github · context-modeHEAD

User-controlled value printed to terminal without ANSI escape sanitization. Malicious input can inject cursor-control sequences, rewrite earlier output, or hide shell commands from the operator.

// event type breakdown

const types = db.prepare("SELECT type, COUNT(*) as cnt FROM session_events GROUP BY type ORDER BY cnt DESC").all();

console.log(`       event types: ${types.map(t => `${t.type}(${t.cnt})`).join(", ")}`);

// session_resume (compaction)

const resume = db.prepare("SELECT COUNT(*) as cnt FROM session_resume").get();

Network / IO / subprocess call without an explicit timeout. A malicious or hung upstream (HTTP host, socket peer, child process) can pin threads, exhaust connection/process pools, and make the MCP server unresponsive. Always pass a bounded timeout. v2 extends v1 with subprocess coverage (R03 from the legacy readiness audit).

### curl / wget — BLOCKED

Intercepted and replaced with error. Do NOT retry.

Use: `ctx_fetch_and_index(url, source)` or `ctx_execute(language: "javascript", code: "const r = await fetch(...)")`

### Inline HTTP — BLOCKED

`fetch('http`, `requests.get(`, `requests.post(`, `http.get(`, `http.request(` — intercepted. Do NOT retry.

Network / IO / subprocess call without an explicit timeout. A malicious or hung upstream (HTTP host, socket peer, child process) can pin threads, exhaust connection/process pools, and make the MCP server unresponsive. Always pass a bounded timeout. v2 extends v1 with subprocess coverage (R03 from the legacy readiness audit).

### Debug an API endpoint

```javascript

const resp = await fetch('http://localhost:3000/api/orders');

const { orders } = await resp.json();

const bugs = [];

Network / IO / subprocess call without an explicit timeout. A malicious or hung upstream (HTTP host, socket peer, child process) can pin threads, exhaust connection/process pools, and make the MCP server unresponsive. Always pass a bounded timeout. v2 extends v1 with subprocess coverage (R03 from the legacy readiness audit).

### curl / wget — BLOCKED

Shell `curl`/`wget` intercepted and blocked. Do NOT retry.

Use: `context-mode_ctx_fetch_and_index(url, source)` or `context-mode_ctx_execute(language: "javascript", code: "const r = await fetch(...)")`

### Inline HTTP — BLOCKED

`fetch('http`, `requests.get(`, `requests.post(`, `http.get(`, `http.request(` — intercepted. Do NOT retry.

Network / IO / subprocess call without an explicit timeout. A malicious or hung upstream (HTTP host, socket peer, child process) can pin threads, exhaust connection/process pools, and make the MCP server unresponsive. Always pass a bounded timeout. v2 extends v1 with subprocess coverage (R03 from the legacy readiness audit).

});

// GitHub stars

fetch('https://api.github.com/repos/mksglu/context-mode')

  .then(r=>r.json())

  .then(d=>{

    document.getElementById('stat-stars').textContent=

Network / IO / subprocess call without an explicit timeout. A malicious or hung upstream (HTTP host, socket peer, child process) can pin threads, exhaust connection/process pools, and make the MCP server unresponsive. Always pass a bounded timeout. v2 extends v1 with subprocess coverage (R03 from the legacy readiness audit).

document.querySelectorAll('.rev').forEach(e=>o.observe(e));

// Dynamic stats from GitHub

fetch('https://raw.githubusercontent.com/mksglu/context-mode/main/stats.json')

  .then(r=>r.json())

  .then(d=>{

    document.getElementById('stat-users').textContent=d.message||'66.3k+';

Network / IO / subprocess call without an explicit timeout. A malicious or hung upstream (HTTP host, socket peer, child process) can pin threads, exhaust connection/process pools, and make the MCP server unresponsive. Always pass a bounded timeout. v2 extends v1 with subprocess coverage (R03 from the legacy readiness audit).

### curl / wget — BLOCKED

Shell `curl`/`wget` intercepted and blocked. Do NOT retry.

Use: `@context-mode/ctx_fetch_and_index(url, source)` or `@context-mode/ctx_execute(language: "javascript", code: "const r = await fetch(...)")`

### Inline HTTP — BLOCKED

`fetch('http`, `requests.get(`, `requests.post(`, `http.get(`, `http.request(` — intercepted. Do NOT retry.

Network / IO / subprocess call without an explicit timeout. A malicious or hung upstream (HTTP host, socket peer, child process) can pin threads, exhaust connection/process pools, and make the MCP server unresponsive. Always pass a bounded timeout. v2 extends v1 with subprocess coverage (R03 from the legacy readiness audit).

};

```

**Python subprocess list form:** Additionally detects `subprocess.run(["rm", "-rf", "/"])` and extracts args to form `"rm -rf /"` for deny-pattern evaluation.

**Extracted commands** are checked against the same Bash deny patterns used for direct shell commands.

Network / IO / subprocess call without an explicit timeout. A malicious or hung upstream (HTTP host, socket peer, child process) can pin threads, exhaust connection/process pools, and make the MCP server unresponsive. Always pass a bounded timeout. v2 extends v1 with subprocess coverage (R03 from the legacy readiness audit).

}

async function main() {

  const resp = await fetch(url);

  if (!resp.ok) { console.error("HTTP " + resp.status); process.exit(1); }

  const contentType = resp.headers.get('content-type') || '';

Network / IO / subprocess call without an explicit timeout. A malicious or hung upstream (HTTP host, socket peer, child process) can pin threads, exhaust connection/process pools, and make the MCP server unresponsive. Always pass a bounded timeout. v2 extends v1 with subprocess coverage (R03 from the legacy readiness audit).

### curl / wget — BLOCKED

Terminal `curl`/`wget` intercepted and blocked. Do NOT retry.

Use: `ctx_fetch_and_index(url, source)` or `ctx_execute(language: "javascript", code: "const r = await fetch(...)")`

### Inline HTTP — BLOCKED

`fetch('http`, `requests.get(`, `requests.post(`, `http.get(`, `http.request(` — intercepted. Do NOT retry.

Network / IO / subprocess call without an explicit timeout. A malicious or hung upstream (HTTP host, socket peer, child process) can pin threads, exhaust connection/process pools, and make the MCP server unresponsive. Always pass a bounded timeout. v2 extends v1 with subprocess coverage (R03 from the legacy readiness audit).

BAD — will timeout on API calls:

  Tool: execute

  code: |

    const resp = await fetch('https://api.slow-service.com/data');

    console.log(await resp.json());

  language: javascript

  timeout_ms: 5000  ← API may take 10+ seconds

Network / IO / subprocess call without an explicit timeout. A malicious or hung upstream (HTTP host, socket peer, child process) can pin threads, exhaust connection/process pools, and make the MCP server unresponsive. Always pass a bounded timeout. v2 extends v1 with subprocess coverage (R03 from the legacy readiness audit).

