@rudderhq/agent-runtime-utils 0.2.0-canary.4 → 0.2.0-canary.40

package/dist/server-utils.js

@@ -27,6 +27,38 @@ const RUDDER_SKILL_ROOT_RELATIVE_CANDIDATES = [
     "../../skills",
     "../../../../../server/resources/bundled-skills",
 ];
+const DEFAULT_LOCAL_CLI_CREDENTIAL_HOME_ENTRIES = [
+    ".aws",
+    ".azure",
+    ".config/gh",
+    ".config/gcloud",
+    ".config/op",
+    ".config/vercel",
+    ".config/configstore",
+    ".docker",
+    ".fly",
+    ".git-credentials",
+    ".gnupg",
+    ".kube",
+    ".netrc",
+    ".npmrc",
+    ".ssh",
+    ".vercel",
+    "Library/Application Support/gh",
+    "Library/Application Support/com.heroku.cli",
+];
+const DEFAULT_LOCAL_CLI_OPERATOR_HOME_SHIM_COMMANDS = [
+    {
+        command: "gh",
+        authCheckArgs: ["auth", "status"],
+        credentialEntries: [".config/gh", "Library/Application Support/gh"],
+    },
+    {
+        command: "vercel",
+        authCheckArgs: ["whoami"],
+        credentialEntries: [".config/vercel", ".vercel", ".config/configstore"],
+    },
+];
 function normalizePathSlashes(value) {
     return value.replaceAll("\\", "/");
 }
@@ -161,10 +193,68 @@ export function resolvePathValue(obj, dottedPath) {
 export function renderTemplate(template, data) {
     return template.replace(/{{\s*([a-zA-Z0-9_.-]+)\s*}}/g, (_, path) => resolvePathValue(data, path));
 }
+const ISSUE_DOCUMENT_PROMPT_BODY_CHAR_LIMIT = 16_000;
+function truncateIssueDocumentBody(body) {
+    if (body.length <= ISSUE_DOCUMENT_PROMPT_BODY_CHAR_LIMIT)
+        return body;
+    return `${body.slice(0, ISSUE_DOCUMENT_PROMPT_BODY_CHAR_LIMIT).trimEnd()}\n\n[Document truncated in prompt. Fetch the full document with the Rudder CLI.]`;
+}
+function formatDocumentHeading(key, title) {
+    const cleanTitle = typeof title === "string" ? title.trim() : "";
+    return cleanTitle ? `### ${key} — ${cleanTitle}` : `### ${key}`;
+}
+function readIssueDocumentPromptIssueId(input) {
+    const planIssueId = typeof input.planDocument?.issueId === "string" ? input.planDocument.issueId.trim() : "";
+    if (planIssueId)
+        return planIssueId;
+    for (const summary of input.documentSummaries ?? []) {
+        const issueId = typeof summary.issueId === "string" ? summary.issueId.trim() : "";
+        if (issueId)
+            return issueId;
+    }
+    return "<issue-id>";
+}
+export function buildIssueDocumentsPrompt(input) {
+    if (!input)
+        return "";
+    const sections = [];
+    const planKey = input.planDocument?.key?.trim() || input.legacyPlanDocument?.key?.trim() || "plan";
+    const planBody = input.planDocument?.body?.trim() || input.legacyPlanDocument?.body?.trim() || "";
+    if (planBody) {
+        sections.push([
+            formatDocumentHeading(planKey, input.planDocument?.title),
+            input.legacyPlanDocument ? "Source: legacy `<plan>` block in the issue description." : `Source: issue document \`${planKey}\`.`,
+            "",
+            truncateIssueDocumentBody(planBody),
+        ].join("\n"));
+    }
+    const otherDocuments = (input.documentSummaries ?? []).filter((doc) => {
+        const key = typeof doc.key === "string" ? doc.key.trim() : "";
+        return key && key !== planKey;
+    });
+    if (otherDocuments.length > 0) {
+        const issueId = readIssueDocumentPromptIssueId(input);
+        sections.push([
+            "### Additional Issue Documents",
+            ...otherDocuments.map((doc) => {
+                const key = doc.key?.trim() || "document";
+                const title = doc.title?.trim();
+                const revision = typeof doc.latestRevisionNumber === "number" ? `, revision ${doc.latestRevisionNumber}` : "";
+                const titlePart = title ? ` — ${title}` : "";
+                return `- \`${key}\`${titlePart}${revision}. Fetch with \`rudder issue documents get ${issueId} ${key} --json\`.`;
+            }),
+        ].join("\n"));
+    }
+    if (sections.length === 0)
+        return "";
+    return ["## Issue Documents", ...sections].join("\n\n");
+}
 // Default prompt templates for different wake sources
 export const DEFAULT_AGENT_PROMPT_TEMPLATE = `You are agent {{agent.id}} ({{agent.name}}). Continue your Rudder work.
