voratiq 0.1.0-beta.0 → 0.1.0-beta.1

package/README.md

@@ -1,6 +1,6 @@
 # Voratiq
 
-Run multiple AI coding agents in parallel, compare their results, and apply the best solution.
+Run agents in parallel, compare results, and apply the best solution.
 
 ![`voratiq run --spec specs/p1/agent-workspace-guardrails.md`](https://raw.githubusercontent.com/voratiq/voratiq/main/assets/run-demo.png)
 

package/dist/auth/providers/gemini.js

@@ -3,7 +3,7 @@ import { assertSandboxDestination } from "../staging.js";
 import { buildAuthFailedMessage } from "./messages.js";
 import { disposeHandles, registerSandboxSecrets, stageSecretFile, } from "./secret-staging.js";
 import { teardownAuthProvider } from "./teardown.js";
-import { assertReadableFileOrThrow, composeSandboxEnvResult, copyOptionalDirectoryWithPermissions, copyOptionalFileWithPermissions, createSandboxPaths, ensureDirectories, resolveChildPath, } from "./utils.js";
+import { assertReadableFileOrThrow, composeSandboxEnvResult, copyOptionalFileWithPermissions, createSandboxPaths, ensureDirectories, resolveChildPath, } from "./utils.js";
 const GEMINI_PROVIDER_ID = "gemini";
 const GEMINI_LOGIN_HINT = buildAuthFailedMessage("Gemini");
 const GEMINI_REQUIRED_FILES = [
@@ -124,7 +124,8 @@ async function stageOptionalFiles(geminiHome, sandboxGeminiDir, sandboxHome) {
             return new GeminiAuthProviderError(GEMINI_LOGIN_HINT, { cause });
         });
     }
-    const tmpSource = resolveChildPath(geminiHome, "tmp");
+    // Create empty tmp directory (don't copy contents to avoid polluting
+    // chat transcripts with historical sessions from previous runs)
     const sandboxTmpDestination = resolveChildPath(sandboxGeminiDir, "tmp");
     assertSandboxDestination({
         sandboxHome,
@@ -132,7 +133,7 @@ async function stageOptionalFiles(geminiHome, sandboxGeminiDir, sandboxHome) {
         providerId: GEMINI_PROVIDER_ID,
         fileLabel: "tmp",
     });
-    await copyOptionalDirectoryWithPermissions(tmpSource, sandboxTmpDestination, (cause) => new GeminiAuthProviderError(GEMINI_LOGIN_HINT, { cause }));
+    await ensureDirectories([sandboxTmpDestination]);
 }
 async function validateSettingsFile(settingsPath) {
     let raw;

package/dist/bin.js

@@ -82,7 +82,8 @@ export async function runCli(argv = process.argv) {
         .description("Voratiq CLI")
         .version(getVoratiqVersion(), "-v, --version", "print the Voratiq version")
         .exitOverride()
-        .showHelpAfterError();
+        .showHelpAfterError()
+        .helpCommand(false);
     program.addCommand(createInitCommand());
     program.addCommand(createListCommand());
     program.addCommand(createRunCommand());

package/dist/commands/run/agents/lifecycle.js

@@ -1,6 +1,8 @@
+import { loadSandboxProviderConfig } from "../../../configs/sandbox/loader.js";
 import { toErrorMessage } from "../../../utils/errors.js";
 import { GIT_AUTHOR_EMAIL, GIT_AUTHOR_NAME } from "../../../utils/git.js";
 import { AgentProcessError, GitOperationError, RunCommandError, } from "../errors.js";
+import { DEFAULT_DENIAL_BACKOFF, } from "../sandbox.js";
 import { teardownRegisteredSandboxContext } from "../sandbox-registry.js";
 import { captureAgentChatTranscripts } from "./chat-preserver.js";
 import { runPostProcessingAndEvaluations } from "./eval-runner.js";
@@ -29,18 +31,33 @@ export async function executeAgentLifecycle(execution) {
             await execution.progress.onRunning(buildRunningAgentRecord(execution, agentContext));
         }
         // Create watchdog trigger callback for immediate UI surfacing
-        const onWatchdogTrigger = (trigger, reason) => {
+        const onWatchdogTrigger = (trigger, reason, failFast) => {
             // Update watchdog metadata with trigger
             agentContext.setWatchdogMetadata({
                 ...initialWatchdog,
                 trigger,
             });
+            if (failFast) {
+                agentContext.setFailFastTriggered(failFast);
+            }
             // Fire early failure callback for immediate UI update
             if (execution.progress?.onEarlyFailure) {
                 const earlyRecord = agentContext.buildEarlyFailureRecord(reason);
                 void execution.progress.onEarlyFailure(earlyRecord);
             }
         };
+        let denialBackoff = DEFAULT_DENIAL_BACKOFF;
+        try {
+            const sandboxProviderConfig = loadSandboxProviderConfig({
+                root,
+                providerId: agent.provider,
+            });
+            denialBackoff = sandboxProviderConfig.denialBackoff;
+        }
+        catch {
+            // If sandbox.yaml is missing or invalid, fall back to defaults rather than
+            // failing the entire agent lifecycle.
+        }
         const processResult = await runAgentProcess({
             runtimeManifestPath,
             agentRoot: workspacePaths.agentRoot,
@@ -49,11 +66,15 @@ export async function executeAgentLifecycle(execution) {
             sandboxSettingsPath: workspacePaths.sandboxSettingsPath,
             providerId: agent.provider,
             onWatchdogTrigger,
+            denialBackoff,
         });
         // Update watchdog metadata from process result (in case trigger came via watchdog)
         if (processResult.watchdog) {
             agentContext.setWatchdogMetadata(processResult.watchdog);
         }
+        if (processResult.failFast) {
+            agentContext.setFailFastTriggered(processResult.failFast);
+        }
         if (processResult.exitCode !== 0 || processResult.errorMessage) {
             // Use watchdog error message if available, otherwise detect from logs
             const failureDetail = processResult.watchdog?.trigger && processResult.errorMessage

