npm - @pushpalsdev/cli - Versions diffs - 1.1.38 → 1.1.39 - Mend

@pushpalsdev/cli 1.1.38 → 1.1.39

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/dist/pushpals-cli.js CHANGED Viewed

@@ -2169,6 +2169,97 @@ function withWindowsGitSchannelEnv(env, platform = process.platform) {
     return env;
   return appendGitConfigEnv(env, "http.sslBackend", "schannel");
 }
+var WINDOWS_NODE_EXTRA_CA_CERTS_DISABLE_ENV = "PUSHPALS_DISABLE_WINDOWS_NODE_EXTRA_CA_CERTS";
+var WINDOWS_NODE_EXTRA_CA_CERTS_BUNDLE_RELATIVE_PATH = ["certs", "windows-root-ca.pem"];
+function resolveWindowsNodeExtraCaCertsBundlePath(runtimeRoot) {
+  return join2(runtimeRoot, ...WINDOWS_NODE_EXTRA_CA_CERTS_BUNDLE_RELATIVE_PATH);
+}
+function hasUsablePemCertificate(pathValue) {
+  try {
+    return /-----BEGIN CERTIFICATE-----/.test(readFileSync4(pathValue, "utf8"));
+  } catch {
+    return false;
+  }
+}
+function ensureWindowsNodeExtraCaCertsBundle(outPath, env) {
+  if (hasUsablePemCertificate(outPath))
+    return outPath;
+  const outDir = dirname(outPath);
+  try {
+    mkdirSync(outDir, { recursive: true });
+  } catch {
+    return "";
+  }
+  const script = String.raw`
+$ErrorActionPreference = "Stop"
+$outPath = $env:PUSHPALS_WINDOWS_NODE_EXTRA_CA_CERTS_OUT
+if (-not $outPath) { throw "PUSHPALS_WINDOWS_NODE_EXTRA_CA_CERTS_OUT is required" }
+$outDir = Split-Path -Parent $outPath
+if ($outDir) { [System.IO.Directory]::CreateDirectory($outDir) | Out-Null }
+$stores = @("Cert:\CurrentUser\Root", "Cert:\LocalMachine\Root")
+$seen = @{}
+$lines = New-Object System.Collections.Generic.List[string]
+foreach ($store in $stores) {
+  if (-not (Test-Path $store)) { continue }
+  foreach ($cert in Get-ChildItem $store) {
+    if (-not $cert.RawData) { continue }
+    if ($cert.NotAfter -lt (Get-Date)) { continue }
+    $thumbprint = [string]$cert.Thumbprint
+    if ($seen.ContainsKey($thumbprint)) { continue }
+    $seen[$thumbprint] = $true
+    $lines.Add("-----BEGIN CERTIFICATE-----")
+    $encoded = [Convert]::ToBase64String($cert.RawData, [Base64FormattingOptions]::InsertLineBreaks)
+    foreach ($line in [regex]::Split($encoded, '\r?\n')) {
+      if ($line) { $lines.Add($line) }
+    }
+    $lines.Add("-----END CERTIFICATE-----")
+  }
+}
+if ($lines.Count -eq 0) { throw "No Windows root certificates found" }
+[System.IO.File]::WriteAllLines($outPath, $lines, [System.Text.Encoding]::ASCII)
+`;
+  const encodedScript = Buffer.from(script, "utf16le").toString("base64");
+  const childEnv = normalizeChildProcessEnv({
+    ...env,
+    PUSHPALS_WINDOWS_NODE_EXTRA_CA_CERTS_OUT: outPath
+  });
+  const result = Bun.spawnSync([
+    "powershell.exe",
+    "-NoProfile",
+    "-NonInteractive",
+    "-ExecutionPolicy",
+    "Bypass",
+    "-EncodedCommand",
+    encodedScript
+  ], {
+    cwd: process.cwd(),
+    env: childEnv,
+    stdout: "pipe",
+    stderr: "pipe"
+  });
+  if (result.exitCode !== 0)
+    return "";
+  return hasUsablePemCertificate(outPath) ? outPath : "";
+}
+function withWindowsNodeExtraCaCertsEnv(env, opts) {
+  const platform = opts.platform ?? process.platform;
+  if (platform !== "win32")
+    return env;