 
-{{context.rudderWorkspace.orgResourcesPrompt}}`;
+{{context.rudderWorkspace.orgResourcesPrompt}}
+
+{{context.issueDocumentsPrompt}}`;
 export const ISSUE_ASSIGN_PROMPT_TEMPLATE = `You are agent {{agent.id}} ({{agent.name}}). You have been assigned to work on an issue.
 
 {{context.rudderWorkspace.orgResourcesPrompt}}
@@ -179,6 +269,8 @@ export const ISSUE_ASSIGN_PROMPT_TEMPLATE = `You are agent {{agent.id}} ({{agent
 **Description:**
 {{issue.description}}
 
+{{context.issueDocumentsPrompt}}
+
 Your task is to review this issue and begin working on it. Use the available tools to explore the codebase, understand the requirements, and implement a solution.`;
 export const COMMENT_MENTION_PROMPT_TEMPLATE = `You are agent {{agent.id}} ({{agent.name}}). You were mentioned in a comment and your attention is needed.
 
@@ -192,6 +284,8 @@ export const COMMENT_MENTION_PROMPT_TEMPLATE = `You are agent {{agent.id}} ({{ag
 **Issue Description:**
 {{issue.description}}
 
+{{context.issueDocumentsPrompt}}
+
 **Comment:**
 {{comment.body}}
 
@@ -209,10 +303,31 @@ export const ISSUE_COMMENTED_PROMPT_TEMPLATE = `You are agent {{agent.id}} ({{ag
 **Issue Description:**
 {{issue.description}}
 
+{{context.issueDocumentsPrompt}}
+
 **Latest Comment:**
 {{comment.body}}
 
 Review the new comment and continue the issue from the current state. Respond or take action as needed.`;
+export const ISSUE_CHANGES_REQUESTED_PROMPT_TEMPLATE = `You are agent {{agent.id}} ({{agent.name}}). A reviewer requested changes on an issue you own.
+
+{{context.rudderWorkspace.orgResourcesPrompt}}
+
+## Context
+
+**Issue:** {{issue.title}}
+**ID:** {{issue.id}}
+**Status:** {{issue.status}}
+
+**Issue Description:**
+{{issue.description}}
+
+{{context.issueDocumentsPrompt}}
+
+**Reviewer Comment:**
+{{comment.body}}
+
+Review the requested changes and continue the issue from the current state. Address the reviewer feedback before handing it back for review.`;
 export const ISSUE_RECOVERY_PROMPT_TEMPLATE = `You are agent {{agent.id}} ({{agent.name}}). This is a recovery run, not a fresh task.
 
 {{context.rudderWorkspace.orgResourcesPrompt}}
@@ -235,6 +350,8 @@ export const ISSUE_RECOVERY_PROMPT_TEMPLATE = `You are agent {{agent.id}} ({{age
 - Description:
 {{issue.description}}
 
+{{context.issueDocumentsPrompt}}
+
 Before doing anything else, inspect what the previous run already completed and any side effects it may have caused. Continue the remaining work from the current state. Avoid blindly re-running the whole task.`;
 export const RECOVERY_PROMPT_TEMPLATE = `You are agent {{agent.id}} ({{agent.name}}). This is a recovery run, not a fresh task.
