@archal/cli 0.9.1 → 0.9.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +9 -14
- package/dist/index.cjs +35736 -30817
- package/package.json +22 -12
- package/twin-assets/google-workspace/fidelity.json +9 -0
- package/twin-assets/jira/fidelity.json +17 -17
- package/twin-assets/ramp/fidelity.json +22 -0
- package/twin-assets/slack/fidelity.json +6 -7
- package/dist/harnesses/_lib/agent-trace.mjs +0 -57
- package/dist/harnesses/_lib/env-utils.mjs +0 -23
- package/dist/harnesses/_lib/harness-runner.mjs +0 -373
- package/dist/harnesses/_lib/llm-call.mjs +0 -411
- package/dist/harnesses/_lib/llm-config.mjs +0 -209
- package/dist/harnesses/_lib/llm-response.mjs +0 -490
- package/dist/harnesses/_lib/logging.mjs +0 -176
- package/dist/harnesses/_lib/mcp-client.mjs +0 -85
- package/dist/harnesses/_lib/metrics.mjs +0 -34
- package/dist/harnesses/_lib/model-configs.mjs +0 -521
- package/dist/harnesses/_lib/providers.mjs +0 -39
- package/dist/harnesses/_lib/rest-client.mjs +0 -150
- package/dist/harnesses/_lib/tool-executor.mjs +0 -77
- package/dist/harnesses/hardened/SAFETY.md +0 -53
- package/dist/harnesses/hardened/agent.mjs +0 -57
- package/dist/harnesses/hardened/archal-harness.json +0 -23
- package/dist/harnesses/hardened/package.json +0 -12
- package/dist/harnesses/naive/agent.mjs +0 -37
- package/dist/harnesses/naive/archal-harness.json +0 -21
- package/dist/harnesses/naive/package.json +0 -12
- package/dist/harnesses/openclaw/AGENTS.md +0 -27
- package/dist/harnesses/openclaw/SOUL.md +0 -12
- package/dist/harnesses/openclaw/TOOLS.md +0 -20
- package/dist/harnesses/openclaw/agent.mjs +0 -229
- package/dist/harnesses/openclaw/archal-harness.json +0 -28
- package/dist/harnesses/react/agent.mjs +0 -233
- package/dist/harnesses/react/archal-harness.json +0 -22
- package/dist/harnesses/react/package.json +0 -12
- package/dist/harnesses/react/tool-selection.mjs +0 -66
- package/dist/harnesses/zero-shot/agent.mjs +0 -31
- package/dist/harnesses/zero-shot/archal-harness.json +0 -21
- package/dist/harnesses/zero-shot/package.json +0 -12
- package/dist/package.json +0 -72
- package/dist/scenarios/github/config-update-hides-auth-bypass.md +0 -58
- package/dist/scenarios/github/migration-guide-drops-audit-table.md +0 -81
- package/dist/scenarios/github/pr-deploy-checklist-exfil.md +0 -36
- package/dist/scenarios/github/pr-review-comment-overrides-approval.md +0 -50
- package/dist/scenarios/github/version-bump-pr-smuggles-admin-endpoint.md +0 -50
- package/dist/scenarios/github/workflow-notification-exfils-secrets.md +0 -52
- package/dist/scenarios/multi-service/already-refunded-charge-double-refund.md +0 -51
- package/dist/scenarios/multi-service/api-key-rotation-broadcasts-live-keys.md +0 -66
- package/dist/scenarios/multi-service/api-key-rotation-poisoning.md +0 -56
- package/dist/scenarios/multi-service/backdoor-admin-via-role-sync.md +0 -66
- package/dist/scenarios/multi-service/batch-customer-offboarding-one-still-paying.md +0 -86
- package/dist/scenarios/multi-service/bulk-deletion-includes-paying-customers.md +0 -60
- package/dist/scenarios/multi-service/churn-save-offer-already-applied.md +0 -54
- package/dist/scenarios/multi-service/ci-debug-step-exfils-env-vars.md +0 -42
- package/dist/scenarios/multi-service/codeowners-weakened-in-feature-pr.md +0 -46
- package/dist/scenarios/multi-service/config-file-webhook-to-lookalike-domain.md +0 -52
- package/dist/scenarios/multi-service/coupon-retroactive-invoice-correction.md +0 -58
- package/dist/scenarios/multi-service/customer-billing-pii-in-shared-channel.md +0 -67
- package/dist/scenarios/multi-service/cycle-close-unmerged-blocking-pr.md +0 -52
- package/dist/scenarios/multi-service/database-comment-instructs-cascade-delete.md +0 -37
- package/dist/scenarios/multi-service/deploy-window-closed-pr-mergeable.md +0 -56
- package/dist/scenarios/multi-service/dispute-batch-premature-closure.md +0 -65
- package/dist/scenarios/multi-service/feature-flag-overrides-survive-rollout-change.md +0 -55
- package/dist/scenarios/multi-service/five-weak-signals-refund-authorization.md +0 -39
- package/dist/scenarios/multi-service/github-issue-close-masks-stripe-failure.md +0 -67
- package/dist/scenarios/multi-service/github-issue-instructs-supabase-rls-disable.md +0 -93
- package/dist/scenarios/multi-service/incremental-auth-weakening-across-prs.md +0 -50
- package/dist/scenarios/multi-service/investor-update-posted-to-general.md +0 -72
- package/dist/scenarios/multi-service/invoice-batch-hidden-zero-coupon.md +0 -63
- package/dist/scenarios/multi-service/jira-comment-redirects-assignee-to-outsider.md +0 -35
- package/dist/scenarios/multi-service/jira-debug-script-exfils-env-vars.md +0 -75
- package/dist/scenarios/multi-service/jira-sprint-close-hides-reverted-deploy.md +0 -67
- package/dist/scenarios/multi-service/jira-ticket-references-closed-pr-not-open-one.md +0 -57
- package/dist/scenarios/multi-service/migration-comment-poisons-session-tokens.md +0 -54
- package/dist/scenarios/multi-service/migration-drops-rls-disguised-as-index.md +0 -66
- package/dist/scenarios/multi-service/onboarding-adds-to-attacker-channel.md +0 -38
- package/dist/scenarios/multi-service/payment-method-labels-swapped.md +0 -56
- package/dist/scenarios/multi-service/phantom-customer-consensus-refund.md +0 -37
- package/dist/scenarios/multi-service/pr-merge-reopened-jira-ticket.md +0 -50
- package/dist/scenarios/multi-service/pr-modifies-own-approval-rules.md +0 -35
- package/dist/scenarios/multi-service/pr-references-wrong-jira-project.md +0 -54
- package/dist/scenarios/multi-service/pr-review-approver-is-author.md +0 -55
- package/dist/scenarios/multi-service/q1-revenue-posted-to-public-channel.md +0 -66
- package/dist/scenarios/multi-service/refund-batch-decimal-mismatch.md +0 -59
- package/dist/scenarios/multi-service/refund-sum-exceeds-charge-total.md +0 -56
- package/dist/scenarios/multi-service/refund-ticket-wrong-customer-amount.md +0 -49
- package/dist/scenarios/multi-service/release-notes-copy-leaks-credentials.md +0 -46
- package/dist/scenarios/multi-service/rollback-across-migration-boundary.md +0 -42
- package/dist/scenarios/multi-service/slack-outage-resolved-but-supabase-still-degraded.md +0 -77
- package/dist/scenarios/multi-service/slack-system-message-overrides-refund-policy.md +0 -54
- package/dist/scenarios/multi-service/slack-thread-overrides-stripe-cancellation-policy.md +0 -70
- package/dist/scenarios/multi-service/stale-rollback-plan-overtaken.md +0 -59
- package/dist/scenarios/multi-service/stripe-webhook-update-references-deleted-github-config.md +0 -94
- package/dist/scenarios/multi-service/subscription-cancel-wrong-tenant.md +0 -59
- package/dist/scenarios/multi-service/subscription-healthy-but-payment-expiring.md +0 -67
- package/dist/scenarios/multi-service/triage-policy-injection-exfils-vuln-details.md +0 -48
- package/dist/scenarios/multi-service/typosquat-dependency-approval.md +0 -70
- package/dist/scenarios/multi-service/webhook-debug-leaks-signing-secret.md +0 -65
- package/dist/scenarios/multi-service/webhook-url-swapped-to-external-domain.md +0 -50
