@pushpalsdev/cli 1.1.1 → 1.1.2

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@pushpalsdev/cli",
-  "version": "1.1.1",
+  "version": "1.1.2",
   "description": "PushPals terminal CLI for LocalBuddy -> RemoteBuddy orchestration",
   "license": "MIT",
   "repository": {

package/runtime/prompts/workerpals/openai_codex_task_execute_system_prompt.md

@@ -16,7 +16,7 @@ Execution rules:
 - If the hinted file is a thin wrapper or the behavior lives elsewhere, edit the behavior-owning file(s) needed to solve the task and explain the scope expansion in your final response.
 - Avoid irrelevant sprawl; the review agent will judge whether changed files are necessary for the requested outcome.
 - Read relevant files before editing, then run focused validation.
-- PushPals runs the deterministic ValidationGate after your edit, including any repo-required `vision.md` commands. During the editing turn, prefer focused/fast validation. Do not spend the main Codex execution budget repeatedly running long browser/e2e smoke commands such as `bun run web:e2e`; run them only when the task is specifically about the browser harness or when you need a final targeted confirmation and can stop promptly on a clear failure.
+- PushPals runs the deterministic ValidationGate after your edit, including any repo-required `vision.md` commands. During the editing turn, prefer focused/fast validation. Do not run long browser/e2e smoke commands such as `bun run web:e2e` by default from the Codex executor; ValidationGate is the authoritative browser runner and has the provisioned browser/runtime environment. For browser-harness tasks, inspect existing artifacts, run fast non-browser checks, and only run the full browser command once when a quick local startup probe shows it can run here and you need one targeted confirmation.
 - Use direct commands without shell wrappers. Prefer plain commands like `git diff -- path`, `git add <path>`, `git status --porcelain`, and `pwd`.
 - Do not wrap commands in `/bin/bash -lc`, `sh -lc`, `cmd /c`, or `powershell -Command`, and avoid pipelines, `awk`, heredocs, or multi-command shell snippets unless they are truly unavoidable.
 - If the command router rejects a command, simplify it to a single direct command instead of retrying more shell wrappers.

package/runtime/sandbox/apps/workerpals/src/backends/openai_codex/test_openai_codex_runtime_config.py

@@ -295,6 +295,8 @@ class OpenAICodexRuntimeConfigTests(unittest.TestCase):
         template = _load_prompt_template("workerpals/openai_codex_task_execute_system_prompt.md")
         self.assertIn("Codex CLI is required infrastructure", template)
         self.assertIn("Use direct commands without shell wrappers", template)
+        self.assertIn("ValidationGate is the authoritative browser runner", template)
+        self.assertIn("Do not run long browser/e2e smoke commands", template)
 
     def test_extracts_usage_counts_from_nested_json_event(self) -> None:
         usage = _extract_usage_counts(

package/runtime/sandbox/apps/workerpals/src/docker_executor.ts

@@ -43,6 +43,10 @@ const WORKERPAL_SANDBOX_COMPONENT_LABEL = "pushpals.component=workerpals-sandbox
 const DOCKER_IMAGE_INSPECT_TIMEOUT_MS = 15_000;
 const DOCKER_IMAGE_BUILD_TIMEOUT_MS = 10 * 60_000;
 const DOCKER_IMAGE_PULL_TIMEOUT_MS = 10 * 60_000;
+const BROWSER_VALIDATION_JOB_REPAIR_ATTEMPTS = 8;
+const BROWSER_VALIDATION_JOB_OVERHEAD_MS = 15 * 60_000;
+const BROWSER_VALIDATION_JOB_MIN_TIMEOUT_MS = 4 * 60 * 60_000;
+const BROWSER_VALIDATION_JOB_MAX_TIMEOUT_MS = 8 * 60 * 60_000;
 
 function parseClampedInt(value: unknown, defaultValue: number, min: number, max: number): number {
   const parsed =
@@ -237,6 +241,75 @@ export interface Job {
   sessionId: string;
 }
 
