lastlight 0.5.1 → 0.6.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (43) hide show
  1. package/.claude-plugin/marketplace.json +14 -0
  2. package/README.md +39 -0
  3. package/agent-context/rules.md +0 -38
  4. package/agent-context/soul.md +0 -11
  5. package/dist/cli.js +24 -0
  6. package/dist/cli.js.map +1 -1
  7. package/dist/config.d.ts +1 -1
  8. package/dist/config.js +3 -3
  9. package/dist/config.js.map +1 -1
  10. package/dist/engine/agent-executor.d.ts +2 -139
  11. package/dist/engine/agent-executor.js +76 -996
  12. package/dist/engine/agent-executor.js.map +1 -1
  13. package/dist/engine/executors/backends.d.ts +41 -0
  14. package/dist/engine/executors/backends.js +541 -0
  15. package/dist/engine/executors/backends.js.map +1 -0
  16. package/dist/engine/executors/shared.d.ts +189 -0
  17. package/dist/engine/executors/shared.js +612 -0
  18. package/dist/engine/executors/shared.js.map +1 -0
  19. package/dist/sandbox/index.d.ts +1 -1
  20. package/dist/sandbox/index.js +1 -1
  21. package/dist/sandbox/index.js.map +1 -1
  22. package/dist/sandbox/smol.d.ts +162 -0
  23. package/dist/sandbox/smol.integration.test.d.ts +1 -0
  24. package/dist/sandbox/smol.integration.test.js +130 -0
  25. package/dist/sandbox/smol.integration.test.js.map +1 -0
  26. package/dist/sandbox/smol.js +485 -0
  27. package/dist/sandbox/smol.js.map +1 -0
  28. package/dist/skills-install.d.ts +12 -0
  29. package/dist/skills-install.js +179 -0
  30. package/dist/skills-install.js.map +1 -0
  31. package/package.json +4 -2
  32. package/plugins/lastlight/.claude-plugin/plugin.json +12 -0
  33. package/plugins/lastlight/README.md +44 -0
  34. package/plugins/lastlight/skills/lastlight-client/SKILL.md +82 -0
  35. package/plugins/lastlight/skills/lastlight-evals/SKILL.md +130 -0
  36. package/plugins/lastlight/skills/lastlight-evals/references/instance-schema.md +84 -0
  37. package/plugins/lastlight/skills/lastlight-evals/references/models-json.md +42 -0
  38. package/plugins/lastlight/skills/lastlight-overlay/SKILL.md +72 -0
  39. package/plugins/lastlight/skills/lastlight-overlay/references/forking.md +55 -0
  40. package/plugins/lastlight/skills/lastlight-overlay/references/overlay-layout.md +52 -0
  41. package/plugins/lastlight/skills/lastlight-server/SKILL.md +124 -0
  42. package/plugins/lastlight/skills/lastlight-server/references/env-schema.md +103 -0
  43. package/plugins/lastlight/skills/lastlight-server/references/operations.md +60 -0
@@ -1,181 +1,20 @@
1
- import { resolve, basename, join, relative } from "path";
2
- import { appendFileSync, cpSync, existsSync, mkdirSync, readFileSync, rmSync, symlinkSync, writeFileSync } from "fs";
1
+ import { resolve, join } from "path";
2
+ import { mkdirSync, writeFileSync } from "fs";
3
3
  import { spawnSync } from "child_process";
4
4
  import { randomUUID } from "crypto";
5
- import { createTaskSandbox, setupTaskWorktree, SANDBOX_IMAGE_QA, } from "../sandbox/index.js";
5
+ import { createTaskSandbox, setupTaskWorktree, prePopulateWorkspace, SANDBOX_IMAGE_QA, } from "../sandbox/index.js";
6
+ import { SmolSandbox, smolAvailable, SMOL_WORKSPACE_DIR } from "../sandbox/smol.js";
6
7
  import { refreshGitAuth } from "./git-auth.js";
7
- import { AGENTIC_PROFILE_FOR, GITHUB_PERMISSION_PROFILES, loadAgentContext, } from "./profiles.js";
8
- import { AgenticShim, truncateForLog, safeStringify } from "./event-shim.js";
8
+ import { GITHUB_PERMISSION_PROFILES, loadAgentContext, } from "./profiles.js";
9
+ import { AgenticShim } from "./event-shim.js";
9
10
  import { projectSlugForCwd } from "../session-log.js";
10
- import { BuildAssetStore } from "../state/build-assets.js";
11
- import { ALLOW_ALL_SENTINEL, DEFAULT_ALLOWLIST, mergeAllowlist } from "../sandbox/egress-allowlist.js";
12
- import { getDockerSandboxOtelEnv, getOtelEnvForSandbox, recordError, recordExecutionMetrics, safeSpanAttributes, withSpan } from "../telemetry/index.js";
13
- import { recordPiEvent } from "../telemetry/pi-events.js";
14
- const DEFAULT_MODEL = "anthropic/claude-sonnet-4-6";
15
- const DOCKER_WORKSPACE_DIR = "/home/agent/workspace";
16
- // Directory holding one skill bundle per phase. Deliberately NOT named
17
- // `.agents/skills` (pi's auto-discovery path): we map each phase's bundle
18
- // explicitly via --skill / skillPaths so two phases sharing a workspace —
19
- // sequential today, parallel via worktrees tomorrow — can never clobber each
20
- // other's catalogue. The agent keeps cwd = the repo (no `cd` preamble on
21
- // every command); the bundle is staged at the workspace ROOT — a sibling of
22
- // the repo, never in its git tree — and reached by an absolute path. On
23
- // docker/none that root is genuinely outside the repo. gondolin mounts only
24
- // cwd, so there the bundle is staged under the repo and added to the
25
- // checkout's local `.git/info/exclude` (never committed; see `excludeFromGit`).
26
- const SKILL_BUNDLE_ROOT = ".lastlight-skills";
27
- const THINKING_LEVELS = new Set([
28
- "off", "minimal", "low", "medium", "high", "xhigh",
29
- ]);
30
- /**
31
- * Stage this phase's declared skills into a per-phase bundle directory at
32
- * `<workspaceRoot>/.lastlight-skills/<phaseKey>/<basename>/` and return the
33
- * staged skill dirs, so the caller can point pi at them explicitly (via
34
- * `--skill` for docker or `skillPaths` for the in-process backends). Each
35
- * skill is a directory containing SKILL.md plus any `scripts/` / `references/`
36
- * / `assets/` — the whole tree comes along.
37
- *
38
- * Keyed by phase so concurrent phases in one workspace never touch each
39
- * other's bundle: only the phase's own `<phaseKey>` subtree is cleared, so a
40
- * clean slate per phase doesn't disturb a sibling phase mid-run.
41
- *
42
- * `mode` controls how each skill lands:
43
- * - "symlink": one symlink per skill → host source. gondolin/none, where pi
44
- * reads skill files host-side / through the cwd mount. Zero-copy.
45
- * - "copy": recursive copy. docker, where the agent's tools run inside the
46
- * container and host symlink targets wouldn't resolve; the copy lands
47
- * under the bind-mounted workspace.
48
- *
49
- * Returns `undefined` when the phase declares no skills (after clearing its
50
- * bundle), so a phase with no `skills:` gets no catalogue at all.
