@poncho-ai/harness 0.43.0 → 0.44.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@poncho-ai/harness",
-  "version": "0.43.0",
+  "version": "0.44.0",
   "description": "Agent execution runtime - conversation loop, tool dispatch, streaming",
   "repository": {
     "type": "git",

package/src/harness.ts

@@ -20,7 +20,7 @@ const costLog = createLogger("cost");
 const mcpLog = createLogger("mcp");
 const modelLog = createLogger("model");
 import type { UploadStore } from "./upload-store.js";
-import { PONCHO_UPLOAD_SCHEME, VFS_SCHEME, deriveUploadKey } from "./upload-store.js";
+import { PONCHO_UPLOAD_SCHEME, VFS_SCHEME, decodeFileInputData, deriveUploadKey } from "./upload-store.js";
 import type { StorageEngine } from "./storage/engine.js";
 import { createStorageEngine, type StorageProvider } from "./storage/index.js";
 import {
@@ -30,6 +30,8 @@ import {
   createReminderStoreFromEngine,
 } from "./storage/store-adapters.js";
 import { BashEnvironmentManager } from "./vfs/bash-manager.js";
+import type { VirtualMount } from "./vfs/poncho-fs-adapter.js";
+export type { VirtualMount } from "./vfs/poncho-fs-adapter.js";
 import { createBashTool } from "./vfs/bash-tool.js";
 import { createReadFileTool } from "./vfs/read-file-tool.js";
 import { createEditFileTool } from "./vfs/edit-file-tool.js";
@@ -123,6 +125,15 @@ export interface HarnessOptions {
    * `resolveStateConfig`, etc.) run as today regardless of source.
    */
   config?: PonchoConfig;
+  /**
+   * Read-only virtual mounts overlaid on the VFS. Each mount maps a VFS
+   * prefix (e.g. "/system/") to a local filesystem directory; reads under
+   * the prefix are served from local disk, writes are rejected. Used by
+   * platforms like PonchOS to expose deployment-shipped defaults (system
+   * jobs, system skills) without storing them in each tenant's VFS.
+   * Empty by default — no system mounts in the CLI / dev workflow.
+   */
+  virtualMounts?: VirtualMount[];
 }
 
 export interface HarnessRunOutput {
@@ -855,6 +866,8 @@ export class AgentHarness {
   storageEngine?: StorageEngine;
   /** Bash environment manager (creates per-tenant bash instances). */
   private bashManager?: BashEnvironmentManager;
+  /** Read-only virtual mounts overlaid on the VFS. Empty by default. */
+  private virtualMounts: VirtualMount[] = [];
 
   private resolveToolAccess(toolName: string): ToolAccess {
     const tools = this.loadedConfig?.tools;
@@ -1048,6 +1061,7 @@ export class AgentHarness {
       this.storageEngine = options.storageEngine;
       this.injectedStorageEngine = true;
     }
+    this.virtualMounts = options.virtualMounts ?? [];
 
     if (options.toolDefinitions?.length) {
       this.dispatcher.registerMany(options.toolDefinitions);
@@ -1255,6 +1269,21 @@ export class AgentHarness {
     // "__default__" so dev-mode (no auth) conversations see the same VFS
     // namespace the Files sidebar writes to.
     const effectiveTenant = tenantId || "__default__";
+    // Refresh the engine's path cache before fingerprinting. The cache is
+    // the only thing `computeVfsSkillFingerprint` reads, and historically
+    // it was only populated by `bash-manager.refreshPathCache` — chat-only
+    // flows (no bash) left it empty, the patched writeFile's incremental
+    // update became a no-op (it skips when the cache isn't loaded), the
+    // fingerprint stuck at "" across runs, and any skill the agent (or a
+    // client like PonchOS's iOS Files browser) authored after the harness
+    // was first instantiated was invisible from the next turn onward.
+    // One SELECT per turn is the cost of correctness here.
+    const engineWithRefresh = this.storageEngine as unknown as {
+      refreshPathCache?: (tenantId: string) => Promise<void>;
+    };
+    if (typeof engineWithRefresh.refreshPathCache === "function") {
+      await engineWithRefresh.refreshPathCache(effectiveTenant);
+    }
     const fingerprint = this.computeVfsSkillFingerprint(effectiveTenant);
     const cached = this.skillCache.get(effectiveTenant);
     if (cached && cached.fingerprint === fingerprint) {
@@ -1695,6 +1724,7 @@ export class AgentHarness {
       bashWorkingDir,
       config?.bash,
       config?.network,
+      this.virtualMounts,
     );
     // Register VFS tools
     this.registerIfMissing(createBashTool(this.bashManager));
@@ -2256,7 +2286,7 @@ Code is wrapped in an async IIFE — use \`return\` to return a value to the too
         ];
         for (const file of input.files) {
           if (this.uploadStore) {
-            const buf = Buffer.from(file.data, "base64");
+            const buf = await decodeFileInputData(file.data);
             const key = deriveUploadKey(buf, file.mediaType);
             const ref = await this.uploadStore.put(key, buf, file.mediaType);
             parts.push({

