@archal/cli 0.7.9 → 0.7.11

package/harnesses/_lib/providers.mjs

@@ -5,7 +5,7 @@
  * Env var overrides:
  *   ARCHAL_MAX_TOKENS         — Max completion tokens (default from model-configs)
  *   ARCHAL_TEMPERATURE        — Sampling temperature
- *   ARCHAL_LLM_TIMEOUT        — Per-call timeout in seconds (default 120)
+ *   ARCHAL_LLM_TIMEOUT        — Per-call timeout in seconds (default 180)
  *   ARCHAL_OPENAI_BASE_URL    — Override OpenAI base URL (for proxies, Azure, etc.)
  *   ARCHAL_ANTHROPIC_BASE_URL — Override Anthropic base URL
  *   ARCHAL_GEMINI_BASE_URL    — Override Gemini base URL
@@ -48,19 +48,41 @@ const PROVIDER_ENV_VARS = {
   openai: 'OPENAI_API_KEY',
 };
 
+function inferKeyProvider(key) {
+  if (!key) return null;
+  if (key.startsWith('AIzaSy')) return 'gemini';
+  if (key.startsWith('sk-ant-')) return 'anthropic';
+  if (key.startsWith('sk-')) return 'openai';
+  return null;
+}
+
 /**
  * Resolve the API key for the detected provider.
  * Priority: ARCHAL_ENGINE_API_KEY > provider-specific env var.
+ * If ARCHAL_ENGINE_API_KEY clearly belongs to a different provider, fall back
+ * to provider-specific key when available, otherwise fail with a clear error.
  * @param {string} provider
  * @returns {string}
  */
 export function resolveApiKey(provider) {
-  const engineKey = process.env['ARCHAL_ENGINE_API_KEY']?.trim();
-  if (engineKey) return engineKey;
-
   const envVar = PROVIDER_ENV_VARS[provider] ?? 'OPENAI_API_KEY';
-  const key = process.env[envVar]?.trim();
-  if (key) return key;
+  const providerKey = process.env[envVar]?.trim();
+  const engineKey = process.env['ARCHAL_ENGINE_API_KEY']?.trim();
+  if (engineKey) {
+    const inferred = inferKeyProvider(engineKey);
+    if (!inferred || inferred === provider) return engineKey;
+    if (providerKey) {
+      process.stderr.write(
+        `[harness] Warning: ARCHAL_ENGINE_API_KEY appears to be for ${inferred}; using ${envVar} for ${provider} model.\n`,
+      );
+      return providerKey;
+    }
+    throw new Error(
+      `ARCHAL_ENGINE_API_KEY appears to be for ${inferred}, but provider "${provider}" requires ${envVar}. ` +
+      `Set ${envVar} or use a ${inferred} model.`
+    );
+  }
+  if (providerKey) return providerKey;
 
   throw new Error(
     `No API key found for provider "${provider}". ` +
@@ -111,7 +133,7 @@ function getLlmTimeoutMs() {
       return parsed * 1000;
     }
   }
-  return 120_000; // 120 seconds default
+  return 180_000; // 180 seconds default
 }
 
 // ── Thinking configuration ──────────────────────────────────────────

package/harnesses/hardened/agent.mjs

@@ -9,11 +9,9 @@
  *
  * Key features:
  * - Security-focused system prompt emphasizing investigation and refusal
- * - SAFETY.md prompt file injected via loadPromptContext (prepended to task)
  * - Multi-provider support (Gemini, OpenAI, Anthropic) via _lib/providers.mjs
  * - Error recovery with retries on transient failures
  * - Consecutive-error bailout at 5
- * - Temperature 0 for conservative, deterministic behavior
  * - 50 steps max for thorough investigation before acting
  *
  * Env vars (set by archal orchestrator):
@@ -36,13 +34,13 @@ import {
   getStopReason,
   withRetry,
 } from '../_lib/providers.mjs';
-import { collectTwinUrls } from '../_lib/rest-client.mjs';
+import { collectTwinUrls, discoverAllTools, callToolRest } from '../_lib/rest-client.mjs';
 import { createLogger } from '../_lib/logging.mjs';
 import { writeMetrics } from '../_lib/metrics.mjs';
 import { createAgentTrace } from '../_lib/agent-trace.mjs';
 
 const MAX_STEPS = 50;
-const TASK = process.env['ARCHAL_ENGINE_TASK'];
+const TASK = (process.env['ARCHAL_ENGINE_TASK'] || '').trim();
 const MODEL = process.env['ARCHAL_ENGINE_MODEL'];
 
 if (!TASK) { console.error('ARCHAL_ENGINE_TASK not set'); process.exit(1); }
@@ -54,54 +52,16 @@ const log = createLogger({ harness: 'hardened', model: MODEL, provider });
 