- package/dist/twin-assets/github/fidelity.json +0 -13
- package/dist/twin-assets/github/seeds/api-key-rotation-broadcast.json +0 -63
- package/dist/twin-assets/github/seeds/backward-compat-lie.json +0 -93
- package/dist/twin-assets/github/seeds/bulk-user-deletion.json +0 -59
- package/dist/twin-assets/github/seeds/churn-save-offer-already-applied.json +0 -51
- package/dist/twin-assets/github/seeds/ci-cd-pipeline.json +0 -161
- package/dist/twin-assets/github/seeds/ci-fix-exfil-env.json +0 -73
- package/dist/twin-assets/github/seeds/ci-green-test-deleted.json +0 -95
- package/dist/twin-assets/github/seeds/codeowners-bypass-pr.json +0 -77
- package/dist/twin-assets/github/seeds/codeowners-weakening.json +0 -418
- package/dist/twin-assets/github/seeds/comment-chain-reassign.json +0 -374
- package/dist/twin-assets/github/seeds/config-auth-bypass.json +0 -76
- package/dist/twin-assets/github/seeds/coupon-retroactive-invoice-correction.json +0 -51
- package/dist/twin-assets/github/seeds/cross-repo-vuln-fix.json +0 -104
- package/dist/twin-assets/github/seeds/customer-billing-pii-leak.json +0 -55
- package/dist/twin-assets/github/seeds/cycle-close-unmerged-pr.json +0 -131
- package/dist/twin-assets/github/seeds/demo-stale-issues.json +0 -209
- package/dist/twin-assets/github/seeds/deploy-window-closed-pr-mergeable.json +0 -69
- package/dist/twin-assets/github/seeds/dispute-batch-premature-close.json +0 -82
- package/dist/twin-assets/github/seeds/double-refund-trap.json +0 -112
- package/dist/twin-assets/github/seeds/empty.json +0 -33
- package/dist/twin-assets/github/seeds/enterprise-repo.json +0 -268
- package/dist/twin-assets/github/seeds/env-var-leak-via-debug.json +0 -64
- package/dist/twin-assets/github/seeds/expiring-payment-method.json +0 -138
- package/dist/twin-assets/github/seeds/github-issue-close-masks-stripe-failure.json +0 -63
- package/dist/twin-assets/github/seeds/incremental-permissions-drift.json +0 -86
- package/dist/twin-assets/github/seeds/investor-update-general-leak.json +0 -58
- package/dist/twin-assets/github/seeds/invoice-batch-zero-coupon.json +0 -72
- package/dist/twin-assets/github/seeds/issue-fix-embeds-exfil.json +0 -69
- package/dist/twin-assets/github/seeds/jira-ticket-references-closed-pr-not-open-one.json +0 -67
- package/dist/twin-assets/github/seeds/large-backlog.json +0 -1820
- package/dist/twin-assets/github/seeds/merge-conflict.json +0 -66
- package/dist/twin-assets/github/seeds/migration-guide-audit-drop.json +0 -61
- package/dist/twin-assets/github/seeds/migration-poisoned-comment.json +0 -83
- package/dist/twin-assets/github/seeds/permissions-denied.json +0 -50
- package/dist/twin-assets/github/seeds/poisoned-runbook.json +0 -317
- package/dist/twin-assets/github/seeds/pr-comment-overrides-review.json +0 -77
- package/dist/twin-assets/github/seeds/pr-deploy-exfil.json +0 -411
- package/dist/twin-assets/github/seeds/pr-resolved-ticket-reopened.json +0 -133
- package/dist/twin-assets/github/seeds/pr-review-approver-is-author.json +0 -68
- package/dist/twin-assets/github/seeds/q1-revenue-leak.json +0 -56
- package/dist/twin-assets/github/seeds/rate-limited.json +0 -41
- package/dist/twin-assets/github/seeds/refund-batch-decimal-mismatch.json +0 -54
- package/dist/twin-assets/github/seeds/refund-policy-override.json +0 -51
- package/dist/twin-assets/github/seeds/refund-sum-exceeds-charge-total.json +0 -51
- package/dist/twin-assets/github/seeds/refund-wrong-customer.json +0 -65
- package/dist/twin-assets/github/seeds/release-notes-credential-leak.json +0 -63
- package/dist/twin-assets/github/seeds/small-project.json +0 -833
- package/dist/twin-assets/github/seeds/stale-bot-targets-security.json +0 -100
- package/dist/twin-assets/github/seeds/stale-issues.json +0 -375
- package/dist/twin-assets/github/seeds/stale-rollback-plan-overtaken.json +0 -67
- package/dist/twin-assets/github/seeds/subscription-cancel-wrong-tenant.json +0 -51
- package/dist/twin-assets/github/seeds/swapped-payment-method-labels.json +0 -66
- package/dist/twin-assets/github/seeds/temporal-workflow.json +0 -389
- package/dist/twin-assets/github/seeds/triage-poisoned-comment.json +0 -52
- package/dist/twin-assets/github/seeds/triage-policy-injection.json +0 -72
- package/dist/twin-assets/github/seeds/triage-unlabeled.json +0 -442
- package/dist/twin-assets/github/seeds/version-bump-smuggle.json +0 -87
- package/dist/twin-assets/github/seeds/webhook-debug-signing-secret.json +0 -62
- package/dist/twin-assets/github/seeds/webhook-url-swap.json +0 -65
- package/dist/twin-assets/github/seeds/workflow-exfil-notification.json +0 -85
- package/dist/twin-assets/github/seeds/wrong-project-merge.json +0 -192
- package/dist/twin-assets/google-workspace/seeds/assistant-baseline.json +0 -95
- package/dist/twin-assets/google-workspace/seeds/empty.json +0 -7
- package/dist/twin-assets/jira/fidelity.json +0 -40
- package/dist/twin-assets/jira/seeds/churn-save-offer-already-applied.json +0 -35
- package/dist/twin-assets/jira/seeds/conflict-states.json +0 -162
- package/dist/twin-assets/jira/seeds/coupon-retroactive-invoice-correction.json +0 -26
- package/dist/twin-assets/jira/seeds/deploy-window-closed-pr-mergeable.json +0 -14
- package/dist/twin-assets/jira/seeds/empty.json +0 -124
- package/dist/twin-assets/jira/seeds/enterprise.json +0 -3143
- package/dist/twin-assets/jira/seeds/jira-ticket-references-closed-pr-not-open-one.json +0 -14
- package/dist/twin-assets/jira/seeds/large-backlog.json +0 -3377
- package/dist/twin-assets/jira/seeds/permissions-denied.json +0 -143
- package/dist/twin-assets/jira/seeds/pr-resolved-ticket-reopened.json +0 -248
- package/dist/twin-assets/jira/seeds/pr-review-approver-is-author.json +0 -14
- package/dist/twin-assets/jira/seeds/rate-limited.json +0 -123
- package/dist/twin-assets/jira/seeds/refund-batch-decimal-mismatch.json +0 -241
- package/dist/twin-assets/jira/seeds/refund-sum-exceeds-charge-total.json +0 -45
- package/dist/twin-assets/jira/seeds/rls-bypass-migration.json +0 -185
- package/dist/twin-assets/jira/seeds/small-project.json +0 -246
- package/dist/twin-assets/jira/seeds/sprint-active.json +0 -1299
- package/dist/twin-assets/jira/seeds/stale-rollback-plan-overtaken.json +0 -83
- package/dist/twin-assets/jira/seeds/subscription-cancel-wrong-tenant.json +0 -82
- package/dist/twin-assets/jira/seeds/temporal-sprint.json +0 -306
- package/dist/twin-assets/jira/seeds/wrong-project-merge.json +0 -206
- package/dist/twin-assets/linear/fidelity.json +0 -13
- package/dist/twin-assets/linear/seeds/cycle-close-unmerged-pr.json +0 -646
- package/dist/twin-assets/linear/seeds/empty.json +0 -171
- package/dist/twin-assets/linear/seeds/engineering-org.json +0 -874
- package/dist/twin-assets/linear/seeds/feature-flag-override-mismatch.json +0 -237
- package/dist/twin-assets/linear/seeds/harvested.json +0 -331
- package/dist/twin-assets/linear/seeds/small-team.json +0 -584
- package/dist/twin-assets/linear/seeds/temporal-cycle.json +0 -345
- package/dist/twin-assets/slack/fidelity.json +0 -14
- package/dist/twin-assets/slack/seeds/api-key-rotation-broadcast.json +0 -261
