@f-o-h/cli 0.1.15 → 0.1.17

package/README.md

@@ -4,7 +4,7 @@ AI-operator provisioning CLI for Front Of House.
 
 Public mirror: https://github.com/iiko38/front-of-house-cli
 
-Current published baseline: `@f-o-h/cli@0.1.15`
+Current published baseline: `@f-o-h/cli@0.1.16`
 
 This mirror is a generated release artifact. The private product monorepo is not
 published here, and no open-source license is granted unless stated separately.
@@ -62,22 +62,22 @@ foh auth login --email "$FOH_EMAIL" --password "$FOH_PASSWORD" --json
 foh org list --json
 foh org use --org <org-id> --json
 foh setup --org <org-id> --agent-template <template-id> --agent-name "Demo Agent" --json
-foh prove --agent <agent-id> --json --out foh-proof.json
-foh test run --suite ./suite.yml --agent <agent-id> --json --out foh-test-report.json
-foh agent replay --file ./transcript-export.json --json
-foh bug improve --from-file foh-proof.json --out foh-improvement.json --json
-```
-
-Trusted server-side automation can use a scoped service token without browser
-approval:
-
-```bash
-FOH_SERVICE_TOKEN="$FOH_SERVICE_TOKEN" FOH_ORG_ID="$FOH_ORG_ID" foh auth whoami --json
-```
-
-`auth signup --web` opens the console signup page when possible and always
-prints the fallback URL. `auth login --web` starts browser device
-authorization, opens `/cli-auth`, waits for console approval, and stores the
+foh prove --agent <agent-id> --json --out foh-proof.json
+foh test run --suite ./suite.yml --agent <agent-id> --json --out foh-test-report.json
+foh agent replay --file ./transcript-export.json --json
+foh bug improve --from-file foh-proof.json --out foh-improvement.json --json
+```
+
+Trusted server-side automation can use a scoped service token without browser
+approval:
+
+```bash
+FOH_SERVICE_TOKEN="$FOH_SERVICE_TOKEN" FOH_ORG_ID="$FOH_ORG_ID" foh auth whoami --json
+```
+
+`auth signup --web` opens the console signup page when possible and always
+prints the fallback URL. `auth login --web` starts browser device
+authorization, opens `/cli-auth`, waits for console approval, and stores the
 returned short-lived token. Credential auth remains available as fallback.
 
 `foh prove` produces a compact signed proof report across auth, org context,
@@ -144,15 +144,30 @@ After dry-run review, one controlled Codex run can be launched explicitly with
 `run.json` even on timeout or non-zero exit:
 
 ```bash
-foh eval external-agent execute \
-  --runner codex \
-  --batch test-results/external-agent-runs/<one-model-batch>/batch.json \
-  --timeout-minutes 30 \
-  --live \
-  --json
-```
-
-## Local Scenario Suites
+foh eval external-agent execute \
+  --runner codex \
+  --batch test-results/external-agent-runs/<one-model-batch>/batch.json \
+  --timeout-minutes 30 \
+  --live \
+  --json
+```
+
+For Linux eval hosts where Codex's default Bubblewrap sandbox cannot configure
+loopback networking, keep sandboxing enabled and select the legacy Landlock
+backend explicitly:
+
+```bash
+foh eval external-agent execute \
+  --runner codex \
+  --batch test-results/external-agent-runs/<one-model-batch>/batch.json \
+  --codex-sandbox-backend legacy-landlock \
+  --codex-network-access \
+  --timeout-minutes 30 \
+  --live \
+  --json
+```
+
+## Local Scenario Suites
 
 `foh test run --suite <file>` runs deterministic widget-runtime checks for a
 specific agent. The suite format supports reply text checks plus structured

package/dist/foh.js

@@ -14637,9 +14637,9 @@ function registerAgent(program3) {
       process.stdout.write(yaml);