+function readPositiveNumber(value: unknown): number | null {
+  const parsed =
+    typeof value === "number"
+      ? value
+      : typeof value === "string"
+        ? Number.parseInt(value, 10)
+        : Number.NaN;
+  if (!Number.isFinite(parsed) || parsed <= 0) return null;
+  return Math.floor(parsed);
+}
+
+function maybeRecord(value: unknown): Record<string, unknown> | null {
+  return value && typeof value === "object" && !Array.isArray(value)
+    ? (value as Record<string, unknown>)
+    : null;
+}
+
+function collectValidationCommandHints(params: Record<string, unknown>): string[] {
+  const planning = maybeRecord(params.planning);
+  const values: unknown[] = [
+    params.instruction,
+    params.plannerWorkerInstruction,
+    params.validationSteps,
+    params.requiredValidationSteps,
+    planning?.validationSteps,
+    planning?.requiredValidationSteps,
+  ];
+  const commands: string[] = [];
+  for (const value of values) {
+    if (typeof value === "string") {
+      commands.push(value);
+      continue;
+    }
+    if (Array.isArray(value)) {
+      commands.push(...value.filter((entry): entry is string => typeof entry === "string"));
+    }
+  }
+  return commands;
+}
+
+function hasBrowserValidationCommand(job: Pick<Job, "kind" | "params">): boolean {
+  if (job.kind !== "task.execute") return false;
+  return collectValidationCommandHints(job.params).some((command) =>
+    /\b(web:e2e|e2e:web|browser:e2e|smoke:web|web:smoke|browser:smoke|playwright|cypress)\b/i.test(
+      command,
+    ),
+  );
+}
+
+export function resolveDockerJobTimeoutMs(
+  configuredTimeoutMs: number,
+  job: Pick<Job, "kind" | "params">,
+): number {
+  const baseTimeoutMs = Math.max(10_000, Math.floor(configuredTimeoutMs));
+  if (!hasBrowserValidationCommand(job)) return baseTimeoutMs;
+
+  const planning = maybeRecord(job.params.planning);
+  const executionBudgetMs = readPositiveNumber(planning?.executionBudgetMs) ?? 1_800_000;
+  const finalizationBudgetMs = readPositiveNumber(planning?.finalizationBudgetMs) ?? 120_000;
+  const attempts = BROWSER_VALIDATION_JOB_REPAIR_ATTEMPTS + 1; // initial attempt plus repairs
+  const estimatedTimeoutMs =
+    attempts * (executionBudgetMs + finalizationBudgetMs + BROWSER_VALIDATION_JOB_OVERHEAD_MS);
+  const boundedTimeoutMs = Math.min(
+    BROWSER_VALIDATION_JOB_MAX_TIMEOUT_MS,
+    Math.max(BROWSER_VALIDATION_JOB_MIN_TIMEOUT_MS, estimatedTimeoutMs),
+  );
+  return Math.max(baseTimeoutMs, boundedTimeoutMs);
+}
+
 export class DockerExecutor {
   private options: Required<Omit<DockerExecutorOptions, "config">>;
   private worktreeDir: string;
@@ -1141,9 +1214,15 @@ export class DockerExecutor {
       stdout: "pipe",
       stderr: "pipe",
     });
+    const timeoutMs = resolveDockerJobTimeoutMs(this.options.timeoutMs, job);
+    if (timeoutMs !== this.options.timeoutMs) {
+      const note = `[DockerExecutor] Extended job timeout for browser validation convergence: ${timeoutMs}ms (configured ${this.options.timeoutMs}ms).`;
+      console.log(note);
+      onLog?.("stdout", note);
+    }
 
     const { leadMs: warningLeadMs, delayMs: warningDelayMs } = computeTimeoutWarningWindow(
-      this.options.timeoutMs,
+      timeoutMs,
     );
     const warningTimer = setTimeout(() => {
       const warning = `[DockerExecutor] Job nearing timeout in warm container (${Math.round(
@@ -1172,7 +1251,7 @@ export class DockerExecutor {
       } catch {
         // Ignore kill errors
       }
-    }, this.options.timeoutMs);
+    }, timeoutMs);
 
