brainclaw 1.6.0 → 1.7.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +33 -9
- package/dist/brainclaw-vscode.vsix +0 -0
- package/dist/commands/mcp-schemas.generated.js +33 -0
- package/dist/commands/mcp.js +66 -31
- package/dist/commands/setup.js +64 -13
- package/dist/commands/switch.js +40 -8
- package/dist/core/agent-capability.js +19 -0
- package/dist/core/agent-files.js +86 -0
- package/dist/core/agent-integrations.js +34 -0
- package/dist/core/agent-inventory.js +27 -0
- package/dist/core/agentrun-reconciler.js +80 -15
- package/dist/core/ai-agent-detection.js +17 -1
- package/dist/core/claims.js +25 -3
- package/dist/core/dirty-scope.js +242 -0
- package/dist/core/facade-schema.js +17 -1
- package/dist/core/identity.js +40 -13
- package/dist/core/schema.js +2 -0
- package/dist/core/worktree.js +58 -0
- package/dist/facts.js +356 -3
- package/dist/facts.json +355 -2
- package/docs/cli.md +10 -7
- package/docs/concepts/troubleshooting.md +26 -0
- package/docs/index.md +4 -3
- package/docs/integrations/hermes.md +78 -0
- package/docs/integrations/overview.md +9 -7
- package/docs/mcp-schema-changelog.md +8 -1
- package/docs/quickstart-existing-project.md +1 -1
- package/package.json +5 -4
|
@@ -0,0 +1,242 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Scope-aware dirty-working-tree guard for dispatch (pln#520 Tier 2, trp#371).
|
|
3
|
+
*
|
|
4
|
+
* The original guard (can_30c295b4) refused review/assign/consult/ideate the
|
|
5
|
+
* moment ANY uncommitted file existed in the source repo — repo-global, no
|
|
6
|
+
* comparison to the dispatch scope. In multi-agent use (codex/claude leave
|
|
7
|
+
* uncommitted files around) that hard-blocks legitimate dispatches, and the
|
|
8
|
+
* coordination store itself (`.brainclaw/`) is rewritten on every dispatch so
|
|
9
|
+
* a second `bclaw_coordinate` in the same session ALWAYS saw a dirty tree.
|
|
10
|
+
*
|
|
11
|
+
* This helper makes the decision scope-aware. The cardinal rule (converged
|
|
12
|
+
* across the Tier 2 ideation loop lop_5fc24cc8707992ea): never turn a noisy,
|
|
13
|
+
* visible false-positive (block a legitimate dispatch) into a SILENT
|
|
14
|
+
* false-negative (let a worker review/edit stale code with no signal). So
|
|
15
|
+
* when the scope cannot be proven disjoint from the dirty files, we still
|
|
16
|
+
* block — `allow_dirty=true` remains the explicit, auditable override.
|
|
17
|
+
*
|
|
18
|
+
* Empirical grounding: of ~450 real claim scopes in the store, only 4 contain
|
|
19
|
+
* a glob and ~60% are not resolvable to paths at all (plan-ids, loop-refs,
|
|
20
|
+
* prose). So the resolver optimises for the path-prefix case and treats
|
|
21
|
+
* anything ambiguous as `unknown` (→ conservative block when dirty), rather
|
|
22
|
+
* than building a glob engine. The rare real globs are delegated to git.
|
|
23
|
+
*/
|
|
24
|
+
import { spawnSync } from 'node:child_process';
|
|
25
|
+
import fs from 'node:fs';
|
|
26
|
+
import path from 'node:path';
|
|
27
|
+
/** Top-level directories that read as code paths even when not yet on disk. */
|
|
28
|
+
const KNOWN_TOP_LEVEL = new Set([
|
|
29
|
+
'src', 'lib', 'docs', 'doc', 'test', 'tests', 'packages', 'app', 'apps',
|
|
30
|
+
'scripts', 'bin', 'public', 'assets', 'examples', 'config',
|
|
31
|
+
]);
|
|
32
|
+
/** Entity-id / loop-ref prefixes that are never file paths. */
|
|
33
|
+
const ENTITY_ID_RE = /^(pln|clm|asg|asgn|run|lop|dec|cst|con|trp|han|can|rtn|rn|seq|sess|agt|art|lsl)[_#]/i;
|
|
34
|
+
function defaultRunGit(cwd, args) {
|
|
35
|
+
try {
|
|
36
|
+
const probe = spawnSync('git', ['-C', cwd, ...args], { encoding: 'utf8', timeout: 5000 });
|
|
37
|
+
if (probe.status !== 0 || typeof probe.stdout !== 'string') {
|
|
38
|
+
return { ok: false, stdout: '' };
|
|
39
|
+
}
|
|
40
|
+
return { ok: true, stdout: probe.stdout };
|
|
41
|
+
}
|
|
42
|
+
catch {
|
|
43
|
+
// Never block a dispatch because git hiccuped — surface as "not probeable".
