forgexa-cli 1.6.1__tar.gz → 1.7.5__tar.gz

{forgexa_cli-1.6.1 → forgexa_cli-1.7.5}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: forgexa-cli
-Version: 1.6.1
+Version: 1.7.5
 Summary: Forgexa CLI — command-line client and AI agent runtime for the Forgexa platform
 Author-email: Jason Sun <dev.winds@gmail.com>
 License: MIT

{forgexa_cli-1.6.1 → forgexa_cli-1.7.5}/forgexa_cli/__init__.py

@@ -1,2 +1,2 @@
 """forgexa-cli — Forgexa command-line client."""
-__version__ = "1.6.1"
+__version__ = "1.7.5"

{forgexa_cli-1.6.1 → forgexa_cli-1.7.5}/forgexa_cli/daemon.py

@@ -10,11 +10,26 @@ Usage:
 
 from __future__ import annotations
 
+import sys
+
+# ── Python version gate — must run before any other imports ──────────────────
+# Emit a machine-readable DAEMON_ERROR so the desktop app shows a clear
+# message instead of a cryptic traceback.
+if sys.version_info < (3, 9):
+    _ver = f"{sys.version_info.major}.{sys.version_info.minor}"
+    print(
+        f"DAEMON_ERROR: Python {_ver} is too old. Forgexa Daemon requires Python 3.9 or "
+        f"newer. Please upgrade Python from https://www.python.org/downloads/",
+        file=sys.stderr,
+    )
+    sys.exit(1)
+
 import asyncio
 import base64
 import hashlib
 import json
 import logging
+from logging.handlers import RotatingFileHandler
 import os
 import platform
 import re
@@ -287,6 +302,16 @@ except (ImportError, ModuleNotFoundError):
         def AGENT_MAX_OUTPUT_SIZE(self) -> int:
             return int(os.environ.get("AGENT_MAX_OUTPUT_SIZE", "100000"))
 
+        @property
+        def FACTORY_CODEX_SANDBOX(self) -> str:
+            """Codex sandbox mode: 'bypass' (default, safe) or 'bwrap' (Linux only).
+
+            'bypass' uses --dangerously-bypass-approvals-and-sandbox which works
+            in all environments including Docker without CAP_NET_ADMIN.
+            'bwrap' uses --full-auto (bubblewrap) which requires CAP_NET_ADMIN.
+            """
+            return os.environ.get("FACTORY_CODEX_SANDBOX", "bypass").strip().lower()
+
         def get_daemon_workspaces_root(self) -> str:
             root = self.DAEMON_WORKSPACES_ROOT
             if not root:
@@ -307,7 +332,7 @@ except (ImportError, ModuleNotFoundError):
 # DAEMON_VERSION is the protocol/logic version of the daemon code.
 # Kept in sync with pyproject.toml version via bump-version.sh.
 # CLIENT_TYPE identifies which packaging/distribution this daemon runs in.
-DAEMON_VERSION = "1.6.1"
+DAEMON_VERSION = "1.7.5"
 
 
 def _detect_client_type() -> str:
@@ -344,7 +369,11 @@ _log_dir.mkdir(parents=True, exist_ok=True)
 DAEMON_LOG_PATH = _log_dir / "daemon.log"
 
 _log_handlers: list[logging.Handler] = [
-    logging.FileHandler(DAEMON_LOG_PATH, mode="a", encoding="utf-8"),
+    RotatingFileHandler(
+        DAEMON_LOG_PATH, mode="a", encoding="utf-8",
+        maxBytes=50 * 1024 * 1024,  # 50 MB per file
+        backupCount=5,
+    ),
 ]
 if sys.stderr.isatty():
     _log_handlers.append(logging.StreamHandler(sys.stderr))
@@ -699,6 +728,9 @@ class AgentDiscovery:
 
     async def discover(self) -> list[DiscoveredAgent]:
         self._expand_path()
+        # Probe bwrap support once at discovery time and log a clear warning
+        # if it is broken.  This surfaces the error early rather than mid-task.
+        await self._probe_bwrap_support()
         available = []
         for agent_id, spec in self.AGENT_REGISTRY.items():
             custom_path = os.environ.get(spec.get("env_path_override", ""))
@@ -718,8 +750,9 @@ class AgentDiscovery:
 
     async def _get_version(self, detect_cmd: str) -> str:
         try:
-            proc = await asyncio.create_subprocess_shell(
-                detect_cmd,
+            parts = detect_cmd.split()
+            proc = await asyncio.create_subprocess_exec(
+                *parts,
                 stdout=asyncio.subprocess.PIPE,
                 stderr=asyncio.subprocess.PIPE,
             )
@@ -728,8 +761,60 @@ class AgentDiscovery:
         except Exception:
             return "unknown"
 
+    @staticmethod
+    async def _probe_bwrap_support() -> None:
+        """Probe whether bubblewrap (bwrap) works in this environment.
 