package/dist/commands/run/agents/run-context.d.ts

@@ -5,6 +5,7 @@ import type { ArtifactCollectionResult } from "../../../workspace/agents.js";
 import type { ChatArtifactFormat } from "../../../workspace/chat/types.js";
 import type { RunCommandError } from "../errors.js";
 import { type AgentExecutionResult, type AgentExecutionState } from "../reports.js";
+import type { SandboxFailFastInfo } from "../sandbox.js";
 export declare class AgentRunContext {
     readonly state: AgentExecutionState;
     status: AgentStatus;
@@ -12,6 +13,7 @@ export declare class AgentRunContext {
     evalResults: AgentEvalResult[];
     errorMessage: string | undefined;
     watchdogMetadata: WatchdogMetadata | undefined;
+    private failFast;
     private completedAt;
     private startedAt;
     private readonly evalPlan;
@@ -36,6 +38,7 @@ export declare class AgentRunContext {
     markChatArtifact(format: ChatArtifactFormat): void;
     recordEvalWarnings(warnings: readonly string[]): void;
     setWatchdogMetadata(metadata: WatchdogMetadata): void;
+    setFailFastTriggered(info: SandboxFailFastInfo): void;
     finalize(): AgentExecutionResult;
     /**
      * Build an early failure record for immediate UI surfacing when watchdog triggers.

package/dist/commands/run/agents/run-context.js

@@ -11,6 +11,7 @@ export class AgentRunContext {
     evalResults;
     errorMessage;
     watchdogMetadata;
+    failFast;
     completedAt;
     startedAt;
     evalPlan;
@@ -113,6 +114,9 @@ export class AgentRunContext {
     setWatchdogMetadata(metadata) {
         this.watchdogMetadata = metadata;
     }
+    setFailFastTriggered(info) {
+        this.failFast = info;
+    }
     finalize() {
         this.setCompleted();
         const record = buildAgentRecord({
@@ -127,6 +131,7 @@ export class AgentRunContext {
             warnings: this.evalWarnings,
             diffStatistics: this.state.diffStatistics,
             watchdog: this.watchdogMetadata,
+            failFast: this.failFast,
         });
         return finalizeAgentResult(this.runId, record, this.state);
     }
@@ -147,6 +152,7 @@ export class AgentRunContext {
             warnings: this.evalWarnings,
             diffStatistics: undefined,
             watchdog: this.watchdogMetadata,
+            failFast: this.failFast,
         });
     }
 }
@@ -158,7 +164,7 @@ export function buildDefaultEvalResults(definitions) {
     }));
 }
 function buildAgentRecord(options) {
-    const { agent, commitSha, completedAt, errorMessage, startedAt, status, artifacts, evalResults, warnings, diffStatistics, watchdog, } = options;
+    const { agent, commitSha, completedAt, errorMessage, startedAt, status, artifacts, evalResults, warnings, diffStatistics, watchdog, failFast, } = options;
     const snapshots = toEvalSnapshots(evalResults);
     const artifactState = Object.keys(artifacts).length > 0 ? artifacts : undefined;
     const normalizedWarnings = warnings.length > 0 ? Array.from(new Set(warnings)) : undefined;
@@ -175,6 +181,13 @@ function buildAgentRecord(options) {
         error: errorMessage,
         warnings: normalizedWarnings,
         watchdog,
+        ...(failFast
+            ? {
+                failFastTriggered: true,
+                failFastTarget: failFast.target,
+                failFastOperation: failFast.operation,
+            }
+            : {}),
     };
     if (normalizedDiffStatistics) {
         record.diffStatistics = normalizedDiffStatistics;

