kairos-chain 3.8.0 → 3.9.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b7d045865d5f35b2ceba8abf858cc33219f88690feaf5591183b20154cda36e4
-  data.tar.gz: f333e43070e2268da45be99949d3c85217bfcf2a5d7d691e707fbe26f5b96796
+  metadata.gz: 4facdf3bcb070b304f05d2ba2edd1d115e2f743db24c47864d953280da4c80f0
+  data.tar.gz: debbc87b1676e18e7a3ff200132d956ac8531324aecbf957e625fc6e8cdab059
 SHA512:
-  metadata.gz: 4951cb6216a2f85212c12882c02337fc86e2a8abd906bcfd1322ca7d23760226692608a92626ea807c7a67b44c3f94b6eadd96ef88a6125a551dcca30a951954
-  data.tar.gz: ccf714bf15d9b54219373f9a83560943fcff476cb700a459cf5d62b5c02c02ce87c0986bf81d8b5b3d7c9708b1eb58c94c5e1ecb96c5c5909ec9bf6f562c1d78
+  metadata.gz: af08ba6ddefba694090ca8f989b215ae80e2417e794ad3f3ece1bfb8b73e8aa428c1ea636e2ad9278a268b6f95435a180c043a96db15293e2f3351c2c2efc10b
+  data.tar.gz: c4d15cc38e425154e64cfd5aa52c80c939c3f00ce4ed8d0036c12e282816c0f320dae27bac46df968a8c74d1ac926037b0883244b7ed64827ff16dec18cc4c84

data/CHANGELOG.md

@@ -4,6 +4,38 @@ All notable changes to the `kairos-chain` gem will be documented in this file.
 
 This project follows [Semantic Versioning](https://semver.org/).
 
+## [3.9.0] - 2026-03-30
+
+### Added
+
+- **agent_execute** — Claude Code subprocess delegation for file operations
+  - Delegates Read/Edit/Write/Glob/Grep to a sandboxed `claude -p` subprocess
+  - `--permission-mode acceptEdits` for auto-approval of file edits
+  - `--output-format stream-json` for structured result parsing (files_modified, tool_calls)
+  - 8 security layers: Agent blacklist, tool restriction, Bash gating (requires
+    `Bash(pattern)` in allowed_tools), acceptEdits mode, env scrubbing
+    (unsetenv_others: true), project root lock, --max-budget-usd (clamped to
+    agent.yml max), external timeout (SIGTERM -> SIGKILL)
+  - Configurable via `agent.yml` `agent_execute:` section
+  - Design: 2 rounds x 2-3 LLMs. Implementation: 1 round x 3 LLMs.
+
+- **Agent ACT routing** — automatic delegation based on task plan
+  - `requires_file_operations?` detects Edit/Write/Read/Bash in task steps
+  - File operations route to `agent_execute`; MCP tools route to `autoexec_run`
+  - Context injection via `--append-system-prompt` (goal + progress)
+
+- **SkillSet discovery & install** via `system_upgrade`
+  - `system_upgrade command="skillsets"` lists all available SkillSets with status
+  - New SkillSets in gem templates auto-detected by `upgrade_check`
+  - `system_upgrade command="apply" names=["dream"]` installs specific SkillSets
+  - `available_skillsets` method on SkillSetManager
+
+### Fixed
+
+- `ClaudeCodeAdapter`: removed invalid `--max-turns 1` flag (not in claude CLI)
+- `agent_execute` blacklist: properly removes `agent_*` wildcard + re-adds other agent tools
+- `agent_execute` error propagation: subprocess failures now set `error` key for ACT gates
+
 ## [3.8.0] - 2026-03-30
 
 ### Added

data/lib/kairos_mcp/skillset_manager.rb

@@ -131,14 +131,18 @@ module KairosMcp
       { success: true, name: installed.name, version: installed.version, layer: installed.layer, path: dest }
     end
 
