimeout(activeTimer.current)
-        activeTimer.current = setTimeout(
-          setter => setter(false),
-          100,
-          setIsActive,
-        )
+        e.preventDefault();
+        setIsActive(true);
+        onAction();
+        if (activeTimer.current) clearTimeout(activeTimer.current);
+        activeTimer.current = setTimeout(setter => setter(false), 100, setIsActive);
       }
     },
     [onAction],
-  )
+  );
 
   const handleClick = useCallback(
     (_e: ClickEvent) => {
-      onAction()
+      onAction();
     },
     [onAction],
-  )
+  );
 
-  const handleFocus = useCallback((_e: FocusEvent) => setIsFocused(true), [])
-  const handleBlur = useCallback((_e: FocusEvent) => setIsFocused(false), [])
-  const handleMouseEnter = useCallback(() => setIsHovered(true), [])
-  const handleMouseLeave = useCallback(() => setIsHovered(false), [])
+  const handleFocus = useCallback((_e: FocusEvent) => setIsFocused(true), []);
+  const handleBlur = useCallback((_e: FocusEvent) => setIsFocused(false), []);
+  const handleMouseEnter = useCallback(() => setIsHovered(true), []);
+  const handleMouseLeave = useCallback(() => setIsHovered(false), []);
 
   const state: ButtonState = {
     focused: isFocused,
     hovered: isHovered,
     active: isActive,
-  }
-  const content = typeof children === 'function' ? children(state) : children
+  };
+  const content = typeof children === 'function' ? children(state) : children;
 
   return (
     <Box
@@ -115,8 +98,8 @@ function Button({
     >
       {content}
     </Box>
-  )
+  );
 }
 
-export default Button
-export type { ButtonState }
+export default Button;
+export type { ButtonState };

packages/@ant/ink/src/components/ClockContext.tsx

@@ -1,99 +1,93 @@
-import React, { createContext, useEffect, useState } from 'react'
-import { FRAME_INTERVAL_MS } from '../core/constants.js'
-import { useTerminalFocus } from '../hooks/use-terminal-focus.js'
+import React, { createContext, useEffect, useState } from 'react';
+import { FRAME_INTERVAL_MS } from '../core/constants.js';
+import { useTerminalFocus } from '../hooks/use-terminal-focus.js';
 
 export type Clock = {
-  subscribe: (onChange: () => void, keepAlive: boolean) => () => void
-  now: () => number
-  setTickInterval: (ms: number) => void
-}
+  subscribe: (onChange: () => void, keepAlive: boolean) => () => void;
+  now: () => number;
+  setTickInterval: (ms: number) => void;
+};
 
 export function createClock(tickIntervalMs: number): Clock {
-  const subscribers = new Map<() => void, boolean>()
-  let interval: ReturnType<typeof setInterval> | null = null
-  let currentTickIntervalMs = tickIntervalMs
-  let startTime = 0
+  const subscribers = new Map<() => void, boolean>();
+  let interval: ReturnType<typeof setInterval> | null = null;
+  let currentTickIntervalMs = tickIntervalMs;
+  let startTime = 0;
   // Snapshot of the current tick's time, ensuring all subscribers in the same
   // tick see the same value (keeps animations synchronized)
-  let tickTime = 0
+  let tickTime = 0;
 
   function tick(): void {
-    tickTime = Date.now() - startTime
+    tickTime = Date.now() - startTime;
     for (const onChange of subscribers.keys()) {
-      onChange()
+      onChange();
     }
   }
 
   function updateInterval(): void {
-    const anyKeepAlive = [...subscribers.values()].some(Boolean)
+    const anyKeepAlive = [...subscribers.values()].some(Boolean);
 
     if (anyKeepAlive) {
       if (interval) {
-        clearInterval(interval)
-        interval = null
+        clearInterval(interval);
+        interval = null;
       }
       if (startTime === 0) {
-        startTime = Date.now()
+        startTime = Date.now();
       }
-      interval = setInterval(tick, currentTickIntervalMs)
+      interval = setInterval(tick, currentTickIntervalMs);
     } else if (interval) {
-      clearInterval(interval)
-      interval = null
+      clearInterval(interval);
+      interval = null;
     }
   }
 
   return {
     subscribe(onChange, keepAlive) {
-      subscribers.set(onChange, keepAlive)
-      updateInterval()
+      subscribers.set(onChange, keepAlive);
+      updateInterval();
       return () => {
-        subscribers.delete(onChange)
-        updateInterval()
-      }
+        subscribers.delete(onChange);
+        updateInterval();
+      };
     },
 
     now() {
       if (startTime === 0) {
-        startTime = Date.now()
+        startTime = Date.now();
       }
       // When the clock interval is running, return the synchronized tickTime
       // so all subscribers in the same tick see the same value.
       // When paused (no keepAlive subscribers), return real-time to avoid
       // returning a stale tickTime from the last tick before the pause.
       if (interval && tickTime) {
-        return tickTime
+        return tickTime;
       }
-      return Date.now() - startTime
+      return Date.now() - startTime;
     },
 
     setTickInterval(ms) {
-      if (ms === currentTickIntervalMs) return
-      currentTickIntervalMs = ms
-      updateInterval()
+      if (ms === currentTickIntervalMs) return;
+      currentTickIntervalMs = ms;
+      updateInterval();
     },
-  }
+  };
 }
 
-export const ClockContext = createContext<Clock | null>(null)
+export const ClockContext = createContext<Clock | null>(null);
 
-const BLURRED_TICK_INTERVAL_MS = FRAME_INTERVAL_MS * 2
+const BLURRED_TICK_INTERVAL_MS = FRAME_INTERVAL_MS * 2;
 
 // Own component so App.tsx doesn't re-render when the clock is created.
 // The clock value is stable (created once via useState), so the provider
 // never causes consumer re-renders on its own.
-export function ClockProvider({
-  children,
-}: {
-  children: React.ReactNode
-}): React.ReactNode {
-  const [clock] = useState(() => createClock(FRAME_INTERVAL_MS))
-  const focused = useTerminalFocus()
+export function ClockProvider({ children }: { children: React.ReactNode }): React.ReactNode {
+  const [clock] = useState(() => createClock(FRAME_INTERVAL_MS));
+  const focused = useTerminalFocus();
 
   useEffect(() => {
-    clock.setTickInterval(
-      focused ? FRAME_INTERVAL_MS : BLURRED_TICK_INTERVAL_MS,
-    )
-  }, [clock, focused])
+    clock.setTickInterval(focused ? FRAME_INTERVAL_MS : BLURRED_TICK_INTERVAL_MS);
+  }, [clock, focused]);
 
-  return <ClockContext.Provider value={clock}>{children}</ClockContext.Provider>
+  return <ClockContext.Provider value={clock}>{children}</ClockContext.Provider>;
 }

packages/@ant/ink/src/components/ErrorOverview.tsx

@@ -1,48 +1,48 @@
-import codeExcerpt, { type CodeExcerpt } from 'code-excerpt'
-import { readFileSync } from 'fs'
-import React from 'react'
-import StackUtils from 'stack-utils'
-import Box from './Box.js'
-import Text from './Text.js'
+import codeExcerpt, { type CodeExcerpt } from 'code-excerpt';
+import { readFileSync } from 'fs';
+import React from 'react';
+import StackUtils from 'stack-utils';
+import Box from './Box.js';
+import Text from './Text.js';
 
 /* eslint-disable custom-rules/no-process-cwd -- stack trace file:// paths are relative to the real OS cwd, not the virtual cwd */
 
