brainclaw 1.6.0 → 1.7.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,242 @@
1
+ /**
2
+ * Scope-aware dirty-working-tree guard for dispatch (pln#520 Tier 2, trp#371).
3
+ *
4
+ * The original guard (can_30c295b4) refused review/assign/consult/ideate the
5
+ * moment ANY uncommitted file existed in the source repo — repo-global, no
6
+ * comparison to the dispatch scope. In multi-agent use (codex/claude leave
7
+ * uncommitted files around) that hard-blocks legitimate dispatches, and the
8
+ * coordination store itself (`.brainclaw/`) is rewritten on every dispatch so
9
+ * a second `bclaw_coordinate` in the same session ALWAYS saw a dirty tree.
10
+ *
11
+ * This helper makes the decision scope-aware. The cardinal rule (converged
12
+ * across the Tier 2 ideation loop lop_5fc24cc8707992ea): never turn a noisy,
13
+ * visible false-positive (block a legitimate dispatch) into a SILENT
14
+ * false-negative (let a worker review/edit stale code with no signal). So
15
+ * when the scope cannot be proven disjoint from the dirty files, we still
16
+ * block — `allow_dirty=true` remains the explicit, auditable override.
17
+ *
18
+ * Empirical grounding: of ~450 real claim scopes in the store, only 4 contain
19
+ * a glob and ~60% are not resolvable to paths at all (plan-ids, loop-refs,
20
+ * prose). So the resolver optimises for the path-prefix case and treats
21
+ * anything ambiguous as `unknown` (→ conservative block when dirty), rather
22
+ * than building a glob engine. The rare real globs are delegated to git.
23
+ */
24
+ import { spawnSync } from 'node:child_process';
25
+ import fs from 'node:fs';
26
+ import path from 'node:path';
27
+ /** Top-level directories that read as code paths even when not yet on disk. */
28
+ const KNOWN_TOP_LEVEL = new Set([
29
+ 'src', 'lib', 'docs', 'doc', 'test', 'tests', 'packages', 'app', 'apps',
30
+ 'scripts', 'bin', 'public', 'assets', 'examples', 'config',
31
+ ]);
32
+ /** Entity-id / loop-ref prefixes that are never file paths. */
33
+ const ENTITY_ID_RE = /^(pln|clm|asg|asgn|run|lop|dec|cst|con|trp|han|can|rtn|rn|seq|sess|agt|art|lsl)[_#]/i;
34
+ function defaultRunGit(cwd, args) {
35
+ try {
36
+ const probe = spawnSync('git', ['-C', cwd, ...args], { encoding: 'utf8', timeout: 5000 });
37
+ if (probe.status !== 0 || typeof probe.stdout !== 'string') {
38
+ return { ok: false, stdout: '' };
39
+ }
40
+ return { ok: true, stdout: probe.stdout };
41
+ }
42
+ catch {
43
+ // Never block a dispatch because git hiccuped — surface as "not probeable".
44
+ return { ok: false, stdout: '' };
45
+ }
46
+ }
47
+ /** True for coordination/store paths that are dirty as a side effect of dispatching. */
48
+ export function isSystemDirtyPath(p) {
49
+ const norm = p.replace(/\\/g, '/');
50
+ return norm === '.brainclaw'
51
+ || norm.startsWith('.brainclaw/')
52
+ || norm === '.git'
53
+ || norm.startsWith('.git/');
54
+ }
55
+ /**
56
+ * Parse `git status --porcelain=v1 -z` output into a flat list of paths.
57
+ *
58
+ * NUL-separated entries avoid the quoting/newline pitfalls of line parsing.
59
+ * Rename/copy entries (`R`/`C`) carry the NEW path in the status field and the
60
+ * ORIGINAL path in the following NUL field — we keep BOTH, because a move out
61
+ * of scope that creates a file in scope (or vice versa) is a relevant change.
