@themoltnet/pi-extension 0.23.0 → 0.23.1

package/dist/index.d.ts

@@ -843,6 +843,12 @@ declare interface TaskReporter {
      * cancellation has been observed. Null until `cancelSignal` aborts.
      */
     readonly cancelReason: string | null;
+    /**
+     * Request local cancellation of the in-flight task. Runtime shutdown uses
+     * this to trip the same executor-facing signal as proposer cancellation,
+     * without waiting for the next server heartbeat.
+     */
+    requestCancel?(reason: string): void;
 }
 
 declare const TaskStatus: Type.TUnion<[Type.TLiteral<"waiting">, Type.TLiteral<"queued">, Type.TLiteral<"dispatched">, Type.TLiteral<"running">, Type.TLiteral<"completed">, Type.TLiteral<"failed">, Type.TLiteral<"cancelled">, Type.TLiteral<"expired">]>;
@@ -901,6 +907,8 @@ export declare interface VmConfig {
     extraAllowedHosts?: string[];
     /** Full sandbox config (vfs shadows, env overrides). */
     sandboxConfig?: SandboxConfig;
+    /** Abort resume/setup work, closing any live VM owned by resumeVm. */
+    signal?: AbortSignal;
 }
 
 export declare interface VmCredentials {

package/dist/index.js

@@ -1674,6 +1674,124 @@ var updateRenderedPack = (options) => (options.client ?? client).patch({
 	}
 });
 /**
+* List runtime profiles for the active team context.
+*/
+var listRuntimeProfiles = (options) => (options?.client ?? client).get({
+	security: [
+		{
+			scheme: "bearer",
+			type: "http"
+		},
+		{
+			name: "X-Moltnet-Session-Token",
+			type: "apiKey"
+		},
+		{
+			in: "cookie",
+			name: "ory_kratos_session",
+			type: "apiKey"
+		}
+	],
+	url: "/runtime-profiles",
+	...options
+});
+/**
+* Create a runtime profile for the active team context.
+*/
+var createRuntimeProfile = (options) => (options?.client ?? client).post({
+	security: [
+		{
+			scheme: "bearer",
+			type: "http"
+		},
+		{
+			name: "X-Moltnet-Session-Token",
+			type: "apiKey"
+		},
+		{
+			in: "cookie",
+			name: "ory_kratos_session",
+			type: "apiKey"
+		}
+	],
+	url: "/runtime-profiles",
+	...options,
+	headers: {
+		"Content-Type": "application/json",
+		...options?.headers
+	}
+});
+/**
+* Delete one runtime profile.
+*/
+var deleteRuntimeProfile = (options) => (options.client ?? client).delete({
+	security: [
+		{
+			scheme: "bearer",
+			type: "http"
+		},
+		{
+			name: "X-Moltnet-Session-Token",
+			type: "apiKey"
+		},
+		{
+			in: "cookie",
+			name: "ory_kratos_session",
+			type: "apiKey"
+		}
+	],
+	url: "/runtime-profiles/{profileId}",
+	...options
+});
+/**
+* Get one runtime profile.
+*/
+var getRuntimeProfile = (options) => (options.client ?? client).get({
+	security: [
+		{
+			scheme: "bearer",
+			type: "http"
+		},
+		{
+			name: "X-Moltnet-Session-Token",
+			type: "apiKey"
+		},
+		{
+			in: "cookie",
+			name: "ory_kratos_session",
+			type: "apiKey"
+		}
+	],
+	url: "/runtime-profiles/{profileId}",
+	...options
+});
+/**
+* Update one runtime profile.
+*/
+var updateRuntimeProfile = (options) => (options.client ?? client).patch({
+	security: [
+		{
+			scheme: "bearer",
+			type: "http"
+		},
+		{
+			name: "X-Moltnet-Session-Token",
+			type: "apiKey"
+		},
+		{
+			in: "cookie",
+			name: "ory_kratos_session",
+			type: "apiKey"
+		}
+	],
+	url: "/runtime-profiles/{profileId}",
+	...options,
+	headers: {
+		"Content-Type": "application/json",
+		...options.headers
+	}
+});
+/**
 * List tasks for a team with optional filters.
 */
 var listTasks = (options) => (options.client ?? client).get({
@@ -1788,6 +1906,32 @@ var listTaskAttempts = (options) => (options.client ?? client).get({
 	...options
 });
 /**
+* Claimant intentionally abandons this attempt (e.g. daemon shutdown). The attempt becomes aborted and the task requeues for another claim (or fails when retries are exhausted). Does NOT cancel the task.
