cli-agent-runner 0.1.6__tar.gz → 0.1.8__tar.gz

cli_agent_runner-0.1.8/.githooks/commit-msg

@@ -0,0 +1,33 @@
+#!/bin/sh
+# Reject commit messages that contain AI-tool attribution.
+#
+# Rationale: this repository's history is curated to credit only the human
+# author. AI-tool trailers (Co-Authored-By: Claude, 🤖 Generated with ..., etc.)
+# create false "claude" / "anthropic" entries in GitHub's Contributors widget
+# and bloat commit log noise.
+#
+# Activate per clone:    git config core.hooksPath .githooks
+# Bypass (rarely needed): git commit --no-verify
+
+MSG_FILE="$1"
+
+# Strip git-comment lines before checking
+CONTENT=$(grep -v '^#' "$MSG_FILE" || true)
+
+# Case-insensitive regex; tab/space tolerant
+FORBIDDEN_REGEX='([Cc]o-[Aa]uthored-[Bb]y:|🤖|[Gg]enerated with [Cc]laude|[Gg]enerated with \[Cursor\]|noreply@anthropic\.com)'
+
+if printf '%s\n' "$CONTENT" | grep -E -q "$FORBIDDEN_REGEX"; then
+    echo "" >&2
+    echo "commit-msg hook: AI-tool attribution detected in commit message." >&2
+    echo "" >&2
+    echo "Offending lines:" >&2
+    printf '%s\n' "$CONTENT" | grep -E -n "$FORBIDDEN_REGEX" | sed 's/^/  /' >&2
+    echo "" >&2
+    echo "Strip Co-Authored-By trailers, 🤖, 'Generated with ...', and" >&2
+    echo "noreply@anthropic.com refs, then retry." >&2
+    echo "" >&2
+    echo "(Bypass: git commit --no-verify — use sparingly, requires explicit" >&2
+    echo " review since CI lint-commits job will also reject the push.)" >&2
+    exit 1
+fi

cli_agent_runner-0.1.8/.github/workflows/ci.yml

@@ -0,0 +1,105 @@
+name: CI
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+
+# Cancel in-flight runs on the same PR ref when a new push lands.
+# Push-to-main runs always complete (cancel-in-progress only on PRs).
+concurrency:
+  group: ci-${{ github.ref }}
+  cancel-in-progress: ${{ github.event_name == 'pull_request' }}
+
+jobs:
+  lint-commits:
+    name: lint commit messages (no AI-tool attribution)
+    runs-on: ubuntu-latest
+    timeout-minutes: 2
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          # PR: scan only new commits the PR introduces (base..head).
+          # Push to main: scan the just-pushed commits (before..after).
+          # fetch-depth=0 ensures both refs are available.
+          fetch-depth: 0
+      - name: scan new commit messages
+        env:
+          GH_EVENT: ${{ github.event_name }}
+          BEFORE_SHA: ${{ github.event.before }}
+          BASE_REF: ${{ github.event.pull_request.base.sha }}
+          HEAD_REF: ${{ github.event.pull_request.head.sha }}
+        run: |
+          set -euo pipefail
+          if [ "$GH_EVENT" = "pull_request" ]; then
+            RANGE="${BASE_REF}..${HEAD_REF}"
+          else
+            # push event; before is 0..0 on first push or branch creation
+            if [ -z "${BEFORE_SHA:-}" ] || [ "$BEFORE_SHA" = "0000000000000000000000000000000000000000" ]; then
+              RANGE="HEAD~1..HEAD"
+            else
+              RANGE="${BEFORE_SHA}..HEAD"
+            fi
+          fi
+          echo "Scanning commit-message bodies in $RANGE"
+          # Collect messages joined by NUL bytes; grep -P for fixed alternation.
+          BODIES=$(git log --format='%B%x00' "$RANGE" || true)
+          if [ -z "$BODIES" ]; then
+            echo "  (no commits in range)"
+            exit 0
+          fi
+          PATTERN='(Co-Authored-By:|🤖|Generated with Claude|Generated with \[Cursor\]|noreply@anthropic\.com)'
+          if printf '%s' "$BODIES" | grep -i -E -q "$PATTERN"; then
+            echo "::error::AI-tool attribution detected in new commit messages."
+            echo "Offending lines:"
+            printf '%s' "$BODIES" | grep -i -n -E "$PATTERN" || true
+            echo ""
+            echo "Strip Co-Authored-By trailers, 🤖, 'Generated with ...',"
+            echo "and noreply@anthropic.com refs, then force-push the fixed range."
+            exit 1
+          fi
+          echo "  clean"
+
+  test:
+    name: test py${{ matrix.python }} / ${{ matrix.os }}
+    runs-on: ${{ matrix.os }}
+    timeout-minutes: 15
+    strategy:
+      fail-fast: false
+      matrix:
+        python: ["3.11", "3.12", "3.13"]
+        os: [ubuntu-latest, macos-latest]
+    # Steps below mirror ./build.sh check, inlined for per-step Actions UI
+    # granularity AND because coverage requires extra pytest flags not in
+    # the local `test` task. CONTRIBUTING.md states the parity intentionally.
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - uses: actions/setup-python@v5
+        with:
+          python-version: ${{ matrix.python }}
+          cache: pip
+      - name: install
+        run: pip install -e ".[dev]"
+      - name: ruff
+        run: |
+          ruff check .
+          ruff format --check .
+      - name: tests with coverage
+        run: pytest -q --ignore=tests/e2e --ignore=tests/literate --cov --cov-report=xml --cov-report=term
+      - name: docs CI gate
+        run: |
+          python -m agent_runner._docgen
+          git diff --exit-code docs/
+      - name: literate quickstart
+        run: pytest tests/literate/ -q
+      - name: upload coverage
+        if: matrix.python == '3.12' && matrix.os == 'ubuntu-latest'
+        uses: codecov/codecov-action@v4
+        with:
+          files: ./coverage.xml
+          fail_ci_if_error: false
+        env:
+          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}

