@amistio/cli 0.1.7 → 0.1.8

package/README.md

@@ -11,6 +11,8 @@ amistio --help
 
 The package install only installs the `amistio` command. Repository cloning, project pairing, credential storage, and runner execution happen only when the user explicitly runs commands such as `amistio bootstrap`, `amistio pair`, or `amistio run --watch`.
 
+Runner lifecycle controls in the web app, such as update, restart, and remove, apply only to the runner paired by that user unless the active organization role is an admin role. The runner API binds command polling, command status, logs, activity, and tool sessions to the local runner credential that produced them.
+
 After pairing, confirm that at least one local AI tool is available:
 
 ```sh
@@ -25,8 +27,12 @@ amistio run --watch --background --tool opencode
 amistio runner status
 ```
 
+When `--tool copilot` uses the GitHub Copilot SDK, Amistio approves read-only permission requests by default and denies mutating, network, MCP, hook, memory, and shell requests. Set `AMISTIO_COPILOT_APPROVE_ALL=1` only on a local machine where broad Copilot SDK approval is intentional.
+
 `amistio runner status` reports local background runner state, latest heartbeat, and bounded resource usage when available. Resource usage is latest-sample runner process memory/CPU plus safe aggregate system memory/load signals; it does not include source files, environment variables, command lines, process lists, credentials, or arbitrary local paths.
 
+Runner setup and local-tool execution use bounded failure controls. `amistio run --watch` retries Git worktree preflight failures by releasing the claim for another attempt, then fails the work item after `--max-preflight-attempts` attempts, defaulting to 3. Active local-tool runs renew the work lease, and `--tool-timeout-seconds` caps tool execution, defaulting to 1800 seconds.
+
 For headless startup after login on supported user-level service managers:
 
 ```sh

package/dist/index.js

@@ -410,6 +410,7 @@ var runnerCredentialItemSchema = baseItemSchema.extend({
   projectId: z.string().min(1),
   runnerCredentialId: z.string().min(1),
   repositoryLinkId: z.string().min(1),
+  runnerId: z.string().min(1).optional(),
   pairedByUserId: z.string().min(1).optional(),
   machineId: z.string().min(1).optional(),
   tokenHash: z.string().min(32),
@@ -719,6 +720,8 @@ var pairingSessionItemSchema = baseItemSchema.extend({
   projectId: z.string().min(1),
   createdByUserId: z.string().min(1),
   expiresAt: isoDateTimeSchema,
+  failedAttemptCount: z.number().int().nonnegative().optional(),
+  lastFailedAttemptAt: isoDateTimeSchema.optional(),
   status: z.enum(["pending", "confirmed", "expired", "revoked"])
 });
 var projectItemUnionSchema = z.discriminatedUnion("type", [
@@ -1865,7 +1868,7 @@ async function runLocalTool(options) {
       promptFilePath,
       streamOutput: Boolean(options.streamOutput),
       ...options.session ? { session: options.session } : {}
-    });
+    }, options.timeoutMs);
     return {
       toolName: runner2.toolName,
       displayCommand: runner2.kind === "sdk" ? runner2.displayCommand : runner2.invocation.displayCommand,
@@ -1950,16 +1953,16 @@ async function createToolRunner(options) {
   }
   throw new Error(`The ${adapter.name} SDK or executable was not found. Install the SDK/runtime or pass --tool-command.`);
 }
-async function executeToolRunner(runner2, input) {
+async function executeToolRunner(runner2, input, timeoutMs) {
   if (runner2.kind === "command") {
-    return executeToolInvocation(runner2.invocation, input.rootDir, input.streamOutput);
+    return executeToolInvocation(runner2.invocation, input.rootDir, input.streamOutput, timeoutMs);
   }
   try {
-    return await runner2.adapter.runWithSdk(input);
+    return await withTimeout(runner2.adapter.runWithSdk(input), timeoutMs, runner2.displayCommand);
   } catch (error) {
     if (runner2.allowCommandFallback && runner2.adapter.buildInvocation && runner2.adapter.executable && await commandExists(runner2.adapter.executable)) {
       const fallback = runner2.adapter.buildInvocation(input);
-      const result = await executeToolInvocation(fallback, input.rootDir, input.streamOutput);
+      const result = await executeToolInvocation(fallback, input.rootDir, input.streamOutput, timeoutMs);
       const sdkFailure = `SDK execution for ${runner2.adapter.name} failed, fell back to ${fallback.displayCommand}: ${errorMessage(error)}`;
       return {
         ...result,
@@ -2048,7 +2051,7 @@ async function commandExists(command) {
     lookup.on("close", (exitCode) => resolve(exitCode === 0));
