@mclean-capital/neura 3.5.0 → 3.5.2

package/core/server.bundled.mjs

@@ -76114,7 +76114,7 @@ var taskToolDefs = [
   {
     type: "function",
     name: "create_task",
-    description: "Create a new task. Use when the user asks you to do something actionable (file operations, research, code changes, reminders). Orchestrator uses create_task to brief a worker BEFORE dispatching \u2014 pair with dispatch_worker when the user confirms. Include `goal` whenever possible (what success looks like).",
+    description: "Create a new task. Use when the user asks you to do something actionable (file operations, research, code changes, reminders). Orchestrator uses create_task to brief a worker BEFORE dispatching \u2014 pair with dispatch_worker when the user confirms. Include `goal` whenever possible (what success looks like). The returned `id` is an internal handle for subsequent tool calls \u2014 NEVER speak it aloud; refer to the task by its title when talking to the user.",
     parameters: {
       type: "object",
       properties: {
@@ -76264,7 +76264,7 @@ var taskToolDefs = [
   {
     type: "function",
     name: "dispatch_worker",
-    description: "Dispatch a worker to execute an existing task. The task must already have a clear goal + context \u2014 call create_task first, confirm with the user for non-trivial / destructive work, then dispatch. Returns a worker_id immediately; progress flows via comments on the task.",
+    description: "Dispatch a worker to execute an existing task. The task must already have a clear goal + context \u2014 call create_task first, confirm with the user for non-trivial / destructive work, then dispatch. Progress flows via comments on the task (see get_task). When confirming to the user, speak naturally about the task ('Dispatching the worker now') \u2014 do NOT quote task IDs or worker IDs aloud, the TTS reads UUIDs letter by letter and it's jarring.",
     parameters: {
       type: "object",
       properties: {
@@ -76335,7 +76335,16 @@ async function handleTaskTool(name, args, ctx) {
         const query = args.query;
         const task = await ctx.taskTools.getTask(query);
         if (!task) return { result: { found: false } };
-        return { result: { found: true, task } };
+        let comments = [];
+        try {
+          comments = await ctx.taskTools.listTaskComments(task.id, { limit: 50 });
+        } catch (err) {
+          log15.warn("failed to load task comments for get_task", {
+            taskId: task.id,
+            err: String(err)
+          });
+        }
+        return { result: { found: true, task, comments } };
       }
       case "update_task": {
         if (!ctx.taskTools) return { error: "Task system not available" };
@@ -76396,8 +76405,7 @@ async function handleTaskTool(name, args, ctx) {
         return {
           result: {
             dispatched: true,
-            workerId: outcome.workerId,
-            message: `Worker ${outcome.workerId} dispatched. You'll hear progress updates as it works.`
+            message: `Worker dispatched. You'll hear progress updates as it works.`
           }
         };
       }
@@ -77355,6 +77363,77 @@ async function sweepCrashedWorkers(db, fileExists) {
 // src/workers/agent-worker.ts
 init_work_item_queries();
 