       return;
     }
-    const { writeFileSync: writeFileSync9 } = await import("fs");
+    const { writeFileSync: writeFileSync10 } = await import("fs");
     const outputPath = opts.output ?? "tenant.yaml";
-    writeFileSync9(
+    writeFileSync10(
       outputPath,
       `# tenant.yaml - Front Of House agent manifest
 # Edit this file and run: foh plan tenant.yaml
@@ -16074,11 +16074,11 @@ function registerVoice(program3) {
     }
     const outputPath = String(opts.out || `foh-voice-preview-${provider}-${voiceId}.mp3`).trim();
     const audio = Buffer.from(await res.arrayBuffer());
-    const { mkdirSync: mkdirSync7, writeFileSync: writeFileSync9 } = await import("fs");
+    const { mkdirSync: mkdirSync7, writeFileSync: writeFileSync10 } = await import("fs");
     const { dirname: dirname6, resolve: resolve12 } = await import("path");
     const absolutePath = resolve12(outputPath);
     mkdirSync7(dirname6(absolutePath), { recursive: true });
-    writeFileSync9(absolutePath, audio);
+    writeFileSync10(absolutePath, audio);
     format({
       status: "ok",
       provider,
@@ -32681,7 +32681,7 @@ var StdioServerTransport = class {
 };
 
 // src/lib/cli-version.ts
-var CLI_VERSION = "0.1.15";
+var CLI_VERSION = "0.1.17";
 
 // src/commands/mcp-serve.ts
 var DEFAULT_TIMEOUT_MS = 12e4;
@@ -34816,8 +34816,8 @@ function registerSetup(program3) {
         }
         try {
           const manifest = await agentExport(resolvedAgentId, { apiUrlOverride: opts.apiUrl });
-          const { writeFileSync: writeFileSync9 } = await import("fs");
-          writeFileSync9(
+          const { writeFileSync: writeFileSync10 } = await import("fs");
+          writeFileSync10(
             "tenant.yaml",
             `# tenant.yaml - Front Of House agent manifest
 # Edit this file and run: foh plan tenant.yaml
@@ -34985,8 +34985,8 @@ function registerSim(program3) {
       }
       const cert = response.certificate;
       if (opts.out) {
-        const { writeFileSync: writeFileSync9 } = await import("fs");
-        writeFileSync9(opts.out, JSON.stringify(cert, null, 2) + "\n", "utf-8");
+        const { writeFileSync: writeFileSync10 } = await import("fs");
+        writeFileSync10(opts.out, JSON.stringify(cert, null, 2) + "\n", "utf-8");
         process.stderr.write(`  Certificate written to ${opts.out}
 `);
       }
@@ -35036,8 +35036,8 @@ function registerSim(program3) {
         });
       }
       if (opts.out) {
-        const { writeFileSync: writeFileSync9 } = await import("fs");
-        writeFileSync9(opts.out, JSON.stringify(response.certificate, null, 2) + "\n", "utf-8");
+        const { writeFileSync: writeFileSync10 } = await import("fs");
+        writeFileSync10(opts.out, JSON.stringify(response.certificate, null, 2) + "\n", "utf-8");
         process.stderr.write(`  Final certificate written to ${opts.out}
 `);
       }
@@ -38376,7 +38376,8 @@ function artifactFiles(runDir) {
   if (!(0, import_fs12.existsSync)(runDir)) return [];
   return (0, import_fs12.readdirSync)(runDir).map((name) => (0, import_path10.join)(runDir, name)).filter((path2) => {
     const stat = (0, import_fs12.statSync)(path2);
-    return stat.isFile() && TEXT_ARTIFACT_NAMES.has(path2.split(/[\\/]/).pop() || "");
+    const name = path2.split(/[\\/]/).pop() || "";
+    return stat.isFile() && (TEXT_ARTIFACT_NAMES.has(name) || name.startsWith("command-output-cmd_"));
   }).sort();
 }
 function finding(kind, file2, count) {
@@ -38465,30 +38466,154 @@ function getExternalAgentRunDir() {
