@possumtech/rummy 2.1.0 → 2.2.1

package/src/agent/Entries.js

@@ -1,18 +1,85 @@
 import slugify from "../sql/functions/slugify.js";
-import { PermissionError } from "./errors.js";
+import { EntryOverflowError, PermissionError } from "./errors.js";
 import encodeSegment from "./pathEncode.js";
 
+// Update entry bodies are promised ≤ 80 chars to clients (run summary
+// payload, model-facing <log> rendering). Mirror of SUMMARY_MAX_CHARS:
+// the boundary chops + emits a soft error so the violation is visible
+// without crashing the run. Lives here because Entries.update is the
+// canonical persistence boundary all callers fund-route through.
+const UPDATE_BODY_MAX = 80;
+
+// SQLite surfaces the CHECK as either err.code === "SQLITE_CONSTRAINT_CHECK"
+// or an Error whose message names the failing column. Both forms appear in
+// the wild depending on the driver build, so we match defensively.
+// Caller-side contract: only invoked from a SQL try/catch, so err is always
+// an Error instance — err.message is a string (possibly empty), not undefined.
+function isBodyOverflow(err) {
+	if (!err) return false;
+	if (err.code === "SQLITE_CONSTRAINT_CHECK") return true;
+	return err.message.includes("CHECK") && err.message.includes("length(body)");
+}
+
+function translateBodyOverflow(err, path, body) {
+	if (!isBodyOverflow(err)) return err;
+	const size = body == null ? 0 : body.length;
+	return new EntryOverflowError(path, size);
+}
+
+// Already-an-error path: log://turn_N/error/<slug>. The auto-failure
+// hook below skips these to break the recursion (error.log.emit's
+// handler ALSO writes state=failed when materializing its own entry).
+const ERROR_PATH_RE = /^log:\/\/turn_\d+\/error\//;
+
+// Streaming data channels for env/sh actions (env://turn_N/cmd_K,
+// sh://turn_N/cmd_K). Their failure is already captured by the parent
+// log://turn_N/<scheme>/<slug> action entry's auto-emit; emitting again
+// for each channel produces redundant duplicates with empty-body
+// fallback messages.
+const CHANNEL_PATH_RE = /^(env|sh):\/\/turn_\d+\//;
+
 export default class Entries {
 	#db;
 	#onChanged;
+	#onError;
+	#onFailed;
+	#onSoftError;
 	#schemes = new Map();
 	#schemesLoaded = null;
 	#seq = 0;
 	#pendingResolutions = new Map();
 
-	constructor(db, { onChanged = null } = {}) {
+	// onError is the centralized site for storage-layer rejections that
+	// should surface to the model as strikes rather than crash the run.
+	// Today: EntryOverflowError (RUMMY_ENTRY_SIZE_MAX CHECK violations).
+	// When onError is supplied, set() catches the typed error, dispatches
+	// it to the callback (which emits hooks.error.log → 413 strike), and
+	// returns silently — callers don't need to handle storage-layer
+	// rejections at every write site. When onError is null (e.g. unit
+	// tests with a bare Entries), the error propagates as before.
+	//
+	// onFailed is the universal failure-rendering enforcer: every
+	// transition to state="failed" on a non-error path fires this
+	// callback so a SEPARATE log://turn_N/error/<slug> entry is created
+	// alongside the action entry. Without this, plugins that record
+	// failure via entries.set({state: "failed", ...}) leave nothing for
+	// the model to recognize as an error — failure encodes only as tiny
+	// JSON metadata indistinguishable from a successful entry. The
+	// callback wires to hooks.error.log.emit (see ProjectAgent).
+	constructor(
+		db,
+		{
+			onChanged = null,
+			onError = null,
+			onFailed = null,
+			onSoftError = null,
+		} = {},
+	) {
 		this.#db = db;
 		this.#onChanged = onChanged;
+		this.#onError = onError;
+		this.#onFailed = onFailed;
+		this.#onSoftError = onSoftError;
 	}
 
 	// Populate the scheme cache; idempotent, lazy on first need.
@@ -42,7 +109,16 @@ export default class Entries {
 	}
 
 	static normalizePath(path) {
-		if (!path?.includes("://")) return path;
+		if (!path) return path;
+		if (!path.includes("://")) {
+			// Bare file path: strip a single leading `./` for canonical
+			// form. `./main.go` and `main.go` must resolve to the same
+			// entry — otherwise SEARCH/REPLACE edits on `./main.go`
+			// land in a phantom entry while reads of `main.go` see the
+			// original, and the model can't reconcile.
+			if (path.startsWith("./")) return path.slice(2);
+			return path;
+		}
 		const sep = path.indexOf("://");
 		const scheme = path.slice(0, sep).toLowerCase();
 		const rest = path.slice(sep + 3);
@@ -72,28 +148,29 @@ export default class Entries {
 		return `${candidate}_${++this.#seq}`;
 	}
 