     // Process streams
     const stdoutLines: string[] = [];
@@ -1192,6 +1271,7 @@ export class DockerExecutor {
     const result = this.parseResult(stdoutLines, stderrLines, exitCode, {
       timedOutByDocker,
       elapsedMs,
+      timeoutMs,
     });
 
     return result;
@@ -1445,7 +1525,7 @@ export class DockerExecutor {
     stdoutLines: string[],
     stderrLines: string[],
     exitCode: number,
-    context: { timedOutByDocker: boolean; elapsedMs: number },
+    context: { timedOutByDocker: boolean; elapsedMs: number; timeoutMs: number },
   ): DockerJobResult {
     let sawSentinel = false;
     let sentinelParseError = "";
@@ -1487,7 +1567,7 @@ export class DockerExecutor {
     if (context.timedOutByDocker) {
       return {
         ok: false,
-        summary: `Job timed out in Docker executor after ${context.elapsedMs}ms (limit ${this.options.timeoutMs}ms; terminated before structured result).`,
+        summary: `Job timed out in Docker executor after ${context.elapsedMs}ms (limit ${context.timeoutMs}ms; terminated before structured result).`,
         stdout,
         stderr,
         exitCode,

package/runtime/sandbox/apps/workerpals/src/execute_job.ts

@@ -3,7 +3,15 @@
  * Used by both the host Worker (direct mode) and the Docker job runner.
  */
 
-import { existsSync, lstatSync, readFileSync, renameSync, rmSync, unlinkSync } from "fs";
+import {
+  existsSync,
+  lstatSync,
+  readdirSync,
+  readFileSync,
+  renameSync,
+  rmSync,
+  unlinkSync,
+} from "fs";
 import { resolve } from "path";
 import {
   buildGitCommitArgs as buildSourceControlGitCommitArgs,
@@ -138,7 +146,41 @@ export interface QualityGatePolicy {
   criticMinScore: number;
 }
 
-const BROWSER_VALIDATION_MAX_AUTO_REVISIONS = 5;
+const BROWSER_VALIDATION_MAX_AUTO_REVISIONS = 8;
+
+export function qualityRevisionLoopUpperBound(policy: {
+  maxAutoRevisions: number;
+  validationMaxAutoRevisions: number;
+}, opts: {
+  browserValidation?: boolean;
+} = {}): number {
+  return Math.max(
+    policy.maxAutoRevisions,
+    policy.validationMaxAutoRevisions,
+    opts.browserValidation ? BROWSER_VALIDATION_MAX_AUTO_REVISIONS : 0,
+  );
+}
+
+function taskRequestsBrowserValidation(params: Record<string, unknown>): boolean {
+  const candidates: string[] = [];
+  const collect = (value: unknown) => {
+    if (typeof value === "string") {
+      candidates.push(value);
+    } else if (Array.isArray(value)) {
+      for (const item of value) collect(item);
+    }
+  };
+  const planning =
+    params.planning && typeof params.planning === "object"
+      ? (params.planning as Record<string, unknown>)
+      : {};
+  collect(planning.requiredValidationSteps);
+  collect(planning.validationSteps);
+  collect(params.requiredValidationSteps);
+  collect(params.validationSteps);
+  collect(params.instruction);
+  return candidates.some((candidate) => isLongRunningBrowserValidationCommand(candidate));
+}
 
 function shouldSoftPassValidationBlocker(
   policy: QualityGatePolicy,
@@ -1760,13 +1802,102 @@ function extractBrowserValidationArtifacts(text: string): string[] {
   return out;
 }
 
