@hamp10/agentforge 0.2.25 → 0.2.27

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@hamp10/agentforge",
-  "version": "0.2.25",
+  "version": "0.2.27",
   "description": "AgentForge worker — connect your machine to agentforge.ai",
   "type": "module",
   "bin": {

package/scripts/check-task-semantics.js

@@ -668,6 +668,7 @@ try {
 const openClawSource = readFileSync(new URL('../src/OpenClawCLI.js', import.meta.url), 'utf-8');
 const workerSource = readFileSync(new URL('../src/worker.js', import.meta.url), 'utf-8');
 const workerBinSource = readFileSync(new URL('../bin/agentforge.js', import.meta.url), 'utf-8');
+const selfUpdateSource = readFileSync(new URL('../src/selfUpdate.js', import.meta.url), 'utf-8');
 const defaultGuidesSource = readFileSync(new URL('../src/default-task-guides.js', import.meta.url), 'utf-8');
 const browserSource = readFileSync(new URL('../src/browser.js', import.meta.url), 'utf-8');
 const previewServerSource = readFileSync(new URL('../src/preview-server.js', import.meta.url), 'utf-8');
@@ -838,16 +839,41 @@ assert.match(
   /app\.delete\('\/api\/agents\/delete\/cleanup-empty'[\s\S]*activeTasks[\s\S]*type: 'agents_pruned'/i,
   'empty-agent cleanup should preserve live tasks and broadcast removed agents'
 );
+assert.match(
+  serverSource,
+  /CREATE TABLE IF NOT EXISTS agent_flows[\s\S]*config JSONB DEFAULT NULL/i,
+  'agent flow emergency schema patch should include config so model routing survives skipped migrations'
+);
+assert.match(
+  serverSource,
+  /ALTER TABLE agent_flows ADD COLUMN IF NOT EXISTS config JSONB DEFAULT NULL/i,
+  'agent flow startup should self-heal missing config column'
+);
+assert.match(
+  serverSource,
+  /ON CONFLICT \(id\)[\s\S]*WHERE agent_flows\.user_id = EXCLUDED\.user_id[\s\S]*RETURNING id/i,
+  'flow upserts should not update another user flow with the same id'
+);
 assert.match(
   dashboardSource,
   /confirmDeleteAgent[\s\S]*await fetch[\s\S]*removeAgentFromLocalState/i,
   'single-agent delete should only remove local UI after the server confirms deletion'
 );
+assert.match(
+  dashboardSource,
+  /confirmPruneAgents[\s\S]*\/api\/agents\/delete\/prune\?keep=15[\s\S]*removeAgentFromLocalState/i,
+  'dashboard should expose old-agent pruning through the safe keep-latest endpoint'
+);
 assert.match(
   dashboardSource,
   /function finalizeLiveFeedBeforeGuide[\s\S]*commitChunkBuffer[\s\S]*hideTypingIndicator/i,
   'live Guide messages should close the current visible agent feed before rendering the user bubble'
 );
+assert.match(
+  selfUpdateSource,
+  /ensureWritableGlobalInstallEnv[\s\S]*canWriteNpmRoot[\s\S]*configureUserOwnedNpmGlobalEnv/i,
+  'self-update should preflight npm global permissions before printing a failed system-prefix install'
+);
 assert.match(
   dashboardSource,
   /async function sendGuideMessage[\s\S]*agent\._guideInflight[\s\S]*finalizeLiveFeedBeforeGuide\(agentId\)[\s\S]*addMessage/i,
@@ -918,6 +944,16 @@ assert.match(
   /__agentforge_verify/i,
   'direct browser verification should cache-bust local verification URLs'
 );
+assert.match(
+  openClawSource,
+  /normalizeForNavigationCompare\(target\?\.url \|\| ''\) === normalizeForNavigationCompare\(effectiveRequestedUrl\)/,
+  'direct browser verification should reuse an existing cache-busted tab for the same requested local URL'
+);
+assert.match(
+  openClawSource,
+  /isLocalVerificationUrl[\s\S]*__agentforge_verify[\s\S]*closeDuplicateVerificationTargets[\s\S]*\/json\/close\//i,
+  'direct browser verification should close duplicate cache-busted local verification tabs'
+);
 assert.match(
   openClawSource,
   /forgetLocalScopedUrl[\s\S]*rendered page content did not identify target|rendered page content did not identify target[\s\S]*forgetLocalScopedUrl/i,
@@ -933,6 +969,16 @@ assert.match(
   /__agentforge_verify/i,
   'AgentForge browser tool should cache-bust localhost navigations'
 );
+assert.match(
+  browserSource,
+  /sameBrowserTargetUrl[\s\S]*stripLocalCacheBust[\s\S]*getPage\(agentId, url\)/i,
+  'AgentForge browser tool should reuse cache-busted tabs for the same requested local URL'
+);
+assert.match(
+  browserSource,
+  /isLocalVerificationUrl[\s\S]*__agentforge_verify[\s\S]*closeStaleVerificationTabs[\s\S]*page\.close/i,
+  'AgentForge browser tool should close stale cache-busted localhost verification tabs'
+);
 assert.match(
   previewServerSource,
   /extname\(urlPath\)[\s\S]*writeHead\(404[\s\S]*no-store/i,
@@ -953,6 +999,16 @@ assert.doesNotMatch(
   /taskRequiresVisualVerification\s*&&\s*directIteration\s*<=\s*1\s*&&\s*explicitScopeForTask\.pageOnly/s,
   'comparable UI context gate should apply on retries, not only first iteration'
 );
+assert.match(
+  openClawSource,
+  /read-only project context, not as a target page/,
+  'read-only comparable page inspection should not be narrated as target-page work'
+);
+assert.match(
+  openClawSource,
+  /verifiedLocalUrl = isLocalUiUrl\(resultUrl \|\| url\)/,
+  'scoped auto-verification should count a clean inferred local target URL even when browser output formatting is imperfect'
+);
 assert.match(
   openClawSource,
   /const minRatio = isLargeText \? 3 : 4\.5;/,