 // Error's source file is reported as file:///home/user/file.js
 // This function removes the file://[cwd] part
 const cleanupPath = (path: string | undefined): string | undefined => {
-  return path?.replace(`file://${process.cwd()}/`, '')
-}
+  return path?.replace(`file://${process.cwd()}/`, '');
+};
 
-let stackUtils: StackUtils | undefined
+let stackUtils: StackUtils | undefined;
 function getStackUtils(): StackUtils {
   return (stackUtils ??= new StackUtils({
     cwd: process.cwd(),
     internals: StackUtils.nodeInternals(),
-  }))
+  }));
 }
 
 /* eslint-enable custom-rules/no-process-cwd */
 
 type Props = {
-  readonly error: Error
-}
+  readonly error: Error;
+};
 
 export default function ErrorOverview({ error }: Props) {
-  const stack = error.stack ? error.stack.split('\n').slice(1) : undefined
-  const origin = stack ? getStackUtils().parseLine(stack[0]!) : undefined
-  const filePath = cleanupPath(origin?.file)
-  let excerpt: CodeExcerpt[] | undefined
-  let lineWidth = 0
+  const stack = error.stack ? error.stack.split('\n').slice(1) : undefined;
+  const origin = stack ? getStackUtils().parseLine(stack[0]!) : undefined;
+  const filePath = cleanupPath(origin?.file);
+  let excerpt: CodeExcerpt[] | undefined;
+  let lineWidth = 0;
 
   if (filePath && origin?.line) {
     try {
       // eslint-disable-next-line custom-rules/no-sync-fs -- sync render path; error overlay can't go async without suspense restructuring
-      const sourceCode = readFileSync(filePath, 'utf8')
-      excerpt = codeExcerpt(sourceCode, origin.line)
+      const sourceCode = readFileSync(filePath, 'utf8');
+      excerpt = codeExcerpt(sourceCode, origin.line);
 
       if (excerpt) {
         for (const { line } of excerpt) {
-          lineWidth = Math.max(lineWidth, String(line).length)
+          lineWidth = Math.max(lineWidth, String(line).length);
         }
       }
     } catch {
@@ -76,9 +76,7 @@ export default function ErrorOverview({ error }: Props) {
               <Box width={lineWidth + 1}>
                 <Text
                   dim={line !== origin.line}
-                  backgroundColor={
-                    line === origin.line ? 'ansi:red' : undefined
-                  }
+                  backgroundColor={line === origin.line ? 'ansi:red' : undefined}
                   color={line === origin.line ? 'ansi:white' : undefined}
                 >
                   {String(line).padStart(lineWidth, ' ')}:
@@ -103,7 +101,7 @@ export default function ErrorOverview({ error }: Props) {
             .split('\n')
             .slice(1)
             .map(line => {
-              const parsedLine = getStackUtils().parseLine(line)
+              const parsedLine = getStackUtils().parseLine(line);
 
               // If the line from the stack cannot be parsed, we print out the unparsed line.
               if (!parsedLine) {
@@ -112,7 +110,7 @@ export default function ErrorOverview({ error }: Props) {
                     <Text dim>- </Text>
                     <Text bold>{line}</Text>
                   </Box>
-                )
+                );
               }
 
               return (
@@ -121,14 +119,13 @@ export default function ErrorOverview({ error }: Props) {
                   <Text bold>{parsedLine.function}</Text>
                   <Text dim>
                     {' '}
-                    ({cleanupPath(parsedLine.file) ?? ''}:{parsedLine.line}:
-                    {parsedLine.column})
+                    ({cleanupPath(parsedLine.file) ?? ''}:{parsedLine.line}:{parsedLine.column})
                   </Text>
                 </Box>
-              )
+              );
             })}
         </Box>
       )}
     </Box>
-  )
+  );
 }

packages/@ant/ink/src/components/Link.tsx

@@ -1,21 +1,17 @@
-import type { ReactNode } from 'react'
-import React from 'react'
-import { supportsHyperlinks } from '../core/supports-hyperlinks.js'
-import Text from './Text.js'
+import type { ReactNode } from 'react';
+import React from 'react';
+import { supportsHyperlinks } from '../core/supports-hyperlinks.js';
+import Text from './Text.js';
 
 export type Props = {
-  readonly children?: ReactNode
-  readonly url: string
-  readonly fallback?: ReactNode
-}
+  readonly children?: ReactNode;
+  readonly url: string;
+  readonly fallback?: ReactNode;
+};
 
-export default function Link({
-  children,
-  url,
-  fallback,
-}: Props): React.ReactNode {
+export default function Link({ children, url, fallback }: Props): React.ReactNode {
   // Use children if provided, otherwise display the URL
-  const content = children ?? url
+  const content = children ?? url;
 
   if (supportsHyperlinks()) {
     // Wrap in Text to ensure we're in a text context
@@ -24,8 +20,8 @@ export default function Link({
       <Text>
         <ink-link href={url}>{content}</ink-link>
       </Text>
-    )
+    );
   }
 
-  return <Text>{fallback ?? content}</Text>
+  return <Text>{fallback ?? content}</Text>;
 }

packages/@ant/ink/src/components/Newline.tsx

@@ -1,4 +1,4 @@
-import React from 'react'
+import React from 'react';
 
 export type Props = {
   /**
@@ -6,12 +6,12 @@ export type Props = {
    *
    * @default 1
    */
-  readonly count?: number
-}
+  readonly count?: number;
+};
 
 /**
  * Adds one or more newline (\n) characters. Must be used within <Text> components.
  */
 export default function Newline({ count = 1 }: Props) {
-  return <ink-text>{'\n'.repeat(count)}</ink-text>
+  return <ink-text>{'\n'.repeat(count)}</ink-text>;
 }

packages/@ant/ink/src/components/NoSelect.tsx

@@ -1,5 +1,5 @@
-import React, { type PropsWithChildren } from 'react'
-import Box, { type Props as BoxProps } from './Box.js'
+import React, { type PropsWithChildren } from 'react';
+import Box, { type Props as BoxProps } from './Box.js';
 
 type Props = Omit<BoxProps, 'noSelect'> & {
   /**
@@ -11,8 +11,8 @@ type Props = Omit<BoxProps, 'noSelect'> & {
    *
    * @default false
    */
-  fromLeftEdge?: boolean
-}
+  fromLeftEdge?: boolean;
+};
 
 /**
  * Marks its contents as non-selectable in fullscreen text selection.
@@ -32,14 +32,10 @@ type Props = Omit<BoxProps, 'noSelect'> & {
  * tracking). No-op in the main-screen scrollback render where the
  * terminal's native selection is used instead.
  */
-export function NoSelect({
-  children,
-  fromLeftEdge,
-  ...boxProps
-}: PropsWithChildren<Props>): React.ReactNode {
+export function NoSelect({ children, fromLeftEdge, ...boxProps }: PropsWithChildren<Props>): React.ReactNode {
   return (
     <Box {...boxProps} noSelect={fromLeftEdge ? 'from-left-edge' : true}>
       {children}
     </Box>
-  )
+  );
 }

packages/@ant/ink/src/components/RawAnsi.tsx

@@ -1,14 +1,14 @@
-import React from 'react'
+import React from 'react';
 
 type Props = {
   /**
    * Pre-rendered ANSI lines. Each element must be exactly one terminal row
    * (already wrapped to `width` by the producer) with ANSI escape codes inline.
    */
-  lines: string[]
+  lines: string[];
   /** Column width the producer wrapped to. Sent to Yoga as the fixed leaf width. */
-  width: number
-}
+  width: number;
+};
 
