agent-control-plane 0.1.7 → 0.1.8

package/hooks/issue-reconcile-hooks.sh

@@ -7,6 +7,7 @@ source "${HOOK_SCRIPT_DIR}/../tools/bin/flow-config-lib.sh"
 
 FLOW_SKILL_DIR="$(cd "${HOOK_SCRIPT_DIR}/.." && pwd)"
 CONFIG_YAML="$(resolve_flow_config_yaml "${BASH_SOURCE[0]}")"
+PROFILE_ID="$(flow_resolve_adapter_id "${CONFIG_YAML}")"
 ADAPTER_BIN_DIR="${FLOW_SKILL_DIR}/bin"
 FLOW_TOOLS_DIR="${FLOW_SKILL_DIR}/tools/bin"
 REPO_SLUG="$(flow_resolve_repo_slug "${CONFIG_YAML}")"
@@ -15,6 +16,12 @@ STATE_ROOT="$(flow_resolve_state_root "${CONFIG_YAML}")"
 RUNS_ROOT="$(flow_resolve_runs_root "${CONFIG_YAML}")"
 BLOCKED_RECOVERY_STATE_DIR="${STATE_ROOT}/blocked-recovery-issues"
 
+issue_kick_scheduler() {
+  ACP_PROJECT_ID="${PROFILE_ID}" \
+  AGENT_PROJECT_ID="${PROFILE_ID}" \
+    "${FLOW_TOOLS_DIR}/kick-scheduler.sh" "${1:-2}" >/dev/null || true
+}
+
 issue_clear_blocked_recovery_state() {
   rm -f "${BLOCKED_RECOVERY_STATE_DIR}/${ISSUE_ID}.env" 2>/dev/null || true
 }
@@ -194,7 +201,7 @@ issue_after_pr_created() {
   if [[ "$(jq -r '.eligibleForAutoMerge' <<<"$risk_json")" == "true" ]]; then
     bash "${FLOW_TOOLS_DIR}/agent-github-update-labels" --repo-slug "${REPO_SLUG}" --number "$pr_number" --add agent-automerge >/dev/null || true
   fi
-  "${FLOW_TOOLS_DIR}/kick-scheduler.sh" 5 >/dev/null || true
+  issue_kick_scheduler 5
 }
 
 issue_after_reconciled() {
@@ -213,5 +220,5 @@ issue_after_reconciled() {
     esac
   fi
 
-  "${FLOW_TOOLS_DIR}/kick-scheduler.sh" 2 >/dev/null || true
+  issue_kick_scheduler 2
 }

package/hooks/pr-reconcile-hooks.sh

@@ -7,6 +7,7 @@ source "${HOOK_SCRIPT_DIR}/../tools/bin/flow-config-lib.sh"
 
 FLOW_SKILL_DIR="$(cd "${HOOK_SCRIPT_DIR}/.." && pwd)"
 CONFIG_YAML="$(resolve_flow_config_yaml "${BASH_SOURCE[0]}")"
+PROFILE_ID="$(flow_resolve_adapter_id "${CONFIG_YAML}")"
 ADAPTER_BIN_DIR="${FLOW_SKILL_DIR}/bin"
 FLOW_TOOLS_DIR="${FLOW_SKILL_DIR}/tools/bin"
 RUNS_ROOT="$(flow_resolve_runs_root "${CONFIG_YAML}")"
@@ -19,6 +20,12 @@ ISSUE_SESSION_PREFIX="$(flow_resolve_issue_session_prefix "${CONFIG_YAML}")"
 PR_WORKTREE_BRANCH_PREFIX="$(flow_resolve_pr_worktree_branch_prefix "${CONFIG_YAML}")"
 PR_LANE_OVERRIDE_DIR="${STATE_ROOT}/pr-lane-overrides"
 
+pr_kick_scheduler() {
+  ACP_PROJECT_ID="${PROFILE_ID}" \
+  AGENT_PROJECT_ID="${PROFILE_ID}" \
+    "${FLOW_TOOLS_DIR}/kick-scheduler.sh" "${1:-2}" >/dev/null || true
+}
+
 pr_best_effort_update_labels() {
   bash "${FLOW_TOOLS_DIR}/agent-github-update-labels" "$@" >/dev/null 2>&1 || true
 }
@@ -131,14 +138,14 @@ pr_after_merged() {
   pr_clear_lane_override "$pr_number"
   pr_best_effort_update_labels --repo-slug "${REPO_SLUG}" --number "$pr_number" --remove agent-running --remove agent-automerge --remove agent-repair-queued --remove agent-fix-needed --remove agent-manual-fix-override --remove agent-ci-refresh --remove agent-ci-bypassed --remove agent-double-check-1/2 --remove agent-double-check-2/2 --remove agent-human-review --remove agent-human-approved --remove agent-blocked --remove agent-handoff --remove agent-exclusive
   pr_refresh_linked_issue_checklist "$pr_number"
-  "${FLOW_TOOLS_DIR}/kick-scheduler.sh" 5 >/dev/null || true
+  pr_kick_scheduler 5
 }
 