-# ── Workspace Manager ──
+        codex exec --full-auto internally creates a bubblewrap sandbox that
+        requires a network namespace (CAP_NET_ADMIN).  Inside Docker containers
+        or other restricted Linux environments this fails immediately with:
+            bwrap: loopback: Failed RTM_NEWADDR: Operation not permitted
+
+        We probe at startup so the operator gets an actionable warning rather
+        than a cryptic mid-task failure.  The probe is skipped on macOS/Windows
+        because Codex uses a different sandbox mechanism on those platforms.
+        """
+        if sys.platform != "linux":
+            return
+        sandbox_mode = os.environ.get("FACTORY_CODEX_SANDBOX", "bypass").strip().lower()
+        if sandbox_mode != "bwrap":
+            # Default mode bypasses sandbox — no bwrap needed, skip probe.
+            return
+        bwrap_bin = shutil.which("bwrap")
+        if not bwrap_bin:
+            logger.warning(
+                "FACTORY_CODEX_SANDBOX=bwrap but bwrap binary not found. "
+                "Codex sandbox will fail. Either install bwrap or unset "
+                "FACTORY_CODEX_SANDBOX to use bypass mode (default)."
+            )
+            return
+        try:
+            proc = await asyncio.create_subprocess_exec(
+                bwrap_bin,
+                "--dev", "/dev",
+                "--proc", "/proc",
+                "--ro-bind", "/usr", "/usr",
+                "--unshare-net",
+                "true",
+                stdout=asyncio.subprocess.DEVNULL,
+                stderr=asyncio.subprocess.PIPE,
+            )
+            _, stderr = await asyncio.wait_for(proc.communicate(), timeout=5)
+            if proc.returncode != 0:
+                err = (stderr or b"").decode(errors="replace").strip()
+                logger.warning(
+                    "bwrap probe failed (exit=%d): %s. "
+                    "codex exec --full-auto will fail in this environment. "
+                    "Unset FACTORY_CODEX_SANDBOX to use bypass mode (default), "
+                    "or grant CAP_NET_ADMIN / run privileged.",
+                    proc.returncode, err,
+                )
+            else:
+                logger.info("bwrap probe: network namespaces work in this environment")
+        except asyncio.TimeoutError:
+            logger.warning("bwrap probe timed out — treating as unsupported")
+        except Exception as exc:
+            logger.warning("bwrap probe error: %s", exc)
 
 
 class WorkspaceManager:
@@ -972,6 +1057,71 @@ class WorkspaceManager:
         # Remove the broken worktree directory
         shutil.rmtree(ws_path, ignore_errors=True)
 