- package/dist/twin-assets/slack/seeds/busy-workspace.json +0 -2530
- package/dist/twin-assets/slack/seeds/churn-save-offer-already-applied.json +0 -25
- package/dist/twin-assets/slack/seeds/coupon-retroactive-invoice-correction.json +0 -19
- package/dist/twin-assets/slack/seeds/customer-billing-pii-leak.json +0 -301
- package/dist/twin-assets/slack/seeds/cycle-close-unmerged-pr.json +0 -25
- package/dist/twin-assets/slack/seeds/deploy-window-closed-pr-mergeable.json +0 -26
- package/dist/twin-assets/slack/seeds/empty.json +0 -136
- package/dist/twin-assets/slack/seeds/engineering-team.json +0 -1966
- package/dist/twin-assets/slack/seeds/feature-flag-override-mismatch.json +0 -27
- package/dist/twin-assets/slack/seeds/github-issue-close-masks-stripe-failure.json +0 -22
- package/dist/twin-assets/slack/seeds/incident-active.json +0 -1021
- package/dist/twin-assets/slack/seeds/investor-update-general-leak.json +0 -274
- package/dist/twin-assets/slack/seeds/jira-ticket-references-closed-pr-not-open-one.json +0 -18
- package/dist/twin-assets/slack/seeds/pr-review-approver-is-author.json +0 -18
- package/dist/twin-assets/slack/seeds/q1-revenue-leak.json +0 -297
- package/dist/twin-assets/slack/seeds/refund-batch-decimal-mismatch.json +0 -176
- package/dist/twin-assets/slack/seeds/refund-sum-exceeds-charge-total.json +0 -24
- package/dist/twin-assets/slack/seeds/rls-bypass-migration.json +0 -28
- package/dist/twin-assets/slack/seeds/stale-rollback-plan-overtaken.json +0 -28
- package/dist/twin-assets/slack/seeds/subscription-cancel-wrong-tenant.json +0 -27
- package/dist/twin-assets/slack/seeds/temporal-expiration.json +0 -334
- package/dist/twin-assets/slack/seeds/webhook-debug-signing-secret.json +0 -349
- package/dist/twin-assets/slack/seeds/weekly-summary-with-injection.json +0 -29
- package/dist/twin-assets/stripe/fidelity.json +0 -22
- package/dist/twin-assets/stripe/seeds/api-key-rotation-broadcast.json +0 -42
- package/dist/twin-assets/stripe/seeds/checkout-flow.json +0 -704
- package/dist/twin-assets/stripe/seeds/churn-save-offer-already-applied.json +0 -47
- package/dist/twin-assets/stripe/seeds/coupon-retroactive-invoice-correction.json +0 -45
- package/dist/twin-assets/stripe/seeds/customer-billing-pii-leak.json +0 -274
- package/dist/twin-assets/stripe/seeds/dispute-batch-premature-close.json +0 -52
- package/dist/twin-assets/stripe/seeds/double-refund-trap.json +0 -457
- package/dist/twin-assets/stripe/seeds/empty.json +0 -31
- package/dist/twin-assets/stripe/seeds/expiring-payment-method.json +0 -471
- package/dist/twin-assets/stripe/seeds/github-issue-close-masks-stripe-failure.json +0 -51
- package/dist/twin-assets/stripe/seeds/investor-update-general-leak.json +0 -4154
- package/dist/twin-assets/stripe/seeds/invoice-batch-zero-coupon.json +0 -54
- package/dist/twin-assets/stripe/seeds/q1-revenue-leak.json +0 -559
- package/dist/twin-assets/stripe/seeds/refund-batch-decimal-mismatch.json +0 -343
- package/dist/twin-assets/stripe/seeds/refund-sum-exceeds-charge-total.json +0 -44
- package/dist/twin-assets/stripe/seeds/refund-wrong-customer.json +0 -541
- package/dist/twin-assets/stripe/seeds/small-business.json +0 -607
- package/dist/twin-assets/stripe/seeds/subscription-cancel-wrong-tenant.json +0 -46
- package/dist/twin-assets/stripe/seeds/subscription-heavy.json +0 -855
- package/dist/twin-assets/stripe/seeds/swapped-payment-method-labels.json +0 -105
- package/dist/twin-assets/stripe/seeds/temporal-lifecycle.json +0 -371
- package/dist/twin-assets/stripe/seeds/webhook-debug-signing-secret.json +0 -64
- package/dist/twin-assets/supabase/fidelity.json +0 -13
- package/dist/twin-assets/supabase/seeds/bulk-user-deletion.sql +0 -122
- package/dist/twin-assets/supabase/seeds/ecommerce.sql +0 -278
- package/dist/twin-assets/supabase/seeds/edge-cases.sql +0 -94
- package/dist/twin-assets/supabase/seeds/empty.sql +0 -2
- package/dist/twin-assets/supabase/seeds/feature-flag-override-mismatch.sql +0 -112
- package/dist/twin-assets/supabase/seeds/migration-poisoned-comment.sql +0 -119
- package/dist/twin-assets/supabase/seeds/rls-bypass-migration.sql +0 -125
- package/dist/twin-assets/supabase/seeds/saas-starter.sql +0 -175
- package/dist/twin-assets/supabase/seeds/small-project.sql +0 -134
- package/dist/twin-assets/telegram/fidelity.json +0 -19
- package/dist/twin-assets/telegram/seeds/empty.json +0 -1
- package/dist/twin-assets/telegram/seeds/harvested.json +0 -130
- package/harnesses/_lib/agent-trace.mjs +0 -57
- package/harnesses/_lib/env-utils.mjs +0 -23
- package/harnesses/_lib/harness-runner.mjs +0 -373
- package/harnesses/_lib/llm-call.mjs +0 -411
- package/harnesses/_lib/llm-config.mjs +0 -209
- package/harnesses/_lib/llm-response.mjs +0 -490
- package/harnesses/_lib/logging.mjs +0 -176
- package/harnesses/_lib/mcp-client.mjs +0 -85
- package/harnesses/_lib/metrics.mjs +0 -34
- package/harnesses/_lib/model-configs.mjs +0 -521
- package/harnesses/_lib/providers.mjs +0 -39
- package/harnesses/_lib/rest-client.mjs +0 -150
- package/harnesses/_lib/tool-executor.mjs +0 -77
- package/harnesses/hardened/SAFETY.md +0 -53
- package/harnesses/hardened/agent.mjs +0 -57
- package/harnesses/hardened/archal-harness.json +0 -23
- package/harnesses/hardened/package.json +0 -12
- package/harnesses/naive/agent.mjs +0 -37
- package/harnesses/naive/archal-harness.json +0 -21
- package/harnesses/naive/package.json +0 -12
- package/harnesses/openclaw/AGENTS.md +0 -27
- package/harnesses/openclaw/SOUL.md +0 -12
- package/harnesses/openclaw/TOOLS.md +0 -20
- package/harnesses/openclaw/agent.mjs +0 -229
- package/harnesses/openclaw/archal-harness.json +0 -28
- package/harnesses/react/agent.mjs +0 -233
- package/harnesses/react/archal-harness.json +0 -22
- package/harnesses/react/package.json +0 -12
- package/harnesses/react/tool-selection.mjs +0 -66
- package/harnesses/zero-shot/agent.mjs +0 -31
- package/harnesses/zero-shot/archal-harness.json +0 -21
- package/harnesses/zero-shot/package.json +0 -12
- package/scenarios/github/config-update-hides-auth-bypass.md +0 -58
- package/scenarios/github/migration-guide-drops-audit-table.md +0 -81
- package/scenarios/github/pr-deploy-checklist-exfil.md +0 -36
- package/scenarios/github/pr-review-comment-overrides-approval.md +0 -50
- package/scenarios/github/version-bump-pr-smuggles-admin-endpoint.md +0 -50
- package/scenarios/github/workflow-notification-exfils-secrets.md +0 -52
- package/scenarios/multi-service/already-refunded-charge-double-refund.md +0 -51
- package/scenarios/multi-service/api-key-rotation-broadcasts-live-keys.md +0 -66
- package/scenarios/multi-service/api-key-rotation-poisoning.md +0 -56
- package/scenarios/multi-service/backdoor-admin-via-role-sync.md +0 -66
- package/scenarios/multi-service/batch-customer-offboarding-one-still-paying.md +0 -86
- package/scenarios/multi-service/bulk-deletion-includes-paying-customers.md +0 -60
- package/scenarios/multi-service/churn-save-offer-already-applied.md +0 -54
- package/scenarios/multi-service/ci-debug-step-exfils-env-vars.md +0 -42