package/src/OpenClawCLI.js

@@ -2761,6 +2761,8 @@ export class OpenClawCLI extends EventEmitter {
     const normalizeForNavigationCompare = (value) => stripAgentForgeCacheBust(normalize(value));
     const isLocalHttpUrl = (value) =>
       /^https?:\/\/(?:localhost|127\.0\.0\.1|0\.0\.0\.0|\[::1\])(?::\d+)?(?:\/|$)/i.test(String(value || ''));
+    const isLocalVerificationUrl = (value) =>
+      isLocalHttpUrl(value) && /[?&]__agentforge_verify=/.test(String(value || ''));
     const withVerificationCacheBust = (value) => {
       if (!value || !isLocalHttpUrl(value)) return value;
       try {
@@ -2790,9 +2792,35 @@ export class OpenClawCLI extends EventEmitter {
     const usablePages = !taskIsAboutAgentForge
       ? pages.filter(p => !isAgentForgeControlSurface(p.url))
       : pages;
+    const matchesEffectiveRequestedUrl = (target) =>
+      !!effectiveRequestedUrl && normalizeForNavigationCompare(target?.url || '') === normalizeForNavigationCompare(effectiveRequestedUrl);
+    const requestedPageMatches = effectiveRequestedUrl
+      ? pages.filter(matchesEffectiveRequestedUrl)
+      : [];
     let page = effectiveRequestedUrl
-      ? pages.find(p => normalize(p.url) === normalize(effectiveRequestedUrl))
+      ? requestedPageMatches.find(p => !isLocalVerificationUrl(p.url)) || requestedPageMatches[0] || null
       : usablePages.find(p => p.url && p.url !== 'about:blank') || null;
+    const closeDuplicateVerificationTargets = async (keepTarget) => {
+      if (!effectiveRequestedUrl || !keepTarget) return;
+      const staleTargets = requestedPageMatches.filter(target =>
+        target.id !== keepTarget.id &&
+        isLocalVerificationUrl(target.url) &&
+        normalizeForNavigationCompare(target.url) === normalizeForNavigationCompare(effectiveRequestedUrl)
+      );
+      if (staleTargets.length === 0) return;
+      let closed = 0;
+      await Promise.all(staleTargets.map(async (target) => {
+        try {
+          const closeResp = await fetch(`${cdpBase}/json/close/${encodeURIComponent(target.id)}`, {
+            signal: AbortSignal.timeout(3_000),
+          });
+          if (closeResp.ok) closed += 1;
+        } catch {}
+      }));
+      if (closed > 0) {
+        console.log(`   [${agentId}] 🧹 Closed ${closed} stale verification tab(s) for ${stripAgentForgeCacheBust(effectiveRequestedUrl)}`);
+      }
+    };
 