package/dist/commands/run/agents/sandbox-launcher.d.ts

@@ -1,5 +1,7 @@
+import type { DenialBackoffConfig } from "../../../configs/sandbox/types.js";
 import type { WatchdogMetadata } from "../../../records/types.js";
 import type { AgentWorkspacePaths } from "../../../workspace/layout.js";
+import { type SandboxFailFastInfo } from "../sandbox.js";
 import { type WatchdogTrigger } from "./watchdog.js";
 export interface AgentProcessOptions {
     runtimeManifestPath: string;
@@ -7,11 +9,12 @@ export interface AgentProcessOptions {
     stdoutPath: string;
     stderrPath: string;
     sandboxSettingsPath: string;
+    denialBackoff?: DenialBackoffConfig;
     resolveRunInvocation?: RunInvocationResolver;
     /** Provider ID for watchdog fatal pattern matching. */
     providerId?: string;
     /** Callback fired immediately when watchdog triggers, before process exits. */
-    onWatchdogTrigger?: (trigger: WatchdogTrigger, reason: string) => void;
+    onWatchdogTrigger?: (trigger: WatchdogTrigger, reason: string, failFast?: SandboxFailFastInfo) => void;
 }
 export interface AgentProcessResult {
     exitCode: number;
@@ -19,6 +22,8 @@ export interface AgentProcessResult {
     signal?: NodeJS.Signals | null;
     /** Watchdog metadata showing enforced limits and trigger reason. */
     watchdog?: WatchdogMetadata;
+    /** Sandbox fail-fast metadata when repeated denials trigger an abort. */
+    failFast?: SandboxFailFastInfo;
 }
 export interface RunInvocationContext {
     agentRoot: string;

package/dist/commands/run/agents/sandbox-launcher.js

@@ -61,7 +61,7 @@ async function defaultResolveRunInvocation(context) {
     return { command, args };
 }
 export async function runAgentProcess(options) {
-    const { runtimeManifestPath, agentRoot, stdoutPath, stderrPath, sandboxSettingsPath, resolveRunInvocation, providerId = "", onWatchdogTrigger, } = options;
+    const { runtimeManifestPath, agentRoot, stdoutPath, stderrPath, sandboxSettingsPath, denialBackoff, resolveRunInvocation, providerId = "", onWatchdogTrigger, } = options;
     const stdoutStream = createWriteStream(stdoutPath, { flags: "w" });
     const stderrStream = createWriteStream(stderrPath, { flags: "w" });
     const shimEntryPath = resolveShimEntryPath();
@@ -105,6 +105,7 @@ export async function runAgentProcess(options) {
                 watchdogController = createWatchdog(child, stderrStream, {
                     providerId,
                     onWatchdogTrigger,
+                    denialBackoff,
                 });
                 // Bridge watchdog's abort signal to our shared abort controller
                 abortSignalHandler = () => forceAbortController.abort();
@@ -135,6 +136,7 @@ export async function runAgentProcess(options) {
     }
     const watchdogState = watchdogController?.getState();
     const watchdogTrigger = watchdogState?.triggered ?? undefined;
+    const failFast = watchdogState?.sandboxFailFast;
     let errorMessage;
     if (watchdogTrigger && watchdogState?.triggeredReason) {
         errorMessage = aborted
@@ -152,7 +154,7 @@ export async function runAgentProcess(options) {
         wallClockCapMs: WATCHDOG_DEFAULTS.wallClockCapMs,
         trigger: watchdogTrigger,
     };
-    return { exitCode, errorMessage, signal, watchdog };
+    return { exitCode, errorMessage, signal, watchdog, failFast };
 }
 export async function stageManifestForSandbox(options) {
     const { runtimeManifestPath } = options;

package/dist/commands/run/agents/watchdog.d.ts

@@ -1,12 +1,14 @@
 import type { ChildProcess } from "node:child_process";
 import type { Writable } from "node:stream";
+import type { DenialBackoffConfig } from "../../../configs/sandbox/types.js";
+import { type SandboxFailFastInfo } from "../sandbox.js";
 /**
  * Watchdog types and constants for enforcing per-agent process timeouts.
  *
  * Watchdog enforcement prevents hung agent binaries from blocking the entire
  * voratiq run pipeline by enforcing silence, wall-clock, and fatal pattern limits.
  */
-export type WatchdogTrigger = "silence" | "wall-clock" | "fatal-pattern";
+export type WatchdogTrigger = "silence" | "wall-clock" | "fatal-pattern" | "sandbox-denial";
 export declare const WATCHDOG_DEFAULTS: {
     readonly silenceTimeoutMs: number;
     readonly wallClockCapMs: number;
@@ -24,7 +26,8 @@ export interface WatchdogResult {
 }
 export interface WatchdogOptions {
     providerId: string;
-    onWatchdogTrigger?: (trigger: WatchdogTrigger, reason: string) => void;
+    denialBackoff?: DenialBackoffConfig;
+    onWatchdogTrigger?: (trigger: WatchdogTrigger, reason: string, failFast?: SandboxFailFastInfo) => void;
 }
 export declare function createWatchdog(child: ChildProcess, stderrStream: Writable, options: WatchdogOptions): WatchdogController;
 export interface WatchdogController {
@@ -33,6 +36,7 @@ export interface WatchdogController {
     getState: () => {
         triggered: WatchdogTrigger | null;
         triggeredReason: string | null;
+        sandboxFailFast?: SandboxFailFastInfo;
     };
     /** AbortSignal that fires after watchdog triggers and hard abort timeout passes. */
     abortSignal: AbortSignal;

