npm - @themoltnet/pi-extension - Versions diffs - 0.7.0 → 0.9.0 - Mend

@themoltnet/pi-extension 0.7.0 → 0.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/index.d.ts CHANGED Viewed

@@ -272,6 +272,7 @@ declare const Task: TObject<    {
     imposedByAgentId: TUnion<[TString, TNull]>;
     imposedByHumanId: TUnion<[TString, TNull]>;
     acceptedAttemptN: TUnion<[TNumber, TNull]>;
+    requiredExecutorTrustLevel: TUnion<[TLiteral<"selfDeclared">, TLiteral<"agentSigned">, TLiteral<"releaseVerifiedTool">, TLiteral<"sandboxAttested">]>;
     status: TUnion<[TLiteral<"queued">, TLiteral<"dispatched">, TLiteral<"running">, TLiteral<"completed">, TLiteral<"failed">, TLiteral<"cancelled">, TLiteral<"expired">]>;
     queuedAt: TString;
     completedAt: TUnion<[TString, TNull]>;
@@ -280,6 +281,8 @@ declare const Task: TObject<    {
     cancelledByHumanId: TUnion<[TString, TNull]>;
     cancelReason: TUnion<[TString, TNull]>;
     maxAttempts: TNumber;
+    dispatchTimeoutSec: TUnion<[TInteger, TNull]>;
+    runningTimeoutSec: TUnion<[TInteger, TNull]>;
 }>;
 declare type Task = Static<typeof Task>;
@@ -363,6 +366,26 @@ declare interface TaskReporter {
     finalize(usage: TaskUsage): Promise<void>;
     /** Flush buffers + release resources. Called once. Idempotent. */
     close(): Promise<void>;
+    /**
+     * Signal that aborts when the task is cancelled by the imposer (or a
+     * diary writer) while the executor is running. `ApiTaskReporter`
+     * aborts this on the next heartbeat that observes `cancelled: true`
+     * in the response (#938). Local reporters (`StdoutReporter`,
+     * `JsonlTaskReporter`) never abort — there's no remote cancel
+     * channel for `FileTaskSource`.
+     *
+     * Executors should pass this signal into long-running work
+     * (LLM calls, sandbox execution, file ops) and surface a
+     * `status: 'cancelled'` output when it fires. The runtime also
+     * checks the signal post-execute and converts any output to
+     * `cancelled` if the executor returned without honoring it.
+     */
+    readonly cancelSignal: AbortSignal;
+    /**
+     * The reason supplied to `/tasks/:id/cancel` by the canceller, if
+     * cancellation has been observed. Null until `cancelSignal` aborts.
+     */
+    readonly cancelReason: string | null;
 }
 /**

package/dist/index.js CHANGED Viewed

@@ -2536,6 +2536,7 @@ function createDiaryGrantsNamespace(context) {
 		}
 	};
 }
+new TextEncoder();
 //#endregion
 //#region ../../node_modules/.pnpm/@noble+hashes@1.8.0/node_modules/@noble/hashes/esm/utils.js
 /** Checks if something is Uint8Array. Be careful: nodejs Buffer will return true. */
@@ -4266,6 +4267,13 @@ etc.sha512Sync = (...m) => {
 	return hash.digest();
 };
 //#endregion
+//#region ../crypto-service/src/executor-attestation.ts
+etc.sha512Sync = (...m) => {
+	const hash = createHash("sha512");
+	m.forEach((msg) => hash.update(msg));
+	return hash.digest();
+};
+//#endregion
 //#region ../../node_modules/.pnpm/multiformats@13.4.2/node_modules/multiformats/dist/src/codecs/json.js
 var textEncoder$1 = new TextEncoder();
 new TextDecoder();
@@ -9224,6 +9232,12 @@ var TaskAttemptStatus = Type$1.Union([
 	Type$1.Literal("cancelled"),