 // ── Twin REST transport ─────────────────────────────────────────────
 
-const authHeaders = {};
-if (process.env['ARCHAL_TOKEN']) {
-  authHeaders['Authorization'] = `Bearer ${process.env['ARCHAL_TOKEN']}`;
-}
-const runtimeUserId = process.env['ARCHAL_RUNTIME_USER_ID'] || process.env['archal_runtime_user_id'];
-if (runtimeUserId) {
-  authHeaders['x-archal-user-id'] = runtimeUserId;
-}
-
-/** Collect twin URLs from ARCHAL_<TWIN>_URL env vars */
 const twinUrls = collectTwinUrls();
 
 if (Object.keys(twinUrls).length === 0) {
-  process.stderr.write('[hardened] FATAL: No twin URLs found in ARCHAL_*_URL env vars. Cannot proceed.\n');
+  console.error('[hardened] No twin URLs found. Check ARCHAL_TWIN_NAMES and ARCHAL_<TWIN>_URL env vars.');
   process.exit(1);
 }
-process.stderr.write(`[hardened] twin URLs: ${JSON.stringify(twinUrls)}\n`);
-
-/** Fetch available tools from a twin's REST endpoint */
-async function fetchTools(baseUrl) {
-  try {
-    const res = await fetch(`${baseUrl}/tools`, { headers: authHeaders });
-    if (!res.ok) return [];
-    const data = await res.json();
-    if (!Array.isArray(data)) {
-      process.stderr.write(`[hardened] Expected array from ${baseUrl}/tools, got ${typeof data}\n`);
-      return [];
-    }
-    return data;
-  } catch (err) {
-    process.stderr.write(`[hardened] Failed to fetch tools from ${baseUrl}: ${err.message}\n`);
-    return [];
-  }
-}
-
-/** Call a tool on a twin via REST */
-async function callToolRest(baseUrl, toolName, args) {
-  const res = await fetch(`${baseUrl}/tools/call`, {
-    method: 'POST',
-    headers: { 'Content-Type': 'application/json', ...authHeaders },
-    body: JSON.stringify({ name: toolName, arguments: args }),
-  });
-  const body = await res.text();
-  if (!res.ok) {
-    throw new Error(`Tool call ${toolName} failed (HTTP ${res.status}): ${body}`);
-  }
-  // Return as text string for provider message formatting
-  return body;
+const { tools: allTools, toolToTwin } = await discoverAllTools(twinUrls);
+if (allTools.length === 0) {
+  console.error('[hardened] No tools discovered from twins. Twin endpoints may be unreachable.');
+  process.exit(1);
 }
 
 // ── System prompt ───────────────────────────────────────────────────
@@ -123,37 +83,9 @@ APPROACH:
 4. If the request is safe and properly authorized, proceed methodically.
 5. Summarize what you did and why.`;
 
-// ── Discover tools from all twins ───────────────────────────────────
-
-const allTools = [];
-const toolToTwin = {};
-
-for (const [twinName, baseUrl] of Object.entries(twinUrls)) {
-  const tools = await fetchTools(baseUrl);
-  process.stderr.write(`[hardened] ${twinName}: ${tools.length} tools\n`);
-  for (const tool of tools) {
-    // Namespace tool names to match MCP convention used by evaluator
-    const namespacedName = `mcp__${twinName}__${tool.name}`;
-    allTools.push({
-      name: namespacedName,
-      description: tool.description || '',
-      inputSchema: tool.inputSchema || { type: 'object', properties: {} },
-    });
-    toolToTwin[namespacedName] = { twinName, baseUrl, originalName: tool.name };
-  }
-}
-
-process.stderr.write(`[hardened] Total tools: ${allTools.length}\n`);
-
-if (allTools.length === 0) {
-  process.stderr.write('[hardened] FATAL: No tools discovered from twins. Twin endpoints may be unreachable.\n');
-  process.exit(1);
-}
-
-const providerTools = formatToolsForProvider(provider, allTools);
-
 // ── Main loop ───────────────────────────────────────────────────────
 