   });
 }
-async function executeToolInvocation(invocation, rootDir, streamOutput) {
+async function executeToolInvocation(invocation, rootDir, streamOutput, timeoutMs) {
   return new Promise((resolve, reject) => {
     const child = spawn(invocation.command, invocation.args, {
       cwd: rootDir,
@@ -2058,7 +2061,33 @@ async function executeToolInvocation(invocation, rootDir, streamOutput) {
     });
     let stdout = "";
     let stderr = "";
-    child.on("error", reject);
+    let settled = false;
+    let forceKillTimer;
+    const timeout = timeoutMs && timeoutMs > 0 ? setTimeout(() => {
+      if (settled) return;
+      stderr += `${toolTimeoutMessage(invocation.displayCommand, timeoutMs)}
+`;
+      child.kill("SIGTERM");
+      forceKillTimer = setTimeout(() => child.kill("SIGKILL"), 5e3);
+      forceKillTimer.unref?.();
+      rejectOnce(new Error(toolTimeoutMessage(invocation.displayCommand, timeoutMs)));
+    }, timeoutMs) : void 0;
+    timeout?.unref?.();
+    const resolveOnce = (value) => {
+      if (settled) return;
+      settled = true;
+      if (timeout) clearTimeout(timeout);
+      if (forceKillTimer) clearTimeout(forceKillTimer);
+      resolve(value);
+    };
+    const rejectOnce = (error) => {
+      if (settled) return;
+      settled = true;
+      if (timeout) clearTimeout(timeout);
+      if (forceKillTimer) clearTimeout(forceKillTimer);
+      reject(error);
+    };
+    child.on("error", rejectOnce);
     child.stdout.setEncoding("utf8");
     child.stderr.setEncoding("utf8");
     child.stdout.on("data", (chunk) => {
@@ -2079,10 +2108,40 @@ async function executeToolInvocation(invocation, rootDir, streamOutput) {
     }
     child.stdin.end();
     child.on("close", (exitCode) => {
-      resolve({ exitCode: exitCode ?? 1, stdout, stderr });
+      if (forceKillTimer) clearTimeout(forceKillTimer);
+      resolveOnce({ exitCode: exitCode ?? 1, stdout, stderr });
     });
   });
 }
+async function withTimeout(promise, timeoutMs, displayCommand) {
+  if (!timeoutMs || timeoutMs <= 0) {
+    return promise;
+  }
+  return new Promise((resolve, reject) => {
+    const timeout = setTimeout(() => reject(new Error(toolTimeoutMessage(displayCommand, timeoutMs))), timeoutMs);
+    timeout.unref?.();
+    promise.then(
+      (value) => {
+        clearTimeout(timeout);
+        resolve(value);
+      },
+      (error) => {
+        clearTimeout(timeout);
+        reject(error);
+      }
+    );
+  });
+}
+function toolTimeoutMessage(displayCommand, timeoutMs) {
+  return `Local tool timed out after ${formatTimeoutDuration(timeoutMs)}: ${displayCommand}`;
+}
+function formatTimeoutDuration(timeoutMs) {
+  if (timeoutMs < 1e3) {
+    return `${timeoutMs}ms`;
+  }
+  const seconds = timeoutMs / 1e3;
+  return Number.isInteger(seconds) ? `${seconds}s` : `${seconds.toFixed(1)}s`;
+}
 async function runOpencodeSdk(input) {
   const { createOpencode } = await import("@opencode-ai/sdk");
   const previousDirectory = process.cwd();
@@ -2170,7 +2229,7 @@ async function runCodexSdk(input) {
   return { exitCode: 0, stdout: result.finalResponse, stderr: "" };
 }
 async function runCopilotSdk(input) {
-  const { CopilotClient, approveAll } = await import("@github/copilot-sdk");
+  const { CopilotClient } = await import("@github/copilot-sdk");
   const client = new CopilotClient({
     cwd: input.rootDir,
     logLevel: "error"
@@ -2183,7 +2242,7 @@ async function runCopilotSdk(input) {
       workingDirectory: input.rootDir,
       enableConfigDiscovery: true,
       streaming: input.streamOutput,
-      onPermissionRequest: approveAll
+      onPermissionRequest: createCopilotPermissionHandler()
     });
     try {
       let streamedOutput = "";
@@ -2205,6 +2264,18 @@ async function runCopilotSdk(input) {
     await client.stop();
   }
 }
+function createCopilotPermissionHandler(env = process.env) {
+  const allowAllPermissions = isCopilotApproveAllEnabled(env);
+  return (request) => {
+    if (allowAllPermissions || request.kind === "read") {
+      return { kind: "approve-once" };
+    }
+    return { kind: "reject" };
+  };
+}
+function isCopilotApproveAllEnabled(env = process.env) {
+  return /^(1|true|yes)$/i.test(env.AMISTIO_COPILOT_APPROVE_ALL ?? "");
+}
 function extractTextParts(parts) {
   if (!Array.isArray(parts)) {
     return "";
@@ -3813,6 +3884,8 @@ function buildBackgroundRunnerArgs(options) {
   if (options.maxIterations !== void 0) {
     args.push("--max-iterations", String(options.maxIterations));
   }
+  args.push("--max-preflight-attempts", String(options.maxPreflightAttempts));
