forgexa-cli 1.7.2__tar.gz → 1.7.6__tar.gz

{forgexa_cli-1.7.2 → forgexa_cli-1.7.6}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: forgexa-cli
-Version: 1.7.2
+Version: 1.7.6
 Summary: Forgexa CLI — command-line client and AI agent runtime for the Forgexa platform
 Author-email: Jason Sun <dev.winds@gmail.com>
 License: MIT

{forgexa_cli-1.7.2 → forgexa_cli-1.7.6}/forgexa_cli/__init__.py

@@ -1,2 +1,2 @@
 """forgexa-cli — Forgexa command-line client."""
-__version__ = "1.7.2"
+__version__ = "1.7.6"

{forgexa_cli-1.7.2 → forgexa_cli-1.7.6}/forgexa_cli/daemon.py

@@ -29,6 +29,7 @@ import base64
 import hashlib
 import json
 import logging
+from logging.handlers import RotatingFileHandler
 import os
 import platform
 import re
@@ -301,6 +302,16 @@ except (ImportError, ModuleNotFoundError):
         def AGENT_MAX_OUTPUT_SIZE(self) -> int:
             return int(os.environ.get("AGENT_MAX_OUTPUT_SIZE", "100000"))
 
+        @property
+        def FACTORY_CODEX_SANDBOX(self) -> str:
+            """Codex sandbox mode: 'bypass' (default, safe) or 'bwrap' (Linux only).
+
+            'bypass' uses --dangerously-bypass-approvals-and-sandbox which works
+            in all environments including Docker without CAP_NET_ADMIN.
+            'bwrap' uses --full-auto (bubblewrap) which requires CAP_NET_ADMIN.
+            """
+            return os.environ.get("FACTORY_CODEX_SANDBOX", "bypass").strip().lower()
+
         def get_daemon_workspaces_root(self) -> str:
             root = self.DAEMON_WORKSPACES_ROOT
             if not root:
@@ -321,7 +332,7 @@ except (ImportError, ModuleNotFoundError):
 # DAEMON_VERSION is the protocol/logic version of the daemon code.
 # Kept in sync with pyproject.toml version via bump-version.sh.
 # CLIENT_TYPE identifies which packaging/distribution this daemon runs in.
-DAEMON_VERSION = "1.7.2"
+DAEMON_VERSION = "1.7.6"
 
 
 def _detect_client_type() -> str:
@@ -358,7 +369,11 @@ _log_dir.mkdir(parents=True, exist_ok=True)
 DAEMON_LOG_PATH = _log_dir / "daemon.log"
 
 _log_handlers: list[logging.Handler] = [
-    logging.FileHandler(DAEMON_LOG_PATH, mode="a", encoding="utf-8"),
+    RotatingFileHandler(
+        DAEMON_LOG_PATH, mode="a", encoding="utf-8",
+        maxBytes=50 * 1024 * 1024,  # 50 MB per file
+        backupCount=5,
+    ),
 ]
 if sys.stderr.isatty():
     _log_handlers.append(logging.StreamHandler(sys.stderr))
@@ -713,6 +728,9 @@ class AgentDiscovery:
 
     async def discover(self) -> list[DiscoveredAgent]:
         self._expand_path()
+        # Probe bwrap support once at discovery time and log a clear warning
+        # if it is broken.  This surfaces the error early rather than mid-task.
+        await self._probe_bwrap_support()
         available = []
         for agent_id, spec in self.AGENT_REGISTRY.items():
             custom_path = os.environ.get(spec.get("env_path_override", ""))
@@ -732,8 +750,9 @@ class AgentDiscovery:
 
     async def _get_version(self, detect_cmd: str) -> str:
         try:
-            proc = await asyncio.create_subprocess_shell(
-                detect_cmd,
+            parts = detect_cmd.split()
+            proc = await asyncio.create_subprocess_exec(
+                *parts,
                 stdout=asyncio.subprocess.PIPE,
                 stderr=asyncio.subprocess.PIPE,
             )
@@ -742,8 +761,60 @@ class AgentDiscovery:
         except Exception:
             return "unknown"
 
+    @staticmethod
+    async def _probe_bwrap_support() -> None:
+        """Probe whether bubblewrap (bwrap) works in this environment.
 
