npm - @themoltnet/pi-extension - Versions diffs - 0.15.2 → 0.16.0 - Mend

@themoltnet/pi-extension 0.15.2 → 0.16.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/index.d.ts CHANGED Viewed

@@ -249,6 +249,28 @@ export declare interface ExecutePiTaskOptions {
      * process. See #1078.
      */
     makeOnTurnEvent?: TurnEventHandlerFactory;
+    /**
+     * Cap the number of tool-use turns per attempt. When the limit is
+     * reached, the pi session is aborted and the attempt finalizes with
+     * `error.code: max_turns_exceeded`. A tool-use turn = any `turn_end`
+     * whose `stopReason !== 'end_turn'` (matches the Anthropic SDK
+     * `max_turns` semantics: the model's final text-only response doesn't
+     * count). Default `0` = disabled. Recommended `30` for `fulfill_brief`.
+     * Closes part of #1094.
+     */
+    maxTurns?: number;
+    /**
+     * Cap the number of `bash` tool timeouts per attempt. A timeout is a
+     * `tool_execution_end` for `bash` whose result text contains
+     * "Command timed out after" (pi's stable error wrapper from
+     * `@earendil-works/pi-coding-agent`'s bash tool). When the limit is
+     * reached, the pi session is aborted and the attempt finalizes with
+     * `error.code: max_bash_timeouts_exceeded`. Catches the death-spiral
+     * pattern from task `a3762f44` where the model kept retrying
+     * long-blocking shell commands until the host job timeout fired.
+     * Default `3`. Set to `0` to disable. Closes part of #1094.
+     */
+    maxBashTimeouts?: number;
 }
 /**

package/dist/index.js CHANGED Viewed

@@ -7673,7 +7673,7 @@ function createMoltNetTools(config) {
 	const createEntry = defineTool({
 		name: "moltnet_create_entry",
 		label: "Create MoltNet Diary Entry",
-		description: "Create a new diary entry to record decisions, findings, incidents, or reflections. During an active task, the entry is forced into the task diary and tagged with the task:* provenance namespace (task:id:<id>, task:type:<type>, task:attempt:<n>, plus task:correlation:<id> when set); an explicit diaryId mismatching the task diary is rejected.",
+		description: "Create a new diary entry to record decisions, findings, incidents, or reflections. During an active task, the entry is forced into the task diary and tagged with the task:* provenance namespace (task:id:<id>, task:type:<type>, task:attempt:<n>, plus task:correlation:<id> when set); an explicit diaryId mismatching the task diary is rejected. Use this tool — NOT `moltnet entry create` / `moltnet entry create-signed` via bash. The CLI path bypasses task-tag auto-injection and leaves entries invisible to taskFilter queries.",
 		parameters: Type.Object({
 			title: Type.String({ description: "Entry title (concise, descriptive)" }),
 			content: Type.String({ description: "Entry content (markdown)" }),
@@ -8253,38 +8253,48 @@ async function resumeVm(config) {
 			[GUEST_TASK_SKILLS_MOUNT]: new MemoryProvider()
 		} }
 	});
-	await vm.exec(`sh -c '
+	try {
+		await vm.exec(`sh -c '
     cp /etc/gondolin/mitm/ca.crt /usr/local/share/ca-certificates/gondolin-mitm.crt
     update-ca-certificates 2>/dev/null
     cat /etc/gondolin/mitm/ca.crt >> /etc/ssl/certs/ca-certificates.crt
   '`);
-	await vmRun(vm, "DNS resolvers", `printf 'nameserver 8.8.8.8\\nnameserver 1.1.1.1\\n' > /etc/resolv.conf`);
-	await vmRun(vm, "git safe.directory", `git config --system --add safe.directory '*'`);
-	for (const [i, cmd] of (config.sandboxConfig?.resumeCommands ?? []).entries()) await vmRun(vm, `resumeCommands[${i}]`, cmd);
-	const vmSshDir = `${vmAgentDir}/ssh`;
-	await vm.exec(`mkdir -p ${vmAgentDir}/ssh /home/agent/.pi/agent`);