 /**
  * Bypass the <Ansi> → React tree → Yoga → squash → re-serialize roundtrip for
@@ -27,13 +27,7 @@ type Props = {
  */
 export function RawAnsi({ lines, width }: Props): React.ReactNode {
   if (lines.length === 0) {
-    return null
+    return null;
   }
-  return (
-    <ink-raw-ansi
-      rawText={lines.join('\n')}
-      rawWidth={width}
-      rawHeight={lines.length}
-    />
-  )
+  return <ink-raw-ansi rawText={lines.join('\n')} rawWidth={width} rawHeight={lines.length} />;
 }

packages/@ant/ink/src/components/ScrollBox.tsx

@@ -1,20 +1,14 @@
-import React, {
-  type PropsWithChildren,
-  type Ref,
-  useImperativeHandle,
-  useRef,
-  useState,
-} from 'react'
-import type { Except } from 'type-fest'
-import type { DOMElement } from '../core/dom.js'
-import { markDirty, scheduleRenderFrom } from '../core/dom.js'
-import { markCommitStart } from '../core/reconciler.js'
-import type { Styles } from '../core/styles.js'
-import Box from './Box.js'
+import React, { type PropsWithChildren, type Ref, useImperativeHandle, useRef, useState } from 'react';
+import type { Except } from 'type-fest';
+import type { DOMElement } from '../core/dom.js';
+import { markDirty, scheduleRenderFrom } from '../core/dom.js';
+import { markCommitStart } from '../core/reconciler.js';
+import type { Styles } from '../core/styles.js';
+import Box from './Box.js';
 
 export type ScrollBoxHandle = {
-  scrollTo: (y: number) => void
-  scrollBy: (dy: number) => void
+  scrollTo: (y: number) => void;
+  scrollBy: (dy: number) => void;
   /**
    * Scroll so `el`'s top is at the viewport top (plus `offset`). Unlike
    * scrollTo which bakes a number that's stale by the time the throttled
@@ -22,24 +16,24 @@ export type ScrollBoxHandle = {
    * render-node-to-output reads `el.yogaNode.getComputedTop()` in the
    * SAME Yoga pass that computes scrollHeight. Deterministic. One-shot.
    */
-  scrollToElement: (el: DOMElement, offset?: number) => void
-  scrollToBottom: () => void
-  getScrollTop: () => number
-  getPendingDelta: () => number
-  getScrollHeight: () => number
+  scrollToElement: (el: DOMElement, offset?: number) => void;
+  scrollToBottom: () => void;
+  getScrollTop: () => number;
+  getPendingDelta: () => number;
+  getScrollHeight: () => number;
   /**
    * Like getScrollHeight, but reads Yoga directly instead of the cached
    * value written by render-node-to-output (throttled, up to 16ms stale).
    * Use when you need a fresh value in useLayoutEffect after a React commit
    * that grew content. Slightly more expensive (native Yoga call).
    */
-  getFreshScrollHeight: () => number
-  getViewportHeight: () => number
+  getFreshScrollHeight: () => number;
+  getViewportHeight: () => number;
   /**
    * Absolute screen-buffer row of the first visible content line (inside
    * padding). Used for drag-to-scroll edge detection.
    */
-  getViewportTop: () => number
+  getViewportTop: () => number;
   /**
    * True when scroll is pinned to the bottom. Set by scrollToBottom, the
    * initial stickyScroll attribute, and by the renderer when positional
@@ -47,14 +41,14 @@ export type ScrollBoxHandle = {
    * scrollTo/scrollBy. Stable signal for "at bottom" that doesn't depend on
    * layout values (unlike scrollTop+viewportH >= scrollHeight).
    */
-  isSticky: () => boolean
+  isSticky: () => boolean;
   /**
    * Subscribe to imperative scroll changes (scrollTo/scrollBy/scrollToBottom).
    * Does NOT fire for stickyScroll updates done by the Ink renderer — those
    * happen during Ink's render phase after React has committed. Callers that
    * care about the sticky case should treat "at bottom" as a fallback.
    */
-  subscribe: (listener: () => void) => () => void
+  subscribe: (listener: () => void) => () => void;
   /**
    * Set the render-time scrollTop clamp to the currently-mounted children's
    * coverage span. Called by useVirtualScroll after computing its range;
@@ -63,20 +57,17 @@ export type ScrollBoxHandle = {
    * content instead of blank spacer. Pass undefined to disable (sticky,
    * cold start).
    */
-  setClampBounds: (min: number | undefined, max: number | undefined) => void
-}
+  setClampBounds: (min: number | undefined, max: number | undefined) => void;
+};
 
-export type ScrollBoxProps = Except<
-  Styles,
-  'textWrap' | 'overflow' | 'overflowX' | 'overflowY'
-> & {
-  ref?: Ref<ScrollBoxHandle>
+export type ScrollBoxProps = Except<Styles, 'textWrap' | 'overflow' | 'overflowX' | 'overflowY'> & {
+  ref?: Ref<ScrollBoxHandle>;
   /**
    * When true, automatically pins scroll position to the bottom when content
    * grows. Unset manually via scrollTo/scrollBy to break the stickiness.
    */
-  stickyScroll?: boolean
-}
+  stickyScroll?: boolean;
+};
 
 /**
  * A Box with `overflow: scroll` and an imperative scroll API.
@@ -88,13 +79,8 @@ export type ScrollBoxProps = Except<
  *
  * Works best inside a fullscreen (constrained-height root) Ink tree.
  */
-function ScrollBox({
-  children,
-  ref,
-  stickyScroll,
-  ...style
-}: PropsWithChildren<ScrollBoxProps>): React.ReactNode {
-  const domRef = useRef<DOMElement>(null)
+function ScrollBox({ children, ref, stickyScroll, ...style }: PropsWithChildren<ScrollBoxProps>): React.ReactNode {
+  const domRef = useRef<DOMElement>(null);
   // scrollTo/scrollBy bypass React: they mutate scrollTop on the DOM node,
   // mark it dirty, and call the root's throttled scheduleRender directly.
   // The Ink renderer reads scrollTop from the node — no React state needed,
@@ -103,113 +89,109 @@ function ScrollBox({
   // render — otherwise scheduleRender's leading edge fires on the FIRST
   // event before subsequent events mutate scrollTop. scrollToBottom still
   // forces a React render: sticky is attribute-observed, no DOM-only path.
-  const [, forceRender] = useState(0)
-  const listenersRef = useRef(new Set<() => void>())
-  const renderQueuedRef = useRef(false)
+  const [, forceRender] = useState(0);
+  const listenersRef = useRef(new Set<() => void>());
+  const renderQueuedRef = useRef(false);
 
   const notify = () => {
-    for (const l of listenersRef.current) l()
-  }
+    for (const l of listenersRef.current) l();
+  };
 
   function scrollMutated(el: DOMElement): void {
     // Signal background intervals (IDE poll, LSP poll, GCS fetch, orphan
     // check) to skip their next tick — they compete for the event loop and
     // contributed to 1402ms max frame gaps during scroll drain.
     // noop — injected by business layer via onScrollActivity callback
-    markDirty(el)
-    markCommitStart()
-    notify()
-    if (renderQueuedRef.current) return
-    renderQueuedRef.current = true
+    markDirty(el);
+    markCommitStart();
+    notify();
+    if (renderQueuedRef.current) return;
+    renderQueuedRef.current = true;
     queueMicrotask(() => {
-      renderQueuedRef.current = false
-      scheduleRenderFrom(el)
-    })
+      renderQueuedRef.current = false;
+      scheduleRenderFrom(el);
+    });
   }
 