# JavaScript / TypeScript Patterns for execute

Practical patterns for using `execute` with `language: javascript`.

All examples assume Node.js runtime with native fetch (Node 18+).

---

Network / IO / subprocess call without an explicit timeout. A malicious or hung upstream (HTTP host, socket peer, child process) can pin threads, exhaust connection/process pools, and make the MCP server unresponsive. Always pass a bounded timeout. v2 extends v1 with subprocess coverage (R03 from the legacy readiness audit).

```typescript

// GOOD: Each function is independently mockable

const api = {

  getUser: (id) => fetch(`/users/${id}`),

  getOrders: (userId) => fetch(`/users/${userId}/orders`),

  createOrder: (data) => fetch('/orders', { method: 'POST', body: data }),

};

Network / IO / subprocess call without an explicit timeout. A malicious or hung upstream (HTTP host, socket peer, child process) can pin threads, exhaust connection/process pools, and make the MCP server unresponsive. Always pass a bounded timeout. v2 extends v1 with subprocess coverage (R03 from the legacy readiness audit).

### curl / wget — FORBIDDEN

Do NOT use `curl`/`wget` via `run_command`. Dumps raw HTTP into context.

Use: `mcp__context-mode__ctx_fetch_and_index(url, source)` or `mcp__context-mode__ctx_execute(language: "javascript", code: "const r = await fetch(...)")`

### Inline HTTP — FORBIDDEN

No `node -e "fetch(..."`, `python -c "requests.get(..."` via `run_command`. Bypasses sandbox.

Network / IO / subprocess call without an explicit timeout. A malicious or hung upstream (HTTP host, socket peer, child process) can pin threads, exhaust connection/process pools, and make the MCP server unresponsive. Always pass a bounded timeout. v2 extends v1 with subprocess coverage (R03 from the legacy readiness audit).

### curl / wget — BLOCKED

Shell `curl`/`wget` intercepted and blocked. Do NOT retry.

Use: `context-mode__ctx_fetch_and_index(url, source)` or `context-mode__ctx_execute(language: "javascript", code: "const r = await fetch(...)")`

### Inline HTTP — BLOCKED

`fetch('http`, `requests.get(`, `requests.post(`, `http.get(`, `http.request(` — intercepted. Do NOT retry.

Network / IO / subprocess call without an explicit timeout. A malicious or hung upstream (HTTP host, socket peer, child process) can pin threads, exhaust connection/process pools, and make the MCP server unresponsive. Always pass a bounded timeout. v2 extends v1 with subprocess coverage (R03 from the legacy readiness audit).

```javascript

// execute: Analyze API health endpoint

const resp = await fetch('https://api.example.com/health');

const data = await resp.json();

console.log('=== Service Health ===');

Network / IO / subprocess call without an explicit timeout. A malicious or hung upstream (HTTP host, socket peer, child process) can pin threads, exhaust connection/process pools, and make the MCP server unresponsive. Always pass a bounded timeout. v2 extends v1 with subprocess coverage (R03 from the legacy readiness audit).

events: (dbHash: string, sessionId: string) =>

    get<SessionEventData>(`/sessions/${dbHash}/events/${encodeURIComponent(sessionId)}`),

  deleteSource: (dbHash: string, sourceId: number) =>

    fetch(`${API}/content/${dbHash}/source/${sourceId}`, { method: "DELETE" }).then(r => r.json() as Promise<{ ok: boolean }>),

};

Network / IO / subprocess call without an explicit timeout. A malicious or hung upstream (HTTP host, socket peer, child process) can pin threads, exhaust connection/process pools, and make the MCP server unresponsive. Always pass a bounded timeout. v2 extends v1 with subprocess coverage (R03 from the legacy readiness audit).

};

```

**Python subprocess list form:** Additionally detects `subprocess.run(["rm", "-rf", "/"])` and extracts args to form `"rm -rf /"` for deny-pattern evaluation.

**Extracted commands** are checked against the same Bash deny patterns used for direct shell commands.

Network / IO / subprocess call without an explicit timeout. A malicious or hung upstream (HTTP host, socket peer, child process) can pin threads, exhaust connection/process pools, and make the MCP server unresponsive. Always pass a bounded timeout. v2 extends v1 with subprocess coverage (R03 from the legacy readiness audit).

// GOOD: Each function is independently mockable

const api = {

  getUser: (id) => fetch(`/users/${id}`),

  getOrders: (userId) => fetch(`/users/${userId}/orders`),

  createOrder: (data) => fetch('/orders', { method: 'POST', body: data }),

};

Network / IO / subprocess call without an explicit timeout. A malicious or hung upstream (HTTP host, socket peer, child process) can pin threads, exhaust connection/process pools, and make the MCP server unresponsive. Always pass a bounded timeout. v2 extends v1 with subprocess coverage (R03 from the legacy readiness audit).

// BAD: Mocking requires conditional logic inside the mock

const api = {

  fetch: (endpoint, options) => fetch(endpoint, options),

};

```

Network / IO / subprocess call without an explicit timeout. A malicious or hung upstream (HTTP host, socket peer, child process) can pin threads, exhaust connection/process pools, and make the MCP server unresponsive. Always pass a bounded timeout. v2 extends v1 with subprocess coverage (R03 from the legacy readiness audit).

### curl / wget — BLOCKED

Shell `curl`/`wget` intercepted and blocked. Do NOT retry.

Use: `context-mode_ctx_fetch_and_index(url, source)` or `context-mode_ctx_execute(language: "javascript", code: "const r = await fetch(...)")`

### Inline HTTP — BLOCKED

`fetch('http`, `requests.get(`, `requests.post(`, `http.get(`, `http.request(` — intercepted. Do NOT retry.

Network / IO / subprocess call without an explicit timeout. A malicious or hung upstream (HTTP host, socket peer, child process) can pin threads, exhaust connection/process pools, and make the MCP server unresponsive. Always pass a bounded timeout. v2 extends v1 with subprocess coverage (R03 from the legacy readiness audit).

### curl / wget — FORBIDDEN

Do NOT use `curl`/`wget` in shell. Dumps raw HTTP into context.

Use: `mcp:context-mode:ctx_fetch_and_index(url, source)` or `mcp:context-mode:ctx_execute(language: "javascript", code: "const r = await fetch(...)")`

### Inline HTTP — FORBIDDEN

No `node -e "fetch(..."`, `python -c "requests.get(..."`. Bypasses sandbox.

