@blockrun/franklin 3.8.38 → 3.8.40

package/dist/agent/llm.js

@@ -15,12 +15,12 @@ function parseTimeoutEnv(name) {
 function getModelRequestTimeoutMs() {
     return (parseTimeoutEnv('FRANKLIN_MODEL_REQUEST_TIMEOUT_MS') ??
         parseTimeoutEnv('FRANKLIN_MODEL_IDLE_TIMEOUT_MS') ??
-        8_000);
+        45_000);
 }
 function getModelStreamIdleTimeoutMs() {
     return (parseTimeoutEnv('FRANKLIN_MODEL_STREAM_IDLE_TIMEOUT_MS') ??
         parseTimeoutEnv('FRANKLIN_MODEL_IDLE_TIMEOUT_MS') ??
-        25_000);
+        90_000);
 }
 function linkAbortSignal(parent, child) {
     if (!parent)

package/dist/agent/loop.js

@@ -16,6 +16,7 @@ import { resetToolSessionState } from '../tools/index.js';
 import { CORE_TOOL_NAMES, dynamicToolsEnabled } from '../tools/tool-categories.js';
 import { createActivateToolCapability } from '../tools/activate.js';
 import { recordUsage } from '../stats/tracker.js';
+import { loadConfig } from '../commands/config.js';
 import { recordSessionUsage } from '../stats/session-tracker.js';
 import { appendAudit, extractLastUserPrompt } from '../stats/audit.js';
 import { estimateCost, OPUS_PRICING } from '../pricing.js';
@@ -487,7 +488,24 @@ export async function interactiveSession(config, getUserInput, onEvent, onAbortR
         let consecutiveTinyResponses = 0; // Count of consecutive calls with <10 output tokens
         const MAX_TINY_RESPONSES = 2; // Break after N tiny responses — if 2 calls return near-empty, something is wrong
         let turnSpend = 0; // Cost spent this user turn (USD)
-        const MAX_TURN_SPEND_USD = 0.25; // Hard circuit breaker per user message (lowered — user wallets are real money)
+        // Hard circuit breaker per user message — defends user wallets against
+        // a runaway model+tool combo on a single prompt. User-overridable via
+        // `franklin config set max-turn-spend-usd <number>`. Explicit "0" or a
+        // negative number disables the cap; a non-numeric / unparseable value
+        // is treated as a typo and falls back to the safe default rather than
+        // silently removing the wallet guard.
+        const turnSpendCap = (() => {
+            const raw = loadConfig()['max-turn-spend-usd'];
+            if (raw == null)
+                return 0.25;
+            const parsed = Number(raw);
+            if (!Number.isFinite(parsed))
+                return 0.25; // typo → keep default
+            if (parsed <= 0)
+                return Infinity; // explicit opt-out
+            return parsed;
+        })();
+        const MAX_TURN_SPEND_USD = turnSpendCap;
         // ── Turn analysis (one classifier call, drives routing + prefetch) ──
         // Single LLM pass that answers every routing-adjacent question the
         // harness needs BEFORE the main model runs: tier, ticker intent,

package/dist/commands/config.d.ts

@@ -6,6 +6,13 @@ export interface AppConfig {
     'smart-routing'?: string;
     'permission-mode'?: string;
     'max-turns'?: string;
+    /**
+     * Hard per-turn spend ceiling in USD (default $0.25). Numeric string,
+     * e.g. "0.5" or "2". Set to "0" to disable the cap. The agent loop
+     * stops a turn the moment cumulative cost crosses this threshold,
+     * preventing a runaway model + tool combo from draining the wallet.
+     */
+    'max-turn-spend-usd'?: string;
     'auto-compact'?: string;
     'session-save'?: string;
     'debug'?: string;

package/dist/commands/config.js

@@ -12,6 +12,7 @@ const VALID_KEYS = [
     'smart-routing',
     'permission-mode',
     'max-turns',
+    'max-turn-spend-usd',
     'auto-compact',
     'session-save',
     'debug',

