@skaile/workspaces 0.9.0 → 0.9.1

package/CHANGELOG.md

@@ -1,5 +1,52 @@
 # Changelog
 
+## 0.9.1
+
+### Patch Changes
+
+- 4e7f03a: **Fix B-30: private `@mention_` messages no longer reach the agent.**
+  `SessionDispatcher.sendCommand` now suppresses the agent forward when
+  `visibility.visibilityMode` is `Private` and `privateRecipientIds` does not
+  include the `"__agent__"` sentinel. Private human-to-human messages are still
+  persisted and broadcast to their named human recipients, but the LLM never
+  sees their content. Private messages that explicitly address the agent
+  (`@agent_`, encoded as the `"__agent__"` sentinel) continue to forward
+  normally, as do `Public` and visibility-less messages. This closes the same
+  privacy hole that the existing `HumansOnly` gate already covered, for the
+  `Private` recipient-scoped case.
+- 43895e8: **Self-heal poisoned Claude SDK transcripts.** The `claude-sdk` driver now
+  recovers from a conversation history that the Anthropic Messages API
+  permanently rejects because a content block is malformed. Previously such a
+  transcript bricked the session: every replayed turn failed with the same
+  `400 invalid_request_error` and there was no in-band recovery.
+
+  When `ClaudeSdkDriver.prompt()` catches that error it calls
+  `scrubPoisonedTranscript()` to repair the on-disk SDK JSONL transcript, then
+  retries the resume once, keeping the same session so conversation context is
+  preserved. Four poison classes are repaired in a single pass:
+  - **Image `media_type` mismatch** — corrected by sniffing the base64 magic
+    bytes (Claude Code `Read`-tool bug, anthropics/claude-code#55338 / #30124).
+  - **Missing image `media_type`** — filled in from the sniffed bytes (#33179).
+  - **Oversized images** — an image whose decoded payload exceeds the API's 5 MB
+    per-image limit is replaced with a text stub (#34566).
+  - **`cache_control` on empty text blocks** — the rejected marker is stripped
+    (#59626).
+
+  Genuinely unidentifiable image blocks are also replaced with a text stub. Adds
+  the `scrubPoisonedTranscript` and `sniffImageMediaType` exports, the
+  `ScrubTranscriptResult` type (with `corrected` / `stubbed` / `cacheStripped`
+  counters), and a `jsonl_poisoned` reason on the `resume_failed` event.
+
+- 0f140a1: **Binary-aware filesystem-mount write.** `handleMountResourceRequest`'s `write`
+  operation now decodes `content.data` as base64 when `content.encoding` is
+  `"binary"`, and creates missing parent directories (`mkdir -p`) before writing.
+  Previously it wrote `content.data` verbatim as utf-8, so a base64-encoded
+  payload landed on disk as its literal base64 string, and writing into a
+  not-yet-existing subdirectory failed. This brings the mount `write` op to
+  parity with the already-binary-capable `read` op, and is the runner-side write
+  path the platform's `workspace-upload` (drag & drop file upload) route
+  dispatches into.
+
 ## 0.9.0
 
 ### Minor Changes

package/dist/base-assets/connectors/flow/run-flow.js

@@ -1,4 +1,4 @@
-export { resumeFlow, runFlow } from '../../../chunk-NMREHIHP.js';
+export { resumeFlow, runFlow } from '../../../chunk-DTL7S57T.js';
 import '../../../chunk-GCJXPUHG.js';
 import '../../../chunk-IPUYL6TD.js';
 import '../../../chunk-EPGHAOEU.js';

package/dist/bridge/drivers/claude-sdk.js

@@ -1,14 +1,177 @@
 import { classifyClaudeSdkError, AuthError } from '../../chunk-EWP5HZBV.js';
 import { fetchProviderModels } from '../../chunk-KOVLSBXK.js';
 import { dispatchCapability } from '../../chunk-RRVQAE5D.js';
-import { registerDriver, DRIVER_CATALOG, AgentDriver, getBridgeLogger } from '../../chunk-5VNUL5KL.js';
+import { registerDriver, DRIVER_CATALOG, AgentDriver, getBridgeLogger } from '../../chunk-AE6GCXGL.js';
 import '../../chunk-24UIWON4.js';
 import '../../chunk-NSBPE2FW.js';
 import { spawnSync } from 'child_process';
-import { existsSync } from 'fs';
+import { existsSync, readFileSync, readdirSync, writeFileSync, renameSync } from 'fs';
 import { createRequire } from 'module';
+import { homedir } from 'os';
+import { join } from 'path';
 import * as zNS from 'zod';
 