-	if (creds.piAuthJson !== null) await vm.fs.writeFile("/home/agent/.pi/agent/auth.json", creds.piAuthJson, { mode: 384 });
-	const vmMoltnetJson = rewriteMoltnetJsonPaths(creds.moltnetJson, vmAgentDir, vmSshDir, creds.githubAppPemFilename);
-	await vm.fs.writeFile(`${vmAgentDir}/moltnet.json`, vmMoltnetJson, { mode: 384 });
-	await vm.fs.writeFile(`${vmAgentDir}/env`, creds.agentEnvRaw, { mode: 384 });
-	if (creds.gitconfig) {
-		const vmSigningKey = `${vmSshDir}/id_ed25519`;
-		let vmGitconfig = creds.gitconfig.replace(/signingKey\s*=\s*.+/g, `signingKey = ${vmSigningKey}`);
-		vmGitconfig = ensureRelativeWorktreePaths(vmGitconfig);
-		await vm.fs.writeFile(`${vmAgentDir}/gitconfig`, vmGitconfig, { mode: 420 });
-	}
-	if (creds.sshPrivateKey) await vm.fs.writeFile(`${vmSshDir}/id_ed25519`, creds.sshPrivateKey, { mode: 384 });
-	if (creds.sshPublicKey) await vm.fs.writeFile(`${vmSshDir}/id_ed25519.pub`, creds.sshPublicKey, { mode: 420 });
-	if (creds.allowedSigners) await vm.fs.writeFile(`${vmSshDir}/allowed_signers`, creds.allowedSigners, { mode: 420 });
-	if (creds.githubAppPem && creds.githubAppPemFilename) await vm.fs.writeFile(`${vmAgentDir}/${creds.githubAppPemFilename}`, creds.githubAppPem, { mode: 384 });
-	await vm.exec("chown -R agent:agent /home/agent/.pi /home/agent/.moltnet");
-	return {
-		vm,
-		credentials: creds,
-		mountPath: config.mountPath,
-		guestWorkspace: GUEST_WORKSPACE$2,
-		agentDir
-	};
+		await vmRun(vm, "DNS resolvers", `printf 'nameserver 8.8.8.8\\nnameserver 1.1.1.1\\n' > /etc/resolv.conf`);
+		await vmRun(vm, "git safe.directory", `git config --system --add safe.directory '*'`);
+		for (const [i, cmd] of (config.sandboxConfig?.resumeCommands ?? []).entries()) await vmRun(vm, `resumeCommands[${i}]`, cmd);
+		const vmSshDir = `${vmAgentDir}/ssh`;
+		await vm.exec(`mkdir -p ${vmAgentDir}/ssh /home/agent/.pi/agent`);
+		if (creds.piAuthJson !== null) await vm.fs.writeFile("/home/agent/.pi/agent/auth.json", creds.piAuthJson, { mode: 384 });
+		const vmMoltnetJson = rewriteMoltnetJsonPaths(creds.moltnetJson, vmAgentDir, vmSshDir, creds.githubAppPemFilename);
+		await vm.fs.writeFile(`${vmAgentDir}/moltnet.json`, vmMoltnetJson, { mode: 384 });
+		await vm.fs.writeFile(`${vmAgentDir}/env`, creds.agentEnvRaw, { mode: 384 });
+		if (creds.gitconfig) {
+			const vmSigningKey = `${vmSshDir}/id_ed25519`;
+			let vmGitconfig = creds.gitconfig.replace(/signingKey\s*=\s*.+/g, `signingKey = ${vmSigningKey}`);
+			vmGitconfig = ensureRelativeWorktreePaths(vmGitconfig);
+			await vm.fs.writeFile(`${vmAgentDir}/gitconfig`, vmGitconfig, { mode: 420 });
+		}
+		if (creds.sshPrivateKey) await vm.fs.writeFile(`${vmSshDir}/id_ed25519`, creds.sshPrivateKey, { mode: 384 });
+		if (creds.sshPublicKey) await vm.fs.writeFile(`${vmSshDir}/id_ed25519.pub`, creds.sshPublicKey, { mode: 420 });
+		if (creds.allowedSigners) await vm.fs.writeFile(`${vmSshDir}/allowed_signers`, creds.allowedSigners, { mode: 420 });
+		if (creds.githubAppPem && creds.githubAppPemFilename) await vm.fs.writeFile(`${vmAgentDir}/${creds.githubAppPemFilename}`, creds.githubAppPem, { mode: 384 });
+		await vm.exec("chown -R agent:agent /home/agent/.pi /home/agent/.moltnet");
+		return {
+			vm,
+			credentials: creds,
+			mountPath: config.mountPath,
+			guestWorkspace: GUEST_WORKSPACE$2,
+			agentDir
+		};
+	} catch (err) {
+		try {
+			await vm.close();
+		} catch (closeErr) {
+			const m = closeErr instanceof Error ? closeErr.message : String(closeErr);
+			process.stderr.write(`[vm] post-throw vm.close() failed: ${m}\n`);
+		}
+		throw err;
+	}
 }
 /**
 * Rewrite host-absolute paths inside moltnet.json to VM-local equivalents.