+// src/stores/task-comment-queries.ts
+init_mappers();
+import crypto4 from "crypto";
+var TASK_COMMENT_CONTENT_MAX_BYTES = 32 * 1024;
+async function insertComment(db, opts) {
+  if (Buffer.byteLength(opts.content, "utf8") > TASK_COMMENT_CONTENT_MAX_BYTES) {
+    throw new Error(
+      `task comment content exceeds ${TASK_COMMENT_CONTENT_MAX_BYTES} bytes; write to disk and pass attachment_path with a summary in content`
+    );
+  }
+  const id = crypto4.randomUUID();
+  const result = await db.query(
+    `INSERT INTO task_comments (
+       id, task_id, type, author, content, attachment_path, urgency, metadata
+     )
+     VALUES ($1, $2, $3, $4, $5, $6, $7, $8)
+     RETURNING *`,
+    [
+      id,
+      opts.taskId,
+      opts.type,
+      opts.author,
+      opts.content,
+      opts.attachmentPath ?? null,
+      opts.urgency ?? null,
+      opts.metadata ? JSON.stringify(opts.metadata) : null
+    ]
+  );
+  return mapTaskComment(result.rows[0]);
+}
+async function listComments(db, opts) {
+  const limit2 = opts.limit ?? 500;
+  const filters = ["task_id = $1"];
+  const values = [opts.taskId];
+  let idx = 2;
+  if (opts.type !== void 0) {
+    const types3 = Array.isArray(opts.type) ? opts.type : [opts.type];
+    const placeholders = types3.map(() => `$${idx++}`).join(", ");
+    filters.push(`type IN (${placeholders})`);
+    values.push(...types3);
+  }
+  if (opts.since) {
+    filters.push(`created_at > $${idx++}`);
+    values.push(opts.since);
+  }
+  const result = await db.query(
+    `SELECT * FROM task_comments
+     WHERE ${filters.join(" AND ")}
+     ORDER BY created_at ASC
+     LIMIT $${idx}`,
+    [...values, limit2]
+  );
+  return result.rows.map((r2) => mapTaskComment(r2));
+}
+async function countOpenRequests(db, taskId) {
+  const result = await db.query(
+    `SELECT COUNT(*)::TEXT as count FROM task_comments
+     WHERE task_id = $1
+       AND type IN ('clarification_request', 'approval_request')
+       AND id NOT IN (
+         -- requests with a matching response comment are considered resolved
+         SELECT (metadata->>'resolves_comment_id')::text FROM task_comments
+         WHERE task_id = $1
+           AND type IN ('clarification_response', 'approval_response')
+           AND metadata ? 'resolves_comment_id'
+       )`,
+    [taskId]
+  );
+  return Number(result.rows[0]?.count ?? 0);
+}
+
 // src/workers/worktree-manager.ts
 import { execFileSync } from "node:child_process";
 import {
@@ -77590,7 +77669,15 @@ var CANONICAL_WORKER_SYSTEM_PROMPT = `You are a Neura worker \u2014 a capable en
 
 Your posture: be decisive. You have full tool access \u2014 Read, Write, Edit, Bash \u2014 scoped to an isolated worktree directory (your cwd). Make progress. Don't ask the user to double-check obvious things. Don't propose a plan and wait for approval when the path is clear.
 
+Your cwd is an isolated sandbox under \`~/.neura/worktrees/<workerId>/\`. It is NOT the user's home directory, desktop, or documents folder. Files you create land in the sandbox, not in user-visible locations. A task whose goal requires writing to the user's Desktop, Documents, or any absolute path outside your cwd cannot be satisfied by writing inside cwd \u2014 that would silently put the file in the wrong place. In that case:
+
+1. If the outside path is essential to the task, call \`request_approval\` with a rationale ("task goal requires writing to ~/Desktop, which is outside my sandbox \u2014 authorize access?") and wait. If denied, call \`fail_task\` with \`reason_code: 'impossible'\`.
+2. If you can satisfy the goal inside cwd without writing to the user-visible path, do that and make it clear in your \`complete_task\` summary where the file actually lives.
+
+Do NOT pretend success when you wrote to the wrong place. Silent "it completed" with no file where the user expects it is the worst outcome.
+
 Reversibility rule: before any destructive or hard-to-reverse action **outside** your worktree, call \`request_approval\` and wait for the user's answer. Examples that require approval:
+- Writing to the user's home directory, Desktop, Documents, or any absolute path outside cwd
 - Deleting files the user owns
 - Force-pushing branches, rewriting git history
 - Sending email, SMS, or other external messages
@@ -78030,6 +78117,31 @@ var AgentWorker = class {
           });
         }
       }
+      if ((status === "failed" || status === "crashed") && result.error) {
+        try {
+          const { reason, detail } = result.error;
+          const MAX_DETAIL_BYTES = 3e4;
+          const safeDetail = detail ? detail.slice(0, MAX_DETAIL_BYTES) : "";
+          const content = safeDetail ? `${reason}: ${safeDetail}` : reason;
+          await insertComment(this.db, {
+            taskId,
+            type: "error",
+            author: "system",
+            content,
+            metadata: {
+              workerId,
+              workerStatus: status,
+              reason
+            }
+          });
+        } catch (err) {
+          log23.warn("failed to persist error comment on task", {
+            workerId,
+            taskId,
+            err: String(err)
+          });
+        }
+      }
     }
     try {
       if (status === "completed" || status === "cancelled") {
@@ -78195,53 +78307,6 @@ function buildClarificationTool(workerId, bridge) {
   return tool;
 }
 