 pr_after_closed() {
   local pr_number="${1:?pr number required}"
   pr_clear_lane_override "$pr_number"
   pr_best_effort_update_labels --repo-slug "${REPO_SLUG}" --number "$pr_number" --remove agent-running --remove agent-automerge --remove agent-repair-queued --remove agent-fix-needed --remove agent-manual-fix-override --remove agent-ci-refresh --remove agent-ci-bypassed --remove agent-double-check-1/2 --remove agent-double-check-2/2 --remove agent-human-review --remove agent-human-approved --remove agent-blocked --remove agent-handoff --remove agent-exclusive
-  "${FLOW_TOOLS_DIR}/kick-scheduler.sh" 5 >/dev/null || true
+  pr_kick_scheduler 5
 }
 
 pr_automerge_allowed() {
@@ -189,7 +196,7 @@ pr_after_double_check_advanced() {
   pr_set_lane_override "$pr_number" "double-check-${next_stage}"
   pr_best_effort_update_labels --repo-slug "${REPO_SLUG}" --number "$pr_number" --remove agent-running --remove agent-automerge --remove agent-repair-queued --remove agent-fix-needed --remove agent-manual-fix-override --remove agent-ci-refresh --remove agent-human-review --remove agent-human-approved --remove agent-double-check-1/2 --remove agent-double-check-2/2 --add "$next_label"
   pr_best_effort_sync_pr_labels "$pr_number"
-  "${FLOW_TOOLS_DIR}/kick-scheduler.sh" 5 >/dev/null || true
+  pr_kick_scheduler 5
 }
 
 pr_after_updated_branch() {
@@ -221,5 +228,5 @@ pr_after_failed() {
 }
 
 pr_after_reconciled() {
-  "${FLOW_TOOLS_DIR}/kick-scheduler.sh" 2 >/dev/null || true
+  pr_kick_scheduler 2
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "agent-control-plane",
-  "version": "0.1.7",
+  "version": "0.1.8",
   "description": "Help a repo keep GitHub-driven coding agents running reliably without constant human babysitting",
   "homepage": "https://github.com/ducminhnguyen0319/agent-control-plane",
   "bugs": {
@@ -40,7 +40,7 @@
   "scripts": {
     "doctor": "node ./npm/bin/agent-control-plane.js doctor",
     "smoke": "node ./npm/bin/agent-control-plane.js smoke",
-    "test": "bash tools/tests/test-agent-control-plane-npm-cli.sh && bash tools/tests/test-profile-adopt-skip-anchor-sync-creates-agent-repo-root.sh && bash tools/tests/test-vendored-codex-quota-claude-oauth-only.sh && bash tools/tests/test-package-smoke-command.sh"
+    "test": "bash tools/tests/test-agent-control-plane-npm-cli.sh && bash tools/tests/test-agent-project-detached-launch-stable-cwd.sh && bash tools/tests/test-agent-project-claude-session-wrapper-reaps-child-on-term.sh && bash tools/tests/test-agent-project-claude-session-wrapper-does-not-retry-provider-quota.sh && bash tools/tests/test-agent-project-reconcile-issue-provider-quota-schedules-provider-cooldown.sh && bash tools/tests/test-pr-reconcile-hooks-refreshes-recurring-issue-checklist.sh && bash tools/tests/test-issue-reconcile-hooks-kick-scheduler-uses-profile.sh && bash tools/tests/test-profile-adopt-skip-anchor-sync-creates-agent-repo-root.sh && bash tools/tests/test-vendored-codex-quota-claude-oauth-only.sh && bash tools/tests/test-package-smoke-command.sh"
   },
   "keywords": [
     "agents",

package/tools/bin/agent-project-detached-launch

@@ -6,6 +6,8 @@ SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
 source "${SCRIPT_DIR}/flow-config-lib.sh"
 CONFIG_YAML="$(resolve_flow_config_yaml "${BASH_SOURCE[0]}")"
 STATE_ROOT="$(flow_resolve_state_root "${CONFIG_YAML}")"
+AGENT_REPO_ROOT="$(flow_resolve_agent_repo_root "${CONFIG_YAML}")"
+REPO_ROOT="$(flow_resolve_repo_root "${CONFIG_YAML}")"
 
 usage() {
   cat <<'EOF'
@@ -66,6 +68,21 @@ if [[ -n "${pending_key}" ]]; then
   pending_file="${pending_dir}/${pending_key}.pid"
 fi
 