+    async def _detect_unrelated_histories(self, repo_path: Path, project_key: str) -> bool:
+        """Detect whether local clone has diverged from remote due to history rewrite.
+
+        When a remote repo is rewritten (e.g. via BFG or git filter-repo to
+        remove large files), all commit SHAs change.  The local clone retains
+        the old SHAs in its object store, making fetch/reset/merge fail in
+        cryptic ways.
+
+        Strategy: ask git whether the local HEAD commit object is reachable in
+        the remote graph.  We use `git ls-remote` to get the remote HEAD SHA,
+        then check if that SHA exists locally.  If the remote HEAD does NOT
+        exist locally, histories are definitely unrelated.
+
+        Additionally, if the repo has a shallow marker but the remote default
+        branch has diverged past the shallow grafts, `git fetch` itself will
+        indicate problems.
+        """
+        try:
+            # Get the local HEAD SHA
+            local_proc = await asyncio.create_subprocess_exec(
+                "git", "rev-parse", "HEAD",
+                cwd=str(repo_path),
+                stdout=asyncio.subprocess.PIPE,
+                stderr=asyncio.subprocess.PIPE,
+            )
+            local_out, _ = await asyncio.wait_for(local_proc.communicate(), timeout=10)
+            if local_proc.returncode != 0:
+                return False
+            local_head = local_out.decode().strip()
+            if not local_head:
+                return False
+
+            # Get the remote HEAD SHA via ls-remote (no network for local check)
+            # Try to see if the remote HEAD is in local object store
+            # If git cat-file -e <remote_sha> succeeds, remote HEAD is known locally
+            # (histories still share commits). Otherwise, fully diverged.
+            #
+            # However, after a history rewrite the remote HEAD is a brand-new SHA,
+            # and the local object store only has old SHAs.  So we check the other
+            # direction: does the local HEAD exist on the remote at all?
+            # We use `git branch -r --contains <local_head>` which lists remote
+            # tracking branches that contain that commit.  If none, it's unrelated.
+            check_proc = await asyncio.create_subprocess_exec(
+                "git", "branch", "-r", "--contains", local_head,
+                cwd=str(repo_path),
+                stdout=asyncio.subprocess.PIPE,
+                stderr=asyncio.subprocess.PIPE,
+            )
+            out, _ = await asyncio.wait_for(check_proc.communicate(), timeout=10)
+            if check_proc.returncode != 0:
+                # Command failed (e.g. invalid object) — history is broken
+                return True
+            remote_branches = out.decode().strip()
+            if not remote_branches:
+                # Local HEAD is not reachable from any remote branch — unrelated
+                logger.info(
+                    "Local HEAD %s not found in any remote branch at %s — "
+                    "histories appear unrelated (remote may have been rewritten).",
+                    local_head[:12], repo_path,
+                )
+                return True
+        except Exception:
+            pass
+        return False
+
     async def _create_worktree(
         self, project_dir: Path, repo_url: str, default_branch: str,
         workspace_key: str, branch_name: str, *, fresh_start: bool = False,
@@ -1129,6 +1279,25 @@ class WorkspaceManager:
                                 )
                     if not sync_success:
                         if expect_branch:
+                            # Before giving up, check for history-rewrite: if the remote
+                            # history was rewritten (all SHAs changed), local objects are
+                            # stale and no amount of retries will fix sync.  Detect this
+                            # and destroy the workspace + _main so they get recloned.
+                            is_unrelated = await self._detect_unrelated_histories(ws_path, project_key)
+                            if is_unrelated:
+                                logger.warning(
+                                    "Detected repository history mismatch for worktree %s "
+                                    "(remote history likely rewritten). Discarding stale "
+                                    "worktree and _main clone for a full re-clone on retry.",
+                                    ws_path,
+                                )
+                                await self._remove_broken_worktree(main_repo, ws_path, workspace_key)
+                                shutil.rmtree(main_repo, ignore_errors=True)
+                                raise RuntimeError(
+                                    f"Repository history was rewritten (e.g. large-file cleanup). "
+                                    f"Stale local clone discarded. "
+                                    f"The task will be retried with a fresh clone."
+                                )
                             raise RuntimeError(
                                 f"Failed to sync branch '{branch_name}' from remote after 3 attempts. "
                                 f"The branch should exist (pushed by prior analysis/design phase). "
@@ -1149,7 +1318,36 @@ class WorkspaceManager:
                 repo_url, str(main_repo), timeout=settings.GIT_CLONE_TIMEOUT, project_key=project_key,
             )
         else:
-            await self._git("fetch", "--all", cwd=main_repo, timeout=300, project_key=project_key)
+            # Use targeted fetch instead of --all to avoid pulling every branch/tag
+            # from potentially large repos (avoids 300s timeout on big repos).
+            # Fetch default branch only; the feature branch is explicitly fetched below.
+            try:
+                await self._git(
+                    "fetch", "origin", default_branch,
+                    cwd=main_repo, timeout=settings.GIT_CLONE_TIMEOUT, project_key=project_key,
+                )
+            except RuntimeError as _fetch_err:
+                err_str = str(_fetch_err)
+                # Detect "unrelated histories" / history-rewrite scenarios:
+                # If the remote history was rewritten (e.g. BFG large-file removal),
+                # all commit SHAs change. The local clone becomes incompatible —
+                # fetch may succeed but the local refs are orphaned and unusable.
+                # Detection: check whether local HEAD exists in the remote graph.
+                is_unrelated = await self._detect_unrelated_histories(main_repo, project_key)
+                if is_unrelated or "not our ref" in err_str or "shallow" in err_str:
+                    logger.warning(
+                        "Detected repository history mismatch for %s (remote history likely "
+                        "rewritten). Discarding stale local clone and re-cloning from scratch.",
+                        main_repo,
+                    )
+                    shutil.rmtree(main_repo, ignore_errors=True)
+                    await self._git(
+                        "clone", "--single-branch", "--no-tags",
+                        repo_url, str(main_repo), timeout=settings.GIT_CLONE_TIMEOUT,
+                        project_key=project_key,
+                    )
+                else:
+                    raise
 