62
+ */
63
+ export function parsePorcelainZ(stdout) {
64
+ const parts = stdout.split('\0').filter((p) => p.length > 0);
65
+ const paths = [];
66
+ for (let i = 0; i < parts.length; i++) {
67
+ const entry = parts[i];
68
+ if (entry.length < 4)
69
+ continue; // malformed; "XY p" is the minimum
70
+ const status = entry.slice(0, 2);
71
+ const newPath = entry.slice(3); // skip "XY " (2 status chars + 1 separator)
72
+ paths.push(newPath);
73
+ if (status[0] === 'R' || status[0] === 'C') {
74
+ const origPath = parts[i + 1];
75
+ if (origPath !== undefined) {
76
+ paths.push(origPath);
77
+ i++; // consume the original-path field
78
+ }
79
+ }
80
+ }
81
+ return paths;
82
+ }
83
+ /**
84
+ * Resolve a free-string scope into git pathspecs, or `unknown` when it cannot
85
+ * be proven to denote file paths. All-or-nothing across comma-separated
86
+ * tokens: a single unresolvable token marks the whole scope unknown, so the
87
+ * guard never blocks on a partial (and therefore misleading) view.
88
+ */
89
+ export function resolveScopeToPathspecs(scope, cwd) {
90
+ if (!scope || !scope.trim()) {
91
+ return { kind: 'unknown', reason: 'no scope provided' };
92
+ }
93
+ const tokens = scope.split(',').map((t) => t.trim()).filter(Boolean);
94
+ if (tokens.length === 0) {
95
+ return { kind: 'unknown', reason: 'empty scope' };
96
+ }
97
+ const pathspecs = [];
98
+ for (const token of tokens) {
99
+ if (ENTITY_ID_RE.test(token) || /^review-loop:/i.test(token)) {
100
+ return { kind: 'unknown', reason: `token "${token}" is an entity id, not a path` };
101
+ }
102
+ if (/\s/.test(token)) {
103
+ return { kind: 'unknown', reason: `token "${token}" contains whitespace (prose, not a path)` };
104
+ }
105
+ const normalized = token.replace(/\\/g, '/').replace(/^\.\//, '');
106
+ if (/[*?[\]]/.test(normalized)) {
107
+ // Delegate the rare real glob to git's native pathspec matcher.
108
+ pathspecs.push(`:(glob)${normalized}`);
109
+ continue;
110
+ }
111
+ const exists = fs.existsSync(path.resolve(cwd, normalized));
112
+ const topLevel = normalized.split('/')[0];
113
+ if (exists || KNOWN_TOP_LEVEL.has(topLevel)) {
114
+ pathspecs.push(normalized);
115
+ continue;
116
+ }
117
+ return {
118
+ kind: 'unknown',
119
+ reason: `token "${token}" is not a resolvable path (no such file/dir and not a known top-level)`,
120
+ };
121
+ }
122
+ return { kind: 'pathspecs', pathspecs };
123
+ }
124
+ /** Cap a file list for human-readable messages. */
125
+ function summariseFiles(files, max = 10) {
126
+ if (files.length <= max)
127
+ return files.join(', ');
128
+ return `${files.slice(0, max).join(', ')} (and ${files.length - max} more)`;
129
+ }
130
+ /**
131
+ * Decide whether a dispatch may proceed given the source repo's dirty state and
132
+ * the dispatch scope. See the module header for the cardinal rule.
133
+ */
134
+ export function assessDirtyDispatchGuard(input) {
135
+ const runGit = input.runGit ?? defaultRunGit;
136
+ const resolution = resolveScopeToPathspecs(input.scope, input.cwd);
137
+ // 1. Global probe — is the tree dirty at all (ignoring the coordination store)?
