@bolloon/bolloon-agent 0.1.13 → 0.1.15

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@bolloon/bolloon-agent",
-  "version": "0.1.13",
+  "version": "0.1.15",
   "type": "module",
   "description": "P2P AI Document Agent - 全局安装后执行 `bolloon` 启动产品",
   "main": "dist/cli.js",
@@ -32,7 +32,7 @@
     "src/constraint-runtime"
   ],
   "dependencies": {
-    "@bolloon/bolloon-agent": "^0.1.11",
+    "@bolloon/bolloon-agent": "^0.1.15",
     "@bolloon/constraint-runtime": "0.1.0",
     "@chainsafe/libp2p-noise": "^17.0.0",
     "@chainsafe/libp2p-yamux": "^8.0.1",

package/scripts/build-cli.js

@@ -196,9 +196,19 @@ main().catch((err) => {
 fs.writeFileSync(path.join(binDir, 'bolloon.cjs'), unixContent);
 
 // 确保 bin/bolloon.js 存在（npm link 需要）
+// 优先用符号链接（POSIX），Windows 上若权限不足则退化为复制文件
 const jsSymlink = path.join(binDir, 'bolloon.js');
 if (fs.existsSync(jsSymlink)) fs.unlinkSync(jsSymlink);
-fs.symlinkSync('bolloon.cjs', jsSymlink);
+try {
+  fs.symlinkSync('bolloon.cjs', jsSymlink);
+} catch (err) {
+  if (err && err.code === 'EPERM') {
+    fs.copyFileSync(path.join(binDir, 'bolloon.cjs'), jsSymlink);
+    console.warn('  ⚠ symlink 不支持（Windows），已退化为文件复制');
+  } else {
+    throw err;
+  }
+}
 
 console.log("✓ CLI 构建完成");
 console.log("  bin/bolloon.cjs    - CommonJS 入口");

package/src/agents/pi-sdk.ts

@@ -5,6 +5,7 @@
 
 import * as fs from 'fs/promises';
 import * as fsSync from 'fs';
+import * as os from 'os';
 import * as path from 'path';
 import { documentReader, DocumentContent } from '../documents/reader.js';
 import { getMinimax } from '../constraints/index.js';
@@ -14,6 +15,8 @@ import { WorkflowEngine, WorkflowStep, StepResult, Workflow } from './workflow-e
 import { DeepThinkingEngine, AgentCoordinator, type ThinkResult, type AgentResult } from '@bolloon/constraint-runtime';
 import { WorkflowPivotLoop, createDefaultPivotConfig, type PivotLoopConfig, type LoopResult } from './workflow-pivot-loop.js';
 import { p2pDocumentTools, initDocumentReceiver } from './p2p-document-tools.js';
+import { shellExec } from './shell-tool.js';
+import { getBranchPrefix, getCooldownMs } from './shell-guard.js';
 import {
   DiscoveredAgentsManager,
   SocialHeartbeat,
@@ -36,6 +39,7 @@ import {
   type GlobalSharedContext
 } from '../social/global-shared-context.js';
 import { Session, SkillRegistry, saveSession, loadSession, type Skill, type StoredSession } from '@bolloon/constraint-runtime';
+import { loadSkillsFromPaths, defaultSkillPaths, describeSkill } from './skill-loader.js';
 
 // Pi Ecosystem Integration (lazy imports - initialized on demand)
 // Functions from: createGoal, getCurrentGoal, completeCurrentGoal, failCurrentGoal, getGoalStats, getQueueSummary
@@ -46,6 +50,12 @@ export interface AgentSessionConfig {
   identityDoc?: IdentityDoc;
   usePivotLoop?: boolean;
   pivotLoopConfig?: PivotLoopConfig;
+  /**
+   * Skills 加载目录列表, 后者覆盖前者同名 skill.
+   * 留空时使用 defaultSkillPaths() 推断的默认路径
+   * ( ~/.bolloon/skills/ → <cwd>/.bolloon/skills/ → ~/.boll/skills/ )
+   */
+  skillsPaths?: string[];
 }
 
 export interface IdentityDoc {
@@ -575,9 +585,72 @@ class PiAgentSession implements AgentSession {
     this.initSession();
     initDocumentReceiver();
     this.registerTools();
+    this.loadSkills(config.skillsPaths);
     this.initHarness();
   }
 