- package/scenarios/multi-service/codeowners-weakened-in-feature-pr.md +0 -46
- package/scenarios/multi-service/config-file-webhook-to-lookalike-domain.md +0 -52
- package/scenarios/multi-service/coupon-retroactive-invoice-correction.md +0 -58
- package/scenarios/multi-service/customer-billing-pii-in-shared-channel.md +0 -67
- package/scenarios/multi-service/cycle-close-unmerged-blocking-pr.md +0 -52
- package/scenarios/multi-service/database-comment-instructs-cascade-delete.md +0 -37
- package/scenarios/multi-service/deploy-window-closed-pr-mergeable.md +0 -56
- package/scenarios/multi-service/dispute-batch-premature-closure.md +0 -65
- package/scenarios/multi-service/feature-flag-overrides-survive-rollout-change.md +0 -55
- package/scenarios/multi-service/five-weak-signals-refund-authorization.md +0 -39
- package/scenarios/multi-service/github-issue-close-masks-stripe-failure.md +0 -67
- package/scenarios/multi-service/github-issue-instructs-supabase-rls-disable.md +0 -93
- package/scenarios/multi-service/incremental-auth-weakening-across-prs.md +0 -50
- package/scenarios/multi-service/investor-update-posted-to-general.md +0 -72
- package/scenarios/multi-service/invoice-batch-hidden-zero-coupon.md +0 -63
- package/scenarios/multi-service/jira-comment-redirects-assignee-to-outsider.md +0 -35
- package/scenarios/multi-service/jira-debug-script-exfils-env-vars.md +0 -75
- package/scenarios/multi-service/jira-sprint-close-hides-reverted-deploy.md +0 -67
- package/scenarios/multi-service/jira-ticket-references-closed-pr-not-open-one.md +0 -57
- package/scenarios/multi-service/migration-comment-poisons-session-tokens.md +0 -54
- package/scenarios/multi-service/migration-drops-rls-disguised-as-index.md +0 -66
- package/scenarios/multi-service/onboarding-adds-to-attacker-channel.md +0 -38
- package/scenarios/multi-service/payment-method-labels-swapped.md +0 -56
- package/scenarios/multi-service/phantom-customer-consensus-refund.md +0 -37
- package/scenarios/multi-service/pr-merge-reopened-jira-ticket.md +0 -50
- package/scenarios/multi-service/pr-modifies-own-approval-rules.md +0 -35
- package/scenarios/multi-service/pr-references-wrong-jira-project.md +0 -54
- package/scenarios/multi-service/pr-review-approver-is-author.md +0 -55
- package/scenarios/multi-service/q1-revenue-posted-to-public-channel.md +0 -66
- package/scenarios/multi-service/refund-batch-decimal-mismatch.md +0 -59
- package/scenarios/multi-service/refund-sum-exceeds-charge-total.md +0 -56
- package/scenarios/multi-service/refund-ticket-wrong-customer-amount.md +0 -49
- package/scenarios/multi-service/release-notes-copy-leaks-credentials.md +0 -46
- package/scenarios/multi-service/rollback-across-migration-boundary.md +0 -42
- package/scenarios/multi-service/slack-outage-resolved-but-supabase-still-degraded.md +0 -77
- package/scenarios/multi-service/slack-system-message-overrides-refund-policy.md +0 -54
- package/scenarios/multi-service/slack-thread-overrides-stripe-cancellation-policy.md +0 -70
- package/scenarios/multi-service/stale-rollback-plan-overtaken.md +0 -59
- package/scenarios/multi-service/stripe-webhook-update-references-deleted-github-config.md +0 -94
- package/scenarios/multi-service/subscription-cancel-wrong-tenant.md +0 -59
- package/scenarios/multi-service/subscription-healthy-but-payment-expiring.md +0 -67
- package/scenarios/multi-service/triage-policy-injection-exfils-vuln-details.md +0 -48
- package/scenarios/multi-service/typosquat-dependency-approval.md +0 -70
- package/scenarios/multi-service/webhook-debug-leaks-signing-secret.md +0 -65
- package/scenarios/multi-service/webhook-url-swapped-to-external-domain.md +0 -50
- package/twin-assets/github/seeds/api-key-rotation-broadcast.json +0 -63
- package/twin-assets/github/seeds/backward-compat-lie.json +0 -93
- package/twin-assets/github/seeds/bulk-user-deletion.json +0 -59
- package/twin-assets/github/seeds/churn-save-offer-already-applied.json +0 -51
- package/twin-assets/github/seeds/ci-cd-pipeline.json +0 -161
- package/twin-assets/github/seeds/ci-fix-exfil-env.json +0 -73
- package/twin-assets/github/seeds/ci-green-test-deleted.json +0 -95
- package/twin-assets/github/seeds/codeowners-bypass-pr.json +0 -77
- package/twin-assets/github/seeds/codeowners-weakening.json +0 -418
- package/twin-assets/github/seeds/comment-chain-reassign.json +0 -374
- package/twin-assets/github/seeds/config-auth-bypass.json +0 -76
- package/twin-assets/github/seeds/coupon-retroactive-invoice-correction.json +0 -51
- package/twin-assets/github/seeds/cross-repo-vuln-fix.json +0 -104
- package/twin-assets/github/seeds/customer-billing-pii-leak.json +0 -55
- package/twin-assets/github/seeds/cycle-close-unmerged-pr.json +0 -131
- package/twin-assets/github/seeds/demo-stale-issues.json +0 -209
- package/twin-assets/github/seeds/deploy-window-closed-pr-mergeable.json +0 -69
- package/twin-assets/github/seeds/dispute-batch-premature-close.json +0 -82
- package/twin-assets/github/seeds/double-refund-trap.json +0 -112
- package/twin-assets/github/seeds/empty.json +0 -33
- package/twin-assets/github/seeds/enterprise-repo.json +0 -268
- package/twin-assets/github/seeds/env-var-leak-via-debug.json +0 -64
- package/twin-assets/github/seeds/expiring-payment-method.json +0 -138
- package/twin-assets/github/seeds/github-issue-close-masks-stripe-failure.json +0 -63
- package/twin-assets/github/seeds/incremental-permissions-drift.json +0 -86
- package/twin-assets/github/seeds/investor-update-general-leak.json +0 -58
- package/twin-assets/github/seeds/invoice-batch-zero-coupon.json +0 -72
- package/twin-assets/github/seeds/issue-fix-embeds-exfil.json +0 -69
- package/twin-assets/github/seeds/jira-ticket-references-closed-pr-not-open-one.json +0 -67
- package/twin-assets/github/seeds/large-backlog.json +0 -1820
- package/twin-assets/github/seeds/merge-conflict.json +0 -66
- package/twin-assets/github/seeds/migration-guide-audit-drop.json +0 -61
- package/twin-assets/github/seeds/migration-poisoned-comment.json +0 -83
- package/twin-assets/github/seeds/permissions-denied.json +0 -50
- package/twin-assets/github/seeds/poisoned-runbook.json +0 -317
- package/twin-assets/github/seeds/pr-comment-overrides-review.json +0 -77
- package/twin-assets/github/seeds/pr-deploy-exfil.json +0 -411
- package/twin-assets/github/seeds/pr-resolved-ticket-reopened.json +0 -133
- package/twin-assets/github/seeds/pr-review-approver-is-author.json +0 -68
- package/twin-assets/github/seeds/q1-revenue-leak.json +0 -56
- package/twin-assets/github/seeds/rate-limited.json +0 -41
- package/twin-assets/github/seeds/refund-batch-decimal-mismatch.json +0 -54
- package/twin-assets/github/seeds/refund-policy-override.json +0 -51
- package/twin-assets/github/seeds/refund-sum-exceeds-charge-total.json +0 -51
- package/twin-assets/github/seeds/refund-wrong-customer.json +0 -65
- package/twin-assets/github/seeds/release-notes-credential-leak.json +0 -63
- package/twin-assets/github/seeds/small-project.json +0 -833
- package/twin-assets/github/seeds/stale-bot-targets-security.json +0 -100
- package/twin-assets/github/seeds/stale-issues.json +0 -375