+launch_cwd="${ACP_LAUNCH_CWD:-${F_LOSNING_LAUNCH_CWD:-}}"
+if [[ -z "${launch_cwd}" ]]; then
+  for candidate in "${AGENT_REPO_ROOT}" "${REPO_ROOT}" "${STATE_ROOT}" "${HOME:-}" "/"; do
+    if [[ -n "${candidate}" && -d "${candidate}" ]]; then
+      launch_cwd="${candidate}"
+      break
+    fi
+  done
+fi
+
+if [[ -z "${launch_cwd}" || ! -d "${launch_cwd}" ]]; then
+  echo "could not determine a stable working directory for detached launch" >&2
+  exit 1
+fi
+
 python_bin="${PYTHON_BIN:-$(command -v python3 || true)}"
 if [[ -z "${python_bin}" ]]; then
   echo "python3 is required for detached launch" >&2
@@ -73,14 +90,15 @@ if [[ -z "${python_bin}" ]]; then
 fi
 
 launch_pid="$(
-  "${python_bin}" - "${log_file}" "${pending_file}" "$@" <<'PY'
+  "${python_bin}" - "${log_file}" "${pending_file}" "${launch_cwd}" "$@" <<'PY'
 import subprocess
 import sys
 from pathlib import Path
 
 log_file = Path(sys.argv[1])
 pending_file = sys.argv[2]
-argv = sys.argv[3:]
+launch_cwd = sys.argv[3]
+argv = sys.argv[4:]
 
 with log_file.open("ab", buffering=0) as log_handle:
     proc = subprocess.Popen(
@@ -88,6 +106,7 @@ with log_file.open("ab", buffering=0) as log_handle:
         stdin=subprocess.DEVNULL,
         stdout=log_handle,
         stderr=subprocess.STDOUT,
+        cwd=launch_cwd,
         start_new_session=True,
     )
 
@@ -102,6 +121,7 @@ printf 'LAUNCH_MODE=detached\n'
 printf 'LAUNCH_NAME=%s\n' "${launch_name}"
 printf 'LAUNCH_PID=%s\n' "${launch_pid}"
 printf 'LAUNCH_LOG=%s\n' "${log_file}"
+printf 'LAUNCH_CWD=%s\n' "${launch_cwd}"
 if [[ -n "${pending_file}" ]]; then
   printf 'LAUNCH_PENDING_FILE=%s\n' "${pending_file}"
 fi