package/dist/proxy/server.js

@@ -5,7 +5,7 @@ import os from 'node:os';
 import { getOrCreateWallet, getOrCreateSolanaWallet, createPaymentPayload, createSolanaPaymentPayload, parsePaymentRequired, extractPaymentDetails, solanaKeyToBytes, SOLANA_NETWORK, } from '@blockrun/llm';
 import { recordUsage } from '../stats/tracker.js';
 import { appendAudit } from '../stats/audit.js';
-import { buildFallbackChain, DEFAULT_FALLBACK_CONFIG, ROUTING_PROFILES, } from './fallback.js';
+import { fetchWithFallback, buildFallbackChain, DEFAULT_FALLBACK_CONFIG, ROUTING_PROFILES, } from './fallback.js';
 import { routeRequest, parseRoutingProfile, } from '../router/index.js';
 import { estimateCost } from '../pricing.js';
 import { VERSION } from '../config.js';
@@ -41,57 +41,6 @@ function log(...args) {
     catch { /* ignore */ }
 }
 const DEFAULT_MAX_TOKENS = 4096;
-const DEFAULT_PROXY_REQUEST_TIMEOUT_MS = 45_000;
-const DEFAULT_PROXY_STREAM_TIMEOUT_MS = 5 * 60 * 1000;
-function parseTimeoutEnv(name, fallback) {
-    const raw = process.env[name];
-    if (!raw)
-        return fallback;
-    const parsed = Number.parseInt(raw, 10);
-    return Number.isFinite(parsed) && parsed >= 0 ? parsed : fallback;
-}
-function getProxyRequestTimeoutMs() {
-    return parseTimeoutEnv('FRANKLIN_PROXY_REQUEST_TIMEOUT_MS', DEFAULT_PROXY_REQUEST_TIMEOUT_MS);
-}
-function getProxyStreamTimeoutMs() {
-    return parseTimeoutEnv('FRANKLIN_PROXY_STREAM_TIMEOUT_MS', DEFAULT_PROXY_STREAM_TIMEOUT_MS);
-}
-function createProxyTimeoutError(label, timeoutMs) {
-    return new Error(`${label} timed out after ${timeoutMs}ms`);
-}
-async function fetchWithTimeout(url, init, timeoutMs, label) {
-    if (timeoutMs <= 0)
-        return fetch(url, init);
-    const controller = new AbortController();
-    const timeoutError = createProxyTimeoutError(label, timeoutMs);
-    const timeout = setTimeout(() => {
-        try {
-            controller.abort(timeoutError);
-        }
-        catch { /* ignore */ }
-    }, timeoutMs);
-    try {
-        return await fetch(url, { ...init, signal: controller.signal });
-    }
-    catch (err) {
-        if (controller.signal.aborted)
-            throw timeoutError;
-        throw err;
-    }
-    finally {
-        clearTimeout(timeout);
-    }
-}
-function replaceModelInBody(body, model) {
-    try {
-        const parsed = JSON.parse(body);
-        parsed.model = model;
-        return JSON.stringify(parsed);
-    }
-    catch {
-        return body;
-    }
-}
 // Per-model last output tokens for adaptive max_tokens (avoids cross-request pollution)
 const MAX_TRACKED_MODELS = 50;
 const lastOutputByModel = new Map();
@@ -420,21 +369,13 @@ export function createProxy(options) {
                 };
                 let response;
                 let finalModel = requestModel;
-                const requestTimeoutMs = getProxyRequestTimeoutMs();
                 // Use fallback chain if enabled
                 if (fallbackEnabled && body && requestPath.includes('messages')) {
                     const fallbackConfig = {
                         ...DEFAULT_FALLBACK_CONFIG,
                         chain: buildFallbackChain(requestModel),
                     };
-                    const result = await fetchWithPaymentFallback(targetUrl, requestInit, body, fallbackConfig, {
-                        method: req.method || 'POST',
-                        headers,
-                        chain,
-                        baseWallet,
-                        solanaWallet,
-                        timeoutMs: requestTimeoutMs,
-                    }, (failedModel, status, nextModel) => {
+                    const result = await fetchWithFallback(targetUrl, requestInit, body, fallbackConfig, (failedModel, status, nextModel) => {
                         log(`⚠️  ${failedModel} returned ${status}, falling back to ${nextModel}`);
                     });
                     response = result.response;
@@ -447,14 +388,20 @@ export function createProxy(options) {
                     }
                 }
                 else {
-                    response = await fetchModelAttempt(targetUrl, requestInit, body, requestModel, {
-                        method: req.method || 'POST',
-                        headers,
-                        chain,
-                        baseWallet,
-                        solanaWallet,
-                        timeoutMs: requestTimeoutMs,
-                    });
+                    // Direct fetch without fallback (with timeout)
+                    const directCtrl = new AbortController();
+                    const directTimeout = setTimeout(() => directCtrl.abort(), 120_000); // 2min
+                    response = await fetch(targetUrl, { ...requestInit, signal: directCtrl.signal });
+                    clearTimeout(directTimeout);
+                }
+                // Handle 402 payment — body now has the correct model after fallback
+                if (response.status === 402) {
+                    if (chain === 'solana' && solanaWallet) {
+                        response = await handleSolanaPayment(response, targetUrl, req.method || 'POST', headers, body, solanaWallet.privateKey, solanaWallet.address);
+                    }
+                    else if (baseWallet) {
+                        response = await handleBasePayment(response, targetUrl, req.method || 'POST', headers, body, baseWallet.privateKey, baseWallet.address);
+                    }
                 }
                 const responseHeaders = {};
                 response.headers.forEach((v, k) => {
@@ -505,7 +452,7 @@ export function createProxy(options) {
                     const decoder = new TextDecoder();
                     let fullResponse = '';