     const controlSurfaceUrl = effectiveRequestedUrl || page?.url || '';
     if (!taskIsAboutAgentForge && isAgentForgeControlSurface(controlSurfaceUrl)) {
@@ -2811,6 +2839,7 @@ export class OpenClawCLI extends EventEmitter {
       if (!newResp.ok) throw new Error(`CDP new page failed: HTTP ${newResp.status}`);
       page = await newResp.json();
     }
+    await closeDuplicateVerificationTargets(page);
 
     const ws = new WebSocket(page.webSocketDebuggerUrl);
     let seq = 0;
@@ -2892,7 +2921,14 @@ export class OpenClawCLI extends EventEmitter {
         }
         return lastState;
       };
-      if (effectiveRequestedUrl && normalizeForNavigationCompare(page.url) !== normalizeForNavigationCompare(effectiveRequestedUrl)) {
+      const currentPageMatchesRequest = effectiveRequestedUrl && normalizeForNavigationCompare(page.url) === normalizeForNavigationCompare(effectiveRequestedUrl);
+      const shouldNavigateForFreshVerification = !!(
+        effectiveRequestedUrl &&
+        options?.afterMutation &&
+        navigationRequestedUrl &&
+        navigationRequestedUrl !== effectiveRequestedUrl
+      );
+      if (effectiveRequestedUrl && (!currentPageMatchesRequest || shouldNavigateForFreshVerification)) {
         await cdp('Page.navigate', { url: navigationRequestedUrl || effectiveRequestedUrl });
         await waitForRequestedDocument(effectiveRequestedUrl);
       } else if (effectiveRequestedUrl) {
@@ -4629,8 +4665,10 @@ export class OpenClawCLI extends EventEmitter {
           recordDirectToolSummary('browser', result);
           continue;
         }
-        rememberLocalScopedUrl(browserResultUrl(result));
-        if (isLocalUiVerificationResult(result)) {
+        const resultUrl = browserResultUrl(result);
+        rememberLocalScopedUrl(resultUrl);
+        const verifiedLocalUrl = isLocalUiUrl(resultUrl || url);
+        if (isLocalUiVerificationResult(result) || verifiedLocalUrl) {
           recordCleanLocalVerification(result, [slug]);
           verifiedAny = true;
         }
@@ -4766,6 +4804,13 @@ export class OpenClawCLI extends EventEmitter {
         return `I am checking the live browser${url} to judge the actual product surface before deciding the next change.`;
       }
       if (name === 'read_file' || name === 'read') {
+        const scope = extractExplicitScope(task);
+        const targetText = String(targetPath || base || '').toLowerCase();
+        const looksLikePageSource = /\.(html?|css|s[ac]ss|jsx?|tsx?|vue|svelte|astro|mdx?)$/i.test(targetText);
+        const isNamedTarget = scope.slugs.length > 0 && scopeSlugsMatchingText(targetText, scope.slugs).length > 0;
+        if (base && looksLikePageSource && scope.slugs.length > 0 && !isNamedTarget) {
+          return `I am reading ${base} as read-only project context, not as a target page.`;
+        }
         return base
           ? `I am reading ${base} to work from the current implementation instead of guessing.`
           : `I am reading the current code before making the next change.`;
@@ -5097,6 +5142,10 @@ export class OpenClawCLI extends EventEmitter {
                     lastDirectVisualWarning = visualWarning;
                   } else if (!taskRequiresVisualVerification || isLocalUiVerificationResult(result)) {
                     recordCleanLocalVerification(result);
+                  } else {
+                    const verifiedUrl = resultUrl || args?.url || '';
+                    const verifiedSlugs = isLocalUiUrl(verifiedUrl) ? scopeSlugsInText(verifiedUrl) : [];
+                    if (verifiedSlugs.length > 0) recordCleanLocalVerification(result, verifiedSlugs);
                   }
                 }
               }