|
|
44
|
+
return { ok: false, stdout: '' };
|
|
45
|
+
}
|
|
46
|
+
}
|
|
47
|
+
/** True for coordination/store paths that are dirty as a side effect of dispatching. */
|
|
48
|
+
export function isSystemDirtyPath(p) {
|
|
49
|
+
const norm = p.replace(/\\/g, '/');
|
|
50
|
+
return norm === '.brainclaw'
|
|
51
|
+
|| norm.startsWith('.brainclaw/')
|
|
52
|
+
|| norm === '.git'
|
|
53
|
+
|| norm.startsWith('.git/');
|
|
54
|
+
}
|
|
55
|
+
/**
|
|
56
|
+
* Parse `git status --porcelain=v1 -z` output into a flat list of paths.
|
|
57
|
+
*
|
|
58
|
+
* NUL-separated entries avoid the quoting/newline pitfalls of line parsing.
|
|
59
|
+
* Rename/copy entries (`R`/`C`) carry the NEW path in the status field and the
|
|
60
|
+
* ORIGINAL path in the following NUL field — we keep BOTH, because a move out
|
|
61
|
+
* of scope that creates a file in scope (or vice versa) is a relevant change.
|
|
62
|
+
*/
|
|
63
|
+
export function parsePorcelainZ(stdout) {
|
|
64
|
+
const parts = stdout.split('\0').filter((p) => p.length > 0);
|
|
65
|
+
const paths = [];
|
|
66
|
+
for (let i = 0; i < parts.length; i++) {
|
|
67
|
+
const entry = parts[i];
|
|
68
|
+
if (entry.length < 4)
|
|
69
|
+
continue; // malformed; "XY p" is the minimum
|
|
70
|
+
const status = entry.slice(0, 2);
|
|
71
|
+
const newPath = entry.slice(3); // skip "XY " (2 status chars + 1 separator)
|
|
72
|
+
paths.push(newPath);
|
|
73
|
+
if (status[0] === 'R' || status[0] === 'C') {
|
|
74
|
+
const origPath = parts[i + 1];
|
|
75
|
+
if (origPath !== undefined) {
|
|
76
|
+
paths.push(origPath);
|
|
77
|
+
i++; // consume the original-path field
|
|
78
|
+
}
|
|
79
|
+
}
|
|
80
|
+
}
|
|
81
|
+
return paths;
|
|
82
|
+
}
|
|
83
|
+
/**
|
|
84
|
+
* Resolve a free-string scope into git pathspecs, or `unknown` when it cannot
|
|
85
|
+
* be proven to denote file paths. All-or-nothing across comma-separated
|
|
86
|
+
* tokens: a single unresolvable token marks the whole scope unknown, so the
|
|
87
|
+
* guard never blocks on a partial (and therefore misleading) view.
|
|
88
|
+
*/
|
|
89
|
+
export function resolveScopeToPathspecs(scope, cwd) {
|
|
90
|
+
if (!scope || !scope.trim()) {
|
|
91
|
+
return { kind: 'unknown', reason: 'no scope provided' };
|
|
92
|
+
}
|
|
93
|
+
const tokens = scope.split(',').map((t) => t.trim()).filter(Boolean);
|
|
94
|
+
if (tokens.length === 0) {
|
|
95
|
+
return { kind: 'unknown', reason: 'empty scope' };
|
|
96
|
+
}
|
|
97
|
+
const pathspecs = [];
|
|
98
|
+
for (const token of tokens) {
|
|
99
|
+
if (ENTITY_ID_RE.test(token) || /^review-loop:/i.test(token)) {
|
|
100
|
+
return { kind: 'unknown', reason: `token "${token}" is an entity id, not a path` };
|
|
101
|
+
}
|
|
102
|
+
if (/\s/.test(token)) {
|
|
103
|
+
return { kind: 'unknown', reason: `token "${token}" contains whitespace (prose, not a path)` };
|
|
104
|
+
}
|
|
105
|
+
const normalized = token.replace(/\\/g, '/').replace(/^\.\//, '');
|
|
106
|
+
if (/[*?[\]]/.test(normalized)) {
|
|
107
|
+
// Delegate the rare real glob to git's native pathspec matcher.