 
@@ -272,6 +389,8 @@ Reason: {{context.passiveFollowup.reason}}
 - Description:
 {{issue.description}}
 
+{{context.issueDocumentsPrompt}}
+
 Before changing the issue, inspect the current issue state and any side effects from the previous run. Then do exactly one close-out action: add a progress comment, mark the issue done, block it with a reason, or hand it off explicitly with explanation.`;
 /**
  * Selects the base heartbeat prompt template used by runtimes before final prompt assembly.
@@ -283,6 +402,9 @@ Before changing the issue, inspect the current issue state and any side effects
  * - comment.mention:
  *   "You were mentioned in a comment ..."
  *   Includes issue summary plus mention comment body so the agent can respond without extra fetches.
+ * - issue_changes_requested:
+ *   "A reviewer requested changes on an issue you own ..."
+ *   Includes issue summary plus reviewer comment body so the assignee can act on feedback immediately.
  * - issue_commented:
  *   "There is a new comment on an issue you own ..."
  *   Includes issue summary plus the newest comment body so the assignee can continue immediately.
@@ -331,6 +453,9 @@ export function selectPromptTemplate(configuredTemplate, context) {
     if (wakeReason === "issue_passive_followup") {
         return ISSUE_PASSIVE_FOLLOWUP_PROMPT_TEMPLATE;
     }
+    if (wakeReason === "issue_changes_requested") {
+        return ISSUE_CHANGES_REQUESTED_PROMPT_TEMPLATE;
+    }
     if (wakeSource === "assignment" || wakeReason === "issue_assigned") {
         return ISSUE_ASSIGN_PROMPT_TEMPLATE;
     }
@@ -362,10 +487,18 @@ export const RUDDER_AGENT_OPERATING_CONTRACT = [
     "- Shared organization workspace root lives under `$RUDDER_ORG_WORKSPACE_ROOT`.",
     "- Shared organization skills live under `$RUDDER_ORG_SKILLS_DIR`.",
     "- Shared organization plans live under `$RUDDER_ORG_PLANS_DIR`.",
+    "- Shared organization artifacts live under `$RUDDER_ORG_ARTIFACTS_DIR`.",
+    "- Durable generated outputs such as screenshots, images, mockups, reports, CSVs, handoff logs, and other user-visible files should be written under `$RUDDER_ORG_ARTIFACTS_DIR` when available.",
+    "- Use `/tmp` only for transient scratch files and temporary verification artifacts; do not put durable work product there.",
+    "- Local trusted runtimes may expose the host operator home as `$RUDDER_OPERATOR_HOME`; use it only when a local skill or script intentionally needs operator-owned desktop app or CLI state. Do not replace `$HOME` with it.",
     "- Durable shared work output should prefer these managed workspace paths instead of ad-hoc top-level `projects/` folders.",
     "",
+    "When you create or copy a skill under `$AGENT_HOME/skills/<slug>/`, check the agent's Skills snapshot before claiming it will load in future runs. If it is installed but not enabled, say exactly that future runs will not load it until enabled, and offer to enable it with `rudder agent skills enable <agent-id> <selection-ref>` when you have permission.",
+    "",
     "When you write issue comments or chat replies, match the language of the user's or board's most recent substantive message unless they explicitly ask for a different language.",
     "",
+    "When an issue comment, done comment, or blocker comment cites visual evidence from a local screenshot/image path, attach the image with the Rudder CLI `--image <path>` option instead of leaving only the filesystem path in the text.",
+    "",
     "## Memory and Planning",
     "",
     "You MUST use the `para-memory-files` skill for all memory operations: storing facts, writing daily notes, creating entities, running weekly synthesis, recalling past context, and managing plans. The skill defines your three-layer memory system (knowledge graph, daily notes, tacit knowledge), the PARA folder structure, atomic fact schemas, memory decay rules, and recall/planning conventions.",