+  if (parseBooleanFlag(env[WINDOWS_NODE_EXTRA_CA_CERTS_DISABLE_ENV]) === true)
+    return env;
+  if (typeof env.NODE_EXTRA_CA_CERTS === "string" && env.NODE_EXTRA_CA_CERTS.trim())
+    return env;
+  const runtimeRoot = String(opts.runtimeRoot ?? "").trim();
+  if (!runtimeRoot || !existsSync5(runtimeRoot))
+    return env;
+  const bundlePath = ensureWindowsNodeExtraCaCertsBundle(resolveWindowsNodeExtraCaCertsBundlePath(runtimeRoot), env);
+  if (!bundlePath)
+    return env;
+  return {
+    ...env,
+    NODE_EXTRA_CA_CERTS: bundlePath
+  };
+}
 async function runGitWithEnv(args, cwd, env, timeoutMs) {
   return await runCommandWithEnv(["git", ...args], cwd, withWindowsGitSchannelEnv(env), timeoutMs);
 }
@@ -2844,7 +2935,11 @@ function buildEmbeddedRuntimeEnv(baseEnv, opts) {
     ...typeof env.PUSHPALS_DOCKER_BIN === "string" && env.PUSHPALS_DOCKER_BIN.trim() ? { PUSHPALS_DOCKER_BIN: env.PUSHPALS_DOCKER_BIN.trim() } : {},
     ...typeof env.PUSHPALS_DOCKER_BIN_ABSOLUTE === "string" && env.PUSHPALS_DOCKER_BIN_ABSOLUTE.trim() ? { PUSHPALS_DOCKER_BIN_ABSOLUTE: env.PUSHPALS_DOCKER_BIN_ABSOLUTE.trim() } : {}
   };
-  return withWindowsGitSchannelEnv(runtimeEnv, platform);
+  const runtimeEnvWithWindowsCa = withWindowsNodeExtraCaCertsEnv(runtimeEnv, {
+    platform,
+    runtimeRoot: opts.runtimeRoot
+  });
+  return withWindowsGitSchannelEnv(runtimeEnvWithWindowsCa, platform);
 }
 function parseBooleanFlag(raw) {
   const normalized = String(raw ?? "").trim().toLowerCase();
@@ -6034,10 +6129,13 @@ ${line}
     console.log("[pushpals] Runtime-only mode is active. Send `exit` on stdin or terminate the process to stop.");
     await new Promise((resolveStop) => {
       let resolved = false;
+      let exitRequestedFromInput = false;
+      const keepAlive = setInterval(() => {}, 60000);
       const finish = () => {
         if (resolved)
           return;
         resolved = true;
+        clearInterval(keepAlive);
         resolveStop();
       };
       process.once("SIGINT", finish);
@@ -6050,13 +6148,17 @@ ${line}
       runtimeOnlyInput.on("line", (line) => {
         if (!isCliExitCommand(line))
           return;
+        exitRequestedFromInput = true;
         requestStop();
         runtimeOnlyInput.close();
         finish();
       });
       runtimeOnlyInput.on("close", () => {
-        requestStop();
-        finish();
+        if (exitRequestedFromInput || resolved) {
+          finish();
+          return;
+        }
+        console.log("[pushpals] Runtime-only stdin closed; continuing until terminated.");
       });
     });
     await requestStop();
@@ -6138,6 +6240,7 @@ if (import.meta.main) {
   });
 }
 export {
+  withWindowsNodeExtraCaCertsEnv,
   waitForWorkerpalCapacity,
   waitForRemoteBuddySessionConsumer,
   startEmbeddedMonitoringHub,
@@ -6154,6 +6257,7 @@ export {
   resolveWorkerExecutionReadiness,
   resolveWindowsWhereExecutableCandidatesForEnv,
   resolveWindowsShellExecutableCandidatesForEnv,
+  resolveWindowsNodeExtraCaCertsBundlePath,
   resolveWindowsFreshRuntimeWorkerpalPrewarmDelayMs,
   resolveRuntimeGitExecutableCandidates,
   resolveRuntimeDockerExecutableCandidates,