51
- */
52
- export function stageSkillBundle(workspaceRoot, phaseKey, skillPaths, mode) {
53
- const bundleDir = join(workspaceRoot, SKILL_BUNDLE_ROOT, phaseKey);
54
- if (existsSync(bundleDir)) {
55
- rmSync(bundleDir, { recursive: true, force: true });
56
- }
57
- if (!skillPaths?.length)
58
- return undefined;
59
- mkdirSync(bundleDir, { recursive: true });
60
- const staged = [];
61
- for (const hostPath of skillPaths) {
62
- const dest = join(bundleDir, basename(hostPath));
63
- if (mode === "symlink") {
64
- symlinkSync(hostPath, dest, "dir");
65
- }
66
- else {
67
- cpSync(hostPath, dest, { recursive: true, dereference: true });
68
- }
69
- staged.push(dest);
70
- }
71
- return staged;
72
- }
73
- /**
74
- * Sanitized per-phase key for the skill bundle directory. Phase name first
75
- * (unique even for loop iterations like `reviewer_fix_1`), then workflow name,
76
- * then a constant fallback — so the bundle is always isolated per phase.
77
- */
78
- function skillBundleKey(config) {
79
- const raw = config.telemetry?.phaseName || config.telemetry?.workflowName || "phase";
80
- return raw.replace(/[^A-Za-z0-9_-]/g, "_") || "phase";
81
- }
82
- /**
83
- * Add `entry` to a checkout's local `.git/info/exclude` (idempotent) so the
84
- * agent's own `git add`/`commit` can never pick it up. This file lives inside
85
- * `.git/` — it is never tracked, committed, or pushed, and it leaves the repo's
86
- * real `.gitignore` untouched; the exclusion applies only to this ephemeral
87
- * sandbox checkout. Used for the gondolin backend, where the skill bundle must
88
- * be staged under cwd (the only mounted dir) rather than as an out-of-repo
89
- * sibling. No-op when `repoDir` isn't a git checkout (e.g. the workspace root).
90
- */
91
- export function excludeFromGit(repoDir, entry) {
92
- const gitDir = join(repoDir, ".git");
93
- if (!existsSync(gitDir))
94
- return; // not a checkout — nothing to exclude
95
- const infoDir = join(gitDir, "info");
96
- const excludeFile = join(infoDir, "exclude");
97
- const line = `/${entry}/`;
98
- let current = "";
99
- try {
100
- current = readFileSync(excludeFile, "utf8");
101
- }
102
- catch { /* may not exist yet */ }
103
- if (current.split(/\r?\n/).includes(line))
104
- return;
105
- mkdirSync(infoDir, { recursive: true });
106
- appendFileSync(excludeFile, `${current.length && !current.endsWith("\n") ? "\n" : ""}${line}\n`);
107
- }
108
- // ── Server-mode build assets ────────────────────────────────────────
109
- //
110
- // In "server" mode the per-phase handoff docs live in the Last Light store
111
- // rather than being committed into the target repo. The seam is symmetric to
112
- // the skill bundle but bidirectional: stage the run's stored docs into the
113
- // repo's `.lastlight/<issueKey>/` before the agent runs (so a later phase /
114
- // resumed run sees prior context), and harvest whatever the phase wrote back
115
- // to the store afterwards. The directory is the SAME relative path as repo
116
- // mode (`{{issueDir}}`), so prompts are unchanged except for gating their
117
- // `git add .lastlight/ && commit` off — the dir is git-excluded here too as a
118
- // backstop against the agent's `git add -A` feature commit sweeping it in.
119
- const ARTIFACT_DIR_ROOT = ".lastlight";
120
- /**
121
- * Resolve the server-mode artifact context for a run, or undefined when not in
122
- * server mode (the default — the whole seam is then skipped and behaviour is
123
- * byte-for-byte repo mode). `hostRepoDir` is the host-visible repo checkout
124
- * (for docker that's the bind-mounted workspace path, not the in-container one).
125
- */
126
- function serverArtifacts(config, hostRepoDir) {
127
- if (config.buildAssets !== "server" || !config.buildAssetsDir || !config.buildAssetsKey) {
128
- return undefined;
129
- }
130
- const store = new BuildAssetStore(config.buildAssetsDir);
131
- const ref = config.buildAssetsKey;
132
- return { store, ref, dir: join(hostRepoDir, ARTIFACT_DIR_ROOT, ref.issueKey), repoDir: hostRepoDir };
133
- }
134
- /** Stage stored docs into the workspace + exclude the dir from git (server mode). */
135
- function stageArtifactsIn(art) {
136
- if (!art)
137
- return;
138
- try {
139
- // Stage the run's stored docs into `<repoDir>/.lastlight/<issueKey>/`. This
140
- // is safe for every workflow shape here: pre-cloned workflows (build, pr-*)
141
- // already have the checkout at `repoDir`, and non-pre-cloned ones (explore)
142
- // clone the repo into a *subdir* — so `repoDir` is the workspace root and a
143
- // `.lastlight/` there never collides with the agent's clone. (A future
144
- // workflow that `git clone … .` into cwd would be the one exception.)
145
- art.store.stageInto(art.ref, art.dir);
146
- // Backstop the prompt-level commit gate: when this is a real checkout, keep
147
- // the docs out of the agent's `git add -A` feature commit. No-op at the
148
- // workspace root (no `.git`), where the docs sit outside the repo subtree
149
- // and are never in the repo's git tree anyway.
150
- excludeFromGit(art.repoDir, ARTIFACT_DIR_ROOT);
151
- }
152
- catch (err) {
153
- const msg = err instanceof Error ? err.message : String(err);
154
- console.warn(`[executor] Could not stage build assets: ${msg}`);
155
- }
156
- }
157
- /** Persist docs the phase wrote back to the store (server mode). */
158
- function harvestArtifactsOut(art) {
159
- if (!art)
160
- return;
161
- try {
162
- art.store.harvestFrom(art.ref, art.dir);
163
- }
164
- catch (err) {
165
- const msg = err instanceof Error ? err.message : String(err);
166
- console.warn(`[executor] Could not harvest build assets: ${msg}`);
167
- }
168
- }
169
- /**
170
- * Execute one workflow-phase agent task via agentic-pi.
171
- *
172
- * Sandbox backend (decided per call):
173
- * 1. gondolin — agentic-pi's QEMU micro-VM. cwd is the host worktree,
174
- * mounted at /workspace inside the VM.
175
- * 2. docker — the legacy container path (`src/sandbox/docker.ts`). The
176
- * entrypoint inside the container execs `agentic-pi run --sandbox none`.
177
- * 3. none — agentic-pi in-process with cwd = the host worktree.
178
- */
11
+ import { DEFAULT_ALLOWLIST, mergeAllowlist } from "../sandbox/egress-allowlist.js";
12
+ import { getDockerSandboxOtelEnv, getOtelEnvForSandbox, safeSpanAttributes, withSpan } from "../telemetry/index.js";
13
+ // Per-backend executors + their shared building blocks live under ./executors/.
14
+ import { executeInProcess, executeDocker, executeSmol } from "./executors/backends.js";
15
+ import { DEFAULT_MODEL, DOCKER_WORKSPACE_DIR, resolveSessionsDir } from "./executors/shared.js";
16
+ // Re-exported for back-compat with existing importers (tests, dashboards).