{cli_agent_runner-0.1.6 → cli_agent_runner-0.1.8}/CHANGELOG.md

@@ -7,6 +7,117 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [0.1.8] - 2026-05-13
+
+### Acknowledgements
+
+Thanks to the argus-gateway team for Phase 4 dogfooding feedback that drove
+every item in this release. 3 audit memos (~90KB) silently swept into an
+orphan stash is a real-world failure mode; this release closes that loop.
+
+### Added
+
+- `agent_runner.vcs_state.register_plugin_owned_paths()` — plugins opt-out
+  files/dirs from orphan-stash defense. Matching: trailing-slash prefix or
+  `pathlib.PurePath.match` glob (recognizes `**` for recursive segments via
+  `fnmatch` fallback on Python 3.11). Call at module import (entry_point
+  side-effect).
+- `agent_runner.vcs_state.plugin_owned_paths()` — snapshot accessor for peek.
+- `ProjectState.recent_hook_failures: list[dict]` — last 10 `hook_failed`
+  events filtered from `recent_events` for debugging hook integration.
+- peek schema bumped 1.4 → 1.5. `plugins` block now includes
+  `pre_round_hooks`, `post_round_hooks`, `owned_paths` lists.
+
+### Changed
+
+- `docs/plugins.md` register-pattern examples corrected: registration must
+  happen as module-top side effect; entry_point loaders only import, they
+  do not invoke. Old `_register()` wrapper pattern silently didn't fire.
+- `docs/plugins.md` gained "Declaring plugin-owned paths" and "Plugin tests
+  + consumer pytest collision" sections.
+
+### Fixed
+
+- Plugin outputs in plugin-declared paths (e.g. `proposals/`,
+  `logs/plugins/my_plugin/`) no longer silently swept into orphan stashes
+  by `process_orphan_wip`. Previously: 90KB Argus audit memos invisible
+  after Phase 4 round; required stash archaeology to recover.
+
+### Migration
+
+No breaking changes. Plugin authors:
+
+- If your plugin writes files to `work_dir` and they keep getting stashed
+  between rounds, opt them out:
+  ```python
+  from agent_runner.vcs_state import register_plugin_owned_paths
+  register_plugin_owned_paths(["your-output-dir/", "logs/your-plugin/**/*"])
+  ```
+- If you followed the old `_register()` pattern from docs and noticed
+  registrations not firing: move the call to module top:
+  ```python
+  # was: def _register(): register_pre_round_hook(MyHook())
+  # now: register_pre_round_hook(MyHook())  # module-top side-effect
+  ```
+
+## [0.1.7] - 2026-05-13
+
+### Migration for existing 0.1.6 users (DOWNSTREAM CONSUMERS READ THIS)
+
+If you maintain an `agent-runner.toml` by hand (rather than via `agent-runner init`),
+you must add an `[agent.env]` block to preserve the Claude self-update suppression
+that 0.1.6 injected implicitly. **Without this, mid-loop self-updates can race with
+the supervisor.**
+
+Add to your `agent-runner.toml`:
+
+```toml
+[agent.env]
+DISABLE_AUTOUPDATER = "1"
+CLAUDE_CODE_EFFORT_LEVEL = "xhigh"
+```
+
+Or regenerate cleanly:
+
+```bash
+agent-runner init --preset claude --force
+```
+
+Plugin authors (Argus Gateway, etc.): no public API was renamed or removed
+from your import surface. The deleted symbols (`agent_runner.agent_runtime.CRITICAL_ENV_DEFAULTS`,
+`agent_runner.agent_runtime.merge_critical_envs`) were internal — not part of
+the documented plugin API. A new public-API contract test
+(`tests/contract/test_public_api_surface.py`) locks in `api_types`, `events`,
+`hooks`, `monitor`, `detector_helpers` import surfaces so future refactors
+can't silently drop names you rely on.
+
+### Added
+- `agent-runner init --preset {claude,aider}` selects between bundled CLI presets
