nolo-cli 0.1.16 → 0.1.17

package/agent-runtime/localLoop.ts

@@ -12,6 +12,7 @@ export type LocalAgentTurnInput = {
   agentRef: string;
   input: AgentRuntimeMessageContent;
   continueDialogId?: string;
+  maxToolRounds?: number;
 };
 
 export type LocalAgentTurnResult = AgentRuntimeResult & {
@@ -49,15 +50,48 @@ export async function runLocalAgentTurn(
     input: input.input,
   });
   const provider = await input.adapter.resolveProvider(agentConfig);
-  const result = await provider.complete(messages);
+  const maxToolRounds = input.maxToolRounds ?? 6;
+  let toolCallCount = 0;
+  let result: AgentRuntimeResult;
+  for (let round = 0; round <= maxToolRounds; round += 1) {
+    result = await provider.complete(messages);
+    const toolCalls = result.tool_calls ?? [];
+    if (toolCalls.length === 0) break;
+    if (round === maxToolRounds) {
+      throw new Error(`Local agent exceeded max tool rounds: ${maxToolRounds}`);
+    }
+    toolCallCount += toolCalls.length;
+    messages.push({
+      role: "assistant",
+      content: result.content || null,
+      tool_calls: toolCalls,
+    });
+    for (const toolCall of toolCalls) {
+      const toolResult = await input.adapter.executeTool({
+        id: toolCall.id,
+        name: toolCall.function.name,
+        arguments: toolCall.function.arguments,
+      });
+      messages.push({
+        role: "tool",
+        content: toolResult.content,
+        tool_call_id: toolCall.id,
+      });
+    }
+  }
+  result = result!;
   const saved = await input.adapter.saveTurn({
     agentKey: agentConfig.key,
     messages,
-    result,
+    result: {
+      ...result,
+      ...(toolCallCount > 0 ? { toolCallCount } : {}),
+    },
   });
 
   return {
     ...result,
+    ...(toolCallCount > 0 ? { toolCallCount } : {}),
     dialogId: saved.dialogId,
   };
 }

package/agent-runtime/types.ts

@@ -51,6 +51,7 @@ export interface AgentRuntimeResult {
   outputPrice?: number;
   usage?: Record<string, any>;
   trace?: AgentRuntimeChatMessage[];
+  tool_calls?: AgentRuntimeToolCall[];
   runtimeToolNames?: string[];
   toolCallCount?: number;
   policyState?: unknown;

package/agentRunCommand.ts

@@ -21,6 +21,7 @@ type ParsedAgentRunArgs = {
   agentKey: string;
   message: string;
   imageUrls: string[];
+  allowShell: boolean;
   runtimeMode?: AgentRuntimeRequestedMode;
   continueDialogId?: string;
 };
@@ -51,9 +52,15 @@ function runtimeModeFromArgs(args: string[]): AgentRuntimeRequestedMode | undefi
 
 function positionalArgs(args: string[]) {
   const values: string[] = [];
+  const valuelessFlags = new Set([
+    "--local",
+    "--server",
+    "--auto",
+    "--dangerously-allow-shell",
+  ]);
   for (let index = 0; index < args.length; index += 1) {
     const arg = args[index];
-    if (arg === "--local" || arg === "--server" || arg === "--auto") continue;
+    if (valuelessFlags.has(arg)) continue;
     if (arg.startsWith("--")) {
       index += 1;
       continue;
@@ -78,6 +85,7 @@ export function parseAgentRunArgs(args: string[]): ParsedAgentRunArgs | null {
     agentKey,
     message: message.trim(),
     imageUrls,
+    allowShell: args.includes("--dangerously-allow-shell"),
     ...(runtimeMode ? { runtimeMode } : {}),
     ...(continueDialogId ? { continueDialogId } : {}),
   };
@@ -112,7 +120,7 @@ function resolveServerUrl(env: EnvLike) {
 function writeUsage(output: OutputLike) {
   output.write(
     "Usage: nolo agent run <agent> <message> [--local|--server|--auto] [--continue <dialogId>]\n" +
-      "       nolo agent run --agent <agent> --msg <message> [--image <url-or-path>] [--local|--server|--auto]\n"
+      "       nolo agent run --agent <agent> --msg <message> [--image <url-or-path>] [--dangerously-allow-shell] [--local|--server|--auto]\n"
   );
 }
 
