@blockrun/runcode 2.0.0 → 2.1.0

package/dist/agent/compact.js

@@ -136,10 +136,11 @@ async function compactHistory(history, model, client, debug) {
  * Keeps the most recent tool exchange + the last few user/assistant turns.
  */
 function findKeepBoundary(history) {
-    // Keep at least the last 6 messages (3 turns), or ~30% of history
-    const minKeep = Math.min(6, history.length);
-    const pctKeep = Math.ceil(history.length * 0.3);
-    let keep = Math.max(minKeep, pctKeep);
+    // Keep the last 8-20 messages (absolute range, not percentage)
+    // Prevents "never compacts" bug when history grows large
+    const minKeep = Math.min(8, history.length);
+    const maxKeep = Math.min(20, history.length - 1);
+    let keep = Math.max(minKeep, Math.min(maxKeep, Math.ceil(history.length * 0.3)));
     // Make sure we don't split in the middle of a tool exchange
     // (assistant with tool_use must be followed by user with tool_result)
     while (keep < history.length) {

package/dist/agent/llm.js

@@ -129,7 +129,12 @@ export class ModelClient {
                         try {
                             parsedInput = JSON.parse(currentToolInput || '{}');
                         }
-                        catch { /* empty */ }
+                        catch (parseErr) {
+                            // Log malformed JSON instead of silently defaulting to {}
+                            if (this.debug) {
+                                console.error(`[runcode] Malformed tool input JSON for ${currentToolName}: ${parseErr.message}`);
+                            }
+                        }
                         const toolInvocation = {
                             type: 'tool_use',
                             id: currentToolId,

package/dist/agent/loop.js

@@ -215,7 +215,7 @@ export async function interactiveSession(config, getUserInput, onEvent, onAbortR
     // Session persistence
     const sessionId = createSessionId();
     let turnCount = 0;
-    pruneOldSessions(); // Cleanup old sessions on start
+    pruneOldSessions(sessionId); // Cleanup old sessions on start, protect current
     while (true) {
         let input = await getUserInput();
         if (input === null)

package/dist/agent/optimize.js

@@ -49,7 +49,12 @@ export function budgetToolResults(history) {
             // Per-tool cap
             if (size > MAX_TOOL_RESULT_CHARS) {
                 modified = true;
-                const preview = content.slice(0, PREVIEW_CHARS);
+                // Truncate at line boundary for cleaner output
+                let preview = content.slice(0, PREVIEW_CHARS);
+                const lastNewline = preview.lastIndexOf('\n');
+                if (lastNewline > PREVIEW_CHARS * 0.5) {
+                    preview = preview.slice(0, lastNewline);
+                }
                 budgeted.push({
                     type: 'tool_result',
                     tool_use_id: part.tool_use_id,

package/dist/agent/tokens.js

@@ -23,19 +23,26 @@ export function updateActualTokens(inputTokens, outputTokens, messageCount) {
  * More accurate than pure estimation because it's grounded in actual API counts.
  */
 export function getAnchoredTokenCount(history) {
-    if (lastApiInputTokens > 0 && history.length >= lastApiMessageCount) {
-        // Anchor to API count, estimate only new messages
-        const newMessages = history.slice(lastApiMessageCount);
-        let newTokens = 0;
-        for (const msg of newMessages) {
-            newTokens += estimateDialogueTokens(msg);
+    if (lastApiInputTokens > 0 && lastApiMessageCount > 0 && history.length >= lastApiMessageCount) {
+        // Sanity check: if history was mutated (compaction, micro-compact), anchor may be stale.
+        // Detect by checking if new messages were only appended (length grew), not if content changed.
+        // If history grew by more than expected (e.g., resume injected many messages), fall through to estimation.
+        const growth = history.length - lastApiMessageCount;
+        if (growth <= 20) { // Reasonable growth since last API call
+            const newMessages = history.slice(lastApiMessageCount);
+            let newTokens = 0;
+            for (const msg of newMessages) {
+                newTokens += estimateDialogueTokens(msg);
+            }
+            const total = lastApiInputTokens + newTokens;
+            return {
+                estimated: total,
+                apiAnchored: true,
+                contextUsagePct: 0,
+            };
         }
-        const total = lastApiInputTokens + newTokens;
-        return {
-            estimated: total,
-            apiAnchored: true,
-            contextUsagePct: 0, // Will be calculated by caller with model context window
-        };
+        // Too much growth — anchor is unreliable, fall through to estimation
+        resetTokenAnchor();
     }
     // No anchor — pure estimation
     return {