+*/
+var abortTaskAttempt = (options) => (options.client ?? client).post({
+	security: [
+		{
+			scheme: "bearer",
+			type: "http"
+		},
+		{
+			name: "X-Moltnet-Session-Token",
+			type: "apiKey"
+		},
+		{
+			in: "cookie",
+			name: "ory_kratos_session",
+			type: "apiKey"
+		}
+	],
+	url: "/tasks/{id}/attempts/{n}/abort",
+	...options,
+	headers: {
+		"Content-Type": "application/json",
+		...options.headers
+	}
+});
+/**
 * Mark an attempt as completed with output.
 */
 var completeTask = (options) => (options.client ?? client).post({
@@ -4696,6 +4840,54 @@ function createRecoveryNamespace(context) {
 	};
 }
 //#endregion
+//#region ../sdk/src/namespaces/runtime-profiles.ts
+function createRuntimeProfilesNamespace(context) {
+	const { client, auth } = context;
+	return {
+		async list(options) {
+			return unwrapResult(await listRuntimeProfiles({
+				client,
+				auth,
+				headers: teamHeaders(options)
+			}));
+		},
+		async create(body, options) {
+			return unwrapResult(await createRuntimeProfile({
+				client,
+				auth,
+				headers: teamHeaders(options),
+				body
+			}));
+		},
+		async get(profileId) {
+			return unwrapResult(await getRuntimeProfile({
+				client,
+				auth,
+				path: { profileId }
+			}));
+		},
+		async update(profileId, body) {
+			return unwrapResult(await updateRuntimeProfile({
+				client,
+				auth,
+				path: { profileId },
+				body
+			}));
+		},
+		async delete(profileId) {
+			const result = await deleteRuntimeProfile({
+				client,
+				auth,
+				path: { profileId }
+			});
+			if (result.error) unwrapResult(result);
+		}
+	};
+}
+function teamHeaders(options) {
+	return options?.teamId ? { "x-moltnet-team-id": options.teamId } : void 0;
+}
+//#endregion
 //#region ../sdk/src/namespaces/signing-requests.ts
 function createSigningRequestsNamespace(context) {
 	const { client, auth } = context;
@@ -4816,6 +5008,17 @@ function createTasksNamespace(context) {
 				body
 			}));
 		},
+		async abortAttempt(id, n, body) {
+			return unwrapResult(await abortTaskAttempt({
+				client,
+				auth,
+				path: {
+					id,
+					n
+				},
+				body
+			}));
+		},
 		async cancel(id, body) {
 			return unwrapResult(await cancelTask({
 				client,
@@ -4999,6 +5202,7 @@ function createAgent(options) {
 		legreffier: createLegreffierNamespace(context),
 		problems: createProblemsNamespace(context),
 		teams: createTeamsNamespace(context),
+		runtimeProfiles: createRuntimeProfilesNamespace(context),
 		tasks: createTasksNamespace(context),
 		client,
 		getToken: () => tokenManager.getToken()
@@ -8310,6 +8514,63 @@ function pruneOldSnapshots(maxCached, currentDir) {
 	});
 }
 //#endregion
+//#region src/abort-utils.ts
+function throwIfAborted(signal, label) {
+	if (!signal?.aborted) return;
+	throw abortError(label, signal);
+}
+function abortError(label, signal) {
+	const reason = signal.reason;
+	const suffix = reason instanceof Error ? reason.message : reason === void 0 ? "aborted" : String(reason);
+	const err = /* @__PURE__ */ new Error(`${label} aborted: ${suffix}`);
+	err.name = "AbortError";
+	return err;
+}
+function cleanupLateResource(resourcePromise, opts) {
+	resourcePromise.then(async (resource) => {
+		try {
+			await opts.cleanup(resource);
+		} catch (err) {
+			opts.onCleanupError?.(err);
+		}
+	}, () => {});
+}
+async function abortableResource(opts) {
+	const { signal } = opts;
+	if (!signal) return opts.promise;
+	throwIfAborted(signal, opts.label);
+	const resourcePromise = Promise.resolve(opts.promise);
+	const abortPromise = new Promise((_, reject) => {
+		const abort = () => {
+			cleanupLateResource(resourcePromise, opts);
+			reject(abortError(opts.label, signal));
+		};
+		signal.addEventListener("abort", abort, { once: true });
+		resourcePromise.then(() => signal.removeEventListener("abort", abort), () => signal.removeEventListener("abort", abort));
+	});
+	return Promise.race([resourcePromise, abortPromise]);
+}
+async function delay(ms, signal, label) {
+	if (!signal) {
+		await new Promise((resolve) => {
+			setTimeout(resolve, ms);
+		});
+		return;
+	}
+	throwIfAborted(signal, label);
+	await new Promise((resolve, reject) => {
+		const listener = () => {
+			clearTimeout(timeout);
+			reject(abortError(label, signal));
+		};
+		const timeout = setTimeout(() => {
+			signal.removeEventListener("abort", listener);
+			resolve();
+		}, ms);
+		signal.addEventListener("abort", listener, { once: true });
+	});
+}
+//#endregion
 //#region src/vm-manager.ts
 /**
 * Memory-backed VFS mount used by the daemon to inject task-context
@@ -8426,23 +8687,33 @@ var BASE_ALLOWED_HOSTS = [
 * surface immediately rather than fall through to cryptic agent
 * errors later.