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@pushpalsdev/cli",
-  "version": "1.1.38",
+  "version": "1.1.39",
   "description": "PushPals terminal CLI for LocalBuddy -> RemoteBuddy orchestration",
   "license": "MIT",
   "repository": {

package/runtime/sandbox/apps/workerpals/src/backends/openai_codex/openai_codex_executor.py CHANGED Viewed

@@ -127,6 +127,7 @@ _SMALL_TASK_ROLLOUT_WATCHDOG_S = 240
 _NARROW_TEST_TASK_ROLLOUT_WATCHDOG_S = 150
 _WEB_REVIEW_ROLLOUT_WATCHDOG_S = 180
 _BACKGROUND_ROLLOUT_WATCHDOG_S = 90
+_MIN_AUTO_WATCHDOG_TIMEOUT_S = 180
 _MIN_CODEX_RECOVERY_ATTEMPT_S = 120
 _NO_PUBLISHABLE_FAILURE_COOLDOWN_MS = 10 * 60 * 1000
 _CODEX_STARTUP_ONLY_EVENT_TYPES = {"thread.started", "turn.started"}
@@ -664,6 +665,9 @@ def _looks_like_narrow_test_task_prompt(prompt: str) -> bool:
         "ranking contract",
         "regression coverage",
         "focused coverage",
+        "focused test",
+        "focused tests",
+        "focused testing",
         "focused regression",
         "test-only",
         "test only",
@@ -742,7 +746,7 @@ def _resolve_no_edit_watchdog_seconds(
         else:
             return max(1, min(parsed, max(1, communicate_timeout_s - 1)))
-    if communicate_timeout_s < 600:
+    if communicate_timeout_s < _MIN_AUTO_WATCHDOG_TIMEOUT_S:
         return None
     prompt_text = str(prompt or "").lower()
@@ -887,7 +891,7 @@ def _resolve_rollout_watchdog_seconds(
     communicate_timeout_s: Optional[int],
     no_edit_watchdog_s: Optional[int],
 ) -> Optional[int]:
-    if not communicate_timeout_s or communicate_timeout_s < 600:
+    if not communicate_timeout_s or communicate_timeout_s < _MIN_AUTO_WATCHDOG_TIMEOUT_S:
         return None
     raw = os.environ.get("WORKERPALS_OPENAI_CODEX_ROLLOUT_WATCHDOG_S", "").strip()

package/runtime/sandbox/apps/workerpals/src/backends/openai_codex/test_openai_codex_runtime_config.py CHANGED Viewed

@@ -2156,6 +2156,24 @@ class OpenAICodexRuntimeConfigTests(unittest.TestCase):
         self.assertEqual(watchdog_s, 180)
+    def test_review_fix_child_budget_below_ten_minutes_still_uses_watchdogs(self) -> None:
+        prompt = (
+            "Rejected PR revision brief: Previous ReviewAgent score: 8.0 / 10. "
+            "Add focused tests for createCleanupHarness.runTask covering successful execution, "
+            "execute failure, cleanup failure, invalid task input, and cleanup execution after "
+            "successful task completion."
+        )
+        env = {
+            "WORKERPALS_OPENAI_CODEX_NO_EDIT_WATCHDOG_S": "",
+            "WORKERPALS_OPENAI_CODEX_ROLLOUT_WATCHDOG_S": "",
+        }
+        with mock.patch.dict(os.environ, env, clear=False):
+            no_edit_s = _resolve_no_edit_watchdog_seconds(prompt, 570)
+            rollout_s = _resolve_rollout_watchdog_seconds(prompt, 570, no_edit_s)
+        self.assertEqual(no_edit_s, 180)
+        self.assertEqual(rollout_s, 120)
     def test_no_edit_recovery_guidance_warns_against_artifact_only_progress(self) -> None:
         guidance = _build_no_edit_recovery_guidance(
             "item.completed | still inspecting",