+function collectRecentBrowserValidationFiles(
+  repo: string | undefined,
+  extensions: RegExp,
+  limit = 8,
+): string[] {
+  if (!repo) return [];
+  const roots = ["outputs/web-e2e", "test-results", "playwright-report"]
+    .map((entry) => resolve(repo, entry))
+    .filter((entry) => existsSync(entry));
+  const files: Array<{ path: string; mtimeMs: number }> = [];
+  const visit = (dir: string, depth: number) => {
+    if (depth > 4 || files.length > 2_000) return;
+    let entries: Array<{ name: unknown; isDirectory(): boolean; isFile(): boolean }>;
+    try {
+      entries = readdirSync(dir, { withFileTypes: true });
+    } catch {
+      return;
+    }
+    for (const entry of entries) {
+      const entryName = String(entry.name);
+      const path = resolve(dir, entryName);
+      if (entry.isDirectory()) {
+        visit(path, depth + 1);
+        continue;
+      }
+      if (!entry.isFile() || !extensions.test(entryName)) continue;
+      try {
+        const stat = lstatSync(path);
+        files.push({ path, mtimeMs: stat.mtimeMs });
+      } catch {
+        // Ignore files that disappear while a validation command is cleaning up.
+      }
+    }
+  };
+  for (const root of roots) visit(root, 0);
+  return files
+    .sort((a, b) => b.mtimeMs - a.mtimeMs)
+    .slice(0, limit)
+    .map((entry) => entry.path);
+}
+
+function collectRecentBrowserValidationArtifacts(repo: string | undefined): string[] {
+  return collectRecentBrowserValidationFiles(
+    repo,
+    /\.(?:png|jpe?g|webp|zip|json|txt|log|webm)$/i,
+    6,
+  ).map((entry) => toSingleLine(entry, 220));
+}
+
+function summarizeRecentBrowserValidationLogs(repo: string | undefined): string {
+  const logFiles = collectRecentBrowserValidationFiles(repo, /\.(?:log|txt)$/i, 3);
+  const summaries: string[] = [];
+  for (const logFile of logFiles) {
+    let content = "";
+    try {
+      content = readFileSync(logFile, "utf8");
+    } catch {
+      continue;
+    }
+    const lines = stripAnsiControlSequences(content)
+      .split(/\r?\n/)
+      .map((line) => line.trim())
+      .filter(Boolean)
+      .filter((line) =>
+        /\b(Web end-to-end smoke test failed|Browser validation failed|Expected |locator\.|page\.|waiting for |Call log:|Verified:|Saved screenshot|Saved trace|ERR_SOCKET_BAD_PORT|EADDRINUSE|EPERM|EACCES|browserType\.launch|Expo exited early|freeport|net::ERR_|Validation command timed out|terminated by signal|SIGTERM|timed out after \d+ms)/i.test(
+          line,
+        ),
+      );
+    if (lines.length === 0) continue;
+    summaries.push(`${logFile}: ${lines.slice(-18).join(" | ")}`);
+  }
+  return toSingleLine(summaries.join(" | "), 1_400);
+}
+
+function mergeBrowserValidationArtifacts(...sources: Array<string[] | undefined>): string[] {
+  const out: string[] = [];
+  const seen = new Set<string>();
+  for (const source of sources) {
+    for (const artifact of source ?? []) {
+      const clean = toSingleLine(artifact, 220);
+      if (!clean || seen.has(clean)) continue;
+      seen.add(clean);
+      out.push(clean);
+      if (out.length >= 8) return out;
+    }
+  }
+  return out;
+}
+
 function summarizeBrowserValidationOutput(text: string): string {
   const lines = stripAnsiControlSequences(text)
     .split(/\r?\n/)
     .map((line) => line.trim())
     .filter(Boolean)
     .filter((line) =>
-      /\b(Web end-to-end smoke test failed|Browser validation failed|Expected |locator\.|page\.|waiting for getBy|Call log:|ERR_SOCKET_BAD_PORT|EADDRINUSE|EPERM|EACCES|browserType\.launch|Executable doesn't exist|Expo exited early|freeport|net::ERR_|Validation command timed out|terminated by signal|SIGTERM|timed out after \d+ms)\b/i.test(
+      /\b(Web end-to-end smoke test failed|Browser validation failed|Expected |locator\.|page\.|waiting for getBy|Call log:|ERR_SOCKET_BAD_PORT|EADDRINUSE|EPERM|EACCES|browserType\.launch|Executable doesn't exist|Expo exited early|freeport|net::ERR_|Validation command timed out|terminated by signal|SIGTERM|timed out after \d+ms)/i.test(
         line,
       ),
     );
@@ -1776,6 +1907,7 @@ function summarizeBrowserValidationOutput(text: string): string {
 export function buildBrowserValidationRepairPacket(
   validationRuns: ValidationExecutionResult[],
   previousFailureDigests: Map<string, string> = new Map(),
+  repo?: string,
 ): BrowserValidationRepairPacket | null {
   for (const run of validationRuns) {
     if (run.ok || !isLongRunningBrowserValidationCommand(run.command)) continue;