-# ── Workspace Manager ──
+        codex exec --full-auto internally creates a bubblewrap sandbox that
+        requires a network namespace (CAP_NET_ADMIN).  Inside Docker containers
+        or other restricted Linux environments this fails immediately with:
+            bwrap: loopback: Failed RTM_NEWADDR: Operation not permitted
+
+        We probe at startup so the operator gets an actionable warning rather
+        than a cryptic mid-task failure.  The probe is skipped on macOS/Windows
+        because Codex uses a different sandbox mechanism on those platforms.
+        """
+        if sys.platform != "linux":
+            return
+        sandbox_mode = os.environ.get("FACTORY_CODEX_SANDBOX", "bypass").strip().lower()
+        if sandbox_mode != "bwrap":
+            # Default mode bypasses sandbox — no bwrap needed, skip probe.
+            return
+        bwrap_bin = shutil.which("bwrap")
+        if not bwrap_bin:
+            logger.warning(
+                "FACTORY_CODEX_SANDBOX=bwrap but bwrap binary not found. "
+                "Codex sandbox will fail. Either install bwrap or unset "
+                "FACTORY_CODEX_SANDBOX to use bypass mode (default)."
+            )
+            return
+        try:
+            proc = await asyncio.create_subprocess_exec(
+                bwrap_bin,
+                "--dev", "/dev",
+                "--proc", "/proc",
+                "--ro-bind", "/usr", "/usr",
+                "--unshare-net",
+                "true",
+                stdout=asyncio.subprocess.DEVNULL,
+                stderr=asyncio.subprocess.PIPE,
+            )
+            _, stderr = await asyncio.wait_for(proc.communicate(), timeout=5)
+            if proc.returncode != 0:
+                err = (stderr or b"").decode(errors="replace").strip()
+                logger.warning(
+                    "bwrap probe failed (exit=%d): %s. "
+                    "codex exec --full-auto will fail in this environment. "
+                    "Unset FACTORY_CODEX_SANDBOX to use bypass mode (default), "
+                    "or grant CAP_NET_ADMIN / run privileged.",
+                    proc.returncode, err,
+                )
+            else:
+                logger.info("bwrap probe: network namespaces work in this environment")
+        except asyncio.TimeoutError:
+            logger.warning("bwrap probe timed out — treating as unsupported")
+        except Exception as exc:
+            logger.warning("bwrap probe error: %s", exc)
 
 
 class WorkspaceManager:
@@ -986,6 +1057,71 @@ class WorkspaceManager:
         # Remove the broken worktree directory
         shutil.rmtree(ws_path, ignore_errors=True)
 