|
|
108
|
+
pathspecs.push(`:(glob)${normalized}`);
|
|
109
|
+
continue;
|
|
110
|
+
}
|
|
111
|
+
const exists = fs.existsSync(path.resolve(cwd, normalized));
|
|
112
|
+
const topLevel = normalized.split('/')[0];
|
|
113
|
+
if (exists || KNOWN_TOP_LEVEL.has(topLevel)) {
|
|
114
|
+
pathspecs.push(normalized);
|
|
115
|
+
continue;
|
|
116
|
+
}
|
|
117
|
+
return {
|
|
118
|
+
kind: 'unknown',
|
|
119
|
+
reason: `token "${token}" is not a resolvable path (no such file/dir and not a known top-level)`,
|
|
120
|
+
};
|
|
121
|
+
}
|
|
122
|
+
return { kind: 'pathspecs', pathspecs };
|
|
123
|
+
}
|
|
124
|
+
/** Cap a file list for human-readable messages. */
|
|
125
|
+
function summariseFiles(files, max = 10) {
|
|
126
|
+
if (files.length <= max)
|
|
127
|
+
return files.join(', ');
|
|
128
|
+
return `${files.slice(0, max).join(', ')} (and ${files.length - max} more)`;
|
|
129
|
+
}
|
|
130
|
+
/**
|
|
131
|
+
* Decide whether a dispatch may proceed given the source repo's dirty state and
|
|
132
|
+
* the dispatch scope. See the module header for the cardinal rule.
|
|
133
|
+
*/
|
|
134
|
+
export function assessDirtyDispatchGuard(input) {
|
|
135
|
+
const runGit = input.runGit ?? defaultRunGit;
|
|
136
|
+
const resolution = resolveScopeToPathspecs(input.scope, input.cwd);
|
|
137
|
+
// 1. Global probe — is the tree dirty at all (ignoring the coordination store)?
|
|
138
|
+
const global = runGit(input.cwd, ['status', '--porcelain=v1', '-z', '--untracked-files=normal']);
|
|
139
|
+
if (!global.ok) {
|
|
140
|
+
return {
|
|
141
|
+
decision: 'allow',
|
|
142
|
+
reason: 'source cwd is not a git repo (or git is unavailable) — dirty guard skipped',
|
|
143
|
+
dirtyCount: 0,
|
|
144
|
+
overlapping: [],
|
|
145
|
+
ignoredSystemDirty: [],
|
|
146
|
+
scopeResolution: resolution.kind,
|
|
147
|
+
};
|
|
148
|
+
}
|
|
149
|
+
const allPaths = parsePorcelainZ(global.stdout);
|
|
150
|
+
const ignoredSystemDirty = allPaths.filter(isSystemDirtyPath);
|
|
151
|
+
const realDirty = allPaths.filter((p) => !isSystemDirtyPath(p));
|
|
152
|
+
if (realDirty.length === 0) {
|
|
153
|
+
return {
|
|
154
|
+
decision: 'allow',
|
|
155
|
+
reason: ignoredSystemDirty.length > 0
|
|
156
|
+
? `working tree clean apart from ${ignoredSystemDirty.length} coordination-store file(s) (.brainclaw/, .git/) which the worker rebuilds itself`
|
|
157
|
+
: 'working tree clean',
|
|
158
|
+
dirtyCount: 0,
|
|
159
|
+
overlapping: [],
|
|
160
|
+
ignoredSystemDirty,
|
|
161
|
+
scopeResolution: resolution.kind,
|
|
162
|
+
};
|
|
163
|
+
}
|
|
164
|
+
// 2. Explicit ref → the worktree is built from that ref (the dispatch path
|
|
165
|
+
// forces resetExistingWorktreeBranch so a pre-existing branch is reset to
|
|
166
|
+
// the ref, not silently reused), so uncommitted working-tree changes are
|
|
167
|
+
// intentionally out of scope. Only bypass when the ref actually resolves —
|
|
168
|
+
// a bogus/unresolvable ref must NOT widen the allow; fall through to the
|
|
169
|
+
// scope-aware check below so a dirty in-scope file still blocks.