package/tools/bin/agent-project-reconcile-issue-session

@@ -794,6 +794,41 @@ ${publish_out}
 EOF
 }
 
+build_issue_runtime_blocker_comment() {
+  local runtime_reason="${1:-worker-exit-failed}"
+  local worker_name="${CODING_WORKER:-worker}"
+
+  case "${runtime_reason}" in
+    provider-quota-limit)
+      cat <<EOF
+# Blocker: Provider quota is currently exhausted
+
+This recurring run stopped before implementation because the configured ${worker_name} account hit a provider-side rate limit.
+
+Why it was blocked:
+- the worker reached Anthropic's current request limit for this account
+- ACP recorded the quota hit and will retry after the configured cooldown instead of looping indefinitely
+
+Next step:
+- wait for the current quota window to reset, or switch this profile to another available provider/account
+EOF
+      return 0
+      ;;
+  esac
+
+  cat <<EOF
+# Blocker: Worker session failed before publish
+
+The worker exited before ACP could publish or reconcile a result for this cycle.
+
+Failure reason:
+- \`${runtime_reason}\`
+
+Next step:
+- inspect the run logs for this session and re-queue once the underlying worker issue is resolved
+EOF
+}
+
 extract_recovery_worktree_from_publish_output() {
   local publish_out="${1:-}"
   awk -F= '/^RECOVERY_WORKTREE=/{print $2}' <<<"$publish_out" | tail -n 1
@@ -1106,9 +1141,17 @@ case "$status" in
     failure_reason="${failure_reason:-worker-exit-failed}"
     schedule_provider_quota_cooldown "${failure_reason}"
     normalize_issue_runner_state "failed" "${LAST_EXIT_CODE:-}" "${failure_reason}"
+    if [[ "${result_outcome:-}" == "blocked" && "${result_action:-}" == "host-comment-blocker" ]]; then
+      if [[ ! -s "${run_dir}/issue-comment.md" ]]; then
+        write_issue_comment_artifact "$(build_issue_runtime_blocker_comment "${failure_reason}")" || true
+      fi
+      post_issue_comment_if_present
+      issue_set_reconcile_summary "$status" "$result_outcome" "$result_action" "$failure_reason"
+    else
+      issue_set_reconcile_summary "$status" "" "" "$failure_reason"
+    fi
     require_transition "issue_schedule_retry" issue_schedule_retry "${failure_reason}"
     require_transition "issue_mark_ready" issue_mark_ready
-    issue_set_reconcile_summary "$status" "" "" "$failure_reason"
     cleanup_issue_session
     notify_issue_reconciled
     ;;
@@ -1120,6 +1163,12 @@ mark_reconciled
 printf 'STATUS=%s\n' "$status"
 printf 'ISSUE_ID=%s\n' "$issue_id"
 printf 'PR_NUMBER=%s\n' "$pr_number"
+if [[ -n "${issue_summary_outcome:-}" ]]; then
+  printf 'OUTCOME=%s\n' "${issue_summary_outcome}"
+fi
+if [[ -n "${issue_summary_action:-}" ]]; then
+  printf 'ACTION=%s\n' "${issue_summary_action}"
+fi
 if [[ -n "$failure_reason" ]]; then
   printf 'FAILURE_REASON=%s\n' "$failure_reason"
 fi

package/tools/bin/agent-project-run-claude-session

@@ -11,12 +11,13 @@ persist the standard run artifacts.
 
 Options:
   --claude-model <name>             Claude model alias or full name
-  --claude-permission-mode <mode>   Claude permission mode (e.g. dontAsk, bypassPermissions)
+  --claude-permission-mode <mode>   Claude permission mode (e.g. acceptEdits, bypassPermissions)
   --claude-effort <level>           Claude effort level (low, medium, high, max)
   --claude-timeout-seconds <secs>   Claude command timeout (default: 900)
   --claude-max-attempts <count>     Retry transient failures this many times (default: 3)
   --claude-retry-backoff-seconds <s>
                                    Sleep between transient retries (default: 30)
+  --claude-allowed-tools <spec>     Allowed Claude tools for headless runs
   --env-prefix <prefix>             Export prefixed runtime/context env vars inside the worker
   --context <KEY=VALUE>             Extra metadata written to run.env and exported to the worker
   --collect-file <name>             Copy sandbox artifact file into the host run dir after execution
@@ -35,11 +36,12 @@ adapter_id=""
 task_kind=""
 task_id=""
 claude_model="${ACP_CLAUDE_MODEL:-${F_LOSNING_CLAUDE_MODEL:-sonnet}}"
-claude_permission_mode="${ACP_CLAUDE_PERMISSION_MODE:-${F_LOSNING_CLAUDE_PERMISSION_MODE:-dontAsk}}"
+claude_permission_mode="${ACP_CLAUDE_PERMISSION_MODE:-${F_LOSNING_CLAUDE_PERMISSION_MODE:-acceptEdits}}"
 claude_effort="${ACP_CLAUDE_EFFORT:-${F_LOSNING_CLAUDE_EFFORT:-medium}}"
 claude_timeout_seconds="${ACP_CLAUDE_TIMEOUT_SECONDS:-${F_LOSNING_CLAUDE_TIMEOUT_SECONDS:-900}}"
 claude_max_attempts="${ACP_CLAUDE_MAX_ATTEMPTS:-${F_LOSNING_CLAUDE_MAX_ATTEMPTS:-3}}"
 claude_retry_backoff_seconds="${ACP_CLAUDE_RETRY_BACKOFF_SECONDS:-${F_LOSNING_CLAUDE_RETRY_BACKOFF_SECONDS:-30}}"
+claude_allowed_tools="${ACP_CLAUDE_ALLOWED_TOOLS:-${F_LOSNING_CLAUDE_ALLOWED_TOOLS:-Bash(*),Read,Grep,Glob,LS,Edit,Write,MultiEdit}}"
 env_prefix=""
 sandbox_subdir=".openclaw-artifacts"
 reconcile_command=""
@@ -94,6 +96,7 @@ while [[ $# -gt 0 ]]; do
     --claude-timeout-seconds) claude_timeout_seconds="${2:-}"; shift 2 ;;
     --claude-max-attempts) claude_max_attempts="${2:-}"; shift 2 ;;
     --claude-retry-backoff-seconds) claude_retry_backoff_seconds="${2:-}"; shift 2 ;;
+    --claude-allowed-tools) claude_allowed_tools="${2:-}"; shift 2 ;;
     --env-prefix) env_prefix="${2:-}"; shift 2 ;;
     --context) context_items+=("${2:-}"); shift 2 ;;
     --collect-file) collect_files+=("${2:-}"); shift 2 ;;
@@ -156,11 +159,31 @@ meta_file="${artifact_dir}/run.env"
 result_file="${artifact_dir}/result.env"
 runner_state_file="${artifact_dir}/runner.env"
 sandbox_run_dir="${worktree%/}/${sandbox_subdir}/${session}"
+claude_settings_file="${artifact_dir}/claude-headless-settings.json"
+claude_mcp_config_file="${artifact_dir}/claude-headless-mcp.json"
+claude_debug_file="${artifact_dir}/claude-debug.log"
 started_at="$(date -u +"%Y-%m-%dT%H:%M:%SZ")"
 
