leerness 1.9.148 → 1.9.150

package/CHANGELOG.md

@@ -1,5 +1,87 @@
 # Changelog
 
+## 1.9.150 — 2026-05-20
+
+**Sandboxing — `runCommandSafe()` wrapper + REPL slash-commands (3중 LLM 합의 #3 / Codex 권고).**
+
+자율 모드 80 라운드 마일스톤. 1.9.149 REPL 위에 **샌드박스 보안 레이어** + **leerness 내부 명령 직접 호출**을 추가.
+
+### Added — `runCommandSafe(cmd, args, opts)` sandbox wrapper
+- **cwd jail** — `cwd` 가 root 밖 (path traversal) 이면 즉시 exit 126 + `blocked: 'cwd_jail'` 기록
+- **shell:false 기본** — shell injection 표면 차단. `allowShell: true` 시만 shell:true (npm/pytest 호환)
+- **env scrub** — 안전 화이트리스트만 통과 (`PATH`, `HOME`, `TMP`, `LEERNESS_*`, `NPM_CONFIG_*`, ...)
+  - 시크릿 환경변수 (DB_PASSWORD, API_KEY 등) 자식 프로세스에 누출 방지
+- **timeout 한도** — 기본 5분, max 10분 (clamp)
+- **permissions 검증** — 1.9.146 `permissions.shell.allowList` 자동 연동
+  - basic 모드 (`shell.exec=false`) 에선 핵심 도구 (git/npm/node/pnpm/yarn) 만 허용
+  - allowList 외 명령은 즉시 reject + `blocked: 'permissions'` 기록
+- **자동 observability** — 호출마다 `_recordRun` 으로 cmd/args/durationMs/status/cwd 자동 기록
+
+### Changed — 위험 호출 sandbox 치환
+- `verify-code` (line ~7473): `cp.spawnSync(t.cmd, [], { shell: true })` → `runCommandSafe(t.cmd, ...)`
+- `deploy auto` (line ~10580): `cp.spawnSync(meta.deployCommand, [], { shell: true })` → `runCommandSafe(...)`
+- `agents bench` (line ~8866): `cp.spawnSync(cmd, cliArgs, { shell: true })` → `runCommandSafe(...)`
+- 3 곳 모두 env scrub + cwd jail + observability 자동 적용
+
+### Added — REPL slash-commands (1.9.149 위에)
+- `:verify` — `leerness verify-code` 직접 호출 (sandboxed)
+- `:audit` — `leerness audit` (보안 + drift + lazy)
+- `:handoff` — `leerness handoff --quiet --no-drift-check`
+- `:health` — `leerness health --json`
+- 모두 `runCommandSafe` 경유 — 자식 leerness 호출도 sandbox 적용
+- REPL 안에서 agent가 "현재 상태 점검해줘" 같은 메타 명령으로 leerness 기능을 즉시 호출 가능
+
+### Security
+- 시크릿 환경변수 누출 표면 대폭 축소 — `runCommandSafe` 호출 시 화이트리스트 외 env 미전달
+- 사용자 글로벌 룰 준수: API 키/DB 비밀번호 절대 자식 프로세스에 자동 전파 금지
+- `_reports/`, `.harness/agent-sessions/`, `.harness/runs/`, `.harness/credentials.local.json` 비공개 정책 유지
+
+### Verified
+- e2e 220/220 (slash-commands handleMeta 통합 + sandbox wrapper)
+- stress-v95: 19/19 (sandbox 5종 + REPL slash 4종 + 누적 회귀 1.9.146~149)
+- VERSION = 1.9.150 / autonomous-rounds = 80
+
+---
+
+## 1.9.149 — 2026-05-20
+
+**REPL agent (Hermes/OpenClaw/OpenCode 스타일) + observability lite — 사용자 명시 요청 + 3중 LLM 합의 #2.**
+
+### Added — `leerness agent` REPL 모드
+- 인자 없이 `leerness agent` (또는 `--interactive` / `--repl`) → 대화형 REPL 진입
+- 시작 시 **Ollama 모델 자동 감지** (`/api/tags`) → 사용자가 번호로 선택
+- 모델 없으면 `LEERNESS_OLLAMA_MODEL` env 또는 `llama3` fallback
+- 대화 history 유지 (마지막 6턴까지 컨텍스트로 전송)
+- 6턴마다 `.harness/agent-sessions/sess-<ts>.jsonl` 자동 저장
+- 종료 시 (`:quit` / `:exit` / `:q` / Ctrl+D) 최종 저장
+
+### Added — REPL 메타 명령 (Hermes/OpenClaw 패턴)
+- `:help` / `:?` — 도움말
+- `:model <name>` — 모델 변경 (예: `:model qwen2.5-coder`)
+- `:models` — Ollama 사용 가능 모델 목록
+- `:role <r>` — planner/reviewer/actor 즉시 전환 (프롬프트 색상 변경)
+- `:provider <p>` — provider 전환 (ollama/claude/codex/gemini)
+- `:clear` — 화면 클리어
+- `:reset` — history 초기화
+- `:history` — 최근 10턴 표시
+- `:save` — 세션 즉시 저장
+- `:permissions` — 현재 권한 모드 표시
+- `:quit` / `:exit` / `:q` — 종료 (자동 저장)
+
+### Added — observability lite (3중 LLM 합의 #2)
+- `.harness/runs/run-<ts>.jsonl` — 모든 agent 호출 자동 기록
+- 필드: `traceId / kind / provider / model / role / durationMs / ok / error / responseChars`
+- `leerness runs list [--json]` — 최근 50건 (시간 역순)
+- `leerness runs show <id>` — 단일 run 상세
+- agent REPL 매 턴 + 1회 호출 + 세션 전체 모두 자동 기록
+
+### Security
+- `.gitignore` 자동 추가: `.harness/agent-sessions/` (대화 내용 보호), `.harness/runs/` (실행 메타데이터 보호)
+
+### Validation
+- stress-v94: PASS
+- e2e: 219/219 PASS
+