 	Type$1.Literal("timed_out")
 ], { $id: "TaskAttemptStatus" });
+var ExecutorTrustLevel = Type$1.Union([
+	Type$1.Literal("selfDeclared"),
+	Type$1.Literal("agentSigned"),
+	Type$1.Literal("releaseVerifiedTool"),
+	Type$1.Literal("sandboxAttested")
+], { $id: "ExecutorTrustLevel" });
 var OutputKind = Type$1.Union([Type$1.Literal("artifact"), Type$1.Literal("judgment")], { $id: "OutputKind" });
 var TaskMessageKind = Type$1.Union([
 	Type$1.Literal("text_delta"),
@@ -9316,6 +9330,7 @@ Type$1.Object({
 	imposedByAgentId: Type$1.Union([Uuid, Type$1.Null()]),
 	imposedByHumanId: Type$1.Union([Uuid, Type$1.Null()]),
 	acceptedAttemptN: Type$1.Union([Type$1.Number(), Type$1.Null()]),
+	requiredExecutorTrustLevel: ExecutorTrustLevel,
 	status: TaskStatus,
 	queuedAt: IsoTimestamp,
 	completedAt: Type$1.Union([IsoTimestamp, Type$1.Null()]),
@@ -9323,7 +9338,15 @@ Type$1.Object({
 	cancelledByAgentId: Type$1.Union([Uuid, Type$1.Null()]),
 	cancelledByHumanId: Type$1.Union([Uuid, Type$1.Null()]),
 	cancelReason: Type$1.Union([Type$1.String(), Type$1.Null()]),
-	maxAttempts: Type$1.Number({ minimum: 1 })
+	maxAttempts: Type$1.Number({ minimum: 1 }),
+	dispatchTimeoutSec: Type$1.Union([Type$1.Integer({
+		minimum: 1,
+		maximum: 86400
+	}), Type$1.Null()]),
+	runningTimeoutSec: Type$1.Union([Type$1.Integer({
+		minimum: 1,
+		maximum: 86400
+	}), Type$1.Null()])
 }, {
 	$id: "Task",
 	additionalProperties: false
@@ -9339,6 +9362,10 @@ Type$1.Object({
 	status: TaskAttemptStatus,
 	output: Type$1.Union([Type$1.Record(Type$1.String(), Type$1.Unknown()), Type$1.Null()]),
 	outputCid: Type$1.Union([Cid, Type$1.Null()]),
+	claimedExecutorFingerprint: Type$1.Union([Cid, Type$1.Null()]),
+	claimedExecutorManifest: Type$1.Union([Type$1.Record(Type$1.String(), Type$1.Unknown()), Type$1.Null()]),
+	completedExecutorFingerprint: Type$1.Union([Cid, Type$1.Null()]),
+	completedExecutorManifest: Type$1.Union([Type$1.Record(Type$1.String(), Type$1.Unknown()), Type$1.Null()]),
 	error: Type$1.Union([TaskError, Type$1.Null()]),
 	usage: Type$1.Union([TaskUsage, Type$1.Null()]),
 	contentSignature: Type$1.Union([Type$1.String(), Type$1.Null()]),
@@ -9480,11 +9507,7 @@ function buildAssessBriefPrompt(input, ctx) {
 */
 function buildCuratePackPrompt(input, ctx) {
 	const { diaryId, taskPrompt, entryTypes, tagFilters, tokenBudget, recipe } = input;
-	const effectiveEntryTypes = entryTypes ?? [
-		"semantic",
-		"episodic",
-		"procedural"
-	];
+	const entryTypesPinned = Boolean(entryTypes);
 	const resolvedRecipe = recipe ?? "topic-focused-v1";
 	const includeLine = tagFilters?.include?.length ? `- Hard include (ALL must be present on an entry): ${tagFilters.include.map((t) => `\`${t}\``).join(", ")}` : null;
 	const excludeLine = tagFilters?.exclude?.length ? `- Hard exclude (drop if ANY present): ${tagFilters.exclude.map((t) => `\`${t}\``).join(", ")}` : null;
@@ -9513,7 +9536,16 @@ function buildCuratePackPrompt(input, ctx) {
 		"",
 		"## Constraints",
 		"",
-		`- Entry types in play: ${effectiveEntryTypes.map((t) => `\`${t}\``).join(", ")}`,
+		entryTypesPinned ? `- Entry types pinned by imposer (do not widen): ${entryTypes.map((t) => `\`${t}\``).join(", ")}` : "- Entry types: **you choose**. The diary contains three kinds:",