+  (default: `claude`). New preset directory: `agent_runner/presets/`.
+- `[agent.env]` TOML block — per-CLI env injections, replacing the hardcoded
+  `CRITICAL_ENV_DEFAULTS` constant. Empty dict by default.
+- `docs/recipes/aider.md` — aider integration recipe.
+- `tests/contract/test_public_api_surface.py` — public-API surface snapshot for
+  plugin authors.
+
+### Changed
+- Core code (`agent_runtime.py`, `config.py`, `runner.py`, `scaffold.py`,
+  `defenses.py`) is now truly provider-agnostic: zero hardcoded Claude defaults.
+  Claude remains the reference example throughout the docs, but its specifics
+  live in `agent_runner/presets/claude.toml` (shipped as package data).
+- `MonitorConfig.auth_fail_hint` default is now empty string; per-CLI hint
+  comes from the preset.
+- `PEEK_SCHEMA_VERSION` bumped 1.3 → 1.4. `InitResult` gains `preset: str` field.
+- `agent_runner/defenses.py` `critical_envs_injection` row now reads from
+  `cfg.agent.env.keys()` (not the deleted constant); state is "active" iff
+  the config defines any env injections, else "off".
+
+### Removed
+- `agent_runner.agent_runtime.CRITICAL_ENV_DEFAULTS` constant.
+- `agent_runner.agent_runtime.merge_critical_envs()` function.
+- `agent_runner.config._DEFAULT_AUTH_HINT` constant's Claude-specific default
+  string (replaced with `""`; per-CLI hint now in preset files).
+
 ## [0.1.6] - 2026-05-12
 
 Zero-feature maintenance release — internal cleanup pass after the 0.1.x plugin

{cli_agent_runner-0.1.6 → cli_agent_runner-0.1.8}/CONTRIBUTING.md

@@ -9,6 +9,7 @@ git clone https://github.com/wan9yu/cli-agent-runner.git
 cd cli-agent-runner
 python3 -m venv .venv && source .venv/bin/activate
 pip install -e ".[dev]"
+git config core.hooksPath .githooks    # enables the commit-msg lint hook
 ./build.sh check
 ```
 
@@ -16,6 +17,13 @@ pip install -e ".[dev]"
 + integration tests, the literate quickstart, and the docs CI gate. It's
 what GitHub Actions runs on every push and PR.
 
+`git config core.hooksPath .githooks` activates the in-repo
+[`.githooks/commit-msg`](.githooks/commit-msg) hook which rejects commit
+messages containing `Co-Authored-By:` trailers, robot emojis, or other
+AI-tool attribution patterns. The same check runs in CI (`lint-commits`
+job) and as a pytest invariant (`tests/invariants/test_no_ai_signatures.py`)
+— defense in depth.
+
 ## Workflow
 
 1. Open an issue first for non-trivial changes — saves wasted work on both sides.

{cli_agent_runner-0.1.6 → cli_agent_runner-0.1.8}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: cli-agent-runner
-Version: 0.1.6
+Version: 0.1.8
 Summary: Restart-on-exit supervisor for autonomous CLI agents
 Project-URL: Homepage, https://github.com/wan9yu/cli-agent-runner
 Project-URL: Documentation, https://github.com/wan9yu/cli-agent-runner#readme
@@ -41,10 +41,11 @@ Description-Content-Type: text/markdown
 
 # agent-runner
 
-A restart-on-exit supervisor for autonomous CLI agents. Spawn an agent (Claude
-Code, a custom CLI, anything) round-after-round under defenses that prevent
-the failure modes that bite in production: stuck rounds, orphan commits,
-OAuth burn loops, full disks, runaway memory.
+A restart-on-exit supervisor for autonomous coding CLIs. Tested with Claude
+Code and aider out of the box; any prompt-arg CLI via custom config. Spawn
+the agent round-after-round under defenses that prevent the failure modes
+that bite in production: stuck rounds, orphan commits, OAuth burn loops,
+full disks, runaway memory.
 
