@amistio/cli 0.1.16 → 0.1.18

package/README.md

@@ -39,6 +39,8 @@ Provider-backed model preferences use sanitized catalog fields: `--provider`, `-
 
 When `--tool copilot` uses the GitHub Copilot SDK, Amistio approves read-only permission requests by default and denies mutating, network, MCP, hook, memory, and shell requests. Set `AMISTIO_COPILOT_APPROVE_ALL=1` only on a local machine where broad Copilot SDK approval is intentional.
 
+When `--tool codex` uses the Codex SDK, intermediate progress can be quiet until the final response. For live Codex CLI logs, run `amistio run --watch --tool codex --invocation-channel command`.
+
 `amistio runner status` reports local background runner state, latest heartbeat, and bounded resource usage when available. Resource usage is latest-sample runner process memory/CPU plus safe aggregate system memory/load signals; it does not include source files, environment variables, command lines, process lists, credentials, or arbitrary local paths.
 
 The runner advertises its supported work kinds in heartbeats. Current runners can claim read-only `projectContextRefresh` jobs from the workspace Context panel and create due runner-driven refreshes when no fresh approved map exists. Context refreshes inspect the paired checkout locally without modifying files and submit only bounded summaries, slices, entities, relations, safe citations, confidence, freshness, and repo-relative paths. If a submitted context refresh contains unsafe evidence, unsafe paths, or a map too large to store safely, Amistio marks the refresh failed with a safe reason instead of storing the rejected raw result. Approved maps are reused as context packs for source-aware assistant and impact-preview work. Current runners can also claim read-only issue diagnosis jobs from the web Issues panel, generate root-cause analysis and a proposed fix, and submit that result without modifying source. They can claim manual read-only `appEvaluationScan` jobs from the workspace Evaluate panel and create at most one due hourly evaluation during normal watch/background polling when app evaluation is enabled for the repository link. Evaluation results contain bounded summaries, safe evidence, suggested actions, lifecycle proposals, and repo-relative paths only. Current runners can also claim manual read-only `securityPostureScan` jobs from the workspace Security panel and create due daily posture checks during normal watch/background polling. Security scan results contain bounded summaries, standard references, safe evidence, and repo-relative paths only; source, secrets, environment variables, command lines, process lists, credentials, provider sessions, and arbitrary local paths stay local. Implementation or cleanup is queued separately only after the user approves an issue analysis, app evaluation finding, or security remediation plan in the app.
@@ -49,6 +51,8 @@ Runner setup and local-tool execution use bounded failure controls. `amistio run
 
 Watch mode prints a completed-work success once per work item, keeps fresh completion visible briefly, and returns old completed work to the ready state when no queued, running, blocked, failed, review, or runner-readiness action needs attention.
 