-    # Check for available SkillSet upgrades from gem templates
+    # Check for available SkillSet upgrades from gem templates.
+    # Also detects NEW SkillSets in templates that are not yet installed.
     #
-    # @return [Array<Hash>] List of upgradable skillsets with version info
+    # @return [Array<Hash>] List of upgradable/new skillsets with version info
     def upgrade_check
       results = []
       templates_dir = File.join(KairosMcp.gem_root, 'templates', 'skillsets')
       return results unless File.directory?(templates_dir)
 
+      installed_names = all_skillsets.map(&:name)
+
+      # Check existing installed SkillSets for upgrades
       all_skillsets.each do |installed|
         template_path = File.join(templates_dir, installed.name)
         next unless File.directory?(template_path)
@@ -157,17 +161,39 @@ module KairosMcp
             installed_version: installed.version,
             available_version: template_ss.version,
             version_bump: template_ver > installed_ver,
-            changed_files: changed_files
+            changed_files: changed_files,
+            new_skillset: false
           }
         end
       end
 
+      # Detect NEW SkillSets in templates not yet installed
+      Dir.children(templates_dir).sort.each do |name|
+        template_path = File.join(templates_dir, name)
+        next unless File.directory?(template_path)
+        next if installed_names.include?(name)
+
+        template_ss = Skillset.new(template_path)
+        next unless template_ss.valid?
+
+        results << {
+          name: name,
+          installed_version: nil,
+          available_version: template_ss.version,
+          description: template_ss.description,
+          version_bump: false,
+          changed_files: [],
+          new_skillset: true
+        }
+      end
+
       results
     end
 
-    # Apply SkillSet upgrades from gem templates
+    # Apply SkillSet upgrades from gem templates.
+    # Handles both upgrades (existing) and new installs.
     #
-    # @param names [Array<String>, nil] specific names to upgrade, or nil for all
+    # @param names [Array<String>, nil] specific names to upgrade/install, or nil for all
     # @return [Array<Hash>] results
     def upgrade_apply(names: nil)
       upgrades = upgrade_check
@@ -176,24 +202,61 @@ module KairosMcp
       results = []
       upgrades.each do |info|
         template_path = File.join(KairosMcp.gem_root, 'templates', 'skillsets', info[:name])
-        dest = File.join(@skillsets_dir, info[:name])
 
-        info[:changed_files].each do |rel_path|
-          src = File.join(template_path, rel_path)
-          dst = File.join(dest, rel_path)
-          FileUtils.mkdir_p(File.dirname(dst))
-          FileUtils.cp(src, dst) if File.exist?(src)
-        end
+        if info[:new_skillset]
+          # Install new SkillSet from template
+          result = install(template_path)
+          results << { name: info[:name], from: nil, to: info[:available_version],
+                       action: 'installed', files_updated: 0 }
+        else
+          # Upgrade existing: copy changed files
+          dest = File.join(@skillsets_dir, info[:name])
+          info[:changed_files].each do |rel_path|
+            src = File.join(template_path, rel_path)
+            dst = File.join(dest, rel_path)
+            FileUtils.mkdir_p(File.dirname(dst))
+            FileUtils.cp(src, dst) if File.exist?(src)
+          end
 
-        installed = Skillset.new(dest)
-        record_skillset_event(installed, 'upgrade')
-        results << { name: info[:name], from: info[:installed_version], to: info[:available_version],
-                     files_updated: info[:changed_files].size }
+          installed = Skillset.new(dest)
+          record_skillset_event(installed, 'upgrade')
+          results << { name: info[:name], from: info[:installed_version], to: info[:available_version],
+                       action: 'upgraded', files_updated: info[:changed_files].size }
+        end
       end
 
       results
     end
 
+    # List all available SkillSets from gem templates with install status.
+    #
+    # @return [Array<Hash>] list with name, version, description, installed status
+    def available_skillsets
+      templates_dir = File.join(KairosMcp.gem_root, 'templates', 'skillsets')
+      return [] unless File.directory?(templates_dir)
+
+      installed_map = all_skillsets.each_with_object({}) { |ss, h| h[ss.name] = ss }
+
+      Dir.children(templates_dir).sort.filter_map do |name|
+        template_path = File.join(templates_dir, name)
+        next unless File.directory?(template_path)
+
+        template_ss = Skillset.new(template_path)
+        next unless template_ss.valid?
+
+        installed = installed_map[name]
+        {
+          name: name,
+          available_version: template_ss.version,
+          description: template_ss.description,
+          installed: !installed.nil?,
+          installed_version: installed&.version,
+          enabled: installed ? enabled?(name) : false,
+          upgrade_available: installed ? Gem::Version.new(template_ss.version) > Gem::Version.new(installed.version) : false
+        }
+      end
+    end
+
     # Remove a SkillSet
     def remove(name)
       skillset = find_skillset(name)

