bosun 0.34.8 → 0.35.0

package/.env.example

@@ -83,6 +83,16 @@ TELEGRAM_MINIAPP_ENABLED=false
 # Public hostname override. By default the server auto-detects your LAN IP.
 # Set this when using a tunnel (ngrok, Cloudflare) or a public domain.
 # TELEGRAM_UI_PUBLIC_HOST=your-lan-ip-or-domain
+# Browser URL handling:
+# manual (default) = never auto-open browser windows/tabs
+# auto = permit auto-open when BOSUN_UI_AUTO_OPEN_BROWSER=true
+# BOSUN_UI_BROWSER_OPEN_MODE=manual
+# Legacy auto-open toggle for UI server (requires BOSUN_UI_BROWSER_OPEN_MODE=auto)
+# BOSUN_UI_AUTO_OPEN_BROWSER=false
+# Show full /?token=... browser URL in logs (default: false; token is hidden)
+# BOSUN_UI_LOG_TOKENIZED_BROWSER_URL=false
+# Setup wizard browser auto-open (default: true when mode=auto)
+# BOSUN_SETUP_AUTO_OPEN_BROWSER=true
 # Full public URL override (takes precedence over host/port auto-detection).
 # Use when you have a reverse proxy or tunnel with HTTPS.
 # TELEGRAM_UI_BASE_URL=https://your-public-ui.example.com

package/README.md

@@ -48,6 +48,7 @@ Requires:
 
 - Routes work across Codex, Copilot, and Claude executors
 - Automates retries, failover, and PR lifecycle management
+- Auto-labels attached PRs with `bosun-needs-fix` when CI fails (`Build + Tests`)
 - Monitors runs and recovers from stalled or broken states
 - Provides Telegram control and a Mini App dashboard
 - Integrates with GitHub, Jira, and Vibe-Kanban boards

package/agent-pool.mjs

@@ -44,6 +44,7 @@ import { fileURLToPath } from "node:url";
 import { loadConfig } from "./config.mjs";
 import { resolveRepoRoot, resolveAgentRepoRoot } from "./repo-root.mjs";
 import { resolveCodexProfileRuntime } from "./codex-model-profiles.mjs";
+import { getGitHubToken } from "./github-auth-manager.mjs";
 
 // Lazy-load MCP registry to avoid circular dependencies.
 // Cached at module scope per AGENTS.md hard rules.
@@ -86,6 +87,36 @@ const HARD_TIMEOUT_BUFFER_MS = 5 * 60_000; // 5 minutes
 /** Tag for console logging */
 const TAG = "[agent-pool]";
 const MAX_PROMPT_BYTES = 180_000;
+const MAX_SET_TIMEOUT_MS = 2_147_483_647; // Node.js setTimeout 32-bit signed max
+let timeoutClampWarningKey = "";
+const DEFAULT_FIRST_EVENT_TIMEOUT_MS = 120_000;
+
+function clampTimerDelayMs(delayMs, label = "timer") {
+  const parsed = Number(delayMs);
+  if (!Number.isFinite(parsed) || parsed < 1) return 1;
+  const clamped = Math.min(Math.trunc(parsed), MAX_SET_TIMEOUT_MS);
+  if (clamped !== Math.trunc(parsed)) {
+    const warningKey = `${label}:${parsed}`;
+    if (timeoutClampWarningKey !== warningKey) {
+      timeoutClampWarningKey = warningKey;
+      console.warn(
+        `${TAG} ${label} delay ${parsed}ms exceeds Node timer max; clamped to ${MAX_SET_TIMEOUT_MS}ms`,
+      );
+    }
+  }
+  return clamped;
+}
+
+function getFirstEventTimeoutMs(totalTimeoutMs) {
+  const configured = Number(
+    process.env.AGENT_POOL_FIRST_EVENT_TIMEOUT_MS || DEFAULT_FIRST_EVENT_TIMEOUT_MS,
+  );
+  if (!Number.isFinite(configured) || configured <= 0) return null;
+  const budgetMs = Number(totalTimeoutMs);
+  if (!Number.isFinite(budgetMs) || budgetMs <= 2_000) return null;
+  const maxAllowed = Math.max(5_000, budgetMs - 1_000);
+  return clampTimerDelayMs(Math.min(Math.trunc(configured), maxAllowed), "first-event-timeout");
+}
 
 function sanitizeAndBoundPrompt(text) {
   if (typeof text !== "string") return "";
@@ -112,6 +143,82 @@ function envFlagEnabled(value) {
   return ["1", "true", "yes", "on", "y"].includes(raw);
 }
 
