@cat-factory/executor-harness 1.31.10 → 1.32.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -7,6 +7,26 @@ import { redact, secretsToRedact } from './redact.js';
7
7
  function isObject(value) {
8
8
  return typeof value === 'object' && value !== null;
9
9
  }
10
+ /** Scrub any leased-credential occurrences from a telemetry body (no-op when none). */
11
+ function redactBody(text, secrets) {
12
+ return secrets.length ? redact(text, secrets) : text;
13
+ }
14
+ /**
15
+ * Fallback token attribution: if a CLI reported a cumulative total but no per-turn
16
+ * usage (so every captured call has zero tokens), pin the whole total onto the LAST
17
+ * call rather than dropping it — the run's tokens are still accounted, just not split
18
+ * per turn. A no-op when the calls already carry per-turn tokens.
19
+ */
20
+ function attributeCumulativeUsage(calls, usage) {
21
+ if (!usage || calls.length === 0)
22
+ return;
23
+ const anyTokens = calls.some((c) => c.inputTokens > 0 || c.outputTokens > 0);
24
+ if (anyTokens)
25
+ return;
26
+ const last = calls[calls.length - 1];
27
+ last.inputTokens = usage.inputTokens;
28
+ last.outputTokens = usage.outputTokens;
29
+ }
10
30
  /**
11
31
  * Drive one CLI subprocess to completion, streaming LF-framed JSONL from stdout
12
32
  * through `onEvent`. Mirrors `runPi`'s lifecycle: prompt over stdin (out-of-band,
@@ -114,27 +134,59 @@ export async function runClaudeCode(opts) {
114
134
  const stats = { toolCalls: 0, assistantChars: 0 };
115
135
  let summary = '';
116
136
  let usage;
137
+ // Reconstruct the full per-call request/response bodies for telemetry from the
138
+ // stream. `--output-format stream-json --verbose` emits each turn as a near-verbatim
139
+ // Anthropic Messages envelope, so `assistant` events carry the complete response
140
+ // (text + tool_use blocks + usage), and `user` events carry the tool_result blocks
141
+ // fed back — together the growing prompt transcript. We seed it with the two inputs
142
+ // the harness supplies (they never appear in the stream): the system + first user
143
+ // message. Bodies are credential-scrubbed (they can echo the leased token).
144
+ const secrets = opts.subscriptionToken ? secretsToRedact(opts.subscriptionToken) : [];
145
+ const messages = [
146
+ { role: 'system', content: opts.systemPrompt },
147
+ { role: 'user', content: opts.userPrompt },
148
+ ];
149
+ const calls = [];
117
150
  const onEvent = (event) => {
118
151
  const type = event.type;
119
152
  if (type === 'assistant' && isObject(event.message)) {
120
- const content = event.message.content;
121
- if (Array.isArray(content)) {
122
- for (const block of content) {
123
- if (!isObject(block))
124
- continue;
125
- if (block.type === 'text' && typeof block.text === 'string') {
126
- stats.assistantChars += block.text.length;
127
- }
128
- if (block.type === 'tool_use') {
129
- stats.toolCalls += 1;
130
- if (block.name === 'TodoWrite' && opts.onProgress) {
131
- const progress = todosToProgress(block.input?.todos);
132
- if (progress)
133
- opts.onProgress(progress);
134
- }
135
- }
153
+ const message = event.message;
154
+ const content = Array.isArray(message.content) ? message.content : [];
155
+ const { text, reasoning, toolUses } = claudeAssistantContent(content);
156
+ stats.assistantChars += text.length;
157
+ stats.toolCalls += toolUses;
158
+ for (const block of content) {
159
+ if (isObject(block) &&
160
+ block.type === 'tool_use' &&
161
+ block.name === 'TodoWrite' &&
162
+ opts.onProgress) {
163
+ const progress = todosToProgress(block.input?.todos);
164
+ if (progress)
165
+ opts.onProgress(progress);
136
166
  }
137
167
  }
168
+ // Record this call BEFORE appending its turn: the prompt is the history that
169
+ // produced this response. The append-only array keeps each call's prompt a strict
170
+ // prefix of the next, so the backend's telemetry chain delta-compresses cleanly.