@@ -379,9 +512,40 @@ export const RUDDER_AGENT_OPERATING_CONTRACT = [
     "- Never exfiltrate secrets or private data.",
     "- Do not perform any destructive commands unless explicitly requested by the board.",
 ].join("\n");
+function toPromptPath(pathValue) {
+    return pathValue.split(path.sep).join("/");
+}
+function isInsidePath(parentPath, childPath) {
+    const relativePath = path.relative(parentPath, childPath);
+    return relativePath === "" || (!relativePath.startsWith("..") && !path.isAbsolute(relativePath));
+}
+function displayInstructionPath(filePath, instructionsFilePath) {
+    const resolvedFilePath = path.resolve(filePath);
+    const resolvedInstructionsPath = path.resolve(instructionsFilePath);
+    const instructionsDir = path.dirname(resolvedInstructionsPath);
+    if (path.basename(instructionsDir) === "instructions") {
+        const agentHome = path.dirname(instructionsDir);
+        if (isInsidePath(agentHome, resolvedFilePath)) {
+            const relativePath = path.relative(agentHome, resolvedFilePath);
+            return relativePath ? `$AGENT_HOME/${toPromptPath(relativePath)}` : "$AGENT_HOME";
+        }
+    }
+    return filePath;
+}
+function displayInstructionDir(filePath, instructionsFilePath) {
+    const displayPath = displayInstructionPath(filePath, instructionsFilePath);
+    const lastSlash = displayPath.lastIndexOf("/");
+    return lastSlash >= 0 ? `${displayPath.slice(0, lastSlash)}/` : "";
+}
 export async function loadAgentInstructionsPrefix(input) {
     const instructionsFilePath = input.instructionsFilePath.trim();
     const instructionsDir = instructionsFilePath ? `${path.dirname(instructionsFilePath)}/` : "";
+    const displayInstructionsFilePath = instructionsFilePath
+        ? displayInstructionPath(instructionsFilePath, instructionsFilePath)
+        : "";
+    const displayInstructionsDir = instructionsFilePath
+        ? displayInstructionDir(instructionsFilePath, instructionsFilePath)
+        : "";
     const warningStream = input.warningStream ?? "stdout";
     const operatingContractSection = `${RUDDER_AGENT_OPERATING_CONTRACT}\n\n` +
         "The above Rudder agent operating contract was injected by Rudder at runtime.";
@@ -413,29 +577,31 @@ export async function loadAgentInstructionsPrefix(input) {
         loadedPaths.add(path.resolve(instructionsFilePath));
         entrySection =
             `${instructionsContents}\n\n` +
-                `The above agent instructions were loaded from ${instructionsFilePath}. ` +
-                `Resolve any relative file references from ${instructionsDir}.`;
-        await input.onLog("stdout", `[rudder] Loaded agent instructions file: ${instructionsFilePath}\n`);
+                `The above agent instructions were loaded from ${displayInstructionsFilePath}. ` +
+                `Resolve any relative file references from ${displayInstructionsDir}.`;
+        await input.onLog("stdout", `[rudder] Loaded agent instructions file: ${displayInstructionsFilePath}\n`);
     }
     catch (err) {
         const reason = err instanceof Error ? err.message : String(err);
         await input.onLog(warningStream, `[rudder] Warning: could not read agent instructions file "${instructionsFilePath}": ${reason}\n`);
-        commandNotes.push(`Configured instructionsFilePath ${instructionsFilePath}, but file could not be read; continuing without injected instructions.`);
+        commandNotes.push(`Configured instructionsFilePath ${displayInstructionsFilePath}, but file could not be read; continuing without injected instructions.`);
     }
     async function loadSiblingInstructionFile(siblingInput) {