+const GITHUB_TOKEN_CACHE_TTL_MS = 60_000;
+let cachedGithubSessionToken = null;
+let cachedGithubSessionTokenAt = 0;
+let githubSessionTokenPromise = null;
+let githubTokenSourceLogged = "";
+
+function parseGithubRepoSlug(raw) {
+  const text = String(raw || "").trim();
+  if (!text) return { owner: "", repo: "" };
+  const m = text.match(/^([^/\s]+)\/([^/\s]+)$/);
+  if (!m) return { owner: "", repo: "" };
+  return { owner: m[1], repo: m[2] };
+}
+
+async function resolveGithubSessionToken() {
+  const now = Date.now();
+  if (
+    cachedGithubSessionToken &&
+    now - cachedGithubSessionTokenAt < GITHUB_TOKEN_CACHE_TTL_MS
+  ) {
+    return cachedGithubSessionToken;
+  }
+  if (githubSessionTokenPromise) return githubSessionTokenPromise;
+
+  githubSessionTokenPromise = (async () => {
+    const explicitToken =
+      process.env.GH_TOKEN ||
+      process.env.GITHUB_TOKEN ||
+      process.env.COPILOT_CLI_TOKEN ||
+      process.env.GITHUB_PAT ||
+      "";
+    if (explicitToken) {
+      cachedGithubSessionToken = explicitToken;
+      cachedGithubSessionTokenAt = Date.now();
+      return explicitToken;
+    }
+
+    try {
+      const { owner, repo } = parseGithubRepoSlug(process.env.GITHUB_REPOSITORY);
+      const { token, type } = await getGitHubToken({
+        owner: owner || undefined,
+        repo: repo || undefined,
+      });
+      if (token) {
+        cachedGithubSessionToken = token;
+        cachedGithubSessionTokenAt = Date.now();
+        if (githubTokenSourceLogged !== type) {
+          githubTokenSourceLogged = type || "unknown";
+          console.log(`${TAG} injected GitHub token into agent session env (${type || "unknown"})`);
+        }
+        return token;
+      }
+    } catch {
+      // best effort
+    }
+    return "";
+  })();
+
+  try {
+    return await githubSessionTokenPromise;
+  } finally {
+    githubSessionTokenPromise = null;
+  }
+}
+
+function injectGitHubSessionEnv(baseEnv, token) {
+  const env = { ...(baseEnv || {}) };
+  const resolved = String(token || "").trim();
+  if (!resolved) return env;
+  if (!env.GH_TOKEN) env.GH_TOKEN = resolved;
+  if (!env.GITHUB_TOKEN) env.GITHUB_TOKEN = resolved;
+  if (!env.GITHUB_PAT) env.GITHUB_PAT = resolved;
+  if (!env.COPILOT_CLI_TOKEN) env.COPILOT_CLI_TOKEN = resolved;
+  return env;
+}
+
 /**
  * Extract a human-readable task heading from the prompt built by _buildTaskPrompt.
  * The first line is "# TASKID — Task Title"; we return the title portion only.
@@ -172,7 +279,7 @@ function createScopedAbortController(externalAC, timeoutMs) {
     if (!controller.signal.aborted) {
       controller.abort("timeout");
     }
-  }, timeoutMs);
+  }, clampTimerDelayMs(timeoutMs, "abort-timeout"));
   if (timeoutHandle && typeof timeoutHandle.unref === "function") {
     timeoutHandle.unref();
   }
@@ -253,7 +360,7 @@ function shouldFallbackForSdkError(error) {
  * @param {string} name  SDK canonical name
  * @returns {{ ok: boolean, reason: string|null }}
  */
-function hasSdkPrerequisites(name) {
+function hasSdkPrerequisites(name, runtimeEnv = process.env) {
   // Test mocks bypass prerequisite checks
   if (process.env[`__MOCK_${name.toUpperCase()}_AVAILABLE`] === "1") {
     return { ok: true, reason: null };
@@ -262,10 +369,10 @@ function hasSdkPrerequisites(name) {
   if (name === "codex") {
     // Codex needs an OpenAI API key (or Azure key, or profile-specific key)
     const hasKey =
-      process.env.OPENAI_API_KEY ||
-      process.env.AZURE_OPENAI_API_KEY ||
-      process.env.CODEX_MODEL_PROFILE_XL_API_KEY ||
-      process.env.CODEX_MODEL_PROFILE_M_API_KEY;
+      runtimeEnv.OPENAI_API_KEY ||
+      runtimeEnv.AZURE_OPENAI_API_KEY ||
+      runtimeEnv.CODEX_MODEL_PROFILE_XL_API_KEY ||
+      runtimeEnv.CODEX_MODEL_PROFILE_M_API_KEY;
     if (!hasKey) {
       return { ok: false, reason: "no API key (OPENAI_API_KEY / AZURE_OPENAI_API_KEY)" };
     }
@@ -277,7 +384,7 @@ function hasSdkPrerequisites(name) {
     return { ok: true, reason: null };
   }
   if (name === "claude") {
-    const hasKey = process.env.ANTHROPIC_API_KEY;
+    const hasKey = runtimeEnv.ANTHROPIC_API_KEY;
     if (!hasKey) {
       return { ok: false, reason: "no ANTHROPIC_API_KEY" };
     }
@@ -337,6 +444,36 @@ async function withSanitizedOpenAiEnv(fn) {
   }
 }
 