-// src/stores/task-comment-queries.ts
-init_mappers();
-import crypto4 from "crypto";
-var TASK_COMMENT_CONTENT_MAX_BYTES = 32 * 1024;
-async function insertComment(db, opts) {
-  if (Buffer.byteLength(opts.content, "utf8") > TASK_COMMENT_CONTENT_MAX_BYTES) {
-    throw new Error(
-      `task comment content exceeds ${TASK_COMMENT_CONTENT_MAX_BYTES} bytes; write to disk and pass attachment_path with a summary in content`
-    );
-  }
-  const id = crypto4.randomUUID();
-  const result = await db.query(
-    `INSERT INTO task_comments (
-       id, task_id, type, author, content, attachment_path, urgency, metadata
-     )
-     VALUES ($1, $2, $3, $4, $5, $6, $7, $8)
-     RETURNING *`,
-    [
-      id,
-      opts.taskId,
-      opts.type,
-      opts.author,
-      opts.content,
-      opts.attachmentPath ?? null,
-      opts.urgency ?? null,
-      opts.metadata ? JSON.stringify(opts.metadata) : null
-    ]
-  );
-  return mapTaskComment(result.rows[0]);
-}
-async function countOpenRequests(db, taskId) {
-  const result = await db.query(
-    `SELECT COUNT(*)::TEXT as count FROM task_comments
-     WHERE task_id = $1
-       AND type IN ('clarification_request', 'approval_request')
-       AND id NOT IN (
-         -- requests with a matching response comment are considered resolved
-         SELECT (metadata->>'resolves_comment_id')::text FROM task_comments
-         WHERE task_id = $1
-           AND type IN ('clarification_response', 'approval_response')
-           AND metadata ? 'resolves_comment_id'
-       )`,
-    [taskId]
-  );
-  return Number(result.rows[0]?.count ?? 0);
-}
-
 // src/tools/task-update-handler.ts
 init_work_item_queries();
 var TERMINAL_STATUSES = /* @__PURE__ */ new Set(["done", "cancelled", "failed"]);
@@ -78672,6 +78737,21 @@ Reason: ${params.rationale}` : params.action;
   return tools;
 }
 
+// src/server/lifecycle.ts
+import { AuthStorage } from "@mariozechner/pi-coding-agent";
+
+// src/workers/auth-bridge.ts
+function seedAuthStorageFromConfig(authStorage, providers) {
+  let count = 0;
+  for (const [providerId, creds] of Object.entries(providers)) {
+    if (creds?.apiKey) {
+      authStorage.setRuntimeApiKey(providerId, creds.apiKey);
+      count++;
+    }
+  }
+  return count;
+}
+
 // src/tools/vision-tools.ts
 var visionToolDefs = [
   {
@@ -79266,6 +79346,9 @@ async function initServices() {
             return candidates.slice(0, limit2);
           },
           getTask: (idOrTitle) => store.getWorkItem(idOrTitle),
+          listTaskComments: async (taskId, options) => {
+            return listComments(rawDb, { taskId, limit: options?.limit });
+          },
           updateTask: async (idOrTitle, payload) => {
             const current = await store.getWorkItem(idOrTitle);
             if (!current) return null;
@@ -79332,6 +79415,9 @@ async function initServices() {
           `${wProvider}/${wModel} model not registered in pi-ai. Check config.routing.worker or verify pi-ai supports this provider.`
         );
       }
+      const authStorage = AuthStorage.create(join4(agentDir, "auth.json"));
+      const seededProviders = seedAuthStorageFromConfig(authStorage, config2.providers);
+      log29.info("seeded pi auth storage from config", { count: seededProviders });
       const piRuntime = new PiRuntime({
         model,
         thinkingLevel: "low",
@@ -79340,7 +79426,8 @@ async function initServices() {
         sessionDir,
         buildTools,
         voiceFanoutBridge,
-        skillRegistry
+        skillRegistry,
+        authStorage
       });
       agentWorker = new AgentWorker({ db: rawDb, runtime: piRuntime });
       await agentWorker.recoverFromCrash();
@@ -98971,6 +99058,11 @@ function attachWebSocket(httpServer2, services2) {
         return candidates.slice(0, limit2);
       },
       getTask: (idOrTitle) => resolveTask(store, idOrTitle),
+      listTaskComments: async (taskId, options) => {
+        const db = store.getRawDb?.();
+        if (!db) throw new Error("store does not expose a raw PGlite handle");
+        return listComments(db, { taskId, limit: options?.limit });
+      },
       updateTask: async (idOrTitle, payload) => {
         const current = await resolveTask(store, idOrTitle);
         if (!current) return null;