package/dist/mcp/client.d.ts

@@ -27,6 +27,7 @@ export interface McpConfig {
 }
 /**
  * Connect to all configured MCP servers and return discovered tools.
+ * Each connection has a 5s timeout to avoid blocking startup.
  */
 export declare function connectMcpServers(config: McpConfig, debug?: boolean): Promise<CapabilityHandler[]>;
 /**

package/dist/mcp/client.js

@@ -21,7 +21,17 @@ async function connectStdio(name, config) {
         env: { ...process.env, ...(config.env || {}) },
     });
     const client = new Client({ name: `runcode-mcp-${name}`, version: '1.0.0' }, { capabilities: {} });
-    await client.connect(transport);
+    try {
+        await client.connect(transport);
+    }
+    catch (err) {
+        // Clean up transport if connect fails to prevent resource leak
+        try {
+            await transport.close();
+        }
+        catch { /* ignore */ }
+        throw err;
+    }
     // Discover tools
     const { tools: mcpTools } = await client.listTools();
     const capabilities = [];
@@ -38,11 +48,12 @@ async function connectStdio(name, config) {
                 },
             },
             execute: async (input, _ctx) => {
+                const MCP_TOOL_TIMEOUT = 30_000;
                 try {
-                    const result = await client.callTool({
-                        name: tool.name,
-                        arguments: input,
-                    });
+                    // Timeout protection: if tool hangs, don't block the agent forever
+                    const callPromise = client.callTool({ name: tool.name, arguments: input });
+                    const timeoutPromise = new Promise((_, reject) => setTimeout(() => reject(new Error(`MCP tool timeout after ${MCP_TOOL_TIMEOUT / 1000}s`)), MCP_TOOL_TIMEOUT));
+                    const result = await Promise.race([callPromise, timeoutPromise]);
                     // Extract text content from MCP response
                     const output = result.content
                         ?.filter(c => c.type === 'text')
@@ -70,6 +81,11 @@ async function connectStdio(name, config) {
 /**
  * Connect to all configured MCP servers and return discovered tools.
  */
+const MCP_CONNECT_TIMEOUT = 5_000; // 5s per server connection
+/**
+ * Connect to all configured MCP servers and return discovered tools.
+ * Each connection has a 5s timeout to avoid blocking startup.
+ */
 export async function connectMcpServers(config, debug) {
     const allTools = [];
     for (const [name, serverConfig] of Object.entries(config.mcpServers)) {
@@ -79,17 +95,16 @@ export async function connectMcpServers(config, debug) {
             if (debug) {
                 console.error(`[runcode] Connecting to MCP server: ${name}...`);
             }
-            let connected;
-            if (serverConfig.transport === 'stdio') {
-                connected = await connectStdio(name, serverConfig);
-            }
-            else {
-                // HTTP transport — TODO: implement SSE/HTTP transport
+            if (serverConfig.transport !== 'stdio') {
                 if (debug) {
                     console.error(`[runcode] MCP HTTP transport not yet supported for ${name}`);
                 }
                 continue;
             }
+            // Timeout: don't let a slow server block startup
+            const connectPromise = connectStdio(name, serverConfig);
+            const timeoutPromise = new Promise((_, reject) => setTimeout(() => reject(new Error('connection timeout (5s)')), MCP_CONNECT_TIMEOUT));
+            const connected = await Promise.race([connectPromise, timeoutPromise]);
             allTools.push(...connected.tools);
             if (debug) {
                 console.error(`[runcode] MCP ${name}: ${connected.tools.length} tools discovered`);