Network / IO / subprocess call without an explicit timeout. A malicious or hung upstream (HTTP host, socket peer, child process) can pin threads, exhaust connection/process pools, and make the MCP server unresponsive. Always pass a bounded timeout. v2 extends v1 with subprocess coverage (R03 from the legacy readiness audit).

### curl / wget — FORBIDDEN

Do NOT use `curl`/`wget` in shell. Dumps raw HTTP into context.

Use: `ctx_fetch_and_index(url, source)` or `ctx_execute(language: "javascript", code: "const r = await fetch(...)")`

### Inline HTTP — FORBIDDEN

No `node -e "fetch(..."`, `python -c "requests.get(..."`. Bypasses sandbox.

Network / IO / subprocess call without an explicit timeout. A malicious or hung upstream (HTTP host, socket peer, child process) can pin threads, exhaust connection/process pools, and make the MCP server unresponsive. Always pass a bounded timeout. v2 extends v1 with subprocess coverage (R03 from the legacy readiness audit).

| Tool | Action |

|------|--------|

| Bash (curl/wget) | Replaces command with echo redirect to `fetch_and_index` |

| Bash (inline HTTP: fetch(), requests.get(), http.get()) | Replaces command with echo redirect to `execute` |

| Bash (other) | Security check, then pass through |

| Read | Adds guidance: use `execute_file` for analysis, Read for editing |

| Grep | Adds guidance: use `execute` with shell for searches |

Network / IO / subprocess call without an explicit timeout. A malicious or hung upstream (HTTP host, socket peer, child process) can pin threads, exhaust connection/process pools, and make the MCP server unresponsive. Always pass a bounded timeout. v2 extends v1 with subprocess coverage (R03 from the legacy readiness audit).

| Tool | Action |

|------|--------|

| Bash (curl/wget) | Replaces command with echo redirect to `ctx_fetch_and_index` |

| Bash (inline HTTP: fetch(), requests.get(), http.get()) | Replaces command with echo redirect to `ctx_execute` |

| Bash (other) | Security check, then pass through |

| Read | Adds guidance: use `ctx_execute_file` for analysis, Read for editing |

| Grep | Adds guidance: use `ctx_execute` with shell for searches |

Network / IO / subprocess call without an explicit timeout. A malicious or hung upstream (HTTP host, socket peer, child process) can pin threads, exhaust connection/process pools, and make the MCP server unresponsive. Always pass a bounded timeout. v2 extends v1 with subprocess coverage (R03 from the legacy readiness audit).

const api = {

  getUser: (id) => fetch(`/users/${id}`),

  getOrders: (userId) => fetch(`/users/${userId}/orders`),

  createOrder: (data) => fetch('/orders', { method: 'POST', body: data }),

};

// BAD: Mocking requires conditional logic inside the mock

Network / IO / subprocess call without an explicit timeout. A malicious or hung upstream (HTTP host, socket peer, child process) can pin threads, exhaust connection/process pools, and make the MCP server unresponsive. Always pass a bounded timeout. v2 extends v1 with subprocess coverage (R03 from the legacy readiness audit).

GOOD — generous timeout for network:

  Tool: execute

  code: |

    const resp = await fetch('https://api.slow-service.com/data');

    console.log(JSON.stringify(await resp.json(), null, 2));

  language: javascript

  timeout_ms: 30000  ← 30 seconds for network calls

Network / IO / subprocess call without an explicit timeout. A malicious or hung upstream (HTTP host, socket peer, child process) can pin threads, exhaust connection/process pools, and make the MCP server unresponsive. Always pass a bounded timeout. v2 extends v1 with subprocess coverage (R03 from the legacy readiness audit).

/**

 * Extract all string elements from a Python subprocess list call.

 *

 * subprocess.run(["rm", "-rf", "/"]) → "rm -rf /"

 *

 * This catches the list-of-strings form that the single-string regex misses.

 */

Network / IO / subprocess call without an explicit timeout. A malicious or hung upstream (HTTP host, socket peer, child process) can pin threads, exhaust connection/process pools, and make the MCP server unresponsive. Always pass a bounded timeout. v2 extends v1 with subprocess coverage (R03 from the legacy readiness audit).

### curl / wget — BLOCKED

Terminal `curl`/`wget` intercepted and blocked. Do NOT retry.

Use: `ctx_fetch_and_index(url, source)` or `ctx_execute(language: "javascript", code: "const r = await fetch(...)")`

### Inline HTTP — BLOCKED

`fetch('http`, `requests.get(`, `requests.post(`, `http.get(`, `http.request(` — intercepted. Do NOT retry.

Network / IO / subprocess call without an explicit timeout. A malicious or hung upstream (HTTP host, socket peer, child process) can pin threads, exhaust connection/process pools, and make the MCP server unresponsive. Always pass a bounded timeout. v2 extends v1 with subprocess coverage (R03 from the legacy readiness audit).

| Situation | Tool | Example |

|-----------|------|---------|

| Hit an API endpoint | `ctx_execute` | `fetch('http://localhost:3000/api/orders')` |

| Run CLI that returns data | `ctx_execute` | `gh pr list`, `aws s3 ls`, `kubectl get pods` |

| Run tests | `ctx_execute` | `npm test`, `pytest`, `go test ./...` |

| Git operations | `ctx_execute` | `git log --oneline -50`, `git diff HEAD~5` |

Network / IO / subprocess call without an explicit timeout. A malicious or hung upstream (HTTP host, socket peer, child process) can pin threads, exhaust connection/process pools, and make the MCP server unresponsive. Always pass a bounded timeout. v2 extends v1 with subprocess coverage (R03 from the legacy readiness audit).

### curl / wget — BLOCKED

Bash `curl`/`wget` intercepted and replaced with error. Do NOT retry.

Use: `mcp__context-mode__ctx_fetch_and_index(url, source)` or `mcp__context-mode__ctx_execute(language: "javascript", code: "const r = await fetch(...)")`

### Inline HTTP — BLOCKED

`fetch('http`, `requests.get(`, `requests.post(`, `http.get(`, `http.request(` — intercepted. Do NOT retry.

Network / IO / subprocess call without an explicit timeout. A malicious or hung upstream (HTTP host, socket peer, child process) can pin threads, exhaust connection/process pools, and make the MCP server unresponsive. Always pass a bounded timeout. v2 extends v1 with subprocess coverage (R03 from the legacy readiness audit).

}

async function get<T>(path: string): Promise<T> {

  const r = await fetch(`${API}${path}`);

  return r.json() as Promise<T>;

}

Network / IO / subprocess call without an explicit timeout. A malicious or hung upstream (HTTP host, socket peer, child process) can pin threads, exhaust connection/process pools, and make the MCP server unresponsive. Always pass a bounded timeout. v2 extends v1 with subprocess coverage (R03 from the legacy readiness audit).