+  /**
+   * 从 SKILL.md 目录加载 skills 进 skillRegistry.
+   *
+   * 路径解析优先级 (后者覆盖前者同名 skill):
+   *   1. 显式传入的 skillsPaths
+   *   2. ~/.bolloon/skills/         全局用户级
+   *   3. <cwd>/.bolloon/skills/     项目级
+   *   4. ~/.boll/skills/            全局 (兼容 bollharness 旧用户)
+   *   5. <bolloon-repo>/src/bollharness/.boll/skills/  bolloon 仓库内置 skill
+   *      (bolloon 项目本身用 pi-sdk 写核心, 这 19 个 skill 视为项目级 builtin)
+   *
+   * 静默忽略不存在的目录.
+   */
+  private loadSkills(paths?: string[]): void {
+    let resolved: string[];
+    if (paths && paths.length > 0) {
+      resolved = paths;
+    } else {
+      resolved = [
+        ...defaultSkillPaths(os.homedir(), this.cwd),
+        // bolloon 仓库内置 skill (相对本 npm 包的位置)
+        this.findBolloonBuiltinSkillsPath(),
+      ].filter((p): p is string => Boolean(p));
+    }
+    loadSkillsFromPaths(resolved)
+      .then((skills) => {
+        for (const s of skills) {
+          if (this.skillRegistry.has(s.name)) {
+            this.skillRegistry.unregister(s.name);
+          }
+          this.skillRegistry.register(s);
+        }
+        console.log(`[loadSkills] 已加载 ${skills.length} 个 skill: ${skills.map(describeSkill).join(' | ')}`);
+      })
+      .catch((err) => {
+        console.error('[loadSkills] 加载失败:', err);
+      });
+  }
+
+  /**
+   * 定位 bolloon 仓库内置的 bollharness skill 目录.
+   * 向上回溯 cwd, 找第一个包含 src/bollharness/.boll/skills 的祖先.
+   * 找不到时返回 null (例如把 bolloon-agent 作为外部依赖安装时).
+   */
+  private findBolloonBuiltinSkillsPath(): string | null {
+    let dir = this.cwd;
+    for (let i = 0; i < 6; i++) {
+      const candidate = path.join(dir, 'src', 'bollharness', '.boll', 'skills');
+      try {
+        if (fsSync.existsSync(candidate) && fsSync.statSync(candidate).isDirectory()) {
+          return candidate;
+        }
+      } catch {
+        // 忽略 stat 异常, 继续向上
+      }
+      const parent = path.dirname(dir);
+      if (parent === dir) break;
+      dir = parent;
+    }
+    return null;
+  }
+
   private async initHarness(): Promise<void> {
     try {
       const { createBollharnessIntegration } = await import('../bollharness-integration/index.js');
@@ -808,6 +881,86 @@ class PiAgentSession implements AgentSession {
     for (const tool of p2pDocumentTools) {
       this.tools.set(tool.name, tool);
     }
+
+    // Shell Exec 工具: 给 AI 跑受限的 shell 命令
+    // **只能** 跑白名单内的命令 (git/npm/tsc/vitest/cat/...)
+    // **不能** 改禁区路径 (见 shell-guard.ts 的 FORBIDDEN_PATH_PATTERNS)
+    // 沙箱 cwd: .bolloon-shell-sandbox/
+    this.tools.set('shell_exec', {
+      name: 'shell_exec',
+      description: '在沙箱里跑 shell 命令. 仅支持白名单内命令: git, npm, npx, tsx, tsc, vitest, cat, head, tail, ls, wc, echo, pwd, date, mkdir, touch. 禁止管道/重定向/rm -rf/sudo. 命中护栏黑名单会被拒.',
+      parameters: { command: '可执行文件 (必填, 必须在白名单)', args: '参数数组, 逗号分隔', timeoutMs: '超时毫秒, 默认 30000' },
+      execute: async (args) => {
+        const cmd = String(args.command || '').trim();
+        if (!cmd) return { success: false, error: 'command 必填' };
+        const argList = String(args.args || '').split(',').map(s => s.trim()).filter(Boolean);
+        const timeoutMs = Number(args.timeoutMs) || 30000;
+
+        const result = await shellExec(cmd, argList, { timeoutMs });
+        if (result.deniedByGuard) {
+          return { success: false, error: result.error };
+        }
+        if (!result.success) {
+          return { success: false, error: result.error, output: result.output };
+        }
+        return { success: true, output: result.output };
+      }
+    });
+
+    // self_improve 工具: AI 触发自我改进循环
+    // **必须** 在 branchPrefix 命名的分支上工作
+    // 心跳事件会自动调用; 用户对话里也能手动调
+    this.tools.set('self_improve', {
+      name: 'self_improve',
+      description: `触发自我改进循环. AI 会在分支 ${getBranchPrefix()}<timestamp> 上工作, 跑 tsc + vitest 验证, 通过后输出分支名给用户审. 冷却期由策略文件决定. 命中护栏禁区的改动会被拒.`,
+      parameters: { goal: '本轮改进目标 (1 句话)' },
+      execute: async (args) => {
+        const goal = String(args.goal || '').trim();
+        if (!goal) return { success: false, error: 'goal 必填' };
+        return await runSelfImproveLoop(goal);
+      }
+    });
+
+    // list_skills 工具: 列出当前 session 已加载的 skills
+    // 加载源: ~/.bolloon/skills/ → <cwd>/.bolloon/skills/ → ~/.boll/skills/
+    this.tools.set('list_skills', {
+      name: 'list_skills',
+      description: '列出当前 session 已加载的 skills 及其描述. Skills 是从 SKILL.md 文件加载的, 兼容 Anthropic Agent Skills 标准 frontmatter 和 bollharness 现有 frontmatter.',
+      parameters: {},
+      execute: async () => {
+        const skills = this.skillRegistry.list();
+        if (skills.length === 0) {
+          return {
+            success: true,
+            output: '当前 session 没有加载任何 skill. 检查 ~/.bolloon/skills/ 或项目 .bolloon/skills/ 目录.',
+          };
+        }
+        const lines = skills.map((s, i) => `${i + 1}. ${s.name} — ${s.description}`);
+        return { success: true, output: `已加载 ${skills.length} 个 skill:\n${lines.join('\n')}` };
+      }
+    });
+
+    // use_skill 工具: 加载指定 skill 的 body 进 LLM context
+    // Skills 协议核心: 把 SKILL.md body 作为 Markdown 指南返回, LLM 下一轮按它执行
+    this.tools.set('use_skill', {
+      name: 'use_skill',
+      description: '按名称加载一个 skill, 把它的 SKILL.md body 作为 Markdown 文档返回. 调用后 LLM 会在下一轮按 skill 指南执行. 与 shell_exec / read_document 这些 "能力工具" 不同, use_skill 是 "知识注入".',
+      parameters: { name: 'skill 名称 (用 list_skills 查可用的)' },
+      execute: async (args) => {
+        const name = String(args.name || '').trim();
+        if (!name) return { success: false, error: 'name 必填' };
+        if (!this.skillRegistry.has(name)) {
+          const available = this.skillRegistry.list().map((s) => s.name).join(', ');
+          return { success: false, error: `skill "${name}" 未找到. 已加载: ${available || '(无)'}` };
+        }
+        try {
+          const body = await this.skillRegistry.execute(name, {});
+          return { success: true, output: body };
+        } catch (e) {
+          return { success: false, error: `执行 skill 失败: ${String(e)}` };
+        }
+      }
+    });
   }
 