+async function withTemporaryEnv(overrides, fn) {
+  if (!overrides || typeof overrides !== "object") {
+    return await fn();
+  }
+  const prev = new Map();
+  const touched = [];
+  for (const [key, value] of Object.entries(overrides)) {
+    if (!key) continue;
+    prev.set(key, process.env[key]);
+    touched.push(key);
+    if (value == null) {
+      delete process.env[key];
+    } else {
+      process.env[key] = String(value);
+    }
+  }
+  try {
+    return await fn();
+  } finally {
+    for (const key of touched) {
+      const oldValue = prev.get(key);
+      if (oldValue == null) {
+        delete process.env[key];
+      } else {
+        process.env[key] = oldValue;
+      }
+    }
+  }
+}
+
 /**
  * Build Codex SDK constructor options with Azure auto-detection.
  * When OPENAI_BASE_URL points to Azure, configures the SDK with Azure
@@ -706,6 +843,8 @@ export function getAvailableSdks() {
  * @returns {Promise<{ success: boolean, output: string, items: Array, error: string|null, sdk: string }>}
  */
 async function launchCodexThread(prompt, cwd, timeoutMs, extra = {}) {
+  // Coerce to number — prevents string concatenation in setTimeout arithmetic
+  timeoutMs = Number(timeoutMs) || DEFAULT_TIMEOUT_MS;
   const {
     onEvent,
     abortController: externalAC,
@@ -816,6 +955,9 @@ async function launchCodexThread(prompt, cwd, timeoutMs, extra = {}) {
   // Hard timeout: safety net if the SDK's async iterator ignores AbortSignal.
   // Fires HARD_TIMEOUT_BUFFER_MS after the soft timeout to forcibly break the loop.
   let hardTimer;
+  let firstEventTimer = null;
+  let firstEventTimeoutHit = false;
+  let eventCount = 0;
 