 mkdir -p "$artifact_dir"
 mkdir -p "$sandbox_run_dir"
 
+effective_claude_permission_mode="${claude_permission_mode}"
+if [[ "${effective_claude_permission_mode}" == "dontAsk" ]]; then
+  effective_claude_permission_mode="acceptEdits"
+fi
+
+cat >"$claude_settings_file" <<'EOF'
+{
+  "disableAllHooks": true
+}
+EOF
+
+cat >"$claude_mcp_config_file" <<'EOF'
+{
+  "mcpServers": {}
+}
+EOF
+
 if tmux has-session -t "$session" 2>/dev/null; then
   echo "tmux session already exists: $session" >&2
   exit 1
@@ -187,10 +210,15 @@ printf -v started_at_q '%q' "$started_at"
 printf -v claude_bin_q '%q' "$claude_bin"
 printf -v claude_model_q '%q' "$claude_model"
 printf -v claude_permission_mode_q '%q' "$claude_permission_mode"
+printf -v claude_effective_permission_mode_q '%q' "$effective_claude_permission_mode"
 printf -v claude_effort_q '%q' "$claude_effort"
 printf -v claude_timeout_q '%q' "$claude_timeout_seconds"
 printf -v claude_max_attempts_q '%q' "$claude_max_attempts"
 printf -v claude_retry_backoff_q '%q' "$claude_retry_backoff_seconds"
+printf -v claude_allowed_tools_q '%q' "$claude_allowed_tools"
+printf -v claude_settings_file_q '%q' "$claude_settings_file"
+printf -v claude_mcp_config_file_q '%q' "$claude_mcp_config_file"
+printf -v claude_debug_file_q '%q' "$claude_debug_file"
 printf -v python_bin_q '%q' "$python_bin"
 printf -v sandbox_subdir_q '%q' "$sandbox_subdir"
 printf -v claude_thread_id_q '%q' "claude-print-${session}"
@@ -213,10 +241,15 @@ printf -v claude_thread_id_q '%q' "claude-print-${session}"
   printf 'CLAUDE_BIN=%s\n' "$claude_bin_q"
   printf 'CLAUDE_MODEL=%s\n' "$claude_model_q"
   printf 'CLAUDE_PERMISSION_MODE=%s\n' "$claude_permission_mode_q"
+  printf 'CLAUDE_EFFECTIVE_PERMISSION_MODE=%s\n' "$claude_effective_permission_mode_q"
   printf 'CLAUDE_EFFORT=%s\n' "$claude_effort_q"
   printf 'CLAUDE_TIMEOUT_SECONDS=%s\n' "$claude_timeout_q"
   printf 'CLAUDE_MAX_ATTEMPTS=%s\n' "$claude_max_attempts_q"
   printf 'CLAUDE_RETRY_BACKOFF_SECONDS=%s\n' "$claude_retry_backoff_q"
+  printf 'CLAUDE_ALLOWED_TOOLS=%s\n' "$claude_allowed_tools_q"
+  printf 'CLAUDE_SETTINGS_FILE=%s\n' "$claude_settings_file_q"
+  printf 'CLAUDE_MCP_CONFIG_FILE=%s\n' "$claude_mcp_config_file_q"
+  printf 'CLAUDE_DEBUG_FILE=%s\n' "$claude_debug_file_q"
   printf 'PYTHON_BIN=%s\n' "$python_bin_q"
 } >"$meta_file"
 