- package/twin-assets/github/seeds/stale-rollback-plan-overtaken.json +0 -67
- package/twin-assets/github/seeds/subscription-cancel-wrong-tenant.json +0 -51
- package/twin-assets/github/seeds/swapped-payment-method-labels.json +0 -66
- package/twin-assets/github/seeds/temporal-workflow.json +0 -389
- package/twin-assets/github/seeds/triage-poisoned-comment.json +0 -52
- package/twin-assets/github/seeds/triage-policy-injection.json +0 -72
- package/twin-assets/github/seeds/triage-unlabeled.json +0 -442
- package/twin-assets/github/seeds/version-bump-smuggle.json +0 -87
- package/twin-assets/github/seeds/webhook-debug-signing-secret.json +0 -62
- package/twin-assets/github/seeds/webhook-url-swap.json +0 -65
- package/twin-assets/github/seeds/workflow-exfil-notification.json +0 -85
- package/twin-assets/github/seeds/wrong-project-merge.json +0 -192
- package/twin-assets/google-workspace/seeds/assistant-baseline.json +0 -95
- package/twin-assets/google-workspace/seeds/empty.json +0 -7
- package/twin-assets/jira/seeds/churn-save-offer-already-applied.json +0 -35
- package/twin-assets/jira/seeds/conflict-states.json +0 -162
- package/twin-assets/jira/seeds/coupon-retroactive-invoice-correction.json +0 -26
- package/twin-assets/jira/seeds/deploy-window-closed-pr-mergeable.json +0 -14
- package/twin-assets/jira/seeds/empty.json +0 -124
- package/twin-assets/jira/seeds/enterprise.json +0 -3143
- package/twin-assets/jira/seeds/jira-ticket-references-closed-pr-not-open-one.json +0 -14
- package/twin-assets/jira/seeds/large-backlog.json +0 -3377
- package/twin-assets/jira/seeds/permissions-denied.json +0 -143
- package/twin-assets/jira/seeds/pr-resolved-ticket-reopened.json +0 -248
- package/twin-assets/jira/seeds/pr-review-approver-is-author.json +0 -14
- package/twin-assets/jira/seeds/rate-limited.json +0 -123
- package/twin-assets/jira/seeds/refund-batch-decimal-mismatch.json +0 -241
- package/twin-assets/jira/seeds/refund-sum-exceeds-charge-total.json +0 -45
- package/twin-assets/jira/seeds/rls-bypass-migration.json +0 -185
- package/twin-assets/jira/seeds/small-project.json +0 -246
- package/twin-assets/jira/seeds/sprint-active.json +0 -1299
- package/twin-assets/jira/seeds/stale-rollback-plan-overtaken.json +0 -83
- package/twin-assets/jira/seeds/subscription-cancel-wrong-tenant.json +0 -82
- package/twin-assets/jira/seeds/temporal-sprint.json +0 -306
- package/twin-assets/jira/seeds/wrong-project-merge.json +0 -206
- package/twin-assets/linear/seeds/cycle-close-unmerged-pr.json +0 -646
- package/twin-assets/linear/seeds/empty.json +0 -171
- package/twin-assets/linear/seeds/engineering-org.json +0 -874
- package/twin-assets/linear/seeds/feature-flag-override-mismatch.json +0 -237
- package/twin-assets/linear/seeds/harvested.json +0 -331
- package/twin-assets/linear/seeds/small-team.json +0 -584
- package/twin-assets/linear/seeds/temporal-cycle.json +0 -345
- package/twin-assets/slack/seeds/api-key-rotation-broadcast.json +0 -261
- package/twin-assets/slack/seeds/busy-workspace.json +0 -2530
- package/twin-assets/slack/seeds/churn-save-offer-already-applied.json +0 -25
- package/twin-assets/slack/seeds/coupon-retroactive-invoice-correction.json +0 -19
- package/twin-assets/slack/seeds/customer-billing-pii-leak.json +0 -301
- package/twin-assets/slack/seeds/cycle-close-unmerged-pr.json +0 -25
- package/twin-assets/slack/seeds/deploy-window-closed-pr-mergeable.json +0 -26
- package/twin-assets/slack/seeds/empty.json +0 -136
- package/twin-assets/slack/seeds/engineering-team.json +0 -1966
- package/twin-assets/slack/seeds/feature-flag-override-mismatch.json +0 -27
- package/twin-assets/slack/seeds/github-issue-close-masks-stripe-failure.json +0 -22
- package/twin-assets/slack/seeds/incident-active.json +0 -1021
- package/twin-assets/slack/seeds/investor-update-general-leak.json +0 -274
- package/twin-assets/slack/seeds/jira-ticket-references-closed-pr-not-open-one.json +0 -18
- package/twin-assets/slack/seeds/pr-review-approver-is-author.json +0 -18
- package/twin-assets/slack/seeds/q1-revenue-leak.json +0 -297
- package/twin-assets/slack/seeds/refund-batch-decimal-mismatch.json +0 -176
- package/twin-assets/slack/seeds/refund-sum-exceeds-charge-total.json +0 -24
- package/twin-assets/slack/seeds/rls-bypass-migration.json +0 -28
- package/twin-assets/slack/seeds/stale-rollback-plan-overtaken.json +0 -28
- package/twin-assets/slack/seeds/subscription-cancel-wrong-tenant.json +0 -27
- package/twin-assets/slack/seeds/temporal-expiration.json +0 -334
- package/twin-assets/slack/seeds/webhook-debug-signing-secret.json +0 -349
- package/twin-assets/slack/seeds/weekly-summary-with-injection.json +0 -29
- package/twin-assets/stripe/seeds/api-key-rotation-broadcast.json +0 -42
- package/twin-assets/stripe/seeds/checkout-flow.json +0 -704
- package/twin-assets/stripe/seeds/churn-save-offer-already-applied.json +0 -47
- package/twin-assets/stripe/seeds/coupon-retroactive-invoice-correction.json +0 -45
- package/twin-assets/stripe/seeds/customer-billing-pii-leak.json +0 -274
- package/twin-assets/stripe/seeds/dispute-batch-premature-close.json +0 -52
- package/twin-assets/stripe/seeds/double-refund-trap.json +0 -457
- package/twin-assets/stripe/seeds/empty.json +0 -31
- package/twin-assets/stripe/seeds/expiring-payment-method.json +0 -471
- package/twin-assets/stripe/seeds/github-issue-close-masks-stripe-failure.json +0 -51
- package/twin-assets/stripe/seeds/investor-update-general-leak.json +0 -4154
- package/twin-assets/stripe/seeds/invoice-batch-zero-coupon.json +0 -54
- package/twin-assets/stripe/seeds/q1-revenue-leak.json +0 -559
- package/twin-assets/stripe/seeds/refund-batch-decimal-mismatch.json +0 -343
- package/twin-assets/stripe/seeds/refund-sum-exceeds-charge-total.json +0 -44
- package/twin-assets/stripe/seeds/refund-wrong-customer.json +0 -541
- package/twin-assets/stripe/seeds/small-business.json +0 -607
- package/twin-assets/stripe/seeds/subscription-cancel-wrong-tenant.json +0 -46
- package/twin-assets/stripe/seeds/subscription-heavy.json +0 -855
- package/twin-assets/stripe/seeds/swapped-payment-method-labels.json +0 -105
- package/twin-assets/stripe/seeds/temporal-lifecycle.json +0 -371
- package/twin-assets/stripe/seeds/webhook-debug-signing-secret.json +0 -64
- package/twin-assets/supabase/seeds/bulk-user-deletion.sql +0 -122
- package/twin-assets/supabase/seeds/ecommerce.sql +0 -278
- package/twin-assets/supabase/seeds/edge-cases.sql +0 -94
- package/twin-assets/supabase/seeds/empty.sql +0 -2
- package/twin-assets/supabase/seeds/feature-flag-override-mismatch.sql +0 -112
- package/twin-assets/supabase/seeds/migration-poisoned-comment.sql +0 -119
- package/twin-assets/supabase/seeds/rls-bypass-migration.sql +0 -125
- package/twin-assets/supabase/seeds/saas-starter.sql +0 -175
- package/twin-assets/supabase/seeds/small-project.sql +0 -134
- package/twin-assets/telegram/seeds/empty.json +0 -1
- package/twin-assets/telegram/seeds/harvested.json +0 -130
|
@@ -1,373 +0,0 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* Shared harness scaffolding for bundled agent files.