+const providerTools = formatToolsForProvider(provider, allTools);
 let messages = buildInitialMessages(provider, SYSTEM_PROMPT, TASK, MODEL);
 let consecutiveErrors = 0;
 
@@ -175,10 +107,19 @@ try {
 
     // Call the LLM with retry on transient errors
     log.llmCall(step + 1);
-    const response = await withRetry(
-      () => callLlmWithMessages(provider, MODEL, apiKey, messages, providerTools),
-      2,
-    );
+    let response;
+    try {
+      response = await withRetry(
+        () => callLlmWithMessages(provider, MODEL, apiKey, messages, providerTools),
+        2,
+      );
+    } catch (err) {
+      const msg = err?.message ?? String(err);
+      log.error('llm_call_failed', { step: step + 1, error: msg });
+      process.stderr.write(`[hardened] LLM API error: ${msg.slice(0, 500)}\n`);
+      exitReason = 'llm_error';
+      break;
+    }
 
     const iterDurationMs = Date.now() - iterStart;
     totalInputTokens += response.usage.inputTokens;
@@ -211,45 +152,33 @@ try {
       break;
     }
 
-    // Execute each tool call via REST
+    // Execute each tool call via shared REST client
     const results = [];
     for (const tc of toolCalls) {
       const toolStart = Date.now();
       process.stderr.write(`[hardened] Step ${step + 1}: ${tc.name}(${JSON.stringify(tc.arguments).slice(0, 100)})\n`);
-
-      const mapping = toolToTwin[tc.name];
-      if (!mapping) {
-        const errorMsg = `Error: Unknown tool "${tc.name}"`;
+      try {
+        const result = await callToolRest(toolToTwin, tc.name, tc.arguments);
+        results.push(result);
+        consecutiveErrors = 0;
+        totalToolCalls++;
+        log.toolCall(step + 1, tc.name, tc.arguments, Date.now() - toolStart);
+      } catch (err) {
+        const errorMsg = `Error: ${err.message}`;
         results.push(errorMsg);
         consecutiveErrors++;
         totalToolCalls++;
         totalToolErrors++;
-        log.toolError(step + 1, tc.name, `Unknown tool`);
-        process.stderr.write(`[hardened] Tool error (${consecutiveErrors}): Unknown tool ${tc.name}\n`);
-      } else {
-        try {
-          const result = await callToolRest(mapping.baseUrl, mapping.originalName, tc.arguments);
-          results.push(result);
-          consecutiveErrors = 0;
-          totalToolCalls++;
-          log.toolCall(step + 1, tc.name, tc.arguments, Date.now() - toolStart);
-        } catch (err) {
-          const errorMsg = `Error: ${err.message}`;
-          results.push(errorMsg);
-          consecutiveErrors++;
-          totalToolCalls++;
-          totalToolErrors++;
-          log.toolError(step + 1, tc.name, err.message);
-          process.stderr.write(`[hardened] Tool error (${consecutiveErrors}): ${err.message}\n`);
+        log.toolError(step + 1, tc.name, err.message);
+        process.stderr.write(`[hardened] Tool error (${consecutiveErrors}): ${err.message}\n`);
+
+        // Bail if too many consecutive errors
+        if (consecutiveErrors >= 5) {
+          process.stderr.write('[hardened] Too many consecutive tool errors — stopping.\n');
+          exitReason = 'consecutive_errors';
+          break;
         }
       }
-
-      // Bail if too many consecutive errors
-      if (consecutiveErrors >= 5) {
-        process.stderr.write('[hardened] Too many consecutive tool errors — stopping.\n');
-        exitReason = 'consecutive_errors';
-        break;
-      }
     }
 
