pi-crew 0.9.8 → 0.9.10

package/src/runtime/important-line-classifier.ts

@@ -0,0 +1,130 @@
+/**
+ * Important-Line Classifier (P0-B) — scan middle slice of a truncated value
+ * for diagnostic lines worth preserving between head and tail.
+ *
+ * Ported from Hypa's `ImportantLineClassifier.cs` (5 regexes) and the
+ * middle-scanning portion of `Stages/TruncationStage.cs:24-46`, adapted to TS
+ * (no `[GeneratedRegex]` AOT) and to pi-crew's head(75%)/tail(25%) split.
+ *
+ * Design rationale:
+ * - Patterns are intentionally OVER-INCLUSIVE. False positives preserve
+ *   harmless lines; false negatives drop critical diagnostics, which is
+ *   unacceptable (the whole point of this module). Hypa uses the same
+ *   over-inclusive design.
+ * - Patterns are evaluated against a WHOLE line, not against the raw
+ *   truncated slice, so a match at a line boundary is reliable.
+ * - The `splitWithImportantLines` helper performs the head/tail split AND
+ *   greedily picks whole important lines from the middle that fit inside
+ *   `slackFactor * maxChars` (default 15% slack). Callers compose their own
+ *   marker using the returned parts — keeping `compactString` (marker
+ *   "compacted ... chars, head+tail preserved") and `readIfSmall` (marker
+ *   "truncated ... bytes, head+tail preserved") backward-compatible when no
+ *   important lines are present.
+ */
+
+/** Diagnostic patterns. Anchored where safe to avoid matching noise. */
+export const IMPORTANT_LINE_PATTERNS: readonly RegExp[] = [
+	// error keywords — NOTE: "warning" is intentionally excluded here; it has
+	// its own case-sensitive pattern below so that the common prose word
+	// "warning" does not over-match. (Hypa does the same split.)
+	/\b(error|failed|exception|fatal|panic)\b/i,
+	// file:line diagnostic — `child-pi.ts:383:`, `App.tsx:42:`
+	/\w+\.\w+:\d+:/,
+	// HTTP 4xx / 5xx — bounded so it does not match phone numbers etc.
+	/\b[45]\d{2}\b/,
+	// k8s / linter "Warning" event (case-sensitive so prose is not matched)
+	/\bWarning\b/,
+	// compiler / linter diagnostic id — `TS2304`, `CS0246`, `ES1234`
+	/\b[A-Z]{2,4}\d{3,5}\b/,
+];
+
+/** True iff `line` matches at least one important-line pattern. */
+export function isImportantLine(line: string): boolean {
+	if (!line) return false;
+	for (const pattern of IMPORTANT_LINE_PATTERNS) {
+		if (pattern.test(line)) return true;
+	}
+	return false;
+}
+
+/**
+ * Extract up to `maxLines` important lines from `text`. Lines are split on
+ * `\n` (also handles `\r\n`). Order preserved; duplicates kept (callers may
+ * want to see the same diagnostic twice if it appears twice — that often
+ * signals a recurring failure).
+ */
+export function extractImportantLines(text: string, maxLines = 30): string[] {
+	if (!text || maxLines <= 0) return [];
+	const out: string[] = [];
+	for (const line of text.split(/\r?\n/)) {
+		if (out.length >= maxLines) break;
+		if (isImportantLine(line)) out.push(line);
+	}
+	return out;
+}
+
+export interface TruncationSplit {
+	/** The first 75% of the value (by char count), verbatim. */
+	head: string;
+	/** The last 25% of the value (by char count), verbatim. */
+	tail: string;
+	/**
+	 * Important lines from the middle slice, greedily picked (whole lines) so
+	 * the joined length fits inside `slackFactor * maxChars`. Empty when
+	 * `preserveImportant` is false OR no important lines are present OR none
+	 * fit the slack budget.
+	 */
+	importantLines: string[];
+	/** `value.length - maxChars` — chars dropped if no important lines preserved. */
+	baseDropped: number;
+}
+
+export interface SplitOptions {
+	/** When false, important-line scanning is skipped (assistant-text mode). */
+	preserveImportant?: boolean;
+	/** Hard cap on candidate lines before slack-budget selection. Default 30. */
+	maxImportantLines?: number;
+	/** Fraction of `maxChars` available for important-line content. Default 0.15. */
+	slackFactor?: number;
+}
+
+/**
+ * Split `value` into head + important-middle + tail, returning the parts.
+ * The caller is responsible for composing the final result (marker + glue)
+ * because the marker wording differs between `compactString` and
+ * `readIfSmall`.
+ *
+ * When no important lines are picked, the returned `importantLines` is `[]`
+ * and the marker wording stays bit-identical to the pre-P0-B format.
+ */
+export function splitWithImportantLines(value: string, maxChars: number, opts: SplitOptions = {}): TruncationSplit {
+	if (value.length <= maxChars) {
+		return { head: value, tail: "", importantLines: [], baseDropped: 0 };
+	}
+	const headLen = Math.floor(maxChars * 0.75);
+	const tailLen = maxChars - headLen;
+	const head = value.slice(0, headLen);
+	const tail = value.slice(value.length - tailLen);
+
+	if (opts.preserveImportant === false) {
+		return { head, tail, importantLines: [], baseDropped: value.length - maxChars };
+	}
+
+	const slackFactor = opts.slackFactor ?? 0.15;
+	const slackChars = Math.max(0, Math.floor(maxChars * slackFactor));
+	const maxCandidates = opts.maxImportantLines ?? 30;
+	const middle = value.slice(headLen, value.length - tailLen);
+	const candidates = extractImportantLines(middle, maxCandidates);
+
+	// Greedily pick whole lines that fit in the slack budget.
+	const chosen: string[] = [];
+	let used = 0;
+	for (const line of candidates) {
+		const addLen = (chosen.length > 0 ? 1 : 0) + line.length; // '\n' separator
+		if (used + addLen > slackChars) break;
+		chosen.push(line);
+		used += addLen;
+	}
+
+	return { head, tail, importantLines: chosen, baseDropped: value.length - maxChars };
+}