171
+ const u = claudeCallUsage(message.usage);
172
+ calls.push({
173
+ ...(typeof message.model === 'string' ? { model: message.model } : {}),
174
+ promptText: redactBody(JSON.stringify(messages), secrets),
175
+ messageCount: messages.length,
176
+ responseText: redactBody(text, secrets),
177
+ reasoningText: redactBody(reasoning, secrets),
178
+ inputTokens: u.inputTokens,
179
+ cachedInputTokens: u.cachedInputTokens,
180
+ outputTokens: u.outputTokens,
181
+ finishReason: typeof message.stop_reason === 'string' ? message.stop_reason : null,
182
+ });
183
+ messages.push({ role: 'assistant', content });
184
+ }
185
+ else if (type === 'user' && isObject(event.message)) {
186
+ // tool_result blocks the harness fed back to the model — part of the next prompt.
187
+ const content = event.message.content;
188
+ if (Array.isArray(content))
189
+ messages.push({ role: 'tool', content });
138
190
  }
139
191
  else if (type === 'result') {
140
192
  if (typeof event.result === 'string')
@@ -199,7 +251,14 @@ export async function runClaudeCode(opts) {
199
251
  '--append-system-prompt',
200
252
  opts.systemPrompt,
201
253
  ], opts.userPrompt, opts, env, opts.subscriptionToken ? secretsToRedact(opts.subscriptionToken) : [], onEvent);
202
- return { summary, stats, stderrTail, ...(usage ? { usage } : {}) };
254
+ attributeCumulativeUsage(calls, usage);
255
+ return {
256
+ summary,
257
+ stats,
258
+ stderrTail,
259
+ ...(usage ? { usage } : {}),
260
+ ...(calls.length ? { callMetrics: calls } : {}),
261
+ };
203
262
  }
204
263
  finally {
205
264
  // Never leave the config dir (and any cached credential) on disk past the run.
@@ -241,6 +300,38 @@ function claudeUsage(raw) {
241
300
  return undefined;
242
301
  return { inputTokens: input, outputTokens: output };
243
302
  }
303
+ /** Pull the text + reasoning out of a Claude `assistant` message's content blocks. */
304
+ function claudeAssistantContent(content) {
305
+ let text = '';
306
+ let reasoning = '';
307
+ let toolUses = 0;
308
+ for (const block of content) {
309
+ if (!isObject(block))
310
+ continue;
311
+ if (block.type === 'text' && typeof block.text === 'string')
312
+ text += block.text;
313
+ else if (block.type === 'thinking' && typeof block.thinking === 'string')
314
+ reasoning += block.thinking;
315
+ else if (block.type === 'tool_use')
316
+ toolUses += 1;
317
+ }
318
+ return { text, reasoning, toolUses };
319
+ }
320
+ /**
321
+ * Per-CALL token usage off a Claude `assistant` message's `usage` (this turn only, not
322
+ * the cumulative `result` total). `inputTokens` counts every billed input bucket (fresh
323
+ * + both cache buckets); `cachedInputTokens` is the cache share, surfaced separately.
324
+ */
325
+ function claudeCallUsage(raw) {
326
+ if (!isObject(raw))
327
+ return { inputTokens: 0, cachedInputTokens: 0, outputTokens: 0 };
328
+ const cached = numberOf(raw.cache_read_input_tokens) + numberOf(raw.cache_creation_input_tokens);
329
+ return {
330
+ inputTokens: numberOf(raw.input_tokens) + cached,
331
+ cachedInputTokens: cached,
332
+ outputTokens: numberOf(raw.output_tokens),
333
+ };
334
+ }
244
335
  // ---------------------------------------------------------------------------
245
336
  // Codex
246
337
  // ---------------------------------------------------------------------------
@@ -282,13 +373,29 @@ export async function runCodex(opts) {
282
373
  await writeFile(join(codexHome, 'auth.json'), opts.subscriptionToken, { mode: 0o600 });
283
374
  await writeFile(join(codexHome, 'config.toml'), 'cli_auth_credentials_store = "file"\n', 'utf8');
284
375
  }
376
+ // Codex has no system-prompt flag, so fold the composed role + best-practice
377
+ // context into the prompt itself (Claude Code instead rides --append-system-prompt).
378
+ const prompt = opts.systemPrompt
379
+ ? `${opts.systemPrompt}\n\n---\n\n${opts.userPrompt}`
380
+ : opts.userPrompt;
381
+ // Codex's `exec --json` is far thinner than Claude Code's stream: it surfaces only
382
+ // flat assistant text and (on `token_count` events) the per-turn `last_token_usage`
383
+ // plus a cumulative total. It never exposes the request transcript or structured
384
+ // tool/command bodies, so the captured prompt is just the folded input — the response
385
+ // text + per-turn tokens are faithful; the request side is best-effort by design.