package/dist/commands/run/agents/watchdog.js

@@ -1,3 +1,4 @@
+import { DenialBackoffTracker, parseSandboxDenialLine, resolveDenialBackoffConfig, } from "../sandbox.js";
 export const WATCHDOG_DEFAULTS = {
     silenceTimeoutMs: 15 * 60 * 1000,
     wallClockCapMs: 120 * 60 * 1000,
@@ -12,6 +13,7 @@ export const FATAL_PATTERNS = new Map([
 ]);
 export function createWatchdog(child, stderrStream, options) {
     const { silenceTimeoutMs, wallClockCapMs, killGraceMs, hardAbortMs } = WATCHDOG_DEFAULTS;
+    const denialBackoff = resolveDenialBackoffConfig(options.denialBackoff);
     const state = {
         silenceTimer: null,
         wallClockTimer: null,
@@ -20,6 +22,10 @@ export function createWatchdog(child, stderrStream, options) {
         fatalPatternFirstSeen: null,
         triggered: null,
         triggeredReason: null,
+        sandboxFailFast: null,
+        denialBackoff: new DenialBackoffTracker(denialBackoff),
+        lineBuffer: "",
+        delayInProgress: false,
         abortController: new AbortController(),
     };
     const fatalPatterns = FATAL_PATTERNS.get(options.providerId) ?? [];
@@ -54,17 +60,20 @@ export function createWatchdog(child, stderrStream, options) {
             state.hardAbortTimer = null;
         }
     };
-    const triggerWatchdog = (trigger, reason) => {
+    const triggerWatchdog = (trigger, reason, failFast) => {
         if (state.triggered) {
             return;
         }
         state.triggered = trigger;
         state.triggeredReason = reason;
+        if (failFast) {
+            state.sandboxFailFast = failFast;
+        }
         clearAllTimers();
         const banner = formatWatchdogBanner(trigger, reason);
         stderrStream.write(banner);
         if (options.onWatchdogTrigger) {
-            options.onWatchdogTrigger(trigger, reason);
+            options.onWatchdogTrigger(trigger, reason, failFast);
         }
         terminateProcess(child, state, { killGraceMs, hardAbortMs });
     };
@@ -91,6 +100,60 @@ export function createWatchdog(child, stderrStream, options) {
         resetSilenceTimer();
         const text = typeof chunk === "string" ? chunk : chunk.toString("utf8");
         checkFatalPattern(text);
+        handleSandboxDenialText(text);
+    };
+    const handleSandboxDenialText = (text) => {
+        if (state.triggered) {
+            return;
+        }
+        state.lineBuffer += text;
+        const lines = state.lineBuffer.split("\n");
+        state.lineBuffer = lines.pop() ?? "";
+        for (const line of lines) {
+            if (state.triggered) {
+                return;
+            }
+            if (line.startsWith("Running: ")) {
+                state.denialBackoff.resetAll();
+                continue;
+            }
+            const denial = parseSandboxDenialLine(line);
+            if (!denial) {
+                continue;
+            }
+            const decision = state.denialBackoff.register(denial);
+            if (decision.action === "warn") {
+                stderrStream.write(`\n[SandboxBackoff: WARN] Repeated denial to ${denial.target} (count=${decision.count}).\n`);
+            }
+            else if (decision.action === "delay") {
+                stderrStream.write(`\n[SandboxBackoff: ERROR] Repeated denial to ${denial.target} (count=${decision.count}); delaying ${denialBackoff.delayMs}ms.\n`);
+                void applyBackoffDelay(child, state, denialBackoff);
+            }
+            else if (decision.action === "fail-fast") {
+                triggerWatchdog("sandbox-denial", `Sandbox: repeated denial to ${denial.target}, aborting to prevent resource exhaustion`, denial);
+                return;
+            }
+        }
+    };
+    const applyBackoffDelay = async (child, state, config) => {
+        if (state.delayInProgress || state.triggered) {
+            return;
+        }
+        const pid = child.pid;
+        if (pid === undefined) {
+            return;
+        }
+        state.delayInProgress = true;
+        const delayMs = config.delayMs;
+        killProcessGroup(pid, "SIGSTOP");
+        await new Promise((resolve) => {
+            const timer = setTimeout(resolve, delayMs);
+            timer.unref();
+        });
+        if (!state.triggered) {
+            killProcessGroup(pid, "SIGCONT");
+        }
+        state.delayInProgress = false;
     };
     resetSilenceTimer();
     const wallClockMinutes = Math.round(wallClockCapMs / 60000);
@@ -115,6 +178,7 @@ export function createWatchdog(child, stderrStream, options) {
         getState: () => ({
             triggered: state.triggered,
             triggeredReason: state.triggeredReason,
+            sandboxFailFast: state.sandboxFailFast ?? undefined,
         }),
         /** AbortSignal that fires after watchdog triggers and hard abort timeout passes. */
         abortSignal: state.abortController.signal,