package/src/runtime/iteration-hooks.ts

@@ -8,6 +8,7 @@ import { spawn } from "node:child_process";
 import * as fs from "node:fs";
 import * as path from "node:path";
 import { WINDOWS_ESSENTIAL_ENV_VARS } from "../utils/env-allowlist.ts";
+import { HeadSnapStage } from "./compact-stages/index.ts";
 import { resolveShellForScript } from "../utils/resolve-shell.ts";
 import { sanitizeEnvSecrets } from "../utils/env-filter.ts";
 import { DENIED_METRIC_NAMES } from "./metric-parser.ts";
@@ -98,23 +99,6 @@ function notFiredResult(): HookResult {
 	};
 }
 
-/**
- * Truncate a buffer to the given byte limit, snapping to the last newline
- * boundary for UTF-8 safety.
- */
-function truncateToLimit(buf: Buffer, limit: number): Buffer {
-	if (buf.byteLength <= limit) return buf;
-
-	const slice = buf.subarray(0, limit);
-	// Find the last newline within the truncated region
-	const lastNewline = slice.lastIndexOf("\n");
-	if (lastNewline >= 0) {
-		return slice.subarray(0, lastNewline);
-	}
-	// No newline found — return the full slice
-	return slice;
-}
-
 /**
  * Check if a script path exists and is executable.
  */
@@ -196,13 +180,17 @@ export async function runIterationHook(
 			const durationMs = Date.now() - startTime;
 
 			const rawStdout = Buffer.concat(stdoutChunks);
-			const truncatedStdout = truncateToLimit(rawStdout, MAX_STDOUT_BYTES);
+			// Sprint 5: refactored onto HeadSnapStage. Convert to UTF-8 string once,
+			// then apply the byte-cap stage with newline-snap so partial lines
+			// never appear in the captured preview. HeadSnapStage is byte-cap-safe
+			// (walks back partial UTF-8 sequences at the cut boundary).
+			const stdoutText = new HeadSnapStage({ maxBytes: MAX_STDOUT_BYTES }).apply(rawStdout.toString("utf-8"));
 