     // Record thinking trace for this step (before bailout check so the final step is captured)
@@ -298,4 +227,8 @@ try {
     `(${totalToolErrors} errors), ${totalInputTokens} input tokens, ` +
     `${totalOutputTokens} output tokens, ${(totalTimeMs / 1000).toFixed(1)}s total\n`
   );
+
+  if (exitReason === 'llm_error') {
+    process.exit(1);
+  }
 }

package/harnesses/naive/agent.mjs

@@ -33,10 +33,10 @@ import { createLogger } from '../_lib/logging.mjs';
 import { writeMetrics } from '../_lib/metrics.mjs';
 
 const MAX_STEPS = 20;
-const TASK = process.env['ARCHAL_ENGINE_TASK'];
+const TASK = (process.env['ARCHAL_ENGINE_TASK'] || '').trim();
 const MODEL = process.env['ARCHAL_ENGINE_MODEL'];
 
-if (!TASK) { console.error('ARCHAL_ENGINE_TASK not set'); process.exit(1); }
+if (!TASK) { console.error('ARCHAL_ENGINE_TASK not set or empty'); process.exit(1); }
 if (!MODEL) { console.error('ARCHAL_ENGINE_MODEL not set'); process.exit(1); }
 
 // Warn when used outside demo context
@@ -84,7 +84,16 @@ try {
     const iterStart = Date.now();
 
     log.llmCall(step + 1);
-    const response = await callLlmWithMessages(provider, MODEL, apiKey, messages, providerTools);
+    let response;
+    try {
+      response = await callLlmWithMessages(provider, MODEL, apiKey, messages, providerTools);
+    } catch (err) {
+      const msg = err?.message ?? String(err);
+      log.error('llm_call_failed', { step: step + 1, error: msg });
+      process.stderr.write(`[naive] LLM API error: ${msg.slice(0, 500)}\n`);
+      exitReason = 'llm_error';
+      break;
+    }
 
     const iterDurationMs = Date.now() - iterStart;
     totalInputTokens += response.usage.inputTokens;
@@ -150,4 +159,7 @@ try {
     `${(totalTimeMs / 1000).toFixed(1)}s total\n`
   );
 
+  if (exitReason === 'llm_error') {
+    process.exit(1);
+  }
 }

package/harnesses/react/agent.mjs

@@ -6,7 +6,7 @@
  * - Structured system prompt encouraging step-by-step reasoning
  * - Error recovery with retries on transient failures
  * - Context-aware done detection
- * - Max 50 steps safety limit
+ * - Configurable step limit (default 80, cap 200 via ARCHAL_MAX_STEPS)
  * - Token usage and timing instrumentation
  *
  * Env vars (set by archal orchestrator):
@@ -34,11 +34,25 @@ import { createLogger } from '../_lib/logging.mjs';
 import { writeMetrics } from '../_lib/metrics.mjs';
 import { createAgentTrace } from '../_lib/agent-trace.mjs';
 
-const MAX_STEPS = 50;
-const TASK = process.env['ARCHAL_ENGINE_TASK'];
+const DEFAULT_MAX_STEPS = 80;
+const MAX_STEPS = (() => {
+  const raw = process.env['ARCHAL_MAX_STEPS']?.trim();
+  if (!raw) return DEFAULT_MAX_STEPS;
+  const parsed = parseInt(raw, 10);
+  if (Number.isNaN(parsed) || parsed <= 0) return DEFAULT_MAX_STEPS;
+  return Math.min(parsed, 200);
+})();
+const MAX_CONSECUTIVE_ERRORS = (() => {
+  const raw = process.env['ARCHAL_MAX_CONSECUTIVE_ERRORS']?.trim();
+  if (!raw) return 8;
+  const parsed = parseInt(raw, 10);
+  if (Number.isNaN(parsed) || parsed <= 0) return 8;
+  return Math.min(parsed, 20);
+})();
+const TASK = (process.env['ARCHAL_ENGINE_TASK'] || '').trim();
 const MODEL = process.env['ARCHAL_ENGINE_MODEL'];
 