+  args.push("--tool-timeout-seconds", String(options.toolTimeoutSeconds));
   if (!options.stream) {
     args.push("--no-stream");
   }
@@ -3960,6 +4033,10 @@ var CLI_VERSION = readCliPackageVersion();
 var program = new Command();
 var defaultRoot = process.env.INIT_CWD ?? process.cwd();
 var apiUrlOptionDescription = `Amistio API URL override (or ${AMISTIO_API_URL_ENV})`;
+var DEFAULT_MAX_PREFLIGHT_ATTEMPTS = 3;
+var DEFAULT_TOOL_TIMEOUT_SECONDS = 30 * 60;
+var RUNNER_WORK_LEASE_SECONDS = 300;
+var RUNNER_WORK_LEASE_RENEWAL_MS = 12e4;
 program.name("amistio").description("Amistio project brain CLI").version(CLI_VERSION);
 program.command("init").description("Create Amistio control-plane folders for a new project").option("--root <path>", "Repository root", defaultRoot).action(async (options) => {
   const created = await initControlPlane(options.root);
@@ -3986,7 +4063,8 @@ program.command("bootstrap").description("Clone a linked repository locally, pre
     repositoryLinkId: options.repositoryLink,
     repoName: parsedRepoUrl.repoName,
     repoFingerprint: createRepoFingerprint(options.account, options.project, options.repositoryLink),
-    defaultBranch: options.defaultBranch
+    defaultBranch: options.defaultBranch,
+    machineId: runnerMachineId()
   });
   const filePath = await writeProjectLink(checkout.targetDir, {
     amistioAccountId: options.account,
@@ -4038,6 +4116,7 @@ program.command("import").description("Pair an existing checkout and import lega
     repoName: repository.repoName,
     repoFingerprint: repository.repoFingerprint,
     defaultBranch: repository.defaultBranch,
+    machineId: runnerMachineId(),
     ...parsedCloneUrl ? { cloneUrl: parsedCloneUrl.cloneUrl } : {},
     ...parsedCloneUrl?.provider ? { provider: parsedCloneUrl.provider } : {},
     ...parsedCloneUrl?.repoOwner ? { repoOwner: parsedCloneUrl.repoOwner } : {},
@@ -4084,7 +4163,8 @@ program.command("pair").description("Pair this repository with an Amistio web pr
       repositoryLinkId,
       repoName: inferRepoName(pairingRoot),
       repoFingerprint: createRepoFingerprint(options.account, options.project, repositoryLinkId),
-      defaultBranch: options.defaultBranch
+      defaultBranch: options.defaultBranch,
+      machineId: runnerMachineId()
     });
     repositoryLinkId = pairing.repositoryLink.repositoryLinkId;
     credential = credential ?? pairing.token;
@@ -4265,7 +4345,7 @@ program.command("orchestrate").description("Update the Amistio control plane thr
     process.exitCode = result.exitCode;
   }
 });
-program.command("run").description("Claim and run approved Amistio work locally").option("--api-url <url>", apiUrlOptionDescription, defaultApiUrl()).option("--runner-id <runnerId>", "Stable runner ID").option("--root <path>", "Repository root", defaultRoot).option("--tool <name>", "Local tool to use: auto, none, opencode, claude, codex, copilot, gemini, aider, cursor-agent").option("--invocation-channel <channel>", "Local invocation channel: auto, sdk, or command", parseInvocationChannel).option("--model <model>", "Model to request when the selected local tool supports model selection").option("--tool-command <command>", "Custom local command. Use {promptFile} and {root} placeholders when supported").option("--session <policy>", "Tool session policy: auto, new, continue:<toolSessionId>, or none", "auto").option("--dry-run", "Claim work and print the generated execution prompt without running a tool").option("--watch", "Keep polling for approved work until stopped").option("--background", "Start a detached background runner that watches for approved work").option("--interval-seconds <seconds>", "Polling interval for --watch", parsePositiveInteger, 10).option("--max-iterations <count>", "Stop watch mode after this many polling attempts", parsePositiveInteger).option("--no-stream", "Capture local tool output instead of streaming it").option("--verbose", "Print detailed runner errors while watching").action(async (options, command) => {