138
+ const global = runGit(input.cwd, ['status', '--porcelain=v1', '-z', '--untracked-files=normal']);
139
+ if (!global.ok) {
140
+ return {
141
+ decision: 'allow',
142
+ reason: 'source cwd is not a git repo (or git is unavailable) — dirty guard skipped',
143
+ dirtyCount: 0,
144
+ overlapping: [],
145
+ ignoredSystemDirty: [],
146
+ scopeResolution: resolution.kind,
147
+ };
148
+ }
149
+ const allPaths = parsePorcelainZ(global.stdout);
150
+ const ignoredSystemDirty = allPaths.filter(isSystemDirtyPath);
151
+ const realDirty = allPaths.filter((p) => !isSystemDirtyPath(p));
152
+ if (realDirty.length === 0) {
153
+ return {
154
+ decision: 'allow',
155
+ reason: ignoredSystemDirty.length > 0
156
+ ? `working tree clean apart from ${ignoredSystemDirty.length} coordination-store file(s) (.brainclaw/, .git/) which the worker rebuilds itself`
157
+ : 'working tree clean',
158
+ dirtyCount: 0,
159
+ overlapping: [],
160
+ ignoredSystemDirty,
161
+ scopeResolution: resolution.kind,
162
+ };
163
+ }
164
+ // 2. Explicit ref → the worktree is built from that ref (the dispatch path
165
+ // forces resetExistingWorktreeBranch so a pre-existing branch is reset to
166
+ // the ref, not silently reused), so uncommitted working-tree changes are
167
+ // intentionally out of scope. Only bypass when the ref actually resolves —
168
+ // a bogus/unresolvable ref must NOT widen the allow; fall through to the
169
+ // scope-aware check below so a dirty in-scope file still blocks.
170
+ if (input.checkoutRef) {
171
+ const refResolves = runGit(input.cwd, ['rev-parse', '--verify', '--quiet', `${input.checkoutRef}^{commit}`]).ok;
172
+ if (refResolves) {
173
+ return {
174
+ decision: 'allow',
175
+ reason: `dispatch builds its worktree from explicit ref "${input.checkoutRef}"; ${realDirty.length} uncommitted working-tree file(s) are intentionally out of scope`,
176
+ dirtyCount: realDirty.length,
177
+ overlapping: [],
178
+ ignoredSystemDirty,
179
+ scopeResolution: resolution.kind,
180
+ };
181
+ }
182
+ // else: ref does not resolve → continue to the scope-aware evaluation.
183
+ }
184
+ // 3. Scope-aware intersection (delegated to git for glob + segment-boundary correctness).
185
+ if (resolution.kind === 'pathspecs') {
186
+ const scoped = runGit(input.cwd, [
187
+ 'status', '--porcelain=v1', '-z', '--untracked-files=normal',
188
+ '--', ...resolution.pathspecs, ':(exclude).brainclaw/', ':(exclude).git/',
189
+ ]);
190
+ // If the scoped probe fails for any reason, fall back conservatively:
191
+ // treat the whole real-dirty set as potentially overlapping.
192
+ const overlapping = scoped.ok ? parsePorcelainZ(scoped.stdout).filter((p) => !isSystemDirtyPath(p)) : realDirty;
193
+ if (overlapping.length === 0) {
194
+ return {
195
+ decision: 'allow',
196
+ reason: `${realDirty.length} uncommitted file(s) but none overlap the dispatch scope`,
197
+ dirtyCount: realDirty.length,
198
+ overlapping: [],
199
+ ignoredSystemDirty,
200
+ scopeResolution: resolution.kind,
201
+ };
202
+ }
203
+ if (input.allowDirty) {
204
+ return {
205
+ decision: 'warn',
206
+ reason: `allow_dirty=true: proceeding despite ${overlapping.length} dirty file(s) overlapping the dispatch scope: ${summariseFiles(overlapping)}`,
207
+ dirtyCount: realDirty.length,
208
+ overlapping,
209
+ ignoredSystemDirty,
210
+ scopeResolution: resolution.kind,
211
+ };
212
+ }
213
+ return {
214
+ decision: 'block',
215
+ reason: `${overlapping.length} uncommitted file(s) overlap the dispatch scope and the worker spawns from HEAD, so it will not see them: ${summariseFiles(overlapping)}. Commit or stash these, or pass allow_dirty=true to override.`,
216
+ dirtyCount: realDirty.length,
217
+ overlapping,
218
+ ignoredSystemDirty,
219
+ scopeResolution: resolution.kind,
220
+ };
221
+ }
222
+ // 4. Scope not resolvable to paths → cannot prove disjointness → conservative.