 ```
 ┌──────────────────────────────────────────┐

{cli_agent_runner-0.1.6 → cli_agent_runner-0.1.8}/README.md

@@ -4,10 +4,11 @@
 
 # agent-runner
 
-A restart-on-exit supervisor for autonomous CLI agents. Spawn an agent (Claude
-Code, a custom CLI, anything) round-after-round under defenses that prevent
-the failure modes that bite in production: stuck rounds, orphan commits,
-OAuth burn loops, full disks, runaway memory.
+A restart-on-exit supervisor for autonomous coding CLIs. Tested with Claude
+Code and aider out of the box; any prompt-arg CLI via custom config. Spawn
+the agent round-after-round under defenses that prevent the failure modes
+that bite in production: stuck rounds, orphan commits, OAuth burn loops,
+full disks, runaway memory.
 
 ```
 ┌──────────────────────────────────────────┐

{cli_agent_runner-0.1.6 → cli_agent_runner-0.1.8}/agent_runner/_version.py

@@ -18,7 +18,7 @@ version_tuple: tuple[int | str, ...]
 commit_id: str | None
 __commit_id__: str | None
 
-__version__ = version = '0.1.6'
-__version_tuple__ = version_tuple = (0, 1, 6)
+__version__ = version = '0.1.8'
+__version_tuple__ = version_tuple = (0, 1, 8)
 
 __commit_id__ = commit_id = None

{cli_agent_runner-0.1.6 → cli_agent_runner-0.1.8}/agent_runner/agent_runtime.py

@@ -1,10 +1,11 @@
-"""Agent subprocess management — ONLY module that spawns the claude CLI.
+"""Agent subprocess management — spawns the configured agent CLI process.
 
 Defenses encoded here:
 - R725: SIGTERM handler reaps process group before runner exits
 - R1128: ROUND_TIMEOUT is wall-clock hard wall (no activity-based extension)
 - #307: start_new_session=True isolates subprocess in its own pgrp
-- env injection: DISABLE_AUTOUPDATER=1 + CLAUDE_CODE_EFFORT_LEVEL caller-provided
+- env injection: per-CLI envs come from AgentConfig.env (preset-supplied);
+  no implicit injection in this module.
 """
 
 from __future__ import annotations
@@ -97,26 +98,14 @@ def run(
         log_file.close()
 
 
-CRITICAL_ENV_DEFAULTS: dict[str, str] = {
-    "DISABLE_AUTOUPDATER": "1",  # do not let claude self-update mid-loop
-    "CLAUDE_CODE_EFFORT_LEVEL": "xhigh",  # full effort, not default
-}
-
-
-def merge_critical_envs(user_env: dict[str, str]) -> dict[str, str]:
-    """Merge user env with CRITICAL_ENV_DEFAULTS — critical always wins."""
-    merged = dict(user_env)
-    merged.update(CRITICAL_ENV_DEFAULTS)
-    return merged
-
-
 def install_sigterm_reaper(reaper: Callable[[], None]) -> object:
     """Install a SIGTERM handler that calls ``reaper()`` first.
 
-    R725 defense: when supervisor receives SIGTERM (e.g. systemctl stop, manual
-    kill), bash wrapper would otherwise respawn fresh runner while old claude
-    keeps running → two claudes race on the same git tree, second commit can
-    swallow first commit's chat-room entry. Reaper terminates pgroup first.
+    R725 defense: when the supervisor receives SIGTERM (e.g. systemctl stop,
+    manual kill), the bash wrapper would otherwise respawn a fresh runner
+    while the old agent keeps running → two agent processes race on the same
+    git tree, the second commit can swallow the first commit's chat-room
+    entry. Reaper terminates pgroup first.
 
     Returns the previous SIGTERM handler so caller can restore it.
     """

{cli_agent_runner-0.1.6 → cli_agent_runner-0.1.8}/agent_runner/api.py

@@ -71,10 +71,16 @@ def _systemctl_user(*args: str) -> None:
 # init / install / uninstall
 
 
-def init(work_dir: Path | None = None, *, force: bool = False, commit: bool = True) -> InitResult:
+def init(
+    work_dir: Path | None = None,
+    *,