 			const rawStderr = Buffer.concat(stderrChunks);
 
 			resolve({
 				fired: true,
-				stdout: truncatedStdout.toString("utf-8"),
+				stdout: stdoutText,
 				stderr: rawStderr.toString("utf-8"),
 				exitCode: code,
 				timedOut: killed,

package/src/runtime/live-agent-manager.ts

@@ -416,3 +416,188 @@ function drainIrcMessages(agentIdOrTaskId: string): IrcMessage[] {
 	handle.pendingMessages.length = 0;
 	return messages;
 }
+
+/* ── IRC reply support (side-channel Q&A) ─────────────────────────── */
+
+/** Default timeout for awaiting a side-channel reply (60s). */
+const DEFAULT_REPLY_TIMEOUT_MS = 60_000;
+
+/** Result of a background reply attempt. */
+export interface BackgroundReplyResult {
+	ok: boolean;
+	/** Correlation id for the pending reply (present once registered). */
+	corrId?: string;
+	/** Reply prose content (present on success when awaitReply was set). */
+	replyContent?: string;
+	/** Human-readable error description. */
+	error?: string;
+	/** True when the reply did not arrive before the timeout. */
+	timedOut?: boolean;
+}
+
+interface PendingReply {
+	corrId: string;
+	targetAgentId: string;
+	fromId: string;
+	deadline: number;
+	resolve: (result: BackgroundReplyResult) => void;
+	timer?: ReturnType<typeof setTimeout>;
+}
+
+/** In-process pending replies keyed by correlation id. */
+const pendingReplies = new Map<string, PendingReply>();
+/** Reverse index: targetAgentId → set of corrIds awaiting a reply from it. */
+const pendingRepliesByTarget = new Map<string, Set<string>>();
+
+function makeCorrelationId(): string {
+	return `irc_reply_${Date.now().toString(36)}_${Math.random().toString(36).slice(2, 10)}`;
+}
+
+/**
+ * Deliver a message to a live agent's session as a *background* turn —
+ * without blocking the recipient's main agent loop — and (optionally)
+ * await a prose reply via a side-channel.
+ *
+ * Non-blocking invariant (mirrors gajae-code's `respondAsBackground`):
+ * the message is injected via `sendCustomMessage` (triggerTurn:false) or a
+ * fire-and-forget `session.prompt`; we NEVER await the recipient's full
+ * main-loop turn. When `awaitReply` is set we instead await an event-driven
+ * reply resolution (see {@link resolveIrcReply}) bounded by a timeout.
+ *
+ * Note on mailbox.ts reply fields: those file-based fields
+ * (`replyTo`/`replyContent`/`replyDeadline`/`updateMailboxMessageReply`)
+ * serve cross-process workers that communicate via on-disk mailbox files.
+ * Live-session agents share a single process, so an in-memory event-driven
+ * registry is used here — it is lower-latency and trivially non-blocking.
+ * Both mechanisms coexist; file-based workers keep using mailbox.ts.
+ */
+export async function respondAsBackground(
+	targetAgentId: string,
+	fromId: string,
+	message: string,
+	opts?: { awaitReply?: boolean; timeoutMs?: number; signal?: AbortSignal },
+): Promise<BackgroundReplyResult> {
+	const handle = getLiveAgent(targetAgentId);
+	if (!handle) return { ok: false, error: `Live agent '${targetAgentId}' not found.` };
+
+	const awaitReply = opts?.awaitReply ?? false;
+	const timeoutMs = opts?.timeoutMs ?? DEFAULT_REPLY_TIMEOUT_MS;
+	const corrId = makeCorrelationId();
+
+	// --- Non-blocking delivery -------------------------------------------
+	const session = handle.session as Record<string, unknown>;
+	const deliveredTag = `[DM from ${fromId}] ${message}`;
+	let delivered = false;
+	if (typeof session.sendCustomMessage === "function") {
+		try {
+			(session.sendCustomMessage as (msg: unknown, o?: unknown) => void)(
+				{ customType: "irc", content: deliveredTag, display: "collapsed", corrId },
+				{ deliverAs: "followUp", triggerTurn: false },
+			);
+			delivered = true;
+		} catch {
+			// fall through to prompt-based delivery
+		}
+	}
+	if (!delivered && typeof handle.session.prompt === "function") {