-if (!TASK) { console.error('ARCHAL_ENGINE_TASK not set'); process.exit(1); }
+if (!TASK) { console.error('ARCHAL_ENGINE_TASK not set or empty'); process.exit(1); }
 if (!MODEL) { console.error('ARCHAL_ENGINE_MODEL not set'); process.exit(1); }
 
 const provider = detectProvider(MODEL);
@@ -95,10 +109,19 @@ try {
 
     // Call the LLM with retry on transient errors
     log.llmCall(step + 1);
-    const response = await withRetry(
-      () => callLlmWithMessages(provider, MODEL, apiKey, messages, providerTools),
-      2,
-    );
+    let response;
+    try {
+      response = await withRetry(
+        () => callLlmWithMessages(provider, MODEL, apiKey, messages, providerTools),
+        2,
+      );
+    } catch (err) {
+      const msg = err?.message ?? String(err);
+      log.error('llm_call_failed', { step: step + 1, error: msg });
+      process.stderr.write(`[react] LLM API error: ${msg.slice(0, 500)}\n`);
+      exitReason = 'llm_error';
+      break;
+    }
 
     const iterDurationMs = Date.now() - iterStart;
     totalInputTokens += response.usage.inputTokens;
@@ -154,7 +177,7 @@ try {
         process.stderr.write(`[react] Tool error (${consecutiveErrors}): ${err.message}\n`);
 
         // Bail if too many consecutive errors
-        if (consecutiveErrors >= 5) {
+        if (consecutiveErrors >= MAX_CONSECUTIVE_ERRORS) {
           process.stderr.write('[react] Too many consecutive tool errors — stopping.\n');
           exitReason = 'consecutive_errors';
           break;
@@ -171,7 +194,7 @@ try {
       durationMs: iterDurationMs,
     });
 
-    if (consecutiveErrors >= 5) break;
+    if (consecutiveErrors >= MAX_CONSECUTIVE_ERRORS) break;
 
     // Append tool results to conversation
     messages = appendToolResults(provider, messages, toolCalls, results);
@@ -209,4 +232,7 @@ try {
     `${totalOutputTokens} output tokens, ${(totalTimeMs / 1000).toFixed(1)}s total\n`
   );
 
+  if (exitReason === 'llm_error') {
+    process.exit(1);
+  }
 }

package/harnesses/zero-shot/agent.mjs

@@ -32,10 +32,10 @@ import { writeMetrics } from '../_lib/metrics.mjs';
 import { createAgentTrace } from '../_lib/agent-trace.mjs';
 
 const MAX_STEPS = 40;
-const TASK = process.env['ARCHAL_ENGINE_TASK'];
+const TASK = (process.env['ARCHAL_ENGINE_TASK'] || '').trim();
 const MODEL = process.env['ARCHAL_ENGINE_MODEL'];
 
-if (!TASK) { console.error('ARCHAL_ENGINE_TASK not set'); process.exit(1); }
+if (!TASK) { console.error('ARCHAL_ENGINE_TASK not set or empty'); process.exit(1); }
 if (!MODEL) { console.error('ARCHAL_ENGINE_MODEL not set'); process.exit(1); }
 
 const provider = detectProvider(MODEL);
@@ -77,7 +77,16 @@ try {
     const iterStart = Date.now();
 
     log.llmCall(step + 1);
-    const response = await callLlmWithMessages(provider, MODEL, apiKey, messages, providerTools);
+    let response;
+    try {
+      response = await callLlmWithMessages(provider, MODEL, apiKey, messages, providerTools);
+    } catch (err) {
+      const msg = err?.message ?? String(err);
+      log.error('llm_call_failed', { step: step + 1, error: msg });
+      process.stderr.write(`[zero-shot] LLM API error: ${msg.slice(0, 500)}\n`);
+      exitReason = 'llm_error';
+      break;
+    }
 
     const iterDurationMs = Date.now() - iterStart;
     totalInputTokens += response.usage.inputTokens;
@@ -169,4 +178,7 @@ try {
     `${totalOutputTokens} output tokens, ${(totalTimeMs / 1000).toFixed(1)}s total\n`
   );
 
+  if (exitReason === 'llm_error') {
+    process.exit(1);
+  }
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@archal/cli",
-  "version": "0.7.9",
+  "version": "0.7.11",
   "description": "Pre-deployment testing for AI agents",
   "type": "module",
   "main": "dist/index.js",