+    preset: str = "claude",
+    force: bool = False,
+    commit: bool = True,
+) -> InitResult:
     if work_dir is None:
         work_dir = Path.cwd()
-    return scaffold_project(work_dir, force=force, commit=commit)
+    return scaffold_project(work_dir, preset=preset, force=force, commit=commit)
 
 
 def install(
@@ -234,6 +240,9 @@ def _log_dir_for_project(project: str | Path) -> Path:
 # for callers that only use lifecycle verbs.
 
 from agent_runner import defenses, monitor  # noqa: E402
+from agent_runner.events import HOOK_FAILED  # noqa: E402
+
+_RECENT_HOOK_FAILURES_LIMIT = 10
 
 
 def peek(
@@ -260,6 +269,16 @@ def peek(
         if current is None:
             raise KeyError(f"round {round_num} not found under {log_dir}/rounds/")
     recent = parsed_events[-events:] if events else []
+    # Walk the tail in reverse so we stop as soon as the limit is filled.
+    # parsed_events grows unboundedly over a project's lifetime; a full-scan
+    # comprehension here would dominate watch-loop peek cost.
+    recent_hook_failures: list[dict[str, Any]] = []
+    for e in reversed(parsed_events):
+        if e.get("event") == HOOK_FAILED:
+            recent_hook_failures.append(e)
+            if len(recent_hook_failures) == _RECENT_HOOK_FAILURES_LIMIT:
+                break
+    recent_hook_failures.reverse()
 
     state = ProjectState(
         project=base_state.project,
@@ -280,6 +299,7 @@ def peek(
         system=base_state.system,
         service=status(project if project is not None else work_dir),
         recent_events=recent,
+        recent_hook_failures=recent_hook_failures,
     )
     return state if select is None else select_path(state, select)
 

{cli_agent_runner-0.1.6 → cli_agent_runner-0.1.8}/agent_runner/api_types.py

@@ -72,6 +72,7 @@ class ProjectState:
     system: SystemMetrics
     service: ServiceStatus
     recent_events: list[dict[str, Any]] = field(default_factory=list)
+    recent_hook_failures: list[dict[str, Any]] = field(default_factory=list)
 
 
 @dataclass(frozen=True)
@@ -130,6 +131,7 @@ class InitResult:
     work_dir: Path
     files_created: list[Path]
     committed: bool
+    preset: str = "claude"  # 0.1.7+; default for backward compat with synthesised InitResults
 
 
 @dataclass(frozen=True)

{cli_agent_runner-0.1.6 → cli_agent_runner-0.1.8}/agent_runner/cli/common.py

@@ -12,10 +12,11 @@ from typing import Any
 from agent_runner.api_types import ProjectState
 from agent_runner.config import Config, load_config
 from agent_runner.events import plugin_event_kinds
-from agent_runner.hooks import plugin_context_enrichers
+from agent_runner.hooks import plugin_context_enrichers, post_round_hooks, pre_round_hooks
 from agent_runner.monitor import plugin_detectors
+from agent_runner.vcs_state import plugin_owned_paths
 
-PEEK_SCHEMA_VERSION = "1.3"
+PEEK_SCHEMA_VERSION = "1.5"
 
 
 def cfg_from_args(args) -> Config:
@@ -48,7 +49,10 @@ def emit(value: Any, *, json_mode: bool) -> None:
                 "plugins": {
                     "event_kinds": plugin_event_kinds(),
                     "context_enrichers": plugin_context_enrichers(),
+                    "pre_round_hooks": [h.name for h in pre_round_hooks()],
+                    "post_round_hooks": [h.name for h in post_round_hooks()],
                     "detectors": plugin_detectors(),
+                    "owned_paths": plugin_owned_paths(),
                 },
                 **_to_jsonable(value),
             }

{cli_agent_runner-0.1.6 → cli_agent_runner-0.1.8}/agent_runner/cli/init_cmd.py