+program.command("run").description("Claim and run approved Amistio work locally").option("--api-url <url>", apiUrlOptionDescription, defaultApiUrl()).option("--runner-id <runnerId>", "Stable runner ID").option("--root <path>", "Repository root", defaultRoot).option("--tool <name>", "Local tool to use: auto, none, opencode, claude, codex, copilot, gemini, aider, cursor-agent").option("--invocation-channel <channel>", "Local invocation channel: auto, sdk, or command", parseInvocationChannel).option("--model <model>", "Model to request when the selected local tool supports model selection").option("--tool-command <command>", "Custom local command. Use {promptFile} and {root} placeholders when supported").option("--session <policy>", "Tool session policy: auto, new, continue:<toolSessionId>, or none", "auto").option("--dry-run", "Claim work and print the generated execution prompt without running a tool").option("--watch", "Keep polling for approved work until stopped").option("--background", "Start a detached background runner that watches for approved work").option("--interval-seconds <seconds>", "Polling interval for --watch", parsePositiveInteger, 10).option("--max-iterations <count>", "Stop watch mode after this many polling attempts", parsePositiveInteger).option("--max-preflight-attempts <count>", "Fail setup/preflight failures after this many claimed attempts", parsePositiveInteger, DEFAULT_MAX_PREFLIGHT_ATTEMPTS).option("--tool-timeout-seconds <seconds>", "Fail local tool execution after this many seconds", parsePositiveInteger, DEFAULT_TOOL_TIMEOUT_SECONDS).option("--no-stream", "Capture local tool output instead of streaming it").option("--verbose", "Print detailed runner errors while watching").action(async (options, command) => {
   const context = await loadPairedApiContext(options.root, options.apiUrl);
   if (!context) {
     console.log("Repository is not paired. Run `amistio pair` first.");
@@ -4437,7 +4517,7 @@ runner.command("stop").description("Stop a background runner for the paired repo
   console.log(stopResult === "stopped" ? `Stopped background runner ${record.runnerId}.` : `Marked background runner ${record.runnerId} stopped; process was not running.`);
 });
 var runnerService = runner.command("service").description("Manage a user-level startup service for the paired runner");
-runnerService.command("install").description("Install a user-level startup service for this paired repository runner").option("--api-url <url>", apiUrlOptionDescription, defaultApiUrl()).option("--root <path>", "Repository root", defaultRoot).option("--runner-id <runnerId>", "Stable runner ID").option("--tool <name>", "Local tool to use: auto, opencode, claude, codex, copilot, gemini, aider, cursor-agent").option("--invocation-channel <channel>", "Local invocation channel: auto, sdk, or command", parseInvocationChannel).option("--model <model>", "Model to request when the selected local tool supports model selection").option("--session <policy>", "Tool session policy: auto, new, continue:<toolSessionId>, or none", "auto").option("--interval-seconds <seconds>", "Polling interval for the service runner", parsePositiveInteger, 10).option("--no-stream", "Capture local tool output instead of streaming it").option("--verbose", "Print detailed runner errors").option("--dry-run", "Print the startup service descriptor without installing it").action(async (options) => {
+runnerService.command("install").description("Install a user-level startup service for this paired repository runner").option("--api-url <url>", apiUrlOptionDescription, defaultApiUrl()).option("--root <path>", "Repository root", defaultRoot).option("--runner-id <runnerId>", "Stable runner ID").option("--tool <name>", "Local tool to use: auto, opencode, claude, codex, copilot, gemini, aider, cursor-agent").option("--invocation-channel <channel>", "Local invocation channel: auto, sdk, or command", parseInvocationChannel).option("--model <model>", "Model to request when the selected local tool supports model selection").option("--session <policy>", "Tool session policy: auto, new, continue:<toolSessionId>, or none", "auto").option("--interval-seconds <seconds>", "Polling interval for the service runner", parsePositiveInteger, 10).option("--max-preflight-attempts <count>", "Fail setup/preflight failures after this many claimed attempts", parsePositiveInteger, DEFAULT_MAX_PREFLIGHT_ATTEMPTS).option("--tool-timeout-seconds <seconds>", "Fail local tool execution after this many seconds", parsePositiveInteger, DEFAULT_TOOL_TIMEOUT_SECONDS).option("--no-stream", "Capture local tool output instead of streaming it").option("--verbose", "Print detailed runner errors").option("--dry-run", "Print the startup service descriptor without installing it").action(async (options) => {
   const context = await loadPairedApiContext(options.root, options.apiUrl);
   if (!context) {
     console.log("Repository is not paired. Run `amistio pair` first.");
@@ -4550,6 +4630,8 @@ async function runWatchIteration({ command, context, options, runnerId }) {
         runnerId
       },
       suppressIdleOutput: Boolean(options.watch),
+      maxPreflightAttempts: options.maxPreflightAttempts,