-	// Single namespace log://turn_N/action/slug; target URL-encoded for round-trip safety.
+	// Single namespace log://turn_N/action/slug. slug is built via slugify
+	// (80-char cap + integer tie-breaker on collision) — same contract as
+	// slugPath. Plugins (including externals) can trust that any target
+	// they pass will produce a bounded, unique log path, regardless of
+	// the target's length or character composition. Full payload always
+	// belongs in the entry body, not the slug.
 	async logPath(runId, turn, action, target) {
-		// Cap target before encoding: the schema's CHECK(length(path) <= 2048)
-		// otherwise blows up when callers pass long error messages or other
-		// arbitrary text. encodeURIComponent expands ~3x for ASCII, more for
-		// Unicode; 150 raw chars stays comfortably under 2048 even after
-		// worst-case expansion. The full message belongs in body, not path.
-		const safeTarget = String(target).slice(0, 150);
-		const encodedTarget = encodeSegment(safeTarget);
-		const candidate = `log://turn_${turn}/${action}/${encodedTarget}`;
+		const slug = target == null ? "" : slugify(String(target));
+		const base = slug
+			? `log://turn_${turn}/${action}/${slug}`
+			: `log://turn_${turn}/${action}/_`;
 		const existing = await this.#db.get_entry_body.get({
 			run_id: runId,
-			path: candidate,
+			path: base,
 		});
-		if (!existing) return candidate;
-		return `${candidate}_${++this.#seq}`;
+		if (!existing) return base;
+		return `${base}_${++this.#seq}`;
 	}
 
-	async slugPath(runId, scheme, content, summary) {
-		// summary > content > empty; slugify("") yields "" and we sequence-only.
+	async slugPath(runId, scheme, content, tags) {
+		// tags > content > empty; slugify("") yields "" and we sequence-only.
 		let source = "";
-		if (summary) source = summary;
+		if (tags) source = tags;
 		else if (content) source = content;
 		const base = slugify(source);
 		const prefix = `${scheme}://`;
@@ -149,7 +226,35 @@ export default class Entries {
 	}
 
 	// set — create or update an entry; see PLUGINS.md primitives.
-	async set({
+	async set(args) {
+		if (!args.runId) throw new Error("set: runId is required");
+		if (!args.path) throw new Error("set: path is required");
+		try {
+			return await this.#setImpl(args);
+		} catch (err) {
+			// EntryOverflowError: storage-layer CHECK fired. When the host
+			// supplies onError (the production wiring), route the strike
+			// to error.log and return silently — every set() caller in
+			// the codebase becomes overflow-safe without per-site catches.
+			// Without onError (raw unit tests), propagate as before.
+			if (err instanceof EntryOverflowError && this.#onError) {
+				// Destructure with the same defaults as #setImpl so the
+				// callback sees the same loopId/turn shape callers wrote
+				// against — no `??` fallback shim, just contract alignment.
+				const { runId, loopId = null, turn = 0 } = args;
+				await this.#onError({
+					runId,
+					loopId,
+					turn,
+					error: err,
+				});
+				return;
+			}
+			throw err;
+		}
+	}
+
+	async #setImpl({
 		runId,
 		projectId = null,
 		turn = 0,
@@ -166,20 +271,21 @@ export default class Entries {
 		loopId = null,
 		writer = "plugin",
 	}) {
-		if (!runId) throw new Error("set: runId is required");
-		if (!path) throw new Error("set: path is required");
-
 		// Pattern mode is explicit; never inferred from `*` in path.
 		const isPattern = pattern === true || bodyFilter !== null;
 