package/src/orchestrator/run-conversation-turn.ts

@@ -24,7 +24,7 @@ import type { AgentEvent, FileInput, Message } from "@poncho-ai/sdk";
 import { createLogger } from "@poncho-ai/sdk";
 import type { AgentHarness } from "../harness.js";
 import type { ConversationStore } from "../state.js";
-import { deriveUploadKey } from "../upload-store.js";
+import { decodeFileInputData, deriveUploadKey } from "../upload-store.js";
 import { withToolResultArchiveParam } from "./continuation.js";
 import { resolveRunRequest } from "./history.js";
 import {
@@ -104,7 +104,7 @@ export const runConversationTurn = async (
   if (opts.files && opts.files.length > 0 && opts.harness.uploadStore) {
     const uploadedParts = await Promise.all(
       opts.files.map(async (f) => {
-        const buf = Buffer.from(f.data, "base64");
+        const buf = await decodeFileInputData(f.data);
         const key = deriveUploadKey(buf, f.mediaType);
         const ref = await opts.harness.uploadStore!.put(key, buf, f.mediaType);
         return {

package/src/storage/schema.ts

@@ -195,4 +195,23 @@ export const migrations: Migration[] = [
          WHERE parent_message_id IS NOT NULL`,
     ],
   },
+  {
+    version: 7,
+    name: "fix_reminder_scheduled_at_precision",
+    // Postgres maps `REAL` to float4 (4 bytes, ~7 digit precision),
+    // which silently rounds millisecond epochs (13 digits) — every
+    // reminder write+read on Postgres returned a different value than
+    // it stored. SQLite's REAL is float8 (15+ digit precision) so it
+    // was always fine there.
+    //
+    // Convert the Postgres column to BIGINT so future writes are exact
+    // (already-stored rounded values aren't recoverable but they were
+    // never correct in the first place).
+    up: (d) => {
+      if (d === "sqlite") return [];
+      return [
+        `ALTER TABLE reminders ALTER COLUMN scheduled_at TYPE BIGINT USING scheduled_at::bigint`,
+      ];
+    },
+  },
 ];

package/src/storage/sql-dialect.ts

@@ -572,11 +572,16 @@ export abstract class SqlStorageEngine implements StorageEngine {
       const pattern = `%${query}%`;
       // SQLite uses positional ? so we can't reuse $2, need separate params
       const params: unknown[] = [this.agentId, pattern, pattern];
+      // Postgres rejects `jsonb LIKE text` — cast `data` to text in
+      // Postgres so the LIKE applies to its JSON serialization. SQLite's
+      // `data` column is TEXT (raw JSON string) so no cast needed.
+      const dataMatch =
+        this.dialect.tag === "postgresql" ? "data::text LIKE $3" : "data LIKE $3";
       let sql = `SELECT id, title, updated_at, created_at, owner_id, tenant_id,
                         message_count, parent_conversation_id, parent_message_id,
                         has_pending_approvals, channel_meta
                  FROM conversations
-                 WHERE agent_id = $1 AND (title LIKE $2 OR data LIKE $3)`;
+                 WHERE agent_id = $1 AND (title LIKE $2 OR ${dataMatch})`;
       if (filterTenant) {
         sql += ` AND tenant_id = $4`;
         params.push(tid);
@@ -1190,7 +1195,10 @@ export abstract class SqlStorageEngine implements StorageEngine {
     return {
       id: row.id as string,
       task: row.task as string,
-      scheduledAt: row.scheduled_at as number,
+      // Postgres-js returns BIGINT columns as strings to avoid silent
+      // precision loss in JS. Coerce to Number — ms epochs max out at
+      // ~10^16 in year 2286, well under Number.MAX_SAFE_INTEGER (2^53).
+      scheduledAt: Number(row.scheduled_at),
       timezone: (row.timezone as string) ?? undefined,
       status: row.status as Reminder["status"],
       createdAt: new Date(row.created_at as string).getTime(),
@@ -1198,7 +1206,7 @@ export abstract class SqlStorageEngine implements StorageEngine {
       ownerId: (row.owner_id as string) ?? undefined,
       tenantId: tid === DEFAULT_TENANT ? null : tid,
       recurrence,
-      occurrenceCount: (row.occurrence_count as number) ?? 0,
+      occurrenceCount: Number(row.occurrence_count ?? 0),
     };
   }
 