   // ── 4. Stream the turn ───────────────────────────────────────────────────
   try {
@@ -826,19 +968,23 @@ async function launchCodexThread(prompt, cwd, timeoutMs, extra = {}) {
 
     let finalResponse = "";
     const allItems = [];
-
     // Race the event iterator against a hard timeout.
     // The soft timeout fires controller.abort() which the SDK should honor.
     // The hard timeout is a safety net in case the SDK iterator ignores the abort.
     const hardTimeoutPromise = new Promise((_, reject) => {
       hardTimer = setTimeout(
         () => reject(new Error("hard_timeout")),
-        timeoutMs + HARD_TIMEOUT_BUFFER_MS,
+        clampTimerDelayMs(timeoutMs + HARD_TIMEOUT_BUFFER_MS, "codex-hard-timeout"),
       );
     });
 
     const iterateEvents = async () => {
       for await (const event of turn.events) {
+        eventCount += 1;
+        if (firstEventTimer) {
+          clearTimeout(firstEventTimer);
+          firstEventTimer = null;
+        }
         if (controller.signal.aborted) break;
         if (event?.type === "thread.started" && event?.thread_id) {
           emitThreadReady(event.thread_id);
@@ -859,8 +1005,19 @@ async function launchCodexThread(prompt, cwd, timeoutMs, extra = {}) {
       }
     };
 
+    const firstEventTimeoutMs = getFirstEventTimeoutMs(timeoutMs);
+    if (firstEventTimeoutMs) {
+      firstEventTimer = setTimeout(() => {
+        if (eventCount > 0 || controller.signal.aborted) return;
+        firstEventTimeoutHit = true;
+        controller.abort("first_event_timeout");
+      }, firstEventTimeoutMs);
+      if (typeof firstEventTimer.unref === "function") firstEventTimer.unref();
+    }
+
     await Promise.race([iterateEvents(), hardTimeoutPromise]);
     clearTimeout(hardTimer);
+    if (firstEventTimer) clearTimeout(firstEventTimer);
     clearAbortScope();
 
     const output =
@@ -877,17 +1034,21 @@ async function launchCodexThread(prompt, cwd, timeoutMs, extra = {}) {
   } catch (err) {
     clearAbortScope();
     if (hardTimer) clearTimeout(hardTimer);
+    if (firstEventTimer) clearTimeout(firstEventTimer);
     if (steerKey) unregisterActiveSession(steerKey);
     const isTimeout =
       err.name === "AbortError" ||
       String(err) === "timeout" ||
       err.message === "hard_timeout";
     if (isTimeout) {
+      const firstEventSuffix = firstEventTimeoutHit
+        ? ` (no events received within ${getFirstEventTimeoutMs(timeoutMs)}ms)`
+        : "";
       return {
         success: false,
         output: "",
         items: [],
-        error: `${TAG} codex timeout after ${timeoutMs}ms${err.message === "hard_timeout" ? " (hard timeout — SDK iterator unresponsive)" : ""}`,
+        error: `${TAG} codex timeout after ${timeoutMs}ms${err.message === "hard_timeout" ? " (hard timeout — SDK iterator unresponsive)" : ""}${firstEventSuffix}`,
         sdk: "codex",
         threadId: null,
       };
@@ -971,6 +1132,8 @@ function autoRespondToUserInput(request) {
  * @returns {Promise<{ success: boolean, output: string, items: Array, error: string|null, sdk: string }>}
  */
 async function launchCopilotThread(prompt, cwd, timeoutMs, extra = {}) {
+  // Coerce to number — prevents string concatenation in setTimeout arithmetic
+  timeoutMs = Number(timeoutMs) || DEFAULT_TIMEOUT_MS;
   const {
     onEvent,
     abortController: externalAC,
@@ -978,6 +1141,7 @@ async function launchCopilotThread(prompt, cwd, timeoutMs, extra = {}) {
     onThreadReady = null,
     model: requestedModel = null,
     taskKey: steerKey = null,
+    envOverrides = null,
   } = extra;
 
   // ── 1. Load the SDK ──────────────────────────────────────────────────────
@@ -998,11 +1162,15 @@ async function launchCopilotThread(prompt, cwd, timeoutMs, extra = {}) {
   }
 