@@ -126,6 +134,9 @@ export async function runAgentRunCommand(args: string[], deps: AgentRunCommandDe
   }
 
   const runner = deps.runner ?? runAgentTurn;
+  const runEnv = parsed.allowShell
+    ? { ...env, NOLO_LOCAL_SHELL_MODE: "worktree" }
+    : env;
   const result: RunAgentTurnResult = await runner({
     agentName: parsed.agentKey,
     agentKey: parsed.agentKey,
@@ -133,7 +144,7 @@ export async function runAgentRunCommand(args: string[], deps: AgentRunCommandDe
     message: parsed.message,
     imageUrls: parsed.imageUrls.map(normalizeCliImageInput),
     scriptDir: deps.scriptDir,
-    env,
+    env: runEnv,
     output,
     ...(parsed.runtimeMode ? { runtimeMode: parsed.runtimeMode } : {}),
     ...(parsed.continueDialogId ? { continueDialogId: parsed.continueDialogId } : {}),

package/client/localRuntimeAdapter.test.ts

@@ -173,7 +173,7 @@ describe("CLI local runtime adapter", () => {
       id: "call-1",
       name: "execShell",
       arguments: "{}",
-    })).rejects.toThrow("blocked by the local CLI safety policy");
+    })).rejects.toThrow("execShell requires NOLO_LOCAL_SHELL_MODE");
   });
 
   test("executes explicitly allowed registered local tools declared by the agent", async () => {
@@ -214,4 +214,72 @@ describe("CLI local runtime adapter", () => {
 
     expect(result.content).toContain("README.md");
   });
+
+  test("advertises execShell to OpenAI-compatible providers when the agent declares it", async () => {
+    const requests: Array<{ body: any }> = [];
+    const adapter = createCliLocalRuntimeAdapter({
+      env: {
+        OPENAI_API_KEY: "sk-local",
+        NOLO_LOCAL_OPENAI_BASE_URL: "http://127.0.0.1:11434/v1",
+        NOLO_LOCAL_SHELL_MODE: "worktree",
+      },
+      db: {
+        get: async () => ({
+          dbKey: "agent-local-shell",
+          prompt: "Use shell.",
+          model: "gpt-4.1-mini",
+          toolNames: ["execShell"],
+        }),
+        put: async () => {},
+        batch: async () => {},
+        iterator: () => (async function* () {})(),
+      },
+      fetchImpl: async (_url, init) => {
+        requests.push({ body: JSON.parse(String(init?.body)) });
+        return Response.json({
+          choices: [{ message: { content: "done" } }],
+        });
+      },
+    });
+
+    await runLocalAgentTurn({
+      adapter,
+      agentRef: "shell",
+      input: "pwd",
+    });
+
+    expect(requests[0]?.body.tools).toEqual([{
+      type: "function",
+      function: expect.objectContaining({
+        name: "execShell",
+      }),
+    }]);
+  });
+
+  test("runs execShell locally in explicit worktree shell mode", async () => {
+    const adapter = createCliLocalRuntimeAdapter({
+      env: { NOLO_LOCAL_SHELL_MODE: "worktree" },
+      db: {
+        get: async () => ({
+          dbKey: "agent-local-shell",
+          toolNames: ["execShell"],
+        }),
+        put: async () => {},
+        batch: async () => {},
+        iterator: () => (async function* () {})(),
+      },
+      cwd: import.meta.dir,
+      fetchImpl: async () => Response.json({}),
+    });
+
+    await adapter.loadAgentConfig("shell");
+    const result = await adapter.executeTool({
+      id: "call-1",
+      name: "execShell",
+      arguments: "{\"cmd\":\"pwd\"}",
+    });
+
+    expect(result.content).toContain(import.meta.dir);
+    expect(result.metadata).toMatchObject({ exitCode: 0 });
+  });
 });