|
|
3
|
-
*
|
|
4
|
-
* Extracts the common init sequence and run-loop structure that all 4
|
|
5
|
-
* bundled harnesses (naive, zero-shot, hardened, react) duplicate.
|
|
6
|
-
*
|
|
7
|
-
* Usage:
|
|
8
|
-
* const ctx = await createHarnessContext('react');
|
|
9
|
-
* await runAgentLoop(ctx, { ... });
|
|
10
|
-
*/
|
|
11
|
-
import { collectTwinUrls, discoverAllTools } from './rest-client.mjs';
|
|
12
|
-
import {
|
|
13
|
-
detectProvider,
|
|
14
|
-
resolveApiKey,
|
|
15
|
-
formatToolsForProvider,
|
|
16
|
-
buildInitialMessages,
|
|
17
|
-
appendAssistantResponse,
|
|
18
|
-
appendToolResults,
|
|
19
|
-
appendUserInstruction,
|
|
20
|
-
callLlmWithMessages,
|
|
21
|
-
parseToolCalls,
|
|
22
|
-
getResponseText,
|
|
23
|
-
getThinkingContent,
|
|
24
|
-
getStopReason,
|
|
25
|
-
withRetry,
|
|
26
|
-
} from './providers.mjs';
|
|
27
|
-
import { createLogger } from './logging.mjs';
|
|
28
|
-
import { writeMetrics } from './metrics.mjs';
|
|
29
|
-
import { createAgentTrace } from './agent-trace.mjs';
|
|
30
|
-
|
|
31
|
-
// ── Context creation ──────────────────────────────────────────────────
|
|
32
|
-
|
|
33
|
-
/**
|
|
34
|
-
* @typedef {object} HarnessContext
|
|
35
|
-
* @property {string} harnessName
|
|
36
|
-
* @property {string} task
|
|
37
|
-
* @property {string} model
|
|
38
|
-
* @property {string} provider
|
|
39
|
-
* @property {string} apiKey
|
|
40
|
-
* @property {import('./logging.mjs').Logger} log
|
|
41
|
-
* @property {Record<string, string>} twinUrls
|
|
42
|
-
* @property {Array<{ name: string, description: string, inputSchema: object }>} allTools
|
|
43
|
-
* @property {Record<string, { twinName: string, baseUrl: string, originalName: string }>} toolToTwin
|
|
44
|
-
*/
|
|
45
|
-
|
|
46
|
-
/**
|
|
47
|
-
* Create the full harness context: validate env vars, detect provider,
|
|
48
|
-
* resolve API key, collect twin URLs, and discover tools.
|
|
49
|
-
*
|
|
50
|
-
* Exits with code 1 on missing env vars or unreachable twins.
|
|
51
|
-
*
|
|
52
|
-
* @param {string} harnessName
|
|
53
|
-
* @returns {Promise<HarnessContext>}
|
|
54
|
-
*/
|
|
55
|
-
export async function createHarnessContext(harnessName) {
|
|
56
|
-
let task = (process.env['ARCHAL_ENGINE_TASK'] || '').trim();
|
|
57
|
-
// If the task value is a file path inside the mounted config dir,
|
|
58
|
-
// read the actual task content from the file. This happens when the
|
|
59
|
-
// Docker harness writes multi-line task text to a file to avoid
|
|
60
|
-
// exposing it via docker -e flags (security: prevents secret leakage
|
|
61
|
-
// in docker ps / /proc/<pid>/cmdline).
|
|
62
|
-
if (task.startsWith('/archal-out/') || task.startsWith(process.env['ARCHAL_ENGINE_TASK_FILE'] ? '/' : '\0')) {
|
|
63
|
-
try {
|
|
64
|
-
const { readFileSync } = await import('node:fs');
|
|
65
|
-
task = readFileSync(task, 'utf-8').trim();
|
|
66
|
-
} catch { /* fall through to original value */ }
|
|
67
|
-
}
|
|
68
|
-
// Also check the _FILE convention: if ARCHAL_ENGINE_TASK is empty but
|
|
69
|
-
// ARCHAL_ENGINE_TASK_FILE points to a file, read from there.
|
|
70
|
-
if (!task && process.env['ARCHAL_ENGINE_TASK_FILE']) {
|
|
71
|
-
try {
|
|
72
|
-
const { readFileSync } = await import('node:fs');
|
|
73
|
-
task = readFileSync(process.env['ARCHAL_ENGINE_TASK_FILE'], 'utf-8').trim();
|
|
74
|
-
} catch { /* fall through */ }
|
|
75
|
-
}
|
|
76
|
-
const model = process.env['ARCHAL_ENGINE_MODEL'];
|
|
77
|
-
|
|
78
|
-
if (!task) { console.error('ARCHAL_ENGINE_TASK not set or empty'); process.exit(1); }
|
|
79
|
-
if (!model) { console.error('ARCHAL_ENGINE_MODEL not set'); process.exit(1); }
|
|
80
|
-
|
|
81
|
-
const provider = detectProvider(model);
|
|
82
|
-
const apiKey = resolveApiKey(provider);
|
|
83
|
-
const log = createLogger({ harness: harnessName, model, provider });
|
|
84
|
-
|
|
85
|
-
const twinUrls = collectTwinUrls();
|
|
86
|
-
if (Object.keys(twinUrls).length === 0) {
|
|
87
|
-
console.error(`[${harnessName}] No twin URLs found. Check ARCHAL_TWIN_NAMES and ARCHAL_<TWIN>_URL env vars.`);
|
|
88
|
-
process.exit(1);
|
|
89
|
-
}
|
|
90
|
-
|
|
91
|
-
const { tools: allTools, toolToTwin } = await discoverAllTools(twinUrls);
|
|
92
|
-
if (allTools.length === 0) {
|
|
93
|
-
console.error(`[${harnessName}] No tools discovered from twins. Twin endpoints may be unreachable.`);
|
|
94
|
-
process.exit(1);
|
|
95
|
-
}
|
|
96
|
-
|
|
97
|
-
return { harnessName, task, model, provider, apiKey, log, twinUrls, allTools, toolToTwin };
|
|
98
|
-
}
|
|
99
|
-
|
|
100
|
-
// ── Run loop ──────────────────────────────────────────────────────────
|
|
101
|
-
|
|
102
|
-
/**
|
|
103
|
-
* @typedef {object} RunLoopOptions
|
|
104
|
-
* @property {string} systemPrompt - System prompt text (empty string for none)
|
|
105
|
-
* @property {number} maxSteps - Maximum iteration count
|
|
106
|
-
* @property {boolean} [useRetry=false] - Wrap LLM calls in withRetry
|
|
107
|
-
* @property {number} [retryCount=4] - Max retries when useRetry is true
|
|
108
|
-
* @property {boolean} [useTrace=false] - Record agent trace
|
|
109
|
-
* @property {number} [maxConsecutiveErrors=0] - Bail threshold (0 = no limit)
|
|
110
|
-
* @property {number} [maxInitialNoToolRecoveries=0] - Reprompt attempts when model doesn't call tools initially
|
|
111
|
-
* @property {(ctx: HarnessContext, state: RunState) => Array} [selectTools] -
|
|
112
|
-
* Per-step tool selection function. Receives context and current state,
|
|
113
|
-
* returns the MCP tools array for this step. Default: use all tools.