+      toolTimeoutMs: options.toolTimeoutSeconds * 1e3,
       verbose: Boolean(options.verbose)
     });
   } catch (error) {
@@ -4564,7 +4646,7 @@ ${detail}`);
     } else {
       console.error(`${message} Run with --verbose for details.`);
     }
-    await Promise.allSettled([
+    const settlements = await Promise.allSettled([
       context.client.sendRunnerHeartbeat(context.metadata.amistioProjectId, runnerId, context.metadata.repositoryLinkId, "blocked", { ...runnerHeartbeatMetadata(), preferenceMessage: message }),
       context.client.recordRunnerLog(context.metadata.amistioProjectId, {
         runnerId,
@@ -4575,6 +4657,7 @@ ${detail}`);
         machineId: runnerMachineId()
       })
     ]);
+    logRejectedSettlements("record watch error", settlements);
     return { status: "failed", exitCode: 1, message };
   }
 }
@@ -4590,9 +4673,11 @@ async function runNextWorkItem({
   explicitModel,
   explicitInvocationChannel,
   explicitTool,
+  maxPreflightAttempts,
   toolCommand,
   commandContext,
   suppressIdleOutput,
+  toolTimeoutMs,
   verbose
 }) {
   const toolConfig = await resolveRunnerToolConfig({
@@ -4615,7 +4700,7 @@ async function runNextWorkItem({
     console.log(toolConfig.message);
     return { status: "blocked", exitCode: 1 };
   }
-  const result = await apiClient.claimWork(projectId, runnerId, repositoryLinkId, 300, runnerIsolationCapabilityMetadata());
+  const result = await apiClient.claimWork(projectId, runnerId, repositoryLinkId, RUNNER_WORK_LEASE_SECONDS, runnerIsolationCapabilityMetadata());
   if (!result.workItem) {
     const nextAction = await loadProjectNextAction(apiClient, projectId, repositoryLinkId, root);
     const message = formatProjectNextAction(nextAction);
@@ -4625,14 +4710,20 @@ async function runNextWorkItem({
     return { status: "idle", exitCode: 0, nextAction, message };
   }
   const prompt = await createRunnerWorkPrompt(apiClient, projectId, result.workItem);
+  await recordRunnerMilestone(apiClient, projectId, result.workItem, runnerId, repositoryLinkId, {
+    status: "running",
+    summary: "Prepared local runner execution prompt.",
+    idempotencyKey: `runner_milestone_prompt_${result.workItem.workItemId}_${result.workItem.attempt}`,
+    metadata: { workKind: result.workItem.workKind ?? "implementation", attempt: result.workItem.attempt }
+  });
   if (dryRun || toolConfig.tool === "none") {
     console.log(prompt);
     await apiClient.sendRunnerHeartbeat(projectId, runnerId, repositoryLinkId, "online", runnerHeartbeatMetadata(toolConfig));
     return { status: "preview", exitCode: 0 };
   }
-  const worktreeIsolation = await prepareWorktreeForClaimedItem({ apiClient, projectId, repositoryLinkId, root, runnerId, toolConfig, workItem: result.workItem });
-  if (worktreeIsolation.status === "blocked") {
-    return { status: "blocked", exitCode: 1, message: worktreeIsolation.message };
+  const worktreeIsolation = await prepareWorktreeForClaimedItem({ apiClient, maxPreflightAttempts, projectId, repositoryLinkId, root, runnerId, toolConfig, workItem: result.workItem });
+  if (worktreeIsolation.status !== "ready") {
+    return { status: worktreeIsolation.status === "failed" ? "failed" : "blocked", exitCode: 1, message: worktreeIsolation.message };
   }
   const executionRoot = worktreeIsolation.isolation?.worktreePath ?? root;
   const isolationTelemetry = workItemIsolationTelemetry(result.workItem, worktreeIsolation.isolation);
@@ -4669,6 +4760,7 @@ async function runNextWorkItem({
   const providerSessionStore = new LocalToolSessionStore();
   const providerSessionId = sessionContext.toolSession ? await providerSessionStore.getProviderSessionId(sessionContext.toolSession.toolSessionId, preview.toolName) : void 0;
   let toolResult;
+  const stopLeaseRenewal = startWorkLeaseRenewal({ apiClient, projectId, repositoryLinkId, runnerId, toolConfig, workItem: result.workItem, telemetry: isolationTelemetry });
   try {
     toolResult = await runLocalTool({
       rootDir: executionRoot,
@@ -4678,6 +4770,7 @@ async function runNextWorkItem({
       ...toolCommand ? { toolCommand } : {},
       ...toolConfig.model ? { model: toolConfig.model } : {},
       streamOutput: stream,
+      timeoutMs: toolTimeoutMs,
       ...sessionContext.toolSession ? {
         session: {
           toolSessionId: sessionContext.toolSession.toolSessionId,
@@ -4688,10 +4781,11 @@ async function runNextWorkItem({
       } : {}
     });
   } catch (error) {
+    stopLeaseRenewal();
     const detail = truncateLogExcerpt(errorDetail(error));