data/lib/kairos_mcp/tools/system_upgrade.rb

@@ -57,12 +57,18 @@ module KairosMcp
           properties: {
             command: {
               type: 'string',
-              description: 'Command: "check", "preview", "apply", or "status"',
-              enum: %w[check preview apply status]
+              description: 'Command: "check", "preview", "apply", "status", or "skillsets". ' \
+                '"skillsets" lists all available SkillSets with install status.',
+              enum: %w[check preview apply status skillsets]
             },
             approved: {
               type: 'boolean',
               description: 'Set to true to approve and apply the upgrade (required for apply command)'
+            },
+            names: {
+              type: 'array',
+              items: { type: 'string' },
+              description: 'Specific SkillSet names to install/upgrade (optional, for apply command)'
             }
           },
           required: ['command']
@@ -72,6 +78,7 @@ module KairosMcp
       def call(arguments)
         command = arguments['command']
         approved = arguments['approved'] || false
+        names = arguments['names']
 
         case command
         when 'check'
@@ -79,11 +86,13 @@ module KairosMcp
         when 'preview'
           handle_preview
         when 'apply'
-          handle_apply(approved)
+          handle_apply(approved, names: names)
         when 'status'
           handle_status
+        when 'skillsets'
+          handle_skillsets
         else
-          text_content("Unknown command: #{command}. Use check, preview, apply, or status.")
+          text_content("Unknown command: #{command}. Use check, preview, apply, status, or skillsets.")
         end
       end
 
@@ -122,6 +131,18 @@ module KairosMcp
           output += "No upgrade needed. Data directory is up to date.\n"
         end
 
+        # SkillSet status (always show, even if no L0/L1 upgrade needed)
+        ss_info = skillset_upgrade_summary
+        if ss_info[:new_count] > 0 || ss_info[:upgrade_count] > 0
+          output += "\n### SkillSets\n"
+          output += "  New available: #{ss_info[:new_count]}\n" if ss_info[:new_count] > 0
+          output += "  Upgrades available: #{ss_info[:upgrade_count]}\n" if ss_info[:upgrade_count] > 0
+          ss_info[:new_names].each { |n| output += "    + #{n[:name]} (#{n[:version]}) — #{n[:description]}\n" }
+          output += "\nRun `system_upgrade command=\"skillsets\"` for full list.\n"
+          output += "Run `system_upgrade command=\"apply\" approved=true` to install all.\n"
+          output += "Run `system_upgrade command=\"apply\" approved=true names=[\"dream\"]` to install specific.\n"
+        end
+
         text_content(output)
       end
 
@@ -207,7 +228,7 @@ module KairosMcp
       # =====================================================================
       # apply — Execute the upgrade
       # =====================================================================
-      def handle_apply(approved)
+      def handle_apply(approved, names: nil)
         unless approved
           return text_content(
             "Upgrade requires approval.\n\n" \
@@ -318,6 +339,27 @@ module KairosMcp
           end
         end
 
+        # Apply SkillSet upgrades/installs
+        begin
+          ss_mgr = KairosMcp::SkillSetManager.new
+          ss_results = ss_mgr.upgrade_apply(names: names)
+          if ss_results.any?
+            output += "\n## SkillSets\n\n"
+            ss_results.each do |r|
+              if r[:action] == 'installed'
+                actions[:skillsets_installed] = (actions[:skillsets_installed] || []) << r[:name]
+                output += "  [INSTALLED] #{r[:name]} v#{r[:to]}\n"
+              else
+                actions[:skillsets_upgraded] = (actions[:skillsets_upgraded] || []) << r[:name]
+                output += "  [UPGRADED] #{r[:name]} v#{r[:from]} → v#{r[:to]} (#{r[:files_updated]} files)\n"
+              end
+            end
+          end
+        rescue => e
+          output += "\n## SkillSets\n\n"
+          output += "  [ERROR] SkillSet upgrade failed: #{e.message}\n"
+        end
+
         # Update .kairos_meta.yml
         update_meta(analyzer.gem_version)
         output += "\n  [UPDATED] .kairos_meta.yml → v#{analyzer.gem_version}\n"
@@ -392,10 +434,63 @@ module KairosMcp
         text_content(output)
       end
 