                     const STREAM_CAP = 5_000_000; // 5MB cap on accumulated stream
-                    const STREAM_TIMEOUT_MS = getProxyStreamTimeoutMs();
+                    const STREAM_TIMEOUT_MS = 5 * 60 * 1000; // 5 min timeout for entire stream
                     const streamDeadline = Date.now() + STREAM_TIMEOUT_MS;
                     const pump = async () => {
                         while (true) {
@@ -616,77 +563,10 @@ export function createProxy(options) {
     });
     return server;
 }
-async function fetchModelAttempt(url, init, body, model, payment) {
-    let response = await fetchWithTimeout(url, { ...init, body: body || undefined }, payment.timeoutMs, `Proxy request for ${model}`);
-    if (response.status !== 402)
-        return response;
-    if (payment.chain === 'solana' && payment.solanaWallet) {
-        return handleSolanaPayment(response, url, payment.method, payment.headers, body, payment.solanaWallet.privateKey, payment.solanaWallet.address, payment.timeoutMs, model);
-    }
-    if (payment.baseWallet) {
-        return handleBasePayment(response, url, payment.method, payment.headers, body, payment.baseWallet.privateKey, payment.baseWallet.address, payment.timeoutMs, model);
-    }
-    return response;
-}
-/**
- * Try each fallback model as a full x402 attempt:
- * unpaid 402 probe, payment signing, then the paid provider call. The older
- * flow only applied fallback to the probe, which meant a slow paid call could
- * hang Franklin until the outer client gave up.
- */
-async function fetchWithPaymentFallback(url, init, originalBody, config, payment, onFallback) {
-    const failedModels = [];
-    let attempts = 0;
-    for (let i = 0; i < config.chain.length && attempts < config.maxRetries; i++) {
-        const model = config.chain[i];
-        const body = replaceModelInBody(originalBody, model);
-        try {
-            attempts++;
-            const response = await fetchModelAttempt(url, init, body, model, payment);
-            if (!config.retryOn.includes(response.status)) {
-                return {
-                    response,
-                    modelUsed: model,
-                    bodyUsed: body,
-                    fallbackUsed: i > 0,
-                    attemptsCount: attempts,
-                    failedModels,
-                };
-            }
-            try {
-                await response.body?.cancel();
-            }
-            catch { /* ignore */ }
-            failedModels.push(model);
-            const nextModel = config.chain[i + 1];
-            if (nextModel && onFallback) {
-                onFallback(model, response.status, nextModel);
-            }
-            if (i < config.chain.length - 1) {
-                await sleep(config.retryDelayMs);
-            }
-        }
-        catch (err) {
-            failedModels.push(model);
-            const nextModel = config.chain[i + 1];
-            if (nextModel && onFallback) {
-                onFallback(model, 0, nextModel);
-            }
-            log(`[fallback] ${model} request error: ${err instanceof Error ? err.message : String(err)}`);
-            if (i < config.chain.length - 1) {
-                await sleep(config.retryDelayMs);
-            }
-        }
-    }
-    throw new Error(`All models in fallback chain failed: ${failedModels.join(', ')}`);
-}
-function sleep(ms) {
-    return new Promise((resolve) => setTimeout(resolve, ms));
-}
 // ======================================================================
 // Base (EIP-712) payment handler
 // ======================================================================
-async function handleBasePayment(response, url, method, headers, body, privateKey, fromAddress, timeoutMs = getProxyRequestTimeoutMs(), model = 'unknown') {
+async function handleBasePayment(response, url, method, headers, body, privateKey, fromAddress) {
     const paymentHeader = await extractPaymentHeader(response);
     if (!paymentHeader) {
         throw new Error('402 Payment Required — wallet may need funding. Run: franklin balance');
@@ -699,19 +579,19 @@ async function handleBasePayment(response, url, method, headers, body, privateKe
         maxTimeoutSeconds: details.maxTimeoutSeconds || 300,
         extra: details.extra,
     });
-    return fetchWithTimeout(url, {
+    return fetch(url, {
         method,
         headers: {
             ...headers,
             'PAYMENT-SIGNATURE': paymentPayload,
         },
         body: body || undefined,
-    }, timeoutMs, `Paid proxy request for ${model}`);
+    });
 }
 // ======================================================================
 // Solana payment handler
 // ======================================================================
-async function handleSolanaPayment(response, url, method, headers, body, privateKey, fromAddress, timeoutMs = getProxyRequestTimeoutMs(), model = 'unknown') {
+async function handleSolanaPayment(response, url, method, headers, body, privateKey, fromAddress) {
     const paymentHeader = await extractPaymentHeader(response);
     if (!paymentHeader) {
         throw new Error('402 Payment Required — wallet may need funding. Run: franklin balance');
@@ -726,14 +606,14 @@ async function handleSolanaPayment(response, url, method, headers, body, private
         maxTimeoutSeconds: details.maxTimeoutSeconds || 300,
         extra: details.extra,
     });
-    return fetchWithTimeout(url, {
+    return fetch(url, {
         method,
         headers: {
             ...headers,
             'PAYMENT-SIGNATURE': paymentPayload,
         },
         body: body || undefined,
-    }, timeoutMs, `Paid proxy request for ${model}`);
+    });
 }
 export function classifyRequest(body) {
     try {