### curl / wget — FORBIDDEN (hook-enforced)

Do NOT use `curl`/`wget` in `bash`. Pi hooks block these. Dumps raw HTTP into context.

Use: `ctx_fetch_and_index(url, source)` or `ctx_execute(language: "javascript", code: "const r = await fetch(...)")`

### Inline HTTP — FORBIDDEN

No `node -e "fetch(..."`, `python -c "requests.get(..."`. Bypasses sandbox.

Network / IO / subprocess call without an explicit timeout. A malicious or hung upstream (HTTP host, socket peer, child process) can pin threads, exhaust connection/process pools, and make the MCP server unresponsive. Always pass a bounded timeout. v2 extends v1 with subprocess coverage (R03 from the legacy readiness audit).

### curl / wget — BLOCKED

Shell `curl`/`wget` intercepted and blocked. Do NOT retry.

Use: `mcp__context-mode__ctx_fetch_and_index(url, source)` or `mcp__context-mode__ctx_execute(language: "javascript", code: "const r = await fetch(...)")`

### Inline HTTP — BLOCKED

`fetch('http`, `requests.get(`, `requests.post(`, `http.get(`, `http.request(` — intercepted. Do NOT retry.

Network / IO / subprocess call without an explicit timeout. A malicious or hung upstream (HTTP host, socket peer, child process) can pin threads, exhaust connection/process pools, and make the MCP server unresponsive. Always pass a bounded timeout. v2 extends v1 with subprocess coverage (R03 from the legacy readiness audit).

Bun.serve({

    port: PORT,

    hostname: "127.0.0.1",

    fetch(req) {

      const url = new URL(req.url);

      const data = route(req.method, url.pathname, url.searchParams);

      if (data !== null) {

MCP tool input schema exposes an unconstrained string/any field with a risky name (command/query/sql/code/script/url/path/expr/ eval). Any caller can pass arbitrary values, which typically widens the tool's blast radius well beyond its intent. Narrow the schema with `.enum()`, `.regex()`, `.max()`, `Literal[...]`, Pydantic `Field(max_length=..., pattern=...)`, or a JSON Schema `enum` / `pattern` / `maxLength`.

"  Indexing is serial regardless of concurrency — fetches race, FTS5 writes don't (avoids SQLite WAL contention).\n\n" +

      "When reporting results — terse like caveman. Technical substance exact. Only fluff die. Pattern: [thing] [action] [reason]. [next step].",

    inputSchema: z.object({

      url: z.string().optional().describe("Single URL to fetch and index (legacy single-shape)"),

      source: z

        .string()

        .optional()

MCP tool input schema exposes an unconstrained string/any field with a risky name (command/query/sql/code/script/url/path/expr/ eval). Any caller can pass arbitrary values, which typically widens the tool's blast radius well beyond its intent. Narrow the schema with `.enum()`, `.regex()`, `.max()`, `Literal[...]`, Pydantic `Field(max_length=..., pattern=...)`, or a JSON Schema `enum` / `pattern` / `maxLength`.

requests: z

        .array(

          z.object({

            url: z.string().describe("URL to fetch"),

            source: z.string().optional().describe("Label for this URL's indexed content"),

          }),

        )

Package declares an install-time hook (npm postinstall/preinstall/prepare, setup.py cmdclass override, custom setuptools install class, or non-default pyproject build-backend). Anyone installing this package runs the hook. Confirm the hook is necessary and review its contents; prefer shipping a plain library without install-time execution.

"test:compare": "npx tsx tests/context-comparison.ts",

    "test:ecosystem": "npx tsx tests/ecosystem-benchmark.ts",

    "install:openclaw": "node -e \"if(process.platform==='win32'){console.error('OpenClaw install requires bash (Git Bash or WSL)');process.exit(1)}else{require('child_process').execSync('bash scripts/install-openclaw-plugin.sh',{stdio:'inherit'})}\"",

    "postinstall": "node scripts/postinstall.mjs"

  },

  "dependencies": {

    "@clack/prompts": "^1.0.1",

GitHub Actions `uses:` reference is not pinned to a 40-character commit SHA. Tags (`@v4`) and branches (`@main`) are mutable — a compromised maintainer or a tag rewrite can substitute malicious code into your CI pipeline silently. Pin to a SHA: `uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab`. For readability, include the version as a trailing comment: `# v4.1.1`. Tools like `pinact` / `ratchet` automate this. Allowed unpinned forms (excluded by the rule): - Local actions `.

bundle:

    runs-on: ubuntu-latest

    steps:

      - uses: actions/checkout@v4

      - uses: actions/setup-node@v4

        with:

GitHub Actions `uses:` reference is not pinned to a 40-character commit SHA. Tags (`@v4`) and branches (`@main`) are mutable — a compromised maintainer or a tag rewrite can substitute malicious code into your CI pipeline silently. Pin to a SHA: `uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab`. For readability, include the version as a trailing comment: `# v4.1.1`. Tools like `pinact` / `ratchet` automate this. Allowed unpinned forms (excluded by the rule): - Local actions `.

with:

          node-version: ${{ env.NODE_VERSION }}

      - uses: actions/setup-python@v5

        with:

          python-version: "3.12"

GitHub Actions `uses:` reference is not pinned to a 40-character commit SHA. Tags (`@v4`) and branches (`@main`) are mutable — a compromised maintainer or a tag rewrite can substitute malicious code into your CI pipeline silently. Pin to a SHA: `uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab`. For readability, include the version as a trailing comment: `# v4.1.1`. Tools like `pinact` / `ratchet` automate this. Allowed unpinned forms (excluded by the rule): - Local actions `.

steps:

      - uses: actions/checkout@v4

      - uses: actions/setup-node@v4

        with:

          node-version: ${{ env.NODE_VERSION }}

GitHub Actions `uses:` reference is not pinned to a 40-character commit SHA. Tags (`@v4`) and branches (`@main`) are mutable — a compromised maintainer or a tag rewrite can substitute malicious code into your CI pipeline silently. Pin to a SHA: `uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab`. For readability, include the version as a trailing comment: `# v4.1.1`. Tools like `pinact` / `ratchet` automate this. Allowed unpinned forms (excluded by the rule): - Local actions `.

go-version: "stable"

          cache: false

      - uses: erlef/setup-beam@v1

        if: runner.os != 'Windows'

        with:

          elixir-version: "1.17"

GitHub Actions `uses:` reference is not pinned to a 40-character commit SHA. Tags (`@v4`) and branches (`@main`) are mutable — a compromised maintainer or a tag rewrite can substitute malicious code into your CI pipeline silently. Pin to a SHA: `uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab`. For readability, include the version as a trailing comment: `# v4.1.1`. Tools like `pinact` / `ratchet` automate this. Allowed unpinned forms (excluded by the rule): - Local actions `.

