martin-loop 0.1.4 → 1.3.0

package/demo/seeded-workspace/test/invoice-summary.test.js

@@ -0,0 +1,20 @@
+import test from "node:test";
+import assert from "node:assert/strict";
+
+import { summarizeInvoice } from "../src/invoice-summary.js";
+
+test("summarizeInvoice returns subtotal, tax, and total", () => {
+  const result = summarizeInvoice(
+    [
+      { quantity: 2, unitPrice: 19.99 },
+      { quantity: 1, unitPrice: 5.5 }
+    ],
+    0.13
+  );
+
+  assert.deepEqual(result, {
+    subtotal: 45.48,
+    tax: 5.91,
+    total: 51.39
+  });
+});

package/dist/vendor/adapters/claude-cli.d.ts

@@ -15,15 +15,18 @@ import type { MartinAdapter } from "../core/index.js";
 import { type SpawnLike } from "./cli-bridge.js";
 /**
  * Given a prompt string, returns the full argv array to pass to spawn().
- * Example for Claude:  (p) => ["--print", p, "--dangerously-skip-permissions"]
- * Example for Codex:   (p) => ["--full-auto", p]
+ * Example for Claude:  () => ["--output-format", "json", "--print"]
+ * Example for Codex:   () => ["exec", "--sandbox", "workspace-write", "-"]
  */
 export type CliArgsBuilder = (prompt: string) => string[];
+export type CliStdinBuilder = (prompt: string) => string | undefined;
 export interface AgentCliAdapterOptions {
     /** The executable to spawn (e.g. "claude", "codex"). */
     command: string;
     /** Converts a prompt string into the argv array passed to spawn(). */
     argsBuilder: CliArgsBuilder;
+    /** Optional stdin payload for CLIs that accept prompt input via stdin or `-`. */
+    stdinBuilder?: CliStdinBuilder;
     /** Adapter ID suffix. Defaults to command. */
     adapterIdSuffix?: string;
     /** Working directory for all subprocesses. Defaults to process.cwd(). */
@@ -63,8 +66,16 @@ export interface CodexCliAdapterOptions {
     label?: string;
     /** Override the model passed via --model flag. */
     model?: string;
-    /** Run in full-auto mode (--full-auto). Defaults to true. */
+    /**
+     * Deprecated no-op retained for compatibility.
+     *
+     * Codex CLI's supported non-interactive entrypoint is `codex exec`.
+     * MartinLoop now uses explicit sandboxing instead of the legacy
+     * `--full-auto` compatibility path, which can exit before verifier execution.
+     */
     fullAuto?: boolean;
+    /** Codex sandbox mode for model-generated commands. Defaults to workspace-write. */
+    sandbox?: "read-only" | "workspace-write" | "danger-full-access";
     /** Extra args appended after core args (before prompt). */
     extraArgs?: string[];
     spawnImpl?: SpawnLike;
@@ -81,7 +92,11 @@ export declare function createAgentCliAdapter(options: AgentCliAdapterOptions):
  */
 export declare function createClaudeCliAdapter(options?: ClaudeCliAdapterOptions): MartinAdapter;
 /**
- * Spawns `codex [--full-auto] [--model <model>] "<prompt>" [extraArgs]`.
+ * Spawns `codex exec --cd <workspace> --sandbox <mode> [--model <model>] [extraArgs] -`.
+ *
+ * The prompt is delivered via stdin so Windows shell quoting cannot truncate or
+ * reinterpret long MartinLoop prompts that contain paths, deny rules, or budget
+ * context.
  *
  * Requires the Codex CLI to be installed and authenticated:
  *   npm install -g @openai/codex