 */
-async function vmRun(vm, label, command) {
+async function vmRun(vm, label, command, signal) {
 	const wrapped = `set -eu\nset -o pipefail\n${command}`;
+	throwIfAborted(signal, `resume step "${label}"`);
 	const r = await vm.exec([
 		"sh",
 		"-c",
 		wrapped
-	]);
+	], { signal });
 	if (r.exitCode !== 0) {
 		const tail = [r.stderr, r.stdout].filter(Boolean).join("\n").slice(-800);
 		throw new Error(`resume step "${label}" failed (exit ${r.exitCode}):\n${tail}`);
 	}
 }
+function nonErrorMessage(err) {
+	if (typeof err === "string") return err;
+	try {
+		return JSON.stringify(err) ?? "unknown error";
+	} catch {
+		return "unknown error";
+	}
+}
 /**
 * Resume a VM from a checkpoint, inject credentials, configure egress +
 * TLS. Returns the managed VM handle.
 */
 async function resumeVm(config) {
+	throwIfAborted(config.signal, "VM resume");
 	const mainRepo = findMainWorktree();
 	const agentDir = path.join(mainRepo, ".moltnet", config.agentName);
 	const guestWorkspace = path.resolve(config.mountPath);
@@ -8486,24 +8757,33 @@ async function resumeVm(config) {
 	};
 	const resources = config.sandboxConfig?.resources;
 	const workspaceMode = config.workspaceMode ?? "shared_mount";
-	const vm = await VmCheckpoint.load(config.checkpointPath).resume({
-		httpHooks,
-		env: vmEnv,
-		...resources?.memory && { memory: resources.memory },
-		...resources?.cpus && { cpus: resources.cpus },
-		vfs: { mounts: {
-			[guestWorkspace]: workspaceProvider,
-			[GUEST_TASK_SKILLS_MOUNT]: new MemoryProvider()
-		} }
+	const vm = await abortableResource({
+		promise: VmCheckpoint.load(config.checkpointPath).resume({
+			httpHooks,
+			env: vmEnv,
+			...resources?.memory && { memory: resources.memory },
+			...resources?.cpus && { cpus: resources.cpus },
+			vfs: { mounts: {
+				[guestWorkspace]: workspaceProvider,
+				[GUEST_TASK_SKILLS_MOUNT]: new MemoryProvider()
+			} }
+		}),
+		signal: config.signal,
+		label: "VM resume",
+		cleanup: (resumedVm) => resumedVm.close(),
+		onCleanupError: (err) => {
+			const message = err instanceof Error ? err.message : String(err);
+			process.stderr.write(`[vm] aborted resume late vm.close() failed: ${message}\n`);
+		}
 	});
 	try {
-		await vm.exec(`sh -c '
+		await vmRun(vm, "TLS certificates", `
     cp /etc/gondolin/mitm/ca.crt /usr/local/share/ca-certificates/gondolin-mitm.crt
     update-ca-certificates 2>/dev/null
     cat /etc/gondolin/mitm/ca.crt >> /etc/ssl/certs/ca-certificates.crt
-  '`);
-		await vmRun(vm, "DNS resolvers", `printf 'nameserver 8.8.8.8\\nnameserver 1.1.1.1\\n' > /etc/resolv.conf`);
-		await vmRun(vm, "git safe.directory", `git config --system --add safe.directory '*'`);
+  `, config.signal);
+		await vmRun(vm, "DNS resolvers", `printf 'nameserver 8.8.8.8\\nnameserver 1.1.1.1\\n' > /etc/resolv.conf`, config.signal);
+		await vmRun(vm, "git safe.directory", `git config --system --add safe.directory '*'`, config.signal);
 		for (const [i, entry] of (config.sandboxConfig?.resumeCommands ?? []).entries()) {
 			if (!shouldRunResumeCommand(entry, { workspaceMode })) continue;
 			const { run, retries, backoffMs } = typeof entry === "string" ? {
@@ -8518,34 +8798,67 @@ async function resumeVm(config) {
 			const label = `resumeCommands[${i}]`;
 			let lastErr;
 			for (let attempt = 0; attempt <= retries; attempt++) try {
-				await vmRun(vm, label, run);
+				await vmRun(vm, label, run, config.signal);
 				lastErr = void 0;
 				break;
 			} catch (err) {
 				lastErr = err;
 				if (attempt === retries) break;
-				await new Promise((resolve) => {
-					setTimeout(resolve, (attempt + 1) * backoffMs);
-				});
+				await delay((attempt + 1) * backoffMs, config.signal, label);
 			}