+      # =====================================================================
+      # skillsets — List all available SkillSets with install status
+      # =====================================================================
+      def handle_skillsets
+        ss_mgr = KairosMcp::SkillSetManager.new
+        available = ss_mgr.available_skillsets
+
+        output = "# Available SkillSets\n\n"
+        output += "| Name | Available | Installed | Status |\n"
+        output += "|------|-----------|-----------|--------|\n"
+
+        available.each do |ss|
+          status = if !ss[:installed]
+                     'Not installed'
+                   elsif ss[:upgrade_available]
+                     "Upgrade: #{ss[:installed_version]} -> #{ss[:available_version]}"
+                   elsif ss[:enabled]
+                     'Installed, enabled'
+                   else
+                     'Installed, disabled'
+                   end
+          output += "| #{ss[:name]} | #{ss[:available_version]} | #{ss[:installed_version] || '-'} | #{status} |\n"
+        end
+
+        not_installed = available.select { |ss| !ss[:installed] }
+        if not_installed.any?
+          output += "\n## Not Installed\n\n"
+          not_installed.each do |ss|
+            output += "- **#{ss[:name]}** v#{ss[:available_version]}"
+            output += " — #{ss[:description]}" if ss[:description]
+            output += "\n"
+          end
+          output += "\nTo install: `system_upgrade command=\"apply\" approved=true names=[\"#{not_installed.first[:name]}\"]`\n"
+          output += "To install all: `system_upgrade command=\"apply\" approved=true`\n"
+        end
+
+        text_content(output)
+      end
+
       # =====================================================================
       # Helpers
       # =====================================================================
 
+      def skillset_upgrade_summary
+        ss_mgr = KairosMcp::SkillSetManager.new
+        checks = ss_mgr.upgrade_check
+        new_ss = checks.select { |c| c[:new_skillset] }
+        upgrades = checks.reject { |c| c[:new_skillset] }
+        {
+          new_count: new_ss.size,
+          upgrade_count: upgrades.size,
+          new_names: new_ss.map { |s| { name: s[:name], version: s[:available_version], description: s[:description] } }
+        }
+      rescue StandardError
+        { new_count: 0, upgrade_count: 0, new_names: [] }
+      end
+
       def pattern_icon(pattern)
         case pattern
         when :unchanged then 'OK'

data/lib/kairos_mcp/version.rb

@@ -1,4 +1,4 @@
 module KairosMcp
-  VERSION = "3.8.0"
+  VERSION = "3.9.0"
   CHANGELOG_URL = "https://github.com/masaomi/KairosChain_2026/blob/main/CHANGELOG.md"
 end

data/templates/skillsets/agent/config/agent.yml

@@ -35,6 +35,7 @@ tool_blacklist:
   - "challenge_*"
   - "autoexec_plan"
   - "autoexec_run"
+  - "agent_execute"
   # MCP client: user-only (requires token)
   - "mcp_connect"
   - "mcp_disconnect"
@@ -52,5 +53,14 @@ autonomous:
   min_cycles_before_exit: 2      # confidence exit disabled for first N cycles
   confidence_exit_threshold: 0.9 # minimum confidence for early exit
 