386
+ const secrets = opts.subscriptionToken ? secretsToRedact(opts.subscriptionToken) : [];
387
+ const messages = [{ role: 'user', content: prompt }];
388
+ const calls = [];
389
+ let pendingText = '';
285
390
  const onEvent = (event) => {
286
391
  const type = typeof event.type === 'string' ? event.type : '';
287
- if (type.includes('agent_message') || type === 'item.completed') {
392
+ if (type.includes('agent_message') ||
393
+ (type === 'item.completed' && isCodexMessageItem(event))) {
288
394
  const text = extractText(event);
289
395
  if (text) {
290
396
  stats.assistantChars += text.length;
291
397
  summary = text;
398
+ pendingText = text;
292
399
  }
293
400
  }
294
401
  if (type.includes('tool') || type.includes('command') || type.includes('exec')) {
@@ -300,12 +407,26 @@ export async function runCodex(opts) {
300
407
  const turnUsage = codexUsage(event);
301
408
  if (turnUsage)
302
409
  usage = turnUsage;
410
+ // A `token_count` event closes a model turn: pair its per-turn usage with the
411
+ // assistant text seen since the previous turn as one telemetry call.
412
+ const perTurn = codexLastTurnUsage(event);
413
+ if (perTurn) {
414
+ calls.push({
415
+ model: opts.model,
416
+ promptText: redactBody(JSON.stringify(messages), secrets),
417
+ messageCount: messages.length,
418
+ responseText: redactBody(pendingText, secrets),
419
+ reasoningText: '',
420
+ inputTokens: perTurn.inputTokens,
421
+ cachedInputTokens: perTurn.cachedInputTokens,
422
+ outputTokens: perTurn.outputTokens,
423
+ finishReason: null,
424
+ });
425
+ if (pendingText)
426
+ messages.push({ role: 'assistant', content: pendingText });
427
+ pendingText = '';
428
+ }
303
429
  };
304
- // Codex has no system-prompt flag, so fold the composed role + best-practice
305
- // context into the prompt itself (Claude Code instead rides --append-system-prompt).
306
- const prompt = opts.systemPrompt
307
- ? `${opts.systemPrompt}\n\n---\n\n${opts.userPrompt}`
308
- : opts.userPrompt;
309
430
  try {
310
431
  const { stderrTail } = await streamCli('codex', [
311
432
  'exec',
@@ -318,7 +439,28 @@ export async function runCodex(opts) {
318
439
  opts.model,
319
440
  '-',
320
441
  ], prompt, opts, codexHome ? { CODEX_HOME: codexHome } : {}, opts.subscriptionToken ? secretsToRedact(opts.subscriptionToken) : [], onEvent);
321
- return { summary, stats, stderrTail, ...(usage ? { usage } : {}) };
442
+ // Fallback for a CLI/version that never emits per-turn `last_token_usage`: record a
443
+ // single call from the cumulative total + final text so the run is still observable.
444
+ if (calls.length === 0 && (usage || summary)) {
445
+ calls.push({
446
+ model: opts.model,
447
+ promptText: redactBody(JSON.stringify(messages), secrets),
448
+ messageCount: messages.length,
449
+ responseText: redactBody(summary, secrets),
450
+ reasoningText: '',
451
+ inputTokens: usage?.inputTokens ?? 0,
452
+ cachedInputTokens: 0,
453
+ outputTokens: usage?.outputTokens ?? 0,
454
+ finishReason: null,
455
+ });
456
+ }
457
+ return {
458
+ summary,
459
+ stats,
460
+ stderrTail,
461
+ ...(usage ? { usage } : {}),
462
+ ...(calls.length ? { callMetrics: calls } : {}),
463
+ };
322
464
  }
323
465
  finally {
324
466
  // Never leave the decrypted credential on disk past the run.
@@ -326,6 +468,24 @@ export async function runCodex(opts) {
326
468
  await rm(codexHome, { recursive: true, force: true }).catch(() => { });
327
469
  }
328
470
  }
471
+ /**
472
+ * Whether a Codex `item.completed` event carries the model's ASSISTANT text (as
473
+ * opposed to a command/exec/tool/reasoning item, which also carry a `text` field —
474
+ * their command output or thinking — and must NOT be captured as the turn's response).