+Known validation failures such as `unsafe_context_path` are printed with attention-needed next steps. For project-context refresh path-safety failures, deploy the latest web/API fix, update and restart the runner when applicable, retry the refresh, and capture only bounded non-secret output if it repeats.
+
 For headless startup after login on supported user-level service managers:
 
 ```sh

package/dist/index.js

@@ -1583,6 +1583,73 @@ function decideSyncState(state) {
 }
 
 // ../shared/src/next-action.ts
+var workFailureGuidanceCodes = ["unsafe_context_path", "unsafe_context_result", "invalid_context_result", "context_map_too_large", "context_map_store_failed"];
+var projectContextFailureGuidance = {
+  unsafe_context_path: {
+    code: "unsafe_context_path",
+    title: "Attention needed",
+    message: "Project context refresh was rejected because a returned path looked unsafe.",
+    steps: [
+      "Deploy the latest web/API fix and update the local runner if this started after a path-safety release.",
+      "Retry the project context refresh.",
+      "If it fails again, capture the failing repo-relative path or bounded runner output without sharing secrets."
+    ]
+  },
+  unsafe_context_result: {
+    code: "unsafe_context_result",
+    title: "Attention needed",
+    message: "Project context refresh was rejected because the result looked like it contained unsafe evidence.",
+    steps: [
+      "Review the local runner output for accidental secret-looking evidence without pasting secrets into Amistio.",
+      "Retry the project context refresh after removing or narrowing unsafe evidence.",
+      "If it repeats, capture a bounded redacted summary of the runner output."
+    ]
+  },
+  invalid_context_result: {
+    code: "invalid_context_result",
+    title: "Attention needed",
+    message: "Project context refresh returned structured data the server could not accept.",
+    steps: [
+      "Update and restart the local runner so it uses the latest context refresh schema.",
+      "Retry the project context refresh.",
+      "If it fails again, capture the bounded marker-delimited result without source dumps or secrets."
+    ]
+  },
+  context_map_too_large: {
+    code: "context_map_too_large",
+    title: "Attention needed",
+    message: "Project context refresh produced a map too large to store safely.",
+    steps: [
+      "Retry the refresh after narrowing the context scope or waiting for smaller incremental refresh support.",
+      "Keep raw source and large dumps out of the context result.",
+      "If this repeats on normal output, split the context-map storage model before retrying large repositories."
+    ]
+  },
+  context_map_store_failed: {
+    code: "context_map_store_failed",
+    title: "Attention needed",
+    message: "Project context refresh could not be stored safely after validation.",
+    steps: [
+      "Retry the project context refresh once.",
+      "If it repeats, check the web/API storage logs for the safe rejection reason.",
+      "Keep the runner output bounded and avoid sharing raw source or secrets."
+    ]
+  }
+};
+function getWorkFailureGuidance(input) {
+  const normalizedMessage = (input.message ?? "").toLowerCase();
+  const code = workFailureGuidanceCodes.find((candidate) => normalizedMessage.includes(candidate));
+  if (!code) {
+    return void 0;
+  }
+  if (input.workKind && input.workKind !== "projectContextRefresh" && !normalizedMessage.includes("project context")) {
+    return void 0;
+  }
+  return projectContextFailureGuidance[code];
+}
+function formatWorkFailureGuidanceDetail(guidance) {
+  return `Next steps: ${guidance.steps.join(" ")}`;
+}
 var nextActionRunnerHeartbeatFreshMs = 15 * 60 * 1e3;
 var nextActionCompletedWorkFreshMs = 60 * 60 * 1e3;
 function computeProjectNextAction(input) {
@@ -1647,11 +1714,11 @@ function computeProjectNextAction(input) {
   }
   const failedBrainGeneration = latestWorkItem(input.workItems.filter((item) => item.workKind === "brainGeneration" && item.status === "failed"));
   if (failedBrainGeneration) {
-    return workAction(failedBrainGeneration, "brainGenerationFailed", "user", "danger", "Brain generation failed", failedBrainGeneration.lastStatusMessage ?? "Retry generation after checking the runner output.");
+    return failedWorkAction(failedBrainGeneration, "brainGenerationFailed", "Brain generation failed", failedBrainGeneration.lastStatusMessage ?? "Retry generation after checking the runner output.");
   }
   const failedPlanRevision = latestWorkItem(input.workItems.filter((item) => item.workKind === "planRevision" && item.status === "failed"));
   if (failedPlanRevision) {
-    return workAction(failedPlanRevision, "planRevisionFailed", "user", "danger", "Plan revision failed", failedPlanRevision.lastStatusMessage ?? "Review the conversation and request another revision if needed.");
+    return failedWorkAction(failedPlanRevision, "planRevisionFailed", "Plan revision failed", failedPlanRevision.lastStatusMessage ?? "Review the conversation and request another revision if needed.");
   }
   const blockedWork = latestWorkItem(input.workItems.filter((item) => item.status === "blocked" || item.status === "changesRequested"));
   if (blockedWork) {
@@ -1659,7 +1726,7 @@ function computeProjectNextAction(input) {
   }
   const failedWork = latestWorkItem(input.workItems.filter((item) => item.status === "failed"));
   if (failedWork) {
-    return workAction(failedWork, "workFailed", "user", "danger", "Work failed", failedWork.lastStatusMessage ?? "Review the failure and retry or update the plan.");
+    return failedWorkAction(failedWork, "workFailed", "Work failed", failedWork.lastStatusMessage ?? "Review the failure and retry or update the plan.");
   }
   const queuedBrainGeneration = latestWorkItem(input.workItems.filter((item) => item.workKind === "brainGeneration" && item.status === "approved"));