package/dist/commands/run/sandbox.d.ts

@@ -1,5 +1,12 @@
 import type { SandboxRuntimeConfig } from "@voratiq/sandbox-runtime";
+import type { DenialBackoffConfig } from "../../configs/sandbox/types.js";
 export type SandboxSettings = SandboxRuntimeConfig;
+export type DenialOperationType = "network-connect" | "file-read" | "file-write";
+export interface SandboxFailFastInfo {
+    operation: DenialOperationType;
+    target: string;
+}
+export declare const DEFAULT_DENIAL_BACKOFF: DenialBackoffConfig;
 export interface SandboxSettingsOptions {
     sandboxHomePath: string;
     workspacePath: string;
@@ -11,6 +18,21 @@ export interface SandboxSettingsOptions {
     evalsPath: string;
 }
 export declare function generateSandboxSettings(options: SandboxSettingsOptions): SandboxSettings;
+export declare function resolveDenialBackoffConfig(config: DenialBackoffConfig | undefined): DenialBackoffConfig;
+export declare function parseSandboxDenialLine(line: string): SandboxFailFastInfo | undefined;
+export type DenialBackoffAction = "none" | "warn" | "delay" | "fail-fast";
+export interface DenialBackoffDecision {
+    action: DenialBackoffAction;
+    count: number;
+    info: SandboxFailFastInfo;
+}
+export declare class DenialBackoffTracker {
+    private readonly config;
+    private readonly byTarget;
+    constructor(config: DenialBackoffConfig);
+    resetAll(): void;
+    register(info: SandboxFailFastInfo, now?: number): DenialBackoffDecision;
+}
 export declare function writeSandboxSettings(sandboxSettingsPath: string, settings: SandboxSettings): Promise<void>;
 export declare function resolveSrtBinary(cliRoot: string): string;
 export declare function checkPlatformSupport(): void;

package/dist/commands/run/sandbox.js

@@ -2,6 +2,14 @@ import { mkdir, writeFile } from "node:fs/promises";
 import { dirname, isAbsolute } from "node:path";
 import { loadSandboxProviderConfig } from "../../configs/sandbox/loader.js";
 import { resolvePath } from "../../utils/path.js";
+export const DEFAULT_DENIAL_BACKOFF = {
+    enabled: true,
+    warningThreshold: 2,
+    delayThreshold: 3,
+    delayMs: 5000,
+    failFastThreshold: 4,
+    windowMs: 120000,
+};
 export function generateSandboxSettings(options) {
     const { sandboxHomePath, workspacePath, provider, root, sandboxSettingsPath, runtimePath, artifactsPath, evalsPath, } = options;
     const providerConfig = loadSandboxProviderConfig({
@@ -41,6 +49,107 @@ export function generateSandboxSettings(options) {
         },
     };
 }
+export function resolveDenialBackoffConfig(config) {
+    if (!config) {
+        return { ...DEFAULT_DENIAL_BACKOFF };
+    }
+    return {
+        enabled: typeof config.enabled === "boolean"
+            ? config.enabled
+            : DEFAULT_DENIAL_BACKOFF.enabled,
+        warningThreshold: typeof config.warningThreshold === "number"
+            ? config.warningThreshold
+            : DEFAULT_DENIAL_BACKOFF.warningThreshold,
+        delayThreshold: typeof config.delayThreshold === "number"
+            ? config.delayThreshold
+            : DEFAULT_DENIAL_BACKOFF.delayThreshold,
+        delayMs: typeof config.delayMs === "number"
+            ? config.delayMs
+            : DEFAULT_DENIAL_BACKOFF.delayMs,
+        failFastThreshold: typeof config.failFastThreshold === "number"
+            ? config.failFastThreshold
+            : DEFAULT_DENIAL_BACKOFF.failFastThreshold,
+        windowMs: typeof config.windowMs === "number"
+            ? config.windowMs
+            : DEFAULT_DENIAL_BACKOFF.windowMs,
+    };
+}
+export function parseSandboxDenialLine(line) {
+    const trimmed = line.trim();
+    if (trimmed.length === 0) {
+        return undefined;
+    }
+    const debugNetworkDeny = trimmed.match(/^\[SandboxDebug\]\s+(?:Denied by config rule|No matching config rule, denying|User denied):\s+([^\s]+)$/u);
+    if (debugNetworkDeny?.[1]) {
+        return { operation: "network-connect", target: debugNetworkDeny[1] };
+    }
+    const macosKernelDeny = trimmed.match(/\bSandbox:\s+deny(?:\(\d+\))?\s+([^\s]+)\s+(.+)$/u);
+    if (macosKernelDeny?.[1] && macosKernelDeny[2]) {
+        const op = macosKernelDeny[1].toLowerCase();
+        const target = macosKernelDeny[2].trim();
+        if (op.includes("network")) {
+            return { operation: "network-connect", target };
+        }
+        if (op.includes("file-read")) {
+            return { operation: "file-read", target };
+        }
+        if (op.includes("file-write")) {
+            return { operation: "file-write", target };
+        }
+    }
+    return undefined;
+}
+export class DenialBackoffTracker {
+    config;
+    byTarget = new Map();
+    constructor(config) {
+        this.config = resolveDenialBackoffConfig(config);
+    }
+    resetAll() {
+        this.byTarget.clear();
+    }
+    register(info, now = Date.now()) {
+        const key = `${info.operation}:${info.target}`;
+        const windowMs = this.config.windowMs;
+        const existing = this.byTarget.get(key) ?? [];
+        const last = existing.length > 0 ? existing[existing.length - 1] : undefined;
+        const timestamps = last !== undefined && now - last > windowMs ? [] : [...existing];
+        timestamps.push(now);
+        const maxKept = Math.max(1, this.config.failFastThreshold);
+        while (timestamps.length > maxKept) {
+            timestamps.shift();
+        }
+        this.byTarget.set(key, timestamps);
+        const countInWindow = countWithinMs(timestamps, now, windowMs);
+        const countIn60 = countWithinMs(timestamps, now, 60_000);
+        const countIn30 = countWithinMs(timestamps, now, 30_000);
+        let action = "none";
+        if (this.config.enabled && countInWindow >= this.config.failFastThreshold) {
+            action = "fail-fast";
+        }
+        else if (this.config.enabled &&
+            countIn60 === this.config.delayThreshold) {
+            action = "delay";
+        }
+        else if (this.config.enabled &&
+            countIn30 === this.config.warningThreshold) {
+            action = "warn";
+        }
+        return { action, count: countInWindow, info };
+    }
+}
+function countWithinMs(timestamps, now, windowMs) {
+    let count = 0;
+    for (let i = timestamps.length - 1; i >= 0; i -= 1) {
+        if (now - timestamps[i] <= windowMs) {
+            count += 1;
+        }
+        else {
+            break;
+        }
+    }
+    return count;
+}
 function getDefaultSandboxWritePaths() {
     return [];
 }