         const filePath = path.join(path.dirname(instructionsFilePath), siblingInput.fileName);
         const resolvedPath = path.resolve(filePath);
+        const displayFilePath = displayInstructionPath(filePath, instructionsFilePath);
+        const displayFileDir = displayInstructionDir(filePath, instructionsFilePath);
         if (loadedPaths.has(resolvedPath))
             return { path: filePath, section: "" };
         try {
             const contents = await fs.readFile(filePath, "utf8");
             loadedPaths.add(resolvedPath);
-            await input.onLog("stdout", `[rudder] Loaded ${siblingInput.logLabel}: ${filePath}\n`);
+            await input.onLog("stdout", `[rudder] Loaded ${siblingInput.logLabel}: ${displayFilePath}\n`);
             return {
                 path: filePath,
                 section: `${contents}\n\n` +
-                    `The above ${siblingInput.label} were loaded from ${filePath}. ` +
-                    `Resolve any relative file references from ${instructionsDir}.`,
+                    `The above ${siblingInput.label} were loaded from ${displayFilePath}. ` +
+                    `Resolve any relative file references from ${displayFileDir}.`,
             };
         }
         catch (err) {
@@ -451,26 +617,29 @@ export async function loadAgentInstructionsPrefix(input) {
         label: "agent role and persona instructions",
         logLabel: "agent soul instructions file",
     });
-    if (soul.section)
-        commandNotes.push(`Loaded agent soul instructions from ${soul.path}`);
+    if (soul.section && soul.path) {
+        commandNotes.push(`Loaded agent soul instructions from ${displayInstructionPath(soul.path, instructionsFilePath)}`);
+    }
     const tools = await loadSiblingInstructionFile({
         fileName: "TOOLS.md",
         label: "agent tool notes",
         logLabel: "agent tool notes file",
     });
-    if (tools.section)
-        commandNotes.push(`Loaded agent tool notes from ${tools.path}`);
+    if (tools.section && tools.path) {
+        commandNotes.push(`Loaded agent tool notes from ${displayInstructionPath(tools.path, instructionsFilePath)}`);
+    }
     const memory = await loadSiblingInstructionFile({
         fileName: "MEMORY.md",
         label: "agent memory instructions",
         logLabel: "agent memory instructions file",
     });
-    if (memory.section)
-        commandNotes.push(`Loaded agent memory instructions from ${memory.path}`);
+    if (memory.section && memory.path) {
+        commandNotes.push(`Loaded agent memory instructions from ${displayInstructionPath(memory.path, instructionsFilePath)}`);
+    }
     const memoryFilePath = memory.section ? memory.path : null;
     const memorySection = memory.section;
     if (entrySection)
-        commandNotes.splice(1, 0, `Loaded agent instructions from ${instructionsFilePath}`);
+        commandNotes.splice(1, 0, `Loaded agent instructions from ${displayInstructionsFilePath}`);
     const prefix = joinPromptSections([operatingContractSection, entrySection, soul.section, tools.section, memorySection]);
     return {
         prefix,
@@ -535,6 +704,15 @@ async function pathExists(candidate) {
         return false;
     }
 }
+async function fileExists(candidate) {
+    try {
+        await fs.access(candidate, fsConstants.F_OK);
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
 async function resolveCommandPath(command, cwd, env) {
     const hasPathSeparator = command.includes("/") || command.includes("\\");
     if (hasPathSeparator) {
@@ -605,7 +783,7 @@ async function findAncestorWithFile(startDir, relativePath, maxDepth = 12) {
     let current = path.resolve(startDir);
     for (let depth = 0; depth <= maxDepth; depth += 1) {
         const candidate = path.join(current, relativePath);
-        if (await pathExists(candidate))