package/client/localRuntimeAdapter.ts

@@ -22,6 +22,7 @@ export type CliLocalRuntimeAdapterDeps = {
   now?: () => number;
   createId?: () => string;
   fetchImpl?: typeof fetch;
+  cwd?: string;
   localToolExecutors?: Record<string, (call: any) => Promise<{ content: string; metadata?: Record<string, unknown> }>>;
 };
 
@@ -46,6 +47,77 @@ function resolveLocalUserId(env: EnvLike) {
   return env.NOLO_LOCAL_USER_ID || env.NOLO_USER_ID || "local";
 }
 
+function buildExecShellTool() {
+  return {
+    type: "function",
+    function: {
+      name: "execShell",
+      description: "Run a shell command in the current isolated local workspace.",
+      parameters: {
+        type: "object",
+        properties: {
+          cmd: {
+            type: "string",
+            description: "Shell command to run.",
+          },
+        },
+        required: ["cmd"],
+      },
+    },
+  };
+}
+
+function buildOpenAiTools(toolNames: string[] = []) {
+  return toolNames.includes("execShell") ? [buildExecShellTool()] : [];
+}
+
+function parseToolArguments(raw: string) {
+  try {
+    const parsed = JSON.parse(raw || "{}");
+    return parsed && typeof parsed === "object" ? parsed : {};
+  } catch {
+    return {};
+  }
+}
+
+async function executeShellCommand(args: {
+  call: any;
+  cwd: string;
+}) {
+  const parsed = parseToolArguments(String(args.call.arguments ?? ""));
+  const cmd = String(parsed.cmd ?? parsed.command ?? "").trim();
+  if (!cmd) throw new Error("execShell requires a non-empty cmd argument.");
+  const proc = Bun.spawn(["/bin/sh", "-lc", cmd], {
+    cwd: args.cwd,
+    stdout: "pipe",
+    stderr: "pipe",
+    stdin: "ignore",
+  });
+  const [stdout, stderr, exitCode] = await Promise.all([
+    new Response(proc.stdout).text(),
+    new Response(proc.stderr).text(),
+    proc.exited,
+  ]);
+  return {
+    content: [
+      stdout.trim() ? `stdout:\n${stdout.trim()}` : "",
+      stderr.trim() ? `stderr:\n${stderr.trim()}` : "",
+      `exitCode: ${exitCode}`,
+    ].filter(Boolean).join("\n\n"),
+    metadata: { exitCode },
+  };
+}
+
+function buildLocalToolExecutors(deps: CliLocalRuntimeAdapterDeps) {
+  return {
+    execShell: (call: any) => executeShellCommand({
+      call,
+      cwd: deps.cwd ?? process.cwd(),
+    }),
+    ...(deps.localToolExecutors ?? {}),
+  };
+}
+
 async function resolveDb(deps: CliLocalRuntimeAdapterDeps) {
   return deps.db ?? defaultLocalRuntimeDb();
 }
@@ -191,6 +263,7 @@ export function createCliLocalRuntimeAdapter(
   const fetchImpl = deps.fetchImpl ?? fetch;
   const userId = resolveLocalUserId(deps.env);
   let activeAgentToolNames: string[] = [];
+  const localToolExecutors = buildLocalToolExecutors(deps);
 