   useImperativeHandle(
     ref,
     (): ScrollBoxHandle => ({
       scrollTo(y: number) {
-        const el = domRef.current
-        if (!el) return
+        const el = domRef.current;
+        if (!el) return;
         // Explicit false overrides the DOM attribute so manual scroll
         // breaks stickiness. Render code checks ?? precedence.
-        el.stickyScroll = false
-        el.pendingScrollDelta = undefined
-        el.scrollAnchor = undefined
-        el.scrollTop = Math.max(0, Math.floor(y))
-        scrollMutated(el)
+        el.stickyScroll = false;
+        el.pendingScrollDelta = undefined;
+        el.scrollAnchor = undefined;
+        el.scrollTop = Math.max(0, Math.floor(y));
+        scrollMutated(el);
       },
       scrollToElement(el: DOMElement, offset = 0) {
-        const box = domRef.current
-        if (!box) return
-        box.stickyScroll = false
-        box.pendingScrollDelta = undefined
-        box.scrollAnchor = { el, offset }
-        scrollMutated(box)
+        const box = domRef.current;
+        if (!box) return;
+        box.stickyScroll = false;
+        box.pendingScrollDelta = undefined;
+        box.scrollAnchor = { el, offset };
+        scrollMutated(box);
       },
       scrollBy(dy: number) {
-        const el = domRef.current
-        if (!el) return
-        el.stickyScroll = false
+        const el = domRef.current;
+        if (!el) return;
+        el.stickyScroll = false;
         // Wheel input cancels any in-flight anchor seek — user override.
-        el.scrollAnchor = undefined
+        el.scrollAnchor = undefined;
         // Accumulate in pendingScrollDelta; renderer drains it at a capped
         // rate so fast flicks show intermediate frames. Pure accumulator:
         // scroll-up followed by scroll-down naturally cancels.
-        el.pendingScrollDelta = (el.pendingScrollDelta ?? 0) + Math.floor(dy)
-        scrollMutated(el)
+        el.pendingScrollDelta = (el.pendingScrollDelta ?? 0) + Math.floor(dy);
+        scrollMutated(el);
       },
       scrollToBottom() {
-        const el = domRef.current
-        if (!el) return
-        el.pendingScrollDelta = undefined
-        el.stickyScroll = true
-        markDirty(el)
-        notify()
-        forceRender(n => n + 1)
+        const el = domRef.current;
+        if (!el) return;
+        el.pendingScrollDelta = undefined;
+        el.stickyScroll = true;
+        markDirty(el);
+        notify();
+        forceRender(n => n + 1);
       },
       getScrollTop() {
-        return domRef.current?.scrollTop ?? 0
+        return domRef.current?.scrollTop ?? 0;
       },
       getPendingDelta() {
         // Accumulated-but-not-yet-drained delta. useVirtualScroll needs
         // this to mount the union [committed, committed+pending] range —
         // otherwise intermediate drain frames find no children (blank).
-        return domRef.current?.pendingScrollDelta ?? 0
+        return domRef.current?.pendingScrollDelta ?? 0;
       },
       getScrollHeight() {
-        return domRef.current?.scrollHeight ?? 0
+        return domRef.current?.scrollHeight ?? 0;
       },
       getFreshScrollHeight() {
-        const content = domRef.current?.childNodes[0] as DOMElement | undefined
-        return (
-          content?.yogaNode?.getComputedHeight() ??
-          domRef.current?.scrollHeight ??
-          0
-        )
+        const content = domRef.current?.childNodes[0] as DOMElement | undefined;
+        return content?.yogaNode?.getComputedHeight() ?? domRef.current?.scrollHeight ?? 0;
       },
       getViewportHeight() {
-        return domRef.current?.scrollViewportHeight ?? 0
+        return domRef.current?.scrollViewportHeight ?? 0;
       },
       getViewportTop() {
-        return domRef.current?.scrollViewportTop ?? 0
+        return domRef.current?.scrollViewportTop ?? 0;
       },
       isSticky() {
-        const el = domRef.current
-        if (!el) return false
-        return el.stickyScroll ?? Boolean(el.attributes['stickyScroll'])
+        const el = domRef.current;
+        if (!el) return false;
+        return el.stickyScroll ?? Boolean(el.attributes['stickyScroll']);
       },
       subscribe(listener: () => void) {
-        listenersRef.current.add(listener)
-        return () => listenersRef.current.delete(listener)
+        listenersRef.current.add(listener);
+        return () => listenersRef.current.delete(listener);
       },
       setClampBounds(min, max) {
-        const el = domRef.current
-        if (!el) return
-        el.scrollClampMin = min
-        el.scrollClampMax = max
+        const el = domRef.current;
+        if (!el) return;
+        el.scrollClampMin = min;
+        el.scrollClampMax = max;
       },
     }),
     // notify/scrollMutated are inline (no useCallback) but only close over
@@ -217,7 +199,7 @@ function ScrollBox({
     // every render (which re-registers the ref = churn).
     // eslint-disable-next-line react-hooks/exhaustive-deps
     [],
-  )
+  );
 
   // Structure: outer viewport (overflow:scroll, constrained height) >
   // inner content (flexGrow:1, flexShrink:0 — fills at least the viewport
@@ -233,8 +215,8 @@ function ScrollBox({
   return (
     <ink-box
       ref={el => {
-        domRef.current = el
-        if (el) el.scrollTop ??= 0
+        domRef.current = el;
+        if (el) el.scrollTop ??= 0;
       }}
       style={{
         flexWrap: 'nowrap',
@@ -251,7 +233,7 @@ function ScrollBox({
         {children}
       </Box>
     </ink-box>
-  )
+  );
 }
 
-export default ScrollBox
+export default ScrollBox;

packages/@ant/ink/src/components/Spacer.tsx

@@ -1,10 +1,10 @@
-import React from 'react'
-import Box from './Box.js'
+import React from 'react';
+import Box from './Box.js';
 
 /**
  * A flexible space that expands along the major axis of its containing layout.
  * It's useful as a shortcut for filling all the available spaces between elements.
  */
 export default function Spacer() {
-  return <Box flexGrow={1} />
+  return <Box flexGrow={1} />;
 }

packages/@ant/ink/src/components/TerminalFocusContext.tsx

@@ -1,53 +1,36 @@
-import React, { createContext, useMemo, useSyncExternalStore } from 'react'
+import React, { createContext, useMemo, useSyncExternalStore } from 'react';
 import {
   getTerminalFocused,
   getTerminalFocusState,
   subscribeTerminalFocus,
   type TerminalFocusState,
-} from '../core/terminal-focus-state.js'
+} from '../core/terminal-focus-state.js';
 
-export type { TerminalFocusState }
+export type { TerminalFocusState };
 
 export type TerminalFocusContextProps = {
-  readonly isTerminalFocused: boolean
-  readonly terminalFocusState: TerminalFocusState
-}
+  readonly isTerminalFocused: boolean;
+  readonly terminalFocusState: TerminalFocusState;
+};
 
 const TerminalFocusContext = createContext<TerminalFocusContextProps>({
   isTerminalFocused: true,
   terminalFocusState: 'unknown',
-})
+});
 
 // eslint-disable-next-line custom-rules/no-top-level-side-effects
-TerminalFocusContext.displayName = 'TerminalFocusContext'
+TerminalFocusContext.displayName = 'TerminalFocusContext';
 