|
|
170
|
+
if (input.checkoutRef) {
|
|
171
|
+
const refResolves = runGit(input.cwd, ['rev-parse', '--verify', '--quiet', `${input.checkoutRef}^{commit}`]).ok;
|
|
172
|
+
if (refResolves) {
|
|
173
|
+
return {
|
|
174
|
+
decision: 'allow',
|
|
175
|
+
reason: `dispatch builds its worktree from explicit ref "${input.checkoutRef}"; ${realDirty.length} uncommitted working-tree file(s) are intentionally out of scope`,
|
|
176
|
+
dirtyCount: realDirty.length,
|
|
177
|
+
overlapping: [],
|
|
178
|
+
ignoredSystemDirty,
|
|
179
|
+
scopeResolution: resolution.kind,
|
|
180
|
+
};
|
|
181
|
+
}
|
|
182
|
+
// else: ref does not resolve → continue to the scope-aware evaluation.
|
|
183
|
+
}
|
|
184
|
+
// 3. Scope-aware intersection (delegated to git for glob + segment-boundary correctness).
|
|
185
|
+
if (resolution.kind === 'pathspecs') {
|
|
186
|
+
const scoped = runGit(input.cwd, [
|
|
187
|
+
'status', '--porcelain=v1', '-z', '--untracked-files=normal',
|
|
188
|
+
'--', ...resolution.pathspecs, ':(exclude).brainclaw/', ':(exclude).git/',
|
|
189
|
+
]);
|
|
190
|
+
// If the scoped probe fails for any reason, fall back conservatively:
|
|
191
|
+
// treat the whole real-dirty set as potentially overlapping.
|
|
192
|
+
const overlapping = scoped.ok ? parsePorcelainZ(scoped.stdout).filter((p) => !isSystemDirtyPath(p)) : realDirty;
|
|
193
|
+
if (overlapping.length === 0) {
|
|
194
|
+
return {
|
|
195
|
+
decision: 'allow',
|
|
196
|
+
reason: `${realDirty.length} uncommitted file(s) but none overlap the dispatch scope`,
|
|
197
|
+
dirtyCount: realDirty.length,
|
|
198
|
+
overlapping: [],
|
|
199
|
+
ignoredSystemDirty,
|
|
200
|
+
scopeResolution: resolution.kind,
|
|
201
|
+
};
|
|
202
|
+
}
|
|
203
|
+
if (input.allowDirty) {
|
|
204
|
+
return {
|
|
205
|
+
decision: 'warn',
|
|
206
|
+
reason: `allow_dirty=true: proceeding despite ${overlapping.length} dirty file(s) overlapping the dispatch scope: ${summariseFiles(overlapping)}`,
|
|
207
|
+
dirtyCount: realDirty.length,
|
|
208
|
+
overlapping,
|
|
209
|
+
ignoredSystemDirty,
|
|
210
|
+
scopeResolution: resolution.kind,
|
|
211
|
+
};
|
|
212
|
+
}
|
|
213
|
+
return {
|
|
214
|
+
decision: 'block',
|
|
215
|
+
reason: `${overlapping.length} uncommitted file(s) overlap the dispatch scope and the worker spawns from HEAD, so it will not see them: ${summariseFiles(overlapping)}. Commit or stash these, or pass allow_dirty=true to override.`,
|
|
216
|
+
dirtyCount: realDirty.length,
|
|
217
|
+
overlapping,
|
|
218
|
+
ignoredSystemDirty,
|
|
219
|
+
scopeResolution: resolution.kind,
|
|
220
|
+
};
|
|
221
|
+
}
|
|
222
|
+
// 4. Scope not resolvable to paths → cannot prove disjointness → conservative.