+# agent_execute: Claude Code subprocess delegation for file operations
+agent_execute:
+  default_tools: ["Read", "Edit", "Write", "Glob", "Grep"]
+  default_model: "sonnet"
+  default_timeout: 120
+  max_timeout: 600
+  default_budget_usd: 0.50
+  max_budget_usd: 2.00
+
 # Audit
 audit_level: summary

data/templates/skillsets/agent/tools/agent_execute.rb

@@ -0,0 +1,311 @@
+# frozen_string_literal: true
+
+require 'json'
+require 'open3'
+require 'set'
+
+module KairosMcp
+  module SkillSets
+    module Agent
+      module Tools
+        class AgentExecute < KairosMcp::Tools::BaseTool
+          DEFAULT_TOOLS = %w[Read Edit Write Glob Grep].freeze
+          # Include auth + config vars Claude Code needs to function
+          SAFE_ENV_VARS = %w[
+            PATH HOME LANG LC_ALL TERM USER SHELL TMPDIR
+            XDG_CONFIG_HOME XDG_DATA_HOME
+            ANTHROPIC_API_KEY CLAUDE_CODE_USE_BEDROCK
+            AWS_PROFILE AWS_REGION AWS_DEFAULT_REGION
+          ].freeze
+          MAX_OUTPUT_BYTES = 1_048_576  # 1MB
+          MAX_STDERR_BYTES = 1_048_576  # 1MB
+          DEFAULT_TIMEOUT = 120
+          MAX_TIMEOUT = 600
+          DEFAULT_BUDGET_USD = 0.50
+
+          def name
+            'agent_execute'
+          end
+
+          def description
+            'Execute a software engineering task via Claude Code subprocess. ' \
+              'Delegates file operations (Read/Edit/Write) to a sandboxed Claude Code instance. ' \
+              'Bash is excluded by default; requires allowed_tools patterns (e.g., Bash(git:*)). ' \
+              'Mandate risk_budget is enforced at the ACT routing level, not within this tool.'
+          end
+
+          def category
+            :agent
+          end
+
+          def usecase_tags
+            %w[agent execute file edit code subprocess]
+          end
+
+          def related_tools
+            %w[agent_start agent_step autoexec_run]
+          end
+
+          def input_schema
+            {
+              type: 'object',
+              properties: {
+                task: {
+                  type: 'string',
+                  description: 'Task description for Claude Code to execute'
+                },
+                context: {
+                  type: 'string',
+                  description: 'Goal/progress context injected via --append-system-prompt (optional)'
+                },
+                tools: {
+                  type: 'array', items: { type: 'string' },
+                  description: 'Tools to enable (default: Read,Edit,Write,Glob,Grep). ' \
+                    'Add "Bash" for shell access (requires risk_budget: medium + allowed_tools patterns).'
+                },
+                allowed_tools: {
+                  type: 'array', items: { type: 'string' },
+                  description: 'Fine-grained tool patterns for --allowedTools (e.g., "Bash(git:*) Bash(ruby:*)")'
+                },
+                timeout: {
+                  type: 'integer',
+                  description: "Timeout in seconds (default: #{DEFAULT_TIMEOUT}, max: #{MAX_TIMEOUT})"
+                },
+                max_budget_usd: {
+                  type: 'number',
+                  description: "Max API cost in USD (default: #{DEFAULT_BUDGET_USD})"
+                },
+                model: {
+                  type: 'string',
+                  description: 'Model override (default: sonnet for speed)'
+                }
+              },
+              required: ['task']
+            }
+          end
+
+          def call(arguments)
+            task = arguments['task']
+            return error_text('task is required') if task.nil? || task.strip.empty?
+
+            context = arguments['context']
+            tools = arguments['tools'] || agent_execute_config('default_tools', DEFAULT_TOOLS).dup
+            allowed_tools_patterns = arguments['allowed_tools']
+            cfg_max_timeout = agent_execute_config('max_timeout', MAX_TIMEOUT).to_i
+            cfg_default_timeout = agent_execute_config('default_timeout', DEFAULT_TIMEOUT).to_i
+            timeout = [[arguments['timeout'] || cfg_default_timeout, 1].max, cfg_max_timeout].min