- name: Upload OpenClaw logs on failure

        if: failure()

        uses: actions/upload-artifact@v4

        with:

          name: openclaw-logs-${{ matrix.os }}

          path: ${{ env.OPENCLAW_STATE_DIR }}/logs/

GitHub Actions `uses:` reference is not pinned to a 40-character commit SHA. Tags (`@v4`) and branches (`@main`) are mutable — a compromised maintainer or a tag rewrite can substitute malicious code into your CI pipeline silently. Pin to a SHA: `uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab`. For readability, include the version as a trailing comment: `# v4.1.1`. Tools like `pinact` / `ratchet` automate this. Allowed unpinned forms (excluded by the rule): - Local actions `.

python-version: "3.12"

      - name: Cache better-sqlite3 native addon

        uses: actions/cache@v4

        with:

          path: node_modules/better-sqlite3/build

          key: better-sqlite3-${{ runner.os }}-node${{ env.NODE_VERSION }}-${{ hashFiles('package-lock.json') }}

GitHub Actions `uses:` reference is not pinned to a 40-character commit SHA. Tags (`@v4`) and branches (`@main`) are mutable — a compromised maintainer or a tag rewrite can substitute malicious code into your CI pipeline silently. Pin to a SHA: `uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab`. For readability, include the version as a trailing comment: `# v4.1.1`. Tools like `pinact` / `ratchet` automate this. Allowed unpinned forms (excluded by the rule): - Local actions `.

name: test (${{ matrix.os }})

    steps:

      - uses: actions/checkout@v4

      - uses: actions/setup-node@v4

        with:

GitHub Actions `uses:` reference is not pinned to a 40-character commit SHA. Tags (`@v4`) and branches (`@main`) are mutable — a compromised maintainer or a tag rewrite can substitute malicious code into your CI pipeline silently. Pin to a SHA: `uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab`. For readability, include the version as a trailing comment: `# v4.1.1`. Tools like `pinact` / `ratchet` automate this. Allowed unpinned forms (excluded by the rule): - Local actions `.

with:

          node-version: 20

      - uses: actions/setup-python@v5

        with:

          python-version: "3.12"

GitHub Actions `uses:` reference is not pinned to a 40-character commit SHA. Tags (`@v4`) and branches (`@main`) are mutable — a compromised maintainer or a tag rewrite can substitute malicious code into your CI pipeline silently. Pin to a SHA: `uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab`. For readability, include the version as a trailing comment: `# v4.1.1`. Tools like `pinact` / `ratchet` automate this. Allowed unpinned forms (excluded by the rule): - Local actions `.

with:

          python-version: "3.12"

      - uses: actions/setup-go@v5

        with:

          go-version: "stable"

          cache: false

GitHub Actions `uses:` reference is not pinned to a 40-character commit SHA. Tags (`@v4`) and branches (`@main`) are mutable — a compromised maintainer or a tag rewrite can substitute malicious code into your CI pipeline silently. Pin to a SHA: `uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab`. For readability, include the version as a trailing comment: `# v4.1.1`. Tools like `pinact` / `ratchet` automate this. Allowed unpinned forms (excluded by the rule): - Local actions `.

timeout-minutes: 15

    steps:

      - uses: actions/checkout@v4

      - uses: actions/setup-node@v4

        with:

GitHub Actions `uses:` reference is not pinned to a 40-character commit SHA. Tags (`@v4`) and branches (`@main`) are mutable — a compromised maintainer or a tag rewrite can substitute malicious code into your CI pipeline silently. Pin to a SHA: `uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab`. For readability, include the version as a trailing comment: `# v4.1.1`. Tools like `pinact` / `ratchet` automate this. Allowed unpinned forms (excluded by the rule): - Local actions `.

- name: Upload test output on failure

        if: failure()

        uses: actions/upload-artifact@v4

        with:

          name: test-output-${{ matrix.os }}

          path: ${{ runner.temp }}/e2e-output.log

GitHub Actions `uses:` reference is not pinned to a 40-character commit SHA. Tags (`@v4`) and branches (`@main`) are mutable — a compromised maintainer or a tag rewrite can substitute malicious code into your CI pipeline silently. Pin to a SHA: `uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab`. For readability, include the version as a trailing comment: `# v4.1.1`. Tools like `pinact` / `ratchet` automate this. Allowed unpinned forms (excluded by the rule): - Local actions `.

update-stats:

    runs-on: ubuntu-latest

    steps:

      - uses: actions/checkout@v4

      - name: Fetch stats and update

        env:

GitHub Actions `uses:` reference is not pinned to a 40-character commit SHA. Tags (`@v4`) and branches (`@main`) are mutable — a compromised maintainer or a tag rewrite can substitute malicious code into your CI pipeline silently. Pin to a SHA: `uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab`. For readability, include the version as a trailing comment: `# v4.1.1`. Tools like `pinact` / `ratchet` automate this. Allowed unpinned forms (excluded by the rule): - Local actions `.

- name: Upload session DBs on failure

        if: failure()

        uses: actions/upload-artifact@v4

        with:

          name: session-dbs-${{ matrix.os }}

          path: ~/.openclaw/context-mode/sessions/

GitHub Actions `uses:` reference is not pinned to a 40-character commit SHA. Tags (`@v4`) and branches (`@main`) are mutable — a compromised maintainer or a tag rewrite can substitute malicious code into your CI pipeline silently. Pin to a SHA: `uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab`. For readability, include the version as a trailing comment: `# v4.1.1`. Tools like `pinact` / `ratchet` automate this. Allowed unpinned forms (excluded by the rule): - Local actions `.

- name: Cache OpenClaw binary

        id: cache-openclaw

        uses: actions/cache@v4

        with:

          path: ~/.npm-global

          key: openclaw-${{ runner.os }}-v${{ env.OPENCLAW_VERSION }}

GitHub Actions `uses:` reference is not pinned to a 40-character commit SHA. Tags (`@v4`) and branches (`@main`) are mutable — a compromised maintainer or a tag rewrite can substitute malicious code into your CI pipeline silently. Pin to a SHA: `uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab`. For readability, include the version as a trailing comment: `# v4.1.1`. Tools like `pinact` / `ratchet` automate this. Allowed unpinned forms (excluded by the rule): - Local actions `.

steps:

      - uses: actions/checkout@v4

      - uses: actions/setup-node@v4

        with:

          node-version: 20

GitHub Actions `uses:` reference is not pinned to a 40-character commit SHA. Tags (`@v4`) and branches (`@main`) are mutable — a compromised maintainer or a tag rewrite can substitute malicious code into your CI pipeline silently. Pin to a SHA: `uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab`. For readability, include the version as a trailing comment: `# v4.1.1`. Tools like `pinact` / `ratchet` automate this. Allowed unpinned forms (excluded by the rule): - Local actions `.

steps:

      - uses: actions/checkout@v4

      - uses: actions/setup-node@v4

        with:

          node-version: 20

Silent error swallowing detected. An except clause that does pass or ... discards the exception with no log, no metric, and no trace. This blinds incident response and hides real failures.