         # --single-branch clone only fetches the default branch.
         # Explicitly fetch the feature branch so origin/{branch_name}
@@ -1463,7 +1661,12 @@ class ProcessManager:
         "name or service not known",
         "no such host",
         "network is unreachable",
-        "api error",
+        # "api error" removed: too broad — matches agent-generated code/output
+        # discussing API errors. Real API transport errors are covered by the
+        # connection patterns above (refused, reset, timed out, etc.).
+        "apiexception:",
+        "api error: 5",   # 5xx errors like "API error: 503", "API error: 502"
+        "api error: connection",
     ]
 
     def __init__(self):
@@ -1918,7 +2121,30 @@ class ProcessManager:
                 timeout=timeout,
             )
         except asyncio.TimeoutError:
-            proc.kill()
+            # Kill the entire process group so that child processes (npm, yarn,
+            # ssh, git, etc.) spawned by the agent are also terminated.  A plain
+            # proc.kill() only kills the direct subprocess; any grandchildren
+            # become orphaned, keep pipes open, and can exhaust system resources.
+            try:
+                if sys.platform != "win32":
+                    import signal as _signal
+                    try:
+                        os.killpg(os.getpgid(proc.pid), _signal.SIGKILL)
+                    except (ProcessLookupError, PermissionError, OSError):
+                        pass
+                else:
+                    import subprocess as _subprocess
+                    _subprocess.run(
+                        ["taskkill", "/F", "/T", "/PID", str(proc.pid)],
+                        capture_output=True,
+                    )
+            except Exception:
+                pass
+            finally:
+                try:
+                    proc.kill()
+                except Exception:
+                    pass
             # Drain any remaining output after kill
             try:
                 remaining, _ = await asyncio.wait_for(proc.communicate(), timeout=5)
@@ -1985,6 +2211,7 @@ class ProcessManager:
                 cwd=str(cwd),
                 env=env,
                 limit=100 * 1024 * 1024,  # 100MB line buffer for large JSON output from long sessions
+                start_new_session=True,  # own process group → killpg on timeout kills all children
             )
             self.active_processes[task_id] = proc
             stdout, stderr, returncode = await self._stream_process(
@@ -2054,9 +2281,57 @@ class ProcessManager:
         self, agent: DiscoveredAgent, prompt: str, cwd: Path, timeout: int, task_id: str,
         on_chunk: Any = None,
     ) -> TaskResult:
-        """Run Codex CLI in exec mode (non-interactive)."""
-        cmd = [agent.command, "exec", "--full-auto", "--json", "-"]
+        """Run Codex CLI in exec mode (non-interactive).
+
+        Sandbox mode selection (FACTORY_CODEX_SANDBOX env var):
+          - "bypass" (default): --dangerously-bypass-approvals-and-sandbox
+            Safe for daemon context: the daemon already runs on a controlled
+            machine and the workspace path is pre-scoped to the project.
+            Required when running inside Docker or any environment that lacks
+            CAP_NET_ADMIN, because codex --full-auto internally uses bubblewrap
+            (bwrap) which tries to set up a loopback network interface and fails
+            with "bwrap: loopback: Failed RTM_NEWADDR: Operation not permitted".
+          - "bwrap": --full-auto (uses bubblewrap Linux sandbox).  Only works
+            when bwrap can create user+network namespaces (bare-metal Linux,
+            not inside most Docker containers).
+        """
+        sandbox_mode = os.environ.get("FACTORY_CODEX_SANDBOX", "bypass").strip().lower()
+        if sandbox_mode == "bwrap":
+            sandbox_flag = "--full-auto"
+        else:
+            # Default: bypass sandbox entirely — no bwrap, no approval prompts.
+            # Equivalent to Kimi's --yolo and OpenCode's --dangerously-skip-permissions.
+            sandbox_flag = "--dangerously-bypass-approvals-and-sandbox"
+
+        cmd = [agent.command, "exec", sandbox_flag, "--json", "-"]
         result = await self._run_cli(cmd, cwd, timeout, task_id, stdin_input=prompt, on_chunk=on_chunk)
+
+        # Detect the bwrap loopback error and surface a clear, actionable message.
+        # This happens when FACTORY_CODEX_SANDBOX=bwrap (or any future codex version