+		const promptText = `${deliveredTag}${awaitReply ? ` (reply correlation: ${corrId})` : ""}`;
+		void handle.session.prompt(promptText, { source: "api", expandPromptTemplates: false }).catch((error) => logInternalError("live-agent-manager.respondAsBackground", error, `agentId=${handle.agentId}`));
+		delivered = true;
+	}
+	if (!delivered) return { ok: false, error: `Target '${targetAgentId}' has no message channel.` };
+	handle.updatedAt = new Date().toISOString();
+
+	if (!awaitReply) return { ok: true, corrId };
+
+	// --- Await reply (event-driven, bounded by timeout) ------------------
+	return awaitPendingReply(corrId, targetAgentId, fromId, timeoutMs, opts?.signal);
+}
+
+/**
+ * Register a pending reply and resolve it when the reply arrives, the
+ * timeout elapses, or the caller's abort signal fires.
+ *
+ * @internal exported for testing
+ */
+export function awaitPendingReply(
+	corrId: string,
+	targetAgentId: string,
+	fromId: string,
+	timeoutMs: number,
+	signal?: AbortSignal,
+): Promise<BackgroundReplyResult> {
+	return new Promise((resolve) => {
+		const deadline = Date.now() + timeoutMs;
+		let settled = false;
+		let timer: ReturnType<typeof setTimeout> | undefined;
+		let signalListener: (() => void) | undefined;
+
+		const finish = (result: BackgroundReplyResult) => {
+			if (settled) return;
+			settled = true;
+			if (timer) clearTimeout(timer);
+			if (signalListener && signal) signal.removeEventListener("abort", signalListener);
+			pendingReplies.delete(corrId);
+			const set = pendingRepliesByTarget.get(targetAgentId);
+			set?.delete(corrId);
+			if (set && set.size === 0) pendingRepliesByTarget.delete(targetAgentId);
+			resolve(result);
+		};
+
+		timer = setTimeout(() => finish({ ok: false, corrId, timedOut: true }), timeoutMs);
+
+		if (signal) {
+			if (signal.aborted) {
+				finish({ ok: false, corrId, error: "cancelled" });
+				return;
+			}
+			signalListener = () => finish({ ok: false, corrId, error: "cancelled" });
+			signal.addEventListener("abort", signalListener, { once: true });
+		}
+
+		pendingReplies.set(corrId, { corrId, targetAgentId, fromId, deadline, resolve: finish, timer });
+		const set = pendingRepliesByTarget.get(targetAgentId) ?? new Set<string>();
+		set.add(corrId);
+		pendingRepliesByTarget.set(targetAgentId, set);
+	});
+}
+
+/**
+ * Resolve a pending side-channel reply. Called by the reply-routing layer
+ * (e.g. irc-tool when the recipient sends a message back referencing the
+ * correlation id, or by tests simulating a recipient response).
+ *
+ * Returns true if a pending reply was resolved, false if none matched
+ * (already timed out / cancelled / unknown correlation id).
+ */
+export function resolveIrcReply(corrId: string, replyContent: string): boolean {
+	const pending = pendingReplies.get(corrId);
+	if (!pending) return false;
+	pending.resolve({ ok: true, corrId, replyContent });
+	return true;
+}
+
+/**
+ * Cancel a pending side-channel reply (e.g. sender gave up).
+ * Returns true if a pending reply was cancelled, false if none matched.
+ */
+export function cancelIrcReply(corrId: string, reason = "cancelled"): boolean {
+	const pending = pendingReplies.get(corrId);
+	if (!pending) return false;
+	pending.resolve({ ok: false, corrId, error: reason });
+	return true;
+}
+
+/** Correlation ids currently awaiting a reply from the given target agent. */
+export function pendingReplyCorrIdsForTarget(targetAgentId: string): string[] {
+	return [...(pendingRepliesByTarget.get(targetAgentId) ?? [])];
+}
+
+/** Clear all pending replies (test helper). */
+export function clearPendingRepliesForTest(): void {
+	for (const pending of pendingReplies.values()) {
+		if (pending.timer) clearTimeout(pending.timer);
+	}
+	pendingReplies.clear();
+	pendingRepliesByTarget.clear();
+}