475
+ * A message item's kind contains `message` (`agent_message`/`assistant_message`); an
476
+ * item with no kind is treated as a message so older/simple shapes don't regress.
477
+ */
478
+ function isCodexMessageItem(event) {
479
+ const item = isObject(event.item) ? event.item : undefined;
480
+ if (!item)
481
+ return false;
482
+ const kind = typeof item.item_type === 'string'
483
+ ? item.item_type
484
+ : typeof item.type === 'string'
485
+ ? item.type
486
+ : '';
487
+ return kind === '' || /message/i.test(kind);
488
+ }
329
489
  /** Best-effort: pull a textual message out of a Codex event. */
330
490
  function extractText(event) {
331
491
  if (typeof event.message === 'string')
@@ -367,6 +527,8 @@ function codexPlanProgress(event) {
367
527
  * other shapes put it on `usage` / `info.usage` directly. We read the cumulative
368
528
  * total when present so the caller can simply overwrite (not sum) — summing
369
529
  * cumulative totals across events would multiply-count. Checked most-likely first.
530
+ * `input_tokens` is the TOTAL prompt count (OpenAI semantics: `cached_input_tokens`
531
+ * is a subset already inside it), so it is NOT summed with the cached share.
370
532
  */
371
533
  function codexUsage(event) {
372
534
  const info = isObject(event.info) ? event.info : undefined;
@@ -376,12 +538,31 @@ function codexUsage(event) {
376
538
  (info && isObject(info.usage) ? info.usage : undefined);
377
539
  if (!isObject(raw))
378
540
  return undefined;
379
- const input = numberOf(raw.input_tokens) + numberOf(raw.cached_input_tokens);
541
+ const input = numberOf(raw.input_tokens);
380
542
  const output = numberOf(raw.output_tokens);
381
543
  if (input === 0 && output === 0)
382
544
  return undefined;
383
545
  return { inputTokens: input, outputTokens: output };
384
546
  }
547
+ /**
548
+ * Per-TURN Codex token usage off a `token_count` event's `info.last_token_usage` (the
549
+ * delta for the turn just completed, as opposed to `codexUsage`'s cumulative total).
550
+ * `input_tokens` is the total prompt count for the turn and already INCLUDES the cached
551
+ * share (OpenAI semantics), so `cachedInputTokens` is surfaced as the subset it is —
552
+ * NOT added on top (adding it would double-count every cached token).
553
+ */
554
+ function codexLastTurnUsage(event) {
555
+ const info = isObject(event.info) ? event.info : undefined;
556
+ const raw = info && isObject(info.last_token_usage) ? info.last_token_usage : undefined;
557
+ if (!isObject(raw))
558
+ return undefined;
559
+ const input = numberOf(raw.input_tokens);
560
+ const cached = numberOf(raw.cached_input_tokens);
561
+ const output = numberOf(raw.output_tokens);
562
+ if (input === 0 && output === 0)
563
+ return undefined;
564
+ return { inputTokens: input, cachedInputTokens: cached, outputTokens: output };
565
+ }
385
566
  function numberOf(value) {
386
567
  return typeof value === 'number' && Number.isFinite(value) ? value : 0;
387
568
  }
package/dist/agent.js CHANGED
@@ -341,7 +341,7 @@ async function runExploreMode(job, opts) {
341
341
  try {
342
342
  opts.onPhase?.('agent');
343
343
  logger.info('agent(explore): running agent', { serviceDirectory });
344
- const { summary, stats, stderrTail, usage, diagnostics: runDiag, } = await runAgentInWorkspace({
344
+ const { summary, stats, stderrTail, usage, callMetrics, diagnostics: runDiag, } = await runAgentInWorkspace({
345
345
  dir: workDir,
346
346
  systemPrompt: job.systemPrompt,
347
347
  userPrompt,
@@ -368,6 +368,7 @@ async function runExploreMode(job, opts) {
368
368
  error: noOutputReason(stats, stderrTail),
369
369
  failureCause: 'no-usable-output',
370
370
  ...(usage ? { usage } : {}),
371
+ ...(callMetrics ? { callMetrics } : {}),
371
372
  ...infraSetupFields,
372
373
  };
373
374
  }
@@ -384,6 +385,7 @@ async function runExploreMode(job, opts) {
384
385
  error: `the agent did not return a usable result: ${unusable}.${agentOutputTail(stderrTail, summary)}`,
385
386
  failureCause: 'no-usable-output',
386
387
  ...(usage ? { usage } : {}),
388
+ ...(callMetrics ? { callMetrics } : {}),
387
389
  ...infraSetupFields,
388
390
  };
389
391
  }
@@ -391,7 +393,13 @@ async function runExploreMode(job, opts) {
391
393
  // Prose: the summary IS the deliverable.