223
+ if (input.allowDirty) {
224
+ return {
225
+ decision: 'warn',
226
+ reason: `allow_dirty=true: proceeding despite ${realDirty.length} uncommitted file(s); dispatch scope is not resolvable to paths (${resolution.reason}) so overlap could not be ruled out`,
227
+ dirtyCount: realDirty.length,
228
+ overlapping: [],
229
+ ignoredSystemDirty,
230
+ scopeResolution: resolution.kind,
231
+ };
232
+ }
233
+ return {
234
+ decision: 'block',
235
+ reason: `${realDirty.length} uncommitted file(s) and the dispatch scope is not resolvable to file paths (${resolution.reason}), so overlap cannot be ruled out; the worker spawns from HEAD and will not see them: ${summariseFiles(realDirty)}. Commit or stash, pass a resolvable file scope, or pass allow_dirty=true to override.`,
236
+ dirtyCount: realDirty.length,
237
+ overlapping: [],
238
+ ignoredSystemDirty,
239
+ scopeResolution: resolution.kind,
240
+ };
241
+ }
242
+ //# sourceMappingURL=dirty-scope.js.map
@@ -64,7 +64,23 @@ export const CoordinateRequestSchema = z.object({
64
64
  * dispatched work doesn't depend on the dirty files, or when running
65
65
  * tests). Has no effect when the source cwd is not a git repo.
66
66
  */
67
- allow_dirty: z.boolean().optional(),
67
+ allow_dirty: z.preprocess(
68
+ // MCP clients that don't know allow_dirty is a boolean (it was previously
69
+ // absent from the published inputSchema) send the string "true"/"false".
70
+ // Coerce those so the documented escape hatch actually works; leave real
71
+ // booleans and undefined untouched.
72
+ (value) => (typeof value === 'string' ? value.trim().toLowerCase() === 'true' : value), z.boolean().optional()),
73
+ /**
74
+ * pln#520 Tier 2 (P2c) — explicit git ref (commit / branch / tag) the
75
+ * dispatched worker should build its worktree from, instead of the default
76
+ * HEAD. When set on a worktree-creating intent (assign / review / reroute),
77
+ * the worktree is checked out at this ref, so uncommitted working-tree
78
+ * changes in the source are intentionally out of scope and the scope-aware
79
+ * dirty guard allows the dispatch. Passed through to
80
+ * createCoordinatorClaim's worktreeBaseRef. Ignored by intents that don't
81
+ * create a worktree (consult / ideate / summarize).
82
+ */
83
+ ref: z.string().min(1).optional(),
68
84
  /**
69
85
  * pln#511 step 2 — loop preset selector. When set on intent='ideate',
70
86
  * the handler bypasses the kind-default ideation phases and opens the
@@ -2,6 +2,7 @@ import crypto from 'node:crypto';
2
2
  import fs from 'node:fs';
3
3
  import os from 'node:os';
4
4
  import path from 'node:path';
5
+ import { detectAiAgent } from './ai-agent-detection.js';
5
6
  import { requireRegisteredAgentIdentity } from './agent-registry.js';
6
7
  import { loadConfig } from './config.js';
7
8
  import { resolveCurrentHostId } from './host.js';
@@ -75,31 +76,42 @@ export function loadCurrentSession(cwd) {
75
76
  const dir = sessionsDir(cwd);
76
77
  const currentUser = resolveCurrentUser();
77
78
  const currentAgent = resolveCurrentAgentName();
78
- // 1. Look in sessions/ directory for a matching session
79
+ const explicitSessionId = resolveExplicitSessionId();
80
+ const ttlMs = parseDurationToMs(loadConfigSafe(cwd)?.implicit_session_ttl ?? '4h');
81
+ const now = Date.now();
82
+ if (explicitSessionId) {
83
+ const explicit = loadSessionById(explicitSessionId, cwd);
84
+ return explicit && isSessionAlive(explicit, ttlMs, now) ? explicit : undefined;
85
+ }
86
+ // 1. Look in sessions/ directory for the session owned by this process.