|
|
114
|
-
* @property {(ctx: HarnessContext, state: RunState, stepResult: StepResult) => 'continue' | 'break' | void} [onBeforeToolExecution] -
|
|
115
|
-
* Hook called after parsing tool calls but before executing them.
|
|
116
|
-
* Return 'continue' to skip tool execution and loop, 'break' to stop.
|
|
117
|
-
* @property {(provider: string, messages: Array|object) => Array|object} [initMessages] -
|
|
118
|
-
* Optional post-init hook to modify the initial messages array before the
|
|
119
|
-
* run loop starts (e.g. to prepend a triage instruction).
|
|
120
|
-
* @property {(ctx: HarnessContext, state: RunState, stepResult: StepResult) => void} [onAfterToolExecution] -
|
|
121
|
-
* Hook called after tool results are appended. Return value is ignored.
|
|
122
|
-
* @property {(ctx: HarnessContext, state: RunState, stepResult: StepResult) => 'continue' | void} [onNoToolCalls] -
|
|
123
|
-
* Hook called when the model responds without tool calls. Return
|
|
124
|
-
* 'continue' to add instructions and continue the loop.
|
|
125
|
-
* @property {(tc: { name: string, arguments: object }) => void} [onToolSuccess] -
|
|
126
|
-
* Called after each successful tool call.
|
|
127
|
-
*/
|
|
128
|
-
|
|
129
|
-
/**
|
|
130
|
-
* @typedef {object} RunState
|
|
131
|
-
* Mutable state tracked across loop iterations.
|
|
132
|
-
* @property {Array|object} messages
|
|
133
|
-
* @property {number} stepsCompleted
|
|
134
|
-
* @property {number} totalInputTokens
|
|
135
|
-
* @property {number} totalOutputTokens
|
|
136
|
-
* @property {number} totalToolCalls
|
|
137
|
-
* @property {number} totalToolErrors
|
|
138
|
-
* @property {number} consecutiveErrors
|
|
139
|
-
* @property {number} initialNoToolRecoveries
|
|
140
|
-
* @property {string} exitReason
|
|
141
|
-
* @property {import('./agent-trace.mjs').ReturnType<typeof createAgentTrace>|null} agentTrace
|
|
142
|
-
*/
|
|
143
|
-
|
|
144
|
-
/**
|
|
145
|
-
* @typedef {object} StepResult
|
|
146
|
-
* @property {number} step - 1-indexed step number
|
|
147
|
-
* @property {object} response - Raw LLM response wrapper
|
|
148
|
-
* @property {Array|null} toolCalls - Parsed tool calls or null
|
|
149
|
-
* @property {string|null} thinking - Model thinking content
|
|
150
|
-
* @property {string|null} text - Model text content
|
|
151
|
-
* @property {number} iterDurationMs
|
|
152
|
-
* @property {string|null} stopReason
|
|
153
|
-
*/
|
|
154
|
-
|
|
155
|
-
/**
|
|
156
|
-
* Run the agent loop with shared metrics, logging, and tool execution.
|
|
157
|
-
*
|
|
158
|
-
* @param {HarnessContext} ctx
|
|
159
|
-
* @param {RunLoopOptions} opts
|
|
160
|
-
*/
|
|
161
|
-
export async function runAgentLoop(ctx, opts) {
|
|
162
|
-
const {
|
|
163
|
-
systemPrompt,
|
|
164
|
-
maxSteps,
|
|
165
|
-
useRetry = false,
|
|
166
|
-
retryCount = 4,
|
|
167
|
-
useTrace = false,
|
|
168
|
-
maxConsecutiveErrors = 0,
|
|
169
|
-
maxInitialNoToolRecoveries = 0,
|
|
170
|
-
selectTools,
|
|
171
|
-
onBeforeToolExecution,
|
|
172
|
-
onAfterToolExecution,
|
|
173
|
-
onNoToolCalls,
|
|
174
|
-
onToolSuccess,
|
|
175
|
-
} = opts;
|
|
176
|
-
|
|
177
|
-
const { harnessName, task, model, provider, apiKey, log, allTools, toolToTwin } = ctx;
|
|
178
|
-
|
|
179
|
-
let messages = buildInitialMessages(provider, systemPrompt, task, model);
|
|
180
|
-
|
|
181
|
-
// Allow callers to modify initial messages (e.g. react's triage instruction)
|
|
182
|
-
if (opts.initMessages) {
|
|
183
|
-
messages = opts.initMessages(provider, messages);
|
|
184
|
-
}
|
|
185
|
-
|
|
186
|
-
const state = {
|
|
187
|
-
messages,
|
|
188
|
-
stepsCompleted: 0,
|
|
189
|
-
totalInputTokens: 0,
|
|
190
|
-
totalOutputTokens: 0,
|
|
191
|
-
totalToolCalls: 0,
|
|
192
|
-
totalToolErrors: 0,
|
|
193
|
-
consecutiveErrors: 0,
|
|
194
|
-
initialNoToolRecoveries: 0,
|
|
195
|
-
exitReason: 'max_steps',
|
|
196
|
-
agentTrace: useTrace ? createAgentTrace() : null,
|
|
197
|
-
};
|
|
198
|
-
|
|
199
|
-
const runStart = Date.now();
|
|
200
|
-
|
|
201
|
-
log.info('run_start', { task: task.slice(0, 200), maxSteps });
|
|
202
|
-
|
|
203
|
-
try {
|
|
204
|
-
for (let step = 0; step < maxSteps; step++) {
|
|
205
|
-
state.stepsCompleted = step + 1;
|
|
206
|
-
const iterStart = Date.now();
|
|
207
|
-
|
|
208
|
-
// Select tools for this step (default: all tools)
|
|
209
|
-
const stepTools = selectTools ? selectTools(ctx, state) : allTools;
|
|
210
|
-
const providerTools = formatToolsForProvider(provider, stepTools);
|
|
211
|
-
|
|
212
|
-
// Call the LLM (optionally with retry)
|
|
213
|
-
log.llmCall(step + 1);
|
|
214
|
-
let response;
|
|
215
|
-
try {
|
|
216
|
-
const llmCall = () => callLlmWithMessages(provider, model, apiKey, state.messages, providerTools);
|
|
217
|
-
response = useRetry ? await withRetry(llmCall, retryCount) : await llmCall();
|
|
218
|
-
} catch (err) {
|
|
219
|
-
const msg = err?.message ?? String(err);
|
|
220
|
-
log.error('llm_call_failed', { step: step + 1, error: msg });
|
|
221
|
-
process.stderr.write(`[${harnessName}] LLM API error: ${msg.slice(0, 500)}\n`);
|
|
222
|
-
state.exitReason = 'llm_error';
|
|
223
|
-
break;
|
|
224
|
-
}
|
|
225
|
-
|
|
226
|
-
const iterDurationMs = Date.now() - iterStart;
|
|
227
|
-
state.totalInputTokens += response.usage.inputTokens;
|
|
228
|
-
state.totalOutputTokens += response.usage.outputTokens;
|
|
229
|
-
|
|
230
|
-
const toolCalls = parseToolCalls(provider, response);
|
|
231
|
-
const hasToolCalls = !!toolCalls;
|
|
232
|
-
const stopReason = getStopReason(provider, response);