392
394
  if (job.output?.kind !== 'structured') {
393
395
  logger.info('agent(explore): done (prose)', { ...stats });
394
- return { summary, stats, ...(usage ? { usage } : {}), ...infraSetupFields };
396
+ return {
397
+ summary,
398
+ stats,
399
+ ...(usage ? { usage } : {}),
400
+ ...(callMetrics ? { callMetrics } : {}),
401
+ ...infraSetupFields,
402
+ };
395
403
  }
396
404
  // Structured: parse the agent's JSON. With repair enabled (default) a malformed
397
405
  // reply gets ONE structured repair call before giving up; with `repair:false` we
@@ -432,6 +440,7 @@ async function runExploreMode(job, opts) {
432
440
  error: noStructuredReason(stats, stderrTail, diagnostics),
433
441
  failureCause: 'no-usable-output',
434
442
  ...(usage ? { usage } : {}),
443
+ ...(callMetrics ? { callMetrics } : {}),
435
444
  ...infraSetupFields,
436
445
  };
437
446
  }
@@ -451,7 +460,14 @@ async function runExploreMode(job, opts) {
451
460
  custom.environment = reportedEnvironment;
452
461
  }
453
462
  logger.info('agent(explore): done (structured)', { ...stats });
454
- return { summary, custom, stats, ...(usage ? { usage } : {}), ...infraSetupFields };
463
+ return {
464
+ summary,
465
+ custom,
466
+ stats,
467
+ ...(usage ? { usage } : {}),
468
+ ...(callMetrics ? { callMetrics } : {}),
469
+ ...infraSetupFields,
470
+ };
455
471
  }
456
472
  finally {
457
473
  if (managed)
@@ -477,7 +493,7 @@ async function runCodingMode(job, opts) {
477
493
  if (job.mergeBase)
478
494
  return runConflictResolution(job, opts);
479
495
  const pushBranch = job.pushBranch ?? job.newBranch ?? job.branch;
480
- const { summary, stats, stderrTail, pushed, usage } = await runCodingAgent({
496
+ const { summary, stats, stderrTail, pushed, usage, callMetrics } = await runCodingAgent({
481
497
  kind: 'agent',
482
498
  jobId: job.jobId,
483
499
  repo: job.repo,
@@ -504,7 +520,14 @@ async function runCodingMode(job, opts) {
504
520
  if (!pushed) {
505
521
  // A no-op: a failure for the implementer, a clean non-event for the fixers.
506
522
  if (job.noChangesIsError === false) {
507
- return { pushed: false, branch: pushBranch, summary, stats, ...(usage ? { usage } : {}) };
523
+ return {
524
+ pushed: false,
525
+ branch: pushBranch,
526
+ summary,
527
+ stats,
528
+ ...(usage ? { usage } : {}),
529
+ ...(callMetrics ? { callMetrics } : {}),
530
+ };
508
531
  }
509
532
  return {
510
533
  pushed: false,
@@ -514,6 +537,7 @@ async function runCodingMode(job, opts) {
514
537
  error: noChangesReason('the agent produced no file changes', stats, stderrTail),
515
538
  failureCause: 'no-changes',
516
539
  ...(usage ? { usage } : {}),
540
+ ...(callMetrics ? { callMetrics } : {}),
517
541
  };
518
542
  }
519
543
  // Changes are on the branch. Open a PR only when the job asked for one.
@@ -539,7 +563,14 @@ async function runCodingMode(job, opts) {
539
563
  // this is the belt-and-suspenders path when the ahead-of-base check couldn't determine it.