+        # that enables bwrap by default) is used inside Docker/container environments
+        # that lack CAP_NET_ADMIN.
+        if result.status == "failed" and "RTM_NEWADDR" in (result.stderr or ""):
+            logger.error(
+                "Codex sandbox (bwrap) failed for task %s with network namespace error. "
+                "Set FACTORY_CODEX_SANDBOX=bypass (default) to disable bwrap sandboxing. "
+                "Original error: %s",
+                task_id, (result.stderr or "").strip()[:500],
+            )
+            result = TaskResult(
+                status="failed",
+                exit_code=result.exit_code,
+                stdout=result.stdout,
+                stderr=result.stderr,
+                error=(
+                    "codex_sandbox_error: bubblewrap (bwrap) failed to create a network "
+                    "namespace (RTM_NEWADDR: Operation not permitted). This environment "
+                    "does not support bwrap sandboxing (e.g. Docker without CAP_NET_ADMIN). "
+                    "Fix: set FACTORY_CODEX_SANDBOX=bypass in the daemon environment "
+                    "(this is already the default — check that no override is set)."
+                ),
+                metrics=result.metrics,
+            )
+
         parsed_metrics = self._parse_agent_jsonl_output(result.stdout)
         result.metrics.update(parsed_metrics)
         return result
@@ -2065,14 +2340,23 @@ class ProcessManager:
         self, agent: DiscoveredAgent, prompt: str, cwd: Path, timeout: int, task_id: str,
         on_chunk: Any = None,
     ) -> TaskResult:
-        """Run OpenCode CLI in non-interactive mode."""
+        """Run OpenCode CLI in non-interactive mode.
+
+        Uses `opencode run --format json --dir <cwd>` for headless execution.
+        The message is passed as a positional argument.
+        NOTE: `--dir` is the correct flag (not `--cwd` which is invalid).
+        """
         cmd = [
             agent.command, "run",
             "--format", "json",
             "--dangerously-skip-permissions",
-            "--cwd", str(cwd),
-            prompt,
+            "--dir", str(cwd),
         ]
+        # Apply model override if configured (e.g. FACTORY_OPENCODE_MODEL=copilot/gpt-4.1)
+        model_override = os.environ.get("FACTORY_OPENCODE_MODEL")
+        if model_override:
+            cmd += ["--model", model_override]
+        cmd.append(prompt)
         result = await self._run_cli(cmd, cwd, timeout, task_id, on_chunk=on_chunk)
         parsed_metrics = self._parse_agent_jsonl_output(result.stdout)
         result.metrics.update(parsed_metrics)
@@ -2121,6 +2405,7 @@ class ProcessManager:
                 stdin=asyncio.subprocess.PIPE if stdin_input else None,
                 cwd=str(cwd),
                 limit=100 * 1024 * 1024,  # 100MB line buffer for large agent output
+                start_new_session=True,  # own process group → killpg on timeout kills all children
             )
             self.active_processes[task_id] = proc
             stdin_bytes = stdin_input.encode() if stdin_input else None
@@ -2136,8 +2421,28 @@ class ProcessManager:
                 error="" if status == "success" else f"Exited with code {returncode}",
             )
         except asyncio.TimeoutError:
-            if task_id in self.active_processes:
-                self.active_processes[task_id].kill()
+            proc = self.active_processes.pop(task_id, None)
+            if proc:
+                try:
+                    if sys.platform != "win32":
+                        import signal as _signal
+                        try:
+                            os.killpg(os.getpgid(proc.pid), _signal.SIGKILL)
+                        except (ProcessLookupError, PermissionError, OSError):
+                            pass
+                    else:
+                        import subprocess as _subprocess
+                        _subprocess.run(
+                            ["taskkill", "/F", "/T", "/PID", str(proc.pid)],
+                            capture_output=True,
+                        )
+                except Exception:
+                    pass
+                finally:
+                    try:
+                        proc.kill()
+                    except Exception:
+                        pass
             return TaskResult(
                 status="failed", exit_code=-1, stdout="", stderr="",
                 error=f"Timed out after {timeout}s",
@@ -2542,10 +2847,28 @@ class ProcessManager:
         return info
 
