npm - @blockrun/franklin - Versions diffs - 3.15.6 → 3.15.8 - Mend

@blockrun/franklin 3.15.6 → 3.15.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/agent/loop.js CHANGED Viewed

@@ -22,7 +22,7 @@ import { appendAudit, extractLastUserPrompt } from '../stats/audit.js';
 import { estimateCost, OPUS_PRICING } from '../pricing.js';
 import { maybeMidSessionExtract } from '../learnings/extractor.js';
 import { extractMentions, buildEntityContext, loadEntities } from '../brain/store.js';
-import { routeRequestAsync, resolveTierToModel, parseRoutingProfile } from '../router/index.js';
+import { routeRequestAsync, resolveTierToModel, parseRoutingProfile, getFallbackChain } from '../router/index.js';
 import { recordOutcome } from '../router/local-elo.js';
 import { shouldPlan, getPlanningPrompt, getExecutorModel, isExecutorStuck, toolCallSignature } from './planner.js';
 import { shouldVerify, runVerification } from './verification.js';
@@ -505,6 +505,11 @@ export async function interactiveSession(config, getUserInput, onEvent, onAbortR
         let recoveryAttempts = 0;
         let autoContinuationCount = 0;
         const MAX_RECOVERY_ATTEMPTS = 5;
+        // Track per-model server-error streak so we can break out of a stuck
+        // upstream and try the next model in the routing fallback chain instead
+        // of burning all MAX_RECOVERY_ATTEMPTS retries on the same failure.
+        const serverErrorsByModel = new Map();
+        const SERVER_ERROR_STREAK_BEFORE_SWITCH = 2;
         let compactFailures = 0;
         let maxTokensOverride;
         const turnIdleReference = lastSessionActivity;
@@ -993,14 +998,48 @@ export async function interactiveSession(config, getUserInput, onEvent, onAbortR
                     }
                 }
                 if (classified.isTransient && recoveryAttempts < effectiveMaxRetries) {
+                    // Server-error streak guard: if the same model 5xx's twice in a row
+                    // it's almost always an upstream incident, not a blip. Switch to
+                    // the next routing fallback instead of waiting out 5 backoffs on a
+                    // dead provider — same idea as the payment-failure auto-fallback
+                    // below, but for transient server errors. Skipped for non-server
+                    // transients (rate limits, network blips) where retry is the right
+                    // call. Also skipped when the user picked a concrete model — they
+                    // explicitly chose this one, so we shouldn't silently swap.
+                    if (classified.category === 'server' && parseRoutingProfile(config.model)) {
+                        const streak = (serverErrorsByModel.get(resolvedModel) ?? 0) + 1;
+                        serverErrorsByModel.set(resolvedModel, streak);
+                        if (streak >= SERVER_ERROR_STREAK_BEFORE_SWITCH) {
+                            const fallbackChain = getFallbackChain(routingTier ?? 'MEDIUM', parseRoutingProfile(config.model) ?? 'auto');
+                            const nextModel = fallbackChain.find(m => m !== resolvedModel && (serverErrorsByModel.get(m) ?? 0) < SERVER_ERROR_STREAK_BEFORE_SWITCH);
+                            if (nextModel) {
+                                config.model = nextModel;
+                                config.onModelChange?.(nextModel, 'system');
+                                recoveryAttempts = 0;
+                                onEvent({
+                                    kind: 'text_delta',
+                                    text: `\n*${resolvedModel} keeps 5xx'ing (${streak} in a row) — switching to ${nextModel}*\n`,
+                                });
+                                continue;
+                            }
+                            // No alternative left in the fallback chain — fall through to
+                            // the normal retry path so we at least exhaust attempts before
+                            // surrender.
+                        }
+                    }
                     recoveryAttempts++;
                     const backoffMs = getBackoffDelay(recoveryAttempts);
                     if (config.debug) {
                         console.error(`[franklin] ${classified.label} error — retrying in ${(backoffMs / 1000).toFixed(1)}s (attempt ${recoveryAttempts}/${effectiveMaxRetries}): ${errMsg.slice(0, 100)}`);
                     }
+                    // Surface the actual error + model so the user can see which model
+                    // is failing and what the upstream said. Old "Retrying after Server
+                    // error" was uninformative — users couldn't tell whether to wait,
+                    // /retry, or /model-switch.
+                    const errSnippet = errMsg.replace(/\s+/g, ' ').slice(0, 100);
                     onEvent({
                         kind: 'text_delta',
-                        text: `\n*Retrying (${recoveryAttempts}/${effectiveMaxRetries}) after ${classified.label} error...*\n`,
+                        text: `\n*Retrying ${recoveryAttempts}/${effectiveMaxRetries} on ${resolvedModel} — ${classified.label}: ${errSnippet}*\n`,
                     });
                     await new Promise(r => setTimeout(r, backoffMs));
                     continue;