+var STUB_TEXT = "[image removed: unprocessable image data]";
+var STUB_TEXT_OVERSIZED = "[image removed: image too large]";
+var MAX_IMAGE_BYTES = 5 * 1024 * 1024;
+function sniffImageMediaType(base64) {
+  let buf;
+  try {
+    buf = Buffer.from(base64.slice(0, 32), "base64");
+  } catch {
+    return null;
+  }
+  if (buf.length < 4) {
+    return null;
+  }
+  if (buf[0] === 255 && buf[1] === 216) {
+    return "image/jpeg";
+  }
+  if (buf[0] === 137 && buf[1] === 80 && buf[2] === 78 && buf[3] === 71) {
+    return "image/png";
+  }
+  if (buf[0] === 71 && buf[1] === 73 && buf[2] === 70 && buf[3] === 56) {
+    return "image/gif";
+  }
+  if (buf.length >= 12 && buf[0] === 82 && buf[1] === 73 && buf[2] === 70 && buf[3] === 70 && buf[8] === 87 && buf[9] === 69 && buf[10] === 66 && buf[11] === 80) {
+    return "image/webp";
+  }
+  return null;
+}
+function totalChanges(c) {
+  return c.corrected + c.stubbed + c.cacheStripped;
+}
+function scrubBlock(block, counters) {
+  if (block.type === "tool_result" && Array.isArray(block.content)) {
+    return {
+      ...block,
+      content: block.content.map((inner) => scrubBlock(inner, counters))
+    };
+  }
+  if (block.type === "text" && block.cache_control != null) {
+    const text = typeof block.text === "string" ? block.text : "";
+    if (text.trim() === "") {
+      counters.cacheStripped++;
+      const clone = { ...block };
+      delete clone.cache_control;
+      return clone;
+    }
+  }
+  if (block.type === "image" && block.source?.type === "base64" && typeof block.source.data === "string") {
+    const data = block.source.data;
+    if (Math.floor(data.length * 3 / 4) > MAX_IMAGE_BYTES) {
+      counters.stubbed++;
+      return { type: "text", text: STUB_TEXT_OVERSIZED };
+    }
+    const sniffed = sniffImageMediaType(data);
+    if (sniffed === null) {
+      counters.stubbed++;
+      return { type: "text", text: STUB_TEXT };
+    }
+    if (sniffed !== block.source.media_type) {
+      counters.corrected++;
+      return { ...block, source: { ...block.source, media_type: sniffed } };
+    }
+  }
+  return block;
+}
+function locateTranscript(configDir, sessionId) {
+  const projectsDir = join(configDir, "projects");
+  if (!existsSync(projectsDir)) {
+    return null;
+  }
+  let entries;
+  try {
+    entries = readdirSync(projectsDir);
+  } catch {
+    return null;
+  }
+  for (const entry of entries) {
+    const candidate = join(projectsDir, entry, `${sessionId}.jsonl`);
+    if (existsSync(candidate)) {
+      return candidate;
+    }
+  }
+  return null;
+}
+function scrubPoisonedTranscript(opts) {
+  const { configDir, sessionId, log } = opts;
+  const result = {
+    filePath: null,
+    corrected: 0,
+    stubbed: 0,
+    cacheStripped: 0,
+    changed: false
+  };
+  const filePath = locateTranscript(configDir, sessionId);
+  if (!filePath) {
+    log?.warn("scrub-transcript: no transcript found", { configDir, sessionId });
+    return result;
+  }
+  result.filePath = filePath;
+  let raw;
+  try {
+    raw = readFileSync(filePath, "utf8");
+  } catch (err) {
+    log?.warn("scrub-transcript: failed to read transcript", {
+      filePath,
+      error: err instanceof Error ? err.message : String(err)
+    });
+    return result;
+  }
+  const counters = { corrected: 0, stubbed: 0, cacheStripped: 0 };
+  const lines = raw.split("\n");
+  let dirty = false;
+  const repaired = lines.map((line) => {
+    if (line.trim() === "") {
+      return line;
+    }
+    let entry;
+    try {
+      entry = JSON.parse(line);
+    } catch {
+      return line;
+    }
+    const content = entry.message?.content;
+    if (!Array.isArray(content)) {
+      return line;
+    }
+    const before = totalChanges(counters);