`)}function B(t,r){if(t.length===0)return"";let s=new Set,n=[],o=[];for(let e of t)s.has(e.data)||(s.add(e.data),e.type==="rule_content"?n.push(`    ${a(e.data)}`):n.push(`    ${a(e.data)}`),o.push(e.data));if(n.length===0)return"";let c=h(o);return[`  <rules count="${n.length}">`,...n,m(r,c),"  </rules>"].join(`

`)}function J(t,r){if(t.length===0)return"";let s=[],n=[];for(let i of t)s.push(`    ${a(i.data)}`),n.push(i.data);let o=h(n);return[`  <git count="${t.length}">`,...s,m(r,o),"  </git>"

Silent error swallowing detected. An except clause that does pass or ... discards the exception with no log, no metric, and no trace. This blinds incident response and hides real failures.

// Report network bytes on process exit — works with both promise and callback patterns.

// process.on('exit') fires after all I/O completes, unlike .finally() which fires

// when __cm_main() resolves (immediately for callback-based http.get without await).

process.on('exit',()=>{if(__cm_net>0)try{process.stderr.write('__CM_NET__:'+__cm_net+'\\n')}catch{}});

;(function(__cm_req){

// Intercept globalThis.fetch

const __cm_f=globalThis.fetch;

Silent error swallowing detected. An except clause that does pass or ... discards the exception with no log, no metric, and no trace. This blinds incident response and hides real failures.

instrumentedCode = `

// FS read instrumentation — count bytes read via fs.readFileSync/readFile

let __cm_fs=0;

process.on('exit',()=>{if(__cm_fs>0)try{process.stderr.write('__CM_FS__:'+__cm_fs+'\\n')}catch{}});

(function(){

  try{

    var f=typeof require!=='undefined'?require('fs'):null;

Silent error swallowing detected. An except clause that does pass or ... discards the exception with no log, no metric, and no trace. This blinds incident response and hides real failures.

// Resolve marker directory for this session (stable even on Windows/Git Bash

  // where process.ppid shifts every invocation — see #298).

  const dir = guidanceDirFor(sessionId);

  try { mkdirSync(dir, { recursive: true }); } catch {}

  // Atomic create-or-fail: O_CREAT | O_EXCL | O_WRONLY

  // First process to create the file wins; others get EEXIST.

Silent error swallowing detected. An except clause that does pass or ... discards the exception with no log, no metric, and no trace. This blinds incident response and hides real failures.

let lockExists = { npm: false, yarn: false, pnpm: false };

try { fs.accessSync('package-lock.json'); lockExists.npm = true; } catch {}

try { fs.accessSync('yarn.lock'); lockExists.yarn = true; } catch {}

try { fs.accessSync('pnpm-lock.yaml'); lockExists.pnpm = true; } catch {}

console.log('=== Lock File Status ===');

Silent error swallowing detected. An except clause that does pass or ... discards the exception with no log, no metric, and no trace. This blinds incident response and hides real failures.

`console.error("- [ ] Upgrade failed:",e.message);`,

        `process.exit(1);`,

        `}finally{`,

        `try{rmSync(T,{recursive:true,force:true})}catch{}`,

        `}`,

      ].join("\n");

Silent error swallowing detected. An except clause that does pass or ... discards the exception with no log, no metric, and no trace. This blinds incident response and hides real failures.

// Path traversal guard

        if (!resolve(rp).startsWith(cacheRoot + sep)) continue;

        // Remove dangling symlink

        try { if (lstatSync(rp).isSymbolicLink()) unlinkSync(rp); } catch {}

        const parent = dirname(rp);

        if (!existsSync(parent)) mkdirSync(parent, { recursive: true });

        if (existsSync(pluginRoot)) {

Silent error swallowing detected. An except clause that does pass or ... discards the exception with no log, no metric, and no trace. This blinds incident response and hides real failures.

const pkg = JSON.parse(fs.readFileSync('package.json', 'utf8'));

let lockExists = { npm: false, yarn: false, pnpm: false };

try { fs.accessSync('package-lock.json'); lockExists.npm = true; } catch {}

try { fs.accessSync('yarn.lock'); lockExists.yarn = true; } catch {}

try { fs.accessSync('pnpm-lock.yaml'); lockExists.pnpm = true; } catch {}

Silent error swallowing detected. An except clause that does pass or ... discards the exception with no log, no metric, and no trace. This blinds incident response and hides real failures.

);

      CREATE INDEX IF NOT EXISTS idx_tool_calls_session ON tool_calls(session_id);

    `);try{let t=this.db.pragma("table_xinfo(session_events)"),e=new Set(t.map(s=>s.name));e.has("project_dir")||this.db.exec("ALTER TABLE session_events ADD COLUMN project_dir TEXT NOT NULL DEFAULT ''"),e.has("attribution_source")||this.db.exec("ALTER TABLE session_events ADD COLUMN attribution_source TEXT NOT NULL DEFAULT 'unknown'"),e.has("attribution_confidence")||this.db.exec("ALTER TABLE session_events A

Silent error swallowing detected. An except clause that does pass or ... discards the exception with no log, no metric, and no trace. This blinds incident response and hides real failures.

updated_at = datetime('now')`),t(n.getToolCallTotals,`SELECT COALESCE(SUM(calls), 0) AS calls,

              COALESCE(SUM(bytes_returned), 0) AS bytes_returned

       FROM tool_calls WHERE session_id = ?`),t(n.getToolCallByTool,`SELECT tool, calls, bytes_returned

       FROM tool_calls WHERE session_id = ? ORDER BY calls DESC`)}insertEvent(t,e,s="PostToolUse",r){let o=f("sha256").update(e.data).digest("hex").slice(0,16).toUpperCase(),a=String(r?.projectDir??e.project_dir??"").trim(),c=String(r?.

Silent error swallowing detected. An except clause that does pass or ... discards the exception with no log, no metric, and no trace. This blinds incident response and hides real failures.