540
564
  if (prUrl === null) {
541
565
  if (job.noChangesIsError === false) {
542
- return { pushed: false, branch: pushBranch, summary, stats, ...(usage ? { usage } : {}) };
566
+ return {
567
+ pushed: false,
568
+ branch: pushBranch,
569
+ summary,
570
+ stats,
571
+ ...(usage ? { usage } : {}),
572
+ ...(callMetrics ? { callMetrics } : {}),
573
+ };
543
574
  }
544
575
  return {
545
576
  pushed: false,
@@ -549,11 +580,27 @@ async function runCodingMode(job, opts) {
549
580
  error: noChangesReason('the work branch has no commits ahead of its base (nothing to open a PR for)', stats, stderrTail),
550
581
  failureCause: 'no-changes',
551
582
  ...(usage ? { usage } : {}),
583
+ ...(callMetrics ? { callMetrics } : {}),
552
584
  };
553
585
  }
554
- return { pushed: true, prUrl, branch: pushBranch, summary, stats, ...(usage ? { usage } : {}) };
586
+ return {
587
+ pushed: true,
588
+ prUrl,
589
+ branch: pushBranch,
590
+ summary,
591
+ stats,
592
+ ...(usage ? { usage } : {}),
593
+ ...(callMetrics ? { callMetrics } : {}),
594
+ };
555
595
  }
556
- return { pushed: true, branch: pushBranch, summary, stats, ...(usage ? { usage } : {}) };
596
+ return {
597
+ pushed: true,
598
+ branch: pushBranch,
599
+ summary,
600
+ stats,
601
+ ...(usage ? { usage } : {}),
602
+ ...(callMetrics ? { callMetrics } : {}),
603
+ };
557
604
  }
558
605
  /**
559
606
  * Conflict-resolution coding flow (the conflict-resolver): clone the PR head `branch`
@@ -617,7 +664,7 @@ async function runConflictResolution(job, opts) {
617
664
  logger.info('agent(conflict): resolving conflicts with agent', { conflicted });
618
665
  const diff = await conflictDiff(dir, conflicted, signal);
619
666
  const userPrompt = buildConflictPrompt(mergeBase, job.branch, conflicted, diff, job.userPrompt);
620
- const { summary, stats, stderrTail, usage } = await runAgentInWorkspace({
667
+ const { summary, stats, stderrTail, usage, callMetrics } = await runAgentInWorkspace({
621
668
  dir,
622
669
  systemPrompt: job.systemPrompt,
623
670
  userPrompt,
@@ -646,6 +693,7 @@ async function runConflictResolution(job, opts) {
646
693
  error: unresolvedReason(unresolved, stats, stderrTail),
647
694
  failureCause: 'agent',
648
695
  ...(usage ? { usage } : {}),
696
+ ...(callMetrics ? { callMetrics } : {}),
649
697
  };
650
698
  }
651
699
  // Complete the merge commit with the agent's resolution staged, then push.
@@ -653,7 +701,14 @@ async function runConflictResolution(job, opts) {
653
701
  opts.onPhase?.('push');
654
702
  logger.info('agent(conflict): pushing resolved branch', { ...stats });
655
703
  await pushBranch(dir, job.branch, job.ghToken, signal);
656
- return { pushed: true, branch: job.branch, summary, stats, ...(usage ? { usage } : {}) };
704
+ return {
705
+ pushed: true,
706
+ branch: job.branch,
707
+ summary,
708
+ stats,
709
+ ...(usage ? { usage } : {}),
710
+ ...(callMetrics ? { callMetrics } : {}),
711
+ };
657
712
  });
658
713
  }
659
714
  /**
@@ -729,7 +784,7 @@ async function runBootstrap(job, opts) {
729
784
  }
730
785
  opts.onPhase?.('agent');
731
786
  logger.info('agent(bootstrap): running agent');
732
- const { summary, stats, stderrTail, usage } = await runAgentInWorkspace({
787
+ const { summary, stats, stderrTail, usage, callMetrics } = await runAgentInWorkspace({
733
788
  dir,
734
789
  systemPrompt: job.systemPrompt,
735
790
  userPrompt: job.userPrompt,
@@ -749,7 +804,14 @@ async function runBootstrap(job, opts) {
749
804
  if (!(await producedRepoContent(dir, !fromScratch, signal))) {
750
805
  const error = bootstrapNoOpReason(!fromScratch, stats, summary, stderrTail);
751
806
  logger.error('agent(bootstrap): agent produced no content, refusing to push', { ...stats });
752
- return { summary, stats, error, failureCause: 'agent', ...(usage ? { usage } : {}) };
807
+ return {
808
+ summary,
809
+ stats,
810
+ error,
811
+ failureCause: 'agent',
812
+ ...(usage ? { usage } : {}),
813
+ ...(callMetrics ? { callMetrics } : {}),
814
+ };