   if (!raw || !raw.trim()) return null;
   return (0, import_path11.resolve)(raw);
 }
+function commandIdFor(input) {
+  const seed = `${input.startedAt}:${input.argv.join("\0")}:${process.pid}`;
+  let hash2 = 2166136261;
+  for (let i = 0; i < seed.length; i += 1) {
+    hash2 ^= seed.charCodeAt(i);
+    hash2 = Math.imul(hash2, 16777619);
+  }
+  return `cmd_${(hash2 >>> 0).toString(16).padStart(8, "0")}`;
+}
+function outputArtifactName(commandId) {
+  return `command-output-${commandId}.txt`;
+}
+function parseEnvelope(text) {
+  const candidates = [
+    ...text.split(/\r?\n/).map((line) => line.trim()).filter((line) => line.startsWith("{") && line.endsWith("}")).reverse()
+  ];
+  const firstObject = text.indexOf("{");
+  const lastObject = text.lastIndexOf("}");
+  if (firstObject >= 0 && lastObject > firstObject) candidates.push(text.slice(firstObject, lastObject + 1));
+  for (const candidate of candidates) {
+    try {
+      const parsed = JSON.parse(candidate);
+      const status = typeof parsed.status === "string" ? parsed.status : parsed.ok === true ? "pass" : parsed.ok === false ? "fail" : null;
+      const reasonCode = typeof parsed.reason_code === "string" ? parsed.reason_code : typeof parsed.code === "string" ? parsed.code : null;
+      if (status || reasonCode) return { status, reasonCode };
+    } catch {
+    }
+  }
+  return { status: null, reasonCode: null };
+}
 function recordExternalAgentCliInvocation(input) {
   const runDir = getExternalAgentRunDir();
-  if (!runDir) return;
+  if (!runDir) return null;
   try {
     (0, import_fs13.mkdirSync)(runDir, { recursive: true });
+    const startedAt = (/* @__PURE__ */ new Date()).toISOString();
     const args = input.argv.slice(2).map((arg) => redactText(String(arg)));
+    const commandId = commandIdFor({ startedAt, argv: args });
+    const promptVersion = process.env[EXTERNAL_AGENT_PROMPT_VERSION_ENV] || null;
+    const cwd = redactPath(process.cwd());
     const record2 = {
-      schema_version: "external_agent_cli_command.v1",
-      recorded_at: (/* @__PURE__ */ new Date()).toISOString(),
+      schema_version: "external_agent_cli_command.v2",
+      command_id: commandId,
+      phase: "started",
+      recorded_at: startedAt,
       cli_version: input.cliVersion,
-      cwd: redactPath(process.cwd()),
+      cwd,
       argv: args,
       command: args.join(" "),
       json_requested: args.includes("--json"),
-      prompt_version: process.env[EXTERNAL_AGENT_PROMPT_VERSION_ENV] || null
+      prompt_version: promptVersion,
+      started_at: startedAt
     };
     (0, import_fs13.appendFileSync)((0, import_path11.join)(runDir, "commands.ndjson"), safeJsonLine(record2), "utf8");
+    return {
+      commandId,
+      runDir,
+      startedAt,
+      cliVersion: input.cliVersion,
+      cwd,
+      argv: args,
+      command: args.join(" "),
+      jsonRequested: args.includes("--json"),
+      promptVersion
+    };
   } catch {
+    return null;
+  }
+}
+function installExternalAgentCliCompletionRecorder(capture) {
+  if (!capture) return;
+  const chunks = [];
+  const maxChars = 256 * 1024;
+  const originalStdoutWrite = process.stdout.write.bind(process.stdout);
+  const originalStderrWrite = process.stderr.write.bind(process.stderr);
+  function captureChunk(chunk) {
+    if (typeof chunk === "string") {
+      if (chunks.join("").length < maxChars) chunks.push(chunk.slice(0, maxChars));
+      return;
+    }
+    if (Buffer.isBuffer(chunk)) {