   // ── 2. Detect auth token ─────────────────────────────────────────────────
+  const runtimeEnv =
+    envOverrides && typeof envOverrides === "object"
+      ? { ...process.env, ...envOverrides }
+      : process.env;
   const token =
-    process.env.COPILOT_CLI_TOKEN ||
-    process.env.GITHUB_TOKEN ||
-    process.env.GH_TOKEN ||
-    process.env.GITHUB_PAT ||
+    runtimeEnv.COPILOT_CLI_TOKEN ||
+    runtimeEnv.GITHUB_TOKEN ||
+    runtimeEnv.GH_TOKEN ||
+    runtimeEnv.GITHUB_PAT ||
     undefined;
 
   // ── 3. Create & start ephemeral client (LOCAL mode) ──────────────────────
@@ -1023,10 +1191,10 @@ async function launchCopilotThread(prompt, cwd, timeoutMs, extra = {}) {
   const autoApprovePermissions = shouldAutoApproveCopilotPermissions();
   const clientEnv = autoApprovePermissions
     ? {
-        ...process.env,
-        COPILOT_ALLOW_ALL: process.env.COPILOT_ALLOW_ALL || "true",
+        ...runtimeEnv,
+        COPILOT_ALLOW_ALL: runtimeEnv.COPILOT_ALLOW_ALL || "true",
       }
-    : process.env;
+    : runtimeEnv;
   try {
     await withSanitizedOpenAiEnv(async () => {
       let clientOpts;
@@ -1236,7 +1404,7 @@ async function launchCopilotThread(prompt, cwd, timeoutMs, extra = {}) {
           // the run to continue rather than stalling for the full hard timeout.
           if (finalResponse.trim()) return finish(resolveP);
           finish(() => rejectP(new Error("timeout_waiting_for_idle")));
-        }, timeoutMs + 1000);
+        }, clampTimerDelayMs(timeoutMs + 1000, "copilot-idle-timeout"));
         if (idleTimer && typeof idleTimer.unref === "function") {
           idleTimer.unref();
         }
@@ -1247,7 +1415,7 @@ async function launchCopilotThread(prompt, cwd, timeoutMs, extra = {}) {
       const copilotHardTimeout = new Promise((_, reject) => {
         const ht = setTimeout(
           () => reject(new Error("hard_timeout")),
-          timeoutMs + HARD_TIMEOUT_BUFFER_MS,
+          clampTimerDelayMs(timeoutMs + HARD_TIMEOUT_BUFFER_MS, "copilot-hard-timeout"),
         );
         // Don't let this timer keep the process alive
         if (ht && typeof ht.unref === "function") ht.unref();
@@ -1367,6 +1535,8 @@ async function resumeCopilotThread(
  * @returns {Promise<{ success: boolean, output: string, items: Array, error: string|null, sdk: string }>}
  */
 async function launchClaudeThread(prompt, cwd, timeoutMs, extra = {}) {
+  // Coerce to number — prevents string concatenation in setTimeout arithmetic
+  timeoutMs = Number(timeoutMs) || DEFAULT_TIMEOUT_MS;
   const {
     onEvent,
     abortController: externalAC,
@@ -1376,6 +1546,7 @@ async function launchClaudeThread(prompt, cwd, timeoutMs, extra = {}) {
     onThreadReady = null,
     model: requestedModel = null,
     taskKey: steerKey = null,
+    envOverrides = null,
   } = extra;
 
   // ── 1. Load the SDK ──────────────────────────────────────────────────────
@@ -1396,10 +1567,14 @@ async function launchClaudeThread(prompt, cwd, timeoutMs, extra = {}) {
   }
 
   // ── 2. Detect auth ──────────────────────────────────────────────────────
+  const runtimeEnv =
+    envOverrides && typeof envOverrides === "object"
+      ? { ...process.env, ...envOverrides }
+      : process.env;
   const apiKey =
-    process.env.ANTHROPIC_API_KEY ||
-    process.env.CLAUDE_API_KEY ||
-    process.env.CLAUDE_KEY ||
+    runtimeEnv.ANTHROPIC_API_KEY ||
+    runtimeEnv.CLAUDE_API_KEY ||
+    runtimeEnv.CLAUDE_KEY ||
     undefined;
 