     const durationMs2 = Date.now() - startedAt;
     const message = `${preview.toolName} failed before returning a result.`;
-    await Promise.allSettled([
+    const settlements = await Promise.allSettled([
       apiClient.sendRunnerHeartbeat(projectId, runnerId, repositoryLinkId, "online", runnerHeartbeatMetadata(toolConfig)),
       markToolSessionBlocked(apiClient, projectId, sessionContext.toolSession, errorMessage3(error)),
       apiClient.updateWorkStatus(projectId, result.workItem.workItemId, "failed", `run_failed_${result.workItem.workItemId}_${result.workItem.attempt}_${runnerId}`, runnerId, {
@@ -4713,11 +4807,13 @@ async function runNextWorkItem({
         metadata: { tool: preview.toolName, error: detail }
       })
     ]);
+    logRejectedSettlements("record local tool failure", settlements);
     if (verbose || !stream) {
       console.error(detail);
     }
     return { status: "failed", exitCode: 1, message };
   }
+  stopLeaseRenewal();
   if (sessionContext.toolSession && toolResult.providerSessionId) {
     await providerSessionStore.setProviderSessionId(sessionContext.toolSession.toolSessionId, preview.toolName, toolResult.providerSessionId);
   }
@@ -4728,47 +4824,59 @@ async function runNextWorkItem({
     console.error(toolResult.stderr.trim());
   }
   if (result.workItem.workKind === "brainGeneration" || result.workItem.workKind === "planRevision") {
-    return finalizeBrainGenerationWork({
-      apiClient,
-      durationMs: Date.now() - startedAt,
-      projectId,
-      repositoryLinkId,
-      runnerId,
-      sessionContext,
-      toolConfig,
-      toolName: preview.toolName,
-      toolResult,
-      workItem: result.workItem
-    });
+    try {
+      return await finalizeBrainGenerationWork({
+        apiClient,
+        durationMs: Date.now() - startedAt,
+        projectId,
+        repositoryLinkId,
+        runnerId,
+        sessionContext,
+        toolConfig,
+        toolName: preview.toolName,
+        toolResult,
+        workItem: result.workItem
+      });
+    } catch (error) {
+      return recordFinalizationFailure({ apiClient, error, isolationTelemetry, projectId, repositoryLinkId, runnerId, sessionContext, toolConfig, toolName: preview.toolName, workItem: result.workItem, durationMs: Date.now() - startedAt });
+    }
   }
   if (result.workItem.workKind === "assistantQuestion") {
-    return finalizeAssistantQuestionWork({
-      apiClient,
-      durationMs: Date.now() - startedAt,
-      projectId,
-      repositoryLinkId,
-      runnerId,
-      sessionContext,
-      toolConfig,
-      toolName: preview.toolName,
-      toolResult,
-      workItem: result.workItem
-    });
+    try {
+      return await finalizeAssistantQuestionWork({
+        apiClient,
+        durationMs: Date.now() - startedAt,
+        projectId,
+        repositoryLinkId,
+        runnerId,
+        sessionContext,
+        toolConfig,
+        toolName: preview.toolName,
+        toolResult,
+        workItem: result.workItem
+      });
+    } catch (error) {
+      return recordFinalizationFailure({ apiClient, error, isolationTelemetry, projectId, repositoryLinkId, runnerId, sessionContext, toolConfig, toolName: preview.toolName, workItem: result.workItem, durationMs: Date.now() - startedAt });
+    }
   }
   if (result.workItem.workKind === "impactPreview") {
-    return finalizeImpactPreviewWork({
-      apiClient,
-      durationMs: Date.now() - startedAt,
-      projectId,
-      repositoryLinkId,
-      root,
-      runnerId,
-      sessionContext,
-      toolConfig,
-      toolName: preview.toolName,
-      toolResult,
-      workItem: result.workItem
-    });
+    try {
+      return await finalizeImpactPreviewWork({
+        apiClient,
+        durationMs: Date.now() - startedAt,
+        projectId,
+        repositoryLinkId,
+        root,
+        runnerId,
+        sessionContext,
+        toolConfig,
+        toolName: preview.toolName,
+        toolResult,
+        workItem: result.workItem
+      });
+    } catch (error) {
+      return recordFinalizationFailure({ apiClient, error, isolationTelemetry, projectId, repositoryLinkId, runnerId, sessionContext, toolConfig, toolName: preview.toolName, workItem: result.workItem, durationMs: Date.now() - startedAt });
+    }
   }
   const finalStatus = toolResult.exitCode === 0 ? "completed" : "failed";
   const durationMs = Date.now() - startedAt;
@@ -4820,11 +4928,17 @@ async function runNextWorkItem({
   console.log(`Marked ${statusResult.workItem.workItemId} ${statusResult.workItem.status} after ${durationSeconds}s.`);