|
|
223
|
+
if (input.allowDirty) {
|
|
224
|
+
return {
|
|
225
|
+
decision: 'warn',
|
|
226
|
+
reason: `allow_dirty=true: proceeding despite ${realDirty.length} uncommitted file(s); dispatch scope is not resolvable to paths (${resolution.reason}) so overlap could not be ruled out`,
|
|
227
|
+
dirtyCount: realDirty.length,
|
|
228
|
+
overlapping: [],
|
|
229
|
+
ignoredSystemDirty,
|
|
230
|
+
scopeResolution: resolution.kind,
|
|
231
|
+
};
|
|
232
|
+
}
|
|
233
|
+
return {
|
|
234
|
+
decision: 'block',
|
|
235
|
+
reason: `${realDirty.length} uncommitted file(s) and the dispatch scope is not resolvable to file paths (${resolution.reason}), so overlap cannot be ruled out; the worker spawns from HEAD and will not see them: ${summariseFiles(realDirty)}. Commit or stash, pass a resolvable file scope, or pass allow_dirty=true to override.`,
|
|
236
|
+
dirtyCount: realDirty.length,
|
|
237
|
+
overlapping: [],
|
|
238
|
+
ignoredSystemDirty,
|
|
239
|
+
scopeResolution: resolution.kind,
|
|
240
|
+
};
|
|
241
|
+
}
|
|
242
|
+
//# sourceMappingURL=dirty-scope.js.map
|
|
@@ -64,7 +64,23 @@ export const CoordinateRequestSchema = z.object({
|
|
|
64
64
|
* dispatched work doesn't depend on the dirty files, or when running
|
|
65
65
|
* tests). Has no effect when the source cwd is not a git repo.
|
|
66
66
|
*/
|
|
67
|
-
allow_dirty: z.
|
|
67
|
+
allow_dirty: z.preprocess(
|
|
68
|
+
// MCP clients that don't know allow_dirty is a boolean (it was previously
|
|
69
|
+
// absent from the published inputSchema) send the string "true"/"false".
|
|
70
|
+
// Coerce those so the documented escape hatch actually works; leave real
|
|
71
|
+
// booleans and undefined untouched.
|
|
72
|
+
(value) => (typeof value === 'string' ? value.trim().toLowerCase() === 'true' : value), z.boolean().optional()),
|
|
73
|
+
/**
|
|
74
|
+
* pln#520 Tier 2 (P2c) — explicit git ref (commit / branch / tag) the
|
|
75
|
+
* dispatched worker should build its worktree from, instead of the default
|
|
76
|
+
* HEAD. When set on a worktree-creating intent (assign / review / reroute),
|
|
77
|
+
* the worktree is checked out at this ref, so uncommitted working-tree
|
|
78
|
+
* changes in the source are intentionally out of scope and the scope-aware
|
|
79
|
+
* dirty guard allows the dispatch. Passed through to
|
|
80
|
+
* createCoordinatorClaim's worktreeBaseRef. Ignored by intents that don't
|
|
81
|
+
* create a worktree (consult / ideate / summarize).
|
|
82
|
+
*/
|
|
83
|
+
ref: z.string().min(1).optional(),
|
|
68
84
|
/**
|
|
69
85
|
* pln#511 step 2 — loop preset selector. When set on intent='ideate',
|
|
70
86
|
* the handler bypasses the kind-default ideation phases and opens the
|
package/dist/core/identity.js
CHANGED
|
@@ -2,6 +2,7 @@ import crypto from 'node:crypto';
|
|
|
2
2
|
import fs from 'node:fs';
|
|
3
3
|
import os from 'node:os';
|
|
4
4
|
import path from 'node:path';
|
|
5
|
+
import { detectAiAgent } from './ai-agent-detection.js';
|
|
5
6
|
import { requireRegisteredAgentIdentity } from './agent-registry.js';
|
|
6
7
|
import { loadConfig } from './config.js';
|
|
7
8
|
import { resolveCurrentHostId } from './host.js';
|
|
@@ -75,31 +76,42 @@ export function loadCurrentSession(cwd) {
|
|
|
75
76
|
const dir = sessionsDir(cwd);
|
|
76
77
|
const currentUser = resolveCurrentUser();
|
|
77
78
|
const currentAgent = resolveCurrentAgentName();
|
|
78
|
-
|
|
79
|
+
const explicitSessionId = resolveExplicitSessionId();
|
|
80
|
+
const ttlMs = parseDurationToMs(loadConfigSafe(cwd)?.implicit_session_ttl ?? '4h');
|
|
81
|
+
const now = Date.now();
|
|
82
|
+
if (explicitSessionId) {
|
|
83
|
+
const explicit = loadSessionById(explicitSessionId, cwd);
|
|
84
|
+
return explicit && isSessionAlive(explicit, ttlMs, now) ? explicit : undefined;
|
|
85
|
+
}
|
|
86
|
+
// 1. Look in sessions/ directory for the session owned by this process.