   // ── 3. Build message queue ───────────────────────────────────────────────
@@ -1539,31 +1714,33 @@ async function launchClaudeThread(prompt, cwd, timeoutMs, extra = {}) {
       settingSources: ["user", "project"],
       permissionMode:
         claudePermissionMode ||
-        process.env.CLAUDE_PERMISSION_MODE ||
+        runtimeEnv.CLAUDE_PERMISSION_MODE ||
         "bypassPermissions",
     };
     if (apiKey) options.apiKey = apiKey;
     const explicitAllowedTools = normalizeList(claudeAllowedTools);
     const allowedTools = explicitAllowedTools.length
       ? explicitAllowedTools
-      : normalizeList(process.env.CLAUDE_ALLOWED_TOOLS);
+      : normalizeList(runtimeEnv.CLAUDE_ALLOWED_TOOLS);
     if (allowedTools.length) {
       options.allowedTools = allowedTools;
     }
 
     const model = String(
       requestedModel ||
-        process.env.CLAUDE_MODEL ||
-        process.env.CLAUDE_CODE_MODEL ||
-        process.env.ANTHROPIC_MODEL ||
+        runtimeEnv.CLAUDE_MODEL ||
+        runtimeEnv.CLAUDE_CODE_MODEL ||
+        runtimeEnv.ANTHROPIC_MODEL ||
         "",
     ).trim();
     if (model) options.model = model;
 
-    const result = queryFn({
-      prompt: msgQueue.iterator(),
-      options,
-    });
+    const result = await withTemporaryEnv(runtimeEnv, async () =>
+      queryFn({
+        prompt: msgQueue.iterator(),
+        options,
+      }),
+    );
 
     let finalResponse = "";
     let activeClaudeSessionId = resumeThreadId || null;
@@ -1623,7 +1800,10 @@ async function launchClaudeThread(prompt, cwd, timeoutMs, extra = {}) {
     })();
 
     const hardTimeout = new Promise((_, reject) => {
-      hardTimer = setTimeout(() => reject(new Error("hard-timeout")), hardTimeoutMs);
+      hardTimer = setTimeout(
+        () => reject(new Error("hard-timeout")),
+        clampTimerDelayMs(hardTimeoutMs, "claude-hard-timeout"),
+      );
       if (hardTimer && typeof hardTimer.unref === "function") {
         hardTimer.unref();
       }
@@ -1758,13 +1938,24 @@ export async function launchEphemeralThread(
   timeoutMs = DEFAULT_TIMEOUT_MS,
   extra = {},
 ) {
+  const resolvedGithubToken = await resolveGithubSessionToken();
+  const baseRuntimeEnv =
+    extra?.envOverrides && typeof extra.envOverrides === "object"
+      ? { ...process.env, ...extra.envOverrides }
+      : { ...process.env };
+  const sessionEnv = injectGitHubSessionEnv(baseRuntimeEnv, resolvedGithubToken);
+  const launchExtra = {
+    ...extra,
+    envOverrides: sessionEnv,
+  };
+
   // ── Resolve MCP servers for this launch ──────────────────────────────────
   try {
-    if (!extra._mcpResolved) {
+    if (!launchExtra._mcpResolved) {
       const cfg = loadConfig();
       const mcpCfg = cfg.mcpServers || {};
       if (mcpCfg.enabled !== false) {
-        const requestedIds = extra.mcpServers || [];
+        const requestedIds = launchExtra.mcpServers || [];
         const defaultIds = mcpCfg.defaultServers || [];
         if (requestedIds.length || defaultIds.length) {
           const registry = await getMcpRegistry();
@@ -1774,19 +1965,19 @@ export async function launchEphemeralThread(
             { defaultServers: defaultIds, catalogOverrides: mcpCfg.catalogOverrides || {} },
           );
           if (resolved.length) {
-            extra._resolvedMcpServers = resolved;
+            launchExtra._resolvedMcpServers = resolved;
           }
         }
       }
-      extra._mcpResolved = true;
+      launchExtra._mcpResolved = true;
     }
   } catch (mcpErr) {
     console.warn(`${TAG} MCP server resolution failed (non-fatal): ${mcpErr.message}`);
   }
 