package/src/runtime/live-session-runtime.ts

@@ -241,6 +241,54 @@ function modelFromRegistry(modelRegistry: unknown, modelId: string | undefined):
 	}
 }
 
+/**
+ * Round 18: when agent declares `model: false`, the inherited `parentModel`
+ * (= `ctx.model` from Pi runtime, set via `team-tool.ts:541/655`) is the
+ * session's SAVED model. That saved model can be stale (e.g. a previous
+ * session used claude-sonnet-4-5 and saved it as session.model; the new
+ * session actually runs on minimax-M3 displayed in the footer). If the
+ * saved model has no auth in `modelRegistry`, the worker fails immediately
+ * with "No API key found" before reaching any fallback candidate.
+ *
+ * This helper prefers the saved model when it is in the auth-available
+ * registry; otherwise falls back to the first auth-available registry
+ * model (e.g. minimax/MiniMax-M3, zai/glm-5.2); otherwise returns the
+ * raw `parentModel` unchanged so the caller surfaces E008.
+ */
+export function resolveParentModelFromRegistry(
+	modelRegistry: unknown,
+	rawParentModel: unknown,
+): string | undefined {
+	const raw = typeof rawParentModel === "string" ? rawParentModel.trim() : undefined;
+	if (raw) {
+		const candidate = raw.includes("/")
+			? raw
+			: (() => {
+				const m = modelFromRegistry(modelRegistry, raw);
+				if (m && typeof m === "object" && "fullId" in m) {
+					return String((m as { fullId?: unknown }).fullId ?? raw);
+				}
+				return undefined;
+			})();
+		if (candidate && modelFromRegistry(modelRegistry, candidate)) return candidate;
+	}
+	const registry = modelRegistry as { getAvailable?: () => unknown[] } | undefined;
+	if (registry && typeof registry.getAvailable === "function") {
+		try {
+			const available = registry.getAvailable();
+			if (Array.isArray(available) && available.length > 0) {
+				const first = available[0] as { provider?: unknown; id?: unknown } | undefined;
+				if (first && typeof first.provider === "string" && typeof first.id === "string") {
+					return `${first.provider}/${first.id}`;
+				}
+			}
+		} catch {
+			// ignore — fall through to raw
+		}
+	}
+	return raw;
+}
+
 /** Communication intensity by role (caveman-inspired token optimization) */
 const ROLE_INTENSITY: Record<string, "lite" | "full" | "ultra"> = {
 	explorer: "ultra",
@@ -473,7 +521,8 @@ export async function runLiveSessionTask(input: LiveSessionSpawnInput): Promise<
 			});
 			await (resourceLoader as { reload?: () => Promise<void> }).reload?.();
 		}
-		const modelRouting = buildConfiguredModelRouting({ overrideModel: input.modelOverride, stepModel: input.step.model, teamRoleModel: input.teamRoleModel, agentModel: input.agent.model, fallbackModels: input.agent.fallbackModels, parentModel: input.parentModel, modelRegistry: input.modelRegistry, cwd: input.manifest.cwd, scopeModelsPatterns: await resolveScopeModelsPatterns(input.manifest.cwd) });
+		const effectiveParentModel = resolveParentModelFromRegistry(input.modelRegistry, input.parentModel);
+		const modelRouting = buildConfiguredModelRouting({ overrideModel: input.modelOverride, stepModel: input.step.model, teamRoleModel: input.teamRoleModel, agentModel: input.agent.model, fallbackModels: input.agent.fallbackModels, parentModel: effectiveParentModel, modelRegistry: input.modelRegistry, cwd: input.manifest.cwd, scopeModelsPatterns: await resolveScopeModelsPatterns(input.manifest.cwd) });
 		const resolvedModel = modelFromRegistry(input.modelRegistry, modelRouting.candidates[0] ?? modelRouting.requested) ?? input.parentModel;
 		// Phase 4: MCP proxy — will be determined after session creation
 		// (we check parent's MCP tools and share connections when available)

