Middleware for injecting local context into system prompt.
Detects git state, project structure, package managers, runtimes, and directory layout by running a bash script via the backend. Because the script executes inside the backend (local shell or remote sandbox), the same detection logic works regardless of where the agent runs.
Neutralize control characters and deceptive Unicode in untrusted text.
Untrusted strings (MCP server errors, config-file contents, tool output)
can carry ANSI escape sequences, other control characters, or invisible
Unicode that corrupts the terminal, breaks out of a layout, or injects fake
lines into logs and prompts. This first removes the invisible/bidi code
points flagged by strip_dangerous_unicode, then replaces every remaining
Unicode "Other" (control/format) character with a space.
Concatenate all section functions into the full detection script.
Independent sections run as parallel background jobs writing to temp files, then results are concatenated in the original display order. The header (CWD / IN_GIT) and project section (sets ROOT) run first because later sections depend on their variables.
Metadata for a configured MCP server and its tools.
State for local context middleware.
Inject local context (git state, project structure, etc.) into the system prompt.
Runs a bash detection script via backend.execute() on first interaction
and again after each summarization event, stores the result in state, and
appends it to the system prompt on every model call.
Because the script runs inside the backend, it works for both local shells and remote sandboxes.