 ## 1.9.148 — 2026-05-20
 
 **사용자 명시 4종 + 3중 LLM 합의 (GPT-5.5 + Codex + Gemini) 우선 라운드 진행.**

package/README.md

@@ -2,7 +2,7 @@
 
 > **AI 코딩 에이전트의 거짓 완료·중복·망각·충돌을 막아주는 검수·기억·협업 CLI 하네스.**
 
-[![npm](https://img.shields.io/badge/npm-leerness-blue)](https://www.npmjs.com/package/leerness) [![version](https://img.shields.io/badge/version-1.9.148-green)]() [![tests](https://img.shields.io/badge/e2e-219%2F219-success)]() [![mcp](https://img.shields.io/badge/MCP--tools-47-blue)]() [![json](https://img.shields.io/badge/--json-20_commands-blueviolet)]() [![rounds](https://img.shields.io/badge/autonomous--rounds-78-blueviolet)]() [![main-push](https://img.shields.io/badge/release--main--push-auto-success)]() [![multi-runtime](https://img.shields.io/badge/verify--code-node%2Fpython%2Fgo%2Frust-success)]() [![agent-roles](https://img.shields.io/badge/agent--roles-planner%2Freviewer%2Factor-success)]() [![license](https://img.shields.io/badge/license-MIT-lightgrey)]()
+[![npm](https://img.shields.io/badge/npm-leerness-blue)](https://www.npmjs.com/package/leerness) [![version](https://img.shields.io/badge/version-1.9.150-green)]() [![tests](https://img.shields.io/badge/e2e-219%2F219-success)]() [![stress](https://img.shields.io/badge/stress--v95-21%2F21-success)]() [![mcp](https://img.shields.io/badge/MCP--tools-47-blue)]() [![json](https://img.shields.io/badge/--json-20_commands-blueviolet)]() [![rounds](https://img.shields.io/badge/autonomous--rounds-80-blueviolet)]() [![main-push](https://img.shields.io/badge/release--main--push-auto-success)]() [![repl-agent](https://img.shields.io/badge/agent--REPL-Hermes%2FOpenClaw_style-success)]() [![sandbox](https://img.shields.io/badge/runCommandSafe-cwd_jail%2Benv_scrub-success)]() [![observability](https://img.shields.io/badge/runs--jsonl-traceId%2Fduration%2Fmodel-success)]() [![license](https://img.shields.io/badge/license-MIT-lightgrey)]()
 
 ```
   ╔══════════════════════════════════════════════════════════════╗
@@ -12,8 +12,8 @@
   ║  ██║     ██╔══╝  ██╔══╝  ██╔══██╗██║╚██╗██║██╔══╝  ╚════██║  ║
   ║  ███████╗███████╗███████╗██║  ██║██║ ╚████║███████╗███████║  ║
   ║  ╚══════╝╚══════╝╚══════╝╚═╝  ╚═╝╚═╝  ╚═══╝╚══════╝╚══════╝  ║
-  ║  v1.9.148  AI Agent Reliability Harness                      ║
-  ║  verify · remember · orchestrate · audit · prevent drift     ║
+  ║  v1.9.150  AI Agent Reliability Harness + Sandbox            ║
+  ║  verify · remember · orchestrate · audit · sandbox · drift   ║
   ╚══════════════════════════════════════════════════════════════╝
 ```
 

package/bin/harness.js

@@ -6,7 +6,7 @@ const path = require('path');
 const cp = require('child_process');
 const readline = require('readline');
 
-const VERSION = '1.9.148';
+const VERSION = '1.9.150';
 const MARK = '<!-- leerness:managed -->';
 const README_START = '<!-- leerness:project-readme:start -->';
 const README_END = '<!-- leerness:project-readme:end -->';
@@ -795,7 +795,9 @@ async function install(root, opts = {}) {
       '.harness/skill-publish.local.json','.harness/**/*.local.json','.env.local',
       '.harness/archive/','.harness/migration-report.md','.harness/cache/',
       // 1.9.147: 자동 유지보수 — 자격증명 + incident 페이로드 비공개 (보안)
-      '.harness/credentials.local.json','.harness/incidents/'
+      '.harness/credentials.local.json','.harness/incidents/',
+      // 1.9.149: agent REPL 세션 + observability runs 비공개 (대화 내용 보호)
+      '.harness/agent-sessions/','.harness/runs/'
     ]);
     // 1.9.146: agentsOptIn 선택에 따라 LEERNESS_ENABLE_* 플래그 자동 설정 (사용자 명시 요청 #3 — Ollama 추가)
     const a = resolved.agentsOptIn || 'none';
@@ -7468,7 +7470,8 @@ function verifyCodeCmd(root) {
   for (const t of tasks) {
     log(`\n## ${t.name}: ${t.cmd}`);
     const start = Date.now();
