typeclaw 0.1.1 → 0.1.3

package/src/container/logs.ts

@@ -1,3 +1,5 @@
+import { supportsColor } from './log-colors'
+import { makeLogTimestampReformatter, type TimestampReformatter } from './log-timestamps'
 import { containerExists, containerNameFromCwd, getBun } from './shared'
 
 export type LogsPlan = {
@@ -7,7 +9,25 @@ export type LogsPlan = {
 
 export type LogsResult = { ok: true; containerName: string; exitCode: number } | { ok: false; reason: string }
 
-export async function logs({ cwd, follow }: { cwd: string; follow: boolean }): Promise<LogsResult> {
+export type LogsOptions = {
+  cwd: string
+  follow: boolean
+  out?: NodeJS.WritableStream
+  err?: NodeJS.WritableStream
+  signal?: AbortSignal
+  // When undefined, defaults to TTY+NO_COLOR detection on `out`/`err`.
+  // Tests pass `false` for deterministic plain output.
+  useColor?: boolean
+}
+
+export async function logs({
+  cwd,
+  follow,
+  out = process.stdout,
+  err = process.stderr,
+  signal,
+  useColor,
+}: LogsOptions): Promise<LogsResult> {
   const bun = getBun()
   if (!bun) return { ok: false, reason: 'bun runtime not available' }
 
@@ -18,14 +38,30 @@ export async function logs({ cwd, follow }: { cwd: string; follow: boolean }): P
       return { ok: false, reason: `Container ${containerName} not found. Run \`typeclaw start\` first.` }
     }
 
-    const cmd = ['docker', 'logs']
+    const cmd = ['docker', 'logs', '--timestamps']
     if (follow) cmd.push('-f')
     cmd.push(containerName)
 
-    // Inherit stdio so logs stream live and Ctrl+C reaches `docker logs`,
-    // which exits cleanly on SIGINT in follow mode.
-    const proc = bun.spawn({ cmd, cwd, stdout: 'inherit', stderr: 'inherit' })
+    const proc = bun.spawn({ cmd, cwd, stdout: 'pipe', stderr: 'pipe' })
+
+    const onAbort = (): void => {
+      try {
+        proc.kill('SIGTERM')
+      } catch {
+        // already exited
+      }
+    }
+    signal?.addEventListener('abort', onAbort, { once: true })
+
+    const colorOut = useColor ?? supportsColor(out)
+    const colorErr = useColor ?? supportsColor(err)
+    await Promise.all([
+      pumpWithTimestamps(proc.stdout, out, makeLogTimestampReformatter(undefined, { color: colorOut })),
+      pumpWithTimestamps(proc.stderr, err, makeLogTimestampReformatter(undefined, { color: colorErr })),
+    ])
     const exitCode = await proc.exited
+    signal?.removeEventListener('abort', onAbort)
+
     return { ok: true, containerName, exitCode }
   } catch (error) {
     return { ok: false, reason: error instanceof Error ? error.message : String(error) }
@@ -35,3 +71,33 @@ export async function logs({ cwd, follow }: { cwd: string; follow: boolean }): P
 export function planLogs(cwd: string, { follow }: { follow: boolean }): LogsPlan {
   return { containerName: containerNameFromCwd(cwd), follow }
 }
+
+// Exported for `compose/logs.ts` so the multi-agent path reuses the same
+// reformatter and stays consistent with single-agent output.
+export async function pumpWithTimestamps(
+  stream: ReadableStream<Uint8Array>,
+  sink: NodeJS.WritableStream,
+  reformatter: TimestampReformatter = makeLogTimestampReformatter(),
+): Promise<void> {
+  const decoder = new TextDecoder()
+  const reader = stream.getReader()
+  try {
+    while (true) {
+      const { done, value } = await reader.read()
+      if (done) break
+      if (value && value.byteLength > 0) {
+        const out = reformatter.write(decoder.decode(value, { stream: true }))
+        if (out.length > 0) sink.write(out)
+      }
+    }
+    const tail = decoder.decode()
+    if (tail.length > 0) {
+      const out = reformatter.write(tail)
+      if (out.length > 0) sink.write(out)
+    }
+    const flushed = reformatter.flush()
+    if (flushed.length > 0) sink.write(flushed)
+  } finally {
+    reader.releaseLock()
+  }
+}