17
+ export { RunResultAccumulator, stageSkillBundle, excludeFromGit, detectAccountError } from "./executors/shared.js";
179
18
  /**
180
19
  * Shared run preparation for {@link executeAgent} and {@link executeCommand}:
181
20
  * resolve the taskId / state dir / backend, mint the scoped GitHub token,
@@ -311,6 +150,16 @@ export async function executeAgent(prompt, config, opts) {
311
150
  onSessionId: opts?.onSessionId,
312
151
  }));
313
152
  }
153
+ if (backend === "smol") {
154
+ return withSpan("lastlight.agent.execute", spanAttrs, () => executeSmol(prompt, config, {
155
+ taskId,
156
+ stateDir,
157
+ env: ghEnv,
158
+ prePopulate,
159
+ access,
160
+ onSessionId: opts?.onSessionId,
161
+ }));
162
+ }
314
163
  const workDir = setupTaskWorktree({
315
164
  taskId,
316
165
  stateDir,
@@ -494,6 +343,59 @@ export async function executeCommand(spec, config, opts) {
494
343
  await sbx.cleanup();
495
344
  }
496
345
  }
346
+ if (backend === "smol") {
347
+ if (!smolAvailable()) {
348
+ throw new Error("LASTLIGHT_SANDBOX=smol but the smolvm CLI is not available for command phase.");
349
+ }
350
+ const allowHosts = config.unrestrictedEgress
351
+ ? null
352
+ : mergeAllowlist(DEFAULT_ALLOWLIST, config.otel?.enabled && config.otel.forwardToSandbox ? config.otel.collectorHosts : []);
353
+ // Boot first, then provision the probed share-backed dir (see executeSmol).
354
+ const workDir = setupTaskWorktree({ taskId, stateDir, sandboxDir: config.sandboxDir });
355
+ const sandbox = new SmolSandbox({ env: ghEnv, allowHosts });
356
+ const machine = await sandbox.create({ taskId, worktreePath: workDir });
357
+ const hostWs = machine.hostWorkspace;
358
+ if (prePopulate)
359
+ prePopulateWorkspace(hostWs, prePopulate);
360
+ const agentCwd = prePopulate ? `${SMOL_WORKSPACE_DIR}/${prePopulate.repo}` : SMOL_WORKSPACE_DIR;
361
+ try {
362
+ let command;
363
+ let toolName;
364
+ let toolInput;
365
+ if (spec.kind === "bash") {
366
+ command = spec.command;
367
+ toolName = "bash";
368
+ toolInput = { command: spec.command };
369
+ }
370
+ else {
371
+ const { fileName, run } = scriptInvocation(spec);
372
+ mkdirSync(join(hostWs, scriptDir), { recursive: true });
373
+ writeFileSync(join(hostWs, scriptDir, fileName), spec.script);
374
+ const inGuest = `${SMOL_WORKSPACE_DIR}/${scriptDir}/${fileName}`;
375
+ command = run(inGuest);
376
+ toolName = "bash";
377
+ toolInput = { command, runtime: spec.runtime };
378
+ }
379
+ const res = await sandbox.runCommand(taskId, command, {
380
+ cwd: agentCwd,
381
+ sandboxEnv: opts?.sandboxEnv,
382
+ timeoutSeconds,
383
+ onLine: () => { },
384
+ });
385
+ const durationMs = Date.now() - startTime;
386
+ const sessionId = opts?.writeSession === false ? null : await writeCommandSession({
387
+ sessionsDir, projectSlug: projectSlugForCwd(agentCwd), model,
388
+ displayPrompt, toolName, toolInput,
389
+ stdout: res.stdout, stderr: res.stderr, exitCode: res.exitCode, durationMs,
390
+ });
391
+ if (sessionId && opts?.onSessionId)
392
+ opts.onSessionId(sessionId);
393
+ return buildCommandResult(res, durationMs, sessionId);
394
+ }
395
+ finally {
396
+ await sandbox.destroy(taskId);
397
+ }
398
+ }
497
399
  // gondolin / none — run on the host worktree via spawnSync (the same
498
400
  // degraded model those backends already use; matches the pre-existing
499
401
  // host-side until_bash behaviour).
@@ -553,826 +455,4 @@ function buildCommandResult(res, durationMs, sessionId) {
553
455
  stopReason: success ? "success" : res.timedOut ? "error_timeout" : "error_bash",
554
456
  };
555
457
  }
556
- // ── In-process path (gondolin / none) ───────────────────────────────
557
- async function executeInProcess(prompt, config, ctx) {
558
- const startTime = Date.now();
559
- console.log(` [executor] Running in-process (task: ${ctx.taskId}, sandbox: ${ctx.backend})`);
560
- const model = config.model || DEFAULT_MODEL;
561
- const thinking = coerceThinking(config.variant);
562
- const profile = ctx.access ? AGENTIC_PROFILE_FOR[ctx.access.profile] : undefined;
563
- const sessionsDir = resolveSessionsDir(config);
564
- // When the harness pre-cloned the target repo, cwd is the checkout
565
- // (`<workDir>/<repo>/`) so the agent's commands run inside the repo with no
566
- // `cd` preamble; otherwise cwd is the workspace root and the agent clones in.
567
- const agentCwd = ctx.access?.prePopulateBranch
568
- ? join(ctx.workDir, ctx.access.repo)
569
- : ctx.workDir;
570
- // Stage this phase's skills into its own bundle and point pi at the staged
571
- // dirs explicitly via `skillPaths` below. The bundle lives at the workspace
572
- // root — a sibling of the repo, outside its git tree — for `none` (the host
573
- // FS is fully visible in-process). gondolin mounts only cwd, so its bundle
574
- // is staged under the repo and added to the checkout's local
575
- // `.git/info/exclude` so the agent can't commit it.
576
- const gondolin = ctx.backend === "gondolin";
577
- const skillRoot = gondolin ? agentCwd : ctx.workDir;
578
- let stagedSkillDirs;
579
- try {
580
- stagedSkillDirs = stageSkillBundle(skillRoot, skillBundleKey(config), config.skillPaths, "symlink");
581
- if (stagedSkillDirs && gondolin)
582
- excludeFromGit(agentCwd, SKILL_BUNDLE_ROOT);
583
- }
584
- catch (err) {
585
- const msg = err instanceof Error ? err.message : String(err);
586
- console.warn(`[executor] Could not stage skills: ${msg}`);
587
- }
588
- // Server-mode build assets: agentCwd is the host-visible repo checkout for
589
- // the in-process backends (gondolin's cwd mount / none's host FS), so stage
590
- // and harvest operate on it directly.
591
- const artifacts = serverArtifacts(config, agentCwd);
592
- stageArtifactsIn(artifacts);
593
- const shim = new AgenticShim({
594
- homeDir: sessionsDir,
595
- projectSlug: projectSlugForCwd(agentCwd),
596
- model,
597
- initialPrompt: prompt,
598
- });
599
- // agentic-pi reads its own env (provider keys, App PEM, etc.) from
600
- // process.env. Splice in our scoped values for the duration of the call,
601
- // then restore.
602
- const restore = applyEnv(ctx.env);
603
- // Env forwarded INTO the sandbox so the agent's `bash` calls see it.
604
- // agentic-pi auto-injects GITHUB_TOKEN/GH_TOKEN when --profile is set;
605
- // git identity is set here so `git commit` works without extra setup.
606
- //
607
- // Notes per backend:
608
- // - gondolin: the VM's user inherits HOME from the agentic-pi process
609
- // (so the host's HOME — e.g. /Users/clifton — leaks in). We force
610
- // HOME=/root so `git config --global` and `gh auth status` write
611
- // to a real path inside the VM.