 // Separate component so App.tsx doesn't re-render on focus changes.
 // Children are a stable prop reference, so they don't re-render either —
 // only components that consume the context will re-render.
-export function TerminalFocusProvider({
-  children,
-}: {
-  children: React.ReactNode
-}): React.ReactNode {
-  const isTerminalFocused = useSyncExternalStore(
-    subscribeTerminalFocus,
-    getTerminalFocused,
-  )
-  const terminalFocusState = useSyncExternalStore(
-    subscribeTerminalFocus,
-    getTerminalFocusState,
-  )
+export function TerminalFocusProvider({ children }: { children: React.ReactNode }): React.ReactNode {
+  const isTerminalFocused = useSyncExternalStore(subscribeTerminalFocus, getTerminalFocused);
+  const terminalFocusState = useSyncExternalStore(subscribeTerminalFocus, getTerminalFocusState);
 
-  const value = useMemo(
-    () => ({ isTerminalFocused, terminalFocusState }),
-    [isTerminalFocused, terminalFocusState],
-  )
+  const value = useMemo(() => ({ isTerminalFocused, terminalFocusState }), [isTerminalFocused, terminalFocusState]);
 
-  return (
-    <TerminalFocusContext.Provider value={value}>
-      {children}
-    </TerminalFocusContext.Provider>
-  )
+  return <TerminalFocusContext.Provider value={value}>{children}</TerminalFocusContext.Provider>;
 }
 
-export default TerminalFocusContext
+export default TerminalFocusContext;

packages/@ant/ink/src/components/TerminalSizeContext.tsx

@@ -1,8 +1,8 @@
-import { createContext } from 'react'
+import { createContext } from 'react';
 
 export type TerminalSize = {
-  columns: number
-  rows: number
-}
+  columns: number;
+  rows: number;
+};
 
-export const TerminalSizeContext = createContext<TerminalSize | null>(null)
+export const TerminalSizeContext = createContext<TerminalSize | null>(null);

packages/@ant/ink/src/components/Text.tsx

@@ -1,58 +1,55 @@
-import type { ReactNode } from 'react'
-import React from 'react'
-import type { Color, Styles, TextStyles } from '../core/styles.js'
+import type { ReactNode } from 'react';
+import React from 'react';
+import type { Color, Styles, TextStyles } from '../core/styles.js';
 
 type BaseProps = {
   /**
    * Change text color. Accepts a raw color value (rgb, hex, ansi).
    */
-  readonly color?: Color
+  readonly color?: Color;
 
   /**
    * Same as `color`, but for background.
    */
-  readonly backgroundColor?: Color
+  readonly backgroundColor?: Color;
 
   /**
    * Make the text italic.
    */
-  readonly italic?: boolean
+  readonly italic?: boolean;
 
   /**
    * Make the text underlined.
    */
-  readonly underline?: boolean
+  readonly underline?: boolean;
 
   /**
    * Make the text crossed with a line.
    */
-  readonly strikethrough?: boolean
+  readonly strikethrough?: boolean;
 
   /**
    * Inverse background and foreground colors.
    */
-  readonly inverse?: boolean
+  readonly inverse?: boolean;
 
   /**
    * This property tells Ink to wrap or truncate text if its width is larger than container.
    * If `wrap` is passed (by default), Ink will wrap text and split it into multiple lines.
    * If `truncate-*` is passed, Ink will truncate text instead, which will result in one line of text with the rest cut off.
    */
-  readonly wrap?: Styles['textWrap']
+  readonly wrap?: Styles['textWrap'];
 
-  readonly children?: ReactNode
-}
+  readonly children?: ReactNode;
+};
 
 /**
  * Bold and dim are mutually exclusive in terminals.
  * This type ensures you can use one or the other, but not both.
  */
-type WeightProps =
-  | { bold?: never; dim?: never }
-  | { bold: boolean; dim?: never }
-  | { dim: boolean; bold?: never }
+type WeightProps = { bold?: never; dim?: never } | { bold: boolean; dim?: never } | { dim: boolean; bold?: never };
 
-export type Props = BaseProps & WeightProps
+export type Props = BaseProps & WeightProps;
 
 const memoizedStylesForWrap: Record<NonNullable<Styles['textWrap']>, Styles> = {
   wrap: {
@@ -103,7 +100,7 @@ const memoizedStylesForWrap: Record<NonNullable<Styles['textWrap']>, Styles> = {
     flexDirection: 'row',
     textWrap: 'truncate-start',
   },
-} as const
+} as const;
 
 /**
  * This component can display text, and change its style to make it colorful, bold, underline, italic or strikethrough.
@@ -121,7 +118,7 @@ export default function Text({
   children,
 }: Props): React.ReactNode {
   if (children === undefined || children === null) {
-    return null
+    return null;
   }
 
   // Build textStyles object with only the properties that are set
@@ -134,11 +131,11 @@ export default function Text({
     ...(underline && { underline }),
     ...(strikethrough && { strikethrough }),
     ...(inverse && { inverse }),
-  }
+  };
 
   return (
     <ink-text style={memoizedStylesForWrap[wrap]} textStyles={textStyles}>
       {children}
     </ink-text>
-  )
+  );
 }

packages/@ant/ink/src/core/Ansi.tsx

@@ -1,31 +1,26 @@
-import React from 'react'
-import Link from '../components/Link.js'
-import Text from '../components/Text.js'
-import type { Color } from './styles.js'
-import {
-  type NamedColor,
-  Parser,
-  type Color as TermioColor,
-  type TextStyle,
-} from './termio.js'
+import React from 'react';
+import Link from '../components/Link.js';
+import Text from '../components/Text.js';
+import type { Color } from './styles.js';
+import { type NamedColor, Parser, type Color as TermioColor, type TextStyle } from './termio.js';
 
 type Props = {
-  children: string
+  children: string;
   /** When true, force all text to be rendered with dim styling */
-  dimColor?: boolean
-}
+  dimColor?: boolean;
+};
 
 type SpanProps = {
-  color?: Color
-  backgroundColor?: Color
-  dim?: boolean
-  bold?: boolean
-  italic?: boolean
-  underline?: boolean
-  strikethrough?: boolean
-  inverse?: boolean
-  hyperlink?: string
-}
+  color?: Color;
+  backgroundColor?: Color;
+  dim?: boolean;
+  bold?: boolean;
+  italic?: boolean;
+  underline?: boolean;
+  strikethrough?: boolean;
+  inverse?: boolean;
+  hyperlink?: string;
+};
 
 /**
  * Component that parses ANSI escape codes and renders them using Text components.
@@ -35,43 +30,32 @@ type SpanProps = {
  *
  * Memoized to prevent re-renders when parent changes but children string is the same.
  */
-export const Ansi = React.memo(function Ansi({
-  children,
-  dimColor,
-}: Props): React.ReactNode {
+export const Ansi = React.memo(function Ansi({ children, dimColor }: Props): React.ReactNode {
   if (typeof children !== 'string') {
-    return dimColor ? (
-      <Text dim>{String(children)}</Text>
-    ) : (
-      <Text>{String(children)}</Text>
-    )
+    return dimColor ? <Text dim>{String(children)}</Text> : <Text>{String(children)}</Text>;
   }
 
   if (children === '') {
-    return null
+    return null;
   }
 
-  const spans = parseToSpans(children)
+  const spans = parseToSpans(children);
 
   if (spans.length === 0) {
-    return null
+    return null;
   }
 
   if (spans.length === 1 && !hasAnyProps(spans[0]!.props)) {
-    return dimColor ? (
-      <Text dim>{spans[0]!.text}</Text>
-    ) : (
-      <Text>{spans[0]!.text}</Text>
-    )
+    return dimColor ? <Text dim>{spans[0]!.text}</Text> : <Text>{spans[0]!.text}</Text>;
   }
 
   const content = spans.map((span, i) => {
-    const hyperlink = span.props.hyperlink
+    const hyperlink = span.props.hyperlink;
     // When dimColor is forced, override the span's dim prop
     if (dimColor) {
-      span.props.dim = true
+      span.props.dim = true;
     }
-    const hasTextProps = hasAnyTextProps(span.props)
+    const hasTextProps = hasAnyTextProps(span.props);
 
     if (hyperlink) {
       return hasTextProps ? (
@@ -93,7 +77,7 @@ export const Ansi = React.memo(function Ansi({
         <Link key={i} url={hyperlink}>
           {span.text}
         </Link>
-      )
+      );
     }
 
     return hasTextProps ? (
@@ -112,79 +96,79 @@ export const Ansi = React.memo(function Ansi({
       </StyledText>
     ) : (
       span.text
-    )
-  })
+    );
+  });
 