-			if (lastErr) throw lastErr instanceof Error ? lastErr : new Error(String(lastErr));
+			if (lastErr) throw lastErr instanceof Error ? lastErr : new Error(nonErrorMessage(lastErr));
 		}
 		const vmSshDir = `${vmAgentDir}/ssh`;
-		await vm.exec(`mkdir -p ${vmAgentDir}/ssh /home/agent/.pi/agent`);
-		if (creds.piAuthJson !== null) await vm.fs.writeFile("/home/agent/.pi/agent/auth.json", creds.piAuthJson, { mode: 384 });
+		await vm.exec(`mkdir -p ${vmAgentDir}/ssh /home/agent/.pi/agent`, { signal: config.signal });
+		if (creds.piAuthJson !== null) await vm.fs.writeFile("/home/agent/.pi/agent/auth.json", creds.piAuthJson, {
+			mode: 384,
+			signal: config.signal
+		});
 		const vmMoltnetJson = rewriteMoltnetJsonPaths(creds.moltnetJson, vmAgentDir, vmSshDir, creds.githubAppPemFilename);
-		await vm.fs.writeFile(`${vmAgentDir}/moltnet.json`, vmMoltnetJson, { mode: 384 });
-		await vm.fs.writeFile(`${vmAgentDir}/env`, creds.agentEnvRaw, { mode: 384 });
+		await vm.fs.writeFile(`${vmAgentDir}/moltnet.json`, vmMoltnetJson, {
+			mode: 384,
+			signal: config.signal
+		});
+		await vm.fs.writeFile(`${vmAgentDir}/env`, creds.agentEnvRaw, {
+			mode: 384,
+			signal: config.signal
+		});
 		if (creds.gitconfig) {
 			const vmSigningKey = `${vmSshDir}/id_ed25519`;
 			const vmGitconfig = creds.gitconfig.replace(/signingKey\s*=\s*.+/g, `signingKey = ${vmSigningKey}`);
-			await vm.fs.writeFile(`${vmAgentDir}/gitconfig`, vmGitconfig, { mode: 420 });
+			await vm.fs.writeFile(`${vmAgentDir}/gitconfig`, vmGitconfig, {
+				mode: 420,
+				signal: config.signal
+			});
 		}
-		if (creds.sshPrivateKey) await vm.fs.writeFile(`${vmSshDir}/id_ed25519`, creds.sshPrivateKey, { mode: 384 });
-		if (creds.sshPublicKey) await vm.fs.writeFile(`${vmSshDir}/id_ed25519.pub`, creds.sshPublicKey, { mode: 420 });
-		if (creds.allowedSigners) await vm.fs.writeFile(`${vmSshDir}/allowed_signers`, creds.allowedSigners, { mode: 420 });
-		if (creds.githubAppPem && creds.githubAppPemFilename) await vm.fs.writeFile(`${vmAgentDir}/${creds.githubAppPemFilename}`, creds.githubAppPem, { mode: 384 });
-		await vm.exec("chown -R agent:agent /home/agent/.pi /home/agent/.moltnet");
+		if (creds.sshPrivateKey) await vm.fs.writeFile(`${vmSshDir}/id_ed25519`, creds.sshPrivateKey, {
+			mode: 384,
+			signal: config.signal
+		});
+		if (creds.sshPublicKey) await vm.fs.writeFile(`${vmSshDir}/id_ed25519.pub`, creds.sshPublicKey, {
+			mode: 420,
+			signal: config.signal
+		});
+		if (creds.allowedSigners) await vm.fs.writeFile(`${vmSshDir}/allowed_signers`, creds.allowedSigners, {
+			mode: 420,
+			signal: config.signal
+		});
+		if (creds.githubAppPem && creds.githubAppPemFilename) await vm.fs.writeFile(`${vmAgentDir}/${creds.githubAppPemFilename}`, creds.githubAppPem, {
+			mode: 384,
+			signal: config.signal
+		});
+		await vm.exec("chown -R agent:agent /home/agent/.pi /home/agent/.moltnet", { signal: config.signal });
+		const gitCredHelperPath = `${vmSshDir}/git-credential-moltnet`;
+		const credHelperScript = `#!/bin/sh
+echo "username=x-access-token"
+echo "password=$(moltnet github token --credentials ${vmSshDir}/moltnet.json)"
+`;
+		await vm.fs.writeFile(gitCredHelperPath, credHelperScript, {
+			mode: 493,
+			signal: config.signal
+		});
+		await vmRun(vm, "git credential helper", `git config --global credential.helper ${gitCredHelperPath} && \
+       git config --global url."https://github.com/".insteadOf "git@github.com:"`, config.signal);
 		return {
 			vm,
 			credentials: creds,
@@ -13055,18 +13368,120 @@ var TaskContext = _Array_(_Object_({
 	maxItems: 5
 });
 //#endregion
-//#region ../tasks/src/daemon-profiles.ts
-var DaemonProfileName = String$1({
+//#region ../tasks/src/rubric.ts
+/**
+* Rubric — structured acceptance criteria used by judgment tasks.