+      if (chunks.join("").length < maxChars) chunks.push(chunk.toString("utf8").slice(0, maxChars));
+    }
   }
+  process.stdout.write = ((chunk, ...args) => {
+    captureChunk(chunk);
+    return originalStdoutWrite(chunk, ...args);
+  });
+  process.stderr.write = ((chunk, ...args) => {
+    captureChunk(chunk);
+    return originalStderrWrite(chunk, ...args);
+  });
+  process.once("exit", (code) => {
+    try {
+      process.stdout.write = originalStdoutWrite;
+      process.stderr.write = originalStderrWrite;
+      const output = redactPath(chunks.join("").slice(0, maxChars));
+      completeExternalAgentCliInvocation(capture, {
+        output,
+        exitCode: Number.isInteger(code) ? code : process.exitCode && Number.isInteger(process.exitCode) ? Number(process.exitCode) : null
+      });
+    } catch {
+    }
+  });
+}
+function completeExternalAgentCliInvocation(capture, input) {
+  const completedAt = input.completedAt || (/* @__PURE__ */ new Date()).toISOString();
+  const output = redactPath(String(input.output || "").slice(0, 256 * 1024));
+  const parsed = parseEnvelope(output);
+  let artifact = null;
+  if (output.trim()) {
+    artifact = outputArtifactName(capture.commandId);
+    (0, import_fs13.writeFileSync)((0, import_path11.join)(capture.runDir, artifact), output, "utf8");
+  }
+  const record2 = {
+    schema_version: "external_agent_cli_command.v2",
+    command_id: capture.commandId,
+    phase: "completed",
+    recorded_at: completedAt,
+    cli_version: capture.cliVersion,
+    cwd: capture.cwd,
+    argv: capture.argv,
+    command: capture.command,
+    json_requested: capture.jsonRequested,
+    prompt_version: capture.promptVersion,
+    started_at: capture.startedAt,
+    completed_at: completedAt,
+    duration_ms: Math.max(0, Date.parse(completedAt) - Date.parse(capture.startedAt)),
+    exit_code: Number.isInteger(input.exitCode) ? Number(input.exitCode) : null,
+    status: parsed.status,
+    reason_code: parsed.reasonCode,
+    output_artifact: artifact,
+    output_bytes: Buffer.byteLength(output, "utf8")
+  };
+  (0, import_fs13.appendFileSync)((0, import_path11.join)(capture.runDir, "commands.ndjson"), safeJsonLine(record2), "utf8");
 }
 function readCommandRecords(runDir) {
   const commandLogPath = (0, import_path11.join)(runDir, "commands.ndjson");
   if (!(0, import_fs13.existsSync)(commandLogPath)) return [];
-  return (0, import_fs13.readFileSync)(commandLogPath, "utf8").split(/\r?\n/).map((line) => line.trim()).filter(Boolean).map((line) => JSON.parse(line));
+  const records = (0, import_fs13.readFileSync)(commandLogPath, "utf8").split(/\r?\n/).map((line) => line.trim()).filter(Boolean).map((line) => JSON.parse(line));
+  const byId = /* @__PURE__ */ new Map();
+  const ordered = [];
+  for (const record2 of records) {
+    const id = record2.command_id || `${record2.recorded_at}:${record2.command}`;
+    if (!byId.has(id)) ordered.push(record2);
+    byId.set(id, record2.phase === "completed" ? record2 : byId.get(id) ?? record2);
+  }
+  return ordered.map((record2) => byId.get(record2.command_id || `${record2.recorded_at}:${record2.command}`) || record2);
 }
 
 // src/lib/external-agent-executor.ts
@@ -38662,6 +38787,29 @@ ${help.stderr}`;
   }
   return { binaryChecked: true, requiredFlagsChecked: true };
 }
+function normalizeCodexSandboxBackend(value) {
+  const normalized = (value || "default").trim().toLowerCase();
+  if (normalized === "default" || normalized === "legacy-landlock") return normalized;
+  throw new ExternalAgentExecutorError(