package/src/browser.js

@@ -25,6 +25,43 @@ async function getBrowser() {
   return _browser;
 }
 
+function stripLocalCacheBust(value) {
+  try {
+    const parsed = new URL(value);
+    parsed.searchParams.delete('__agentforge_verify');
+    return parsed.href.replace(/\/$/, '');
+  } catch {
+    return String(value || '').replace(/([?&])__agentforge_verify=[^&#]+&?/, '$1').replace(/[?&]$/, '').replace(/\/$/, '');
+  }
+}
+
+function sameBrowserTargetUrl(left, right) {
+  if (!left || !right) return false;
+  return stripLocalCacheBust(left) === stripLocalCacheBust(right);
+}
+
+function isLocalVerificationUrl(value) {
+  return isLocalHttpUrl(value) && /[?&]__agentforge_verify=/.test(String(value || ''));
+}
+
+async function closeStaleVerificationTabs(browser, keepPage, targetUrl) {
+  const expected = targetUrl ? stripLocalCacheBust(targetUrl) : '';
+  const pages = await browser.pages();
+  let closed = 0;
+  await Promise.all(pages.map(async (page) => {
+    if (!page || page.isClosed() || page === keepPage) return;
+    let url = '';
+    try { url = page.url(); } catch { return; }
+    if (!isLocalVerificationUrl(url)) return;
+    if (expected && stripLocalCacheBust(url) !== expected) return;
+    try {
+      await page.close();
+      closed += 1;
+    } catch {}
+  }));
+  if (closed > 0) console.log(`[browser.js] Closed ${closed} stale verification tab(s) for ${targetUrl || 'local browser'}`);
+}
+
 // Return the active page for this agent. Creates a fresh tab on first use.
 // preferUrl: hint — if the agent's tab already has a better match among all open
 // tabs (e.g. a link opened a new tab), update the agent's pointer to it.
@@ -37,7 +74,7 @@ async function getPage(agentId, preferUrl) {
     // If preferUrl given, check if any tab matches better (handles new-tab links)
     if (preferUrl) {
       const pages = await browser.pages();
-      const match = pages.find(p => !p.isClosed() && p.url().includes(preferUrl));
+      const match = pages.find(p => !p.isClosed() && sameBrowserTargetUrl(p.url(), preferUrl));
       if (match && match !== existing) {
         _agentPages.set(agentId, match);
         return match;
@@ -46,6 +83,15 @@ async function getPage(agentId, preferUrl) {
     return existing;
   }
 
+  if (preferUrl) {
+    const pages = await browser.pages();
+    const match = pages.find(p => !p.isClosed() && sameBrowserTargetUrl(p.url(), preferUrl));
+    if (match) {
+      _agentPages.set(agentId, match);
+      return match;
+    }
+  }
+
   // Agent has no page — open a fresh tab so it doesn't land on another agent's tab
   const fresh = await browser.newPage();
   _agentPages.set(agentId, fresh);
@@ -71,23 +117,14 @@ function withLocalCacheBust(value) {
 }
 