package/dist/tools/imagegen.js

@@ -215,7 +215,14 @@ function buildExecute(deps) {
             'User-Agent': `franklin/${VERSION}`,
         };
         const controller = new AbortController();
-        const timeout = setTimeout(() => controller.abort(), 60_000); // 60s timeout
+        // Reference-image mode (gpt-image-2 edits) is meaningfully slower than
+        // pure text-to-image: the model is reasoning-driven and the request
+        // body carries a few MB of base64. The shared 60s budget has to cover
+        // both x402 retry attempts plus the actual generation, which made
+        // image-to-image effectively always time out. Image-to-image gets 3
+        // minutes; text-to-image keeps the original 60s.
+        const timeoutMs = referenceImage ? 180_000 : 60_000;
+        const timeout = setTimeout(() => controller.abort(), timeoutMs);
         try {
             // First request — will get 402
             let response = await fetch(endpoint, {
@@ -330,7 +337,12 @@ function buildExecute(deps) {
         catch (err) {
             const msg = err.message || '';
             if (msg.includes('abort')) {
-                return { output: 'Image generation timed out (60s limit). Try a simpler prompt.', isError: true };
+                return {
+                    output: referenceImage
+                        ? 'Image-to-image timed out (180s limit). The reference image may be too large or the model under load — try a smaller image or simpler prompt.'
+                        : 'Image generation timed out (60s limit). Try a simpler prompt.',
+                    isError: true,
+                };
             }
             return { output: `Error: ${msg}`, isError: true };
         }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@blockrun/franklin",
-  "version": "3.8.38",
+  "version": "3.8.40",
   "description": "Franklin — The AI agent with a wallet. Spends USDC autonomously to get real work done. Pay per action, no subscriptions.",
   "type": "module",
   "exports": {