package/dist/configs/sandbox/loader.d.ts

@@ -1,5 +1,5 @@
 import type { LoadSandboxConfigurationOptions, LoadSandboxProviderConfigOptions, SandboxConfig, SandboxProviderConfig } from "./types.js";
-export type { LoadSandboxConfigurationOptions, LoadSandboxNetworkConfigOptions, LoadSandboxProviderConfigOptions, SandboxConfig, SandboxFilesystemConfig, SandboxNetworkConfig, SandboxProviderConfig, } from "./types.js";
+export type { DenialBackoffConfig, LoadSandboxConfigurationOptions, LoadSandboxNetworkConfigOptions, LoadSandboxProviderConfigOptions, SandboxConfig, SandboxFilesystemConfig, SandboxNetworkConfig, SandboxProviderConfig, } from "./types.js";
 export declare function loadSandboxConfiguration(options?: LoadSandboxConfigurationOptions): SandboxConfig;
 export declare function loadSandboxProviderConfig(options: LoadSandboxProviderConfigOptions, providerIdOverride?: string): SandboxProviderConfig;
 export declare function enableSandboxLoaderTestHooks(): void;

package/dist/configs/sandbox/loader.js

@@ -15,6 +15,14 @@ const DEFAULT_FILESYSTEM_CONFIG = {
     denyRead: [],
     denyWrite: [],
 };
+const DEFAULT_DENIAL_BACKOFF = {
+    enabled: true,
+    warningThreshold: 2,
+    delayThreshold: 3,
+    delayMs: 5000,
+    failFastThreshold: 4,
+    windowMs: 120000,
+};
 const sandboxConfigLoader = createConfigLoader({
     resolveFilePath: (root, options) => resolveSandboxFilePath(root, options),
     selectReadFile: (options) => options.readFile,
@@ -48,6 +56,7 @@ const sandboxConfigLoader = createConfigLoader({
                 providerId: canonical.id,
                 network: providerNetwork,
                 filesystem: providerFilesystem,
+                denialBackoff: mergeDenialBackoffConfig(DEFAULT_DENIAL_BACKOFF, override?.denialBackoff),
             };
         }
         return {
@@ -57,6 +66,25 @@ const sandboxConfigLoader = createConfigLoader({
         };
     },
 });
+function mergeDenialBackoffConfig(base, override) {
+    if (!override) {
+        return { ...base };
+    }
+    return {
+        enabled: typeof override.enabled === "boolean" ? override.enabled : base.enabled,
+        warningThreshold: typeof override.warningThreshold === "number"
+            ? override.warningThreshold
+            : base.warningThreshold,
+        delayThreshold: typeof override.delayThreshold === "number"
+            ? override.delayThreshold
+            : base.delayThreshold,
+        delayMs: typeof override.delayMs === "number" ? override.delayMs : base.delayMs,
+        failFastThreshold: typeof override.failFastThreshold === "number"
+            ? override.failFastThreshold
+            : base.failFastThreshold,
+        windowMs: typeof override.windowMs === "number" ? override.windowMs : base.windowMs,
+    };
+}
 function clearSandboxConfigurationCache() {
     configCache.clear();
 }
@@ -101,6 +129,7 @@ export function loadSandboxProviderConfig(options, providerIdOverride) {
         providerId: providerConfig.providerId,
         network: cloneNetworkConfig(providerConfig.network),
         filesystem: cloneFilesystemConfig(providerConfig.filesystem),
+        denialBackoff: { ...providerConfig.denialBackoff },
     };
 }
 const SANDBOX_LOADER_TEST_HOOKS = Symbol.for("voratiq.configs.sandbox.loader.testHooks");
@@ -162,6 +191,7 @@ function cloneSandboxConfig(config) {
             providerId,
             network: cloneNetworkConfig(providerConfig.network),
             filesystem: cloneFilesystemConfig(providerConfig.filesystem),
+            denialBackoff: { ...providerConfig.denialBackoff },
         };
     }
     return {