+*
+* Phase 1 (this PR): rubrics are embedded in task inputs. Their integrity
+* is pinned via the task's `input_cid` (which covers the whole input,
+* including the inline rubric). No separate storage, no CRUD.
+*
+* Phase 2 (see #881): rubrics become a first-class resource with their
+* own signed rows and CIDv1 lookup. The schema below is designed to
+* carry forward unchanged — only storage and addressing differ.
+*
+* Until Phase 2 lands, `rubricId` + `version` + `contentHash` are
+* informational fields the author fills in; no uniqueness is enforced.
+* `contentHash` is optional in Phase 1 because the *task*'s input_cid
+* is the authoritative commitment.
+*/
+/**
+* How a judge must score a single criterion.
+*
+* - `llm_score`: 0..1 continuous, `rationale` required. Smooths failures
+*   into the gradient — use `llm_checklist` instead for properties where
+*   a single failure is a real failure (grounding, faithfulness).
+* - `llm_checklist`: judge enumerates per-claim assertions with
+*   `{passed, evidence}`. The criterion's numeric `score` is derived:
+*   `1` iff every assertion passes, else `0`. Per-claim evidence is the
+*   dataset for cluster-analysis of failure modes. See #999.
+* - `boolean`: 0 or 1, `rationale` optional.
+* - `deterministic_signature_check`: judge runs a signature check;
+*   result is 0 or 1. No LLM discretion.
+* - `deterministic_coverage_check`: every referenced source entry
+*   appears in the rendered output; 0 or 1.
+*/
+var RubricScoringMode = Union([
+	Literal("llm_score"),
+	Literal("llm_checklist"),
+	Literal("boolean"),
+	Literal("deterministic_signature_check"),
+	Literal("deterministic_coverage_check")
+], { $id: "RubricScoringMode" });
+/**
+* One binary check produced by an `llm_checklist`-mode criterion.
+*
+* `evidence` is REQUIRED for both PASS and FAIL — agentskills.io grading
+* principle: \"Don't give the benefit of the doubt.\" A PASS without
+* concrete evidence (a quoted span, an entry id, a source location)
+* cannot be audited. A FAIL without evidence cannot be clustered into
+* structural fixes. The same shape is reused by `judge-eval-variant`
+* (#943) so tooling, dashboards, and analysis stay uniform.
+*/
+var AssertionResult = _Object_({
+	id: String$1({ minLength: 1 }),
+	text: String$1({ minLength: 1 }),
+	passed: Boolean$1(),
+	evidence: String$1({ minLength: 1 })
+}, {
+	$id: "AssertionResult",
+	additionalProperties: false
+});
+var RubricCriterion = _Object_({
+	id: String$1({ minLength: 1 }),
+	description: String$1({ minLength: 1 }),
+	weight: Number$1({
+		minimum: 0,
+		maximum: 1
+	}),
+	scoring: RubricScoringMode
+}, {
+	$id: "RubricCriterion",
+	additionalProperties: false
+});
+/**
+* A complete rubric. Same shape used in Phase 1 (inline) and Phase 2
+* (stored row `body`); only the addressing mechanism differs.
+*/
+var Rubric = _Object_({
+	rubricId: String$1({ minLength: 1 }),
+	version: String$1({ minLength: 1 }),
+	preamble: Optional(String$1()),
+	criteria: _Array_(RubricCriterion, { minItems: 1 }),
+	scope: Optional(String$1()),
+	contentHash: Optional(String$1())
+}, {
+	$id: "Rubric",
+	additionalProperties: false
+});
+/**
+* Verify rubric criteria weights sum to 1.0 within floating-point tolerance.
+* The schema constrains each weight to [0,1] but can't express a cross-field
+* sum constraint, so this is enforced programmatically by callers that
+* accept rubrics (task input validators, server-side task creation).
+*
+* Returns null when valid; otherwise an error message suitable for surfacing
+* to the caller. Tolerance is 1e-6 to accommodate JSON round-tripping of
+* decimal fractions (e.g. 0.1 + 0.2 + 0.3 + 0.4 ≠ 1.0 exactly).