753
815
  }
754
816
  opts.onPhase?.('push');
755
817
  logger.info('agent(bootstrap): pushing bootstrapped contents', { ...stats });
@@ -764,7 +826,13 @@ async function runBootstrap(job, opts) {
764
826
  : `Bootstrap from ${job.repo.owner}/${job.repo.name}`,
765
827
  });
766
828
  logger.info('agent(bootstrap): complete', { defaultBranch: boot.target.defaultBranch });
767
- return { defaultBranch: boot.target.defaultBranch, summary, stats, ...(usage ? { usage } : {}) };
829
+ return {
830
+ defaultBranch: boot.target.defaultBranch,
831
+ summary,
832
+ stats,
833
+ ...(usage ? { usage } : {}),
834
+ ...(callMetrics ? { callMetrics } : {}),
835
+ };
768
836
  });
769
837
  }
770
838
  /**
@@ -195,7 +195,7 @@ export async function runCodingAgent(spec, opts = {}) {
195
195
  try {
196
196
  opts.onPhase?.('agent');
197
197
  logger.info('coding-agent: running agent', { serviceDirectory });
198
- const { summary, stats, stderrTail, usage } = await runAgentInWorkspace({
198
+ const { summary, stats, stderrTail, usage, callMetrics } = await runAgentInWorkspace({
199
199
  dir: workDir,
200
200
  systemPrompt: spec.systemPrompt,
201
201
  userPrompt: spec.userPrompt,
@@ -265,6 +265,7 @@ export async function runCodingAgent(spec, opts = {}) {
265
265
  stats,
266
266
  ...(stderrTail ? { stderrTail } : {}),
267
267
  ...(usage ? { usage } : {}),
268
+ ...(callMetrics ? { callMetrics } : {}),
268
269
  };
269
270
  }
270
271
  else {
@@ -278,6 +279,7 @@ export async function runCodingAgent(spec, opts = {}) {
278
279
  stats,
279
280
  ...(stderrTail ? { stderrTail } : {}),
280
281
  ...(usage ? { usage } : {}),
282
+ ...(callMetrics ? { callMetrics } : {}),
281
283
  };
282
284
  }
283
285
  }
@@ -59,6 +59,9 @@ function guardProcess(child, label, logger) {
59
59
  export async function standUpFrontend(dir, infra, signal, onActivity, logger = log) {
60
60
  const startedAt = Date.now();
61
61
  const processes = [];
62
+ // The frontend app's directory: the checkout root, or a monorepo subdirectory when the config
63
+ // named one. install/build/serve run here and `outputDir`/`mockMappingsPath` are relative to it.
64
+ const workDir = infra.directory ? join(dir, infra.directory) : dir;
62
65
  // Keep the run's inactivity watchdog fed while the (activity-silent) install → build → serve
63
66
  // stand-up runs. A real frontend's `install` + `build` can exceed the harness inactivity
64
67
  // window (default 10 min, JOB_INACTIVITY_MS) — and unlike the Pi phase this stand-up emits
@@ -96,7 +99,7 @@ export async function standUpFrontend(dir, infra, signal, onActivity, logger = l
96
99
  const install = installCommand(infra);
97
100
  logger.info('agent(frontend): installing', { command: install.join(' ') });
98
101
  const installed = await exec(install[0], install.slice(1), {
99
- cwd: dir,
102
+ cwd: workDir,
100
103
  signal,
101
104
  timeout: 8 * 60_000,
102
105
  maxBuffer: 16 * 1024 * 1024,
@@ -107,7 +110,7 @@ export async function standUpFrontend(dir, infra, signal, onActivity, logger = l
107
110
  const buildScript = infra.buildScript ?? DEFAULTS.buildScript;
108
111
  logger.info('agent(frontend): building', { buildScript });
109
112
  const built = await exec(pm, ['run', buildScript], {
110
- cwd: dir,
113
+ cwd: workDir,
111
114
  signal,
112
115
  timeout: 12 * 60_000,
113
116
  maxBuffer: 16 * 1024 * 1024,
@@ -128,7 +131,7 @@ export async function standUpFrontend(dir, infra, signal, onActivity, logger = l
128
131
  'is only served in static mode; relying on the forwarded env instead', { outputDir });
129
132
  }
130
133
  const shim = `window.env = ${JSON.stringify(infra.env)};\n`;
131
- await writeFile(join(dir, outputDir, 'env.js'), shim, 'utf8').catch((err) => {
134
+ await writeFile(join(workDir, outputDir, 'env.js'), shim, 'utf8').catch((err) => {
132
135
  // Best-effort, but no longer silent: a missing/renamed output dir would drop the shim
133
136
  // and the app would read no URLs, so surface it in the log for diagnosis.