   const queuedPlanRevision = latestWorkItem(input.workItems.filter((item) => item.workKind === "planRevision" && item.status === "approved"));
@@ -1698,7 +1765,7 @@ function computeProjectNextAction(input) {
   };
 }
 function formatProjectNextAction(action) {
-  return `${action.title}: ${action.message}`;
+  return `${action.title}: ${action.message}${action.detail ? ` ${action.detail}` : ""}`;
 }
 function runnerWaitAction(readiness, fallbackTitle) {
   const repositoryName = readiness.repositoryLink?.repoName ?? "the paired repository";
@@ -1761,13 +1828,21 @@ function isGeneratedDocument(document) {
   const generatedDraftId = document.frontmatter.generatedDraftId;
   return typeof generatedDraftId === "string" && generatedDraftId.length > 0;
 }
-function workAction(workItem, kind, actor, tone, title, message) {
+function failedWorkAction(workItem, kind, fallbackTitle, fallbackMessage) {
+  const guidance = getWorkFailureGuidance({ message: workItem.lastStatusMessage, workKind: workItem.workKind });
+  if (guidance) {
+    return workAction(workItem, kind, "user", "danger", guidance.title, guidance.message, formatWorkFailureGuidanceDetail(guidance));
+  }
+  return workAction(workItem, kind, "user", "danger", fallbackTitle, fallbackMessage);
+}
+function workAction(workItem, kind, actor, tone, title, message, detail) {
   return {
     kind,
     actor,
     tone,
     title,
     message,
+    ...detail ? { detail } : {},
     workItemId: workItem.workItemId,
     ...workItem.claimedByRunnerId ? { runnerId: workItem.claimedByRunnerId } : {},
     updatedAt: workItem.lastStatusAt
@@ -3198,6 +3273,9 @@ async function runCodexSdk(input) {
     approvalPolicy: "on-request",
     skipGitRepoCheck: true
   });
+  if (input.streamOutput) {
+    process.stderr.write("Codex SDK is running; intermediate progress may be quiet until the final response. Use --invocation-channel command for Codex CLI logs.\n");
+  }
   const result = await thread.run(input.prompt);
   if (input.streamOutput && result.finalResponse) {
     process.stdout.write(result.finalResponse);
@@ -4389,6 +4467,7 @@ var appEvaluationStart = "AMISTIO_APP_EVALUATION_START";
 var appEvaluationEnd = "AMISTIO_APP_EVALUATION_END";
 var projectContextRefreshStart = "AMISTIO_PROJECT_CONTEXT_REFRESH_START";
 var projectContextRefreshEnd = "AMISTIO_PROJECT_CONTEXT_REFRESH_END";
+var validProjectContextSliceKinds = /* @__PURE__ */ new Set(["overview", "architecture", "domain", "data", "api", "frontend", "backend", "cli", "workflow", "operations", "security", "testing", "unknown"]);
 var validProjectContextEntityTypes = /* @__PURE__ */ new Set(["project", "system", "component", "domain", "tool", "decision", "feature", "risk", "team", "workflow", "unknown"]);
 var validProjectContextRelationTypes = /* @__PURE__ */ new Set(["uses", "depends_on", "decides", "supersedes", "touches", "blocks", "implements", "mentions"]);
 function createWorkExecutionPrompt(workItem, context) {
@@ -4493,6 +4572,7 @@ function createProjectContextRefreshPrompt(workItem, context) {
     "## Mapping Requirements",
     "",
     "- Create slices for architecture, domain, data, API, frontend, backend, CLI, workflows, operations, security, and testing when those surfaces exist.",
+    "- Use only these exact singular slice kind values: overview, architecture, domain, data, api, frontend, backend, cli, workflow, operations, security, testing, unknown.",
     "- Capture entities and relations that explain how the app is put together and where future work should look first.",
     "- Prefer summaries, repository-relative paths, short citations, tags, and freshness status over raw source excerpts.",
     "- Mark stale or missing areas explicitly instead of guessing.",
@@ -4969,7 +5049,9 @@ function projectContextRefreshSubmissionFailureSummary(result) {
   if (result.refresh.status !== "failed" && result.workItem.status !== "failed") {
     return void 0;
   }
-  return result.refresh.error ?? result.workItem.lastStatusMessage ?? "Server rejected the project context refresh result.";
+  const summary = result.refresh.error ?? result.workItem.lastStatusMessage ?? "Server rejected the project context refresh result.";
+  const guidance = getWorkFailureGuidance({ message: summary, workKind: "projectContextRefresh" });
+  return guidance ? `${summary} ${formatWorkFailureGuidanceDetail(guidance)}` : summary;
 }
 function createBrainGenerationPrompt(workItem) {
   const wish = workItem.sourceWish ?? workItem.title;
@@ -5032,6 +5114,16 @@ function normalizeProjectContextRefreshEnums(value) {
     return value;
   }
   const normalized = { ...value };
+  if (Array.isArray(normalized.slices)) {
+    normalized.slices = normalized.slices.map((slice) => {
+      if (!isObjectRecord(slice)) {
+        return slice;
+      }
+      const normalizedSlice = { ...slice };
+      normalizedSlice.kind = normalizeProjectContextSliceKind(slice.kind);
+      return normalizedSlice;
+    });
+  }
   if (Array.isArray(normalized.entities)) {
     normalized.entities = normalized.entities.map((entity) => {
       if (!isObjectRecord(entity)) {
@@ -5054,6 +5146,22 @@ function normalizeProjectContextRefreshEnums(value) {
   }
   return normalized;
 }
+function normalizeProjectContextSliceKind(value) {
+  if (typeof value !== "string") {
+    return "unknown";
+  }
+  const normalized = value.trim().toLowerCase();
+  if (validProjectContextSliceKinds.has(normalized)) {
+    return normalized;
+  }
+  if (normalized.endsWith("s")) {
+    const singular = normalized.slice(0, -1);
+    if (validProjectContextSliceKinds.has(singular)) {
+      return singular;
+    }
+  }
+  return "unknown";
+}
 function normalizeProjectContextRefreshPaths(value, options) {
   if (!isObjectRecord(value)) {
     return value;