+		entryTypesPinned ? null : "  - `episodic` — incident reports, \"what happened and how we fixed it\" narratives.",
+		entryTypesPinned ? null : "  - `semantic` — durable decisions, patterns, design rationale.",
+		entryTypesPinned ? null : "  - `procedural` — commit audit trails / changelog-style provenance.",
+		entryTypesPinned ? null : "  Pick the subset that fits the prompt. For \"failures and workarounds\"",
+		entryTypesPinned ? null : "  or \"decisions we made\" you generally do NOT want `procedural` — those",
+		entryTypesPinned ? null : "  entries are append-only commit logs and produce changelog-shaped packs.",
+		entryTypesPinned ? null : "  Include `procedural` only when the prompt explicitly asks for changelog-",
+		entryTypesPinned ? null : "  style content (e.g., \"what shipped this week\"). State your choice",
+		entryTypesPinned ? null : "  briefly in the final `summary`.",
 		`- Recipe tag: \`${resolvedRecipe}\` (recorded on pack params)`,
 		tokenBudget ? `- Token budget (soft cap on final pack): ${tokenBudget}. Pick entry count so the pack fits — estimate ~300 tok/entry as a starting heuristic, tighten after inspecting actual content lengths.` : "- No token budget — size the pack to match the prompt, not an arbitrary target.",
 		includeLine,
@@ -10018,6 +10050,20 @@ async function executePiTask(claimedTask, reporter, opts) {
 	const attemptN = claimedTask.attemptN;
 	const startTime = Date.now();
 	const mountPath = opts.mountPath ?? process.cwd();
+	if (reporter.cancelSignal.aborted) return {
+		taskId: task.id,
+		attemptN,
+		status: "cancelled",
+		output: null,
+		outputCid: null,
+		usage: emptyUsage(opts.provider, opts.model),
+		durationMs: Date.now() - startTime,
+		error: {
+			code: "task_cancelled",
+			message: reporter.cancelReason ?? "Task cancelled before pi executor started.",
+			retryable: false
+		}
+	};
 	const checkpointPath = opts.checkpointPath ?? await ensureSnapshot({
 		config: opts.sandboxConfig?.snapshot,
 		onProgress: opts.onSnapshotProgress ?? ((m) => {
@@ -10046,6 +10092,7 @@ async function executePiTask(claimedTask, reporter, opts) {
 	let reporterOpen = false;
 	let session = null;
 	const finalUsage = emptyUsage(opts.provider, opts.model);
+	let cancelListener = null;
 	const makeFailedOutput = (code, message, usage = finalUsage) => ({
 		taskId: task.id,
 		attemptN,
@@ -10146,6 +10193,7 @@ async function executePiTask(claimedTask, reporter, opts) {
 		let assistantText = "";
 		let reporterError = null;
 		const usage = finalUsage;
+		cancelListener = wireSessionAbort(reporter.cancelSignal, session);
 		const recordingPromise = [];
 		const track = (p) => {
 			recordingPromise.push(p.catch((err) => {
@@ -10201,10 +10249,11 @@ async function executePiTask(claimedTask, reporter, opts) {
 			});
 		}
 		await Promise.all(recordingPromise);
+		const cancelled = reporter.cancelSignal.aborted;
 		let parsedOutput = null;
 		let parsedOutputCid = null;
 		let parseError = null;
-		if (!runError && !llmAbort) {
+		if (!runError && !llmAbort && !cancelled) {
 			const parsed = await parseStructuredTaskOutput(assistantText, task.taskType);
 			parsedOutput = parsed.output;