package/dist/mcp/config.d.ts

@@ -5,10 +5,6 @@
  * 2. Project: .mcp.json in working directory
  */
 import type { McpConfig, McpServerConfig } from './client.js';
-/**
- * Load MCP server configurations from global + project files.
- * Project config overrides global for same server name.
- */
 export declare function loadMcpConfig(workDir: string): McpConfig;
 /**
  * Save a server config to the global MCP config.
@@ -18,3 +14,7 @@ export declare function saveMcpServer(name: string, config: McpServerConfig): vo
  * Remove a server from the global MCP config.
  */
 export declare function removeMcpServer(name: string): boolean;
+/**
+ * Trust a project directory to load its .mcp.json.
+ */
+export declare function trustProjectDir(workDir: string): void;

package/dist/mcp/config.js

@@ -12,8 +12,18 @@ const GLOBAL_MCP_FILE = path.join(BLOCKRUN_DIR, 'mcp.json');
  * Load MCP server configurations from global + project files.
  * Project config overrides global for same server name.
  */
+// Built-in MCP server: @blockrun/mcp is always available (zero config)
+const BUILTIN_MCP_SERVERS = {
+    blockrun: {
+        transport: 'stdio',
+        command: 'npx',
+        args: ['-y', '@blockrun/mcp'],
+        label: 'BlockRun (built-in)',
+    },
+};
 export function loadMcpConfig(workDir) {
-    const servers = {};
+    // Start with built-in servers
+    const servers = { ...BUILTIN_MCP_SERVERS };
     // 1. Global config
     try {
         if (fs.existsSync(GLOBAL_MCP_FILE)) {
@@ -27,14 +37,28 @@ export function loadMcpConfig(workDir) {
         // Ignore corrupt global config
     }
     // 2. Project config (.mcp.json in working directory)
+    // Security: project configs can execute arbitrary commands via stdio transport.
+    // Only load if a trust marker exists (user has explicitly opted in).
     const projectMcpFile = path.join(workDir, '.mcp.json');
+    const trustMarker = path.join(BLOCKRUN_DIR, 'trusted-projects.json');
     try {
         if (fs.existsSync(projectMcpFile)) {
-            const raw = JSON.parse(fs.readFileSync(projectMcpFile, 'utf-8'));
-            if (raw.mcpServers && typeof raw.mcpServers === 'object') {
-                // Project overrides global for same name
-                Object.assign(servers, raw.mcpServers);
+            // Check if this project directory is trusted
+            let trusted = false;
+            try {
+                if (fs.existsSync(trustMarker)) {
+                    const trustedDirs = JSON.parse(fs.readFileSync(trustMarker, 'utf-8'));
+                    trusted = Array.isArray(trustedDirs) && trustedDirs.includes(workDir);
+                }
+            }
+            catch { /* not trusted */ }
+            if (trusted) {
+                const raw = JSON.parse(fs.readFileSync(projectMcpFile, 'utf-8'));
+                if (raw.mcpServers && typeof raw.mcpServers === 'object') {
+                    Object.assign(servers, raw.mcpServers);
+                }
             }
+            // If not trusted, silently skip project config (user must run /mcp trust)
         }
     }
     catch {
@@ -62,6 +86,24 @@ export function removeMcpServer(name) {
     fs.writeFileSync(GLOBAL_MCP_FILE, JSON.stringify(existing, null, 2) + '\n');
     return true;
 }
+/**
+ * Trust a project directory to load its .mcp.json.
+ */
+export function trustProjectDir(workDir) {
+    const trustMarker = path.join(BLOCKRUN_DIR, 'trusted-projects.json');
+    let trusted = [];
+    try {
+        if (fs.existsSync(trustMarker)) {
+            trusted = JSON.parse(fs.readFileSync(trustMarker, 'utf-8'));
+        }
+    }
+    catch { /* fresh */ }
+    if (!trusted.includes(workDir)) {
+        trusted.push(workDir);
+        fs.mkdirSync(BLOCKRUN_DIR, { recursive: true });
+        fs.writeFileSync(trustMarker, JSON.stringify(trusted, null, 2));
+    }
+}
 function loadGlobalMcpConfig() {
     try {
         if (fs.existsSync(GLOBAL_MCP_FILE)) {

