@mclean-capital/neura 3.5.0 → 3.5.1

package/core/server.bundled.mjs

@@ -76397,7 +76397,7 @@ async function handleTaskTool(name, args, ctx) {
           result: {
             dispatched: true,
             workerId: outcome.workerId,
-            message: `Worker ${outcome.workerId} dispatched. You'll hear progress updates as it works.`
+            message: `Worker dispatched. You'll hear progress updates as it works.`
           }
         };
       }
@@ -77355,6 +77355,53 @@ async function sweepCrashedWorkers(db, fileExists) {
 // src/workers/agent-worker.ts
 init_work_item_queries();
 
+// src/stores/task-comment-queries.ts
+init_mappers();
+import crypto4 from "crypto";
+var TASK_COMMENT_CONTENT_MAX_BYTES = 32 * 1024;
+async function insertComment(db, opts) {
+  if (Buffer.byteLength(opts.content, "utf8") > TASK_COMMENT_CONTENT_MAX_BYTES) {
+    throw new Error(
+      `task comment content exceeds ${TASK_COMMENT_CONTENT_MAX_BYTES} bytes; write to disk and pass attachment_path with a summary in content`
+    );
+  }
+  const id = crypto4.randomUUID();
+  const result = await db.query(
+    `INSERT INTO task_comments (
+       id, task_id, type, author, content, attachment_path, urgency, metadata
+     )
+     VALUES ($1, $2, $3, $4, $5, $6, $7, $8)
+     RETURNING *`,
+    [
+      id,
+      opts.taskId,
+      opts.type,
+      opts.author,
+      opts.content,
+      opts.attachmentPath ?? null,
+      opts.urgency ?? null,
+      opts.metadata ? JSON.stringify(opts.metadata) : null
+    ]
+  );
+  return mapTaskComment(result.rows[0]);
+}
+async function countOpenRequests(db, taskId) {
+  const result = await db.query(
+    `SELECT COUNT(*)::TEXT as count FROM task_comments
+     WHERE task_id = $1
+       AND type IN ('clarification_request', 'approval_request')
+       AND id NOT IN (
+         -- requests with a matching response comment are considered resolved
+         SELECT (metadata->>'resolves_comment_id')::text FROM task_comments
+         WHERE task_id = $1
+           AND type IN ('clarification_response', 'approval_response')
+           AND metadata ? 'resolves_comment_id'
+       )`,
+    [taskId]
+  );
+  return Number(result.rows[0]?.count ?? 0);
+}
+
 // src/workers/worktree-manager.ts
 import { execFileSync } from "node:child_process";
 import {
@@ -77590,7 +77637,15 @@ var CANONICAL_WORKER_SYSTEM_PROMPT = `You are a Neura worker \u2014 a capable en
 
 Your posture: be decisive. You have full tool access \u2014 Read, Write, Edit, Bash \u2014 scoped to an isolated worktree directory (your cwd). Make progress. Don't ask the user to double-check obvious things. Don't propose a plan and wait for approval when the path is clear.
 
+Your cwd is an isolated sandbox under \`~/.neura/worktrees/<workerId>/\`. It is NOT the user's home directory, desktop, or documents folder. Files you create land in the sandbox, not in user-visible locations. A task whose goal requires writing to the user's Desktop, Documents, or any absolute path outside your cwd cannot be satisfied by writing inside cwd \u2014 that would silently put the file in the wrong place. In that case:
+
+1. If the outside path is essential to the task, call \`request_approval\` with a rationale ("task goal requires writing to ~/Desktop, which is outside my sandbox \u2014 authorize access?") and wait. If denied, call \`fail_task\` with \`reason_code: 'impossible'\`.
+2. If you can satisfy the goal inside cwd without writing to the user-visible path, do that and make it clear in your \`complete_task\` summary where the file actually lives.
+
+Do NOT pretend success when you wrote to the wrong place. Silent "it completed" with no file where the user expects it is the worst outcome.
+
 Reversibility rule: before any destructive or hard-to-reverse action **outside** your worktree, call \`request_approval\` and wait for the user's answer. Examples that require approval:
+- Writing to the user's home directory, Desktop, Documents, or any absolute path outside cwd
 - Deleting files the user owns
 - Force-pushing branches, rewriting git history
 - Sending email, SMS, or other external messages
@@ -78030,6 +78085,31 @@ var AgentWorker = class {
           });
         }
       }
+      if ((status === "failed" || status === "crashed") && result.error) {
+        try {
+          const { reason, detail } = result.error;
+          const MAX_DETAIL_BYTES = 3e4;
+          const safeDetail = detail ? detail.slice(0, MAX_DETAIL_BYTES) : "";
+          const content = safeDetail ? `${reason}: ${safeDetail}` : reason;
+          await insertComment(this.db, {
+            taskId,
+            type: "error",
+            author: "system",
+            content,
+            metadata: {
+              workerId,
+              workerStatus: status,
+              reason
+            }
+          });
+        } catch (err) {
+          log23.warn("failed to persist error comment on task", {
+            workerId,
+            taskId,
+            err: String(err)
+          });
+        }
+      }
     }
     try {
       if (status === "completed" || status === "cancelled") {
@@ -78195,53 +78275,6 @@ function buildClarificationTool(workerId, bridge) {
   return tool;
 }
 