 			parsedOutputCid = parsed.outputCid;
@@ -10214,6 +10263,20 @@ async function executePiTask(claimedTask, reporter, opts) {
 				phase: "output_validation"
 			});
 		}
+		if (cancelled) return {
+			taskId: task.id,
+			attemptN,
+			status: "cancelled",
+			output: null,
+			outputCid: null,
+			usage,
+			durationMs: Date.now() - startTime,
+			error: {
+				code: "task_cancelled",
+				message: reporter.cancelReason ?? "Task cancelled by imposer while pi session was running.",
+				retryable: false
+			}
+		};
 		const status = runError || llmAbort || parseError || reporterError ? "failed" : "completed";
 		const errorCode = runError?.code ?? parseError?.code ?? reporterError?.code ?? (llmAbort ? "llm_api_error" : void 0);
 		const errorMessage = runError?.message ?? parseError?.message ?? reporterError?.message ?? (llmAbort ? "LLM API error during turn" : void 0);
@@ -10234,6 +10297,7 @@ async function executePiTask(claimedTask, reporter, opts) {
 	} catch (err) {
 		return makeFailedOutput("executor_unexpected_error", err instanceof Error ? err.message : String(err));
 	} finally {
+		if (cancelListener) reporter.cancelSignal.removeEventListener("abort", cancelListener);
 		if (session) try {
 			session.dispose();
 		} catch {}
@@ -10263,6 +10327,32 @@ function emptyUsage(provider, model) {
 	};
 }
 /**
+* Wire `cancelSignal` → `session.abort()`. Returns the listener so the
+* caller can remove it on cleanup. If the signal is already aborted at
+* call time (cancel landed between session creation and wiring), fires
+* abort synchronously instead of waiting for an `'abort'` event that
+* already happened.
+*
+* Exported for unit testing without a booted Gondolin VM. The double-
+* invocation guard handles both the rare "fire from constructor + later
+* event" race and the (in-practice idempotent) double-call into
+* `session.abort()`.
+*/
+function wireSessionAbort(cancelSignal, session) {
+	let abortInvoked = false;
+	const listener = () => {
+		if (abortInvoked) return;
+		abortInvoked = true;
+		session.abort().catch((err) => {
+			const message = err instanceof Error ? err.message : String(err);
+			process.stderr.write(`[pi] session.abort() failed: ${message}\n`);
+		});
+	};
+	if (cancelSignal.aborted) listener();
+	else cancelSignal.addEventListener("abort", listener, { once: true });
+	return listener;
+}
+/**
 * Cap oversized tool-result payloads before embedding them in a
 * `task_messages.payload` row. Bodies above 4 KiB are replaced with a
 * `{ truncated, original_size }` marker so the JSONL/DB size stays bounded.

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@themoltnet/pi-extension",
-  "version": "0.7.0",
+  "version": "0.9.0",
   "type": "module",
   "description": "MoltNet pi extension — sandboxed tool execution in Gondolin VMs with MoltNet identity and persistent memory",
   "license": "MIT",
@@ -31,8 +31,8 @@
     "@earendil-works/gondolin": "^0.7.0",
     "@opentelemetry/api": "^1.9.0",
     "@sinclair/typebox": "^0.34.0",
-    "@themoltnet/agent-runtime": "0.3.0",
-    "@themoltnet/sdk": "0.95.0"
+    "@themoltnet/agent-runtime": "0.5.0",
+    "@themoltnet/sdk": "0.96.0"
   },
   "peerDependencies": {
     "@mariozechner/pi-coding-agent": ">=0.67.0",