@@ -1784,6 +1916,8 @@ export function buildBrowserValidationRepairPacket(
     const failureKind = classifyBrowserValidationFailureKindFromText(`${digest}\n${combined}`);
     if (failureKind === "unknown") continue;
     const previousDigest = previousFailureDigests.get(validationCommandKey(run.command)) ?? null;
+    const recentLogSummary = summarizeRecentBrowserValidationLogs(repo);
+    const enrichedBrowserContext = [combined, recentLogSummary].filter(Boolean).join("\n");
     const progress =
       previousDigest == null
         ? "first_failure"
@@ -1793,17 +1927,25 @@ export function buildBrowserValidationRepairPacket(
     return {
       command: run.command,
       failureKind,
-      stage: extractBrowserValidationStage(combined),
-      selector: extractBrowserValidationSelector(combined),
-      expected: extractBrowserValidationExpectedUi(combined),
+      stage: extractBrowserValidationStage(enrichedBrowserContext),
+      selector: extractBrowserValidationSelector(enrichedBrowserContext),
+      expected: extractBrowserValidationExpectedUi(enrichedBrowserContext),
       digest,
       previousDigest,
       previousStage: previousDigest ? extractBrowserValidationStage(previousDigest) : null,
       previousSelector: previousDigest ? extractBrowserValidationSelector(previousDigest) : null,
       previousExpected: previousDigest ? extractBrowserValidationExpectedUi(previousDigest) : null,
       progress,
-      artifacts: extractBrowserValidationArtifacts(combined),
-      output: summarizeBrowserValidationOutput(combined) || digest,
+      artifacts: mergeBrowserValidationArtifacts(
+        extractBrowserValidationArtifacts(combined),
+        collectRecentBrowserValidationArtifacts(repo),
+      ),
+      output: [
+        summarizeBrowserValidationOutput(combined) || digest,
+        recentLogSummary,
+      ]
+        .filter(Boolean)
+        .join(" | "),
     };
   }
   return null;
@@ -2663,7 +2805,10 @@ export function buildQualityRevisionHint(
       "Convergence rule: preserve stages that already passed, repair only the current failing browser stage, and stop after one targeted browser confirmation so the next ValidationGate run gets a clean signal.",
     );
     lines.push(
-      `Validation rerun rule: PushPals ValidationGate will rerun "${browserRepairPacket.command}" after the patch. During the edit turn, run focused fast checks first; only run the full browser command for one targeted confirmation and stop on the first clear stage failure.`,
+      "Executor sandbox rule: if the full browser command cannot run inside this edit turn because local server binding is denied or Expo/Playwright reports ERR_SOCKET_BAD_PORT, listen EPERM, EACCES, or a local port bind/freeport failure before reaching the app, treat that as a Codex executor verification limitation. Do not change app startup, ports, or browser provisioning for that local-only signal unless the ValidationGate failure above is also a startup/setup failure. Use the captured artifacts plus fast checks, then let ValidationGate perform the authoritative browser run.",
+    );
+    lines.push(
+      `Validation rerun rule: PushPals ValidationGate will rerun "${browserRepairPacket.command}" after the patch. During a focused browser repair turn, run fast non-browser checks and inspect captured artifacts first; do not run the full browser command from the Codex executor by default. Only run the full browser command for one targeted confirmation if artifacts are missing and a quick local bind/startup probe shows the browser server can actually run in this executor. Otherwise stop after fast checks so ValidationGate gets the clean authoritative signal.`,
     );
   }
   if (reviewFixContext) {
@@ -5421,10 +5566,9 @@ export async function executeJob(
   const qualityGatePolicy = deriveQualityGatePolicy(normalizedParams, runtimeConfig);
   const qualityMaxAutoRevisions = qualityGatePolicy.maxAutoRevisions;
   const qualityValidationMaxAutoRevisions = qualityGatePolicy.validationMaxAutoRevisions;
-  const qualityRevisionLoopMax = Math.max(
-    qualityMaxAutoRevisions,
-    qualityValidationMaxAutoRevisions,
-  );
+  const qualityRevisionLoopMax = qualityRevisionLoopUpperBound(qualityGatePolicy, {
+    browserValidation: taskRequestsBrowserValidation(normalizedParams),
+  });
   const qualitySoftPassOnExhausted = qualityGatePolicy.softPassOnExhausted;
   const qualityCriticMinScore = qualityGatePolicy.criticMinScore;
 