@@ -8,6 +8,12 @@ from agent_runner.cli.common import emit, fail, work_dir_from_args
 
 def add_parser(sub, parent) -> None:
     p = sub.add_parser("init", parents=[parent], help="Scaffold agent-runner project files")
+    p.add_argument(
+        "--preset",
+        choices=["claude", "aider"],
+        default="claude",
+        help="Which agent CLI preset to scaffold (default: claude)",
+    )
     p.add_argument("--force", action="store_true", help="Overwrite existing toml")
     g = p.add_mutually_exclusive_group()
     g.add_argument(
@@ -24,8 +30,8 @@ def add_parser(sub, parent) -> None:
 def cmd(args) -> int:
     work_dir = work_dir_from_args(args)
     try:
-        result = api.init(work_dir, force=args.force, commit=args.commit)
-    except (FileExistsError, RuntimeError) as e:
+        result = api.init(work_dir, preset=args.preset, force=args.force, commit=args.commit)
+    except (FileExistsError, RuntimeError, FileNotFoundError) as e:
         return fail(str(e))
     emit(result, json_mode=getattr(args, "json", False))
     return 0

{cli_agent_runner-0.1.6 → cli_agent_runner-0.1.8}/agent_runner/config.py

@@ -15,6 +15,7 @@ class AgentConfig:
     command: list[str]
     prompt_arg_template: list[str]
     name: str | None = None
+    env: dict[str, str] = field(default_factory=dict)
 
 
 @dataclass(frozen=True)
@@ -38,14 +39,16 @@ class VcsConfig:
     stash_idempotency_s: int = 5
 
 
-# Default auth-failure detection regex — claude-aware. Migrated from monitor.py
-# to config.py as the SSOT for the oauth_fail detector. Plugins / non-claude
-# providers override via [monitor].auth_fail_patterns.
+# Default auth-failure detection regex — matches common OAuth/401/expired-session
+# vocabularies. Presets override [monitor].auth_fail_hint per CLI.
 _DEFAULT_AUTH_PATTERNS: list[str] = [
     r"\b(oauth|unauthorized|401|api[_ ]key|"
     r"auth(entication)?[_ -]?(failed|error|expired)|session.*expired)\b",
 ]
-_DEFAULT_AUTH_HINT: str = "Run `claude /login` on the supervisor host or refresh ANTHROPIC_API_KEY"
+# Default auth-failure hint is empty — per-CLI hints come from preset files
+# (agent_runner/presets/*.toml) which write `[monitor].auth_fail_hint` into the
+# user's agent-runner.toml at scaffold time.
+_DEFAULT_AUTH_HINT: str = ""
 
 # Default allow-list of detector names whose ``stop_service`` action is honored.
 # Plugin detectors must be added explicitly by the operator to opt them in.
@@ -94,6 +97,7 @@ def load_config(toml_path: Path) -> Config:
         command=list(_require(agent_d, "command")),
         prompt_arg_template=list(_require(agent_d, "prompt_arg_template")),
         name=agent_d.get("name"),
+        env={str(k): str(v) for k, v in agent_d.get("env", {}).items()},
     )
     raw_work_dir = str(_require(raw, "runtime", "work_dir"))
     work_dir = _expand_path(raw_work_dir, "").resolve()

{cli_agent_runner-0.1.6 → cli_agent_runner-0.1.8}/agent_runner/defenses.py

@@ -13,7 +13,6 @@ from dataclasses import dataclass
 from pathlib import Path
 from typing import Any
 
-from agent_runner.agent_runtime import CRITICAL_ENV_DEFAULTS
 from agent_runner.config import Config
 
 
@@ -73,12 +72,13 @@ def catalog(cfg: Config) -> list[Defense]:
         ),
         Defense(
             name="critical_envs_injection",
-            value=list(CRITICAL_ENV_DEFAULTS.keys()),
+            value=sorted(cfg.agent.env.keys()),
             codifies=(
-                "DISABLE_AUTOUPDATER + CLAUDE_CODE_EFFORT_LEVEL stop claude self-updates mid-loop"
+                "Env injection via [agent.env] block — preset-supplied per CLI "