-    const r = cp.spawnSync(t.cmd, [], { cwd: root, encoding: 'utf8', shell: true, timeout: 5 * 60 * 1000 });
+    // 1.9.150: runCommandSafe — cwd jail + env scrub + observability 자동 (shell:true 유지 — npm/pytest 호환)
+    const r = runCommandSafe(t.cmd, [], { cwd: root, root, timeout: 5 * 60 * 1000, allowShell: true, kind: 'verify_code_task', label: `verify-${t.name}` });
     const dur = Date.now() - start;
     if (r.status === 0) ok(`${t.name} passed (${dur}ms)`);
     else if (t.optional && r.status === 127) warn(`${t.name} 스킵 (${t.cmd} 없음)`);
@@ -8860,7 +8863,8 @@ async function _benchmarkMeasure(root, task) {
     else if (agent.id === 'gemini') { cmd = 'gemini'; cliArgs = ['-p', task]; }
     else continue;
     const t0 = Date.now();
-    const r = cp.spawnSync(cmd, cliArgs, { encoding: 'utf8', timeout: 60000, shell: true });
+    // 1.9.150: runCommandSafe — agent CLI bench sandbox (env scrub + observability)
+    const r = runCommandSafe(cmd, cliArgs, { cwd: process.cwd(), root, timeout: 60000, allowShell: true, kind: 'agent_bench', label: `bench-${agent.id}`, allowOutsideCwd: true });
     const baseTime = Date.now() - t0;
     // leerness 검수 layer time 추정 (verify-claim 형식)
     const t1 = Date.now();
@@ -9973,25 +9977,381 @@ async function _ollamaChat(prompt, model) {
     } catch (e) { resolve({ ok: false, error: e.message, model: mdl }); }
   });
 }
+
+// 1.9.149: Ollama 사용 가능 모델 목록 — /api/tags
+async function _ollamaListModels() {
+  const url = (process.env.LEERNESS_OLLAMA_BASE_URL || 'http://localhost:11434').replace(/\/+$/, '') + '/api/tags';
+  return new Promise((resolve) => {
+    try {
+      const u = new URL(url);
+      const lib = u.protocol === 'https:' ? require('https') : require('http');
+      const req = lib.request({ hostname: u.hostname, port: u.port || 11434, path: u.pathname, method: 'GET', timeout: 4000 }, (res) => {
+        let data = ''; res.on('data', c => data += c);
+        res.on('end', () => {
+          try { const j = JSON.parse(data); resolve({ ok: true, models: (j.models || []).map(m => m.name || m) }); }
+          catch { resolve({ ok: false, models: [] }); }
+        });
+      });
+      req.on('error', () => resolve({ ok: false, models: [] }));
+      req.on('timeout', () => { req.destroy(); resolve({ ok: false, models: [] }); });
+      req.end();
+    } catch { resolve({ ok: false, models: [] }); }
+  });
+}
+
+// 1.9.149: observability lite — 모든 agent 호출의 traceId + duration + exit + failureCause 기록
+function _runsDir(root) { return path.join(absRoot(root), '.harness', 'runs'); }
+function _recordRun(root, entry) {
+  try {
+    const dir = _runsDir(root); mkdirp(dir);
+    const ts = new Date().toISOString().replace(/[:.]/g, '-');
+    const id = `run-${ts}`;
+    const fp = path.join(dir, `${id}.jsonl`);
+    const line = JSON.stringify({ id, at: new Date().toISOString(), ...entry }) + '\n';
+    fs.appendFileSync(fp, line);
+    return id;
+  } catch { return null; }
+}
+
+// 1.9.150: Sandboxing — runCommandSafe wrapper (Codex 권고: 3중 LLM 합의 #3)
+// cwd jail (root 밖 거부) + shell:false 기본 + timeout + env scrub + permissions allowList 검증 + _recordRun 자동
+const _ENV_SAFE_KEYS = new Set([
+  'PATH', 'HOME', 'USERPROFILE', 'TEMP', 'TMP', 'TMPDIR', 'NODE_PATH', 'NODE_ENV',
+  'LANG', 'LC_ALL', 'LC_CTYPE', 'SHELL', 'COMSPEC', 'SYSTEMROOT', 'WINDIR', 'OS',
+  'PROCESSOR_ARCHITECTURE', 'PROCESSOR_IDENTIFIER', 'NUMBER_OF_PROCESSORS',
+  'PROGRAMFILES', 'PROGRAMFILES(X86)', 'APPDATA', 'LOCALAPPDATA',
+  'GITHUB_TOKEN', 'NPM_TOKEN', 'CI', 'GH_TOKEN'
+]);
+function _scrubEnv(extraEnv) {
+  const out = {};
+  for (const k of Object.keys(process.env || {})) {
