@pleri/olam-cli 0.1.166 → 0.1.168

package/hermes-bundle/version.json

@@ -1,4 +1,4 @@
 {
-  "bundledAt": "2026-05-22T11:04:18.339Z",
+  "bundledAt": "2026-05-23T09:39:55.721Z",
   "kgFirstSha": "29a9ccce1b115d049e375c4a90eb5cf7c123e610e2d0590270a4db2cdbc64a28"
 }

package/host-cp/k8s/manifests/50-deployment.yaml

@@ -111,7 +111,7 @@ spec:
         # k3d), started by `olam upgrade` Step 0.7 — not inside this Pod.
       containers:
         - name: olam-host-cp
-          image: ghcr.io/pleri/olam-host-cp@sha256:7a49b44546d9b69c5a7448613130a43319e90e06a2999d688101657d7d851dda
+          image: ghcr.io/pleri/olam-host-cp@sha256:766e07263fcf7e765c3689a7b8d40c47754b4ab90c697710843265a7fc84969a
           imagePullPolicy: IfNotPresent
           securityContext:
             runAsNonRoot: true

package/host-cp/k8s/manifests/auth-service/50-deployment.yaml

@@ -70,7 +70,7 @@ spec:
               mountPath: /data
       containers:
         - name: olam-auth-service
-          image: ghcr.io/pleri/olam-auth@sha256:d41a940bc9eb7016aeecc1c653e057d63d32d33c1e694d298b5340711d3d0bd8
+          image: ghcr.io/pleri/olam-auth@sha256:c6d163f7ac5fe1ca4652ed34afb1d8555c6f61d06398db767db65fee0944b209
           imagePullPolicy: IfNotPresent
           securityContext:
             runAsNonRoot: true

package/host-cp/k8s/manifests/kg-service/50-deployment.yaml

@@ -61,7 +61,7 @@ spec:
               mountPath: /data
       containers:
         - name: olam-kg-service
-          image: ghcr.io/pleri/olam-kg-service@sha256:b9a96be3cad11f298286d011a88309ac2e495074970bf4d860c032709a5ab72f
+          image: ghcr.io/pleri/olam-kg-service@sha256:77fd9b19d87c6f4cba4d33d76ff476dd7677f78725f3bf75a9076009e17355cc
           imagePullPolicy: IfNotPresent
           securityContext:
             runAsNonRoot: true

package/host-cp/k8s/manifests/mcp-auth-service/50-deployment.yaml

@@ -68,7 +68,7 @@ spec:
               mountPath: /data
       containers:
         - name: olam-mcp-auth-service
-          image: ghcr.io/pleri/olam-mcp-auth@sha256:0322f65701dfda84a2d0672071914fd7276927772ccccf6c5f55c4c3617cd8fe
+          image: ghcr.io/pleri/olam-mcp-auth@sha256:cb5b1d7caece5bca4a4723eb20522a748cd48001aa94a7e7ec106d29bd2142b0
           imagePullPolicy: IfNotPresent
           securityContext:
             runAsNonRoot: true

package/host-cp/k8s/manifests/memory-service/50-deployment.yaml

@@ -70,7 +70,7 @@ spec:
           # bootstrap-placeholder comment + run `npm run refresh:manifest-digests`
           # once ghcr.io/pleri/olam-memory-service has a real published digest.
           # bootstrap-placeholder: pre-publish; refresh after first release
-          image: ghcr.io/pleri/olam-memory-service@sha256:70ae9c81efe07d8105c109aea970105709fc4daa50b0d688aa5d299a39a8b24a
+          image: ghcr.io/pleri/olam-memory-service@sha256:38b2c1f36e49183f5d36999c6519533a8402f3e784109ede8ad7f6e1a205c195
           imagePullPolicy: IfNotPresent
           securityContext:
             runAsNonRoot: true