     async def cancel(self, task_id: str):
-        proc = self.active_processes.get(task_id)
+        proc = self.active_processes.pop(task_id, None)
         if proc:
-            proc.kill()
-            self.active_processes.pop(task_id, None)
+            try:
+                if sys.platform != "win32":
+                    import signal as _signal
+                    try:
+                        os.killpg(os.getpgid(proc.pid), _signal.SIGKILL)
+                    except (ProcessLookupError, PermissionError, OSError):
+                        pass
+                else:
+                    import subprocess as _subprocess
+                    _subprocess.run(
+                        ["taskkill", "/F", "/T", "/PID", str(proc.pid)],
+                        capture_output=True,
+                    )
+            except Exception:
+                pass
+            finally:
+                try:
+                    proc.kill()
+                except Exception:
+                    pass
 
 
 # ── Progress Reporter ──
@@ -2834,6 +3157,23 @@ class TaskPoller:
             logger.warning("Task poll error: %s", e)
             return []
 
+    async def poll_ai_jobs(self) -> list[dict]:
+        """Poll for AIJobs dispatched to this daemon (workspace-mode)."""
+        try:
+            resp = await self.client.get(
+                f"{self.server_url}/api/v1/runtimes/{self.runtime_id}/ai-jobs/poll",
+                timeout=10,
+            )
+            if resp.status_code == 200:
+                self._on_success()
+                return resp.json().get("ai_jobs", [])
+            elif resp.status_code in (401, 403):
+                self._on_auth_failure()
+            return []
+        except Exception as e:
+            logger.debug("AIJob poll error: %s", e)
+            return []
+
 
 # ── Server Connection ──
 
@@ -3214,6 +3554,11 @@ class RuntimeDaemon:
 
                 if not acquired:
                     logger.error("Cannot acquire daemon lock — another instance may still be running")
+                    print(
+                        "DAEMON_ERROR: Cannot acquire daemon lock — another daemon instance may "
+                        "still be running. Stop the existing daemon first or restart the machine.",
+                        file=sys.stderr,
+                    )
                     raise SystemExit(1)
 
             # Write PID to lock file (for reference, though unreadable while locked)
@@ -3269,6 +3614,11 @@ class RuntimeDaemon:
                 fcntl.flock(self._lock_file.fileno(), fcntl.LOCK_EX | fcntl.LOCK_NB)
             except (IOError, OSError):
                 logger.error("Cannot acquire daemon lock — another instance may still be running")
+                print(
+                    "DAEMON_ERROR: Cannot acquire daemon lock — another daemon instance may "
+                    "still be running. Stop the existing daemon first or restart the machine.",
+                    file=sys.stderr,
+                )
                 raise SystemExit(1)
 
         # Write our PID to the lock file for reference
@@ -3411,6 +3761,23 @@ class RuntimeDaemon:
                     self._execute_task(task, conn)
                 )
 
+            # Poll for AIJobs (workspace-mode tasks)
+            if len(self.active_tasks) < self.max_concurrent:
+                ai_jobs = await conn.poller.poll_ai_jobs()
+                for aj in ai_jobs:
+                    job_id = aj.get("job_id", "")
+                    ai_task_key = f"aijob_{job_id}"
+                    if ai_task_key in self.active_tasks:
+                        continue
+                    if len(self.active_tasks) >= self.max_concurrent:
+                        break
+                    logger.info("[%s] Starting AIJob %s (type=%s)",
+                               conn.label, job_id, aj.get("task_type"))
+                    self._task_connections[ai_task_key] = conn
+                    self.active_tasks[ai_task_key] = asyncio.create_task(
+                        self._execute_ai_job(aj, conn)
+                    )
+
     async def _execute_task(self, task: TaskInfo, conn: ServerConnection):
         """Execute a single task, reporting to the originating server connection."""
         reporter = conn.reporter
@@ -3908,12 +4275,27 @@ class RuntimeDaemon:
 
             # Testing-specific: validate structured test assets
             if node_type == "testing":
-                # Check if this type requires full test artifacts
+                # Determine which checks to run for this requirement type.
+                #
+                # _skip_test_artifacts = True  → skip ALL artifact checks
+                #   (set for types that explicitly list "test_coverage" in
+                #    skip_dimensions, e.g. "task", "documentation", "spike")
+                #
+                # _requires_structured_artifacts = True  → test-cases.json and
+                #   coverage-matrix.json are *required* deliverables.
+                #   Set only for "feature" and "improvement" — types whose
+                #   testing phase is a full QA suite rather than regression
+                #   verification.  For "bugfix", "refactor", etc. these files
+                #   are *optional*: if they exist they are validated, but their
+                #   absence is not an error (the agent only writes regression
+                #   tests + test-report.md).
                 _skip_test_artifacts = False
+                _requires_structured_artifacts = False
                 try:
                     from app.services.type_workflow_profiles import get_profile
                     _profile = get_profile(req_type)
                     _skip_test_artifacts = "test_coverage" in _profile.skip_dimensions
+                    _requires_structured_artifacts = req_type in ("feature", "improvement")
                 except Exception:
                     pass
 
@@ -3930,6 +4312,8 @@ class RuntimeDaemon:
                         base = workspace_path
 