-// src/stores/task-comment-queries.ts
-init_mappers();
-import crypto4 from "crypto";
-var TASK_COMMENT_CONTENT_MAX_BYTES = 32 * 1024;
-async function insertComment(db, opts) {
-  if (Buffer.byteLength(opts.content, "utf8") > TASK_COMMENT_CONTENT_MAX_BYTES) {
-    throw new Error(
-      `task comment content exceeds ${TASK_COMMENT_CONTENT_MAX_BYTES} bytes; write to disk and pass attachment_path with a summary in content`
-    );
-  }
-  const id = crypto4.randomUUID();
-  const result = await db.query(
-    `INSERT INTO task_comments (
-       id, task_id, type, author, content, attachment_path, urgency, metadata
-     )
-     VALUES ($1, $2, $3, $4, $5, $6, $7, $8)
-     RETURNING *`,
-    [
-      id,
-      opts.taskId,
-      opts.type,
-      opts.author,
-      opts.content,
-      opts.attachmentPath ?? null,
-      opts.urgency ?? null,
-      opts.metadata ? JSON.stringify(opts.metadata) : null
-    ]
-  );
-  return mapTaskComment(result.rows[0]);
-}
-async function countOpenRequests(db, taskId) {
-  const result = await db.query(
-    `SELECT COUNT(*)::TEXT as count FROM task_comments
-     WHERE task_id = $1
-       AND type IN ('clarification_request', 'approval_request')
-       AND id NOT IN (
-         -- requests with a matching response comment are considered resolved
-         SELECT (metadata->>'resolves_comment_id')::text FROM task_comments
-         WHERE task_id = $1
-           AND type IN ('clarification_response', 'approval_response')
-           AND metadata ? 'resolves_comment_id'
-       )`,
-    [taskId]
-  );
-  return Number(result.rows[0]?.count ?? 0);
-}
-
 // src/tools/task-update-handler.ts
 init_work_item_queries();
 var TERMINAL_STATUSES = /* @__PURE__ */ new Set(["done", "cancelled", "failed"]);
@@ -78672,6 +78705,21 @@ Reason: ${params.rationale}` : params.action;
   return tools;
 }
 
+// src/server/lifecycle.ts
+import { AuthStorage } from "@mariozechner/pi-coding-agent";
+
+// src/workers/auth-bridge.ts
+function seedAuthStorageFromConfig(authStorage, providers) {
+  let count = 0;
+  for (const [providerId, creds] of Object.entries(providers)) {
+    if (creds?.apiKey) {
+      authStorage.setRuntimeApiKey(providerId, creds.apiKey);
+      count++;
+    }
+  }
+  return count;
+}
+
 // src/tools/vision-tools.ts
 var visionToolDefs = [
   {
@@ -79332,6 +79380,9 @@ async function initServices() {
           `${wProvider}/${wModel} model not registered in pi-ai. Check config.routing.worker or verify pi-ai supports this provider.`
         );
       }
+      const authStorage = AuthStorage.create(join4(agentDir, "auth.json"));
+      const seededProviders = seedAuthStorageFromConfig(authStorage, config2.providers);
+      log29.info("seeded pi auth storage from config", { count: seededProviders });
       const piRuntime = new PiRuntime({
         model,
         thinkingLevel: "low",
@@ -79340,7 +79391,8 @@ async function initServices() {
         sessionDir,
         buildTools,
         voiceFanoutBridge,
-        skillRegistry
+        skillRegistry,
+        authStorage
       });
       agentWorker = new AgentWorker({ db: rawDb, runtime: piRuntime });
       await agentWorker.recoverFromCrash();