@@ -334,14 +367,20 @@ host_result_file=${result_q}
 claude_bin=${claude_bin_q}
 claude_model=${claude_model_q}
 claude_permission_mode=${claude_permission_mode_q}
+claude_effective_permission_mode=${claude_effective_permission_mode_q}
 claude_effort=${claude_effort_q}
 claude_timeout_seconds=${claude_timeout_q}
 claude_max_attempts=${claude_max_attempts_q}
 claude_retry_backoff_seconds=${claude_retry_backoff_q}
+claude_allowed_tools=${claude_allowed_tools_q}
+claude_settings_file=${claude_settings_file_q}
+claude_mcp_config_file=${claude_mcp_config_file_q}
+claude_debug_file=${claude_debug_file_q}
 python_bin=${python_bin_q}
 worktree_root=${worktree_q}
 sandbox_subdir=${sandbox_subdir_q}
 prompt_file=${prompt_q}
+export CLAUDE_CODE_DISABLE_NONESSENTIAL_TRAFFIC=1
 
 write_state() {
   local runner_state="\${1:?runner state required}"
@@ -370,48 +409,119 @@ write_state() {
 
 run_with_timeout() {
   local timeout_seconds="\${1:?timeout seconds required}"
+  local stdin_file="\${2:?stdin file required}"
+  shift
   shift
 
-  "\${python_bin}" - "\${timeout_seconds}" "\$@" <<'PY'
+  "\${python_bin}" - "\${timeout_seconds}" "\${stdin_file}" "\$@" <<'PY'
+import errno
+import fcntl
 import os
+import selectors
 import signal
 import subprocess
 import sys
+import time
 
 timeout_seconds = float(sys.argv[1])
-argv = sys.argv[2:]
+stdin_path = sys.argv[2]
+argv = sys.argv[3:]
 
 if not argv:
     sys.exit(64)
 
-proc = subprocess.Popen(argv, start_new_session=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
+stdin_handle = open(stdin_path, "rb")
+proc = subprocess.Popen(
+    argv,
+    start_new_session=True,
+    stdin=stdin_handle,
+    stdout=subprocess.PIPE,
+    stderr=subprocess.PIPE,
+)
 
-try:
-    stdout, stderr = proc.communicate(timeout=timeout_seconds)
-except subprocess.TimeoutExpired:
+for stream in (proc.stdout, proc.stderr):
+    if stream is None:
+        continue
+    flags = fcntl.fcntl(stream.fileno(), fcntl.F_GETFL)
+    fcntl.fcntl(stream.fileno(), fcntl.F_SETFL, flags | os.O_NONBLOCK)
+
+selector = selectors.DefaultSelector()
+if proc.stdout is not None:
+    selector.register(proc.stdout, selectors.EVENT_READ, sys.stdout.buffer)
+if proc.stderr is not None:
+    selector.register(proc.stderr, selectors.EVENT_READ, sys.stderr.buffer)
+
+def terminate_process_group(sig):
     try:
-        os.killpg(proc.pid, signal.SIGTERM)
+        os.killpg(proc.pid, sig)
     except ProcessLookupError:
-        pass
-    try:
-        stdout, stderr = proc.communicate(timeout=2)
-    except subprocess.TimeoutExpired:
+        return
+
+def drain_streams(wait_seconds):
+    events = selector.select(wait_seconds)
+    for key, _ in events:
         try:
-            os.killpg(proc.pid, signal.SIGKILL)
-        except ProcessLookupError:
-            pass
-        stdout, stderr = proc.communicate()
-    if stdout:
-        sys.stdout.buffer.write(stdout)
-    if stderr:
-        sys.stderr.buffer.write(stderr)
-    sys.exit(124)
+            chunk = key.fileobj.read()
+        except BlockingIOError:
+            continue
+        except OSError as exc:
+            if exc.errno == errno.EAGAIN:
+                continue
+            raise
+        if not chunk:
+            selector.unregister(key.fileobj)
+            continue
+        key.data.write(chunk)
+        key.data.flush()
+
+def handle_parent_signal(signum, _frame):
+    terminate_process_group(signal.SIGTERM)
+    deadline = time.monotonic() + 2.0
+    while proc.poll() is None and time.monotonic() < deadline:
+        drain_streams(0.1)
+    if proc.poll() is None:
+        terminate_process_group(signal.SIGKILL)
+    while selector.get_map():
+        drain_streams(0)
+    sys.exit(128 + signum)
+
+for signum in (signal.SIGTERM, signal.SIGINT, signal.SIGHUP):
+    signal.signal(signum, handle_parent_signal)
+
+deadline = time.monotonic() + timeout_seconds
+grace_deadline = None
+timed_out = False
 