   // Determine the primary SDK to try
-  const requestedSdk = extra.sdk
-    ? String(extra.sdk).trim().toLowerCase()
+  const requestedSdk = launchExtra.sdk
+    ? String(launchExtra.sdk).trim().toLowerCase()
     : null;
 
   const primaryName =
@@ -1794,7 +1985,7 @@ export async function launchEphemeralThread(
       ? requestedSdk
       : resolvePoolSdkName();
 
-  const attemptOrder = extra?.disableFallback
+  const attemptOrder = launchExtra?.disableFallback
     ? [primaryName]
     : [
         primaryName,
@@ -1805,7 +1996,7 @@ export async function launchEphemeralThread(
   const triedSdkNames = [];
   const missingPrereqSdks = [];
   const cooledDownSdks = [];
-  const ignoreSdkCooldown = extra?.ignoreSdkCooldown === true;
+  const ignoreSdkCooldown = launchExtra?.ignoreSdkCooldown === true;
 
   for (const name of attemptOrder) {
     const adapter = SDK_ADAPTERS[name];
@@ -1831,7 +2022,7 @@ export async function launchEphemeralThread(
     }
 
     // Check prerequisites before wasting time trying an unconfigured SDK
-    const prereq = hasSdkPrerequisites(name);
+    const prereq = hasSdkPrerequisites(name, sessionEnv);
     if (!prereq.ok) {
       missingPrereqSdks.push({ name, reason: prereq.reason });
       if (name === primaryName) {
@@ -1858,7 +2049,7 @@ export async function launchEphemeralThread(
 
     triedSdkNames.push(name);
     const launcher = await adapter.load();
-    const result = await launcher(prompt, cwd, timeoutMs, extra);
+    const result = await launcher(prompt, cwd, timeoutMs, launchExtra);
     lastAttemptResult = result;
 
     if (result.success) {
@@ -2256,6 +2447,8 @@ function isPoisonedCodexResumeError(errorValue) {
  * @returns {Promise<{ success: boolean, output: string, items: Array, error: string|null, sdk: string, threadId: string|null }>}
  */
 async function resumeCodexThread(threadId, prompt, cwd, timeoutMs, extra = {}) {
+  // Coerce to number — prevents string concatenation in setTimeout arithmetic
+  timeoutMs = Number(timeoutMs) || DEFAULT_TIMEOUT_MS;
   const { onEvent, abortController: externalAC, envOverrides = null } = extra;
 
   let CodexClass;
@@ -2324,6 +2517,9 @@ async function resumeCodexThread(threadId, prompt, cwd, timeoutMs, extra = {}) {
     timeoutMs,
   );
   let hardTimer;
+  let firstEventTimer = null;
+  let firstEventTimeoutHit = false;
+  let eventCount = 0;
 
   try {
     const safePrompt = sanitizeAndBoundPrompt(prompt);
@@ -2337,12 +2533,17 @@ async function resumeCodexThread(threadId, prompt, cwd, timeoutMs, extra = {}) {
     const hardTimeoutPromise = new Promise((_, reject) => {
       hardTimer = setTimeout(
         () => reject(new Error("hard_timeout")),
-        timeoutMs + HARD_TIMEOUT_BUFFER_MS,
+        clampTimerDelayMs(timeoutMs + HARD_TIMEOUT_BUFFER_MS, "codex-resume-hard-timeout"),
       );
     });
 
     const iterateEvents = async () => {
       for await (const event of turn.events) {
+        eventCount += 1;
+        if (firstEventTimer) {
+          clearTimeout(firstEventTimer);
+          firstEventTimer = null;
+        }
         if (controller.signal.aborted) break;
         if (typeof onEvent === "function")
           try {
@@ -2359,8 +2560,19 @@ async function resumeCodexThread(threadId, prompt, cwd, timeoutMs, extra = {}) {
       }
     };
 