 async function waitForPageReady(page, expectedUrl) {
-  const stripCacheBust = (value) => {
-    try {
-      const parsed = new URL(value);
-      parsed.searchParams.delete('__agentforge_verify');
-      return parsed.href.replace(/\/$/, '');
-    } catch {
-      return String(value || '').replace(/([?&])__agentforge_verify=[^&#]+&?/, '$1').replace(/[?&]$/, '').replace(/\/$/, '');
-    }
-  };
-  const expected = expectedUrl ? stripCacheBust(expectedUrl) : '';
+  const expected = expectedUrl ? stripLocalCacheBust(expectedUrl) : '';
   for (let i = 0; i < 45; i++) {
     try {
       const state = await page.evaluate(() => ({
         href: location.href,
         readyState: document.readyState,
       }));
-      if ((!expected || stripCacheBust(state.href) === expected) && state.readyState !== 'loading') return;
+      if ((!expected || stripLocalCacheBust(state.href) === expected) && state.readyState !== 'loading') return;
     } catch {
       // Page contexts can disappear while navigation commits.
     }
@@ -200,7 +237,7 @@ async function _browserActionInner(input, agentId, browser) {
       case 'navigate':
       case 'open': {
         const url = input.url || input.targetUrl;
-        const page = await getPage(agentId);
+        const page = await getPage(agentId, url);
         await page.setCacheEnabled(false).catch(() => null);
         const navigationUrl = withLocalCacheBust(url);
         // Use Promise.race to enforce a hard 20s cap — page.goto timeout option can hang
@@ -215,6 +252,7 @@ async function _browserActionInner(input, agentId, browser) {
         _agentPages.set(agentId, page);
         // Brief pause for initial render, then snapshot
         await waitForPageReady(page, url);
+        await closeStaleVerificationTabs(browser, page, url);
         await _wait(400);
         return await _snapshot(page, agentId);
       }

package/src/selfUpdate.js

@@ -6,8 +6,8 @@
  * prevent infinite re-exec loops).
  */
 
-import { execSync, spawn } from 'child_process';
-import { mkdirSync } from 'fs';
+import { execFileSync, execSync, spawn } from 'child_process';
+import { mkdirSync, rmSync } from 'fs';
 import { homedir } from 'os';
 import path from 'path';
 
@@ -75,22 +75,58 @@ export async function checkAndUpdate(packageName, currentVersion) {
 
 function installGlobalPackage(pkg, { force = false } = {}) {
   const forceFlag = force ? ' --force' : '';
+  const preflightEnv = ensureWritableGlobalInstallEnv();
   try {
-    execSync(`npm install -g${forceFlag} ${pkg}`, { stdio: 'inherit' });
+    execSync(`npm install -g${forceFlag} ${pkg}`, { stdio: 'inherit', env: preflightEnv });
     return;
   } catch (error) {
     if (!looksLikePermissionFailure(error)) throw error;
   }
 
+  const env = configureUserOwnedNpmGlobalEnv();
+  execSync(`npm install -g${forceFlag} ${pkg}`, { stdio: 'inherit', env });
+}
+
+function npmConfigGet(args) {
+  try {
+    return execFileSync('npm', args, {
+      encoding: 'utf8',
+      stdio: ['ignore', 'pipe', 'ignore'],
+    }).trim();
+  } catch {
+    return '';
+  }
+}
+
+function canWriteNpmRoot(rootDir) {
+  if (!rootDir) return false;
+  const testDir = path.join(rootDir, `.agentforge-write-test-${process.pid}`);
+  try {
+    mkdirSync(testDir, { recursive: true });
+    rmSync(testDir, { recursive: true, force: true });
+    return true;
+  } catch {
+    try { rmSync(testDir, { recursive: true, force: true }); } catch {}
+    return false;
+  }
+}
+
+function ensureWritableGlobalInstallEnv() {
+  const root = npmConfigGet(['root', '-g']);
+  if (canWriteNpmRoot(root)) return process.env;
+  return configureUserOwnedNpmGlobalEnv();
+}
+
+function configureUserOwnedNpmGlobalEnv() {
   const prefix = path.join(homedir(), '.npm-global');
   mkdirSync(path.join(prefix, 'bin'), { recursive: true });
   mkdirSync(path.join(prefix, 'lib', 'node_modules'), { recursive: true });
-  execSync(`npm config set prefix "${prefix}"`, { stdio: 'inherit' });
+  execFileSync('npm', ['config', 'set', 'prefix', prefix], { stdio: ['ignore', 'ignore', 'inherit'] });
   const env = {
     ...process.env,
     PATH: `${path.join(prefix, 'bin')}${path.delimiter}${process.env.PATH || ''}`,
   };
-  execSync(`npm install -g${forceFlag} ${pkg}`, { stdio: 'inherit', env });
+  return env;
 }
 
 function looksLikePermissionFailure(error) {