@kynver-app/runtime 0.1.56 → 0.1.60
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/callbacks.d.ts +17 -0
- package/dist/cleanup-guards-helpers.d.ts +2 -0
- package/dist/cleanup-guards.d.ts +15 -4
- package/dist/cleanup-orphan-safety.d.ts +17 -0
- package/dist/cleanup-types.d.ts +28 -1
- package/dist/cli.js +712 -183
- package/dist/cli.js.map +4 -4
- package/dist/config.d.ts +5 -0
- package/dist/db-credential-resolver.d.ts +37 -0
- package/dist/db-url-hint.d.ts +4 -0
- package/dist/discard-disposable.d.ts +6 -0
- package/dist/disk-gate.d.ts +5 -0
- package/dist/dispatch.d.ts +2 -1
- package/dist/disposable-artifacts.d.ts +2 -0
- package/dist/doctor/runtime-takeover-scheduler.d.ts +5 -0
- package/dist/doctor/runtime-takeover.probes.d.ts +2 -0
- package/dist/harness-storage-snapshot.d.ts +26 -0
- package/dist/index.d.ts +8 -1
- package/dist/index.js +1299 -588
- package/dist/index.js.map +4 -4
- package/dist/material-worktree-changes.d.ts +2 -0
- package/dist/paths.d.ts +1 -0
- package/dist/status.d.ts +13 -0
- package/dist/supervisor.d.ts +2 -1
- package/dist/worker-env.d.ts +1 -1
- package/dist/worktree-completion-handoff.d.ts +17 -0
- package/dist/wsl-host.d.ts +71 -0
- package/package.json +1 -1
package/dist/paths.d.ts
CHANGED
package/dist/status.d.ts
CHANGED
|
@@ -28,6 +28,14 @@ export interface PersonaContextEvidenceSnapshot {
|
|
|
28
28
|
injectedAt?: string;
|
|
29
29
|
markdownChars?: number;
|
|
30
30
|
}
|
|
31
|
+
/** Dispatch-time retrieval probe replayed on harness completion. */
|
|
32
|
+
export interface HarnessMemoryQualityCaptureSnapshot {
|
|
33
|
+
memoryQuery: string;
|
|
34
|
+
hitCount: number;
|
|
35
|
+
miss: boolean;
|
|
36
|
+
capturedAt: string;
|
|
37
|
+
retrievalEvidence?: Record<string, unknown> | null;
|
|
38
|
+
}
|
|
31
39
|
export interface HarnessWorkerRecord {
|
|
32
40
|
name: string;
|
|
33
41
|
runId: string;
|
|
@@ -47,6 +55,7 @@ export interface HarnessWorkerRecord {
|
|
|
47
55
|
/** Lane A policy fingerprint when dispatch injected operating rules. */
|
|
48
56
|
instructionPolicyFingerprint?: string;
|
|
49
57
|
instructionPolicyEvidence?: InstructionPolicyEvidenceSnapshot;
|
|
58
|
+
memoryQualityCapture?: HarnessMemoryQualityCaptureSnapshot;
|
|
50
59
|
personaSlug?: string;
|
|
51
60
|
personaEvidence?: PersonaContextEvidenceSnapshot;
|
|
52
61
|
leaseOwner?: string;
|
|
@@ -96,6 +105,8 @@ export interface HarnessWorkerRecord {
|
|
|
96
105
|
/** Sidecar PID when detached; used for observability only. */
|
|
97
106
|
completionSidecarPid?: number;
|
|
98
107
|
completionSidecarSpawnFailedAt?: string;
|
|
108
|
+
/** One-off helper paths removed before completion (`kynver worker discard-disposable`). */
|
|
109
|
+
disposableArtifactsRemoved?: string[];
|
|
99
110
|
}
|
|
100
111
|
export interface RawHarnessWorkerStatus {
|
|
101
112
|
runId: string;
|
|
@@ -132,6 +143,8 @@ export interface RawHarnessWorkerStatus {
|
|
|
132
143
|
/** Set by PR-ready handoff before completion is posted. */
|
|
133
144
|
prUrl?: string;
|
|
134
145
|
headCommit?: string;
|
|
146
|
+
/** Paths removed via `kynver worker discard-disposable` before completion POST. */
|
|
147
|
+
disposableArtifactsRemoved?: string[];
|
|
135
148
|
}
|
|
136
149
|
export interface WorkerStatusOptions {
|
|
137
150
|
/** Branch ref for ancestry when baseCommit is not set. */
|
package/dist/supervisor.d.ts
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import type { HarnessRunRecord } from "./run-store.js";
|
|
2
|
-
import type { HarnessWorkerRecord, InstructionPolicyEvidenceSnapshot, PersonaContextEvidenceSnapshot } from "./status.js";
|
|
2
|
+
import type { HarnessMemoryQualityCaptureSnapshot, HarnessWorkerRecord, InstructionPolicyEvidenceSnapshot, PersonaContextEvidenceSnapshot } from "./status.js";
|
|
3
3
|
export interface SpawnWorkerOptions {
|
|
4
4
|
name: string;
|
|
5
5
|
task: string;
|
|
@@ -12,6 +12,7 @@ export interface SpawnWorkerOptions {
|
|
|
12
12
|
instructionPolicyMarkdown?: string | null;
|
|
13
13
|
instructionPolicyFingerprint?: string | null;
|
|
14
14
|
instructionPolicyEvidence?: InstructionPolicyEvidenceSnapshot | null;
|
|
15
|
+
memoryQualityCapture?: HarnessMemoryQualityCaptureSnapshot | null;
|
|
15
16
|
personaMarkdown?: string | null;
|
|
16
17
|
personaSlug?: string | null;
|
|
17
18
|
personaEvidence?: PersonaContextEvidenceSnapshot | null;
|
package/dist/worker-env.d.ts
CHANGED
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
* Worker spawn env scrub — harness workers must not inherit host deployment secrets.