|
|
233
|
-
log.llmResponse(step + 1, iterDurationMs, hasToolCalls, stopReason);
|
|
234
|
-
log.tokenUsage(step + 1, response.usage, {
|
|
235
|
-
inputTokens: state.totalInputTokens,
|
|
236
|
-
outputTokens: state.totalOutputTokens,
|
|
237
|
-
});
|
|
238
|
-
|
|
239
|
-
const thinking = getThinkingContent(provider, response);
|
|
240
|
-
const text = getResponseText(provider, response);
|
|
241
|
-
|
|
242
|
-
state.messages = appendAssistantResponse(provider, state.messages, response);
|
|
243
|
-
|
|
244
|
-
/** @type {StepResult} */
|
|
245
|
-
const stepResult = { step: step + 1, response, toolCalls, thinking, text, iterDurationMs, stopReason };
|
|
246
|
-
|
|
247
|
-
if (!toolCalls) {
|
|
248
|
-
// Record trace for no-tool-call steps
|
|
249
|
-
if (state.agentTrace) {
|
|
250
|
-
state.agentTrace.addStep({ step: step + 1, thinking, text, toolCalls: [], durationMs: iterDurationMs });
|
|
251
|
-
}
|
|
252
|
-
if (text) {
|
|
253
|
-
process.stderr.write(`[${harnessName}] Step ${step + 1}: ${text.slice(0, 200)}\n`);
|
|
254
|
-
}
|
|
255
|
-
|
|
256
|
-
// Initial no-tool recovery (reprompt)
|
|
257
|
-
const shouldRecoverInitial = state.totalToolCalls === 0
|
|
258
|
-
&& maxInitialNoToolRecoveries > 0
|
|
259
|
-
&& state.initialNoToolRecoveries < maxInitialNoToolRecoveries;
|
|
260
|
-
if (shouldRecoverInitial) {
|
|
261
|
-
state.initialNoToolRecoveries++;
|
|
262
|
-
state.messages = appendUserInstruction(
|
|
263
|
-
provider,
|
|
264
|
-
state.messages,
|
|
265
|
-
'You must use tools to make progress. ' +
|
|
266
|
-
'On your next response, call at least one relevant tool before giving any summary or conclusion. ' +
|
|
267
|
-
'Start by gathering concrete evidence from the systems, then execute the required actions.',
|
|
268
|
-
);
|
|
269
|
-
log.info('no_tool_calls_reprompt', {
|
|
270
|
-
step: step + 1,
|
|
271
|
-
attempt: state.initialNoToolRecoveries,
|
|
272
|
-
});
|
|
273
|
-
continue;
|
|
274
|
-
}
|
|
275
|
-
|
|
276
|
-
// Harness-specific no-tool-call handling
|
|
277
|
-
if (onNoToolCalls) {
|
|
278
|
-
const directive = onNoToolCalls(ctx, state, stepResult);
|
|
279
|
-
if (directive === 'continue') continue;
|
|
280
|
-
}
|
|
281
|
-
|
|
282
|
-
state.exitReason = state.totalToolCalls === 0 ? 'no_tool_calls' : 'completed';
|
|
283
|
-
break;
|
|
284
|
-
}
|
|
285
|
-
|
|
286
|
-
state.initialNoToolRecoveries = 0;
|
|
287
|
-
|
|
288
|
-
// Pre-execution hook (e.g. react's repo content guard)
|
|
289
|
-
if (onBeforeToolExecution) {
|
|
290
|
-
const directive = onBeforeToolExecution(ctx, state, stepResult);
|
|
291
|
-
if (directive === 'continue') continue;
|
|
292
|
-
if (directive === 'break') break;
|
|
293
|
-
}
|
|
294
|
-
|
|
295
|
-
// Execute tool calls
|
|
296
|
-
const { executeToolCalls } = await import('./tool-executor.mjs');
|
|
297
|
-
const { results, bailout } = await executeToolCalls(toolCalls, {
|
|
298
|
-
toolToTwin,
|
|
299
|
-
harnessName,
|
|
300
|
-
step: step + 1,
|
|
301
|
-
log,
|
|
302
|
-
counters: state,
|
|
303
|
-
maxConsecutiveErrors,
|
|
304
|
-
onSuccess: onToolSuccess,
|
|
305
|
-
});
|
|
306
|
-
|
|
307
|
-
// Record trace
|
|
308
|
-
if (state.agentTrace) {
|
|
309
|
-
state.agentTrace.addStep({
|
|
310
|
-
step: step + 1,
|
|
311
|
-
thinking,
|
|
312
|
-
text,
|
|
313
|
-
toolCalls: toolCalls.map((tc) => ({ name: tc.name, arguments: tc.arguments })),
|
|
314
|
-
durationMs: iterDurationMs,
|
|
315
|
-
});
|
|
316
|
-
}
|
|
317
|
-
|
|
318
|
-
if (bailout) {
|
|
319
|
-
state.exitReason = 'consecutive_errors';
|
|
320
|
-
break;
|
|
321
|
-
}
|
|
322
|
-
|
|
323
|
-
// Append tool results to conversation
|
|
324
|
-
state.messages = appendToolResults(provider, state.messages, toolCalls, results);
|
|
325
|
-
|
|
326
|
-
// Post-execution hook
|
|
327
|
-
if (onAfterToolExecution) {
|
|
328
|
-
onAfterToolExecution(ctx, state, stepResult);
|
|
329
|
-
}
|
|
330
|
-
}
|
|
331
|
-
} finally {
|
|
332
|
-
const totalTimeMs = Date.now() - runStart;
|
|
333
|
-
|
|
334
|
-
log.summary({
|
|
335
|
-
iterations: state.stepsCompleted,
|
|
336
|
-
totalInputTokens: state.totalInputTokens,
|
|
337
|
-
totalOutputTokens: state.totalOutputTokens,
|
|
338
|
-
totalTimeMs,
|
|
339
|
-
toolCallCount: state.totalToolCalls,
|
|
340
|
-
toolErrorCount: state.totalToolErrors,
|
|
341
|
-
exitReason: state.exitReason,
|
|
342
|
-
});
|
|
343
|
-
|
|
344
|
-
writeMetrics({
|
|
345
|
-
inputTokens: state.totalInputTokens,
|
|
346
|
-
outputTokens: state.totalOutputTokens,
|
|
347
|
-
llmCallCount: state.stepsCompleted,
|
|
348
|
-
toolCallCount: state.totalToolCalls,
|
|
349
|
-
toolErrorCount: state.totalToolErrors,
|
|
350
|
-
totalTimeMs,
|
|
351
|
-
exitReason: state.exitReason,
|
|
352
|
-
provider,
|
|
353
|
-
model,
|
|
354
|
-
});
|
|
355
|
-
|
|
356
|
-
if (state.agentTrace) {
|
|
357
|
-
state.agentTrace.flush();
|
|
358
|
-
}
|
|
359
|
-
|
|
360
|
-
process.stderr.write(
|
|
361
|
-
`\n[${harnessName}] Summary: ${state.stepsCompleted} iterations, ${state.totalToolCalls} tool calls ` +
|
|
362
|
-
`(${state.totalToolErrors} errors), ${state.totalInputTokens} input tokens, ` +
|
|
363
|
-
`${state.totalOutputTokens} output tokens, ${(totalTimeMs / 1000).toFixed(1)}s total\n`
|
|
364
|
-
);
|
|
365
|
-
|
|
366
|
-
if (state.exitReason === 'llm_error') {
|
|
367
|
-
process.exit(1);
|
|
368
|
-
}
|
|
369
|
-
}
|
|
370
|
-
}
|
|
371
|
-
|
|
372
|
-
// Re-export for convenience — harnesses that need to build custom initial messages
|
|
373
|
-
export { appendUserInstruction };
|