612
- // - none: agent runs on the host; do NOT override HOME (would mess
613
- // with the harness user's real config).
614
- // - docker (handled separately): the container's `agent` user has
615
- // its own HOME=/home/agent baked in by the image; no override.
616
- const baseSandboxEnv = {
617
- GIT_AUTHOR_NAME: "last-light[bot]",
618
- GIT_AUTHOR_EMAIL: "last-light[bot]@users.noreply.github.com",
619
- GIT_COMMITTER_NAME: "last-light[bot]",
620
- GIT_COMMITTER_EMAIL: "last-light[bot]@users.noreply.github.com",
621
- // /workspace is a bind mount from the host (host UID) into a VM running
622
- // as a different UID; git refuses to operate without an explicit
623
- // safe-directory. Setting it via GIT_CONFIG_* avoids needing HOME and
624
- // a writeable ~/.gitconfig.
625
- GIT_CONFIG_COUNT: "1",
626
- GIT_CONFIG_KEY_0: "safe.directory",
627
- GIT_CONFIG_VALUE_0: "*",
628
- };
629
- const otelSandboxEnv = config.otel?.enabled && config.otel.forwardToSandbox ? getOtelEnvForSandbox() : {};
630
- const sandboxEnv = ctx.backend === "gondolin"
631
- ? { ...otelSandboxEnv, ...baseSandboxEnv, HOME: "/root", USER: "root", LOGNAME: "root" }
632
- : { ...otelSandboxEnv, ...baseSandboxEnv };
633
- let notifiedSessionId = false;
634
- let result;
635
- const acc = new RunResultAccumulator();
636
- try {
637
- // HTTP egress allowlist. lastlight owns the policy (rather than relying
638
- // on agentic-pi's bundled default) so a single source — `egress-allowlist.ts`
639
- // — covers both backends. `unrestrictedEgress` opts a phase out via the
640
- // `"*"` sentinel; gondolin (post the upstream allow-all patch) treats it
641
- // as "allow every host".
642
- const extraHosts = config.otel?.enabled && config.otel.forwardToSandbox ? config.otel.collectorHosts : [];
643
- const allowedHttpHosts = config.unrestrictedEgress
644
- ? [ALLOW_ALL_SENTINEL]
645
- : mergeAllowlist(DEFAULT_ALLOWLIST, extraHosts);
646
- // Loaded lazily: agentic-pi transitively imports pi-coding-agent, whose
647
- // bundled undici writes a v8 Agent onto `Symbol.for('undici.globalDispatcher.1')`
648
- // the moment its `lib/global.js` evaluates. Node's built-in fetch reads
649
- // from the same symbol, so eager-loading here would poison every fetch
650
- // in the harness — breaking arctic's OAuth code exchange (strict
651
- // content-length validation). Dynamic import keeps the harness on
652
- // Node's clean dispatcher unless an in-process sandbox actually runs.
653
- const { run: agenticRun } = await import("agentic-pi");
654
- result = await agenticRun({
655
- model,
656
- prompt,
657
- thinking,
658
- profile,
659
- // Test/eval escape hatch: when set (by the eval harness), agentic-pi's
660
- // built-in github_* tools talk to a local fake GitHub instead of
661
- // api.github.com. Unset in production.
662
- githubApiBaseUrl: config.githubApiBaseUrl,
663
- sandbox: ctx.backend === "gondolin" ? "gondolin" : "none",
664
- sandboxEnv,
665
- cwd: agentCwd,
666
- noSession: true,
667
- // Explicit per-phase skill bundle (staged above). pi loads these
668
- // additively; nothing is written into the repo for the agent to commit.
669
- skillPaths: stagedSkillDirs,
670
- allowedHttpHosts,
671
- // Explicit boolean — without it, agentic-pi auto-enables web search
672
- // when any provider key is in process.env. We forwarded those keys
673
- // above only for opted-in workflows, but `process.env` on the harness
674
- // host carries them regardless, so we must opt-out explicitly.
675
- webSearch: config.webSearch === true,
676
- webSearchProvider: config.webSearchProvider,
677
- onEvent: (record) => {
678
- acc.feed(record);
679
- shim.feed(record);
680
- recordPiEvent(record, {
681
- includeContent: config.otel?.includeContent === true,
682
- surface: "agent",
683
- workflowName: config.telemetry?.workflowName,
684
- phaseName: config.telemetry?.phaseName,
685
- model,
686
- });
687
- if (!notifiedSessionId && ctx.onSessionId && record.type === "session" && typeof record.id === "string") {
688
- notifiedSessionId = true;
689
- ctx.onSessionId(record.id);
690
- }
691
- },
692
- onWarn: (msg) => console.warn(`[agentic] ${msg}`),
693
- });
694
- }
695
- catch (err) {
696
- restore();
697
- // Harvest even on failure so a partial plan/summary still reaches the store.
698
- harvestArtifactsOut(artifacts);
699
- const msg = err instanceof Error ? err.message : String(err);
700
- const durationMs = Date.now() - startTime;
701
- recordError("agent", err, { "sandbox.backend": ctx.backend, model, success: false, stop_reason: "error_executor", "workflow.name": config.telemetry?.workflowName, "phase.name": config.telemetry?.phaseName });
702
- recordExecutionMetrics("agent", { "sandbox.backend": ctx.backend, model, success: false, stop_reason: "error_executor", durationMs });
703
- const fallbackId = `exec-${basename(ctx.taskId)}`;
704
- const synthesizedId = await shim
705
- .finalizeWithFallback(emptyResult("error_executor", durationMs), fallbackId, msg)
706
- .catch(() => null);
707
- return {
708
- success: false,
709
- output: "",
710
- turns: 0,
711
- error: msg,
712
- durationMs,
713
- sessionId: synthesizedId ?? undefined,
714
- stopReason: "error_executor",
715
- };
716
- }
717
- restore();
718
- harvestArtifactsOut(artifacts);
719
- // agentic-pi's in-process `stats` is the same compaction-blind
720
- // `usage_snapshot`. Prefer our per-message accumulation when it carries
721
- // token data (see RunResultAccumulator.bestStats).
722
- const better = acc.bestStats();
723
- if (better && (better.tokens?.total ?? 0) > 0)
724
- result.stats = better;
725
- const finalResult = await finalizeFromRunResult(result, prompt, shim, startTime, acc.extensions(), acc.skills(), acc.toolError(), acc.endedOnToolCall());
726
- recordExecutionMetrics("agent", {
727
- "sandbox.backend": ctx.backend,
728
- model,
729
- success: finalResult.success,
730
- stop_reason: finalResult.stopReason,
731
- durationMs: finalResult.durationMs,
732
- costUsd: finalResult.costUsd,
733
- inputTokens: finalResult.inputTokens,
734
- outputTokens: finalResult.outputTokens,
735
- "workflow.name": config.telemetry?.workflowName,
736
- "phase.name": config.telemetry?.phaseName,
737
- });
738
- return finalResult;
739
- }
740
- // ── Docker path ─────────────────────────────────────────────────────
741
- async function executeDocker(prompt, config, ctx) {
742
- // HTTP egress routing — docker analog of the gondolin allowlist.
743
- // Sandbox is wired to coredns-strict by default (allowlist enforced via
744
- // DNS sinkhole + nginx ssl_preread); a phase that set
745
- // `unrestricted_egress: true` points at coredns-open instead.