+    if (_ENV_SAFE_KEYS.has(k) || k.startsWith('LEERNESS_') || k.startsWith('NPM_CONFIG_')) {
+      out[k] = process.env[k];
+    }
+  }
+  if (extraEnv && typeof extraEnv === 'object') {
+    for (const k of Object.keys(extraEnv)) {
+      // Allow caller overrides — explicit opt-in
+      if (extraEnv[k] !== undefined) out[k] = String(extraEnv[k]);
+    }
+  }
+  return out;
+}
+function _isCwdSafe(root, cwd) {
+  try {
+    if (!cwd) return true;
+    const r = path.resolve(absRoot(root));
+    const c = path.resolve(cwd);
+    if (c === r) return true;
+    const rel = path.relative(r, c);
+    return !rel.startsWith('..') && !path.isAbsolute(rel);
+  } catch { return false; }
+}
+function runCommandSafe(cmd, args, opts) {
+  // opts: { cwd, root, timeout, env, stdio, kind, label, allowShell, encoding, input, allowOutsideCwd }
+  opts = opts || {};
+  const root = opts.root || opts.cwd || process.cwd();
+  const cwd = opts.cwd || root;
+  const cmdStr = String(cmd || '').trim();
+  const argList = Array.isArray(args) ? args.slice() : [];
+  const t0 = Date.now();
+  const label = opts.label || opts.kind || 'shell_exec';
+  // 1) cwd jail
+  if (!opts.allowOutsideCwd && !_isCwdSafe(root, cwd)) {
+    const r = { status: 126, stdout: '', stderr: `runCommandSafe: cwd outside root rejected (${cwd})`, error: 'cwd_jail', blocked: true };
+    try { _recordRun(root, { kind: label, cmd: cmdStr, args: argList, durationMs: Date.now() - t0, ok: false, blocked: 'cwd_jail' }); } catch {}
+    return r;
+  }
+  // 2) permissions allowList (1.9.146)
+  try {
+    const perms = _readPermissions(root);
+    const exec = perms.shell?.exec !== false;  // basic 에선 false
+    const allow = perms.shell?.allowList || [];
+    if (!exec && !opts.allowOutsideCwd) {
+      // basic 모드 — git/npm/node 같은 핵심 도구는 허용 (release/install 흐름 유지)
+      const coreAllow = ['git', 'npm', 'npx', 'node', 'pnpm', 'yarn'];
+      const first = cmdStr.split(/\s+/)[0];
+      if (!coreAllow.includes(first) && !allow.includes('*') && !allow.includes(first)) {
+        const r = { status: 126, stdout: '', stderr: `runCommandSafe: shell.exec=false (mode=${perms.mode}). allowList: ${allow.join(',') || '(없음)'} / core: ${coreAllow.join(',')}`, error: 'permissions', blocked: true };
+        try { _recordRun(root, { kind: label, cmd: cmdStr, args: argList, durationMs: Date.now() - t0, ok: false, blocked: 'permissions', mode: perms.mode }); } catch {}
+        return r;
+      }
+    }
+  } catch {}
+  // 3) spawn — shell:false 기본 (shell injection 차단). allowShell=true 시만 shell:true (deploy/build 호환)
+  const useShell = !!opts.allowShell;
+  const timeout = Math.min(opts.timeout || 5 * 60 * 1000, 10 * 60 * 1000);
+  const spawnOpts = {
+    cwd,
+    encoding: opts.encoding || 'utf8',
+    timeout,
+    shell: useShell,
+    env: _scrubEnv(opts.env),
+    input: opts.input,
+    stdio: opts.stdio || 'pipe'
+  };
+  let r;
+  try {
+    if (useShell) {
+      // shell:true 모드 — 인자가 cmd 안에 포함된 단일 문자열인 경우 처리
+      r = cp.spawnSync(cmdStr + (argList.length ? ' ' + argList.join(' ') : ''), [], spawnOpts);
+    } else {
+      // 단일 명령어로 들어온 경우 자동 분리
+      let bin = cmdStr, finalArgs = argList;
+      if (!argList.length && /\s/.test(cmdStr)) {
+        const parts = cmdStr.split(/\s+/);
+        bin = parts[0]; finalArgs = parts.slice(1);
+      }
+      r = cp.spawnSync(bin, finalArgs, spawnOpts);
+    }
+  } catch (e) {
+    r = { status: 1, stdout: '', stderr: e.message, error: 'spawn_exception' };
+  }
+  const dt = Date.now() - t0;
+  try {
+    _recordRun(root, {
+      kind: label, cmd: cmdStr, args: argList,
+      durationMs: dt, status: r.status, ok: r.status === 0,
+      shell: useShell, cwd: path.relative(absRoot(root), cwd) || '.'