+        if (await fileExists(candidate))
             return candidate;
         const parent = path.dirname(current);
         if (parent === current)
@@ -631,14 +809,14 @@ async function resolveRudderCliShimTarget(moduleDir) {
     const rootDir = path.dirname(path.dirname(path.dirname(repoRoot)));
     const tsxEntry = path.join(rootDir, "cli", "node_modules", "tsx", "dist", "cli.mjs");
     const cliSource = path.join(rootDir, "cli", "src", "index.ts");
-    if (await pathExists(tsxEntry)) {
+    if (await fileExists(tsxEntry)) {
         return {
             command: process.execPath,
             args: [tsxEntry, cliSource],
         };
     }
     const builtCliEntry = path.join(rootDir, "cli", "dist", "index.js");
-    if (await pathExists(builtCliEntry)) {
+    if (await fileExists(builtCliEntry)) {
         return {
             command: process.execPath,
             args: [builtCliEntry],
@@ -667,10 +845,6 @@ async function materializeRudderCliShim(target) {
 }
 export async function ensureRudderCliInPath(moduleDir, env) {
     const normalized = ensurePathInEnv(env);
-    const cwd = process.cwd();
-    if (await resolveCommandPath("rudder", cwd, normalized)) {
-        return normalized;
-    }
     const target = await resolveRudderCliShimTarget(moduleDir);
     if (!target) {
         return normalized;
@@ -945,6 +1119,230 @@ export function writeRudderSkillSyncPreference(config, desiredSkills) {
     next.rudderSkillSync = current;
     return next;
 }
+function nonEmptyEnvPath(value) {
+    return typeof value === "string" && value.trim().length > 0 ? path.resolve(value.trim()) : null;
+}
+export function resolveLocalOperatorHome(sourceEnv = process.env) {
+    return (nonEmptyEnvPath(sourceEnv.RUDDER_OPERATOR_HOME)
+        ?? nonEmptyEnvPath(process.env.RUDDER_OPERATOR_HOME)
+        ?? nonEmptyEnvPath(process.env.HOME)
+        ?? nonEmptyEnvPath(sourceEnv.HOME)
+        ?? path.resolve(os.homedir()));
+}
+export function applyLocalCliHomeEnv(targetEnv, sourceEnv = process.env) {
+    const home = nonEmptyEnvPath(sourceEnv.HOME) ?? path.resolve(os.homedir());
+    targetEnv.HOME = home;
+    const userProfile = nonEmptyEnvPath(sourceEnv.USERPROFILE);
+    if (userProfile) {
+        targetEnv.USERPROFILE = userProfile;
+    }
+    else if (process.platform === "win32") {
+        targetEnv.USERPROFILE = home;
+    }
+}
+async function localCliPathExists(candidate) {
+    return fs.access(candidate).then(() => true).catch(() => false);
+}
+async function directoryIsEmpty(target) {
+    const entries = await fs.readdir(target).catch(() => null);
+    return Array.isArray(entries) && entries.length === 0;
+}
+async function ensureSymlinkToSource(target, source) {
+    const existing = await fs.lstat(target).catch(() => null);
+    if (!existing) {
+        await fs.mkdir(path.dirname(target), { recursive: true });
+        await fs.symlink(source, target);
+        return "created";
+    }
+    if (!existing.isSymbolicLink()) {
+        if (existing.isDirectory() && await directoryIsEmpty(target)) {
+            await fs.rmdir(target);
+            await fs.symlink(source, target);
+            return "repaired";
+        }
+        return "skipped";
+    }
+    const linkedPath = await fs.readlink(target).catch(() => null);
+    if (!linkedPath)
+        return "skipped";
+    const resolvedLinkedPath = path.isAbsolute(linkedPath)
+        ? linkedPath
+        : path.resolve(path.dirname(target), linkedPath);
+    if (resolvedLinkedPath === source)
+        return "skipped";
+    await fs.unlink(target);
+    await fs.symlink(source, target);
+    return "repaired";
+}
+export async function syncLocalCliCredentialHomeEntries(input) {
+    const sourceHome = nonEmptyEnvPath(input.sourceHome ?? undefined) ?? path.resolve(os.homedir());