746
- // The IPs here match the static assignments in docker-compose.yml
747
- // (see src/sandbox/egress-firewall-config.ts for the constants).
748
- const dnsIp = config.unrestrictedEgress
749
- ? (process.env.LASTLIGHT_DNS_OPEN || "172.30.0.11")
750
- : (process.env.LASTLIGHT_DNS_STRICT || "172.30.0.10");
751
- // A phase can opt into the browser-QA image (Playwright + Chromium baked in)
752
- // with `sandbox_image: qa`. The runner only schedules such a phase when the
753
- // image is actually present (see `qaImageAvailable`), so by here it's safe to
754
- // request; pass undefined otherwise to use the lean default image.
755
- const imageName = config.sandboxImage === "qa" ? SANDBOX_IMAGE_QA : undefined;
756
- const sbx = await createTaskSandbox({
757
- taskId: ctx.taskId,
758
- stateDir: ctx.stateDir,
759
- sandboxDir: config.sandboxDir,
760
- env: ctx.env,
761
- prePopulate: ctx.prePopulate,
762
- dnsIp,
763
- imageName,
764
- });
765
- if (!sbx) {
766
- throw new Error("LASTLIGHT_SANDBOX=docker but no docker sandbox was available. " +
767
- "Install Docker and build the sandbox image, or set LASTLIGHT_SANDBOX=gondolin / none.");
768
- }
769
- try {
770
- const md = loadAgentContext(config.agentContextDir);
771
- if (md)
772
- writeFileSync(join(sbx.workDir, "AGENTS.md"), md);
773
- }
774
- catch (err) {
775
- const msg = err instanceof Error ? err.message : String(err);
776
- console.warn(`[executor] Could not write docker AGENTS.md: ${msg}`);
777
- }
778
- const startTime = Date.now();
779
- console.log(` [executor] Running in docker sandbox (task: ${ctx.taskId})`);
780
- const model = config.model || DEFAULT_MODEL;
781
- const thinking = coerceThinking(config.variant);
782
- const profile = ctx.access ? AGENTIC_PROFILE_FOR[ctx.access.profile] : undefined;
783
- const sessionsDir = resolveSessionsDir(config);
784
- // When the harness pre-cloned the repo, cwd is the checkout
785
- // (`<workspace>/<repo>/`) so the agent runs inside the repo with no `cd`
786
- // preamble; otherwise it's the workspace root.
787
- const agentCwd = ctx.prePopulate
788
- ? `${DOCKER_WORKSPACE_DIR}/${ctx.prePopulate.repo}`
789
- : DOCKER_WORKSPACE_DIR;
790
- // Stage this phase's skills into its own bundle at the workspace ROOT — a
791
- // sibling of any repo subdir, never inside its git tree. docker bind-mounts
792
- // the WHOLE workspace, so the agent reaches the bundle by an absolute
793
- // `--skill` path even though cwd is the repo. Copy (not symlink) because the
794
- // agent's tools run inside the container and host symlink targets don't
795
- // resolve there. Map the host dests to their in-container paths for `--skill`.
796
- let skillDirsInContainer = [];
797
- try {
798
- const staged = stageSkillBundle(sbx.workDir, skillBundleKey(config), config.skillPaths, "copy");
799
- if (staged) {
800
- skillDirsInContainer = staged.map((d) => `${DOCKER_WORKSPACE_DIR}/${relative(sbx.workDir, d)}`);
801
- }
802
- }
803
- catch (err) {
804
- const msg = err instanceof Error ? err.message : String(err);
805
- console.warn(`[executor] Could not stage skills in docker workspace: ${msg}`);
806
- }
807
- // Server-mode build assets. The host-visible repo checkout is the
808
- // bind-mounted workspace path (`sbx.workDir[/<repo>]`), NOT the in-container
809
- // `agentCwd`. Stage now; harvest before each `sbx.cleanup()` below (cleanup
810
- // removes the workspace, taking the docs with it).
811
- const hostRepoDir = ctx.prePopulate ? join(sbx.workDir, ctx.prePopulate.repo) : sbx.workDir;
812
- const artifacts = serverArtifacts(config, hostRepoDir);
813
- stageArtifactsIn(artifacts);
814
- // The dashboard reads from <sessionsDir>/projects/<slug>/. Use the same
815
- // resolved cwd for the slug so live tails land in the right project dir.
816
- const shim = new AgenticShim({
817
- homeDir: sessionsDir,
818
- projectSlug: projectSlugForCwd(agentCwd),
819
- model,
820
- initialPrompt: prompt,
821
- });
822
- const acc = new RunResultAccumulator();
823
- let notifiedSessionId = false;
824
- // Identity forwarded into the sandboxed agentic-pi run inside the container.
825
- // The container's `agent` user already has HOME=/home/agent set up, so we
826
- // do NOT override HOME here — only git identity + safe.directory (for the
827
- // host-UID bind mount). GITHUB_TOKEN/GH_TOKEN are auto-injected by
828
- // agentic-pi when --profile is set.
829
- const sandboxEnv = {
830
- // Inner-run env for the agent's child shells. Points at the in-network
831
- // collector (IP-only, no secret headers) so any OTLP a script emits is
832
- // tunnelled the same way the agent's own telemetry is.
833
- ...(config.otel?.enabled && config.otel.forwardToSandbox ? getDockerSandboxOtelEnv() : {}),
834
- GIT_AUTHOR_NAME: "last-light[bot]",
835
- GIT_AUTHOR_EMAIL: "last-light[bot]@users.noreply.github.com",
836
- GIT_COMMITTER_NAME: "last-light[bot]",
837
- GIT_COMMITTER_EMAIL: "last-light[bot]@users.noreply.github.com",
838
- GIT_CONFIG_COUNT: "1",
839
- GIT_CONFIG_KEY_0: "safe.directory",
840
- GIT_CONFIG_VALUE_0: "*",
841
- };
842
- try {
843
- await sbx.sandbox.runAgent(ctx.taskId, prompt, {
844
- model,
845
- thinking,
846
- profile,
847
- sandboxEnv,
848
- agentCwd,
849
- skillDirs: skillDirsInContainer,
850
- webSearch: config.webSearch === true,
851
- webSearchProvider: config.webSearchProvider,
852
- onLine: (line) => {
853
- if (!line.startsWith("{"))
854
- return;
855
- let record;
856
- try {
857
- record = JSON.parse(line);
858
- }
859
- catch {
860
- return;
861
- }
862
- acc.feed(record);
863
- shim.feed(record);
864
- recordPiEvent(record, {
865
- includeContent: config.otel?.includeContent === true,
866
- surface: "agent",
867
- workflowName: config.telemetry?.workflowName,
868
- phaseName: config.telemetry?.phaseName,
869
- model,
870
- });
871
- if (!notifiedSessionId && ctx.onSessionId && record.type === "session" && typeof record.id === "string") {
872
- notifiedSessionId = true;
873
- ctx.onSessionId(record.id);
874
- }
875
- },
876
- });
877
- }
878
- catch (err) {
879
- const msg = err instanceof Error ? err.message : String(err);
880
- const durationMs = Date.now() - startTime;
881
- recordError("agent", err, { "sandbox.backend": "docker", model, success: false, stop_reason: "error_sandbox", "workflow.name": config.telemetry?.workflowName, "phase.name": config.telemetry?.phaseName });
882
- recordExecutionMetrics("agent", { "sandbox.backend": "docker", model, success: false, stop_reason: "error_sandbox", durationMs });
883
- const fallbackId = `exec-${basename(ctx.taskId)}`;
884
- const synthesizedId = await shim
885
- .finalizeWithFallback(emptyResult("error_sandbox", durationMs), fallbackId, msg)
886
- .catch(() => null);
887
- harvestArtifactsOut(artifacts);
888
- await sbx.cleanup();
889
- return {
890
- success: false,
891
- output: "",
892
- turns: 0,
893
- error: msg,
894
- durationMs,
895
- sessionId: synthesizedId ?? undefined,
896
- stopReason: "error_sandbox",
897
- };
898
- }
899
- harvestArtifactsOut(artifacts);
900
- await sbx.cleanup();
901
- const finalResult = await finalizeFromRunResult(acc.build(0), prompt, shim, startTime, acc.extensions(), acc.skills(), acc.toolError(), acc.endedOnToolCall());
902
- recordExecutionMetrics("agent", {
903
- "sandbox.backend": "docker",
904
- model,
905
- success: finalResult.success,
906
- stop_reason: finalResult.stopReason,
907
- durationMs: finalResult.durationMs,
908
- costUsd: finalResult.costUsd,
909
- inputTokens: finalResult.inputTokens,
910
- outputTokens: finalResult.outputTokens,
911
- "workflow.name": config.telemetry?.workflowName,
912
- "phase.name": config.telemetry?.phaseName,
913
- });
914
- return finalResult;
915
- }
916
- /**
917
- * Build a RunResult-shaped tally from the JSONL event stream emitted by
918
- * `agentic-pi run` inside the docker sandbox. Mirrors what agentic-pi's
919
- * own `run()` function does in-process — minimum viable subset of
920
- * fields the executor cares about.