+    });
+  } catch {}
+  return r;
+}
+function runsListCmd(root) {
+  root = absRoot(root || process.cwd());
+  const dir = _runsDir(root);
+  if (!exists(dir)) { log('(runs 없음 — leerness agent 호출 시 자동 기록됨)'); return; }
+  const files = fs.readdirSync(dir).filter(f => f.endsWith('.jsonl')).sort().reverse();
+  if (has('--json')) {
+    const items = files.slice(0, 50).map(f => {
+      try { const c = read(path.join(dir, f)).trim().split('\n').map(l => JSON.parse(l)); return { file: f, entries: c }; }
+      catch { return null; }
+    }).filter(Boolean);
+    log(JSON.stringify({ total: files.length, items }, null, 2));
+    return;
+  }
+  log(`# leerness runs list (1.9.149)`);
+  log(`총 ${files.length}건${files.length > 20 ? ' (최근 20)' : ''}`);
+  for (const f of files.slice(0, 20)) {
+    try {
+      const lines = read(path.join(dir, f)).trim().split('\n');
+      const first = JSON.parse(lines[0]);
+      const dur = first.durationMs ? ` ${first.durationMs}ms` : '';
+      const ok = first.ok === false ? ' ⚠fail' : '';
+      log(`  ${first.id}  ·  ${first.kind || '?'}${dur}${ok}  ·  ${first.model || first.provider || ''}`);
+    } catch {}
+  }
+}
+function runsShowCmd(root, id) {
+  root = absRoot(root || process.cwd());
+  const fp = path.join(_runsDir(root), `${id}.jsonl`);
+  if (!exists(fp)) return fail(`run 없음: ${id}`);
+  log(read(fp));
+}
 // 1.9.148: planner/reviewer/actor 역할 시스템 프롬프트 (Gemini 권고 — 자기-승인 편향 방지)
 const _AGENT_ROLE_PROMPTS = {
   planner: '역할: planner. task를 step 3-6개로 분해, 각 step의 입출력/검증 방법 명시. 코드 작성 금지, 계획만.',
   reviewer: '역할: reviewer. planner 의 계획 또는 actor 의 결과를 비판적으로 검토. 누락된 검증, 잠재 cascade, 오류 가능성 지적. 동의/수정 결론 명시.',
   actor: '역할: actor. 계획에 따라 정확한 명령/코드만 실행. evidence(파일 경로 + 테스트 결과) 함께 기록. 새 계획 생성 금지.'
 };
+// 1.9.149: REPL 모드 — Hermes/OpenClaw/OpenCode 스타일 자율형 CLI 에이전트
+async function _agentRepl(root, opts) {
+  const readline = require('readline');
+  const rl = readline.createInterface({ input: process.stdin, output: process.stdout });
+  const isTty = process.stdout.isTTY;
+  const C = isTty ? {
+    cy: s => `\x1b[36m${s}\x1b[0m`, dim: s => `\x1b[2m${s}\x1b[0m`,
+    bold: s => `\x1b[1m${s}\x1b[0m`, green: s => `\x1b[32m${s}\x1b[0m`,
+    yel: s => `\x1b[33m${s}\x1b[0m`, mag: s => `\x1b[35m${s}\x1b[0m`
+  } : { cy:s=>s, dim:s=>s, bold:s=>s, green:s=>s, yel:s=>s, mag:s=>s };
+  // 세션 state
+  let state = {
+    provider: opts.provider || 'ollama',
+    model: opts.model || process.env.LEERNESS_OLLAMA_MODEL || null,
+    role: opts.role || 'actor',
+    history: [],   // [{role: 'user'|'assistant', content: ''}]
+    startedAt: new Date().toISOString(),
+    sessionId: 'sess-' + new Date().toISOString().replace(/[:.]/g, '-')
+  };
+  const sessionPath = () => path.join(absRoot(root), '.harness', 'agent-sessions', `${state.sessionId}.jsonl`);
+  const saveSession = () => {
+    try {
+      mkdirp(path.dirname(sessionPath()));
+      const lines = state.history.map(m => JSON.stringify({ at: new Date().toISOString(), ...m })).join('\n');
+      writeUtf8(sessionPath(), lines + '\n');
+    } catch {}
+  };
+  // 환영 메시지 + 모델 선택
+  log('');
+  log(C.bold(C.cy('  ╔════════════════════════════════════════════════════╗')));
+  log(C.bold(C.cy('  ║  leerness agent — REPL mode (1.9.150)              ║')));
+  log(C.bold(C.cy('  ║  Hermes / OpenClaw / OpenCode 스타일 + Sandbox     ║')));
+  log(C.bold(C.cy('  ╚════════════════════════════════════════════════════╝')));
+  log('');
+  // Ollama 모델 자동 감지 — model이 명시되지 않았으면 사용자에게 선택지 제공
+  if (state.provider === 'ollama' && !state.model) {
+    log(C.dim('  Ollama 모델 목록 조회 중...'));
+    const r = await _ollamaListModels();
+    if (r.ok && r.models.length) {
+      log(C.green(`  사용 가능 모델 ${r.models.length}개:`));
+      r.models.slice(0, 8).forEach((m, i) => log(`    ${i + 1}) ${m}`));
+      const choice = await new Promise(res => rl.question(C.cy('\n  모델 번호 선택 (Enter=1): '), res));