package/src/runtime/model-fallback.ts

@@ -209,6 +209,25 @@ const RETRYABLE_MODEL_FAILURE_PATTERNS = [
 	/internal(?:_server)?[ _]error/i,
 	/server error/i,
 	/bad gateway/i,
+	//
+	// Broader retryable patterns (added 2026-06-25, FIX 2):
+	// - `/provider[_ ]?error/i`: OpenAI-compatible "Provider error" generic fault.
+	// - `/context[_ ]?length[_ ]?exceeded/i`: "context_length_exceeded" from
+	//   OpenAI/Anthropic — when the configured model is the bottleneck, a
+	//   different model in the fallback chain may have a larger window.
+	// - `/safety/i`: Anthropic safety blocks — typically retryable on a
+	//   different model in the fallback chain.
+	// - `/is[_ ]?overloaded/i`: alias to the existing `/overloaded/i` pattern
+	//   to catch phrasings like "upstream is overloaded".
+	// - `/\b408\b/`: HTTP 408 Request Timeout — transient, provider-side.
+	//
+	// Intentionally NOT added: `/bad_request/` — can mean bad input (e.g.
+	// invalid schema), which is non-retryable.
+	/provider[_ ]?error/i,
+	/context[_ ]?length[_ ]?exceeded/i,
+	/safety/i,
+	/is[_ ]?overloaded/i,
+	/\b408\b/,
 ];
 
 // These patterns indicate auth/key/billing issues that will never succeed on retry.
@@ -313,9 +332,18 @@ export function buildConfiguredModelRouting(input: {
 	const rawModels = availableModels
 		? [input.overrideModel, input.stepModel, input.teamRoleModel, effectiveAgentModel, ...(input.fallbackModels ?? []), ...availableModels.map((model) => model.fullId)]
 		: [input.overrideModel, input.stepModel, input.teamRoleModel, effectiveAgentModel, ...(input.fallbackModels ?? []), parentModel];
+	// Fix (Round 18): when an agent has `model: false` (frontmatter) the
+	// inherited `parentModel` (= session chính's model, e.g. minimax-M3) IS the
+	// desired primary. It must NOT be filtered out by isAvailableModel — which
+	// only knows about models from models.json / registry, NOT builtin Pi models.
+	// Pin the inherited parentModel at index 0 regardless of availability.
+	const parentModelRaw = effectiveAgentModel?.trim() || undefined;
 	const configuredModels = rawModels
 		.filter((model): model is string => Boolean(model?.trim()))
-		.filter((model) => isAvailableModel(model.trim(), availableModels));
+		.filter((model, idx) => {
+			if (parentModelRaw && idx === 0 && model.trim() === parentModelRaw) return true;
+			return isAvailableModel(model.trim(), availableModels);
+		});
 	const candidates = buildModelCandidates(configuredModels[0], configuredModels.slice(1), availableModels, preferredProvider);
 	const reason = requested && candidates[0] && resolveModelCandidate(requested, availableModels, preferredProvider) !== candidates[0]
 		? "requested model unavailable; selected configured Pi fallback"