921
- *
922
- * Usage accounting accumulates each assistant `message_end`'s `usage`
923
- * rather than trusting the terminal `usage_snapshot`. pi's snapshot is
924
- * derived from `getSessionStats()`, which recomputes from the *current*
925
- * in-memory message window — auto-compaction replaces those messages with
926
- * a summary, so the snapshot reports zero tokens/cost/turns the moment a
927
- * phase compacts. The per-message events fire at finalization (before any
928
- * compaction rebuild), so summing them is compaction-proof. `bestStats()`
929
- * prefers the accumulation and falls back to the snapshot only when no
930
- * per-message usage was observed.
931
- */
932
- export class RunResultAccumulator {
933
- sessionId;
934
- finalText = "";
935
- agentEnded = false;
936
- toolErrors = false;
937
- maxStepsReached = false;
938
- lastToolError;
939
- // True iff the last assistant turn ended with a tool call — i.e. the agent
940
- // asked for a tool and the loop terminated before it could respond to the
941
- // result. That's a truncated run (pi hit its internal step cap mid-task),
942
- // not a finished one. See `finalizeFromRunResult`'s truncation guard.
943
- lastAssistantHadToolCall = false;
944
- fatalError;
945
- snapshotStats;
946
- messages = [];
947
- // Per-message usage accumulation (the compaction-proof source).
948
- assistantMessages = 0;
949
- userMessages = 0;
950
- toolCalls = 0;
951
- toolResults = 0;
952
- msgInput = 0;
953
- msgOutput = 0;
954
- msgCacheRead = 0;
955
- msgCacheWrite = 0;
956
- msgCost = 0;
957
- // Extension status events (file-search / github / web-search), keyed by
958
- // extension name. Emitted once each at run start; we keep the raw payload
959
- // (minus type/extension) so build() can map them onto the RunResult.
960
- ext = {};
961
- // Skill-loading status. agentic-pi emits a single (gated) `skills_status`
962
- // event at run start; we keep the raw payload (minus type) so skills()
963
- // can normalize it onto the RunResult, mirroring `ext` above for tools.
964
- skillsRaw;
965
- feed(r) {
966
- switch (r.type) {
967
- case "session":
968
- if (typeof r.id === "string")
969
- this.sessionId = r.id;
970
- break;
971
- case "extension_status": {
972
- if (typeof r.extension === "string") {
973
- const { type: _t, extension: _e, ...rest } = r;
974
- this.ext[r.extension] = rest;
975
- }
976
- break;
977
- }
978
- case "skills_status": {
979
- const { type: _t, ...rest } = r;
980
- this.skillsRaw = rest;
981
- break;
982
- }
983
- case "message_end": {
984
- const m = r.message;
985
- if (m?.role === "assistant" && Array.isArray(m.content)) {
986
- const text = m.content
987
- .filter((c) => c.type === "text" && typeof c.text === "string")
988
- .map((c) => c.text)
989
- .join("");
990
- if (text)
991
- this.finalText = text;
992
- this.assistantMessages += 1;
993
- const toolCallsInTurn = m.content.filter((c) => c.type === "toolCall").length;
994
- this.toolCalls += toolCallsInTurn;
995
- // Track whether the *latest* assistant turn requested a tool. If the
996
- // run ends here (no synthesis turn follows the tool result), the
997
- // agent was cut off mid-task.
998
- this.lastAssistantHadToolCall = toolCallsInTurn > 0;
999
- this.accumulateUsage(m.usage);
1000
- }
1001
- else if (m?.role === "user") {
1002
- this.userMessages += 1;
1003
- }
1004
- break;
1005
- }
1006
- case "tool_execution_end":
1007
- this.toolResults += 1;
1008
- if (r.isError === true) {
1009
- this.toolErrors = true;
1010
- // Keep the actual failure text (not just a boolean) so a run that
1011
- // ends in `error_tool` can report which tool failed and why —
1012
- // e.g. a provider `insufficient_quota` surfaced through an MCP
1013
- // call, or a bash command's stderr. Last error wins (it's the
1014
- // one that ended the run). truncate: tool output can be huge.
1015
- const raw = r.error ?? r.result ?? r.output;
1016
- const message = truncateForLog(typeof raw === "string" ? raw : safeStringify(raw), 4096);
1017
- const tool = typeof r.tool === "string"
1018
- ? r.tool
1019
- : typeof r.toolName === "string"
1020
- ? r.toolName
1021
- : undefined;
1022
- if (message)
1023
- this.lastToolError = { tool, message };
1024
- }
1025
- break;
1026
- case "agent_end":
1027
- this.agentEnded = true;
1028
- if (Array.isArray(r.messages))
1029
- this.messages = r.messages;
1030
- break;
1031
- case "max_steps_reached":
1032
- this.maxStepsReached = true;
1033
- break;
1034
- case "usage_snapshot":
1035
- this.snapshotStats = r.stats;
1036
- break;
1037
- case "fatal_error":
1038
- this.fatalError = r.error;
1039
- break;
1040
- }
1041
- }
1042
- accumulateUsage(usage) {
1043
- if (!usage || typeof usage !== "object")
1044
- return;
1045
- const num = (v) => typeof v === "number" && Number.isFinite(v) ? v : 0;
1046
- this.msgInput += num(usage.input);
1047
- this.msgOutput += num(usage.output);
1048
- this.msgCacheRead += num(usage.cacheRead);
1049
- this.msgCacheWrite += num(usage.cacheWrite);
1050
- const cost = usage.cost;
1051
- if (cost && typeof cost === "object")
1052
- this.msgCost += num(cost.total);
1053
- }
1054
- /** Stats summed from per-message usage, or undefined if none was seen. */
1055
- accumulatedStats() {
1056
- const total = this.msgInput + this.msgOutput + this.msgCacheRead + this.msgCacheWrite;
1057
- if (this.assistantMessages === 0 && total === 0)
1058
- return undefined;
1059
- return {
1060
- userMessages: this.userMessages,
1061
- assistantMessages: this.assistantMessages,
1062
- toolCalls: this.toolCalls,
1063
- toolResults: this.toolResults,
1064
- tokens: {
1065
- input: this.msgInput,
1066
- output: this.msgOutput,
1067
- cacheRead: this.msgCacheRead,
1068
- cacheWrite: this.msgCacheWrite,
1069
- total,
1070
- },
1071
- cost: this.msgCost,
1072
- };
1073
- }
1074
- /**
1075
- * Prefer the per-message accumulation (compaction-proof) over pi's
1076
- * terminal `usage_snapshot`. Fall back to the snapshot only when the
1077
- * accumulation carries no token data — e.g. a provider that doesn't
1078
- * report per-message usage — so a non-compacted snapshot still wins.