@@ -14706,8 +14716,8 @@ function buildRuntimeInstructor(ctx) {
 		"## Diary discipline",
 		"",
 		`- During this task, every diary entry MUST land in \`${ctx.diaryId}\``,
-		"  (the task diary). The MCP `moltnet_create_entry` tool enforces this",
-		"  and rejects mismatched explicit `diaryId` parameters.",
+		"  (the task diary). The `moltnet_create_entry` custom tool enforces",
+		"  this and rejects mismatched explicit `diaryId` parameters.",
 		`- Provenance tags \`task:id:${ctx.taskId}\`, \`task:type:${ctx.taskType}\`,`,
 		`  and \`task:attempt:${ctx.attemptN}\`${ctx.correlationId ? `, plus \`task:correlation:${ctx.correlationId}\`` : ""} are auto-injected on every entry.`,
 		"  These share the `task:` namespace so `moltnet_diary_tags` with",
@@ -14715,12 +14725,23 @@ function buildRuntimeInstructor(ctx) {
 		"  `taskFilter` shorthand on `moltnet_list_entries` /",
 		"  `moltnet_search_entries` expands into them. You may add additional",
 		"  tags but you cannot remove the auto-injected ones.",
+		"- **DO NOT shell out to `moltnet entry create` / `moltnet entry",
+		"  create-signed` / any other `moltnet entry` subcommand via bash.**",
+		"  Those CLI paths hit the REST API directly and bypass the",
+		"  custom tool's task-tag auto-injection, leaving you with",
+		"  untagged entries that `moltnet_list_entries` with a",
+		"  `taskFilter: { taskId: ... }` cannot find. The legreffier skill",
+		"  recommends `moltnet entry *` for normal interactive sessions —",
+		"  inside a running task that advice does not apply. Use the",
+		"  `moltnet_create_entry` custom tool only.",
 		"",
 		"## Accountable commits",
 		"",
 		"- Every commit you make during this task MUST be paired with a signed",
-		"  diary entry created via `moltnet_create_entry`. Embed the returned",
-		"  entry id in the commit trailer `MoltNet-Diary: <id>`.",
+		"  diary entry created via the `moltnet_create_entry` custom tool",
+		"  (NOT via `moltnet entry create-signed` from bash — see Diary",
+		"  discipline above). Embed the returned entry id in the commit",
+		"  trailer `MoltNet-Diary: <id>`.",
 		"- Commits must be signed with the agent credentials (gitconfig is",
 		"  pre-configured). Do not bypass signing.",
 		"",
@@ -15417,6 +15438,11 @@ async function executePiTask(claimedTask, reporter, opts) {
 		let assistantText = "";
 		let reporterError = null;
 		const usage = finalUsage;
+		let capAbort = null;
+		let toolUseTurnCount = 0;
+		let bashTimeoutCount = 0;
+		const maxTurns = opts.maxTurns ?? 0;
+		const maxBashTimeouts = opts.maxBashTimeouts ?? 3;
 		cancelListener = wireSessionAbort(reporter.cancelSignal, session);
 		const recordingPromise = [];
 		const track = (p) => {
@@ -15431,6 +15457,23 @@ async function executePiTask(claimedTask, reporter, opts) {
 				}
 			}));
 		};
+		const liveSession = session;
+		const triggerCapAbort = (code, message) => {
+			if (capAbort) return;
+			capAbort = {
+				code,
+				message
+			};
+			liveSession.abort().catch((err) => {
+				const m = err instanceof Error ? err.message : String(err);
+				process.stderr.write(`[cap] session.abort() failed: ${m}\n`);
+			});
+			track(emit("info", {
+				event: "cap_abort",
+				code,
+				message
+			}));
+		};
 		session.subscribe((event) => {
 			if (event.type === "message_update") {
 				const ae = event.assistantMessageEvent;
@@ -15439,12 +15482,17 @@ async function executePiTask(claimedTask, reporter, opts) {
 					track(emit("text_delta", { delta: ae.delta }));
 				}
 			} else if (event.type === "tool_execution_start") track(emit("tool_call_start", { tool_name: event.toolName }));
-			else if (event.type === "tool_execution_end") track(emit("tool_call_end", {
-				tool_name: event.toolName,
-				is_error: event.isError,
-				result: event.isError ? truncateForWire(event.result) : void 0
-			}));
-			else if (event.type === "turn_end") {
+			else if (event.type === "tool_execution_end") {
+				track(emit("tool_call_end", {
+					tool_name: event.toolName,
+					is_error: event.isError,
+					result: event.isError ? truncateForWire(event.result) : void 0
+				}));
+				if (maxBashTimeouts > 0 && event.toolName === "bash" && event.isError && isBashTimeoutResult(event.result)) {