                     # --- test-cases.json validation ---
+                    # Required for feature/improvement; optional (but validated
+                    # if present) for all other testing node types.
                     tc_path = base / "test-cases.json"
                     if tc_path.exists():
                         try:
@@ -3938,19 +4322,24 @@ class RuntimeDaemon:
                             if not cases:
                                 issues.append("test-cases.json exists but contains no test cases")
                             else:
+                                # Collect ALL malformed test cases in one pass so
+                                # the retry prompt can fix everything at once.
+                                # (Previously a `break` was used here which caused
+                                # a one-issue-per-retry cascade, burning through
+                                # max_retries before the file was fully corrected.)
                                 for tc in cases[:20]:
                                     if not tc.get("id") or not tc.get("title"):
-                                        issues.append(f"Test case missing 'id' or 'title': {tc.get('id', '?')}")
-                                        break
-                                    if not tc.get("steps"):
+                                        issues.append(
+                                            f"Test case missing 'id' or 'title': {tc.get('id', '?')}"
+                                        )
+                                    elif not tc.get("steps"):
                                         issues.append(f"Test case {tc['id']} has no 'steps'")
-                                        break
                                 p0_cases = [c for c in cases if c.get("priority") == "P0"]
                                 if not p0_cases:
                                     issues.append("No P0 priority test cases found in test-cases.json")
                         except (_json.JSONDecodeError, UnicodeDecodeError) as e:
                             issues.append(f"test-cases.json is not valid JSON: {e}")
-                    else:
+                    elif _requires_structured_artifacts:
                         issues.append(f"test-cases.json not found in {doc_dir or 'workspace root'}")
 
                     # --- coverage-matrix.json validation ---
@@ -3965,7 +4354,7 @@ class RuntimeDaemon:
                                 issues.append(f"Uncovered acceptance criteria in coverage-matrix.json: {ids}")
                         except (_json.JSONDecodeError, UnicodeDecodeError) as e:
                             issues.append(f"coverage-matrix.json is not valid JSON: {e}")
-                    else:
+                    elif _requires_structured_artifacts:
                         issues.append(f"coverage-matrix.json not found in {doc_dir or 'workspace root'}")
 
                     # --- test-report.md validation ---
@@ -3975,6 +4364,139 @@ class RuntimeDaemon:
 
         return issues
 
+    async def _execute_ai_job(self, aj: dict, conn: "ServerConnection"):
+        """Execute an AIJob in daemon workspace and report results back.
+
+        Uses WorkspaceManager for branch-based isolation, runs the agent CLI
+        with the job's prompt, auto-commits results, and reports back.
+        """
+        job_id = aj.get("job_id", "")
+        task_type = aj.get("task_type", "unknown")
+        project_info = aj.get("project", {})
+        requirement_key = aj.get("requirement_key")
+        agent_override = aj.get("agent_override")
+        system_prompt = aj.get("system_prompt", "")
+        user_prompt = aj.get("user_prompt", "")
+
+        reporter_url = f"{conn.server_url.rstrip('/')}/api/v1/runtimes/{conn.runtime_id}/ai-jobs/{job_id}"
+
+        try:
+            # Report progress: starting
+            await conn.client.post(
+                f"{reporter_url}/progress",
+                json={"current_phase": "preparing", "current_step": "Preparing workspace...", "progress_pct": 5},
+                timeout=10,
+            )
+
+            # 1. Select agent
+            agent_type = agent_override or "claude-code"
+            agent = self._select_agent(agent_type, [])
+            if not agent:
+                await conn.client.post(
+                    f"{reporter_url}/complete",
+                    json={"status": "failed", "error": f"No agent CLI for '{agent_type}'", "failure_code": "no_agent"},
+                    timeout=10,
+                )
+                return
+
+            # 2. Prepare workspace (using project info + requirement branch)
+            full_prompt = f"{system_prompt}\n\n{user_prompt}" if system_prompt else user_prompt
+            fake_task = TaskInfo(
+                task_id=job_id,
+                graph_id="",
+                node_type="ai_job",
+                agent_type=agent_type,
+                input_prompt=full_prompt,
+                input_data={},
+                timeout_seconds=settings.AGENT_TIMEOUT,
+                max_retries=0,
+                retry_count=0,
+                project=project_info,
+                work_item={},
+                fallback_chain=[],
+                requirement_workflow_id=None,
+                requirement_key=requirement_key,
+                graph_type="ai_job",
+            )
+            workspace_path = await self.workspace_manager.prepare_workspace(
+                project_info, fake_task,
+            )
+
+            await conn.client.post(
+                f"{reporter_url}/progress",
+                json={"current_phase": "running", "current_step": "Running agent...", "progress_pct": 15},
+                timeout=10,
+            )
+
+            # 3. Run agent with prompt
+            _line_buffer: list[str] = []
+
+            async def on_chunk(lines: list[str]):
+                _line_buffer.extend(lines)
+
+            result = await self.process_manager.run_agent(
+                agent, fake_task, workspace_path, on_chunk=on_chunk,
+            )
+
+            # 4. Auto-commit if successful
+            git_info = {}
+            if result.status == "success" and result.files_changed:
+                git_info = await self._auto_commit(workspace_path, fake_task)
+
+            # 5. Report completion
+            output_content = result.stdout[-20000:] if result.stdout else ""
+            scripts: dict = {}
+
+            # Try to extract per-scenario scripts from output
+            scenario_ids = aj.get("input_context", {}).get("scenario_ids", [])
+            if scenario_ids and output_content:
+                # Simple heuristic: if output is a single script, map it to first scenario
+                # Daemon-generated scripts may be multiple files in workspace
+                for sid in scenario_ids:
+                    # Check if daemon wrote test files to workspace
+                    import glob
+                    test_files = glob.glob(str(workspace_path / "tests" / "**" / f"*{sid[:8]}*"), recursive=True)
+                    if test_files:
+                        try:
+                            with open(test_files[0], "r") as f:
+                                scripts[sid] = f.read()
+                        except Exception:
+                            pass
+
+            complete_payload = {
+                "status": "success" if result.status == "success" else "failed",
+                "output_content": output_content,
+                "output_result": {
+                    "scripts": scripts,
+                    "files_changed": result.files_changed,
+                    "lines_added": result.lines_added,
+                    "lines_removed": result.lines_removed,
+                },
+                "tier_used": "agent_cli",
+                "resolved_agent": agent.agent_id,
+                "git_info": git_info,
+                "error": result.error if result.status != "success" else "",
+                "failure_code": "agent_error" if result.status != "success" else "",
+            }
+
+            await conn.client.post(
+                f"{reporter_url}/complete",
+                json=complete_payload,
+                timeout=30,
+            )
+            logger.info("AIJob %s completed: %s", job_id, result.status)
+
+        except Exception as e:
+            logger.exception("AIJob %s execution error", job_id)
+            try:
+                await conn.client.post(
+                    f"{reporter_url}/complete",
+                    json={"status": "failed", "error": str(e)[:2000], "failure_code": "daemon_exception"},
+                    timeout=10,
+                )
+            except Exception:
+                pass
+
     async def _validate_and_retry(
         self,
         agent: "DiscoveredAgent",
@@ -4845,15 +5367,29 @@ class RuntimeDaemon:
                             )
 