   return {
     host: "cli",
@@ -218,6 +291,7 @@ export function createCliLocalRuntimeAdapter(
     resolveProvider: async (agentConfig) => ({
       model: agentConfig.model || "gpt-4.1-mini",
       complete: async (messages) => {
+        const tools = buildOpenAiTools(agentConfig.toolNames ?? []);
         const res = await fetchImpl(`${resolveOpenAiCompatibleBaseUrl(deps.env)}/chat/completions`, {
           method: "POST",
           headers: {
@@ -230,17 +304,20 @@ export function createCliLocalRuntimeAdapter(
             model: agentConfig.model || "gpt-4.1-mini",
             messages: toOpenAiMessages(messages),
             stream: false,
+            ...(tools.length > 0 ? { tools } : {}),
           }),
         });
         const data = await res.json().catch(() => ({}));
         if (!res.ok) {
           throw new Error(`local provider failed: HTTP ${res.status} ${JSON.stringify(data)}`);
         }
-        const content = String(data?.choices?.[0]?.message?.content ?? "");
+        const choiceMessage = data?.choices?.[0]?.message ?? {};
+        const content = String(choiceMessage?.content ?? "");
         return {
           content,
           model: agentConfig.model || "gpt-4.1-mini",
           provider: agentConfig.provider || "openai-compatible",
+          ...(Array.isArray(choiceMessage?.tool_calls) ? { tool_calls: choiceMessage.tool_calls } : {}),
           usage: data?.usage,
           trace: messages,
         };
@@ -250,7 +327,7 @@ export function createCliLocalRuntimeAdapter(
       env: deps.env,
       agentToolNames: activeAgentToolNames,
       call,
-      executors: deps.localToolExecutors,
+      executors: localToolExecutors,
     }),
   };
 }

package/client/localToolPolicy.test.ts

@@ -3,15 +3,20 @@ import { describe, expect, test } from "bun:test";
 import { executeLocalToolWithPolicy, resolveLocalToolPolicy } from "./localToolPolicy";
 
 describe("CLI local tool policy", () => {
-  test("blocks dangerous tools even when env tries to allow them", () => {
+  test("allows execShell in explicit worktree shell mode", () => {
+    expect(resolveLocalToolPolicy({
+      env: { NOLO_LOCAL_SHELL_MODE: "worktree" },
+      agentToolNames: ["execShell"],
+      toolName: "execShell",
+    })).toEqual({ allowed: true, toolName: "execShell" });
+  });
+
+  test("blocks execShell unless explicit shell mode is enabled", () => {
     expect(resolveLocalToolPolicy({
       env: { NOLO_LOCAL_ALLOWED_TOOLS: "execShell" },
       agentToolNames: ["execShell"],
       toolName: "execShell",
-    })).toMatchObject({
-      allowed: false,
-      reason: expect.stringContaining("blocked"),
-    });
+    })).toMatchObject({ allowed: false });
   });
 
   test("requires both env allowlist and agent declaration", () => {

package/client/localToolPolicy.ts

@@ -7,7 +7,6 @@ export type LocalToolPolicyDecision =
   | { allowed: false; toolName: string; reason: string };
 
 const NEVER_LOCAL_TOOLS = new Set([
-  "execShell",
   "deleteSpaces",
   "updateAgent",
   "updateSelf",
@@ -26,6 +25,22 @@ export function resolveLocalToolPolicy(args: {
   agentToolNames?: string[];
   toolName: string;
 }): LocalToolPolicyDecision {
+  if (args.toolName === "execShell") {
+    const shellMode = args.env.NOLO_LOCAL_SHELL_MODE || "";
+    const agentTools = new Set(args.agentToolNames ?? []);
+    if (
+      agentTools.has("execShell") &&
+      ["worktree", "dangerous", "1", "true"].includes(shellMode)
+    ) {
+      return { allowed: true, toolName: args.toolName };
+    }
+    return {
+      allowed: false,
+      toolName: args.toolName,
+      reason: "execShell requires NOLO_LOCAL_SHELL_MODE=worktree and an agent that declares execShell.",
+    };
+  }
+
   if (NEVER_LOCAL_TOOLS.has(args.toolName)) {
     return {
       allowed: false,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "nolo-cli",
-  "version": "0.1.16",
+  "version": "0.1.17",
   "type": "module",
   "description": "Agent-first terminal workspace for Nolo",
   "bin": {