package/host-cp/src/halt-detect.mjs

@@ -0,0 +1,43 @@
+// W4 — Halt-shape detection for the host-cp chunk-write proxy.
+//
+// When plan-DO's dispatchPlanningAgent (W1) trips a guardrail, it
+// emits a chunk with chunk_type='goal_mode_assumption' and content
+// matching: `[assumption: <cap>-tripped — spent $X.XXXX of $Y]` (or
+// similar shape per GuardrailState.haltChunkText()).
+//
+// host-cp's /api/plan-chat proxy passes the chunk through to the
+// chunks substrate AND, if it detects a halt-shaped chunk, broadcasts
+// a typed `plan.halted` event on host-stream so the SPA's
+// PlanHaltBanner subscriber fires.
+//
+// Extracted as a pure fn so it can be unit-tested without booting
+// the host-cp server.
+
+const HALT_RE =
+  /^\[assumption:\s*(usd|turns|tool_calls|wall_clock)-tripped(?:\s*—\s*spent\s*\$([0-9.]+))?/;
+
+/**
+ * Detect a halt-shaped chunk + extract its components.
+ *
+ * Returns null when:
+ *   - chunk is null/undefined
+ *   - chunk_type isn't 'goal_mode_assumption'
+ *   - content doesn't match the halt regex
+ *
+ * Returns the parsed payload otherwise. Caller broadcasts this as
+ * the `plan.halted` event payload.
+ */
+export function detectHaltChunk(chunk) {
+  if (!chunk || typeof chunk !== 'object') return null;
+  if (chunk.chunk_type !== 'goal_mode_assumption') return null;
+  if (typeof chunk.chunk !== 'string') return null;
+  const m = chunk.chunk.match(HALT_RE);
+  if (!m) return null;
+  return {
+    plan_id: chunk.session_id ?? 'unknown',
+    operator_id: chunk.operator_id ?? 'unknown',
+    halt_reason: m[1],
+    usd_spent_so_far: m[2] ? Number.parseFloat(m[2]) : undefined,
+    halted_at: Date.now(),
+  };
+}

package/host-cp/src/panic-counter.mjs

@@ -0,0 +1,94 @@
+// C4 — macOS panic-log counter.
+//
+// Tracker drift note: phase-c-tasks.md lists path as
+// packages/control-plane/app/src/lib/panic-counter.ts (a browser SPA
+// surface). The SPA can't shell out — `child_process` is Node-only.
+// Real home is host-cp (Node) which already brokers operator-machine
+// state through host-stream. host-cp exposes a typed event consumers
+// can subscribe to.
+//
+// Implementation:
+//   `log show --predicate 'eventMessage CONTAINS "panic"' --last <N>d`
+//   pipes to stdout; we count newlines (each panic event = 1 line).
+//
+// Platform guard:
+//   On non-darwin platforms, getPanicCount returns null + emits a
+//   `[panic-counter]` warning to stderr. Callers branch on null →
+//   skip the delta + don't emit the Slack message.
+//
+// Sampling cadence:
+//   Baseline: at olam-cli startup OR on first /plan/new visit
+//   Per-session: at plan completion (cloud-mode only)
+//
+// Cost note:
+//   `log show` is expensive (~200ms-2s depending on system log size).
+//   Cache the baseline + only re-sample on demand. Don't poll.
+
+import { execFile } from 'node:child_process';
+import { promisify } from 'node:util';
+import { platform } from 'node:os';
+
+const execFileP = promisify(execFile);
+
+const PANIC_PREDICATE = 'eventMessage CONTAINS "panic"';
+const DEFAULT_TIMEOUT_MS = 30_000;
+
+/**
+ * Return the count of `panic`-containing log entries over the last N
+ * days. Returns null on non-darwin platforms OR on `log` command
+ * failure (caller treats null as "no signal; skip the delta").
+ */
+export async function getPanicCount(last_n_days = 7, opts = {}) {
+  if (platform() !== 'darwin') {
+    if (!opts.silent) {
+      process.stderr.write(
+        `[panic-counter] platform=${platform()} is not darwin; returning null\n`,
+      );
+    }
+    return null;
+  }
+  const execImpl = opts.execFileFn ?? execFileP;
+  try {
+    const { stdout } = await execImpl(
+      'log',
+      ['show', '--predicate', PANIC_PREDICATE, '--last', `${last_n_days}d`],
+      { timeout: opts.timeoutMs ?? DEFAULT_TIMEOUT_MS, maxBuffer: 10 * 1024 * 1024 },
+    );
+    // `log show` prepends a header + may emit an "is empty" sentinel.
+    // Count lines that look like log entries: start with a timestamp.
+    const lines = stdout.split('\n').filter((line) => /^\d{4}-\d{2}-\d{2}/.test(line));
+    return lines.length;
+  } catch (err) {
+    if (!opts.silent) {
+      const msg = err instanceof Error ? err.message : String(err);
+      process.stderr.write(`[panic-counter] log command failed: ${msg}\n`);
+    }
+    return null;
+  }
+}
+
+/**
+ * Pure delta math. Returns null if either input is null (no signal).
+ * Negative deltas (panics increased) are valid — caller frames the
+ * Slack message appropriately.
+ */
+export function computePanicDelta(before, after) {
+  if (before === null || after === null) return null;
+  if (typeof before !== 'number' || typeof after !== 'number') return null;
+  return after - before;
+}
+
+/** Format the delta for a Slack message body. Plain English; no jargon. */
+export function formatDeltaSummary(before, after) {
+  const delta = computePanicDelta(before, after);
+  if (delta === null) {
+    return 'Panic delta: n/a (counter unavailable this session).';
+  }
+  if (delta === 0) {
+    return `Panic count steady: ${before} → ${after} (no change this session).`;
+  }
+  if (delta < 0) {
+    return `Panic count down ${Math.abs(delta)}: ${before} → ${after}.`;
+  }
+  return `Panic count up ${delta}: ${before} → ${after}.`;
+}