-  return dimColor ? <Text dim>{content}</Text> : <Text>{content}</Text>
-})
+  return dimColor ? <Text dim>{content}</Text> : <Text>{content}</Text>;
+});
 
 type Span = {
-  text: string
-  props: SpanProps
-}
+  text: string;
+  props: SpanProps;
+};
 
 /**
  * Parse an ANSI string into spans using the termio parser.
  */
 function parseToSpans(input: string): Span[] {
-  const parser = new Parser()
-  const actions = parser.feed(input)
-  const spans: Span[] = []
+  const parser = new Parser();
+  const actions = parser.feed(input);
+  const spans: Span[] = [];
 
-  let currentHyperlink: string | undefined
+  let currentHyperlink: string | undefined;
 
   for (const action of actions) {
     if (action.type === 'link') {
       if (action.action.type === 'start') {
-        currentHyperlink = action.action.url
+        currentHyperlink = action.action.url;
       } else {
-        currentHyperlink = undefined
+        currentHyperlink = undefined;
       }
-      continue
+      continue;
     }
 
     if (action.type === 'text') {
-      const text = action.graphemes.map(g => g.value).join('')
-      if (!text) continue
+      const text = action.graphemes.map(g => g.value).join('');
+      if (!text) continue;
 
-      const props = textStyleToSpanProps(action.style)
+      const props = textStyleToSpanProps(action.style);
       if (currentHyperlink) {
-        props.hyperlink = currentHyperlink
+        props.hyperlink = currentHyperlink;
       }
 
       // Try to merge with previous span if props match
-      const lastSpan = spans[spans.length - 1]
+      const lastSpan = spans[spans.length - 1];
       if (lastSpan && propsEqual(lastSpan.props, props)) {
-        lastSpan.text += text
+        lastSpan.text += text;
       } else {
-        spans.push({ text, props })
+        spans.push({ text, props });
       }
     }
   }
 
-  return spans
+  return spans;
 }
 
 /**
  * Convert termio's TextStyle to SpanProps.
  */
 function textStyleToSpanProps(style: TextStyle): SpanProps {
-  const props: SpanProps = {}
+  const props: SpanProps = {};
 
-  if (style.bold) props.bold = true
-  if (style.dim) props.dim = true
-  if (style.italic) props.italic = true
-  if (style.underline !== 'none') props.underline = true
-  if (style.strikethrough) props.strikethrough = true
-  if (style.inverse) props.inverse = true
+  if (style.bold) props.bold = true;
+  if (style.dim) props.dim = true;
+  if (style.italic) props.italic = true;
+  if (style.underline !== 'none') props.underline = true;
+  if (style.strikethrough) props.strikethrough = true;
+  if (style.inverse) props.inverse = true;
 
-  const fgColor = colorToString(style.fg)
-  if (fgColor) props.color = fgColor
+  const fgColor = colorToString(style.fg);
+  if (fgColor) props.color = fgColor;
 
-  const bgColor = colorToString(style.bg)
-  if (bgColor) props.backgroundColor = bgColor
+  const bgColor = colorToString(style.bg);
+  if (bgColor) props.backgroundColor = bgColor;
 
-  return props
+  return props;
 }
 
 // Map termio named colors to the ansi: format
@@ -205,7 +189,7 @@ const NAMED_COLOR_MAP: Record<NamedColor, string> = {
   brightMagenta: 'ansi:magentaBright',
   brightCyan: 'ansi:cyanBright',
   brightWhite: 'ansi:whiteBright',
-}
+};
 
 /**
  * Convert termio's Color to the string format used by Ink.
@@ -213,13 +197,13 @@ const NAMED_COLOR_MAP: Record<NamedColor, string> = {
 function colorToString(color: TermioColor): Color | undefined {
   switch (color.type) {
     case 'named':
-      return NAMED_COLOR_MAP[color.name] as Color
+      return NAMED_COLOR_MAP[color.name] as Color;
     case 'indexed':
-      return `ansi256(${color.index})` as Color
+      return `ansi256(${color.index})` as Color;
     case 'rgb':
-      return `rgb(${color.r},${color.g},${color.b})` as Color
+      return `rgb(${color.r},${color.g},${color.b})` as Color;
     case 'default':
-      return undefined
+      return undefined;
   }
 }
 
@@ -237,7 +221,7 @@ function propsEqual(a: SpanProps, b: SpanProps): boolean {
     a.strikethrough === b.strikethrough &&
     a.inverse === b.inverse &&
     a.hyperlink === b.hyperlink
-  )
+  );
 }
 
 function hasAnyProps(props: SpanProps): boolean {
@@ -251,7 +235,7 @@ function hasAnyProps(props: SpanProps): boolean {
     props.strikethrough === true ||
     props.inverse === true ||
     props.hyperlink !== undefined
-  )
+  );
 }
 
 function hasAnyTextProps(props: SpanProps): boolean {
@@ -264,18 +248,18 @@ function hasAnyTextProps(props: SpanProps): boolean {
     props.underline === true ||
     props.strikethrough === true ||
     props.inverse === true
-  )
+  );
 }
 
 // Text style props without weight (bold/dim) - these are handled separately
 type BaseTextStyleProps = {
-  color?: Color
-  backgroundColor?: Color
-  italic?: boolean
-  underline?: boolean
-  strikethrough?: boolean
-  inverse?: boolean
-}
+  color?: Color;
+  backgroundColor?: Color;
+  italic?: boolean;
+  underline?: boolean;
+  strikethrough?: boolean;
+  inverse?: boolean;
+};
 