134
137
  logger.warn('agent(frontend): could not write runtime env shim', {
@@ -139,9 +142,9 @@ export async function standUpFrontend(dir, infra, signal, onActivity, logger = l
139
142
  }
140
143
  // 3) WireMock for the mocked upstreams. Seeded from the FE repo's mappings dir when present;
141
144
  // otherwise it still binds the port (unmatched requests 404, gentler than ECONNREFUSED).
142
- processes.push(await startWireMock(dir, infra, wiremockPort, logger));
145
+ processes.push(await startWireMock(workDir, infra, wiremockPort, logger));
143
146
  // 4) Serve the built app.
144
- processes.push(startServe(dir, infra, servePort, outputDir, logger));
147
+ processes.push(startServe(workDir, infra, servePort, outputDir, logger));
145
148
  // 5) Health-check the served app AND WireMock before handing off, concurrently (WireMock is
146
149
  // a JVM that cold-starts slower than the static server). A dead WireMock would otherwise let
147
150
  // the agent start and hit ECONNREFUSED on the app's first mocked-upstream call.
package/dist/job.js CHANGED
@@ -81,7 +81,7 @@ function parseHarnessAuth(o) {
81
81
  * `..` segment) — the agent's cwd is built from this, so a hostile value must never
82
82
  * point outside the cloned repo.
83
83
  */
84
- function sanitizeServiceDirectory(value) {
84
+ function sanitizeServiceDirectory(value, field = 'repo.serviceDirectory') {
85
85
  if (typeof value !== 'string')
86
86
  return undefined;
87
87
  const normalized = value
@@ -94,7 +94,7 @@ function sanitizeServiceDirectory(value) {
94
94
  if (segments.length === 0)
95
95
  return undefined;
96
96
  if (segments.some((s) => s === '..')) {
97
- throw new Error("Invalid job: 'repo.serviceDirectory' must be a path inside the repo");
97
+ throw new Error(`Invalid job: '${field}' must be a path inside the repo`);
98
98
  }
99
99
  return segments.join('/');
100
100
  }
@@ -301,8 +301,13 @@ function parseFrontendInfraSpec(o) {
301
301
  }
302
302
  const servePort = port(o.servePort);
303
303
  const wiremockPort = port(o.wiremockPort);
304
+ // The app's monorepo subdirectory becomes the install/build/serve cwd, so it goes through the
305
+ // same escape-guard as `repo.serviceDirectory` — strip slashes and reject any `..` segment so a
306
+ // hostile value can't point the stand-up outside the cloned repo.
307
+ const directory = sanitizeServiceDirectory(o.directory, 'frontend.directory');
304
308
  return {
305
309
  kind: 'frontend',
310
+ ...(directory ? { directory } : {}),
306
311
  ...(packageManager ? { packageManager } : {}),
307
312
  ...(typeof o.install === 'string' && o.install ? { install: o.install } : {}),
308
313
  ...(typeof o.buildScript === 'string' && o.buildScript ? { buildScript: o.buildScript } : {}),
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@cat-factory/executor-harness",
3
- "version": "1.31.10",
3
+ "version": "1.32.0",
4
4
  "description": "Container payload: a thin TypeScript wrapper that runs the Pi coding agent against a cloned repo and opens a PR. Runs in the Cloudflare Container (and, in local native mode, as a host process); carries no secrets.",
5
5
  "repository": {
6
6
  "type": "git",
@@ -26,8 +26,8 @@
26
26
  "hono": "^4.12.27",
27
27
  "typescript": "^6.0.3",
28
28
  "vitest": "^4.1.9",
29
- "@cat-factory/server": "0.66.6",
30
- "@cat-factory/spend": "0.10.71"
29
+ "@cat-factory/server": "0.68.0",
30
+ "@cat-factory/spend": "0.10.74"
31
31
  },
32
32
  "scripts": {
33
33
  "build": "tsc -p tsconfig.json",