1079
- */
1080
- bestStats() {
1081
- const acc = this.accumulatedStats();
1082
- if (acc && acc.tokens.total > 0)
1083
- return acc;
1084
- return this.snapshotStats ?? acc;
1085
- }
1086
- build(exitCode) {
1087
- return {
1088
- exitCode: exitCode,
1089
- ok: exitCode === 0 && !this.fatalError,
1090
- agentEnded: this.agentEnded,
1091
- toolErrors: this.toolErrors,
1092
- maxStepsReached: this.maxStepsReached,
1093
- fatalError: this.fatalError,
1094
- sessionId: this.sessionId,
1095
- finalText: this.finalText,
1096
- messages: this.messages,
1097
- stats: this.bestStats(),
1098
- records: [],
1099
- warnings: [],
1100
- };
1101
- }
1102
- /**
1103
- * Normalized extension status captured from `extension_status` events
1104
- * (file-search / github / web-search), or undefined if none reported.
1105
- * Decoupled from agentic-pi's `RunResult` type, which lags the runtime —
1106
- * the docker sandbox's agentic-pi emits file-search even when the harness's
1107
- * pinned `RunResult` type doesn't yet declare it.
1108
- */
1109
- extensions() {
1110
- const out = {};
1111
- for (const [name, v] of Object.entries(this.ext)) {
1112
- if (v && typeof v.status === "string") {
1113
- out[name] = {
1114
- status: v.status,
1115
- ...(typeof v.mode === "string" ? { mode: v.mode } : {}),
1116
- ...(typeof v.provider === "string" ? { provider: v.provider } : {}),
1117
- ...(typeof v.toolCount === "number" ? { toolCount: v.toolCount } : {}),
1118
- ...(typeof v.reason === "string" ? { reason: v.reason } : {}),
1119
- };
1120
- }
1121
- }
1122
- return Object.keys(out).length > 0 ? out : undefined;
1123
- }
1124
- /**
1125
- * Normalized skill-loading status from the gated `skills_status` event, or
1126
- * undefined if none was reported (agentic-pi suppresses it on a run that
1127
- * configured no skills and discovered none). The skill-loading counterpart
1128
- * to {@link extensions}.
1129
- */
1130
- skills() {
1131
- const s = this.skillsRaw;
1132
- if (!s || typeof s.status !== "string")
1133
- return undefined;
1134
- const skills = Array.isArray(s.skills)
1135
- ? s.skills
1136
- .filter((x) => !!x && typeof x === "object")
1137
- .map((x) => ({
1138
- name: typeof x.name === "string" ? x.name : "",
1139
- source: typeof x.source === "string" ? x.source : "",
1140
- modelInvocable: x.modelInvocable === true,
1141
- }))
1142
- : [];
1143
- return {
1144
- status: s.status,
1145
- discovered: typeof s.discovered === "number" ? s.discovered : skills.length,
1146
- skills,
1147
- mappedPaths: Array.isArray(s.mappedPaths)
1148
- ? s.mappedPaths.filter((p) => typeof p === "string")
1149
- : [],
1150
- noSkills: s.noSkills === true,
1151
- };
1152
- }
1153
- /**
1154
- * The last tool result that came back with `isError: true`, including the
1155
- * failure text — or undefined if no tool errored. This is what turns a
1156
- * bare `error_tool` stop reason into a human-readable cause.
1157
- */
1158
- toolError() {
1159
- return this.lastToolError;
1160
- }
1161
- /**
1162
- * True iff the run's final assistant turn ended on a tool call — meaning
1163
- * the agent intended to keep going but the loop stopped before it could
1164
- * respond to the tool result and write its answer. The signal a run was
1165
- * truncated (step-limit) rather than genuinely finished.
1166
- */
1167
- endedOnToolCall() {
1168
- return this.lastAssistantHadToolCall;
1169
- }
1170
- }
1171
- // ── Helpers ─────────────────────────────────────────────────────────
1172
- /** Provider account/billing/auth failures pi may surface as error text. */
1173
- const ACCOUNT_ERROR_MARKERS = [
1174
- "credit balance",
1175
- "insufficient_quota",
1176
- "insufficient quota",
1177
- "rate limit",
1178
- "unauthorized",
1179
- "invalid_api_key",
1180
- ];
1181
- /**
1182
- * Detect a provider account error (out of credit, quota, rate-limited, bad key)
1183
- * that pi may have surfaced as plain text rather than a hard failure.
1184
- *
1185
- * Critically, on a **successful** run we scan ONLY the genuine provider-error
1186
- * channel (`agentErrorMessage`, which `extractAgentError` already turns into a
1187
- * non-success stopReason when set — so it's empty here). The agent's own output
1188
- * (`finalText`) and tool results (`fatalError`, `toolError`) are NOT scanned on
1189
- * success: a legitimate `verify`/`qa-test` report or a `curl` probing a 401
1190
- * endpoint routinely contains "unauthorized" / "rate limit" as part of the task
1191
- * itself, and folding that in would wrongly fail a genuinely successful run
1192
- * (and drop its report). Only on a failed run do we fold those in to label why.
1193
- */
1194
- export function detectAccountError(opts) {
1195
- const combined = [
1196
- opts.success ? undefined : opts.fatalErrorMessage,
1197
- opts.agentErrorMessage,
1198
- opts.success ? undefined : opts.finalText,
1199
- opts.success ? undefined : opts.toolErrorText,
1200
- ]
1201
- .filter((s) => typeof s === "string" && s.length > 0)
1202
- .join("\n")
1203
- .toLowerCase();
1204
- return ACCOUNT_ERROR_MARKERS.some((m) => combined.includes(m));
1205
- }
1206
- function finalizeFromRunResult(result, _prompt, shim, startTime, extensions, skills, toolError, endedOnToolCall = false) {
1207
- const durationMs = Date.now() - startTime;
1208
- const stats = result.stats;
1209
- // pi-agent-core swallows provider API errors (insufficient_quota, rate
1210
- // limit, auth) inside `handleRunFailure`: it synthesizes an assistant
1211
- // message with stopReason "error" + errorMessage and emits a clean
1212
- // agent_end. Without this check the run would map to "success" and the
1213
- // workflow would silently advance with no output. See message scan below.