87
+ // Multiple parallel agents can have the same agent name/user in one repo;
88
+ // a live different PID is a different agent instance, not our session.
79
89
  if (fs.existsSync(dir) && currentAgent) {
80
90
  const files = fs.readdirSync(dir).filter(f => f.endsWith('.json'));
81
- const ttlMs = parseDurationToMs(loadConfigSafe(cwd)?.implicit_session_ttl ?? '4h');
82
- const now = Date.now();
91
+ const legacyPidlessCandidates = [];
83
92
  for (const file of files) {
84
93
  try {
85
- const migration = loadVersionedJsonFile('current_session', path.join(dir, file));
86
- const session = {
87
- ...CurrentSessionStateSchema.parse(migration.document),
88
- schema_version: migration.metadata.currentVersion,
89
- };
94
+ const session = loadSessionFile(path.join(dir, file));
90
95
  // Strict match: agent name must match, user must match (when both are known)
91
96
  if (session.agent !== currentAgent)
92
97
  continue;
93
98
  const userMatch = !session.user || !currentUser || session.user === currentUser;
94
- const alive = (now - Date.parse(session.last_seen_at)) <= ttlMs;
95
- if (userMatch && alive) {
99
+ if (!userMatch || !isSessionAlive(session, ttlMs, now))
100
+ continue;
101
+ if (session.pid === process.pid) {
96
102
  return session;
97
103
  }
104
+ if (session.pid === undefined) {
105
+ legacyPidlessCandidates.push(session);
106
+ }
98
107
  }
99
108
  catch {
100
109
  // skip invalid session files
101
110
  }
102
111
  }
112
+ if (legacyPidlessCandidates.length === 1) {
113
+ return legacyPidlessCandidates[0];
114
+ }
103
115
  }
104
116
  // 2. Legacy fallback: .current-session
105
117
  const legacyPath = path.join(memoryDir(cwd), LEGACY_SESSION_FILE);
@@ -246,9 +258,24 @@ function resolveCurrentUser() {
246
258
  function resolveCurrentAgentName() {
247
259
  if (process.env.BRAINCLAW_AGENT_NAME)
248
260
  return process.env.BRAINCLAW_AGENT_NAME;
249
- if (process.env.CLAUDE_CODE_VERSION)
250
- return 'claude-code';
251
- return undefined;
261
+ return detectAiAgent()?.name;
262
+ }
263
+ function resolveExplicitSessionId(env = process.env) {
264
+ return env.BRAINCLAW_SESSION_ID?.trim()
265
+ || env.OPENCLAW_SESSION_ID?.trim()
266
+ || env.CLAUDE_SESSION_ID?.trim()
267
+ || env.COPILOT_SESSION_ID?.trim()
268
+ || undefined;
269
+ }
270
+ function loadSessionFile(filepath) {
271
+ const migration = loadVersionedJsonFile('current_session', filepath);
272
+ return {
273
+ ...CurrentSessionStateSchema.parse(migration.document),
274
+ schema_version: migration.metadata.currentVersion,
275
+ };
276
+ }
277
+ function isSessionAlive(session, ttlMs, now) {
278
+ return now - Date.parse(session.last_seen_at) <= ttlMs;
252
279
  }
253
280
  function loadConfigSafe(cwd) {
254
281
  try {
@@ -1166,6 +1166,8 @@ export const AgentIntegrationNameSchema = z.enum([
1166
1166
  'continue',
1167
1167
  'roo',
1168
1168
  'kilocode',
1169
+ 'mistral-vibe',
1170
+ 'hermes',
1169
1171
  'openclaw',
1170
1172
  'nanoclaw',
1171
1173
  'nemoclaw',
@@ -94,6 +94,64 @@ export function hasGitLock(cwd) {
94
94
  const lockPath = path.join(gitDir.stdout.trim(), 'index.lock');
95
95
  return fs.existsSync(lockPath);
96
96
  }
97
+ /**
98
+ * Re-points an EXISTING worktree to `ref` via a hard reset of its checked-out
99
+ * branch + working tree. Used when a dispatch reuses an existing claim/worktree
100
+ * but pins a base ref: the worktree must reflect that ref, not stale state,
101
+ * otherwise the dirty-guard ref bypass would let the worker run on stale code
102
+ * (pln#520 Tier 2 / codex r2). Returns ok=false (with stderr) rather than
103
+ * throwing, so callers surface a visible warning instead of a hard failure.