package/dist/session/storage.d.ts

@@ -39,4 +39,8 @@ export declare function listSessions(): SessionMeta[];
 /**
  * Prune old sessions beyond MAX_SESSIONS.
  */
-export declare function pruneOldSessions(): void;
+/**
+ * Prune old sessions beyond MAX_SESSIONS.
+ * Accepts optional activeSessionId to protect from deletion.
+ */
+export declare function pruneOldSessions(activeSessionId?: string): void;

package/dist/session/storage.js

@@ -67,7 +67,17 @@ export function loadSessionHistory(sessionId) {
     try {
         const content = fs.readFileSync(sessionPath(sessionId), 'utf-8');
         const lines = content.trim().split('\n').filter(Boolean);
-        return lines.map(line => JSON.parse(line));
+        const results = [];
+        for (const line of lines) {
+            try {
+                results.push(JSON.parse(line));
+            }
+            catch {
+                // Skip corrupted lines — partial writes from crashes
+                continue;
+            }
+        }
+        return results;
     }
     catch {
         return [];
@@ -98,11 +108,17 @@ export function listSessions() {
 /**
  * Prune old sessions beyond MAX_SESSIONS.
  */
-export function pruneOldSessions() {
+/**
+ * Prune old sessions beyond MAX_SESSIONS.
+ * Accepts optional activeSessionId to protect from deletion.
+ */
+export function pruneOldSessions(activeSessionId) {
     const sessions = listSessions();
     if (sessions.length <= MAX_SESSIONS)
         return;
-    const toDelete = sessions.slice(MAX_SESSIONS);
+    const toDelete = sessions
+        .slice(MAX_SESSIONS)
+        .filter(s => s.id !== activeSessionId); // Never delete active session
     for (const s of toDelete) {
         try {
             fs.unlinkSync(sessionPath(s.id));

package/dist/tools/imagegen.js

@@ -70,8 +70,11 @@ async function execute(input, ctx) {
             fs.writeFileSync(outPath, buffer);
         }
         else if (imageData.url) {
-            // Download from URL
-            const imgResp = await fetch(imageData.url);
+            // Download from URL (with 30s timeout)
+            const dlCtrl = new AbortController();
+            const dlTimeout = setTimeout(() => dlCtrl.abort(), 30_000);
+            const imgResp = await fetch(imageData.url, { signal: dlCtrl.signal });
+            clearTimeout(dlTimeout);
             const buffer = Buffer.from(await imgResp.arrayBuffer());
             fs.mkdirSync(path.dirname(outPath), { recursive: true });
             fs.writeFileSync(outPath, buffer);

package/dist/tools/write.js

@@ -40,6 +40,16 @@ async function execute(input, ctx) {
         }
     }
     catch { /* parent doesn't exist yet, will be created */ }
+    // Also check if target file itself is a symlink to a sensitive location
+    try {
+        if (fs.existsSync(resolved) && fs.lstatSync(resolved).isSymbolicLink()) {
+            const realTarget = fs.realpathSync(resolved);
+            if (checkPath(realTarget)) {
+                return { output: `Error: refusing to write — symlink resolves to sensitive location: ${realTarget}`, isError: true };
+            }
+        }
+    }
+    catch { /* file doesn't exist yet, ok */ }
     try {
         // Ensure parent directory exists
         const parentDir = path.dirname(resolved);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@blockrun/runcode",
-  "version": "2.0.0",
+  "version": "2.1.0",
   "description": "RunCode — AI coding agent powered by 41+ models. Pay per use with USDC.",
   "type": "module",
   "bin": {