+*/
+function validateRubricWeights(rubric) {
+	const sum = rubric.criteria.reduce((acc, c) => acc + c.weight, 0);
+	if (Math.abs(sum - 1) > 1e-6) return `Rubric weights must sum to 1.0 (got ${sum.toFixed(6)})`;
+	return null;
+}
+//#endregion
+//#region ../tasks/src/runtime-profiles.ts
+var RuntimeProfileName = String$1({
 	minLength: 1,
 	maxLength: 100,
 	pattern: "^[a-zA-Z0-9][a-zA-Z0-9_-]{0,99}$"
 });
-var DaemonProfileEnvName = String$1({
+var RuntimeProfileEnvName = String$1({
 	minLength: 1,
 	maxLength: 128,
 	pattern: "^[A-Z_][A-Z0-9_]*$"
 });
-var DaemonProfileToolName = String$1({
+var RuntimeProfileToolName = String$1({
 	minLength: 1,
 	maxLength: 128,
 	pattern: "^[a-zA-Z0-9._/-]+$"
@@ -13079,7 +13494,7 @@ var SandboxResumeCommandWhenSchema = _Object_({ workspaceMode: Optional(_Array_(
 	minItems: 1,
 	maxItems: 3
 })) }, { additionalProperties: false });
-var DaemonProfileSandboxResumeCommand = Union([String$1({
+var RuntimeProfileSandboxResumeCommand = Union([String$1({
 	minLength: 1,
 	maxLength: 4096
 }), _Object_({
@@ -13097,7 +13512,7 @@ var DaemonProfileSandboxResumeCommand = Union([String$1({
 		maximum: 6e4
 	}))
 }, { additionalProperties: false })]);
-var DaemonProfileSandbox = _Object_({
+var RuntimeProfileSandbox = _Object_({
 	snapshot: Optional(_Object_({
 		setupCommands: Optional(_Array_(String$1({
 			minLength: 1,
@@ -13113,7 +13528,7 @@ var DaemonProfileSandbox = _Object_({
 			pattern: "^[0-9]+[KMGTP]?$"
 		}))
 	}, { additionalProperties: false })),
-	resumeCommands: Optional(_Array_(DaemonProfileSandboxResumeCommand, { maxItems: 30 })),
+	resumeCommands: Optional(_Array_(RuntimeProfileSandboxResumeCommand, { maxItems: 30 })),
 	vfs: Optional(_Object_({
 		shadow: Optional(_Array_(String$1({
 			minLength: 1,
@@ -13121,7 +13536,7 @@ var DaemonProfileSandbox = _Object_({
 		}), { maxItems: 100 })),
 		shadowMode: Optional(Union([Literal("deny"), Literal("tmpfs")]))
 	}, { additionalProperties: false })),
-	env: Optional(Record(DaemonProfileEnvName, String$1({ maxLength: 4096 }))),
+	env: Optional(Record(RuntimeProfileEnvName, String$1({ maxLength: 4096 }))),
 	hostExec: Optional(_Object_({ autoApprove: Optional(Literal(false)) }, { additionalProperties: false })),
 	resources: Optional(_Object_({
 		memory: Optional(String$1({
@@ -13135,10 +13550,10 @@ var DaemonProfileSandbox = _Object_({
 		}))
 	}, { additionalProperties: false }))
 }, {
-	$id: "DaemonProfileSandbox",
+	$id: "RuntimeProfileSandbox",
 	additionalProperties: false
 });
-var DaemonProfileContext = _Object_({
+var RuntimeProfileContext = _Object_({
 	slug: String$1({
 		minLength: 1,
 		maxLength: 64,
@@ -13155,17 +13570,29 @@ var DaemonProfileContext = _Object_({
 		maxLength: 65536
 	})
 }, {
-	$id: "DaemonProfileContext",
+	$id: "RuntimeProfileContext",
 	additionalProperties: false
 });
-var DaemonProfileRef = _Object_({ profileId: String$1({ format: "uuid" }) }, {
-	$id: "DaemonProfileRef",
+var RuntimeProfileRef = _Object_({ profileId: String$1({ format: "uuid" }) }, {
+	$id: "RuntimeProfileRef",
 	additionalProperties: false
 });
+var RuntimeProfileLeaseTtlSec = Integer({
+	minimum: 1,
+	maximum: 86400
+});
+var RuntimeProfileHeartbeatIntervalMs = Integer({
+	minimum: 0,
+	maximum: 36e5
+});
+var RuntimeProfileMaxBatchSize = Integer({
+	minimum: 1,
+	maximum: 1e3
+});
 _Object_({
 	id: String$1({ format: "uuid" }),
 	teamId: String$1({ format: "uuid" }),
-	name: DaemonProfileName,
+	name: RuntimeProfileName,
 	description: Union([String$1({ maxLength: 4096 }), Null()]),
 	provider: String$1({
 		minLength: 1,
@@ -13176,7 +13603,7 @@ _Object_({
 		maxLength: 200
 	}),
 	runtimeKind: Literal("gondolin_pi"),
-	sandbox: DaemonProfileSandbox,
+	sandbox: RuntimeProfileSandbox,
 	sessionStorageMode: Literal("local"),
 	workspaceStorageMode: Literal("local"),
 	sessionTtlSec: Integer({