+					bashTimeoutCount += 1;
+					if (bashTimeoutCount >= maxBashTimeouts) triggerCapAbort("max_bash_timeouts_exceeded", `Aborted after ${bashTimeoutCount} bash timeouts in this attempt (cap ${maxBashTimeouts}).`);
+				}
+			} else if (event.type === "turn_end") {
 				const msg = event.message;
 				if (msg?.role === "assistant" && msg.usage) {
 					usage.inputTokens += Math.max(0, msg.usage.input ?? 0);
@@ -15454,7 +15502,12 @@ async function executePiTask(claimedTask, reporter, opts) {
 					if (cr) usage.cacheReadTokens = (usage.cacheReadTokens ?? 0) + cr;
 					if (cw) usage.cacheWriteTokens = (usage.cacheWriteTokens ?? 0) + cw;
 				}
-				track(emit("turn_end", { stop_reason: msg?.stopReason ?? "end_turn" }));
+				const stopReason = msg?.stopReason ?? "end_turn";
+				track(emit("turn_end", { stop_reason: stopReason }));
+				if (maxTurns > 0 && stopReason !== "end_turn" && stopReason !== "aborted" && stopReason !== "error") {
+					toolUseTurnCount += 1;
+					if (toolUseTurnCount >= maxTurns) triggerCapAbort("max_turns_exceeded", `Aborted after ${toolUseTurnCount} tool-use turns (cap ${maxTurns}).`);
+				}
 				llmAbort = msg?.stopReason === "error";
 				if (msg?.stopReason === "error") llmErrorMessage = typeof msg.errorMessage === "string" && msg.errorMessage.length > 0 ? msg.errorMessage : null;
 				else llmErrorMessage = null;
@@ -15483,7 +15536,7 @@ async function executePiTask(claimedTask, reporter, opts) {
 		let parsedOutput = null;
 		let parsedOutputCid = null;
 		let parseError = null;
-		if (!runError && !llmAbort && !cancelled) {
+		if (!runError && !llmAbort && !cancelled && !capAbort) {
 			const captured = submitToolHandle?.getCaptured() ?? null;
 			if (captured) try {
 				parsedOutput = captured;
@@ -15536,6 +15589,21 @@ async function executePiTask(claimedTask, reporter, opts) {
 				retryable: false
 			}
 		};
+		const capAbortSnapshot = capAbort;
+		if (capAbortSnapshot) return {
+			taskId: task.id,
+			attemptN,
+			status: "failed",
+			output: null,
+			outputCid: null,
+			usage,
+			durationMs: Date.now() - startTime,
+			error: {
+				code: capAbortSnapshot.code,
+				message: capAbortSnapshot.message,
+				retryable: false
+			}
+		};
 		const status = runError || llmAbort || parseError || reporterError ? "failed" : "completed";
 		const errorCode = runError?.code ?? parseError?.code ?? reporterError?.code ?? (llmAbort ? "llm_api_error" : void 0);
 		const errorMessage = runError?.message ?? parseError?.message ?? reporterError?.message ?? (llmAbort ? llmErrorMessage ?? "LLM API error during turn" : void 0);
@@ -15637,6 +15705,25 @@ function summarizePayloadForLog(kind, payload) {
 		default: return payload;
 	}
 }
+/**
+* Detect pi's bash-timeout error wrapper in a `tool_execution_end`
+* result. The bash tool surfaces a timeout as a structured tool result
+* `{ content: [{ type: 'text', text: '… Command timed out after N
+* seconds' }] }` (see `@earendil-works/pi-coding-agent`'s bash.js).
+* Substring-match against the stable wrapper string is the only
+* mechanism short of patching pi; the string is part of pi's external
+* tool-error API and changing it would break agents that read tool
+* errors.
+*/
+function isBashTimeoutResult(result) {
+	if (result === null || result === void 0) return false;
+	if (typeof result === "string") return result.includes("Command timed out after");
+	if (typeof result !== "object") return false;
+	const content = result.content;
+	if (!Array.isArray(content)) return false;
+	for (const part of content) if (typeof part === "object" && part !== null && typeof part.text === "string" && part.text.includes("Command timed out after")) return true;
+	return false;
+}
 var TRUNCATE_LIMIT = 4 * 1024;
 function truncateForWire(value) {
 	if (value === null || value === void 0) return value;

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@themoltnet/pi-extension",
-  "version": "0.15.2",
+  "version": "0.16.0",
   "type": "module",
   "description": "MoltNet pi extension — sandboxed tool execution in Gondolin VMs with MoltNet identity and persistent memory",
   "license": "MIT",