npm - clementine-agent - Versions diffs - 1.18.147 → 1.18.148 - Mend

clementine-agent 1.18.147 → 1.18.148

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/dist/agent/route-classifier.js +9 -1
package/dist/agent/run-agent-cron.js +33 -5
package/dist/gateway/failure-diagnostics.js +9 -1
package/dist/gateway/outcome-grader.js +10 -1
package/package.json +1 -1

package/dist/agent/route-classifier.js CHANGED Viewed

@@ -351,7 +351,15 @@ export async function classifyRoute(userMessage, agents, gateway) {
         undefined, // maxHours
         undefined, // timeoutMs
         undefined, // successCriteria
-        undefined);
+        undefined, // agentSlug
+        // 1.18.148 — F1/F2 pattern: meta-jobs run predictable to keep the
+        // prompt under Claude's input limit. Without these the classifier
+        // inherited MEMORY.md + team comms + auto-matched skills, blew up
+        // 12+ times in 8 hours (silent fallback to default route).
+        undefined, // pinnedSkills
+        [], // allowedTools
+        [], // allowedMcpServers
+        true);
     }
     catch (err) {
         logger.warn({ err }, 'Route classifier call failed');

package/dist/agent/run-agent-cron.js CHANGED Viewed

@@ -45,8 +45,17 @@ const MAX_INJECTED_SKILLS = 4;
  *     delegation is the one thing every cron must always be able to do).
  */
 export function computeEffectiveAllowedTools(jobAllow, profileAllow) {
-    if (!jobAllow?.length)
+    // 1.18.148 — distinguish "no allowlist" (undefined → unrestricted) from
+    // "explicitly empty allowlist" (`[]` → deny all). Before this, both
+    // collapsed to `undefined` because of the `?.length` check, which meant
+    // meta-jobs passing `allowedTools: []` actually got the FULL tool set
+    // injected (and blew past the prompt limit when Composio toolkits piled
+    // on tool schemas). The fix: an explicit `[]` returns `['Agent']` only
+    // (just the SDK's required spawn-subagent tool).
+    if (jobAllow === undefined)
         return undefined;
+    if (jobAllow.length === 0)
+        return ['Agent']; // explicitly empty → minimal
     let result;
     if (profileAllow?.length) {
         const jobSet = new Set(jobAllow);
@@ -67,8 +76,16 @@ export function computeEffectiveAllowedTools(jobAllow, profileAllow) {
  * MCP allowlist set.
  */
 export function applyMcpAllowlist(servers, jobAllowedMcpServers) {
-    if (!jobAllowedMcpServers?.length)
+    // 1.18.148 — empty array means "deny all MCP servers", not "no
+    // restriction". Before this, passing `[]` collapsed to `?.length === 0`
+    // and returned the unfiltered server map — so meta-jobs (insight-check,
+    // grade:*, route-classify, diagnose:*) got every Composio toolkit's
+    // tool schemas wired into their prompt and blew past Claude's input
+    // limit. 110+ "Prompt is too long" errors per 8 hours.
+    if (jobAllowedMcpServers === undefined)
         return servers;
+    if (jobAllowedMcpServers.length === 0)
+        return {};
     const allow = new Set(jobAllowedMcpServers);
     return Object.fromEntries(Object.entries(servers).filter(([name]) => allow.has(name)));
 }
@@ -94,8 +111,13 @@ export function applyMcpAllowlist(servers, jobAllowedMcpServers) {
  *     unchanged.
  */
 export function widenAllowlistWithSkillTools(jobAllow, pinnedSkillTools) {
-    if (!jobAllow?.length)
+    // 1.18.148 — preserve "explicitly empty" semantics. An empty array is a
+    // contract: "I want no tools." Skill-pin widening doesn't apply when no
+    // skills are pinned (which is the case for meta-jobs).
+    if (jobAllow === undefined)
         return undefined;
+    if (jobAllow.length === 0 && !pinnedSkillTools?.length)
+        return [];
     if (!pinnedSkillTools?.length)
         return [...jobAllow];
     return [...new Set([...jobAllow, ...pinnedSkillTools])];
@@ -130,8 +152,12 @@ export function extractMcpServersFromSkillBodies(bodies) {
  * allowlist; doesn't synthesize one when the cron is unrestricted.
  */
 export function widenMcpAllowlistWithSkillRefs(jobMcpAllow, skillReferencedServers) {
-    if (!jobMcpAllow?.length)
+    // 1.18.148 — preserve "explicitly empty" semantics. See note on
+    // applyMcpAllowlist + widenAllowlistWithSkillTools above.
+    if (jobMcpAllow === undefined)
         return undefined;
+    if (jobMcpAllow.length === 0 && !skillReferencedServers.length)
+        return [];
     if (!skillReferencedServers.length)
         return [...jobMcpAllow];
     return [...new Set([...jobMcpAllow, ...skillReferencedServers])];
@@ -572,8 +598,10 @@ export async function buildCronExecutionPlan(opts) {
     const widenedJobMcpAllowlist = widenMcpAllowlistWithSkillRefs(opts.allowedMcpServers, skillReferencedMcpServers);
     // Per-trick MCP allowlist: post-filter on the profile-narrowed map.
     // Effective set = profile ∩ trick (widened).
+    // 1.18.148 — empty array means "deny all" not "no restriction" (was a
+    // silent prompt-bloat bug — see applyMcpAllowlist note above).
     const mcpServerMap = applyMcpAllowlist(mcp.servers, widenedJobMcpAllowlist);
-    const allowSet = widenedJobMcpAllowlist?.length ? new Set(widenedJobMcpAllowlist) : null;
+    const allowSet = widenedJobMcpAllowlist === undefined ? null : new Set(widenedJobMcpAllowlist);
     const composioConnected = allowSet ? mcp.composioConnected.filter(n => allowSet.has(n)) : mcp.composioConnected;
     const externalConnected = allowSet ? mcp.externalConnected.filter(n => allowSet.has(n)) : mcp.externalConnected;
     const mcpServersApplied = Object.keys(mcpServerMap);