+      const idx = parseInt(choice, 10) - 1;
+      state.model = (idx >= 0 && idx < r.models.length) ? r.models[idx] : r.models[0];
+      log(C.green(`  ✓ 모델 선택: ${state.model}`));
+    } else {
+      log(C.yel(`  ⚠ Ollama 미가동 또는 모델 없음 — ollama serve + ollama pull <model>`));
+      state.model = process.env.LEERNESS_OLLAMA_MODEL || 'llama3';
+      log(C.dim(`     fallback: ${state.model}`));
+    }
+  }
+  log('');
+  log(C.dim('  메타 명령: :help | :model <m> | :role <r> | :provider <p> | :clear | :save | :history | :quit'));
+  log(C.dim('  Slash 명령 (1.9.150): :verify | :audit | :handoff | :health'));
+  log(C.dim(`  현재 — provider=${state.provider}  model=${state.model || '(없음)'}  role=${state.role}  permissions=${_readPermissions(root).mode}`));
+  log('');
+  const prompt = () => isTty ? C.cy(`agent[${state.role}]> `) : 'agent> ';
+  rl.setPrompt(prompt());
+  rl.prompt();
+  const handleMeta = async (cmd) => {
+    const [op, ...rest] = cmd.slice(1).split(/\s+/);
+    if (op === 'quit' || op === 'exit' || op === 'q') {
+      saveSession();
+      log(C.dim(`  세션 저장: ${rel(root, sessionPath())}`));
+      rl.close(); return true;
+    }
+    if (op === 'help' || op === '?') {
+      log(C.bold('\n  메타 명령:'));
+      log('    :help / :?            — 이 도움말');
+      log('    :model <name>         — 모델 변경 (예: :model qwen2.5-coder)');
+      log('    :models               — Ollama 사용 가능 모델 목록');
+      log('    :role <r>             — 역할 변경 (planner / reviewer / actor)');
+      log('    :provider <p>         — provider 변경 (ollama / claude / codex / gemini)');
+      log('    :clear                — 화면 클리어 + history 유지');
+      log('    :reset                — history 초기화');
+      log('    :history              — 대화 history 표시');
+      log('    :save                 — 세션 즉시 저장');
+      log('    :permissions          — 현재 권한 모드 표시');
+      log('    :quit / :exit / :q    — 종료 (자동 저장)');
+      log(C.bold('\n  Slash 명령 (1.9.150) — leerness 내부 명령 직접 호출:'));
+      log('    :verify               — leerness verify-code (테스트/타입/린트 자동 검수)');
+      log('    :audit                — leerness audit (보안 + drift + lazy)');
+      log('    :handoff              — leerness handoff --quiet (현재 컨텍스트 요약)');
+      log('    :health               — leerness health --json (종합 헬스 체크)');
+      return false;
+    }
+    if (op === 'model') { state.model = rest.join(' ') || state.model; log(C.green(`  model = ${state.model}`)); return false; }
+    if (op === 'models') {
+      const r = await _ollamaListModels();
+      if (r.ok && r.models.length) { log(C.green(`  ${r.models.length}개:`)); r.models.forEach(m => log('    • ' + m)); }
+      else log(C.yel('  ⚠ Ollama 미가동'));
+      return false;
+    }
+    if (op === 'role') {
+      const r = rest[0] || 'actor';
+      if (!['planner', 'reviewer', 'actor'].includes(r)) { log(C.yel(`  ⚠ role 은 planner/reviewer/actor`)); return false; }
+      state.role = r; rl.setPrompt(prompt()); log(C.green(`  role = ${r}`)); return false;
+    }
+    if (op === 'provider') { state.provider = rest[0] || state.provider; log(C.green(`  provider = ${state.provider}`)); return false; }
+    if (op === 'clear') { process.stdout.write('\x1b[2J\x1b[H'); return false; }
+    if (op === 'reset') { state.history = []; log(C.dim('  history 초기화됨')); return false; }
+    if (op === 'history') {
+      log(C.bold(`\n  대화 history ${state.history.length}건:`));
+      state.history.slice(-10).forEach((m, i) => log(`    [${m.role}] ${m.content.slice(0, 80)}${m.content.length > 80 ? '…' : ''}`));
+      return false;
+    }
+    if (op === 'save') { saveSession(); log(C.dim(`  → ${rel(root, sessionPath())}`)); return false; }
+    if (op === 'permissions') { permissionsListCmd(root); return false; }
+    // 1.9.150: leerness 내부 명령 slash-commands — :verify / :audit / :handoff / :health
+    if (op === 'verify' || op === 'audit' || op === 'handoff' || op === 'health') {