package/dist/vendor/adapters/claude-cli.js

@@ -129,15 +129,12 @@ export function createAgentCliAdapter(options) {
                 }
             }
             const args = options.argsBuilder(prompt);
-            // stdinPrompt: if argsBuilder signals stdin delivery by returning args ending with "--stdin-prompt",
-            // remove that sentinel and pass the prompt via stdin instead (avoids Windows shell-escaping issues).
-            const useStdin = args.at(-1) === "--stdin-prompt";
-            const spawnArgs = useStdin ? args.slice(0, -1) : args;
-            const agentResult = await runSubprocess(options.command, spawnArgs, {
+            const stdinData = options.stdinBuilder?.(prompt);
+            const agentResult = await runSubprocess(options.command, args, {
                 cwd: workingDirectory,
                 timeoutMs,
                 spawnImpl: options.spawnImpl,
-                ...(useStdin ? { stdinData: prompt } : {})
+                ...(stdinData === undefined ? {} : { stdinData })
             });
             if (agentResult.timedOut) {
                 return {
@@ -157,18 +154,19 @@ export function createAgentCliAdapter(options) {
                 };
             }
             if (agentResult.exitCode !== 0 && agentResult.stdout.trim().length === 0) {
+                const failureMessage = formatPreVerifierSubprocessFailure(options.command, agentResult.stderr, agentResult.exitCode);
                 return {
                     status: "failed",
-                    summary: `${options.command} subprocess exited with an error.`,
+                    summary: `${options.command} subprocess exited before verifier execution.`,
                     usage: normalizeUsage({
                         actualUsd: 0,
                         tokensIn: 0,
                         tokensOut: 0,
                         provenance: "unavailable"
                     }),
-                    verification: { passed: false, summary: "Subprocess error." },
+                    verification: { passed: false, summary: `Verifier not run: ${failureMessage}` },
                     failure: {
-                        message: `${agentResult.stderr.trim() || `Exit code ${String(agentResult.exitCode)}`}. environment_mismatch`
+                        message: failureMessage
                     }
                 };
             }
@@ -355,40 +353,52 @@ export function createClaudeCliAdapter(options = {}) {
             "--print",
             "--dangerously-skip-permissions",
             ...modelArgs,
-            ...extraArgs,
-            "--stdin-prompt" // sentinel: tells execute() to deliver prompt via stdin
-        ]
+            ...extraArgs
+        ],
+        stdinBuilder: (prompt) => prompt
     });
 }
 // ---------------------------------------------------------------------------
 // Pre-configured: OpenAI Codex CLI
 // ---------------------------------------------------------------------------
 /**
- * Spawns `codex [--full-auto] [--model <model>] "<prompt>" [extraArgs]`.
+ * Spawns `codex exec --cd <workspace> --sandbox <mode> [--model <model>] [extraArgs] -`.
+ *
+ * The prompt is delivered via stdin so Windows shell quoting cannot truncate or
+ * reinterpret long MartinLoop prompts that contain paths, deny rules, or budget
+ * context.
  *
  * Requires the Codex CLI to be installed and authenticated:
  *   npm install -g @openai/codex
  */
 export function createCodexCliAdapter(options = {}) {
-    const fullAuto = options.fullAuto !== false;
     const modelArgs = options.model ? ["--model", options.model] : [];
     const extraArgs = options.extraArgs ?? [];
+    const sandbox = options.sandbox ?? "workspace-write";
+    const workingDirectory = options.workingDirectory ?? process.cwd();
     return createAgentCliAdapter({
         command: "codex",
         adapterIdSuffix: "codex",
         model: options.model ?? "codex",
         label: options.label ?? "Codex CLI adapter",
-        workingDirectory: options.workingDirectory,
+        workingDirectory,
         timeoutMs: options.timeoutMs,
         verifyTimeoutMs: options.verifyTimeoutMs,
         supportsJsonOutput: false,
         spawnImpl: options.spawnImpl,
-        argsBuilder: (prompt) => [
-            ...(fullAuto ? ["--full-auto"] : []),
+        argsBuilder: () => [
+            "exec",
+            "--cd",
+            workingDirectory,
+            "--sandbox",
+            sandbox,
+            "--color",
+            "never",
             ...modelArgs,
-            prompt,
-            ...extraArgs
-        ]
+            ...extraArgs,
+            "-"
+        ],
+        stdinBuilder: (prompt) => prompt
     });
 }
 // ---------------------------------------------------------------------------
@@ -402,14 +412,23 @@ export function createCodexCliAdapter(options = {}) {
 // ---------------------------------------------------------------------------
 function buildPrompt(request) {
     const lines = [];
+    const mutationMode = request.context.mutationMode ?? "edit";
     lines.push("You are running in autonomous agentic mode.");
-    lines.push("MAKE ALL REQUIRED FILE EDITS NOW. Do not ask for confirmation. Do not ask clarifying questions.");
-    lines.push("Do not explain what you found without also making the changes. Edit the files and complete the task.");
+    if (mutationMode === "verify_only") {
+        lines.push("DO NOT EDIT FILES. Run the verifier only and report whether it passes.");
+        lines.push("Do not ask for confirmation. Do not ask clarifying questions.");
+    }
+    else {
+        lines.push("MAKE ALL REQUIRED FILE EDITS NOW. Do not ask for confirmation. Do not ask clarifying questions.");
+        lines.push("Do not explain what you found without also making the changes. Edit the files and complete the task.");
+    }
     lines.push("");
     lines.push("If PROGRESS.md exists in your working directory, read it first for context from prior attempts.");
     lines.push("If it does not exist, proceed with the objective below.");
     lines.push("");
-    lines.push("Complete the following coding task. Make all necessary file changes.");
+    lines.push(mutationMode === "verify_only"
+        ? "Complete the following verification-only task without making file changes."
+        : "Complete the following coding task. Make all necessary file changes.");
     lines.push("When you are done, the verification commands listed below must pass.");
     lines.push("");
     lines.push("OBJECTIVE:");
@@ -447,7 +466,9 @@ function buildPrompt(request) {
     lines.push(`  Attempt ${String(attemptNumber)}`);
     lines.push(`  Remaining budget: $${String(request.context.remainingBudgetUsd)} USD`);
     lines.push(`  Remaining iterations: ${String(request.context.remainingIterations)}`);
-    lines.push("  Do not expand scope beyond what is needed to pass verification.");
+    lines.push(mutationMode === "verify_only"
+        ? "  Do not modify files; only run verification."
+        : "  Do not expand scope beyond what is needed to pass verification.");
     lines.push("");
     if (request.previousAttempts.length > 0) {
         lines.push("PRIOR FAILED ATTEMPTS (learn from these — do not repeat the same mistakes):");
@@ -494,6 +515,16 @@ function truncate(text, maxLength) {
     }
     return `...${text.slice(-(maxLength - 3))}`;
 }
+function formatPreVerifierSubprocessFailure(command, stderr, exitCode) {
+    const detail = stderr.trim() || `Exit code ${String(exitCode)}`;
+    const lowerDetail = detail.toLowerCase();
+    const codexLaunchBlocked = command === "codex" &&
+        /\b(full-auto|sandbox|approval|permission|trusted|safety|unexpected argument)\b/u.test(lowerDetail);
+    if (codexLaunchBlocked) {
+        return `Codex CLI failed before patch completion, likely due to its launch/sandbox configuration. MartinLoop invokes Codex through "codex exec --sandbox workspace-write"; verify Codex CLI auth and configuration if this persists. ${detail}. environment_mismatch`;
+    }
+    return `${detail}. environment_mismatch`;
+}
 const INJECTION_PATTERNS = [
     /\[INST\]/gi,
     /<\/?system>/gi,