                     logger.info("Found unpushed commits on %s, pushing...", branch)
-                    try:
-                        await git(
-                            "push", "-u", "origin", branch,
-                            cwd=workspace_path, project_key=project_key,
-                        )
-                        logger.info("Pushed branch %s to origin", branch)
-                    except RuntimeError as exc:
-                        logger.error("Push failed for branch %s: %s", branch, exc)
-                        return f"Push failed: {exc}"
+                    last_push_exc: Exception | None = None
+                    for attempt in range(1, 4):  # retry up to 3 times
+                        try:
+                            await git(
+                                "push", "-u", "origin", branch,
+                                cwd=workspace_path, project_key=project_key,
+                            )
+                            logger.info("Pushed branch %s to origin (attempt %d)", branch, attempt)
+                            last_push_exc = None
+                            break
+                        except RuntimeError as exc:
+                            last_push_exc = exc
+                            if attempt < 3:
+                                wait = attempt * 10  # 10s, 20s
+                                logger.warning(
+                                    "Push attempt %d failed for branch %s: %s — retrying in %ds",
+                                    attempt, branch, exc, wait,
+                                )
+                                await asyncio.sleep(wait)
+                            else:
+                                logger.error("Push failed for branch %s after 3 attempts: %s", branch, exc)
+                    if last_push_exc is not None:
+                        return f"Push failed: {last_push_exc}"
                 else:
                     logger.info("No unpushed commits on %s", branch)
             return None

{forgexa_cli-1.6.1 → forgexa_cli-1.7.5}/forgexa_cli.egg-info/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: forgexa-cli
-Version: 1.6.1
+Version: 1.7.5
 Summary: Forgexa CLI — command-line client and AI agent runtime for the Forgexa platform
 Author-email: Jason Sun <dev.winds@gmail.com>
 License: MIT

{forgexa_cli-1.6.1 → forgexa_cli-1.7.5}/pyproject.toml

@@ -1,6 +1,6 @@
 [project]
 name = "forgexa-cli"
-version = "1.6.1"
+version = "1.7.5"
 description = "Forgexa CLI — command-line client and AI agent runtime for the Forgexa platform"
 requires-python = ">=3.9"
 license = { text = "MIT" }