cclaw-cli 0.25.0 → 0.26.0

package/dist/eval/tools/types.js

@@ -0,0 +1,41 @@
+/** Truncate a result payload to `maxBytes` with a visible cutoff marker. */
+export function truncatePayload(payload, maxBytes) {
+    if (Buffer.byteLength(payload, "utf8") <= maxBytes)
+        return payload;
+    const marker = "\n…[truncated by cclaw sandbox]";
+    const budget = Math.max(0, maxBytes - Buffer.byteLength(marker, "utf8"));
+    const buf = Buffer.from(payload, "utf8").subarray(0, budget);
+    return `${buf.toString("utf8")}${marker}`;
+}
+export function parseArgs(raw) {
+    if (typeof raw !== "string" || raw.trim() === "") {
+        throw new Error("tool arguments missing");
+    }
+    let parsed;
+    try {
+        parsed = JSON.parse(raw);
+    }
+    catch (err) {
+        throw new Error(`tool arguments are not valid JSON: ${err.message}`);
+    }
+    if (!parsed || typeof parsed !== "object" || Array.isArray(parsed)) {
+        throw new Error("tool arguments must be a JSON object");
+    }
+    return parsed;
+}
+export function requireString(args, key) {
+    const value = args[key];
+    if (typeof value !== "string" || value.length === 0) {
+        throw new Error(`"${key}" must be a non-empty string`);
+    }
+    return value;
+}
+export function optionalNumber(args, key) {
+    const value = args[key];
+    if (value === undefined || value === null)
+        return undefined;
+    if (typeof value !== "number" || !Number.isFinite(value)) {
+        throw new Error(`"${key}" must be a finite number`);
+    }
+    return value;
+}

package/dist/eval/tools/write.d.ts

@@ -0,0 +1,2 @@
+import { type SandboxTool } from "./types.js";
+export declare const writeTool: SandboxTool;

package/dist/eval/tools/write.js

@@ -0,0 +1,92 @@
+import fs from "node:fs/promises";
+import path from "node:path";
+import { SandboxEscapeError } from "../sandbox.js";
+import { parseArgs, requireString, truncatePayload } from "./types.js";
+const DESCRIPTION = "Write a UTF-8 text file inside the sandbox. Creates parent directories " +
+    "as needed. Overwrites existing files. Only paths inside the sandbox " +
+    "are accepted.";
+export const writeTool = {
+    descriptor: {
+        name: "write_file",
+        description: DESCRIPTION,
+        parameters: {
+            type: "object",
+            additionalProperties: false,
+            required: ["path", "content"],
+            properties: {
+                path: {
+                    type: "string",
+                    description: "Path relative to the sandbox root."
+                },
+                content: {
+                    type: "string",
+                    description: "UTF-8 contents to write."
+                }
+            }
+        }
+    },
+    async invoke(rawArgs, ctx) {
+        let args;
+        try {
+            args = parseArgs(rawArgs);
+        }
+        catch (err) {
+            return { ok: false, name: this.descriptor.name, error: err.message };
+        }
+        let relPath;
+        try {
+            relPath = requireString(args, "path");
+        }
+        catch (err) {
+            return { ok: false, name: this.descriptor.name, error: err.message };
+        }
+        const rawContent = args.content;
+        if (typeof rawContent !== "string") {
+            return {
+                ok: false,
+                name: this.descriptor.name,
+                error: '"content" must be a string'
+            };
+        }
+        const payloadBytes = Buffer.byteLength(rawContent, "utf8");
+        if (payloadBytes > ctx.maxResultBytes * 4) {
+            return {
+                ok: false,
+                name: this.descriptor.name,
+                error: `"content" exceeds per-invocation ceiling (${payloadBytes} bytes).`
+            };
+        }
+        let abs;
+        try {
+            abs = await ctx.sandbox.resolve(relPath, { allowMissing: true });
+        }
+        catch (err) {
+            const denied = err instanceof SandboxEscapeError ? relPath : undefined;
+            return {
+                ok: false,
+                name: this.descriptor.name,
+                error: err.message,
+                details: denied ? { deniedPath: denied } : undefined
+            };
+        }
+        try {
+            await fs.mkdir(path.dirname(abs), { recursive: true });
+            await fs.writeFile(abs, rawContent, "utf8");
+        }
+        catch (err) {
+            return {
+                ok: false,
+                name: this.descriptor.name,
+                error: `write failed: ${err.message}`,
+                details: { path: relPath }
+            };
+        }
+        const summary = `wrote ${payloadBytes} byte(s) to ${relPath}`;
+        return {
+            ok: true,
+            name: this.descriptor.name,
+            content: truncatePayload(summary, ctx.maxResultBytes),
+            details: { path: relPath, bytes: payloadBytes }
+        };
+    }
+};

package/dist/eval/types.d.ts

@@ -268,6 +268,24 @@ export interface EvalConfig {
      * `{ input: 0.0005, output: 0.0015 }` = $0.50 per 1M input tokens.
      */
     tokenPricing?: Record<string, TokenPricing>;
+    /**
+     * Maximum assistant turns (tool_calls → tool result cycles) allowed by
+     * the Tier B with-tools agent. Defaults to 8 when unset. Runs that
+     * exceed the cap fail with a `MaxTurnsExceededError` and surface as a
+     * workflow verifier result.
+     */
+    toolMaxTurns?: number;
+    /**
+     * Per-invocation ceiling on tool call arguments bytes. Defends against
+     * runaway writes. Defaults to 64 KiB.
+     */
+    toolMaxArgumentsBytes?: number;
+    /**
+     * Per-invocation ceiling on tool call result bytes returned to the
+     * model. Defaults to 32 KiB; longer results are truncated with a
+     * marker so the model sees the cutoff.
+     */
+    toolMaxResultBytes?: number;
 }
 /** Per-model pricing schedule, expressed as USD per 1K tokens. */
 export interface TokenPricing {
@@ -381,3 +399,20 @@ export interface JudgeInvocation {
     usageUsd: number;
     durationMs: number;
 }
+/**
+ * Tool-use summary produced by the Tier B with-tools agent. Captured so
+ * the runner can surface per-case tool metrics in the markdown report
+ * (number of calls, depth, error rate, denied paths).
+ */
+export interface ToolUseSummary {
+    /** Turns consumed before the agent produced a terminal assistant message. */
+    turns: number;
+    /** Total successful tool invocations across all turns. */
+    calls: number;
+    /** Tool invocations that returned an error (bad args, denied path, etc.). */
+    errors: number;
+    /** Paths the sandbox refused to resolve (escape attempts, missing files). */
+    deniedPaths: string[];
+    /** Per-tool call counts, keyed by tool name. */
+    byTool: Record<string, number>;
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "cclaw-cli",
-  "version": "0.25.0",
+  "version": "0.26.0",
   "description": "Installer-first flow toolkit for coding agents",
   "type": "module",
   "bin": {