package/dist/tools/webfetch.js CHANGED Viewed

@@ -58,6 +58,22 @@ async function execute(input, ctx) {
     if (!['http:', 'https:'].includes(parsed.protocol)) {
         return { output: `Error: only http/https URLs are supported`, isError: true };
     }
+    // ── Pre-flight: known anti-bot domains ──
+    // Sites that systematically block scripted access return 403 / 429 /
+    // captcha challenges to plain GET requests no matter what UA we send.
+    // Without this guard the model burns multiple turns retrying variations
+    // (Zillow → /research/austin-tx, /homedetails/X, /sold/Y...) that all
+    // 403 the same way, padding the step counter and the user's bill.
+    // Short-circuiting here returns a single actionable error instead.
+    const blocked = isBlockedDomain(parsed.hostname);
+    if (blocked) {
+        return {
+            output: `${parsed.hostname} systematically blocks automated fetch (${blocked.reason}). ` +
+                `Switch tools: ${blocked.alternative}. Don't retry this URL with WebFetch — ` +
+                `every variant of the same hostname returns the same block.`,
+            isError: true,
+        };
+    }
     const maxLen = Math.min(max_length ?? DEFAULT_MAX_LENGTH, MAX_BODY_BYTES);
     // ── YouTube special case ──
     // Plain HTML fetch on a youtube.com URL returns the SPA bundle (a wall of
@@ -108,8 +124,19 @@ async function execute(input, ctx) {
             redirect: 'follow',
         });
         if (!response.ok) {
+            // 403 / 429 from a domain not in the static block list often still
+            // means anti-bot — many sites tier their detection (first hit OK,
+            // subsequent ones blocked) or rely on UA fingerprinting. Surface
+            // this as an actionable hint so the model switches strategy
+            // instead of retrying the same URL with a different path.
+            const isAntiBot = response.status === 403 || response.status === 429 ||
+                response.status === 503;
+            const hint = isAntiBot
+                ? ` — ${parsed.hostname} likely blocks automated fetch. Try WebSearch for the same query, ` +
+                    `or fetch a different domain that publishes the same data.`
+                : '';
             return {
-                output: `HTTP ${response.status} ${response.statusText} for ${url}`,
+                output: `HTTP ${response.status} ${response.statusText} for ${url}${hint}`,
                 isError: true,
             };
         }
@@ -176,6 +203,76 @@ async function execute(input, ctx) {
         ctx.abortSignal.removeEventListener('abort', onAbort);
     }
 }
+const BLOCKED_DOMAINS = [
+    {
+        pattern: /(^|\.)zillow\.com$/i,
+        reason: '403 to all non-browser GETs',
+        alternative: 'use WebSearch for "Austin TX home price trends" or similar',
+    },
+    {
+        pattern: /(^|\.)redfin\.com$/i,
+        reason: '403 / captcha challenge to scripted requests',
+        alternative: 'use WebSearch with the property address or zip code',
+    },
+    {
+        pattern: /(^|\.)realtor\.com$/i,
+        reason: '403 / interstitial to non-browser UAs',
+        alternative: 'use WebSearch',
+    },
+    {
+        pattern: /(^|\.)linkedin\.com$/i,
+        reason: 'auth wall on every page',
+        alternative: 'use SearchX (X is the better discovery surface for the same people) or WebSearch',
+    },
+    {
+        pattern: /(^|\.)instagram\.com$/i,
+        reason: 'auth wall + 401 to public profile fetches',
+        alternative: 'use WebSearch for the username',
+    },
+    {
+        pattern: /(^|\.)facebook\.com$/i,
+        reason: 'auth wall on most public content',
+        alternative: 'use WebSearch',
+    },
+    {
+        pattern: /(^|\.)x\.com$/i,
+        reason: 'X.com requires authenticated API',
+        alternative: 'use SearchX (the dedicated X tool) instead of WebFetch',
+    },
+    {
+        pattern: /(^|\.)twitter\.com$/i,
+        reason: 'X.com requires authenticated API',
+        alternative: 'use SearchX (the dedicated X tool) instead of WebFetch',
+    },
+    {
+        pattern: /(^|\.)tiktok\.com$/i,
+        reason: 'returns SPA shell + JS challenge',
+        alternative: 'use WebSearch with the @username',
+    },
+    {
+        pattern: /(^|\.)reuters\.com$/i,
+        reason: 'paywall + bot detection',
+        alternative: 'use WebSearch which surfaces cached headlines',
+    },
+    {
+        pattern: /(^|\.)bloomberg\.com$/i,
+        reason: 'paywall + bot detection',
+        alternative: 'use WebSearch for the same story',
+    },
+    {
+        pattern: /(^|\.)wsj\.com$/i,
+        reason: 'paywall',
+        alternative: 'use WebSearch for the same story',
+    },
+];
+function isBlockedDomain(hostname) {
+    for (const entry of BLOCKED_DOMAINS) {
+        if (entry.pattern.test(hostname)) {
+            return { reason: entry.reason, alternative: entry.alternative };
+        }
+    }
+    return null;
+}
 // ─── YouTube transcript fetcher ─────────────────────────────────────────────
 // Fetches auto-generated or uploaded captions for a YouTube video by parsing
 // the watch-page's `ytInitialPlayerResponse` JSON. Pure HTTP, no deps. Saves

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@blockrun/franklin",
-  "version": "3.15.6",
+  "version": "3.15.8",
   "description": "Franklin — The AI agent with a wallet. Spends USDC autonomously to get real work done. Pay per action, no subscriptions.",
   "type": "module",
   "exports": {