 		if (isPattern) {
 			if (body != null && !append) {
-				await this.#db.update_body_by_pattern.run({
-					run_id: runId,
-					path,
-					body: bodyFilter,
-					new_body: body,
-				});
+				try {
+					await this.#db.update_body_by_pattern.run({
+						run_id: runId,
+						path,
+						body: bodyFilter,
+						new_body: body,
+					});
+				} catch (err) {
+					throw translateBodyOverflow(err, path, body);
+				}
 				await this.#db.bump_write_count_by_pattern.run({
 					run_id: runId,
 					path,
@@ -212,11 +318,15 @@ export default class Entries {
 		// Append mode: streaming body growth on an existing entry.
 		if (append) {
 			if (body == null) throw new Error("set: append requires body");
-			await this.#db.append_entry_body.run({
-				run_id: runId,
-				path: normalized,
-				chunk: body,
-			});
+			try {
+				await this.#db.append_entry_body.run({
+					run_id: runId,
+					path: normalized,
+					chunk: body,
+				});
+			} catch (err) {
+				throw translateBodyOverflow(err, normalized, body);
+			}
 			this.#emitChanged(runId, normalized, "append");
 			return;
 		}
@@ -232,6 +342,15 @@ export default class Entries {
 				});
 				this.#emitChanged(runId, normalized, "resolve");
 				this.#drainPendingResolution(runId, normalized);
+				if (state === "failed") {
+					await this.#fireFailed({
+						runId,
+						turn,
+						loopId,
+						path: normalized,
+						outcome,
+					});
+				}
 			}
 			if (visibility != null) {
 				await this.#db.set_visibility.run({
@@ -264,20 +383,37 @@ export default class Entries {
 			const m = normalized.match(/^log:\/\/turn_\d+\/([^/]+)\//);
 			if (m) effectiveAttributes.action = m[1];
 		}
-		const entry = await this.#db.upsert_entry.get({
-			scope,
-			path: normalized,
-			body,
-			attributes: effectiveAttributes
-				? JSON.stringify(effectiveAttributes)
-				: null,
-			hash,
-		});
+		let entry;
+		try {
+			entry = await this.#db.upsert_entry.get({
+				scope,
+				path: normalized,
+				body,
+				attributes: effectiveAttributes
+					? JSON.stringify(effectiveAttributes)
+					: null,
+				hash,
+			});
+		} catch (err) {
+			throw translateBodyOverflow(err, normalized, body);
+		}
 		const effectiveState = state === undefined ? "resolved" : state;
-		const effectiveVisibility =
-			visibility === undefined
-				? this.#defaultVisibility(scheme, category)
-				: visibility;
+		// Visibility resolution: explicit > preserve-existing > scheme-default.
+		// A body update without visibility= must NOT silently reset visibility
+		// to the scheme default — that would hide content the model just
+		// promoted (e.g. a model <get>'d file then <set> SEARCH/REPLACE
+		// would lose its visible status). Preserve what's there.
+		let effectiveVisibility;
+		if (visibility !== undefined) {
+			effectiveVisibility = visibility;
+		} else {
+			const existing = await this.getState(runId, normalized);
+			if (existing?.visibility) {
+				effectiveVisibility = existing.visibility;
+			} else {
+				effectiveVisibility = this.#defaultVisibility(scheme, category);
+			}
+		}
 		await this.#db.upsert_run_view.run({
 			run_id: runId,
 			entry_id: entry.id,
@@ -291,6 +427,42 @@ export default class Entries {
 		if (effectiveState !== "proposed") {
 			this.#drainPendingResolution(runId, normalized);
 		}
+		if (effectiveState === "failed") {
+			await this.#fireFailed({
+				runId,
+				turn,
+				loopId,
+				path: normalized,
+				body,
+				outcome,
+			});
+		}
+	}
+
+	// Fire onFailed for any state→failed transition on a non-error path.
+	// The auto-emit creates a sibling log://turn_N/error/<slug> entry so
+	// the failure appears in the model's <log> as a category-distinct
+	// item, not just metadata buried in the action's own log entry.
+	async #fireFailed({ runId, turn, loopId, path, body, outcome }) {
+		if (!this.#onFailed) return;
+		if (ERROR_PATH_RE.test(path)) return;
+		if (CHANNEL_PATH_RE.test(path)) return;
+		// Body-less state changes don't carry a message; fall back to the
+		// outcome string (or the path itself) so the error entry has a
+		// recognizable slug instead of an empty one.
+		let message = body;
+		if (!message) {
+			if (outcome) message = `failed: ${outcome}`;
+			else message = `failed: ${path}`;
+		}
+		await this.#onFailed({
+			runId,
+			turn,
+			loopId,
+			sourcePath: path,
+			body: message,
+			outcome,
+		});
 	}
 
 	// get — promote entry(ies); see PLUGINS.md primitives.
@@ -399,6 +571,9 @@ export default class Entries {
 	}
 