package/src/upload-store.ts

@@ -108,6 +108,33 @@ export const deriveUploadKey = (
   return `${hash}${ext}`;
 };
 
+const DATA_URI_PREFIX = /^data:[^,]*?;base64,/;
+
+/**
+ * Decode the `FileInput.data` field per its documented contract: it may be a
+ * raw base64 string, a `data:<mime>;base64,<…>` URI, or an `https?://` URL.
+ * Returns the decoded bytes. Older versions of the harness called
+ * `Buffer.from(data, "base64")` unconditionally; that silently produced
+ * garbage bytes for data URIs (the `:` / `;` / `,` in the prefix are not
+ * valid base64 chars but Node's decoder ignores them rather than throwing).
+ */
+export const decodeFileInputData = async (data: string): Promise<Buffer> => {
+  if (data.startsWith("http://") || data.startsWith("https://")) {
+    const resp = await fetch(data);
+    if (!resp.ok) {
+      throw new Error(
+        `uploads: failed to fetch file at ${data}: ${resp.status} ${resp.statusText}`,
+      );
+    }
+    return Buffer.from(await resp.arrayBuffer());
+  }
+  const match = data.match(DATA_URI_PREFIX);
+  if (match) {
+    return Buffer.from(data.slice(match[0].length), "base64");
+  }
+  return Buffer.from(data, "base64");
+};
+
 const MIME_EXT_MAP: Record<string, string> = {
   "image/jpeg": ".jpg",
   "image/png": ".png",

package/src/vfs/bash-manager.ts

@@ -11,7 +11,7 @@ import type {
 } from "just-bash";
 import type { StorageEngine } from "../storage/engine.js";
 import type { BashConfig, NetworkConfig } from "../config.js";
-import { PonchoFsAdapter } from "./poncho-fs-adapter.js";
+import { PonchoFsAdapter, type VirtualMount } from "./poncho-fs-adapter.js";
 import { createBashFs } from "./create-bash-fs.js";
 import type { PostgresEngine } from "../storage/postgres-engine.js";
 
@@ -69,6 +69,7 @@ export class BashEnvironmentManager {
   private filesystems = new Map<string, IFileSystem>();
   private readonly workingDir: string | null;
   private readonly bashOptions: Partial<BashOptions>;
+  private readonly virtualMounts: VirtualMount[];
 
   constructor(
     private engine: StorageEngine,
@@ -76,16 +77,18 @@ export class BashEnvironmentManager {
     workingDir: string | null,
     bashConfig?: BashConfig,
     network?: NetworkConfig,
+    virtualMounts: VirtualMount[] = [],
   ) {
     this.workingDir = workingDir;
     this.bashOptions = toBashOptions(bashConfig, network);
+    this.virtualMounts = virtualMounts;
   }
 
   /** Return the combined IFileSystem (VFS + optional /project mount) for a tenant. */
   getFs(tenantId: string): IFileSystem {
     let fs = this.filesystems.get(tenantId);
     if (!fs) {
-      const adapter = new PonchoFsAdapter(this.engine, tenantId, this.limits);
+      const adapter = new PonchoFsAdapter(this.engine, tenantId, this.limits, this.virtualMounts);
       fs = createBashFs(adapter, this.workingDir);
       this.filesystems.set(tenantId, fs);
     }
@@ -107,7 +110,7 @@ export class BashEnvironmentManager {
   }
 
   getAdapter(tenantId: string): PonchoFsAdapter {
-    return new PonchoFsAdapter(this.engine, tenantId, this.limits);
+    return new PonchoFsAdapter(this.engine, tenantId, this.limits, this.virtualMounts);
   }
 
   /** Refresh the PostgreSQL path cache before a bash.exec() call. */