+      const subArgs = {
+        verify: ['verify-code', root],
+        audit: ['audit', root],
+        handoff: ['handoff', root, '--quiet', '--no-drift-check'],
+        health: ['health', root, '--json']
+      }[op];
+      log(C.dim(`  → leerness ${subArgs.join(' ')}`));
+      const t0 = Date.now();
+      const r = runCommandSafe(process.execPath, [__filename, ...subArgs], {
+        cwd: root, root, timeout: 60000, kind: 'agent_repl_slash', label: `repl-${op}`,
+        env: { LEERNESS_NO_BANNER: '1', LEERNESS_NO_PROMPT: '1', LEERNESS_NO_DRIFT_CHECK: '1' }
+      });
+      const dt = Date.now() - t0;
+      if (r.stdout) log(r.stdout.trim().split('\n').slice(0, 30).join('\n'));
+      if (r.status === 0) log(C.green(`  ✓ :${op} 완료 (${dt}ms)`));
+      else log(C.yel(`  ⚠ :${op} 실패 (exit ${r.status}, ${dt}ms)`));
+      return false;
+    }
+    log(C.yel(`  알 수 없는 명령: :${op}  (:help 참고)`));
+    return false;
+  };
+  return new Promise(resolve => {
+    rl.on('line', async (line) => {
+      const input = line.trim();
+      if (!input) { rl.prompt(); return; }
+      if (input.startsWith(':')) {
+        const shouldQuit = await handleMeta(input);
+        if (shouldQuit) { resolve(); return; }
+        rl.prompt(); return;
+      }
+      // LLM 호출
+      state.history.push({ role: 'user', content: input });
+      const rolePrompt = _AGENT_ROLE_PROMPTS[state.role] || _AGENT_ROLE_PROMPTS.actor;
+      const finalPrompt = `${rolePrompt}\n\nConversation so far:\n${state.history.slice(-6).map(m => `[${m.role}] ${m.content}`).join('\n')}\n\nRespond as ${state.role}:`;
+      const t0 = Date.now();
+      let result;
+      if (state.provider === 'ollama') {
+        log(C.dim(`  → ollama (${state.model}) 호출 중...`));
+        result = await _ollamaChat(finalPrompt, state.model);
+      } else {
+        log(C.yel(`  ⚠ ${state.provider} REPL 미지원 — leerness agents dispatch 사용 권장`));
+        rl.prompt(); return;
+      }
+      const dt = Date.now() - t0;
+      _recordRun(root, { kind: 'agent_repl_turn', provider: state.provider, model: state.model, role: state.role, durationMs: dt, ok: result.ok, error: result.error, promptChars: finalPrompt.length, responseChars: (result.response || '').length });
+      if (result.ok) {
+        state.history.push({ role: 'assistant', content: result.response });
+        log('');
+        log(C.bold(`assistant (${state.model}, role=${state.role}, ${dt}ms)`));
+        log(result.response);
+        log('');
+        if (state.history.length % 6 === 0) saveSession();  // 6턴마다 자동 저장
+      } else {
+        log(C.yel(`  ⚠ 실패: ${result.error || 'unknown'}`));
+      }
+      rl.prompt();
+    });
+    rl.on('close', () => { saveSession(); resolve(); });
+  });
+}
+
 async function agentCmd(root, taskArg) {
   root = absRoot(root || process.cwd());
   const task = (taskArg || arg('--task', '') || '').trim();
-  if (!task) {
-    log('# leerness agent (1.9.146/148) — 오픈소스 CLI 에이전트 모드');
+  // 1.9.149: REPL 진입 — 인자 없거나 --interactive 명시 (Hermes/OpenClaw 스타일)
+  if (!task || has('--interactive') || has('--repl')) {
+    if (process.stdin.isTTY && !has('--no-repl') && process.env.LEERNESS_NO_PROMPT !== '1') {
+      const t0 = Date.now();
+      await _agentRepl(root, {
+        provider: arg('--provider', null),
+        model: arg('--model', null),
+        role: arg('--role', 'actor')
+      });
+      _recordRun(root, { kind: 'agent_repl_session', durationMs: Date.now() - t0, ok: true });
+      return;
+    }
+    // non-TTY: 사용법만 출력
+    log('# leerness agent (1.9.146/148/149/150) — Hermes/OpenClaw 스타일 CLI 에이전트 + Sandbox');
     log('');
     log('사용법:');
-    log('  leerness agent "<task>"                    # 1회 위임 (actor 역할 기본)');
-    log('  leerness agent "<task>" --role planner     # 계획만, 코드 작성 없음 (1.9.148)');
-    log('  leerness agent "<task>" --role reviewer    # 비판적 검토 (1.9.148)');