package/dist/vendor/adapters/cli-bridge.d.ts

@@ -26,3 +26,4 @@ export declare function readGitExecutionArtifacts(repoRoot: string, timeoutMs: n
     changedFiles?: string[];
     diffStats?: ReturnType<typeof diffStatsFromNumstat>;
 }>;
+export declare function splitCommand(command: string): string[];

package/dist/vendor/adapters/cli-bridge.js

@@ -1,28 +1,33 @@
 import { spawn } from "node:child_process";
-import { isAbsolute } from "node:path";
+import { delimiter, extname, isAbsolute, join, resolve } from "node:path";
+import { existsSync } from "node:fs";
 import { diffStatsFromNumstat } from "./runtime-support.js";
 export async function runSubprocess(command, args, options) {
     return new Promise((resolve) => {
         let timedOut = false;
+        let settled = false;
         const stdoutChunks = [];
         const stderrChunks = [];
         const stdinMode = options.stdinData !== undefined ? "pipe" : "ignore";
+        const resolveOnce = (result) => {
+            if (settled) {
+                return;
+            }
+            settled = true;
+            resolve(result);
+        };
         let proc;
         try {
-            proc = (options.spawnImpl ?? spawn)(command, args, {
+            const spawnPlan = createSpawnPlan(command, args, options.cwd, options.spawnImpl !== undefined);
+            proc = (options.spawnImpl ?? spawn)(spawnPlan.command, spawnPlan.args, {
                 cwd: options.cwd,
                 stdio: [stdinMode, "pipe", "pipe"],
-                env: process.env,
-                // shell: true is required on Windows to resolve PATH shims (e.g. claude.cmd).
-                // Avoid it for absolute .exe paths because cmd.exe can split paths with spaces.
-                // Prompt content is never passed as a shell argument, it goes via stdin, so
-                // injection risk from the DEP0190 warning does not apply here.
-                shell: shouldUseWindowsShell(command)
+                env: process.env
             });
         }
         catch (error) {
             const message = error instanceof Error ? error.message : String(error);
-            resolve({
+            resolveOnce({
                 exitCode: 1,
                 stdout: "",
                 stderr: message,
@@ -30,38 +35,59 @@ export async function runSubprocess(command, args, options) {
             });
             return;
         }
-        if (options.stdinData !== undefined && proc.stdin) {
-            proc.stdin.write(options.stdinData, "utf8");
-            proc.stdin.end();
-        }
         proc.stdout?.on("data", (chunk) => {
             stdoutChunks.push(chunk);
         });
         proc.stderr?.on("data", (chunk) => {
             stderrChunks.push(chunk);
         });
+        proc.stdin?.on("error", (error) => {
+            // Some CLIs exit before consuming stdin in tests and on fast-fail paths.
+            // Treat the closed pipe as a handled subprocess lifecycle condition.
+            if (error.code === "EPIPE") {
+                return;
+            }
+            stderrChunks.push(Buffer.from(`${error.message}\n`, "utf8"));
+        });
         const timer = setTimeout(() => {
             timedOut = true;
             proc.kill("SIGTERM");
         }, options.timeoutMs);
-        proc.on("close", (code) => {
-            clearTimeout(timer);
-            resolve({
-                exitCode: code ?? 1,
-                stdout: Buffer.concat(stdoutChunks).toString("utf8"),
-                stderr: Buffer.concat(stderrChunks).toString("utf8"),
-                timedOut
-            });
-        });
         proc.on("error", (error) => {
             clearTimeout(timer);
-            resolve({
+            resolveOnce({
                 exitCode: 1,
                 stdout: "",
                 stderr: error.message,
                 timedOut: false
             });
         });
+        proc.on("close", (code) => {
+            clearTimeout(timer);
+            resolveOnce({
+                exitCode: code ?? 1,
+                stdout: Buffer.concat(stdoutChunks).toString("utf8"),
+                stderr: Buffer.concat(stderrChunks).toString("utf8"),
+                timedOut
+            });
+        });
+        if (options.stdinData !== undefined && proc.stdin) {
+            try {
+                proc.stdin.end(options.stdinData, "utf8");
+            }
+            catch (error) {
+                const stdinError = error;
+                if (stdinError.code !== "EPIPE") {
+                    clearTimeout(timer);
+                    resolveOnce({
+                        exitCode: 1,