// Clear ppid-based dir (legacy / fallback callers) and the sessionId dir if given

  try { rmSync(guidanceDirFor(), { recursive: true, force: true }); } catch {}

  if (sessionId) {

    try { rmSync(guidanceDirFor(sessionId), { recursive: true, force: true }); } catch {}

  }

}

Silent error swallowing detected. An except clause that does pass or ... discards the exception with no log, no metric, and no trace. This blinds incident response and hides real failures.

if(!resolve(p).startsWith(cacheRoot+sep))continue;

      const parent=dirname(p);

      if(!existsSync(parent))continue;

      try{if(lstatSync(p).isSymbolicLink())unlinkSync(p)}catch{}

      const dirs=readdirSync(parent).filter(d=>/^\\d+\\.\\d+/.test(d)&&statSync(join(parent,d)).isDirectory());

      if(!dirs.length)continue;

      dirs.sort((a,b)=>{const pa=a.split(".").map(Number),pb=b.split(".").map(Number);for(let i=0;i<3;i++){if((pa[i]||0)!==(pb[i]||0))return(pa[i]||0)-(pb[i]||0)}return 0

Silent error swallowing detected. An except clause that does pass or ... discards the exception with no log, no metric, and no trace. This blinds incident response and hides real failures.

const dirs=readdirSync(parent).filter(d=>/^\\d+\\.\\d+/.test(d)&&statSync(join(parent,d)).isDirectory());

      if(!dirs.length)continue;

      dirs.sort((a,b)=>{const pa=a.split(".").map(Number),pb=b.split(".").map(Number);for(let i=0;i<3;i++){if((pa[i]||0)!==(pb[i]||0))return(pa[i]||0)-(pb[i]||0)}return 0});

      try{symlinkSync(join(parent,dirs[dirs.length-1]),p,process.platform==="win32"?"junction":undefined)}catch{}

    }

  }

}catch{}

Silent error swallowing detected. An except clause that does pass or ... discards the exception with no log, no metric, and no trace. This blinds incident response and hides real failures.

for (const rel of ["../package.json", "./package.json"]) {

    const p = resolve(__pkg_dir, rel);

    if (existsSync(p)) {

      try { return JSON.parse(readFileSync(p, "utf8")).version; } catch {}

    }

  }

  return "unknown";

Silent error swallowing detected. An except clause that does pass or ... discards the exception with no log, no metric, and no trace. This blinds incident response and hides real failures.

.get(testSessionId, testSessionId.slice(0,8) + "%");

    d.close();

    if (row) { chosenDb = f; break; }

  } catch {}

}

// Fallback: most recently modified

Silent error swallowing detected. An except clause that does pass or ... discards the exception with no log, no metric, and no trace. This blinds incident response and hides real failures.

try{symlinkSync(join(parent,dirs[dirs.length-1]),p,process.platform==="win32"?"junction":undefined)}catch{}

    }

  }

}catch{}

`;

    writeFileSync(healHookPath, healScript, { mode: 0o755 });

  }

Silent error swallowing detected. An except clause that does pass or ... discards the exception with no log, no metric, and no trace. This blinds incident response and hides real failures.

// Intercept globalThis.fetch

const __cm_f=globalThis.fetch;

globalThis.fetch=async(...a)=>{const r=await __cm_f(...a);

try{const cl=r.clone();const b=await cl.arrayBuffer();__cm_net+=b.byteLength}catch{}

return r};

// Shadow CJS require with http/https network tracking.

const __cm_hc=new Map();

Silent error swallowing detected. An except clause that does pass or ... discards the exception with no log, no metric, and no trace. This blinds incident response and hides real failures.

// Clean up old bash version if it exists

  const oldBashHook = resolve(globalHooksDir, "context-mode-cache-heal.sh");

  if (existsSync(oldBashHook)) {

    try { unlinkSync(oldBashHook); } catch {}

  }

  if (!existsSync(healHookPath)) {

    if (!existsSync(globalHooksDir)) mkdirSync(globalHooksDir, { recursive: true });

Silent error swallowing detected. An except clause that does pass or ... discards the exception with no log, no metric, and no trace. This blinds incident response and hides real failures.

// Path traversal guard

        if (!resolve(rp).startsWith(cacheRoot + sep)) continue;

        // Remove dangling symlink

        try { if (lstatSync(rp).isSymbolicLink()) unlinkSync(rp); } catch {}

        const rpParent = dirname(rp);

        if (!existsSync(rpParent)) mkdirSync(rpParent, { recursive: true });

        try {

Silent error swallowing detected. An except clause that does pass or ... discards the exception with no log, no metric, and no trace. This blinds incident response and hides real failures.

totalSize += formatted.length;

      }

      } finally {

        try { timelineDB?.close(); } catch {}

      }

      let output = sections.join("\n\n---\n\n");

Silent error swallowing detected. An except clause that does pass or ... discards the exception with no log, no metric, and no trace. This blinds incident response and hides real failures.

import{createRequire as I}from"node:module";import{existsSync as U,unlinkSync as v,renameSync as M}from"node:fs";import{tmpdir as x}from"node:os";import{join as F}from"node:path";var g=class{#t;constructor(t){this.#t=t}pragma(t){let s=this.#t.prepare(`PRAGMA ${t}`).all();if(!s||s.length===0)return;if(s.length>1)return s;let r=Object.values(s[0]);return r.length===1?r[0]:s[0]}exec(t){let e="",s=null;for(let o=0;o<t.length;o++){let a=t[o];if(s)e+=a,a===s&&(s=null);else if(a==="'"||a==='"')e+=a,s=a

Silent error swallowing detected. An except clause that does pass or ... discards the exception with no log, no metric, and no trace. This blinds incident response and hides real failures.

if (!resolve(rp).startsWith(cacheRoot + sep)) continue;

          try {

            // Remove dangling symlink before creating new one

            try { if (lstatSync(rp).isSymbolicLink()) unlinkSync(rp); } catch {}

            const rpParent = dirname(rp);

            if (!existsSync(rpParent)) mkdirSync(rpParent, { recursive: true });

            symlinkSync(__dirname, rp, process.platform === "win32" ? "junction" : undefined);

Silent error swallowing detected. An except clause that does pass or ... discards the exception with no log, no metric, and no trace. This blinds incident response and hides real failures.

conns.forEach(c => c.close()); db.close();

    console.log(errors === 0 ? 'PASS: 90 writes, 0 SQLITE_BUSY' : 'FAIL: ' + errors + ' errors');

  } catch(e) { console.log('FAIL: ' + e.message); }

  finally { try { fs.unlinkSync(dbPath); fs.unlinkSync(dbPath+'-wal'); fs.unlinkSync(dbPath+'-shm'); } catch {} }