+    "invalid_codex_sandbox_backend",
+    `Unsupported Codex sandbox backend: ${value}. Use default or legacy-landlock.`
+  );
+}
+function codexConfigArgs(input) {
+  const args = [];
+  if (input.backend === "legacy-landlock") {
+    args.push(
+      "-c",
+      "features.use_legacy_landlock=true",
+      "-c",
+      "features.use_linux_sandbox_bwrap=false"
+    );
+  }
+  if (input.networkAccess) {
+    args.push("-c", "sandbox_workspace_write.network_access=true");
+  }
+  return args;
+}
 function safeRunId(value) {
   return value.toLowerCase().replace(/[^a-z0-9_.-]+/g, "-").replace(/^-+|-+$/g, "") || "run";
 }
@@ -38684,6 +38832,8 @@ function createExternalAgentExecutorPlan(options) {
   const batchPath = (0, import_path12.resolve)(options.batchPath);
   const batch = readBatch(batchPath);
   const runnerProbe = validateCodexRunner(options);
+  const codexSandboxBackend = normalizeCodexSandboxBackend(options.codexSandboxBackend);
+  const codexNetworkAccess = options.codexNetworkAccess === true;
   const privateRepoRoot = (0, import_path12.resolve)(options.privateRepoRoot || options.cwd || process.cwd());
   const workspaceRoot = resolveWorkspaceRoot({ batchPath, workspaceRoot: options.workspaceRoot, privateRepoRoot });
   if (isPathInside(workspaceRoot, privateRepoRoot)) {
@@ -38726,6 +38876,7 @@ function createExternalAgentExecutorPlan(options) {
     const artifactSafetyPath = (0, import_path12.join)(runDir, "artifact-safety.json");
     const args = [
       "exec",
+      ...codexConfigArgs({ backend: codexSandboxBackend, networkAccess: codexNetworkAccess }),
       "--cd",
       workspaceDir,
       "--skip-git-repo-check",
@@ -38778,7 +38929,9 @@ function createExternalAgentExecutorPlan(options) {
       runner_probe: {
         binary_checked: runnerProbe.binaryChecked,
         required_flags_checked: runnerProbe.requiredFlagsChecked
-      }
+      },
+      codex_sandbox_backend: codexSandboxBackend,
+      codex_network_access: codexNetworkAccess
     },
     runs
   };
@@ -38835,6 +38988,24 @@ ${stderr}`;
   if (/(?:blocked|rejected|declined) by policy|EXEC_POLICY_BLOCKED|command execution was rejected|shell commands were rejected/i.test(combined)) {
     return { status: "hold", reasonCode: "codex_exec_policy_blocked" };
   }
+  if (/bwrap:.*(?:RTM_NEWADDR|Operation not permitted)|bubblewrap.*(?:RTM_NEWADDR|Operation not permitted)|Failed RTM_NEWADDR|ENV_SANDBOX_EXEC_BLOCKED/i.test(combined)) {
+    return { status: "hold", reasonCode: "codex_sandbox_exec_blocked" };
+  }
+  if (/ENV_NETWORK_DNS_BLOCK|Could not resolve host|npm ping.*timeout|NO_EXECUTABLE_INSTALL/i.test(combined)) {
+    return { status: "hold", reasonCode: "codex_network_dns_blocked" };
+  }
+  if (/contact_phone_missing/i.test(combined)) {
+    return { status: "hold", reasonCode: "voice_contact_phone_missing" };
+  }
+  if (/simulation_certification_failed/i.test(combined)) {
+    return { status: "hold", reasonCode: "simulation_certification_failed" };
+  }
+  if (/proof_held/i.test(combined)) {
+    return { status: "hold", reasonCode: "external_agent_proof_held" };
+  }
+  if (/agent_limit_reached/i.test(combined)) {
+    return { status: "hold", reasonCode: "eval_org_agent_limit_reached" };
+  }
   if (/browser|approve|approval|login|auth|sign in/i.test(combined) && !proofArtifactPasses(input.run.run_dir)) {
     return { status: "hold", reasonCode: "auth_browser_approval_required" };
   }
@@ -39298,7 +39469,7 @@ Exit the shell to finalize run.json.