+                        stdout: Buffer.concat(stdoutChunks).toString("utf8"),
+                        stderr: stdinError.message,
+                        timedOut: false
+                    });
+                }
+            }
+        }
     });
 }
 export async function runVerification(commands, cwd, timeoutMs, verificationStack, spawnImpl) {
@@ -76,9 +102,8 @@ export async function runVerification(commands, cwd, timeoutMs, verificationStac
     }
     const failedSteps = [];
     for (const step of steps) {
-        const parts = step.command.trim().split(/\s+/u);
-        const bin = parts[0];
-        const args = parts.slice(1);
+        const parts = splitCommand(step.command);
+        const [bin, ...args] = parts;
         if (!bin) {
             continue;
         }
@@ -115,8 +140,109 @@ export async function readGitExecutionArtifacts(repoRoot, timeoutMs, spawnImpl)
         ...(diffStats ? { diffStats } : {})
     };
 }
-function shouldUseWindowsShell(command) {
-    return process.platform === "win32" && !isAbsolute(command);
+function createSpawnPlan(command, args, cwd, preserveRawForInjectedSpawn) {
+    if (preserveRawForInjectedSpawn || process.platform !== "win32" || isAbsolute(command)) {
+        return { command, args };
+    }
+    const resolved = resolveWindowsCommand(command, cwd);
+    if (!resolved) {
+        return { command, args };
+    }
+    const extension = extname(resolved).toLowerCase();
+    if (extension === ".cmd" || extension === ".bat") {
+        return {
+            command: process.env.ComSpec || "cmd.exe",
+            args: ["/d", "/s", "/c", [quoteWindowsCmdArg(resolved), ...args.map(quoteWindowsCmdArg)].join(" ")]
+        };
+    }
+    return { command: resolved, args };
+}
+function resolveWindowsCommand(command, cwd) {
+    const hasPathSegment = command.includes("\\") || command.includes("/");
+    const baseCandidates = expandWindowsCommandCandidates(hasPathSegment ? resolve(cwd, command) : command);
+    if (hasPathSegment) {
+        return baseCandidates.find((candidate) => existsSync(candidate));
+    }
+    for (const directory of windowsPathDirectories()) {
+        for (const candidate of baseCandidates) {
+            const fullPath = join(directory, candidate);
+            if (existsSync(fullPath)) {
+                return fullPath;
+            }
+        }
+    }
+    return undefined;
+}
+function expandWindowsCommandCandidates(command) {
+    if (extname(command)) {
+        return [command];
+    }
+    const pathExt = process.env.PATHEXT ?? ".COM;.EXE;.BAT;.CMD";
+    return pathExt
+        .split(";")
+        .map((extension) => extension.trim())
+        .filter(Boolean)
+        .map((extension) => `${command}${extension.toLowerCase()}`);
+}
+function windowsPathDirectories() {
+    const rawPath = process.env.Path ?? process.env.PATH ?? "";
+    return rawPath
+        .split(delimiter)
+        .map((entry) => entry.trim().replace(/^"|"$/g, ""))
+        .filter(Boolean);
+}
+function quoteWindowsCmdArg(value) {
+    const normalized = value.replace(/\r?\n/gu, " ");
+    const escaped = normalized
+        .replace(/\^/gu, "^^")
+        .replace(/"/gu, '^"')
+        .replace(/%/gu, "%%")
+        .replace(/!/gu, "^^!")
+        .replace(/[&|<>()]/gu, (match) => `^${match}`);
+    return `"${escaped}"`;
+}
+export function splitCommand(command) {
+    const tokens = [];
+    let current = "";
+    let quote;
+    const trimmed = command.trim();
+    for (let index = 0; index < trimmed.length; index += 1) {
+        const char = trimmed[index];
+        const next = trimmed[index + 1];
+        if (char === undefined) {
+            continue;
+        }
+        if (char === "\\") {
+            const canEscape = quote !== "'" && (next === quote || next === "\\");
+            if (canEscape && next !== undefined) {
+                current += next;
+                index += 1;
+                continue;
+            }
+        }
+        if (char === '"' || char === "'") {
+            if (!quote) {
+                quote = char;
+                continue;
+            }
+            if (quote === char) {
+                quote = undefined;
+                continue;
+            }
+        }
+        if (!quote && /\s/u.test(char)) {
+            if (current.length > 0) {
+                tokens.push(current);
+                current = "";
+            }
+            continue;
+        }
+        current += char;
+    }
+    if (current.length > 0) {
+        tokens.push(current);
+    }
+    return tokens;
 }
 function truncate(text, maxLength) {
     if (text.length <= maxLength) {