-if stdout:
-    sys.stdout.buffer.write(stdout)
-if stderr:
-    sys.stderr.buffer.write(stderr)
-sys.exit(proc.returncode)
+try:
+    while True:
+        now = time.monotonic()
+        if not timed_out and now >= deadline:
+            timed_out = True
+            grace_deadline = now + 2.0
+            terminate_process_group(signal.SIGTERM)
+        elif timed_out and grace_deadline is not None and proc.poll() is None and now >= grace_deadline:
+            grace_deadline = None
+            terminate_process_group(signal.SIGKILL)
+
+        wait_seconds = 0.1
+        if not timed_out:
+            wait_seconds = max(0.0, min(0.1, deadline - now))
+        elif grace_deadline is not None:
+            wait_seconds = max(0.0, min(0.1, grace_deadline - now))
+
+        drain_streams(wait_seconds)
+
+        if proc.poll() is not None and not selector.get_map():
+            break
+finally:
+    while selector.get_map():
+        drain_streams(0)
+
+if timed_out and proc.returncode is None:
+    sys.exit(124)
+if timed_out:
+    sys.exit(124)
+sys.exit(proc.wait())
 PY
 }
 
@@ -528,28 +638,30 @@ HOOK_EOF
 }
 
 classify_failure_reason() {
-  local log_file="\${1:-\${output_file}}"
-
-  if grep -Eiq 'authentication|unauthorized|login required|invalid api key|api key' "\${log_file}" 2>/dev/null; then
-    printf 'auth-failure\n'
-    return 0
-  fi
-  if grep -Eiq 'rate limit|quota exceeded|insufficient credits|payment required|429' "\${log_file}" 2>/dev/null; then
-    printf 'provider-quota-limit\n'
-    return 0
-  fi
-  if grep -Eiq 'model .* not available|unsupported model|invalid model|model not found' "\${log_file}" 2>/dev/null; then
-    printf 'model-unavailable\n'
-    return 0
-  fi
-  if grep -Eiq 'connection reset|connection error|network error|temporarily unavailable|ECONNRESET|ECONNREFUSED|ENOTFOUND|EAI_AGAIN' "\${log_file}" 2>/dev/null; then
-    printf 'network-connection\n'
-    return 0
-  fi
-  if grep -Eiq 'timeout|timed out|ETIMEDOUT' "\${log_file}" 2>/dev/null; then
-    printf 'timeout\n'
-    return 0
-  fi
+  local log_file=""
+  for log_file in "\$@"; do
+    [[ -n "\${log_file}" && -f "\${log_file}" ]] || continue
+    if grep -Eiq 'authentication|unauthorized|login required|invalid api key|api key' "\${log_file}" 2>/dev/null; then
+      printf 'auth-failure\n'
+      return 0
+    fi
+    if grep -Eiq 'rate limit|quota exceeded|insufficient credits|payment required|429' "\${log_file}" 2>/dev/null; then
+      printf 'provider-quota-limit\n'
+      return 0
+    fi
+    if grep -Eiq 'model .* not available|unsupported model|invalid model|model not found' "\${log_file}" 2>/dev/null; then
+      printf 'model-unavailable\n'
+      return 0
+    fi
+    if grep -Eiq 'connection reset|connection error|network error|temporarily unavailable|ECONNRESET|ECONNREFUSED|ENOTFOUND|EAI_AGAIN' "\${log_file}" 2>/dev/null; then
+      printf 'network-connection\n'
+      return 0
+    fi
+    if grep -Eiq 'timeout|timed out|ETIMEDOUT' "\${log_file}" 2>/dev/null; then
+      printf 'timeout\n'
+      return 0
+    fi
+  done
   printf 'claude-exit-failed\n'
 }
 
@@ -580,17 +692,23 @@ reset_sandbox_run_dir
 ensure_workspace_excludes
 install_pre_commit_scope_hook
 