1214
- const agentError = extractAgentError(result);
1215
- let stopReason = agentError?.stopReason ?? mapStopReason(result);
1216
- // Truncation guard. A run that *would* map to "success" but whose final
1217
- // assistant turn ended on a tool call was cut off mid-task: the agent
1218
- // asked for a tool and the loop stopped before it could read the result
1219
- // and synthesize an answer (pi hit its internal step cap — agentic-pi
1220
- // v0.2.7 exposes no maxSteps knob to lift it). In that state `finalText`
1221
- // is the agent's "let me just check X" preamble, NOT an answer. Reclassify
1222
- // as a failure so the workflow fires `on_failure` instead of delivering
1223
- // the fragment as if it were the result.
1224
- const truncated = stopReason === "success" && !agentError && endedOnToolCall;
1225
- if (truncated)
1226
- stopReason = "error_truncated";
1227
- const success = stopReason === "success";
1228
- const truncationMessage = "Agent stopped mid-task before producing a final answer (hit the agent " +
1229
- "step limit). No answer was delivered.";
1230
- // A bare `error_tool` stop reason is useless on its own. Surface the
1231
- // failing tool's actual error text so the executions row and dashboard
1232
- // show *why* the run died (e.g. "Tool `bash` failed: insufficient_quota").
1233
- const toolErrorText = toolError
1234
- ? toolError.tool
1235
- ? `Tool \`${toolError.tool}\` failed: ${toolError.message}`
1236
- : toolError.message
1237
- : undefined;
1238
- const inputTokens = stats?.tokens.input ?? 0;
1239
- const outputTokens = stats?.tokens.output ?? 0;
1240
- const cacheRead = stats?.tokens.cacheRead ?? 0;
1241
- const cacheWrite = stats?.tokens.cacheWrite ?? 0;
1242
- const costUsd = stats?.cost ?? 0;
1243
- const turns = stats?.assistantMessages ?? 0;
1244
- const costStr = costUsd > 0 ? `, $${costUsd.toFixed(4)}` : "";
1245
- console.log(` [executor] Result: ${stopReason} (${turns} turns, ${Math.round(durationMs / 1000)}s${costStr})` +
1246
- `${result.sessionId ? ` [session ${result.sessionId}]` : ""}`);
1247
- shim.finalize({
1248
- finalText: result.finalText,
1249
- turns,
1250
- costUsd,
1251
- inputTokens,
1252
- outputTokens,
1253
- cacheReadInputTokens: cacheRead,
1254
- cacheCreationInputTokens: cacheWrite,
1255
- stopReason,
1256
- durationMs,
1257
- apiErrorMessage: agentError?.errorMessage ??
1258
- (success ? undefined : (toolErrorText ?? (truncated ? truncationMessage : undefined))),
1259
- });
1260
- void shim.flush();
1261
- const accountError = detectAccountError({
1262
- success,
1263
- fatalErrorMessage: result.fatalError?.message,
1264
- agentErrorMessage: agentError?.errorMessage,
1265
- finalText: result.finalText,
1266
- toolErrorText,
1267
- });
1268
- const errorText = result.fatalError?.message ||
1269
- agentError?.errorMessage ||
1270
- toolErrorText ||
1271
- (truncated ? truncationMessage : result.finalText) ||
1272
- stopReason;
1273
- if (!success || accountError) {
1274
- if (accountError)
1275
- console.error(` [executor] Account error: ${errorText}`);
1276
- else
1277
- console.error(` [executor] Run failed (${stopReason}): ${errorText}`);
1278
- }
1279
- return {
1280
- success: success && !accountError,
1281
- output: result.finalText,
1282
- turns,
1283
- error: success && !accountError ? undefined : errorText,
1284
- durationMs,
1285
- sessionId: result.sessionId,
1286
- costUsd: costUsd > 0 ? costUsd : undefined,
1287
- inputTokens: inputTokens || undefined,
1288
- outputTokens: outputTokens || undefined,
1289
- cacheReadInputTokens: cacheRead || undefined,
1290
- cacheCreationInputTokens: cacheWrite || undefined,
1291
- stopReason,
1292
- extensions,
1293
- skills,
1294
- };
1295
- }
1296
- function mapStopReason(result) {
1297
- if (result.fatalError)
1298
- return "error_fatal";
1299
- if (result.toolErrors && result.finalText.length === 0)
1300
- return "error_tool";
1301
- if (!result.ok)
1302
- return `error_exit_${result.exitCode}`;
1303
- if (result.agentEnded || result.finalText.length > 0)
1304
- return "success";
1305
- return "unknown";
1306
- }
1307
- /**
1308
- * Scan agent_end's messages for a failed assistant turn. pi-agent-core's
1309
- * `handleRunFailure` catches provider errors, synthesizes an assistant
1310
- * message with stopReason "error"/"aborted" + errorMessage, and emits a
1311
- * normal agent_end — so the only signal that the run actually failed
1312
- * lives on the last assistant message.
1313
- */
1314
- function extractAgentError(result) {
1315
- if (!Array.isArray(result.messages))
1316
- return undefined;
1317
- for (let i = result.messages.length - 1; i >= 0; i--) {
1318
- const m = result.messages[i];
1319
- if (m?.role !== "assistant")
1320
- continue;
1321
- if (m.stopReason === "error" || m.stopReason === "aborted") {
1322
- return {
1323
- stopReason: m.stopReason === "aborted" ? "error_aborted" : "error_agent",
1324
- errorMessage: m.errorMessage || m.stopReason,
1325
- };
1326
- }
1327
- return undefined;
1328
- }
1329
- return undefined;
1330
- }
1331
- function coerceThinking(raw) {
1332
- if (!raw)
1333
- return undefined;
1334
- const v = raw.trim().toLowerCase();
1335
- if (!THINKING_LEVELS.has(v)) {
1336
- console.warn(`[executor] Ignoring unknown thinking level "${raw}" — must be one of: ${[...THINKING_LEVELS].join(", ")}`);
1337
- return undefined;
1338
- }
1339
- return v;
1340
- }
1341
- function resolveSessionsDir(config) {
1342
- if (config.sessionsDir)
1343
- return resolve(config.sessionsDir);
1344
- const stateDir = config.stateDir || resolve("data");
1345
- return process.env.LASTLIGHT_SESSIONS_DIR
1346
- ? resolve(process.env.LASTLIGHT_SESSIONS_DIR)
1347
- : resolve(stateDir, "agent-sessions");
1348
- }
1349
- function emptyResult(stopReason, durationMs) {
1350
- return {
1351
- finalText: "",
1352
- turns: 0,
1353
- costUsd: 0,
1354
- inputTokens: 0,
1355
- outputTokens: 0,
1356
- cacheReadInputTokens: 0,
1357
- cacheCreationInputTokens: 0,
1358
- stopReason,
1359
- durationMs,
1360
- };
1361
- }
1362
- /** Splice values into process.env for the duration of a sync block. */
1363
- function applyEnv(env) {
1364
- const saved = {};
1365
- for (const [k, v] of Object.entries(env)) {
1366
- saved[k] = process.env[k];
1367
- process.env[k] = v;
1368
- }
1369
- return () => {
1370
- for (const [k, v] of Object.entries(saved)) {
1371
- if (v === undefined)
1372
- delete process.env[k];
1373
- else
1374
- process.env[k] = v;
1375
- }
1376
- };
1377
- }
1378
458
  //# sourceMappingURL=agent-executor.js.map