+    const targetHome = path.resolve(input.targetHome);
+    const linked = [];
+    const skipped = [];
+    if (sourceHome === targetHome)
+        return { linked, skipped };
+    const entries = input.entries ?? DEFAULT_LOCAL_CLI_CREDENTIAL_HOME_ENTRIES;
+    for (const relativeEntry of entries) {
+        const source = path.join(sourceHome, relativeEntry);
+        if (!(await localCliPathExists(source)))
+            continue;
+        const target = path.join(targetHome, relativeEntry);
+        try {
+            const result = await ensureSymlinkToSource(target, source);
+            if (result === "skipped")
+                skipped.push(relativeEntry);
+            else
+                linked.push(relativeEntry);
+        }
+        catch {
+            skipped.push(relativeEntry);
+        }
+    }
+    if (input.onLog && linked.length > 0) {
+        await input.onLog("stdout", `[rudder] Shared ${linked.length} local CLI credential entr${linked.length === 1 ? "y" : "ies"} into managed HOME ${targetHome}: ${linked.join(", ")}\n`);
+    }
+    return { linked, skipped };
+}
+async function writeOperatorHomeShim(input) {
+    await fs.mkdir(input.shimDir, { recursive: true });
+    if (process.platform === "win32") {
+        const shimPath = path.join(input.shimDir, `${input.command}.cmd`);
+        const lines = [
+            "@echo off",
+            `set "HOME=${input.operatorHome}"`,
+            `set "USERPROFILE=${input.operatorHome}"`,
+            `${quoteForCmd(input.targetCommand)} %*`,
+            "",
+        ];
+        await fs.writeFile(shimPath, lines.join("\r\n"), "utf8");
+        return shimPath;
+    }
+    const shimPath = path.join(input.shimDir, input.command);
+    await fs.writeFile(shimPath, [
+        "#!/bin/sh",
+        `export HOME=${shellQuote(input.operatorHome)}`,
+        `export USERPROFILE=${shellQuote(input.operatorHome)}`,
+        `exec ${shellQuote(input.targetCommand)} "$@"`,
+        "",
+    ].join("\n"), "utf8");
+    await fs.chmod(shimPath, 0o755);
+    return shimPath;
+}
+function normalizeShimCommand(input) {
+    return typeof input === "string" ? { command: input } : input;
+}
+async function runCredentialShimAuthCheck(input) {
+    const env = {
+        ...input.env,
+        HOME: input.home,
+        USERPROFILE: input.home,
+    };
+    return await new Promise((resolve) => {
+        const child = spawn(input.targetCommand, [...input.args], {
+            cwd: input.cwd,
+            env,
+            stdio: ["ignore", "ignore", "ignore"],
+        });
+        const timeout = setTimeout(() => {
+            child.kill("SIGTERM");
+            resolve(false);
+        }, 1000);
+        child.on("error", () => {
+            clearTimeout(timeout);
+            resolve(false);
+        });
+        child.on("close", (code) => {
+            clearTimeout(timeout);
+            resolve(code === 0);
+        });
+    });
+}
+async function credentialBridgeSatisfied(input) {
+    for (const entry of input.entries) {
+        const source = path.join(input.operatorHome, entry);
+        const target = path.join(input.targetHome, entry);
+        if (!(await localCliPathExists(source)) || !(await localCliPathExists(target)))
+            continue;
+        const [sourceRealpath, targetRealpath] = await Promise.all([
+            fs.realpath(source).catch(() => null),
+            fs.realpath(target).catch(() => null),
+        ]);
+        if (sourceRealpath && targetRealpath && sourceRealpath === targetRealpath)
+            return true;
+    }
+    return false;
+}
+async function shouldPrepareOperatorHomeShim(input) {
+    const authCheckArgs = input.command.authCheckArgs;
+    if (!authCheckArgs || authCheckArgs.length === 0)
+        return true;