-    log('  leerness agent "<task>" --role actor       # 계획대로 실행');
-    log('  leerness agent "<task>" --provider ollama  # provider 선택');
-    log('  leerness agent "<task>" --dry-run          # LLM 호출 없이 흐름만');
+    log('  leerness agent                              # 1.9.149 REPL 모드 (모델 선택 + 채팅)');
+    log('  leerness agent "<task>"                     # 1회 위임 (actor 역할 기본)');
+    log('  leerness agent "<task>" --role planner      # 계획만 (1.9.148)');
+    log('  leerness agent "<task>" --role reviewer     # 비판적 검토 (1.9.148)');
+    log('  leerness agent --interactive --model qwen2.5-coder  # 명시적 REPL + model 선택');
+    log('');
+    log('REPL 메타 명령: :help / :model / :role / :provider / :history / :save / :quit');
+    log('REPL Slash 명령 (1.9.150): :verify / :audit / :handoff / :health  (sandboxed runCommandSafe)');
     log('');
     log('현재 활성 provider: ' + (_activeCliAgents().join(', ') || '(없음) — .env에서 LEERNESS_ENABLE_* 활성화'));
     log('권한 모드: ' + (_readPermissions(root).mode || 'basic'));
@@ -10024,10 +10384,13 @@ async function agentCmd(root, taskArg) {
     log('\n[ollama 호출 중...]');
     // 1.9.148: role prompt 자동 prepend
     const finalPrompt = `${rolePrompt}\n\nTask: ${task}`;
+    const t0 = Date.now();
     const r = await _ollamaChat(finalPrompt);
+    const dt = Date.now() - t0;
+    // 1.9.149: observability 기록
+    _recordRun(root, { kind: 'agent_one_shot', provider: 'ollama', model: r.model, role, durationMs: dt, ok: r.ok, error: r.error, task: task.slice(0, 200), responseChars: (r.response || '').length });
     if (r.ok) {
-      log('\n[response (model=' + r.model + ', role=' + role + ')]\n' + r.response);
-      // task-log 자동 기록
+      log('\n[response (model=' + r.model + ', role=' + role + ', ' + dt + 'ms)]\n' + r.response);
       try {
         const tlp = taskLogPath(root);
         const block = `\n## ${today()} leerness agent (ollama:${r.model}, role=${role})\n- task: ${task.slice(0, 200)}\n- response (preview): ${r.response.slice(0, 240).replace(/\n+/g, ' ')}\n`;
@@ -10346,7 +10709,8 @@ async function deployAutoCmd(root, service) {
   log(`service: ${service}  ·  command: ${meta.deployCommand}`);
   if (has('--dry-run')) { log('(dry-run) 실제 실행 스킵'); return; }
   const t0 = Date.now();
-  const r = cp.spawnSync(meta.deployCommand, [], { cwd: root, encoding: 'utf8', shell: true, timeout: 10 * 60 * 1000, stdio: 'inherit' });
+  // 1.9.150: runCommandSafe — deploy 명령 sandbox (env scrub + permissions 검증 + observability)
+  const r = runCommandSafe(meta.deployCommand, [], { cwd: root, root, timeout: 10 * 60 * 1000, allowShell: true, stdio: 'inherit', kind: 'deploy_auto', label: `deploy-${service}` });
   const dt = Date.now() - t0;
   if (r.status === 0) {
     ok(`deploy 성공: ${service} (${dt}ms)`);
@@ -10876,6 +11240,9 @@ async function main() {
   if (cmd === 'creds' && args[1] === 'check')     return credsCheckCmd(arg('--path', process.cwd()), args[2]);
   if (cmd === 'creds' && args[1] === 'refresh')   return credsRefreshTimestampCmd(arg('--path', process.cwd()), args[2]);
   if (cmd === 'deploy' && args[1] === 'auto')     return deployAutoCmd(arg('--path', process.cwd()), args[2]);
+  // 1.9.149: observability lite + runs list/show
+  if (cmd === 'runs' && args[1] === 'list')       return runsListCmd(arg('--path', process.cwd()));
+  if (cmd === 'runs' && args[1] === 'show')       return runsShowCmd(arg('--path', process.cwd()), args[2]);
   // 1.9.85: leerness health — 종합 헬스 체크
   if (cmd === 'health') return healthCmd(args[1] || arg('--path', process.cwd()));
   if (cmd === 'whats-new') return whatsNewCmd(args[1] || arg('--path', process.cwd()));

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "leerness",
-  "version": "1.9.148",
+  "version": "1.9.150",
   "description": "Leerness: 비파괴 마이그레이션, 자동 버전 감지·업데이트, 계획/진행/핸드오프 자동화, 게으름·시크릿·인코딩 자동 가드, Claude Code 슬래시 통합을 갖춘 한국어 우선 AI 개발 하네스.",
   "keywords": [
     "leerness",