package/src/container/start.ts

@@ -7,10 +7,20 @@ import { configSchema, expandMountPath, type Config } from '@/config/config'
 import { send as sendToDaemon } from '@/hostd/client'
 import type { HttpInfoResult } from '@/hostd/protocol'
 import { ensureDaemon } from '@/hostd/spawn'
+import {
+  autoUpgradeTypeclawDep,
+  type AutoUpgradeOutcome,
+  expectedInstalledAfterUpgrade,
+  outcomeForcesInstall,
+  readInstalledTypeclawVersionFromAgent,
+} from '@/init/auto-upgrade'
+import { resolveBaseImageVersion } from '@/init/cli-version'
 import { buildDockerfile, DOCKERFILE } from '@/init/dockerfile'
 import { ensureDepsInstalled, type EnsureDepsResult } from '@/init/ensure-deps'
 import { buildGitignore, GITIGNORE_FILE } from '@/init/gitignore'
 import { refreshPackageJson } from '@/init/packagejson'
+import { runBunUpdate, type UpdateRunner } from '@/init/run-bun-install'
+import { migrateKakaotalkCredentials } from '@/secrets'
 
 import { CONTAINER_PORT, findFreePort, isPortAllocatedError } from './port'
 import {
@@ -76,6 +86,25 @@ export type StartOptions = {
   // Reusing that daemon avoids a self-shutdown when disk source has drifted.
   reuseCurrentHostDaemon?: boolean
   ensureDeps?: (cwd: string) => Promise<EnsureDepsResult>
+  // Test seam for the typeclaw-version auto-upgrade. Production callers omit
+  // this and get the real autoUpgradeTypeclawDep (which reads the CLI's own
+  // package.json). Tests inject a stub to simulate `bun -g update typeclaw`
+  // having bumped the CLI without touching the agent folder.
+  autoUpgrade?: (cwd: string) => Promise<AutoUpgradeOutcome>
+  // Test seam for the auto-upgrade-triggered registry resolution. Defaults
+  // to `bun update typeclaw --latest`. Cannot be `runBunInstall` — see the
+  // module header in src/init/auto-upgrade.ts for why install doesn't move
+  // an already-locked in-range dep.
+  forceBunUpdate?: UpdateRunner
+  // Test seam for the post-install verification. Reads the version actually
+  // present in <agent>/node_modules/typeclaw/package.json after the upgrade
+  // install completes. Defaults to readInstalledTypeclawVersionFromAgent.
+  // Verification is mandatory: `bun update` can succeed (exit 0) but still
+  // resolve to an older version than expected if the registry has issues
+  // or the spec resolution surprises us; we MUST refuse to proceed to
+  // refreshDockerfile in that case, otherwise the Dockerfile pins a stale
+  // base image and the build either fails or runs against the wrong runtime.
+  readInstalledVersion?: (cwd: string) => string | null
   // Post-`docker run` verifier. `docker run -d` returns exit 0 the moment the
   // container is created, even if its entrypoint crashes milliseconds later.
   // The default verifier polls `docker inspect` for 1.5s and converts crashes
@@ -105,6 +134,7 @@ export type StartResult =
       // every fresh launch, including the post-stale-corpse `--rm` recovery
       // path — that one rebuilds the container from scratch.
       alreadyRunning: boolean
+      autoUpgrade: AutoUpgradeOutcome
     }
   | { ok: false; reason: string }
 