 	// update — once-per-turn lifecycle signal; see PLUGINS.md.
+	// Body chopped to UPDATE_BODY_MAX with a soft error fire so clients
+	// always receive ≤ 80 chars and the violation is visible to the model
+	// next turn. Applies to ALL callers — system, plugin, model.
 	async update({
 		runId,
 		turn = 0,
@@ -410,12 +585,24 @@ export default class Entries {
 	}) {
 		if (!runId) throw new Error("update: runId is required");
 		if (body == null) throw new Error("update: body is required");
-		const path = await this.logPath(runId, turn, "update", body);
+		let storedBody = body;
+		if (body.length > UPDATE_BODY_MAX) {
+			storedBody = body.slice(0, UPDATE_BODY_MAX);
+			if (this.#onSoftError) {
+				await this.#onSoftError({
+					runId,
+					turn,
+					loopId,
+					message: "error: YOU MUST keep the update body to <= 80 characters",
+				});
+			}
+		}
+		const path = await this.logPath(runId, turn, "update", storedBody);
 		await this.set({
 			runId,
 			turn,
 			path,
-			body,
+			body: storedBody,
 			state: "resolved",
 			loopId,
 			writer,
@@ -527,10 +714,10 @@ export default class Entries {
 		});
 	}
 
-	async archivePriorPromptArtifacts(runId, currentTurn) {
-		await this.#db.archive_prior_prompt_artifacts.run({
+	async setNextTurn(runId, nextTurn) {
+		await this.#db.set_next_turn.run({
 			run_id: runId,
-			current_turn: currentTurn,
+			next_turn: nextTurn,
 		});
 	}
 
@@ -544,15 +731,6 @@ export default class Entries {
 		return targets;
 	}
 
-	// Budget postDispatch fallback: demote every visible entry in the run.
-	async demoteRunVisibleEntries(runId) {
-		const targets = await this.#db.get_run_visible_targets.all({
-			run_id: runId,
-		});
-		await this.#db.demote_run_visible.run({ run_id: runId });
-		return targets;
-	}
-
 	// Plugin-facing run lookup; avoids reaching into core.db.
 	async getRun(runId) {
 		return this.#db.get_run_by_id.get({ id: runId });

package/src/agent/ProjectAgent.js

@@ -1,6 +1,7 @@
 import LlmProvider from "../llm/LlmProvider.js";
 import AgentLoop from "./AgentLoop.js";
 import Entries from "./Entries.js";
+import { SOFT_FAILURE_OUTCOMES } from "./errors.js";
 import TurnExecutor from "./TurnExecutor.js";
 
 export default class ProjectAgent {
@@ -16,6 +17,49 @@ export default class ProjectAgent {
 		this.#llm = new LlmProvider(db, hooks);
 		this.#entries = new Entries(db, {
 			onChanged: (event) => hooks.entry.changed.emit(event),
+			onError: ({ runId, loopId, turn, error }) =>
+				hooks.error.log.emit({
+					store: this.#entries,
+					runId,
+					turn,
+					loopId,
+					message: error.message,
+					status: 413,
+					attributes: { path: error.path, size: error.size },
+				}),
+			// Universal failure-rendering: every state→failed transition on
+			// a non-error path fires error.log.emit so a sibling
+			// log://turn_N/error/<slug> entry is created. The error plugin's
+			// own #onErrorLog handler also writes state=failed on the error
+			// entry; Entries.#fireFailed skips when path matches
+			// log://turn_*/error/* so no recursion.
+			//
+			// soft=true when the outcome is in SOFT_FAILURE_OUTCOMES
+			// (not_found, conflict): the error entry still renders so the
+			// model can read the finding, but error.log skips turnErrors++
+			// so the strike accumulator doesn't penalize legitimate
+			// state-discovery via the auto-emit path. Without this, soft
+			// outcomes count as strikes on the turnErrors path even though
+			// recordedFailed correctly excludes them.
+			onFailed: ({ runId, loopId, turn, sourcePath, body, outcome }) =>
+				hooks.error.log.emit({
+					store: this.#entries,
+					runId,
+					turn,
+					loopId,
+					message: body,
+					attributes: { sourcePath, outcome },
+					soft: SOFT_FAILURE_OUTCOMES.has(outcome),
+				}),
+			onSoftError: ({ runId, loopId, turn, message }) =>
+				hooks.error.log.emit({
+					store: this.#entries,
+					runId,
+					turn,
+					loopId,
+					message,
+					soft: true,
+				}),
 		});
 		this.#entries.loadSchemes(db);