package/dist/gateway/failure-diagnostics.js CHANGED Viewed

@@ -546,7 +546,15 @@ export async function diagnoseBrokenJob(broken, gateway) {
         undefined, // maxHours
         undefined, // timeoutMs
         undefined, // successCriteria
-        undefined);
+        undefined, // agentSlug
+        // 1.18.148 — F1/F2 pattern: diagnostics are pure analysis of an
+        // existing run, no need for MEMORY.md / team / auto-skills. Without
+        // these flags the diagnostic prompt blew past Claude's input limit
+        // and broken jobs went undiagnosed silently.
+        undefined, // pinnedSkills
+        [], // allowedTools
+        [], // allowedMcpServers
+        true);
     }
     catch (err) {
         logger.warn({ err, job: broken.jobName }, 'Diagnostic LLM call failed');

package/dist/gateway/outcome-grader.js CHANGED Viewed

@@ -140,7 +140,16 @@ export async function gradeRun(entry, gateway, jobPrompt) {
         undefined, // maxHours
         undefined, // timeoutMs
         undefined, // successCriteria
-        undefined);
+        undefined, // agentSlug
+        // 1.18.148 — F1/F2 pattern: meta-jobs don't get user MEMORY.md /
+        // team comms / auto-matched skills, otherwise the prompt blows
+        // past Claude's input limit (110+ "Prompt is too long" errors/8h
+        // before this fix). Same shape applied to insight-check (1.18.132)
+        // and route-classify / failure-diagnostics in this same ship.
+        undefined, // pinnedSkills
+        [], // allowedTools — empty = no MCP injection
+        [], // allowedMcpServers — empty = no MCP servers wired
+        true);
     }
     catch (err) {
         logger.warn({ err, jobName: entry.jobName }, 'Outcome grader LLM call failed');

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "clementine-agent",
-  "version": "1.18.147",
+  "version": "1.18.148",
   "description": "Clementine — Personal AI Assistant (TypeScript)",
   "type": "module",
   "main": "dist/index.js",