@@ -117,6 +147,9 @@ export async function start({
   cliEntry,
   reuseCurrentHostDaemon = false,
   ensureDeps = (dir) => ensureDepsInstalled({ cwd: dir }),
+  autoUpgrade = (dir) => autoUpgradeTypeclawDep({ cwd: dir }),
+  forceBunUpdate = runBunUpdate,
+  readInstalledVersion = readInstalledTypeclawVersionFromAgent,
   verifyRunning = createVerifyRunning({ exec }),
 }: StartOptions): Promise<StartResult> {
   try {
@@ -142,13 +175,48 @@ export async function start({
     // one-shot and idempotent — once `workspaces` is set, refreshPackageJson
     // is a no-op, so users who never edit their agent folder pay zero cost on
     // subsequent starts and users who customized `workspaces` are not clobbered.
-    await refreshDockerfile(cwd)
     await refreshGitignore(cwd)
     const pkgRefresh = await refreshPackageJson(cwd)
     await commitSystemFile(cwd, GITIGNORE_FILE, 'Update .gitignore')
     if (pkgRefresh.changed) {
       await commitSystemFile(cwd, pkgRefresh.files, 'Enable bun workspaces (packages/*)')
     }
+
+    // Align the agent's typeclaw dep with the global CLI version BEFORE
+    // ensureDeps runs. The classic regression this prevents: `bun -g update
+    // typeclaw` bumps the global CLI but the agent's node_modules/typeclaw
+    // stays pinned to whatever was installed at init time. refreshDockerfile
+    // then pins FROM ghcr/typeclaw-base:<old-version> and the docker build
+    // either fails (image never published) or runs against a stale runtime.
+    //
+    // We use `bun update typeclaw --latest` (NOT `bun install`) because plain
+    // install honors the lockfile and is a no-op when the lockfile already
+    // satisfies the declared spec — which is the canonical regression case
+    // (lockfile pins 0.1.0, spec says ^0.1.0, CLI is 0.1.2; install does
+    // nothing, update force-resolves to 0.1.2).
+    //
+    // After the update we MUST verify the installed version actually matches
+    // the upgrade target. `bun update` can exit 0 but resolve to a stale
+    // version (registry hiccups, surprising spec resolution). If verification
+    // fails we abort before refreshDockerfile so we never pin a stale base
+    // image to a fresh container build.
+    const upgrade = await autoUpgrade(cwd)
+    const upgradeCommitMessage = commitMessageForAutoUpgrade(upgrade)
+    if (outcomeForcesInstall(upgrade)) {
+      const forced = await forceBunUpdate(cwd, 'typeclaw')
+      if (!forced.ok) {
+        return { ok: false, reason: `typeclaw auto-upgrade install failed: ${forced.reason}` }
+      }
+      const expected = expectedInstalledAfterUpgrade(upgrade)
+      const installedAfter = readInstalledVersion(cwd)
+      if (expected !== null && (installedAfter === null || !installedReachesTarget(installedAfter, expected))) {
+        return {
+          ok: false,
+          reason: `typeclaw auto-upgrade verification failed: bun update reported success but <agent>/node_modules/typeclaw is ${installedAfter ?? 'missing'} (expected >= ${expected}). Refusing to build a Docker image against a stale runtime.`,
+        }
+      }
+    }
+
     // Run `bun install` BEFORE the dependency-drift commit so the lockfile
     // changes the install produces are caught by the same commit. Without
     // this, upgrading the typeclaw CLI to a version that adds a new dep
@@ -160,7 +228,13 @@ export async function start({
     if (!deps.ok) {
       return { ok: false, reason: `dependency install failed: ${deps.reason}` }
     }
-    await commitSystemFile(cwd, DEPENDENCY_FILES, 'Update dependencies')
+    await commitSystemFile(cwd, DEPENDENCY_FILES, upgradeCommitMessage ?? 'Update dependencies')
+    // Dockerfile refresh AFTER ensureDeps so the version pin in the FROM
+    // line resolves against the agent's installed node_modules/typeclaw —
+    // ensures the base image's CLI version matches the runtime the
+    // container will actually load.
+    await refreshDockerfile(cwd)
+    await migrateKakaotalkCredentials(cwd)
 
     if (state.exists) {
       // Container holds the name but is not running. Without `--rm`, this is
@@ -298,12 +372,31 @@ export async function start({
       hostPort,
       hostd: stripHostDaemonControl(hostd),
       alreadyRunning: false,
+      autoUpgrade: upgrade,
     }
   } catch (error) {
     return { ok: false, reason: error instanceof Error ? error.message : String(error) }
   }
 }
 
+function commitMessageForAutoUpgrade(outcome: AutoUpgradeOutcome): string | null {
+  if (outcome.kind === 'spec-rewritten') return `Upgrade typeclaw to ${outcome.to}`
+  if (outcome.kind === 'reinstall-needed') return `Upgrade typeclaw to ${outcome.to}`
+  return null
+}
+
+function installedReachesTarget(installed: string, target: string): boolean {
+  const ai = installed.match(/^(\d+)\.(\d+)\.(\d+)$/)
+  const at = target.match(/^(\d+)\.(\d+)\.(\d+)$/)
+  if (!ai || !at) return false
+  for (let i = 1; i <= 3; i++) {
+    const a = Number.parseInt(ai[i]!, 10)
+    const t = Number.parseInt(at[i]!, 10)
+    if (a !== t) return a > t
+  }
+  return true
+}
+
 export async function planStart({
   cwd,
   hostPort,
@@ -315,7 +408,8 @@ export async function planStart({
   const imageTag = imageTagFromCwd(cwd)
 
   const devSourcePath = await detectDevSource(cwd)
-  const mounts = await loadMounts(cwd)
+  const cfg = await loadTypeclawConfig(cwd)
+  const mounts = cfg.mounts
 
   // No `--rm`: a crashed container's logs MUST survive past exit so users can
   // debug the failure. `typeclaw stop` removes the container explicitly, and
@@ -324,6 +418,17 @@ export async function planStart({
   // a running container or one the user has not started again yet.
   const runArgs = ['run', '-d', '--name', containerName, '-p', `127.0.0.1:${hostPort}:${CONTAINER_PORT}`]
 