package/dist/configs/sandbox/schemas.d.ts

@@ -6,6 +6,14 @@ export declare const networkOverrideSchema: z.ZodObject<{
     allowUnixSockets: z.ZodOptional<z.ZodArray<z.ZodPipe<z.ZodString, z.ZodTransform<string, string>>>>;
     allowAllUnixSockets: z.ZodOptional<z.ZodBoolean>;
 }, z.core.$strict>;
+export declare const denialBackoffOverrideSchema: z.ZodObject<{
+    enabled: z.ZodOptional<z.ZodBoolean>;
+    warningThreshold: z.ZodOptional<z.ZodNumber>;
+    delayThreshold: z.ZodOptional<z.ZodNumber>;
+    delayMs: z.ZodOptional<z.ZodNumber>;
+    failFastThreshold: z.ZodOptional<z.ZodNumber>;
+    windowMs: z.ZodOptional<z.ZodNumber>;
+}, z.core.$strict>;
 export declare const filesystemOverrideSchema: z.ZodObject<{
     allowWrite: z.ZodOptional<z.ZodArray<z.ZodPipe<z.ZodString, z.ZodTransform<string, string>>>>;
     denyRead: z.ZodOptional<z.ZodArray<z.ZodPipe<z.ZodString, z.ZodTransform<string, string>>>>;
@@ -24,6 +32,14 @@ export declare const providerOverrideSchema: z.ZodObject<{
         denyRead: z.ZodOptional<z.ZodArray<z.ZodPipe<z.ZodString, z.ZodTransform<string, string>>>>;
         denyWrite: z.ZodOptional<z.ZodArray<z.ZodPipe<z.ZodString, z.ZodTransform<string, string>>>>;
     }, z.core.$strict>>;
+    denialBackoff: z.ZodOptional<z.ZodObject<{
+        enabled: z.ZodOptional<z.ZodBoolean>;
+        warningThreshold: z.ZodOptional<z.ZodNumber>;
+        delayThreshold: z.ZodOptional<z.ZodNumber>;
+        delayMs: z.ZodOptional<z.ZodNumber>;
+        failFastThreshold: z.ZodOptional<z.ZodNumber>;
+        windowMs: z.ZodOptional<z.ZodNumber>;
+    }, z.core.$strict>>;
     allowedDomains: z.ZodOptional<z.ZodArray<z.ZodPipe<z.ZodString, z.ZodTransform<string, string>>>>;
     deniedDomains: z.ZodOptional<z.ZodArray<z.ZodPipe<z.ZodString, z.ZodTransform<string, string>>>>;
     allowLocalBinding: z.ZodOptional<z.ZodBoolean>;
@@ -44,6 +60,14 @@ export declare const sandboxConfigSchema: z.ZodObject<{
             denyRead: z.ZodOptional<z.ZodArray<z.ZodPipe<z.ZodString, z.ZodTransform<string, string>>>>;
             denyWrite: z.ZodOptional<z.ZodArray<z.ZodPipe<z.ZodString, z.ZodTransform<string, string>>>>;
         }, z.core.$strict>>;
+        denialBackoff: z.ZodOptional<z.ZodObject<{
+            enabled: z.ZodOptional<z.ZodBoolean>;
+            warningThreshold: z.ZodOptional<z.ZodNumber>;
+            delayThreshold: z.ZodOptional<z.ZodNumber>;
+            delayMs: z.ZodOptional<z.ZodNumber>;
+            failFastThreshold: z.ZodOptional<z.ZodNumber>;
+            windowMs: z.ZodOptional<z.ZodNumber>;
+        }, z.core.$strict>>;
         allowedDomains: z.ZodOptional<z.ZodArray<z.ZodPipe<z.ZodString, z.ZodTransform<string, string>>>>;
         deniedDomains: z.ZodOptional<z.ZodArray<z.ZodPipe<z.ZodString, z.ZodTransform<string, string>>>>;
         allowLocalBinding: z.ZodOptional<z.ZodBoolean>;
@@ -52,6 +76,7 @@ export declare const sandboxConfigSchema: z.ZodObject<{
     }, z.core.$strict>>;
 }, z.core.$strip>;
 export type NetworkOverride = z.infer<typeof networkOverrideSchema>;
+export type DenialBackoffOverride = z.infer<typeof denialBackoffOverrideSchema>;
 export type FilesystemOverride = z.infer<typeof filesystemOverrideSchema>;
 export type ProviderOverride = z.infer<typeof providerOverrideSchema>;
 export type SandboxOverrideDocument = z.infer<typeof sandboxConfigSchema>;

package/dist/configs/sandbox/schemas.js

@@ -31,6 +31,16 @@ const networkOverrideShape = {
     allowAllUnixSockets: z.boolean().optional(),
 };
 export const networkOverrideSchema = z.object(networkOverrideShape).strict();
+export const denialBackoffOverrideSchema = z
+    .object({
+    enabled: z.boolean().optional(),
+    warningThreshold: z.number().int().positive().optional(),
+    delayThreshold: z.number().int().positive().optional(),
+    delayMs: z.number().int().nonnegative().optional(),
+    failFastThreshold: z.number().int().positive().optional(),
+    windowMs: z.number().int().positive().optional(),
+})
+    .strict();
 export const filesystemOverrideSchema = z
     .object({
     allowWrite: z
@@ -48,6 +58,7 @@ export const providerOverrideSchema = z
     ...networkOverrideShape,
     network: networkOverrideSchema.optional(),
     filesystem: filesystemOverrideSchema.optional(),
+    denialBackoff: denialBackoffOverrideSchema.optional(),
 })
     .strict();
 export const sandboxConfigSchema = z.object({