+    const firstEventTimeoutMs = getFirstEventTimeoutMs(timeoutMs);
+    if (firstEventTimeoutMs) {
+      firstEventTimer = setTimeout(() => {
+        if (eventCount > 0 || controller.signal.aborted) return;
+        firstEventTimeoutHit = true;
+        controller.abort("first_event_timeout");
+      }, firstEventTimeoutMs);
+      if (typeof firstEventTimer.unref === "function") firstEventTimer.unref();
+    }
+
     await Promise.race([iterateEvents(), hardTimeoutPromise]);
     clearTimeout(hardTimer);
+    if (firstEventTimer) clearTimeout(firstEventTimer);
     clearAbortScope();
 
     const newThreadId = thread.id || threadId;
@@ -2375,16 +2587,21 @@ async function resumeCodexThread(threadId, prompt, cwd, timeoutMs, extra = {}) {
   } catch (err) {
     clearAbortScope();
     if (hardTimer) clearTimeout(hardTimer);
+    if (firstEventTimer) clearTimeout(firstEventTimer);
     const isTimeout =
       err.name === "AbortError" ||
       String(err) === "timeout" ||
       err.message === "hard_timeout";
+    const firstEventSuffix =
+      isTimeout && firstEventTimeoutHit
+        ? ` (no events received within ${getFirstEventTimeoutMs(timeoutMs)}ms)`
+        : "";
     return {
       success: false,
       output: "",
       items: [],
       error: isTimeout
-        ? `${TAG} codex resume timeout after ${timeoutMs}ms${err.message === "hard_timeout" ? " (hard timeout)" : ""}`
+        ? `${TAG} codex resume timeout after ${timeoutMs}ms${err.message === "hard_timeout" ? " (hard timeout)" : ""}${firstEventSuffix}`
         : `Thread resume error: ${err.message}`,
       sdk: "codex",
       threadId: null,
@@ -2456,6 +2673,15 @@ export async function launchOrResumeThread(
 ) {
   await ensureThreadRegistryLoaded();
   const { taskKey, ...restExtra } = extra;
+  const resolvedGithubToken = await resolveGithubSessionToken();
+  const restBaseEnv =
+    restExtra?.envOverrides && typeof restExtra.envOverrides === "object"
+      ? { ...process.env, ...restExtra.envOverrides }
+      : { ...process.env };
+  restExtra.envOverrides = injectGitHubSessionEnv(
+    restBaseEnv,
+    resolvedGithubToken,
+  );
   // Pass taskKey through as steer key so SDK launchers can register active sessions
   restExtra.taskKey = taskKey;
   if (restExtra.sdk) {

package/anomaly-detector.mjs

@@ -308,6 +308,12 @@ const RE_ERROR_NOISE = [
 // Session completion indicators
 const RE_SESSION_DONE = /"Done"\s*:\s*"/;
 const STR_TASK_COMPLETE = "task_complete";
+const INTERNAL_SESSION_COMPLETION_MARKERS = [
+  "EVT[turn.completed]",
+  "EVT[session.completed]",
+  "EVT[response.completed]",
+  "EVT[thread.completed]",
+];
 
 // ── Main Detector Class ─────────────────────────────────────────────────────
 
@@ -1061,7 +1067,13 @@ export class AnomalyDetector {
    * Detect session completion (mark as dead to stop analysis).
    */
   #detectSessionCompletion(line, state) {
-    if (RE_SESSION_DONE.test(line) || line.includes(STR_TASK_COMPLETE)) {
+    if (
+      RE_SESSION_DONE.test(line) ||
+      line.includes(STR_TASK_COMPLETE) ||
+      INTERNAL_SESSION_COMPLETION_MARKERS.some((marker) =>
+        line.includes(marker),
+      )
+    ) {
       state.isDead = true;
     }
   }