|
|
87
|
+
// Multiple parallel agents can have the same agent name/user in one repo;
|
|
88
|
+
// a live different PID is a different agent instance, not our session.
|
|
79
89
|
if (fs.existsSync(dir) && currentAgent) {
|
|
80
90
|
const files = fs.readdirSync(dir).filter(f => f.endsWith('.json'));
|
|
81
|
-
const
|
|
82
|
-
const now = Date.now();
|
|
91
|
+
const legacyPidlessCandidates = [];
|
|
83
92
|
for (const file of files) {
|
|
84
93
|
try {
|
|
85
|
-
const
|
|
86
|
-
const session = {
|
|
87
|
-
...CurrentSessionStateSchema.parse(migration.document),
|
|
88
|
-
schema_version: migration.metadata.currentVersion,
|
|
89
|
-
};
|
|
94
|
+
const session = loadSessionFile(path.join(dir, file));
|
|
90
95
|
// Strict match: agent name must match, user must match (when both are known)
|
|
91
96
|
if (session.agent !== currentAgent)
|
|
92
97
|
continue;
|
|
93
98
|
const userMatch = !session.user || !currentUser || session.user === currentUser;
|
|
94
|
-
|
|
95
|
-
|
|
99
|
+
if (!userMatch || !isSessionAlive(session, ttlMs, now))
|
|
100
|
+
continue;
|
|
101
|
+
if (session.pid === process.pid) {
|
|
96
102
|
return session;
|
|
97
103
|
}
|
|
104
|
+
if (session.pid === undefined) {
|
|
105
|
+
legacyPidlessCandidates.push(session);
|
|
106
|
+
}
|
|
98
107
|
}
|
|
99
108
|
catch {
|
|
100
109
|
// skip invalid session files
|
|
101
110
|
}
|
|
102
111
|
}
|
|
112
|
+
if (legacyPidlessCandidates.length === 1) {
|
|
113
|
+
return legacyPidlessCandidates[0];
|
|
114
|
+
}
|
|
103
115
|
}
|
|
104
116
|
// 2. Legacy fallback: .current-session
|
|
105
117
|
const legacyPath = path.join(memoryDir(cwd), LEGACY_SESSION_FILE);
|
|
@@ -246,9 +258,24 @@ function resolveCurrentUser() {
|
|
|
246
258
|
function resolveCurrentAgentName() {
|
|
247
259
|
if (process.env.BRAINCLAW_AGENT_NAME)
|
|
248
260
|
return process.env.BRAINCLAW_AGENT_NAME;
|
|
249
|
-
|
|
250
|
-
|
|
251
|
-
|
|
261
|
+
return detectAiAgent()?.name;
|
|
262
|
+
}
|
|
263
|
+
function resolveExplicitSessionId(env = process.env) {
|
|
264
|
+
return env.BRAINCLAW_SESSION_ID?.trim()
|
|
265
|
+
|| env.OPENCLAW_SESSION_ID?.trim()
|
|
266
|
+
|| env.CLAUDE_SESSION_ID?.trim()
|
|
267
|
+
|| env.COPILOT_SESSION_ID?.trim()
|
|
268
|
+
|| undefined;
|
|
269
|
+
}
|
|
270
|
+
function loadSessionFile(filepath) {
|
|
271
|
+
const migration = loadVersionedJsonFile('current_session', filepath);
|
|
272
|
+
return {
|
|
273
|
+
...CurrentSessionStateSchema.parse(migration.document),
|
|
274
|
+
schema_version: migration.metadata.currentVersion,
|
|
275
|
+
};
|
|
276
|
+
}
|
|
277
|
+
function isSessionAlive(session, ttlMs, now) {
|
|
278
|
+
return now - Date.parse(session.last_seen_at) <= ttlMs;
|
|
252
279
|
}
|
|
253
280
|
function loadConfigSafe(cwd) {
|
|
254
281
|
try {
|
package/dist/core/schema.js
CHANGED
package/dist/core/worktree.js
CHANGED
|
@@ -94,6 +94,64 @@ export function hasGitLock(cwd) {
|
|
|
94
94
|
const lockPath = path.join(gitDir.stdout.trim(), 'index.lock');
|
|
95
95
|
return fs.existsSync(lockPath);
|
|
96
96
|
}
|
|
97
|
+
/**
|
|
98
|
+
* Re-points an EXISTING worktree to `ref` via a hard reset of its checked-out
|
|
99
|
+
* branch + working tree. Used when a dispatch reuses an existing claim/worktree
|
|
100
|
+
* but pins a base ref: the worktree must reflect that ref, not stale state,
|
|
101
|
+
* otherwise the dirty-guard ref bypass would let the worker run on stale code
|
|
102
|
+
* (pln#520 Tier 2 / codex r2). Returns ok=false (with stderr) rather than
|
|
103
|
+
* throwing, so callers surface a visible warning instead of a hard failure.