+  // Network egress filter: when `typeclaw.json#network.blockInternal` is true,
+  // grant the container CAP_NET_ADMIN at boot so the entrypoint shim can
+  // install iptables OUTPUT rules. The shim drops the capability from the
+  // bounding set via setpriv before exec'ing the agent — see the shim source
+  // in src/init/dockerfile.ts for the full handoff. The `-e` flag is what
+  // tells the shim to take the on-path; absent or set to anything other than
+  // "1", the shim is a no-op.
+  if (cfg.network.blockInternal) {
+    runArgs.push('--cap-add=NET_ADMIN', '-e', 'TYPECLAW_NETWORK_BLOCK_INTERNAL=1')
+  }
+
   if (hostdControl) {
     runArgs.push('--add-host', HOST_GATEWAY_ALIAS)
   }
@@ -386,7 +491,10 @@ export async function planStart({
 
 export async function refreshDockerfile(cwd: string): Promise<void> {
   const cfg = await loadTypeclawConfig(cwd)
-  await writeFile(join(cwd, DOCKERFILE), buildDockerfile(cfg.dockerfile))
+  await writeFile(
+    join(cwd, DOCKERFILE),
+    buildDockerfile(cfg.dockerfile, { baseImageVersion: resolveBaseImageVersion(cwd) }),
+  )
 }
 
 export async function refreshGitignore(cwd: string): Promise<void> {
@@ -517,6 +625,7 @@ async function reportAlreadyRunning(exec: DockerExec, cwd: string, containerName
     hostPort,
     hostd: { state: 'disabled' },
     alreadyRunning: true,
+    autoUpgrade: { kind: 'skipped-already-running' },
   }
 }
 
@@ -576,11 +685,6 @@ async function detectDevSource(cwd: string): Promise<string | null> {
 // folder mid-init). Anything else — malformed JSON, schema-invalid config,
 // invalid mount entry — must surface so the user sees they configured a mount
 // that won't be applied.
-async function loadMounts(cwd: string): Promise<Config['mounts']> {
-  const cfg = await loadTypeclawConfig(cwd)
-  return cfg.mounts
-}
-
 async function loadTypeclawConfig(cwd: string): Promise<Config> {
   return configSchema.parse(await loadConfigJson(cwd))
 }

package/src/cron/consumer.ts

@@ -1,20 +1,25 @@
+import type { SessionOrigin } from '@/agent/session-origin'
 import type { HookBus } from '@/plugin'
 import type { Stream, Unsubscribe } from '@/stream'
 
 import type { CronJob, ExecJob, PromptJob } from './schema'
 
-// `hooks`, `sessionId`, and `getTranscriptPath` are optional so test fakes can
-// stay one-liners. When present, the consumer fires `session.idle` after every
-// prompt completion and `session.end` on dispose, mirroring the lifecycle
-// signals the TUI server already emits in `src/server/index.ts`. Without this
-// the bundled memory plugin's debounced `memory-logger` never spawns for cron
-// prompt jobs because it only wakes on `session.idle`.
+// `hooks`, `sessionId`, `agentDir`, and `getTranscriptPath` are optional so
+// test fakes can stay one-liners. When present, the consumer fires
+// `session.turn.start`/`session.turn.end` around `prompt()`, then
+// `session.idle` after, then `session.end` on dispose — mirroring the
+// lifecycle signals the TUI server emits in `src/server/index.ts`. Without
+// this the bundled memory plugin's debounced `memory-logger` never spawns for
+// cron prompt jobs (it only wakes on `session.idle`), and the bundled backup
+// plugin's turn counter would miss cron-driven activity.
 export type CronSession = {
   prompt: (text: string) => Promise<void>
   dispose?: () => void
   hooks?: HookBus
   sessionId?: string
+  agentDir?: string
   getTranscriptPath?: () => string | undefined
+  origin?: SessionOrigin
 }
 
 export type CronConsumerLogger = {
@@ -102,8 +107,25 @@ async function runPrompt(
     return
   }
   const session = await createSessionForCron(job)
+  const turnEvent =
+    session.hooks && session.sessionId !== undefined && session.agentDir !== undefined
+      ? {
+          sessionId: session.sessionId,
+          agentDir: session.agentDir,
+          ...(session.origin !== undefined ? { origin: session.origin } : {}),
+        }
+      : undefined
   try {
-    await session.prompt(job.prompt)
+    if (session.hooks && turnEvent !== undefined) {
+      await session.hooks.runSessionTurnStart(turnEvent)
+    }
+    try {
+      await session.prompt(job.prompt)
+    } finally {
+      if (session.hooks && turnEvent !== undefined) {
+        await session.hooks.runSessionTurnEnd(turnEvent)
+      }
+    }
     if (session.hooks && session.sessionId !== undefined) {
       await session.hooks.runSessionIdle({
         sessionId: session.sessionId,