+            model = arguments['model'] || agent_execute_config('default_model', 'sonnet')
+
+            # Clamp budget to configured max
+            config_max = agent_execute_config('max_budget_usd', 2.0).to_f
+            raw_budget = arguments['max_budget_usd'] || agent_execute_config('default_budget_usd', DEFAULT_BUDGET_USD).to_f
+            budget = [raw_budget, config_max].min
+
+            # Bash gating: require fine-grained patterns and risk_budget: medium
+            if tools.include?('Bash')
+              unless allowed_tools_patterns&.any? { |p| p.start_with?('Bash(') }
+                return error_text(
+                  "Bash requires fine-grained patterns via allowed_tools (e.g., 'Bash(git:*)'). " \
+                  "Unrestricted Bash is not permitted."
+                )
+              end
+              # Check mandate risk_budget if available via invocation context
+              if @safety&.respond_to?(:current_user)
+                # In autonomous mode, risk_budget is checked at the mandate level
+                # agent_execute trusts that the ACT phase has already passed Gate 5
+              end
+            end
+
+            safe_env = build_safe_env
+            args = build_args(tools, allowed_tools_patterns, budget, model, context)
+
+            # Verify claude CLI exists using the same scrubbed env
+            _out, _err, st = Open3.capture3(safe_env, 'which', 'claude', unsetenv_others: true)
+            unless st.success?
+              return error_text('Claude Code CLI not found. Install: https://docs.anthropic.com/en/docs/claude-code')
+            end
+            root = project_root
+
+            result = execute_with_timeout(safe_env, args, task, timeout, root)
+            text_content(JSON.generate(result))
+          rescue SubprocessTimeout => e
+            text_content(JSON.generate({
+              'status' => 'timeout', 'error' => e.message, 'timeout_seconds' => timeout
+            }))
+          rescue StandardError => e
+            error_text("#{e.class}: #{e.message}")
+          end
+
+          private
+
+          class SubprocessTimeout < StandardError; end
+
+          def build_args(tools, allowed_tools_patterns, budget, model, context)
+            args = ['claude', '-p',
+                    '--output-format', 'stream-json',
+                    '--permission-mode', 'acceptEdits',
+                    '--tools', tools.join(','),
+                    '--max-budget-usd', budget.to_s,
+                    '--model', model]
+
+            if allowed_tools_patterns && !allowed_tools_patterns.empty?
+              args += ['--allowedTools', allowed_tools_patterns.join(',')]
+            end
+
+            if context && !context.strip.empty?
+              args += ['--append-system-prompt', context]
+            end
+
+            args
+          end
+
+          def build_safe_env
+            env = {}
+            SAFE_ENV_VARS.each { |k| env[k] = ENV[k] if ENV[k] }
+            env
+          end
+
+          def execute_with_timeout(env, args, task, timeout, root)
+            stdout_data = +''
+            stderr_data = +''
+            pid = nil
+
+            Open3.popen3(env, *args, unsetenv_others: true, chdir: root) do |stdin, stdout, stderr, wait_thr|
+              pid = wait_thr.pid
+              stdin.write(task)
+              stdin.close
+
+              deadline = Process.clock_gettime(Process::CLOCK_MONOTONIC) + timeout
+              readers = [stdout, stderr]
+
+              until readers.empty?
+                remaining = deadline - Process.clock_gettime(Process::CLOCK_MONOTONIC)
+                if remaining <= 0
+                  kill_process(pid)
+                  wait_thr.join(5)
+                  raise SubprocessTimeout, "Timed out after #{timeout}s"
+                end
+
+                ready = IO.select(readers, nil, nil, [remaining, 5].min)
+                next unless ready
+
+                ready[0].each do |io|
+                  begin
+                    chunk = io.read_nonblock(65536)
+                    if io == stdout
+                      stdout_data << chunk
+                      if stdout_data.bytesize > MAX_OUTPUT_BYTES