+                "(e.g. DISABLE_AUTOUPDATER for claude prevents mid-loop self-updates)"
             ),
             guarded_by=None,
-            current_state="active",
+            current_state="active" if cfg.agent.env else "off",
         ),
         Defense(
             name="startup_smoke_check",

{cli_agent_runner-0.1.6 → cli_agent_runner-0.1.8}/agent_runner/events.py

@@ -22,6 +22,11 @@ from datetime import UTC, datetime
 from pathlib import Path
 from typing import Any
 
+# Cross-module event-kind constants. Most kinds are emitted in only one place
+# (runner.py), but kinds that are also CONSUMED elsewhere (filtered, surfaced
+# in peek, asserted in tests) earn a constant to keep the spelling honest.
+HOOK_FAILED = "hook_failed"
+
 _BUILTIN_KINDS: frozenset[str] = frozenset(
     {
         "round_start",
@@ -38,7 +43,7 @@ _BUILTIN_KINDS: frozenset[str] = frozenset(
         "round_end",
         "monitor_alert_emitted",
         "monitor_auto_stop_triggered",
-        "hook_failed",
+        HOOK_FAILED,
     }
 )
 

{cli_agent_runner-0.1.6 → cli_agent_runner-0.1.8}/agent_runner/monitor.py

@@ -28,7 +28,7 @@ from agent_runner.api_types import (
     ServiceStatus,
     SystemMetrics,
 )
-from agent_runner.config import _DEFAULT_AUTH_HINT, _DEFAULT_AUTH_PATTERNS
+from agent_runner.config import _DEFAULT_AUTH_PATTERNS
 from agent_runner.context_store import read_json
 from agent_runner.events import emit as emit_event
 from agent_runner.events import now_iso_ms, parse_iso_ms
@@ -278,7 +278,7 @@ def detect_oauth_fail(
             "matches": matches,
             "window": total,
             "threshold": threshold,
-            "hint": hint if hint is not None else _DEFAULT_AUTH_HINT,
+            "hint": hint if hint is not None else "",
         },
         auto_action="stop_service",
     )

cli_agent_runner-0.1.8/agent_runner/presets/aider.toml

@@ -0,0 +1,30 @@
+# agent-runner.toml — generated by `agent-runner init --preset aider`.
+#
+# Prereqs:
+#   - aider installed (`pipx install aider-chat`)
+#   - your model provider env var set (OPENAI_API_KEY / ANTHROPIC_API_KEY /
+#     DEEPSEEK_API_KEY / OPENROUTER_API_KEY / etc.) — `aider --models` lists
+#     detected providers.
+
+[agent]
+command = ["aider", "--yes-always", "--no-stream", "--analytics-disable"]
+prompt_arg_template = ["--message", "{prompt}"]
+name = "aider"
+# [agent.env] omitted — aider needs no env injection.
+
+[runtime]
+work_dir = "."
+log_dir = "~/.agent-runner/{project}/logs"
+round_timeout_s = 1800
+restart_delay_s = 3
+
+[prompt]
+file = "./prompts/main.md"
+inject_context = true
+
+[vcs]
+orphan_action = "stash"
+stash_idempotency_s = 5
+
+[monitor]
+auth_fail_hint = "Verify your model provider env var (OPENAI_API_KEY / ANTHROPIC_API_KEY / DEEPSEEK_API_KEY / etc.); run `aider --models` to list detected providers."

cli_agent_runner-0.1.8/agent_runner/presets/claude.toml

@@ -0,0 +1,29 @@
+# agent-runner.toml — generated by `agent-runner init --preset claude`.
+
+[agent]
+command = ["claude", "--model", "claude-opus-4-7",
+           "--dangerously-skip-permissions",
+           "--verbose", "--output-format", "stream-json"]
+prompt_arg_template = ["-p", "{prompt}"]
+name = "claude"
+
+[agent.env]
+DISABLE_AUTOUPDATER = "1"
+CLAUDE_CODE_EFFORT_LEVEL = "xhigh"
+
+[runtime]
+work_dir = "."
+log_dir = "~/.agent-runner/{project}/logs"
+round_timeout_s = 1800
+restart_delay_s = 3
+
+[prompt]
+file = "./prompts/main.md"
+inject_context = true
+
+[vcs]
+orphan_action = "stash"
+stash_idempotency_s = 5
+
+[monitor]
+auth_fail_hint = "Run `claude /login` on the supervisor host or refresh ANTHROPIC_API_KEY."