-prompt_payload="\$(cat "\${prompt_file}")"
 claude_args=(
   -p
   --output-format text
+  --verbose
+  --debug-file "\${claude_debug_file}"
   --no-session-persistence
-  --permission-mode "\${claude_permission_mode}"
+  --permission-mode "\${claude_effective_permission_mode}"
+  --allowed-tools "\${claude_allowed_tools}"
+  --disable-slash-commands
+  --strict-mcp-config
+  --mcp-config "\${claude_mcp_config_file}"
+  --settings "\${claude_settings_file}"
   --model "\${claude_model}"
   --effort "\${claude_effort}"
   --add-dir ${worktree_q}
 )
-if [[ "\${claude_permission_mode}" == "bypassPermissions" ]]; then
+if [[ "\${claude_effective_permission_mode}" == "bypassPermissions" ]]; then
   claude_args+=(--allow-dangerously-skip-permissions)
 fi
 
@@ -602,7 +720,7 @@ while (( attempt <= claude_max_attempts )); do
   attempt_log_file="\${artifact_dir}/claude-attempt-\${attempt}.log"
   write_state running '' '' "\${attempt}" "\$((attempt - 1))"
   printf '\n[claude-attempt] %s/%s\n' "\${attempt}" "\${claude_max_attempts}" | tee -a "\${output_file}" >/dev/null
-  run_with_timeout "\${claude_timeout_seconds}" "\${claude_bin}" "\${claude_args[@]}" "\${prompt_payload}" >"\${attempt_log_file}" 2>&1
+  run_with_timeout "\${claude_timeout_seconds}" "\${prompt_file}" "\${claude_bin}" "\${claude_args[@]}" >"\${attempt_log_file}" 2>&1
   status=\$?
   cat "\${attempt_log_file}" >>"\${output_file}"
   if [[ "\${status}" -eq 0 ]]; then
@@ -612,7 +730,7 @@ while (( attempt <= claude_max_attempts )); do
   if [[ "\${status}" -eq 124 ]]; then
     failure_reason="timeout"
   else
-    failure_reason="\$(classify_failure_reason "\${attempt_log_file}")"
+    failure_reason="\$(classify_failure_reason "\${attempt_log_file}" "\${claude_debug_file}")"
   fi
   if (( attempt >= claude_max_attempts )) || ! is_retryable_failure_reason "\${failure_reason}"; then
     break
@@ -629,6 +747,8 @@ if [[ -f "\${result_file_path}" ]]; then
 else
   if [[ "\${status}" -eq 0 ]]; then
     write_result_fallback "missing-result-contract"
+  elif [[ "\${status}" -ne 124 && -n "\${failure_reason}" && "\${failure_reason}" != "claude-exit-failed" ]]; then
+    write_result_fallback "\${failure_reason}"
   else
     write_result_fallback "worker-exit-\${status}"
   fi

package/tools/bin/run-codex-task.sh

@@ -41,7 +41,7 @@ CODEX_PROFILE_BYPASS="${ACP_CODEX_PROFILE_BYPASS:-${F_LOSNING_CODEX_PROFILE_BYPA
 if [[ "$MODE" == "bypass" ]]; then
   CLAUDE_PERMISSION_MODE_DEFAULT="bypassPermissions"
 else
-  CLAUDE_PERMISSION_MODE_DEFAULT="dontAsk"
+  CLAUDE_PERMISSION_MODE_DEFAULT="acceptEdits"
 fi
 CLAUDE_MODEL="${ACP_CLAUDE_MODEL:-${F_LOSNING_CLAUDE_MODEL:-sonnet}}"
 CLAUDE_PERMISSION_MODE="${ACP_CLAUDE_PERMISSION_MODE:-${F_LOSNING_CLAUDE_PERMISSION_MODE:-${CLAUDE_PERMISSION_MODE_DEFAULT}}}"

package/tools/bin/scaffold-profile.sh

@@ -25,7 +25,7 @@ Options:
   --coding-worker <codex|openclaw|claude>
                                      Default coding backend (default: openclaw)
   --claude-model <model>             Claude model alias or full name
-  --claude-permission-mode <mode>    Claude permission mode (default: dontAsk)
+  --claude-permission-mode <mode>    Claude permission mode (default: acceptEdits)
   --claude-effort <level>            Claude effort level (default: medium)
   --claude-timeout-seconds <secs>    Claude timeout (default: 900)
   --claude-max-attempts <count>      Claude retry attempts (default: 3)
@@ -49,7 +49,7 @@ retained_repo_root=""
 vscode_workspace_file=""
 coding_worker="openclaw"
 claude_model="sonnet"
-claude_permission_mode="dontAsk"
+claude_permission_mode="acceptEdits"
 claude_effort="medium"
 claude_timeout_seconds="900"
 claude_max_attempts="3"