package/host-cp/src/plan-chat-service.mjs

@@ -44,7 +44,18 @@ const DEFAULT_ELECTRIC_URL = 'http://localhost:30001';
 
 const ACTOR_TYPES = new Set(['agent', 'operator', 'codex', 'system']);
 const ROLES = new Set(['user', 'assistant', 'tool', 'system']);
-const CHUNK_TYPES = new Set(['text', 'tool_use']);
+// B3 schema-v2: expanded chunk_type enum mirrors @olam/chunks/src/schema.ts
+// CHUNK_TYPES. host-cp duplicates the Set rather than importing because
+// this file is plain JS .mjs and the chunks package ships as TS — keeping
+// them in sync is the audit:do-schema-parity-style discipline (cross-
+// package check queued as a B3 follow-up; for now the parity is by
+// inspection + the integration test in __tests__/chunk-type-validator).
+const CHUNK_TYPES = new Set([
+  'text',
+  'tool_use',
+  'goal_mode_assumption',
+  'dispatch_overflow',
+]);
 
 // PB2 — scope-ID shape. world_id + session_id query params are interpolated
 // into the upstream Electric `where` clause; the regex IS the SQL-injection

package/host-cp/src/server.mjs

@@ -35,6 +35,7 @@ import { createPrCache } from './pr-cache.mjs';
 import { fetchContainerSecret } from './container-secret-fetcher.mjs';
 import { subscribeDockerEvents } from './docker-events.mjs';
 import { createHostStream, newStreamId } from './host-stream.mjs';
+import { detectHaltChunk } from './halt-detect.mjs';
 import { spawnUpgraderContainer } from './upgrade-spawner.mjs';
 import { parseProxyPath, perWorldBase, proxyToWorld } from './proxy.mjs';
 import { resolveHostCpEngine } from './engine-identity.mjs';
@@ -2015,6 +2016,22 @@ const server = http.createServer(instrumentHandler('host-cp', async (req, res) =
         for await (const c of req) chunks.push(c);
         body = Buffer.concat(chunks);
       }
+
+      // W4 — Sniff chunk-write requests for halt-shaped chunks. The
+      // halt chunk emitted by plan-DO's dispatchPlanningAgent (W1)
+      // arrives here as a POST to /api/plan-chat/v1/chunks. We
+      // FORWARD the chunk verbatim AND broadcast a typed plan.halted
+      // event so the SPA's PlanHaltBanner subscriber fires.
+      if (body && req.method === 'POST' && subPath === '/v1/chunks') {
+        try {
+          const parsed = JSON.parse(body.toString('utf8'));
+          const haltPayload = detectHaltChunk(parsed);
+          if (haltPayload) hostStream.broadcast('plan.halted', haltPayload);
+        } catch {
+          // Body not JSON — pass through to upstream as-is. No event.
+        }
+      }
+
       const upstreamRes = await fetch(upstreamUrl.toString(), {
         method: req.method,
         headers,
@@ -2044,6 +2061,64 @@ const server = http.createServer(instrumentHandler('host-cp', async (req, res) =
     }
   }
 