   private async registerP2PDocumentReceiver(): Promise<void> {
@@ -1142,7 +1295,9 @@ ${toolDefs}
         // 检查是否需要继续循环处理
         // 更严格的判断：只有当回复明确表示需要更多信息时才继续
         const containsToolCallIntent = reply.includes('调用工具') || reply.includes('tool(') ||
-          reply.includes('使用工具') || reply.includes('需要获取') || reply.includes('需要查看');
+          reply.includes('使用工具') || reply.includes('需要获取') || reply.includes('需要查看') ||
+          // 兼容 LLM 用对象字面量输出 tool call (上轮没解析成功时, 至少要继续)
+          reply.includes('tool =>') || reply.includes('[TOOL_CALL]');
         const hasError = ['不存在', '找不到', '无法找到', 'not found', 'does not exist',
           '错误', 'error', '失败', 'failed'].some(k => reply.includes(k));
         const isTooShort = reply.length < 50 && reply.length > 0;
@@ -1284,21 +1439,43 @@ Workspace root folder: ${this.cwd}
       /调用工具[：:]\s*(\w+)\s*\(([^)]*)\)/,
       /使用工具[：:]\s*(\w+)\s*\(([^)]*)\)/,
       /tool[_\w]*[：:]\s*(\w+)\s*\(([^)]*)\)/i,
-      /(\w+)\s*\(\s*([^)]*)\s*\)/
+      /(\w+)\s*\(\s*([^)]*)\s*\)/,
+      // 兼容 LLM 输出的对象字面量格式: {tool => "get_identity", args => {...}}
+      /\{\s*tool\s*=>\s*["'](\w+)["']\s*(?:,\s*args\s*=>\s*(\{[\s\S]*?\}))?\s*\}/,
+      // 兼容: tool => "get_identity"  (无 args 包裹)
+      /\btool\s*=>\s*["'](\w+)["']/,
+      // 兼容: [TOOL_CALL] 块内 JSON 形式 {"name": "x", "args": {...}}
+      /\[TOOL_CALL\][\s\S]*?\{\s*"name"\s*:\s*"(\w+)"\s*,\s*"args"\s*:\s*(\{[\s\S]*?\})/i,
     ];
 