   return { status: finalStatus, exitCode: toolResult.exitCode };
 }
-async function prepareWorktreeForClaimedItem({ apiClient, projectId, repositoryLinkId, root, runnerId, toolConfig, workItem }) {
+async function prepareWorktreeForClaimedItem({ apiClient, maxPreflightAttempts, projectId, repositoryLinkId, root, runnerId, toolConfig, workItem }) {
   if (!needsGitWorktreeIsolation(workItem)) {
     return { status: "ready" };
   }
   const identity = resolveWorktreeIdentity(workItem);
+  await recordRunnerMilestone(apiClient, projectId, workItem, runnerId, repositoryLinkId, {
+    status: "running",
+    summary: `Checking Git worktree isolation for attempt ${workItem.attempt}/${maxPreflightAttempts}.`,
+    idempotencyKey: `runner_milestone_worktree_preflight_${workItem.workItemId}_${workItem.attempt}`,
+    metadata: { executionWorktreeKey: identity.worktreeKey, executionBranch: identity.branch, implementationScopeId: identity.implementationScopeId, attempt: workItem.attempt, maxAttempts: maxPreflightAttempts }
+  });
   try {
     const isolation = await prepareGitWorktreeIsolation(root, workItem);
     await recordRunnerMilestone(apiClient, projectId, workItem, runnerId, repositoryLinkId, {
@@ -4837,29 +4951,111 @@ async function prepareWorktreeForClaimedItem({ apiClient, projectId, repositoryL
   } catch (error) {
     const message = errorMessage3(error);
     const telemetry = workItemIsolationTelemetry(workItem, { ...identity, baseRevision: workItem.baseRevision ?? "unknown", worktreePath: "" });
-    const statusResult = await apiClient.updateWorkStatus(projectId, workItem.workItemId, "blocked", `worktree_${workItem.workItemId}_${randomUUID()}`, runnerId, {
+    const finalAttempt = workItem.attempt >= maxPreflightAttempts;
+    const statusMessage = finalAttempt ? `Git worktree preflight failed after ${workItem.attempt}/${maxPreflightAttempts} attempts. ${message}` : `Git worktree preflight attempt ${workItem.attempt}/${maxPreflightAttempts} failed. Requeueing for retry. ${message}`;
+    const statusResult = await apiClient.updateWorkStatus(projectId, workItem.workItemId, finalAttempt ? "failed" : "approved", `worktree_${finalAttempt ? "failed" : "retry"}_${workItem.workItemId}_${workItem.attempt}_${randomUUID()}`, runnerId, {
       ...telemetry,
-      message,
-      blockerReason: message,
+      message: statusMessage,
+      ...finalAttempt ? { blockerReason: message } : { releaseClaim: true },
       error: message
     });
     await recordRunnerMilestone(apiClient, projectId, statusResult.workItem, runnerId, repositoryLinkId, {
-      status: "blocked",
-      summary: message,
-      idempotencyKey: `runner_milestone_worktree_blocked_${workItem.workItemId}_${statusResult.workItem.idempotencyKey}`,
-      metadata: { executionWorktreeKey: telemetry.executionWorktreeKey ?? "", executionBranch: telemetry.executionBranch ?? "", implementationScopeId: telemetry.implementationScopeId ?? "" }
+      status: finalAttempt ? "failed" : "warning",
+      summary: statusMessage,
+      idempotencyKey: `runner_milestone_worktree_${finalAttempt ? "failed" : "retry"}_${workItem.workItemId}_${statusResult.workItem.idempotencyKey}`,
+      metadata: { executionWorktreeKey: telemetry.executionWorktreeKey ?? "", executionBranch: telemetry.executionBranch ?? "", implementationScopeId: telemetry.implementationScopeId ?? "", attempt: workItem.attempt, maxAttempts: maxPreflightAttempts, error: message }
     });
-    await apiClient.sendRunnerHeartbeat(projectId, runnerId, repositoryLinkId, "blocked", {
+    await apiClient.sendRunnerHeartbeat(projectId, runnerId, repositoryLinkId, "online", {
       ...runnerHeartbeatMetadata(toolConfig),
-      currentWorkItemId: workItem.workItemId,
-      ...telemetry.implementationScopeId ? { currentImplementationScopeId: telemetry.implementationScopeId } : {},
-      ...telemetry.executionWorktreeKey ? { currentWorktreeKey: telemetry.executionWorktreeKey } : {},
-      ...telemetry.executionBranch ? { currentBranch: telemetry.executionBranch } : {}
+      preferenceMessage: statusMessage
     });
-    console.error(message);
-    return { status: "blocked", message };
+    console.error(statusMessage);
+    return { status: finalAttempt ? "failed" : "retrying", message: statusMessage };
   }
 }
+function startWorkLeaseRenewal({ apiClient, projectId, repositoryLinkId, runnerId, toolConfig, workItem, telemetry }) {
+  let stopped = false;
+  const renew = async () => {
+    if (stopped) return;
+    const leaseExpiresAt = new Date(Date.now() + RUNNER_WORK_LEASE_SECONDS * 1e3).toISOString();
+    try {