     }), { json: Boolean(opts.json) });
     if (!report.ok) process.exitCode = 1;
   });
-  external.command("execute").description("Create a guarded dry-run executor plan for programmable external-agent runners").requiredOption("--batch <path>", "Path to external_agent_batch_plan.v1 batch.json").option("--runner <runner>", "Runner implementation", "codex").option("--workspace-root <path>", "Clean executor workspace root; must be outside the private repo").option("--private-repo-root <path>", "Private repository root to guard against").option("--timeout-minutes <minutes>", "Per-run timeout planned for future execution", "30").option("--skip-runner-probe", "Skip local runner binary/help probing").option("--dry-run", "Write the executor plan without launching the runner", true).option("--live", "Launch one controlled external-agent run after writing the guarded plan").option("--json", "Output as JSON").action(async (opts) => {
+  external.command("execute").description("Create a guarded dry-run executor plan for programmable external-agent runners").requiredOption("--batch <path>", "Path to external_agent_batch_plan.v1 batch.json").option("--runner <runner>", "Runner implementation", "codex").option("--workspace-root <path>", "Clean executor workspace root; must be outside the private repo").option("--private-repo-root <path>", "Private repository root to guard against").option("--timeout-minutes <minutes>", "Per-run timeout planned for future execution", "30").option("--codex-sandbox-backend <backend>", "Codex sandbox backend override: default|legacy-landlock", "default").option("--codex-network-access", "Allow Codex workspace-write sandbox network access for public docs/npm probes").option("--skip-runner-probe", "Skip local runner binary/help probing").option("--dry-run", "Write the executor plan without launching the runner", true).option("--live", "Launch one controlled external-agent run after writing the guarded plan").option("--json", "Output as JSON").action(async (opts) => {
     try {
       const plan = createExternalAgentExecutorPlan({
         batchPath: String(opts.batch),
@@ -39306,6 +39477,8 @@ Exit the shell to finalize run.json.
         workspaceRoot: opts.workspaceRoot ? String(opts.workspaceRoot) : void 0,
         privateRepoRoot: opts.privateRepoRoot ? String(opts.privateRepoRoot) : void 0,
         timeoutMinutes: Number(opts.timeoutMinutes || 30),
+        codexSandboxBackend: String(opts.codexSandboxBackend || "default"),
+        codexNetworkAccess: Boolean(opts.codexNetworkAccess),
         skipRunnerProbe: Boolean(opts.skipRunnerProbe),
         cwd: process.cwd()
       });
@@ -39453,7 +39626,7 @@ function installSoftExitTrap() {
 
 // src/index.ts
 installSoftExitTrap();
-recordExternalAgentCliInvocation({ argv: process.argv, cliVersion: CLI_VERSION });
+installExternalAgentCliCompletionRecorder(recordExternalAgentCliInvocation({ argv: process.argv, cliVersion: CLI_VERSION }));
 var program2 = new Command();
 var BUG_REPORT_URL = process.env.FOH_BUG_REPORT_URL ?? "https://github.com/iiko38/front-of-house/issues";
 function shouldRenderBanner2(argv) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@f-o-h/cli",
-  "version": "0.1.15",
+  "version": "0.1.17",
   "description": "FOH CLI - AI-operator provisioning tool for Front Of House",
   "license": "UNLICENSED",
   "bin": {