|
|
104
|
+
*/
|
|
105
|
+
export function resetWorktreeToRef(worktreePath, ref) {
|
|
106
|
+
if (!fs.existsSync(worktreePath)) {
|
|
107
|
+
return { ok: false, stderr: `worktree path does not exist: ${worktreePath}` };
|
|
108
|
+
}
|
|
109
|
+
if (hasGitLock(worktreePath)) {
|
|
110
|
+
return { ok: false, stderr: 'git index.lock present — another git operation is in progress' };
|
|
111
|
+
}
|
|
112
|
+
const res = runGit(['reset', '--hard', ref], worktreePath);
|
|
113
|
+
if (!res.ok) {
|
|
114
|
+
return { ok: false, stderr: res.stderr };
|
|
115
|
+
}
|
|
116
|
+
// `reset --hard` realigns HEAD + tracked files, but leaves UNTRACKED residue
|
|
117
|
+
// from a prior use of the worktree — files the worker could still compile or
|
|
118
|
+
// test against even though they don't exist at the pinned ref (codex r3).
|
|
119
|
+
// We do NOT auto-delete (a blind `git clean` would also remove the brainclaw
|
|
120
|
+
// sidecar and gitignored shared symlinks); instead we detect non-system
|
|
121
|
+
// untracked files and report them so the caller surfaces a visible warning
|
|
122
|
+
// rather than letting the stale state pass silently. Ignored files (e.g.
|
|
123
|
+
// node_modules) are not listed by --untracked-files=normal, so the symlinked
|
|
124
|
+
// shared paths are unaffected.
|
|
125
|
+
const status = runGit(['status', '--porcelain=v1', '-z', '--untracked-files=normal'], worktreePath);
|
|
126
|
+
if (!status.ok) {
|
|
127
|
+
// The reset succeeded but we cannot confirm the worktree is residue-free -
|
|
128
|
+
// surface it rather than silently reporting a clean reset (cardinal rule).
|
|
129
|
+
return {
|
|
130
|
+
ok: false,
|
|
131
|
+
stderr: `reset to ${ref} succeeded but the untracked-residue check (git status) failed: ${status.stderr.trim()}`,
|
|
132
|
+
};
|
|
133
|
+
}
|
|
134
|
+
if (status.stdout.length > 0) {
|
|
135
|
+
const residue = status.stdout
|
|
136
|
+
.split('\0')
|
|
137
|
+
.filter((entry) => entry.startsWith('?? '))
|
|
138
|
+
.map((entry) => entry.slice(3))
|
|
139
|
+
.filter((p) => {
|
|
140
|
+
const norm = p.replace(/\\/g, '/');
|
|
141
|
+
return norm !== '.brainclaw-worktree.json'
|
|
142
|
+
&& !norm.startsWith('.brainclaw/')
|
|
143
|
+
&& !norm.startsWith('.git/');
|
|
144
|
+
});
|
|
145
|
+
if (residue.length > 0) {
|
|
146
|
+
const sample = residue.slice(0, 5).join(', ');
|
|
147
|
+
return {
|
|
148
|
+
ok: false,
|
|
149
|
+
stderr: `reset to ${ref} succeeded but ${residue.length} untracked file(s) remain from prior worktree use (e.g. ${sample}) — the worker may see state absent at the ref. Remove them or dispatch with a fresh scope.`,
|
|
150
|
+
};
|
|
151
|
+
}
|
|
152
|
+
}
|
|
153
|
+
return { ok: true, stderr: '' };
|
|
154
|
+
}
|
|
97
155
|
/**
|
|
98
156
|
* Detects whether multiple distinct brainclaw sessions are using the same
|
|
99
157
|
* physical worktree directory (shared-checkout risk).
|