+    const scrubbed = content.map((block) => scrubBlock(block, counters));
+    if (totalChanges(counters) === before) {
+      return line;
+    }
+    dirty = true;
+    return JSON.stringify({ ...entry, message: { ...entry.message, content: scrubbed } });
+  });
+  result.corrected = counters.corrected;
+  result.stubbed = counters.stubbed;
+  result.cacheStripped = counters.cacheStripped;
+  if (!dirty) {
+    return result;
+  }
+  const tmpPath = `${filePath}.scrub-tmp`;
+  try {
+    writeFileSync(tmpPath, repaired.join("\n"), "utf8");
+    renameSync(tmpPath, filePath);
+  } catch (err) {
+    log?.warn("scrub-transcript: failed to rewrite transcript", {
+      filePath,
+      error: err instanceof Error ? err.message : String(err)
+    });
+    return result;
+  }
+  result.changed = true;
+  log?.info("scrub-transcript: repaired poisoned transcript", {
+    filePath,
+    corrected: result.corrected,
+    stubbed: result.stubbed,
+    cacheStripped: result.cacheStripped
+  });
+  return result;
+}
+
+// bridge/src/drivers/claude-sdk.ts
 var zStatic = zNS.z ?? zNS.default ?? zNS;
 function jsonSchemaToZodLoose(schema, z2) {
   const props = schema?.properties ?? null;
@@ -201,6 +364,54 @@ var ClaudeSdkDriver = class extends AgentDriver {
         retrying = true;
         return this.prompt(message, _retryCount + 1);
       }
+      const isPoisonedHistory = _retryCount === 0 && /invalid_request_error/i.test(errMsg) && /media[_ ]?type|could not process image|image exceeds|cache_control/i.test(errMsg);
+      const poisonSessionId = this.config.resumeSessionId || this.sessionId;
+      if (isPoisonedHistory && poisonSessionId) {
+        const configDir = this.config.env?.CLAUDE_CONFIG_DIR || process.env.CLAUDE_CONFIG_DIR || join(homedir(), ".claude");
+        const scrub = scrubPoisonedTranscript({
+          configDir,
+          sessionId: poisonSessionId,
+          log: this.log
+        });
+        if (scrub.changed) {
+          this.log.warn("scrubbed poisoned Claude Code transcript, retrying resume", {
+            sessionId: poisonSessionId,
+            corrected: scrub.corrected,
+            stubbed: scrub.stubbed,
+            cacheStripped: scrub.cacheStripped
+          });
+          this.emit("agent-event", {
+            type: "resume_failed",
+            resumeSessionId: poisonSessionId,
+            reason: "jsonl_poisoned"
+          });
+          const plural = (n) => n === 1 ? "" : "s";
+          const repairs = [];
+          if (scrub.corrected > 0)
+            repairs.push(`${scrub.corrected} media type${plural(scrub.corrected)} corrected`);
+          if (scrub.stubbed > 0)
+            repairs.push(`${scrub.stubbed} image${plural(scrub.stubbed)} removed`);
+          if (scrub.cacheStripped > 0)
+            repairs.push(
+              `${scrub.cacheStripped} malformed block${plural(scrub.cacheStripped)} cleaned`
+            );
+          this.emit("agent-event", {
+            type: "error",
+            error: `Recovered corrupt data in the conversation history (${repairs.join(", ")}). Retrying \u2014 earlier context is preserved.`,
+            fatal: false
+          });
+          this.query = null;
+          this.turnResolve = null;
+          this.turnReject = null;
+          this.running = false;
+          retrying = true;
+          return this.prompt(message, _retryCount + 1);
+        }
+        this.log.warn("poisoned-transcript error but scrub found nothing to repair", {
+          sessionId: poisonSessionId,
+          filePath: scrub.filePath
+        });
+      }
       const isAuthError = err instanceof AuthError && _retryCount === 0;
       if (isAuthError && this.config.onAuthError) {
         this.log.info("auth error caught; invoking onAuthError refresh callback");