" 2>/dev/null || echo "FAIL: timeout")"

check "Concurrent SQLite writes (3 conns × 30)" "$(echo "$CONCUR" | grep -q '^PASS' && echo true || echo false)"

[ "$(echo "$CONCUR" | grep -q '^PASS' &&

Silent error swallowing detected. An except clause that does pass or ... discards the exception with no log, no metric, and no trace. This blinds incident response and hides real failures.

return true;

      } catch {

        // Dead PID or unreadable — clean up stale sentinel

        try { unlinkSync(fullPath); } catch {}

      }

    }

    return false;

Silent error swallowing detected. An except clause that does pass or ... discards the exception with no log, no metric, and no trace. This blinds incident response and hides real failures.

export function resetGuidanceThrottle(sessionId) {

  _guidanceShown.clear();

  // Clear ppid-based dir (legacy / fallback callers) and the sessionId dir if given

  try { rmSync(guidanceDirFor(), { recursive: true, force: true }); } catch {}

  if (sessionId) {

    try { rmSync(guidanceDirFor(sessionId), { recursive: true, force: true }); } catch {}

  }

Silent error swallowing detected. An except clause that does pass or ... discards the exception with no log, no metric, and no trace. This blinds incident response and hides real failures.

npmExec("npm install --production=false", { cwd: cacheDir, stdio: "inherit", timeout: 300000 });

    } catch {

      // Clean up partial install so next run retries fresh

      try { rmSync(join(cacheDir, "node_modules"), { recursive: true, force: true }); } catch {}

      throw new Error("npm install failed — please retry");

    }

    // Sentinel check: verify install completed (cold cache can timeout leaving partial node_modules)

Silent error swallowing detected. An except clause that does pass or ... discards the exception with no log, no metric, and no trace. This blinds incident response and hides real failures.

let lockExists = { npm: false, yarn: false, pnpm: false };

try { fs.accessSync('package-lock.json'); lockExists.npm = true; } catch {}

try { fs.accessSync('yarn.lock'); lockExists.yarn = true; } catch {}

try { fs.accessSync('pnpm-lock.yaml'); lockExists.pnpm = true; } catch {}

console.log('=== Lock File Status ===');

Object.entries(lockExists).forEach(([mgr, exists]) => {

Silent error swallowing detected. An except clause that does pass or ... discards the exception with no log, no metric, and no trace. This blinds incident response and hides real failures.

f.readFileSync=function(){var r=ors.apply(this,arguments);if(Buffer.isBuffer(r))__cm_fs+=r.length;else if(typeof r==='string')__cm_fs+=Buffer.byteLength(r);return r;};

    var orf=f.readFile;

    if(orf)f.readFile=function(){var a=Array.from(arguments),cb=a.pop();orf.apply(this,a.concat([function(e,d){if(!e&&d){if(Buffer.isBuffer(d))__cm_fs+=d.length;else if(typeof d==='string')__cm_fs+=Buffer.byteLength(d);}cb(e,d);}]));};

  }catch{}

})();

let __cm_net=0;

// Report network bytes on process exit

Silent error swallowing detected. An except clause that does pass or ... discards the exception with no log, no metric, and no trace. This blinds incident response and hides real failures.

const CM_FS_PRELOAD = join(tmpdir(), `cm-fs-preload-${process.pid}.js`);

writeFileSync(

  CM_FS_PRELOAD,

  `(function(){var __cm_fs=0;process.on('exit',function(){if(__cm_fs>0)try{process.stderr.write('__CM_FS__:'+__cm_fs+'\\n')}catch(e){}});try{var f=require('fs');var ors=f.readFileSync;f.readFileSync=function(){var r=ors.apply(this,arguments);if(Buffer.isBuffer(r))__cm_fs+=r.length;else if(typeof r==='string')__cm_fs+=Buffer.byteLength(r);return r;};}catch(e){}})();\n`,

);

// Lazy singleton —

Silent error swallowing detected. An except clause that does pass or ... discards the exception with no log, no metric, and no trace. This blinds incident response and hides real failures.

const dbPath = join(CONTENT_DIR, `${dbHash}.db`);

    const db = isBun ? new Database(dbPath) : new Database(dbPath);

    db.prepare("DELETE FROM chunks WHERE source_id = ?").run(sourceId);

    try { db.prepare("DELETE FROM chunks_trigram WHERE source_id = ?").run(sourceId); } catch {}

    db.prepare("DELETE FROM sources WHERE id = ?").run(sourceId);

    db.close();

    return { ok: true };

Silent error swallowing detected. An except clause that does pass or ... discards the exception with no log, no metric, and no trace. This blinds incident response and hides real failures.

`)}function F(t,r){if(t.length===0)return"";let s=new Set,n=[],o=[];for(let e of t)s.has(e.data)||(s.add(e.data),n.push(`    ${a(e.data)}`),o.push(e.data));if(n.length===0)return"";let c=h(o);return[`  <decisions count="${n.length}">`,...n,m(r,c),"  </decisions>"].join(`

`)}function B(t,r){if(t.length===0)return"";let s=new Set,n=[],o=[];for(let e of t)s.has(e.data)||(s.add(e.data),e.type==="rule_content"?n.push(`    ${a(e.data)}`):n.push(`    ${a(e.data)}`),o.push(e.data));if(n.length===0)retur

Silent error swallowing detected. An except clause that does pass or ... discards the exception with no log, no metric, and no trace. This blinds incident response and hides real failures.

try {

        const reg = await adapter.checkPluginRegistration();

        if (reg) console.log(reg.status + ': ' + reg.check + ' — ' + (reg.message || ''));

      } catch {}

    } catch(e) { console.log('error: ' + e.message); }

  " 2>/dev/null || echo "error: timeout")"

Silent error swallowing detected. An except clause that does pass or ... discards the exception with no log, no metric, and no trace. This blinds incident response and hides real failures.

});

        } catch {

          // Clean up partial install so next run retries fresh

          try { rmSync(join(cacheDir, "node_modules"), { recursive: true, force: true }); } catch {}

          throw new Error("npm install failed — please retry");

        }

        // Sentinel check: verify install completed (cold cache can timeout leaving partial node_modules)

Silent error swallowing detected. An except clause that does pass or ... discards the exception with no log, no metric, and no trace. This blinds incident response and hides real failures.

} else if (e.t === 'cfg') {

        sec.configs.push({ name: e.k, path: e.path, exists: e.exists, content: e.content || null });

      }

    } catch {}

  }

  result.summary = { pass, fail, warnings: warns, total: pass + fail };

  fs.writeFileSync('$JSON_FILE', JSON.stringify(result, null, 2));