+  // W3 — /api/cloud-dispatch: proxy from the SPA's writeCloudDispatch
+  // to the deployed plan-agent-do `/v1/dispatch` endpoint. Host-cp
+  // holds the URL + showcase password so the browser bundle stays
+  // auth-free. Config:
+  //   OLAM_CLOUD_URL — e.g. https://olam-plan-agent.<acct>.workers.dev
+  //   OLAM_SHOWCASE_PASSWORD — showcase Basic auth password (same as
+  //     B5's CLI uses).
+  // When unset, returns 503 with a clear setup hint instead of failing
+  // silently — operators wire when they're ready for cloud-mode dogfood.
+  if (url.pathname === '/api/cloud-dispatch' && req.method === 'POST') {
+    const cloudUrl = process.env.OLAM_CLOUD_URL;
+    const showcasePw = process.env.OLAM_SHOWCASE_PASSWORD;
+    if (!cloudUrl || !showcasePw) {
+      return jsonReply(res, 503, {
+        error: 'cloud_dispatch_not_configured',
+        message:
+          'host-cp needs OLAM_CLOUD_URL + OLAM_SHOWCASE_PASSWORD to proxy cloud dispatches. ' +
+          'Set both env vars + restart host-cp.',
+      });
+    }
+    try {
+      const chunks = [];
+      for await (const c of req) chunks.push(c);
+      const body = Buffer.concat(chunks).toString('utf8');
+      let parsed;
+      try { parsed = JSON.parse(body); } catch {
+        return jsonReply(res, 400, { error: 'body_not_json' });
+      }
+      // The SPA posts `world_id` + `session_id`; plan-DO's
+      // /v1/dispatch is keyed by `plan_id` query param. Use
+      // session_id as plan_id for v1 (per-session = per-plan in the
+      // current SPA model; A11 vault-sync can refine the mapping).
+      const planId = parsed.session_id ?? 'default';
+      const basicAuth = Buffer.from(`operator:${showcasePw}`).toString('base64');
+      const upstream = await fetch(
+        `${cloudUrl.replace(/\/+$/, '')}/v1/dispatch?plan_id=${encodeURIComponent(planId)}`,
+        {
+          method: 'POST',
+          headers: {
+            'Authorization': `Basic ${basicAuth}`,
+            'content-type': 'application/json',
+          },
+          body,
+        },
+      );
+      const upstreamBody = await upstream.text();
+      res.statusCode = upstream.status;
+      res.setHeader('content-type', upstream.headers.get('content-type') ?? 'application/json');
+      res.setHeader('cache-control', 'no-store');
+      return res.end(upstreamBody);
+    } catch (err) {
+      return jsonReply(res, 502, {
+        error: 'cloud_dispatch_proxy_failed',
+        message: err.message,
+      });
+    }
+  }
+
   // GET /api/worlds/:id/processes
   // GET /api/worlds/:id/processes/stream — SSE fanout (5s cadence, per-world)
   // Handler: routes/process-port.mjs → handleListProcesses

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@pleri/olam-cli",
-  "version": "0.1.166",
+  "version": "0.1.168",
   "type": "module",
   "bin": {
     "olam": "./bin/olam.cjs"