 // Wrapper component that handles bold/dim mutual exclusivity for Text
 function StyledText({
@@ -284,9 +268,9 @@ function StyledText({
   children,
   ...rest
 }: BaseTextStyleProps & {
-  bold?: boolean
-  dim?: boolean
-  children: string
+  bold?: boolean;
+  dim?: boolean;
+  children: string;
 }): React.ReactNode {
   // dim takes precedence over bold when both are set (terminals treat them as mutually exclusive)
   if (dim) {
@@ -294,14 +278,14 @@ function StyledText({
       <Text {...rest} dim>
         {children}
       </Text>
-    )
+    );
   }
   if (bold) {
     return (
       <Text {...rest} bold>
         {children}
       </Text>
-    )
+    );
   }
-  return <Text {...rest}>{children}</Text>
+  return <Text {...rest}>{children}</Text>;
 }

packages/@ant/ink/src/core/bidi.ts

@@ -17,8 +17,16 @@
 import bidiFactory from 'bidi-js'
 
 type BidiInstance = {
-  getEmbeddingLevels: (text: string, defaultDirection?: string) => { paragraphLevel: number; levels: Uint8Array }
-  getReorderSegments: (text: string, embeddingLevels: { paragraphLevel: number; levels: Uint8Array }, start?: number, end?: number) => [number, number][]
+  getEmbeddingLevels: (
+    text: string,
+    defaultDirection?: string,
+  ) => { paragraphLevel: number; levels: Uint8Array }
+  getReorderSegments: (
+    text: string,
+    embeddingLevels: { paragraphLevel: number; levels: Uint8Array },
+    start?: number,
+    end?: number,
+  ) => [number, number][]
   getVisualOrder: (reorderSegments: [number, number][]) => number[]
 }
 

packages/@ant/ink/src/core/cursor.ts

@@ -1,2 +1,2 @@
 // Auto-generated stub — replace with real implementation
-export type Cursor = any;
+export type Cursor = any

packages/@ant/ink/src/core/devtools.ts

@@ -1,2 +1,2 @@
 // Auto-generated stub — replace with real implementation
-export {};
+export {}

packages/@ant/ink/src/core/events/mouse-action-event.ts

@@ -37,7 +37,9 @@ export class MouseActionEvent extends Event {
 
   /** Recompute local coords relative to the target Box. */
   prepareForTarget(target: EventTarget): void {
-    const dom = target as unknown as { yogaNode?: { getComputedLeft?(): number; getComputedTop?(): number } }
+    const dom = target as unknown as {
+      yogaNode?: { getComputedLeft?(): number; getComputedTop?(): number }
+    }
     this.localCol = this.col - (dom.yogaNode?.getComputedLeft?.() ?? 0)
     this.localRow = this.row - (dom.yogaNode?.getComputedTop?.() ?? 0)
   }

packages/@ant/ink/src/core/events/paste-event.ts

@@ -1,2 +1,2 @@
 // Auto-generated stub — replace with real implementation
-export type PasteEvent = any;
+export type PasteEvent = any

packages/@ant/ink/src/core/events/resize-event.ts

@@ -1,2 +1,2 @@
 // Auto-generated stub — replace with real implementation
-export type ResizeEvent = any;
+export type ResizeEvent = any

packages/@ant/ink/src/core/log-update.ts

@@ -67,7 +67,7 @@ export class LogUpdate {
     const { screen } = frame
     const lines: string[] = []
     let currentStyles: AnsiCode[] = []
-    let currentHyperlink: Hyperlink = undefined
+    let currentHyperlink: Hyperlink
     for (let y = 0; y < screen.height; y++) {
       let line = ''
       for (let x = 0; x < screen.width; x++) {
@@ -301,7 +301,7 @@ export class LogUpdate {
         cursorRestoreScroll
 
     let currentStyleId = stylePool.none
-    let currentHyperlink: Hyperlink = undefined
+    let currentHyperlink: Hyperlink
 
     // First pass: render changes to existing rows (rows < prev.screen.height)
     let needsFullReset = false
@@ -533,7 +533,7 @@ function renderFrameSlice(
   stylePool: StylePool,
 ): VirtualScreen {
   let currentStyleId = stylePool.none
-  let currentHyperlink: Hyperlink = undefined
+  let currentHyperlink: Hyperlink
   // Track the styleId of the last rendered cell on this line (-1 if none).
   // Passed to visibleCellAtIndex to enable fg-only space optimization.
   let lastRenderedStyleId = -1

packages/@ant/ink/src/core/parse-keypress.ts

@@ -8,18 +8,17 @@ import { Buffer } from 'buffer'
 import { PASTE_END, PASTE_START } from './termio/csi.js'
 import { createTokenizer, type Tokenizer } from './termio/tokenize.js'
 
-// eslint-disable-next-line no-control-regex
+// biome-ignore lint/suspicious/noControlCharactersInRegex: terminal escape sequence parsing
 const META_KEY_CODE_RE = /^(?:\x1b)([a-zA-Z0-9])$/
 
-// eslint-disable-next-line no-control-regex
 const FN_KEY_RE =
-  // eslint-disable-next-line no-control-regex
+  // biome-ignore lint/suspicious/noControlCharactersInRegex: terminal escape sequence parsing
   /^(?:\x1b+)(O|N|\[|\[\[)(?:(\d+)(?:;(\d+))?([~^$])|(?:1;)?(\d+)?([a-zA-Z]))/
 
 // CSI u (kitty keyboard protocol): ESC [ codepoint [; modifier] u
 // Example: ESC[13;2u = Shift+Enter, ESC[27u = Escape (no modifiers)
 // Modifier is optional - when absent, defaults to 1 (no modifiers)
-// eslint-disable-next-line no-control-regex
+// biome-ignore lint/suspicious/noControlCharactersInRegex: terminal escape sequence parsing
 const CSI_U_RE = /^\x1b\[(\d+)(?:;(\d+))?u/
 
 // xterm modifyOtherKeys: ESC [ 27 ; modifier ; keycode ~
@@ -27,41 +26,41 @@ const CSI_U_RE = /^\x1b\[(\d+)(?:;(\d+))?u/
 // modifyOtherKeys=2 is active or via user keybinds, typically over SSH where
 // TERM sniffing misses Ghostty and we never push Kitty keyboard mode.
 // Note param order is reversed vs CSI u (modifier first, keycode second).
-// eslint-disable-next-line no-control-regex
+// biome-ignore lint/suspicious/noControlCharactersInRegex: terminal escape sequence parsing
 const MODIFY_OTHER_KEYS_RE = /^\x1b\[27;(\d+);(\d+)~/
 
 // -- Terminal response patterns (inbound sequences from the terminal itself) --
 // DECRPM: CSI ? Ps ; Pm $ y  — response to DECRQM (request mode)
-// eslint-disable-next-line no-control-regex
+// biome-ignore lint/suspicious/noControlCharactersInRegex: terminal escape sequence parsing
 const DECRPM_RE = /^\x1b\[\?(\d+);(\d+)\$y$/
 // DA1: CSI ? Ps ; ... c  — primary device attributes response
-// eslint-disable-next-line no-control-regex
+// biome-ignore lint/suspicious/noControlCharactersInRegex: terminal escape sequence parsing
 const DA1_RE = /^\x1b\[\?([\d;]*)c$/
 // DA2: CSI > Ps ; ... c  — secondary device attributes response
-// eslint-disable-next-line no-control-regex
+// biome-ignore lint/suspicious/noControlCharactersInRegex: terminal escape sequence parsing
 const DA2_RE = /^\x1b\[>([\d;]*)c$/
 // Kitty keyboard flags: CSI ? flags u  — response to CSI ? u query
 // (private ? marker distinguishes from CSI u key events)
-// eslint-disable-next-line no-control-regex
+// biome-ignore lint/suspicious/noControlCharactersInRegex: terminal escape sequence parsing
 const KITTY_FLAGS_RE = /^\x1b\[\?(\d+)u$/
 // DECXCPR cursor position: CSI ? row ; col R
 // The ? marker disambiguates from modified F3 keys (Shift+F3 = CSI 1;2 R,
 // Ctrl+F3 = CSI 1;5 R, etc.) — plain CSI row;col R is genuinely ambiguous.
-// eslint-disable-next-line no-control-regex
+// biome-ignore lint/suspicious/noControlCharactersInRegex: terminal escape sequence parsing
 const CURSOR_POSITION_RE = /^\x1b\[\?(\d+);(\d+)R$/
 // OSC response: OSC code ; data (BEL|ST)
-// eslint-disable-next-line no-control-regex
+// biome-ignore lint/suspicious/noControlCharactersInRegex: terminal escape sequence parsing
 const OSC_RESPONSE_RE = /^\x1b\](\d+);(.*?)(?:\x07|\x1b\\)$/s
 // XTVERSION: DCS > | name ST  — terminal name/version string (answer to CSI > 0 q).
 // xterm.js replies "xterm.js(X.Y.Z)"; Ghostty, kitty, iTerm2, etc. reply with
 // their own name. Unlike TERM_PROGRAM, this survives SSH since the query/reply
 // goes through the pty, not the environment.
-// eslint-disable-next-line no-control-regex
+// biome-ignore lint/suspicious/noControlCharactersInRegex: terminal escape sequence parsing
 const XTVERSION_RE = /^\x1bP>\|(.*?)(?:\x07|\x1b\\)$/s
 // SGR mouse event: CSI < button ; col ; row M (press) or m (release)
 // Button codes: 64=wheel-up, 65=wheel-down (0x40 | wheel-bit).
 // Button 32=left-drag (0x20 | motion-bit). Plain 0/1/2 = left/mid/right click.
-// eslint-disable-next-line no-control-regex
+// biome-ignore lint/suspicious/noControlCharactersInRegex: terminal escape sequence parsing
 const SGR_MOUSE_RE = /^\x1b\[<(\d+);(\d+);(\d+)([Mm])$/
 