|
|
3
3
|
*/
|
|
4
4
|
/** Exact env keys that must never reach a worker child process. */
|
|
5
|
-
export declare const FORBIDDEN_WORKER_ENV_KEYS: readonly ["ANTHROPIC_API_KEY", "ANALYST_API_KEY", "RECRUITER_API_KEY", "AUTH_SECRET", "NEXTAUTH_SECRET", "DATABASE_URL", "PRODUCTION_DATABASE_URL", "REDIS_URL", "GOOGLE_CLIENT_SECRET", "GITHUB_CLIENT_SECRET", "KYNVER_API_KEY", "KYNVER_SERVICE_SECRET", "KYNVER_RUNTIME_SECRET", "OPENCLAW_CRON_SECRET", "QSTASH_TOKEN", "QSTASH_CURRENT_SIGNING_KEY", "QSTASH_NEXT_SIGNING_KEY", "TOOL_SECRETS_KEK", "TOOL_EXECUTOR_DISPATCH_SECRET", "CLOUDFLARE_API_TOKEN", "STRIPE_SECRET_KEY", "STRIPE_WEBHOOK_SECRET", "STRIPE_IDENTITY_WEBHOOK_SECRET", "VOYAGE_API_KEY", "PERPLEXITY_API_KEY", "FRED_API_KEY", "FMP_API_KEY", "CURSOR_API_KEY"];
|
|
5
|
+
export declare const FORBIDDEN_WORKER_ENV_KEYS: readonly ["ANTHROPIC_API_KEY", "ANALYST_API_KEY", "RECRUITER_API_KEY", "AUTH_SECRET", "NEXTAUTH_SECRET", "DATABASE_URL", "PRODUCTION_DATABASE_URL", "KYNVER_PRODUCTION_DATABASE_URL", "REDIS_URL", "GOOGLE_CLIENT_SECRET", "GITHUB_CLIENT_SECRET", "KYNVER_API_KEY", "KYNVER_SERVICE_SECRET", "KYNVER_RUNTIME_SECRET", "KYNVER_CRON_SECRET", "OPENCLAW_CRON_SECRET", "QSTASH_TOKEN", "QSTASH_CURRENT_SIGNING_KEY", "QSTASH_NEXT_SIGNING_KEY", "TOOL_SECRETS_KEK", "TOOL_EXECUTOR_DISPATCH_SECRET", "CLOUDFLARE_API_TOKEN", "STRIPE_SECRET_KEY", "STRIPE_WEBHOOK_SECRET", "STRIPE_IDENTITY_WEBHOOK_SECRET", "VOYAGE_API_KEY", "PERPLEXITY_API_KEY", "FRED_API_KEY", "FMP_API_KEY", "CURSOR_API_KEY"];
|
|
6
6
|
export declare function isForbiddenWorkerEnvKey(key: string): boolean;
|
|
7
7
|
export declare function listForbiddenWorkerEnvKeys(env: NodeJS.ProcessEnv): string[];
|
|
8
8
|
export declare function scrubWorkerEnv(env: NodeJS.ProcessEnv): NodeJS.ProcessEnv;
|
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
export type WorktreeCompletionHandoffState = "clean" | "pr_handoff" | "commit_handoff" | "dirty_worktree" | "dirty_worktree_no_pr";
|
|
2
|
+
export interface WorktreeCompletionHandoffInput {
|
|
3
|
+
changedFiles?: unknown;
|
|
4
|
+
finalResult?: unknown;
|
|
5
|
+
prUrl?: string | null;
|
|
6
|
+
headCommit?: string | null;
|
|
7
|
+
artifactBundlePath?: string | null;
|
|
8
|
+
patchPath?: string | null;
|
|
9
|
+
disposableArtifactsRemoved?: string[] | null;
|
|
10
|
+
}
|
|
11
|
+
export interface WorktreeCompletionHandoffVerdict {
|
|
12
|
+
allowed: boolean;
|
|
13
|
+
state: WorktreeCompletionHandoffState;
|
|
14
|
+
materialDirtyCount: number;
|
|
15
|
+
detail?: string;
|
|
16
|
+
}
|
|
17
|
+
export declare function assessWorktreeCompletionHandoff(input: WorktreeCompletionHandoffInput): WorktreeCompletionHandoffVerdict;
|
|
@@ -0,0 +1,71 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* WSL host disk probe.