@@ -13187,9 +13614,12 @@ _Object_({
 		minimum: 1,
 		maximum: 86400
 	}),
-	requiredEnv: _Array_(DaemonProfileEnvName, { maxItems: 100 }),
-	requiredTools: _Array_(DaemonProfileToolName, { maxItems: 100 }),
-	context: _Array_(DaemonProfileContext, { maxItems: 5 }),
+	leaseTtlSec: RuntimeProfileLeaseTtlSec,
+	heartbeatIntervalMs: RuntimeProfileHeartbeatIntervalMs,
+	maxBatchSize: RuntimeProfileMaxBatchSize,
+	requiredEnv: _Array_(RuntimeProfileEnvName, { maxItems: 100 }),
+	requiredTools: _Array_(RuntimeProfileToolName, { maxItems: 100 }),
+	context: _Array_(RuntimeProfileContext, { maxItems: 5 }),
 	revision: Integer({ minimum: 1 }),
 	definitionCid: String$1({
 		minLength: 1,
@@ -13200,111 +13630,9 @@ _Object_({
 	createdAt: String$1({ format: "date-time" }),
 	updatedAt: String$1({ format: "date-time" })
 }, {
-	$id: "DaemonProfile",
-	additionalProperties: false
-});
-//#endregion
-//#region ../tasks/src/rubric.ts
-/**
-* Rubric — structured acceptance criteria used by judgment tasks.
-*
-* Phase 1 (this PR): rubrics are embedded in task inputs. Their integrity
-* is pinned via the task's `input_cid` (which covers the whole input,
-* including the inline rubric). No separate storage, no CRUD.
-*
-* Phase 2 (see #881): rubrics become a first-class resource with their
-* own signed rows and CIDv1 lookup. The schema below is designed to
-* carry forward unchanged — only storage and addressing differ.
-*
-* Until Phase 2 lands, `rubricId` + `version` + `contentHash` are
-* informational fields the author fills in; no uniqueness is enforced.
-* `contentHash` is optional in Phase 1 because the *task*'s input_cid
-* is the authoritative commitment.
-*/
-/**
-* How a judge must score a single criterion.
-*
-* - `llm_score`: 0..1 continuous, `rationale` required. Smooths failures
-*   into the gradient — use `llm_checklist` instead for properties where
-*   a single failure is a real failure (grounding, faithfulness).
-* - `llm_checklist`: judge enumerates per-claim assertions with
-*   `{passed, evidence}`. The criterion's numeric `score` is derived:
-*   `1` iff every assertion passes, else `0`. Per-claim evidence is the
-*   dataset for cluster-analysis of failure modes. See #999.
-* - `boolean`: 0 or 1, `rationale` optional.
-* - `deterministic_signature_check`: judge runs a signature check;
-*   result is 0 or 1. No LLM discretion.
-* - `deterministic_coverage_check`: every referenced source entry
-*   appears in the rendered output; 0 or 1.
-*/
-var RubricScoringMode = Union([
-	Literal("llm_score"),
-	Literal("llm_checklist"),
-	Literal("boolean"),
-	Literal("deterministic_signature_check"),
-	Literal("deterministic_coverage_check")
-], { $id: "RubricScoringMode" });
-/**
-* One binary check produced by an `llm_checklist`-mode criterion.
-*
-* `evidence` is REQUIRED for both PASS and FAIL — agentskills.io grading
-* principle: \"Don't give the benefit of the doubt.\" A PASS without
-* concrete evidence (a quoted span, an entry id, a source location)
-* cannot be audited. A FAIL without evidence cannot be clustered into
-* structural fixes. The same shape is reused by `judge-eval-variant`
-* (#943) so tooling, dashboards, and analysis stay uniform.
-*/
-var AssertionResult = _Object_({
-	id: String$1({ minLength: 1 }),
-	text: String$1({ minLength: 1 }),
-	passed: Boolean$1(),
-	evidence: String$1({ minLength: 1 })
-}, {
-	$id: "AssertionResult",
-	additionalProperties: false
-});
-var RubricCriterion = _Object_({
-	id: String$1({ minLength: 1 }),
-	description: String$1({ minLength: 1 }),
-	weight: Number$1({
-		minimum: 0,
-		maximum: 1
-	}),
-	scoring: RubricScoringMode
-}, {
-	$id: "RubricCriterion",
-	additionalProperties: false
-});
-/**
-* A complete rubric. Same shape used in Phase 1 (inline) and Phase 2
-* (stored row `body`); only the addressing mechanism differs.