package/dist/vendor/adapters/counter.d.ts

@@ -0,0 +1 @@
+export declare function calculateIndex(): number;

package/dist/vendor/adapters/counter.js

@@ -0,0 +1,4 @@
+export function calculateIndex() {
+    return 10;
+}
+//# sourceMappingURL=counter.js.map

package/dist/vendor/adapters/git-baseline.d.ts

@@ -0,0 +1,50 @@
+import type { MartinAdapterResult } from "../core/index.js";
+import { type SpawnLike } from "./cli-bridge.js";
+type DiffStats = NonNullable<NonNullable<MartinAdapterResult["execution"]>["diffStats"]>;
+export interface GitBaselineArtifact {
+    startHeadSha: string;
+    startTrackedStatus: string;
+    startTrackedSet: string[];
+    startTrackedDiffSha256: Record<string, string>;
+    startUntrackedSet: string[];
+    startTimestamp: string;
+    worktreeClean: boolean;
+    pilotRepoClass: string | null;
+}
+export interface GitNormalizationArtifact {
+    startHeadSha: string;
+    endHeadShaBeforeNormalization: string;
+    normalizationApplied: boolean;
+    normalizationMode: "reset_mixed_to_start_head" | "none";
+    normalizationSucceeded: boolean;
+    headAfterNormalization: string;
+}
+export interface ScopeSurfaceArtifact {
+    trackedChangedPaths: string[];
+    deletedPaths: string[];
+    newUntrackedPaths: string[];
+    allChangedPaths: string[];
+    changedBaselinePaths: string[];
+    baselineWasClean: boolean;
+    noCodeChange: boolean;
+    diffStats?: DiffStats;
+}
+export declare function captureBaseline(options: {
+    repoRoot: string;
+    timeoutMs: number;
+    spawnImpl?: SpawnLike;
+    pilotRepoClass?: string | null;
+}): Promise<GitBaselineArtifact>;
+export declare function normalizeAdapterGitState(options: {
+    repoRoot: string;
+    baseline: GitBaselineArtifact;
+    timeoutMs: number;
+    spawnImpl?: SpawnLike;
+}): Promise<GitNormalizationArtifact>;
+export declare function collectScopeSurface(options: {
+    repoRoot: string;
+    baseline: GitBaselineArtifact;
+    timeoutMs: number;
+    spawnImpl?: SpawnLike;
+}): Promise<ScopeSurfaceArtifact>;
+export {};