|
|
3
|
+
*
|
|
4
|
+
* Under WSL, the runtime VHDX (mounted at `/`) grows dynamically into the
|
|
5
|
+
* Windows host C: drive. When Windows C: fills up, the VHDX cannot expand:
|
|
6
|
+
* writes return SIGBUS, workers exit 135, and the Vmmem VM degrades while
|
|
7
|
+
* the Linux-side `statfs /` still reports plenty of free space inside the
|
|
8
|
+
* VHDX. This module gives the harness a cheap signal for that pressure so
|
|
9
|
+
* it can block dispatch *before* a large npm install/build pushes Windows
|
|
10
|
+
* C: into the ground.
|
|
11
|
+
*/
|
|
12
|
+
/** Default warn threshold for the Windows host disk (25 GiB free). */
|
|
13
|
+
export declare const DEFAULT_WSL_HOST_WARN_FREE_BYTES: number;
|
|
14
|
+
/** Default critical threshold for the Windows host disk (12 GiB free). Below
|
|
15
|
+
* this, large rebuilds have been observed to trigger SIGBUS / exit 135 on
|
|
16
|
+
* WSL when the VHDX cannot grow further. */
|
|
17
|
+
export declare const DEFAULT_WSL_HOST_CRITICAL_FREE_BYTES: number;
|
|
18
|
+
/** Default Windows host mount point under WSL. Overridable via env or option. */
|
|
19
|
+
export declare const DEFAULT_WSL_HOST_MOUNT = "/mnt/c";
|
|
20
|
+
export interface WslHostDiskShape {
|
|
21
|
+
ok: boolean;
|
|
22
|
+
/** Mount point that was probed. */
|
|
23
|
+
path: string;
|
|
24
|
+
freeBytes: number;
|
|
25
|
+
totalBytes: number;
|
|
26
|
+
usedPercent: number;
|
|
27
|
+
warnBelowBytes: number;
|
|
28
|
+
criticalBelowBytes: number;
|
|
29
|
+
/** Human-readable explanation when the host disk is under pressure. */
|
|
30
|
+
reason: string | null;
|
|
31
|
+
/** True when the probe itself failed (mount missing, statfs error). */
|
|
32
|
+
probeError: string | null;
|
|
33
|
+
}
|
|
34
|
+
/**
|
|
35
|
+
* Cheap WSL detection. Reads `/proc/sys/kernel/osrelease` (kernel string
|
|
36
|
+
* contains "microsoft" / "WSL2" on Microsoft's WSL kernel) and falls back
|
|
37
|
+
* to `/proc/version`. Both reads are one-shot and gated by `existsSync`,
|
|
38
|
+
* so non-Linux hosts return false without throwing.
|
|
39
|
+
*/
|
|
40
|
+
export declare function isWslHost(): boolean;
|
|
41
|
+
export interface ObserveWslHostDiskOptions {
|
|
42
|
+
/** Override the Windows host mount path (e.g. `/mnt/d`). Falls back to
|
|
43
|
+
* `KYNVER_WSL_HOST_MOUNT` env, then `/mnt/c`. */
|
|
44
|
+
wslHostMount?: string;
|
|
45
|
+
wslHostFreeWarnBytes?: number;
|
|
46
|
+
wslHostFreeCriticalBytes?: number;
|
|
47
|
+
/** Override WSL detection for tests / cross-platform CI:
|
|
48
|
+
* `true` → treat host as WSL; `false` → treat host as non-WSL;
|
|
49
|
+
* `undefined` → autodetect via `isWslHost()`. */
|
|
50
|
+
forceWsl?: boolean;
|
|
51
|
+
/** Test seam — swap in a fake statfs. */
|
|
52
|
+
statfs?: (path: string) => {
|
|
53
|
+
bavail: bigint | number;
|
|
54
|
+
blocks: bigint | number;
|
|
55
|
+
bsize: bigint | number;
|
|
56
|
+
};
|
|
57
|
+
}
|
|
58
|
+
/**
|
|
59
|
+
* Probe the Windows host disk under WSL. Returns `null` when this host is
|
|
60
|
+
* not WSL (so callers can treat the field as optional in the gate output).
|
|
61
|
+
* When WSL but the mount is unreachable, returns a `probeError` row with
|
|
62
|
+
* `ok = false` rather than throwing — the gate must still block dispatch
|
|
63
|
+
* because we can't prove the host disk is healthy.
|
|
64
|
+
*/
|
|
65
|
+
export declare function observeWslHostDisk(options?: ObserveWslHostDiskOptions): WslHostDiskShape | null;
|
|
66
|
+
/**
|
|
67
|
+
* Short operator recovery hint embedded in gate reasons so AgentOS evidence
|
|
68
|
+
* surfaces actionable steps without a doc lookup. Keep terse — full runbook
|
|
69
|
+
* lives at `docs/runbooks/wsl-disk-pressure.md`.
|
|
70
|
+
*/
|
|
71
|
+
export declare function summarizeWslRecoverySteps(): string;
|