-*/
-var Rubric = _Object_({
-	rubricId: String$1({ minLength: 1 }),
-	version: String$1({ minLength: 1 }),
-	preamble: Optional(String$1()),
-	criteria: _Array_(RubricCriterion, { minItems: 1 }),
-	scope: Optional(String$1()),
-	contentHash: Optional(String$1())
-}, {
-	$id: "Rubric",
+	$id: "RuntimeProfile",
 	additionalProperties: false
 });
-/**
-* Verify rubric criteria weights sum to 1.0 within floating-point tolerance.
-* The schema constrains each weight to [0,1] but can't express a cross-field
-* sum constraint, so this is enforced programmatically by callers that
-* accept rubrics (task input validators, server-side task creation).
-*
-* Returns null when valid; otherwise an error message suitable for surfacing
-* to the caller. Tolerance is 1e-6 to accommodate JSON round-tripping of
-* decimal fractions (e.g. 0.1 + 0.2 + 0.3 + 0.4 ≠ 1.0 exactly).
-*/
-function validateRubricWeights(rubric) {
-	const sum = rubric.criteria.reduce((acc, c) => acc + c.weight, 0);
-	if (Math.abs(sum - 1) > 1e-6) return `Rubric weights must sum to 1.0 (got ${sum.toFixed(6)})`;
-	return null;
-}
 //#endregion
 //#region ../tasks/src/success-criteria.ts
 /**
@@ -16997,6 +17325,7 @@ var TaskAttemptStatus = Union([
 	Literal("completed"),
 	Literal("failed"),
 	Literal("cancelled"),
+	Literal("aborted"),
 	Literal("timed_out")
 ], { $id: "TaskAttemptStatus" });
 var ExecutorTrustLevel = Union([
@@ -17149,7 +17478,7 @@ _Object_({
 	acceptedAttemptN: Union([Number$1(), Null()]),
 	claimCondition: Union([Unsafe(Ref$1("ClaimCondition")), Null()]),
 	requiredExecutorTrustLevel: ExecutorTrustLevel,
-	allowedProfiles: _Array_(DaemonProfileRef, { maxItems: 16 }),
+	allowedProfiles: _Array_(RuntimeProfileRef, { maxItems: 16 }),
 	status: TaskStatus,
 	queuedAt: IsoTimestamp,
 	completedAt: Union([IsoTimestamp, Null()]),
@@ -23129,6 +23458,20 @@ async function executePiTask(claimedTask, reporter, opts) {
 			retryable: false
 		}
 	});
+	const makeCancelledOutput = (message) => ({
+		taskId: task.id,
+		attemptN,
+		status: "cancelled",
+		output: null,
+		outputCid: null,
+		usage: finalUsage,
+		durationMs: Date.now() - startTime,
+		error: {
+			code: "task_cancelled",
+			message,
+			retryable: false
+		}
+	});
 	let onTurnEvent;
 	if (opts.makeOnTurnEvent) try {
 		onTurnEvent = opts.makeOnTurnEvent(claimedTask);
@@ -23191,10 +23534,15 @@ async function executePiTask(claimedTask, reporter, opts) {
 				mountPath,
 				workspaceMode: workspace.mode,
 				extraAllowedHosts: opts.extraAllowedHosts,
-				sandboxConfig
+				sandboxConfig,
+				signal: reporter.cancelSignal
 			});
 		} catch (err) {
 			const message = err instanceof Error ? err.message : String(err);
+			if (reporter.cancelSignal.aborted) {
+				await emitError("vm_resume", message, { cancelled: true });
+				return makeCancelledOutput(reporter.cancelReason ?? "Task cancelled during VM resume.");
+			}
 			await emitError("vm_resume", message);
 			return makeFailedOutput("vm_resume_failed", message);
 		}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@themoltnet/pi-extension",
-  "version": "0.23.0",
+  "version": "0.23.1",
   "type": "module",
   "description": "MoltNet pi extension — sandboxed tool execution in Gondolin VMs with MoltNet identity and persistent memory",
   "keywords": [
@@ -36,8 +36,8 @@
     "@earendil-works/gondolin": "^0.9.1",
     "@opentelemetry/api": "^1.9.0",
     "typebox": "^1.2.8",
-    "@themoltnet/sdk": "0.107.0",
-    "@themoltnet/agent-runtime": "0.23.0"
+    "@themoltnet/sdk": "0.108.0",
+    "@themoltnet/agent-runtime": "0.24.0"
   },
   "peerDependencies": {
     "@earendil-works/pi-coding-agent": ">=0.74.0",
@@ -61,8 +61,8 @@
     "vite": "^8.0.0",
     "vite-plugin-dts": "^4.5.4",
     "vitest": "^3.0.0",
-    "@moltnet/tasks": "0.1.0",
-    "@moltnet/crypto-service": "0.1.0"
+    "@moltnet/crypto-service": "0.1.0",
+    "@moltnet/tasks": "0.1.0"
   },
   "engines": {
     "node": ">=22"