+                        kill_process(pid)
+                        wait_thr.join(5)
+                        stdout_data = stdout_data.byteslice(0, MAX_OUTPUT_BYTES)
+                        return parse_stream_output(stdout_data, truncated: true)
+                      end
+                    else
+                      stderr_data << chunk
+                      stderr_data = stderr_data.byteslice(0, MAX_STDERR_BYTES) if stderr_data.bytesize > MAX_STDERR_BYTES
+                    end
+                  rescue IO::WaitReadable, Errno::EAGAIN
+                    # Spurious readability — retry on next select
+                  rescue EOFError
+                    readers.delete(io)
+                  end
+                end
+              end
+
+              # IO done — wait for process with timeout guard
+              remaining = deadline - Process.clock_gettime(Process::CLOCK_MONOTONIC)
+              if remaining > 0
+                unless wait_thr.join([remaining, 30].min)
+                  kill_process(pid)
+                  wait_thr.join(5)
+                  raise SubprocessTimeout, "Process did not exit after IO closed (#{timeout}s deadline)"
+                end
+              else
+                kill_process(pid)
+                wait_thr.join(5)
+                raise SubprocessTimeout, "Timed out after #{timeout}s"
+              end
+
+              result = parse_stream_output(stdout_data)
+              result['exit_status'] = wait_thr.value&.exitstatus
+              result['stderr'] = stderr_data[0..500] unless stderr_data.empty?
+              result
+            end
+          end
+
+          def kill_process(pid)
+            Process.kill('TERM', pid)
+            sleep 2
+            Process.kill('KILL', pid) rescue nil
+          rescue Errno::ESRCH
+            # Already dead
+          end
+
+          def parse_stream_output(raw, truncated: false)
+            lines = raw.split("\n").filter_map { |l| JSON.parse(l) rescue nil }
+
+            result_msg = lines.find { |l| l['type'] == 'result' }
+
+            tool_uses = lines.select { |l|
+              l['type'] == 'assistant' &&
+                l.dig('message', 'content')&.any? { |c| c['type'] == 'tool_use' }
+            }
+
+            files_modified = extract_modified_files(tool_uses)
+
+            {
+              'status' => result_msg ? 'ok' : 'no_result',
+              'result' => result_msg&.dig('result') || '',
+              'files_modified' => files_modified,
+              'tool_calls_count' => tool_uses.size,
+              'truncated' => truncated,
+              'is_error' => result_msg&.dig('is_error') || false
+            }
+          end
+
+          def extract_modified_files(tool_uses)
+            files = Set.new
+            tool_uses.each do |tu|
+              (tu.dig('message', 'content') || []).each do |c|
+                next unless c['type'] == 'tool_use'
+                input = c['input'] || {}
+                case c['name']
+                when 'Edit', 'Write'
+                  files << input['file_path'] if input['file_path']
+                end
+              end
+            end
+            files.to_a
+          end
+
+          def project_root
+            if defined?(KairosMcp) && KairosMcp.respond_to?(:data_dir)
+              root = File.dirname(KairosMcp.data_dir)
+              return root if File.directory?(root)
+            end
+            Dir.pwd
+          end
+
+          def agent_execute_config(key, default = nil)
+            @_agent_yml_cache ||= begin
+              config_path = File.join(__dir__, '..', 'config', 'agent.yml')
+              if File.exist?(config_path)
+                require 'yaml'
+                YAML.safe_load(File.read(config_path)) || {}
+              else
+                {}
+              end
+            rescue StandardError
+              {}
+            end
+            @_agent_yml_cache.dig('agent_execute', key) || default
+          end
+
+          def error_text(message)
+            text_content(JSON.generate({ 'status' => 'error', 'error' => message }))
+          end
+        end
+      end
+    end
+  end
+end