+    if (input.command.credentialEntries && input.command.credentialEntries.length > 0) {
+        const hasOperatorCredentialEntry = await Promise.all(input.command.credentialEntries.map((entry) => localCliPathExists(path.join(input.operatorHome, entry))));
+        if (!hasOperatorCredentialEntry.some(Boolean))
+            return false;
+        if (await credentialBridgeSatisfied({
+            operatorHome: input.operatorHome,
+            targetHome: input.targetHome,
+            entries: input.command.credentialEntries,
+        })) {
+            return false;
+        }
+    }
+    const managedHomeWorks = await runCredentialShimAuthCheck({
+        targetCommand: input.targetCommand,
+        args: authCheckArgs,
+        cwd: input.cwd,
+        env: input.env,
+        home: input.targetHome,
+    });
+    if (managedHomeWorks)
+        return false;
+    return await runCredentialShimAuthCheck({
+        targetCommand: input.targetCommand,
+        args: authCheckArgs,
+        cwd: input.cwd,
+        env: input.env,
+        home: input.operatorHome,
+    });
+}
+export async function ensureLocalCliCredentialShimsInPath(input) {
+    const operatorHome = nonEmptyEnvPath(input.operatorHome ?? undefined);
+    const targetHome = nonEmptyEnvPath(input.targetHome);
+    if (!operatorHome || !targetHome || operatorHome === targetHome) {
+        return ensurePathInEnv(input.env);
+    }
+    const normalized = ensurePathInEnv(input.env);
+    const cwd = input.cwd ?? process.cwd();
+    const commands = input.commands ?? DEFAULT_LOCAL_CLI_OPERATOR_HOME_SHIM_COMMANDS;
+    const shimDir = path.join(targetHome, ".rudder", "local-cli-shims");
+    const prepared = [];
+    for (const rawCommand of commands) {
+        const command = normalizeShimCommand(rawCommand);
+        const targetCommand = await resolveCommandPath(command.command, cwd, normalized);
+        if (!targetCommand)
+            continue;
+        if (path.dirname(targetCommand) === shimDir)
+            continue;
+        if (!(await shouldPrepareOperatorHomeShim({
+            command,
+            targetCommand,
+            cwd,
+            env: normalized,
+            targetHome,
+            operatorHome,
+        }))) {
+            continue;
+        }
+        await writeOperatorHomeShim({ shimDir, command: command.command, targetCommand, operatorHome });
+        prepared.push(command.command);
+    }
+    if (prepared.length === 0)
+        return normalized;
+    if (input.onLog) {
+        await input.onLog("stdout", `[rudder] Prepared local CLI credential shim${prepared.length === 1 ? "" : "s"} for: ${prepared.join(", ")}\n`);
+    }
+    return prependPathEntry(normalized, shimDir);
+}
 export async function ensureRudderSkillSymlink(source, target, linkSkill = (linkSource, linkTarget) => fs.symlink(linkSource, linkTarget)) {
     const existing = await fs.lstat(target).catch(() => null);
     if (!existing) {
@@ -1035,6 +1433,17 @@ export async function runChildProcess(runId, command, args, opts) {
         for (const key of CLAUDE_CODE_NESTING_VARS) {
             delete rawMerged[key];
         }
+        const GIT_IDENTITY_ENV_VARS = [
+            "GIT_AUTHOR_NAME",
+            "GIT_AUTHOR_EMAIL",
+            "GIT_COMMITTER_NAME",
+            "GIT_COMMITTER_EMAIL",
+        ];
+        for (const key of GIT_IDENTITY_ENV_VARS) {
+            if (rawMerged[key] === "" && !Object.prototype.hasOwnProperty.call(opts.env, key)) {
+                delete rawMerged[key];
+            }
+        }
         // When Rudder isolates HOME for child agents, don't let zsh keep using the
         // host user's startup dir via an inherited ZDOTDIR. That mismatch makes
         // child `zsh -lc` invocations source the host `.zshenv` with the agent HOME.