+      await apiClient.updateWorkStatus(projectId, workItem.workItemId, "running", `lease_renewal_${workItem.workItemId}_${workItem.attempt}_${Date.now()}`, runnerId, {
+        ...telemetry,
+        leaseExpiresAt
+      });
+      await apiClient.sendRunnerHeartbeat(projectId, runnerId, repositoryLinkId, "running", {
+        ...runnerHeartbeatMetadata(toolConfig),
+        currentWorkItemId: workItem.workItemId,
+        ...telemetry.implementationScopeId ? { currentImplementationScopeId: telemetry.implementationScopeId } : {},
+        ...telemetry.executionWorktreeKey ? { currentWorktreeKey: telemetry.executionWorktreeKey } : {},
+        ...telemetry.executionBranch ? { currentBranch: telemetry.executionBranch } : {}
+      });
+    } catch (error) {
+      const detail = truncateLogExcerpt(errorDetail(error));
+      console.error(`Could not renew Amistio work lease for ${workItem.workItemId}: ${detail}`);
+      await apiClient.recordRunnerLog(projectId, {
+        runnerId,
+        repositoryLinkId,
+        status: "failed",
+        workItemId: workItem.workItemId,
+        workTitle: workItem.title,
+        ...workItem.workKind ? { workKind: workItem.workKind } : {},
+        message: "Runner could not renew the active work lease.",
+        error: detail,
+        machineId: runnerMachineId()
+      }).catch(() => void 0);
+    }
+  };
+  const timer = setInterval(() => {
+    void renew();
+  }, RUNNER_WORK_LEASE_RENEWAL_MS);
+  timer.unref?.();
+  return () => {
+    stopped = true;
+    clearInterval(timer);
+  };
+}
+async function recordFinalizationFailure({ apiClient, durationMs, error, isolationTelemetry, projectId, repositoryLinkId, runnerId, sessionContext, toolConfig, toolName, workItem }) {
+  const detail = truncateLogExcerpt(errorDetail(error));
+  const message = `${toolName} completed, but Amistio could not finalize the result.`;
+  const settlements = await Promise.allSettled([
+    apiClient.sendRunnerHeartbeat(projectId, runnerId, repositoryLinkId, "online", runnerHeartbeatMetadata(toolConfig)),
+    markToolSessionBlocked(apiClient, projectId, sessionContext.toolSession, errorMessage3(error)),
+    apiClient.updateWorkStatus(projectId, workItem.workItemId, "failed", `finalize_failed_${workItem.workItemId}_${workItem.attempt}_${randomUUID()}`, runnerId, {
+      ...isolationTelemetry,
+      tool: toolName,
+      durationMs,
+      message,
+      error: detail,
+      ...sessionContext.toolSession ? { toolSessionId: sessionContext.toolSession.toolSessionId } : {},
+      sessionPolicy: sessionContext.policy,
+      sessionDecision: sessionContext.decision,
+      sessionDecisionReason: sessionContext.reason
+    }),
+    apiClient.recordRunnerLog(projectId, {
+      runnerId,
+      repositoryLinkId,
+      status: "failed",
+      workItemId: workItem.workItemId,
+      workTitle: workItem.title,
+      ...workItem.workKind ? { workKind: workItem.workKind } : {},
+      tool: toolName,
+      durationMs,
+      message,
+      error: detail,
+      machineId: runnerMachineId()
+    }),
+    recordRunnerMilestone(apiClient, projectId, workItem, runnerId, repositoryLinkId, {
+      status: "failed",
+      summary: message,
+      idempotencyKey: `runner_milestone_finalization_failed_${workItem.workItemId}_${workItem.attempt}`,
+      metadata: { tool: toolName, durationMs, error: detail }
+    })
+  ]);
+  logRejectedSettlements("record finalization failure", settlements);
+  console.error(detail);
+  return { status: "failed", exitCode: 1, message };
+}
 function workItemIsolationTelemetry(workItem, isolation) {
   const implementationScopeId = isolation?.implementationScopeId ?? workItem.implementationScopeId;
   const executionBranch = isolation?.branch ?? workItem.executionBranch;
@@ -4888,6 +5084,13 @@ async function recordRunnerMilestone(apiClient, projectId, workItem, runnerId, r
     ...input
   }).catch(() => void 0);
 }
+function logRejectedSettlements(action, settlements) {
+  for (const settlement of settlements) {
+    if (settlement.status === "rejected") {
+      console.error(`${action} failed: ${errorMessage3(settlement.reason)}`);
+    }
+  }
+}
 async function runPendingRunnerCommand(apiClient, context, heartbeatMetadata) {
   const { commands } = await apiClient.listRunnerCommands(context.projectId, context.runnerId, context.repositoryLinkId).catch(() => ({ commands: [] }));
   const command = commands.filter((item) => item.status === "pending" || item.status === "acknowledged" || item.status === "running").sort((first, second) => Date.parse(first.createdAt) - Date.parse(second.createdAt))[0];