data/templates/skillsets/agent/tools/agent_step.rb

@@ -553,11 +553,30 @@ module KairosMcp
           end
 
           def run_act(session, decision_payload)
+            task_json = decision_payload['task_json']
+
+            # Route: file operations → agent_execute; MCP tools → autoexec
+            if requires_file_operations?(task_json)
+              run_act_via_agent_execute(session, decision_payload)
+            else
+              run_act_via_autoexec(session, decision_payload)
+            end
+          rescue StandardError => e
+            { 'error' => "ACT failed: #{e.message}" }
+          end
+
+          FILE_TOOL_NAMES = %w[Edit Write Read Bash file_edit file_write file_read].freeze
+
+          def requires_file_operations?(task_json)
+            steps = task_json&.dig('steps') || []
+            steps.any? { |s| FILE_TOOL_NAMES.include?(s['tool_name']) }
+          end
+
+          def run_act_via_autoexec(session, decision_payload)
             act_ctx = session.invocation_context.derive(
               blacklist_remove: %w[autoexec_plan autoexec_run]
             )
 
-            # Create plan
             plan_result = invoke_tool('autoexec_plan', {
               'task_json' => JSON.generate(decision_payload['task_json'])
             }, context: act_ctx)
@@ -568,7 +587,6 @@ module KairosMcp
             task_id = plan_parsed['task_id']
             plan_hash = plan_parsed['plan_hash']
 
-            # Execute
             run_result = invoke_tool('autoexec_run', {
               'task_id' => task_id,
               'mode' => 'internal_execute',
@@ -583,8 +601,62 @@ module KairosMcp
               'execution' => run_parsed,
               'summary' => run_parsed['status'] == 'ok' ? 'completed' : 'failed'
             }
-          rescue StandardError => e
-            { 'error' => "ACT failed: #{e.message}" }
+          end
+
+          def run_act_via_agent_execute(session, decision_payload)
+            # Must remove both the exact entry AND the wildcard 'agent_*' to unblock agent_execute.
+            # Re-add other agent tools to keep them blocked.
+            act_ctx = session.invocation_context.derive(
+              blacklist_remove: %w[agent_execute agent_*],
+              blacklist_add: %w[agent_start agent_step agent_status agent_stop]
+            )
+
+            context = build_agent_execute_context(session)
+            task_summary = decision_payload['summary'] || ''
+            task_detail = format_steps_as_instructions(decision_payload['task_json'])
+
+            result = invoke_tool('agent_execute', {
+              'task' => "#{task_summary}\n\n#{task_detail}",
+              'context' => context
+            }, context: act_ctx)
+
+            parsed = JSON.parse(result.map { |b| b[:text] || b['text'] }.compact.join)
+
+            # Propagate subprocess failures as 'error' for ACT failure gates
+            error_msg = nil
+            unless parsed['status'] == 'ok'
+              error_msg = parsed['error'] || "agent_execute #{parsed['status']}: #{parsed['result'].to_s[0..200]}"
+            end
+
+            {
+              'execution' => parsed,
+              'files_modified' => parsed['files_modified'] || [],
+              'tool_calls_count' => parsed['tool_calls_count'] || 0,
+              'summary' => parsed['status'] == 'ok' ? 'completed' : 'failed',
+              'error' => error_msg
+            }
+          end
+
+          def build_agent_execute_context(session)
+            parts = ["Goal: #{session.goal_name}",
+                     "Cycle: #{session.cycle_number + 1}"]
+            progress = session.load_progress
+            unless progress.empty?
+              parts << "Previous cycles:"
+              progress.last(3).each { |p|
+                parts << "  Cycle #{p['cycle']}: #{p['act_summary']} (confidence: #{p['confidence']})"
+              }
+            end
+            parts.join("\n")
+          end
+
+          def format_steps_as_instructions(task_json)
+            steps = task_json&.dig('steps') || []
+            return '(no steps)' if steps.empty?
+
+            steps.map.with_index(1) { |s, i|
+              "Step #{i}: #{s['action'] || s['tool_name']} — #{s.dig('tool_arguments', 'description') || s['tool_arguments'].to_json}"
+            }.join("\n")
           end
 
           # Parse REFLECT response, handling code fences and nested JSON

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: kairos-chain
 version: !ruby/object:Gem::Version
-  version: 3.8.0
+  version: 3.9.0
 platform: ruby
 authors:
 - Masaomi Hatakeyama
@@ -218,6 +218,7 @@ files:
 - templates/skillsets/agent/test/test_agent_m2.rb
 - templates/skillsets/agent/test/test_agent_m3.rb
 - templates/skillsets/agent/test/test_agent_m4.rb
+- templates/skillsets/agent/tools/agent_execute.rb
 - templates/skillsets/agent/tools/agent_start.rb
 - templates/skillsets/agent/tools/agent_status.rb
 - templates/skillsets/agent/tools/agent_step.rb