package/dist/configs/sandbox/types.d.ts

@@ -5,6 +5,14 @@ export interface SandboxNetworkConfig {
     allowUnixSockets?: string[];
     allowAllUnixSockets?: boolean;
 }
+export interface DenialBackoffConfig {
+    enabled: boolean;
+    warningThreshold: number;
+    delayThreshold: number;
+    delayMs: number;
+    failFastThreshold: number;
+    windowMs: number;
+}
 export interface SandboxFilesystemConfig {
     allowWrite: string[];
     denyRead: string[];
@@ -14,6 +22,7 @@ export interface SandboxProviderConfig {
     providerId: string;
     network: SandboxNetworkConfig;
     filesystem: SandboxFilesystemConfig;
+    denialBackoff: DenialBackoffConfig;
 }
 export interface SandboxConfig {
     filePath: string;

package/dist/records/types.d.ts

@@ -24,6 +24,7 @@ export declare const watchdogMetadataSchema: z.ZodObject<{
         silence: "silence";
         "wall-clock": "wall-clock";
         "fatal-pattern": "fatal-pattern";
+        "sandbox-denial": "sandbox-denial";
     }>>;
 }, z.core.$strip>;
 export type WatchdogMetadata = z.infer<typeof watchdogMetadataSchema>;
@@ -107,8 +108,16 @@ export declare const agentInvocationRecordSchema: z.ZodObject<{
             silence: "silence";
             "wall-clock": "wall-clock";
             "fatal-pattern": "fatal-pattern";
+            "sandbox-denial": "sandbox-denial";
         }>>;
     }, z.core.$strip>>;
+    failFastTriggered: z.ZodOptional<z.ZodBoolean>;
+    failFastTarget: z.ZodOptional<z.ZodString>;
+    failFastOperation: z.ZodOptional<z.ZodEnum<{
+        "network-connect": "network-connect";
+        "file-read": "file-read";
+        "file-write": "file-write";
+    }>>;
 }, z.core.$strip>;
 export type AgentInvocationRecord = z.infer<typeof agentInvocationRecordSchema>;
 export declare const applyStatusSchema: z.ZodObject<{
@@ -189,8 +198,16 @@ export declare const runRecordSchema: z.ZodObject<{
                 silence: "silence";
                 "wall-clock": "wall-clock";
                 "fatal-pattern": "fatal-pattern";
+                "sandbox-denial": "sandbox-denial";
             }>>;
         }, z.core.$strip>>;
+        failFastTriggered: z.ZodOptional<z.ZodBoolean>;
+        failFastTarget: z.ZodOptional<z.ZodString>;
+        failFastOperation: z.ZodOptional<z.ZodEnum<{
+            "network-connect": "network-connect";
+            "file-read": "file-read";
+            "file-write": "file-write";
+        }>>;
     }, z.core.$strip>>;
     applyStatus: z.ZodOptional<z.ZodObject<{
         agentId: z.ZodString;

package/dist/records/types.js

@@ -42,7 +42,17 @@ const CHAT_ARTIFACT_FORMATS = [
     "json",
     "jsonl",
 ];
-const WATCHDOG_TRIGGERS = ["silence", "wall-clock", "fatal-pattern"];
+const WATCHDOG_TRIGGERS = [
+    "silence",
+    "wall-clock",
+    "fatal-pattern",
+    "sandbox-denial",
+];
+const FAIL_FAST_OPERATIONS = [
+    "network-connect",
+    "file-read",
+    "file-write",
+];
 export const watchdogMetadataSchema = z.object({
     /** Silence timeout in milliseconds that was enforced. */
     silenceTimeoutMs: z.number(),
@@ -82,6 +92,9 @@ export const agentInvocationRecordSchema = z
     warnings: z.array(z.string()).optional(),
     diffStatistics: z.string().optional(),
     watchdog: watchdogMetadataSchema.optional(),
+    failFastTriggered: z.boolean().optional(),
+    failFastTarget: z.string().optional(),
+    failFastOperation: z.enum(FAIL_FAST_OPERATIONS).optional(),
 })
     .superRefine((data, ctx) => {
     if (IN_PROGRESS_AGENT_STATUSES.includes(data.status)) {
@@ -110,6 +123,22 @@ export const agentInvocationRecordSchema = z
             });
         }
     }
+    if (data.failFastTriggered) {
+        if (!data.failFastTarget) {
+            ctx.addIssue({
+                code: z.ZodIssueCode.custom,
+                path: ["failFastTarget"],
+                message: "failFastTarget is required when failFastTriggered is true",
+            });
+        }
+        if (!data.failFastOperation) {
+            ctx.addIssue({
+                code: z.ZodIssueCode.custom,
+                path: ["failFastOperation"],
+                message: "failFastOperation is required when failFastTriggered is true",
+            });
+        }
+    }
 });
 export const applyStatusSchema = z.object({
     agentId: agentIdSchema,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "voratiq",
-  "version": "0.1.0-beta.0",
+  "version": "0.1.0-beta.1",
   "description": "Run multiple AI coding agents in parallel, compare their results, and apply the best solution.",
   "keywords": [
     "ai",