@@ -5565,6 +5709,7 @@ export async function executeJob(
     const browserRepairPacket = buildBrowserValidationRepairPacket(
       quality.validationRuns,
       previousValidationFailureDigests,
+      repo,
     );
     for (const run of quality.validationRuns) {
       if (run.ok) continue;
@@ -5722,7 +5867,7 @@ export async function executeJob(
         requiredValidationFailures: quality.requiredValidationFailures,
         blocker: quality.blocker,
         revisionAttempt,
-        maxAutoRevisions: qualityValidationMaxAutoRevisions,
+        maxAutoRevisions: activeMaxAutoRevisions,
         outsideTaskScope: validationOutsideTaskScope,
       });
       if (requiredValidationCanRevise) {

package/runtime/sandbox/prompts/workerpals/openai_codex_task_execute_system_prompt.md

@@ -16,7 +16,7 @@ Execution rules:
 - If the hinted file is a thin wrapper or the behavior lives elsewhere, edit the behavior-owning file(s) needed to solve the task and explain the scope expansion in your final response.
 - Avoid irrelevant sprawl; the review agent will judge whether changed files are necessary for the requested outcome.
 - Read relevant files before editing, then run focused validation.
-- PushPals runs the deterministic ValidationGate after your edit, including any repo-required `vision.md` commands. During the editing turn, prefer focused/fast validation. Do not spend the main Codex execution budget repeatedly running long browser/e2e smoke commands such as `bun run web:e2e`; run them only when the task is specifically about the browser harness or when you need a final targeted confirmation and can stop promptly on a clear failure.
+- PushPals runs the deterministic ValidationGate after your edit, including any repo-required `vision.md` commands. During the editing turn, prefer focused/fast validation. Do not run long browser/e2e smoke commands such as `bun run web:e2e` by default from the Codex executor; ValidationGate is the authoritative browser runner and has the provisioned browser/runtime environment. For browser-harness tasks, inspect existing artifacts, run fast non-browser checks, and only run the full browser command once when a quick local startup probe shows it can run here and you need one targeted confirmation.
 - Use direct commands without shell wrappers. Prefer plain commands like `git diff -- path`, `git add <path>`, `git status --porcelain`, and `pwd`.
 - Do not wrap commands in `/bin/bash -lc`, `sh -lc`, `cmd /c`, or `powershell -Command`, and avoid pipelines, `awk`, heredocs, or multi-command shell snippets unless they are truly unavoidable.
 - If the command router rejects a command, simplify it to a single direct command instead of retrying more shell wrappers.