104
+ */
105
+ export function resetWorktreeToRef(worktreePath, ref) {
106
+ if (!fs.existsSync(worktreePath)) {
107
+ return { ok: false, stderr: `worktree path does not exist: ${worktreePath}` };
108
+ }
109
+ if (hasGitLock(worktreePath)) {
110
+ return { ok: false, stderr: 'git index.lock present — another git operation is in progress' };
111
+ }
112
+ const res = runGit(['reset', '--hard', ref], worktreePath);
113
+ if (!res.ok) {
114
+ return { ok: false, stderr: res.stderr };
115
+ }
116
+ // `reset --hard` realigns HEAD + tracked files, but leaves UNTRACKED residue
117
+ // from a prior use of the worktree — files the worker could still compile or
118
+ // test against even though they don't exist at the pinned ref (codex r3).
119
+ // We do NOT auto-delete (a blind `git clean` would also remove the brainclaw
120
+ // sidecar and gitignored shared symlinks); instead we detect non-system
121
+ // untracked files and report them so the caller surfaces a visible warning
122
+ // rather than letting the stale state pass silently. Ignored files (e.g.
123
+ // node_modules) are not listed by --untracked-files=normal, so the symlinked
124
+ // shared paths are unaffected.
125
+ const status = runGit(['status', '--porcelain=v1', '-z', '--untracked-files=normal'], worktreePath);
126
+ if (!status.ok) {
127
+ // The reset succeeded but we cannot confirm the worktree is residue-free -
128
+ // surface it rather than silently reporting a clean reset (cardinal rule).
129
+ return {
130
+ ok: false,
131
+ stderr: `reset to ${ref} succeeded but the untracked-residue check (git status) failed: ${status.stderr.trim()}`,
132
+ };
133
+ }
134
+ if (status.stdout.length > 0) {
135
+ const residue = status.stdout
136
+ .split('\0')
137
+ .filter((entry) => entry.startsWith('?? '))
138
+ .map((entry) => entry.slice(3))
139
+ .filter((p) => {
140
+ const norm = p.replace(/\\/g, '/');
141
+ return norm !== '.brainclaw-worktree.json'
142
+ && !norm.startsWith('.brainclaw/')
143
+ && !norm.startsWith('.git/');
144
+ });
145
+ if (residue.length > 0) {
146
+ const sample = residue.slice(0, 5).join(', ');
147
+ return {
148
+ ok: false,
149
+ stderr: `reset to ${ref} succeeded but ${residue.length} untracked file(s) remain from prior worktree use (e.g. ${sample}) — the worker may see state absent at the ref. Remove them or dispatch with a fresh scope.`,
150
+ };
151
+ }
152
+ }
153
+ return { ok: true, stderr: '' };
154
+ }
97
155
  /**
98
156
  * Detects whether multiple distinct brainclaw sessions are using the same
99
157
  * physical worktree directory (shared-checkout risk).