 function createPasteKey(content: string): ParsedKey {

packages/@ant/ink/src/core/reconciler.ts

@@ -34,8 +34,10 @@ if (process.env.NODE_ENV === 'development') {
     void import('./devtools.js')
     // eslint-disable-next-line @typescript-eslint/no-explicit-any
   } catch (error: unknown) {
-    if (error instanceof Error && (error as NodeJS.ErrnoException).code === 'ERR_MODULE_NOT_FOUND') {
-      // biome-ignore lint/suspicious/noConsole: intentional warning
+    if (
+      error instanceof Error &&
+      (error as NodeJS.ErrnoException).code === 'ERR_MODULE_NOT_FOUND'
+    ) {
       console.warn(
         `
 The environment variable DEV is set to true, so Ink tried to import \`react-devtools-core\`,
@@ -197,7 +199,6 @@ let _prepareAt = 0
 
 /** Debug log helper — replaces fs.appendFileSync with console.warn. */
 function debugLog(message: string): void {
-  // biome-ignore lint/suspicious/noConsole: debug instrumentation
   console.warn(`[ink-commit] ${message}`)
 }
 // --- END ---
@@ -304,9 +305,7 @@ const reconciler = createReconciler<
     if (COMMIT_LOG) {
       const renderMs = performance.now() - _tr
       if (renderMs > 10) {
-        debugLog(
-          `${_tr.toFixed(1)} SLOW_PAINT ${renderMs.toFixed(1)}ms`,
-        )
+        debugLog(`${_tr.toFixed(1)} SLOW_PAINT ${renderMs.toFixed(1)}ms`)
       }
     }
   },

packages/@ant/ink/src/core/root.ts

@@ -114,7 +114,6 @@ const wrappedRender = async (
   await Promise.resolve()
   const instance = renderSync(node, options)
   if (process.env.CLAUDE_CODE_DEBUG_REPAINTS === '1') {
-    // biome-ignore lint/suspicious/noConsole: debug instrumentation
     console.warn(
       `[render] first ink render: ${Math.round(process.uptime() * 1000)}ms since process start`,
     )

packages/@ant/ink/src/core/screen.ts

@@ -119,6 +119,44 @@ export class StylePool {
     this.none = this.intern([])
   }
 
+  private static readonly CACHE_MAX = 1000
+
+  /**
+   * Evict oldest entries from derivative caches when they exceed the limit.
+   * ids/styles are never evicted (id is an array index).
+   */
+  private evictCacheIfNeeded(): void {
+    if (this.transitionCache.size > StylePool.CACHE_MAX) {
+      const keys = this.transitionCache.keys()
+      for (
+        let i = 0;
+        i < this.transitionCache.size - StylePool.CACHE_MAX;
+        i++
+      ) {
+        const k = keys.next().value
+        if (k !== undefined) this.transitionCache.delete(k)
+      }
+    }
+    if (this.inverseCache.size > StylePool.CACHE_MAX) {
+      const keys = this.inverseCache.keys()
+      for (let i = 0; i < this.inverseCache.size - StylePool.CACHE_MAX; i++) {
+        const k = keys.next().value
+        if (k !== undefined) this.inverseCache.delete(k)
+      }
+    }
+    if (this.currentMatchCache.size > StylePool.CACHE_MAX) {
+      const keys = this.currentMatchCache.keys()
+      for (
+        let i = 0;
+        i < this.currentMatchCache.size - StylePool.CACHE_MAX;
+        i++
+      ) {
+        const k = keys.next().value
+        if (k !== undefined) this.currentMatchCache.delete(k)
+      }
+    }
+  }
+
   /**
    * Intern a style and return its ID. Bit 0 of the ID encodes whether the
    * style has a visible effect on space characters (background, inverse,
@@ -136,6 +174,7 @@ export class StylePool {
         (rawId << 1) |
         (styles.length > 0 && hasVisibleSpaceEffect(styles) ? 1 : 0)
       this.ids.set(key, id)
+      this.evictCacheIfNeeded()
     }
     return id
   }
@@ -286,7 +325,7 @@ function hasVisibleSpaceEffect(styles: AnsiCode[]): boolean {
  * @see https://mitchellh.com/writing/grapheme-clusters-in-terminals
  */
 // const enum is inlined at compile time - no runtime object, no property access
-export const enum CellWidth {
+export enum CellWidth {
   // Not a wide character, cell width 1
   Narrow = 0,
   // Wide character, cell width 2. This cell contains the actual character.
@@ -1144,7 +1183,7 @@ type DiffCallback = (
   y: number,
   removed: Cell | undefined,
   added: Cell | undefined,
-) => boolean | void
+) => boolean | undefined
 
 /**
  * Like diff(), but calls a callback for each change instead of building an array.

packages/@ant/ink/src/core/termio/osc.ts

@@ -14,9 +14,18 @@ function execFileNoThrow(
 ): Promise<{ code: number; stdout: string; stderr: string }> {
   return new Promise(resolve => {
     const { input, timeout } = options
-    const proc = nodeExecFile(command, args, { timeout }, (error, stdout, stderr) => {
-      resolve({ code: error ? 1 : 0, stdout: stdout ?? '', stderr: stderr ?? '' })
-    })
+    const proc = nodeExecFile(
+      command,
+      args,
+      { timeout },
+      (error, stdout, stderr) => {
+        resolve({
+          code: error ? 1 : 0,
+          stdout: stdout ?? '',
+          stderr: stderr ?? '',
+        })
+      },
+    )
     if (input && proc.stdin) {
       proc.stdin.write(input)
       proc.stdin.end()

packages/@ant/ink/src/core/utils/sliceAnsi.ts

@@ -49,7 +49,13 @@ export default function sliceAnsi(
     // pass start/end in display cells (via stringWidth), so position must
     // track the same units.
     const width =
-      token.type === 'ansi' ? 0 : token.type === 'char' ? (token.fullWidth ? 2 : stringWidth(token.value)) : 0
+      token.type === 'ansi'
+        ? 0
+        : token.type === 'char'
+          ? token.fullWidth
+            ? 2
+            : stringWidth(token.value)
+          : 0
 
     // Break AFTER trailing zero-width marks — a combining mark attaches to
     // the preceding base char, so "भा" (भ + ा, 1 display cell) sliced at