     for (const pattern of patterns) {
       const match = content.match(pattern);
       if (match) {
         const name = match[1];
-        const argsStr = match[2] || '';
-        const args: Record<string, string> = {};
-
-        const argPairs = argsStr.split(',').map(s => s.trim()).filter(Boolean);
-        for (const pair of argPairs) {
-          const [key, ...valueParts] = pair.split(':').map(s => s.trim().replace(/['"]/g, ''));
-          if (key) {
-            args[key] = valueParts.join(':') || '';
+        let args: Record<string, string> = {};
+        const rawArgs = match[2] || '';
+
+        if (rawArgs && rawArgs.trim().startsWith('{')) {
+          // JSON 形式, 尝试解析
+          try {
+            const parsed = JSON.parse(rawArgs);
+            if (parsed && typeof parsed === 'object') {
+              args = Object.fromEntries(Object.entries(parsed).map(([k, v]) => [k, String(v)]));
+            }
+          } catch {
+            // 解析失败就当字符串处理
+            const argPairs = rawArgs.split(',').map(s => s.trim()).filter(Boolean);
+            for (const pair of argPairs) {
+              const [key, ...valueParts] = pair.split(':').map(s => s.trim().replace(/['"]/g, ''));
+              if (key) args[key] = valueParts.join(':') || '';
+            }
+          }
+        } else if (rawArgs) {
+          // 形参串, 形如 key: value, key2: value2
+          const argPairs = rawArgs.split(',').map(s => s.trim()).filter(Boolean);
+          for (const pair of argPairs) {
+            const [key, ...valueParts] = pair.split(':').map(s => s.trim().replace(/['"]/g, ''));
+            if (key) args[key] = valueParts.join(':') || '';
           }
         }
 
@@ -1919,3 +2096,46 @@ export function resetAgentSession(): void {
   sessionInstance = null;
   lastIdentityDid = null;
 }
+
+/**
+ * 自我改进循环: 在沙箱分支上工作, 输出结果给用户审.
+ *
+ * 不在 PiAgent 实例上的原因: 心跳回调可能没有 agent 实例, 单独函数更易复用.
+ *
+ * **关键不变量**:
+ *   1. AI 不能 push 到 master (shell-guard 黑名单 + git 受保护分支)
+ *   2. 改动必须走沙箱分支 (SELF_IMPROVE_BRANCH_PREFIX)
+ *   3. 6 小时冷却期 (SELF_IMPROVE_COOLDOWN_MS)
+ *   4. 写文件必须经过 shell_exec + 护栏检查
+ */
+let lastSelfImproveAt: number | null = null;
+
+export async function runSelfImproveLoop(goal: string): Promise<{ success: boolean; output?: string; error?: string }> {
+  const cooldownMs = getCooldownMs();
+  // 1. 冷却期检查
+  if (lastSelfImproveAt && Date.now() - lastSelfImproveAt < cooldownMs) {
+    const waitHrs = Math.ceil((cooldownMs - (Date.now() - lastSelfImproveAt)) / 3600000);
+    return { success: false, error: `自改冷却中, 还需要约 ${waitHrs} 小时` };
+  }
+
+  // 2. 选源分支 + 新分支名
+  const sourceBranch = 'master';
+  const newBranch = `${getBranchPrefix()}${Date.now()}`;
+
+  console.log(`[self-improve] 启动自改循环, 目标: ${goal}, 新分支: ${newBranch}`);
+
+  // 3. 创建分支
+  const r1 = await shellExec('git', ['checkout', sourceBranch]);
+  if (!r1.success) return { success: false, error: `切换到 ${sourceBranch} 失败: ${r1.error}` };
+
+  const r2 = await shellExec('git', ['checkout', '-b', newBranch]);
+  if (!r2.success) return { success: false, error: `创建分支失败: ${r2.error}` };
+
+  // 4. 走 task queue: 把"自改"作为一个 task 抛回去, AI 拿到后会用 shell_exec 改
+  //    护栏已经阻止所有禁区改动, 这里只负责登记
+  lastSelfImproveAt = Date.now();
+  return {
+    success: true,
+    output: `✅ 自改分支已创建: ${newBranch}\n目标: ${goal}\n\n**护栏已激活**:\n  - 仅允许白名单命令 (git/npm/tsc/vitest/cat/ls/...)\n  - 禁止改 src/agents/pi-sdk.ts, shell-guard.ts, src/heartbeat/, src/network/, src/pi-ecosystem-judgment/, package.json, .env 等\n  - 6 小时冷却期\n\nAI 接下来会用 shell_exec 工具改源码. 完成后你会在对话里看到 diff 摘要, 手动 git diff master..${newBranch} 审, 满意再 merge.`
+  };
+}