+    async def _detect_unrelated_histories(self, repo_path: Path, project_key: str) -> bool:
+        """Detect whether local clone has diverged from remote due to history rewrite.
+
+        When a remote repo is rewritten (e.g. via BFG or git filter-repo to
+        remove large files), all commit SHAs change.  The local clone retains
+        the old SHAs in its object store, making fetch/reset/merge fail in
+        cryptic ways.
+
+        Strategy: ask git whether the local HEAD commit object is reachable in
+        the remote graph.  We use `git ls-remote` to get the remote HEAD SHA,
+        then check if that SHA exists locally.  If the remote HEAD does NOT
+        exist locally, histories are definitely unrelated.
+
+        Additionally, if the repo has a shallow marker but the remote default
+        branch has diverged past the shallow grafts, `git fetch` itself will
+        indicate problems.
+        """
+        try:
+            # Get the local HEAD SHA
+            local_proc = await asyncio.create_subprocess_exec(
+                "git", "rev-parse", "HEAD",
+                cwd=str(repo_path),
+                stdout=asyncio.subprocess.PIPE,
+                stderr=asyncio.subprocess.PIPE,
+            )
+            local_out, _ = await asyncio.wait_for(local_proc.communicate(), timeout=10)
+            if local_proc.returncode != 0:
+                return False
+            local_head = local_out.decode().strip()
+            if not local_head:
+                return False
+
+            # Get the remote HEAD SHA via ls-remote (no network for local check)
+            # Try to see if the remote HEAD is in local object store
+            # If git cat-file -e <remote_sha> succeeds, remote HEAD is known locally
+            # (histories still share commits). Otherwise, fully diverged.
+            #
+            # However, after a history rewrite the remote HEAD is a brand-new SHA,
+            # and the local object store only has old SHAs.  So we check the other
+            # direction: does the local HEAD exist on the remote at all?
+            # We use `git branch -r --contains <local_head>` which lists remote
+            # tracking branches that contain that commit.  If none, it's unrelated.
+            check_proc = await asyncio.create_subprocess_exec(
+                "git", "branch", "-r", "--contains", local_head,
+                cwd=str(repo_path),
+                stdout=asyncio.subprocess.PIPE,
+                stderr=asyncio.subprocess.PIPE,
+            )
+            out, _ = await asyncio.wait_for(check_proc.communicate(), timeout=10)
+            if check_proc.returncode != 0:
+                # Command failed (e.g. invalid object) — history is broken
+                return True
+            remote_branches = out.decode().strip()
+            if not remote_branches:
+                # Local HEAD is not reachable from any remote branch — unrelated
+                logger.info(
+                    "Local HEAD %s not found in any remote branch at %s — "
+                    "histories appear unrelated (remote may have been rewritten).",
+                    local_head[:12], repo_path,
+                )
+                return True
+        except Exception:
+            pass
+        return False
+
     async def _create_worktree(
         self, project_dir: Path, repo_url: str, default_branch: str,
         workspace_key: str, branch_name: str, *, fresh_start: bool = False,
@@ -1143,6 +1279,25 @@ class WorkspaceManager:
                                 )
                     if not sync_success:
                         if expect_branch:
+                            # Before giving up, check for history-rewrite: if the remote
+                            # history was rewritten (all SHAs changed), local objects are
+                            # stale and no amount of retries will fix sync.  Detect this
+                            # and destroy the workspace + _main so they get recloned.
+                            is_unrelated = await self._detect_unrelated_histories(ws_path, project_key)
+                            if is_unrelated:
+                                logger.warning(
+                                    "Detected repository history mismatch for worktree %s "
+                                    "(remote history likely rewritten). Discarding stale "
+                                    "worktree and _main clone for a full re-clone on retry.",
+                                    ws_path,
+                                )
+                                await self._remove_broken_worktree(main_repo, ws_path, workspace_key)
+                                shutil.rmtree(main_repo, ignore_errors=True)
+                                raise RuntimeError(
+                                    f"Repository history was rewritten (e.g. large-file cleanup). "
+                                    f"Stale local clone discarded. "
+                                    f"The task will be retried with a fresh clone."
+                                )
                             raise RuntimeError(
                                 f"Failed to sync branch '{branch_name}' from remote after 3 attempts. "
                                 f"The branch should exist (pushed by prior analysis/design phase). "
@@ -1163,7 +1318,36 @@ class WorkspaceManager:
                 repo_url, str(main_repo), timeout=settings.GIT_CLONE_TIMEOUT, project_key=project_key,
             )
         else:
-            await self._git("fetch", "--all", cwd=main_repo, timeout=300, project_key=project_key)
+            # Use targeted fetch instead of --all to avoid pulling every branch/tag
+            # from potentially large repos (avoids 300s timeout on big repos).
+            # Fetch default branch only; the feature branch is explicitly fetched below.
+            try:
+                await self._git(
+                    "fetch", "origin", default_branch,
+                    cwd=main_repo, timeout=settings.GIT_CLONE_TIMEOUT, project_key=project_key,
+                )
+            except RuntimeError as _fetch_err:
+                err_str = str(_fetch_err)
+                # Detect "unrelated histories" / history-rewrite scenarios:
+                # If the remote history was rewritten (e.g. BFG large-file removal),
+                # all commit SHAs change. The local clone becomes incompatible —
+                # fetch may succeed but the local refs are orphaned and unusable.
+                # Detection: check whether local HEAD exists in the remote graph.
+                is_unrelated = await self._detect_unrelated_histories(main_repo, project_key)
+                if is_unrelated or "not our ref" in err_str or "shallow" in err_str:
+                    logger.warning(
+                        "Detected repository history mismatch for %s (remote history likely "
+                        "rewritten). Discarding stale local clone and re-cloning from scratch.",
+                        main_repo,
+                    )
+                    shutil.rmtree(main_repo, ignore_errors=True)
+                    await self._git(
+                        "clone", "--single-branch", "--no-tags",
+                        repo_url, str(main_repo), timeout=settings.GIT_CLONE_TIMEOUT,
+                        project_key=project_key,
+                    )
+                else:
+                    raise
 
         # --single-branch clone only fetches the default branch.
         # Explicitly fetch the feature branch so origin/{branch_name}
@@ -1477,7 +1661,12 @@ class ProcessManager:
         "name or service not known",
         "no such host",
         "network is unreachable",
-        "api error",
+        # "api error" removed: too broad — matches agent-generated code/output
+        # discussing API errors. Real API transport errors are covered by the
+        # connection patterns above (refused, reset, timed out, etc.).
+        "apiexception:",
+        "api error: 5",   # 5xx errors like "API error: 503", "API error: 502"
+        "api error: connection",
     ]
 
     def __init__(self):
@@ -1932,7 +2121,30 @@ class ProcessManager:
                 timeout=timeout,
             )
         except asyncio.TimeoutError:
-            proc.kill()
+            # Kill the entire process group so that child processes (npm, yarn,
+            # ssh, git, etc.) spawned by the agent are also terminated.  A plain
+            # proc.kill() only kills the direct subprocess; any grandchildren
+            # become orphaned, keep pipes open, and can exhaust system resources.
+            try:
+                if sys.platform != "win32":
+                    import signal as _signal
+                    try:
+                        os.killpg(os.getpgid(proc.pid), _signal.SIGKILL)
+                    except (ProcessLookupError, PermissionError, OSError):
+                        pass
+                else:
+                    import subprocess as _subprocess
+                    _subprocess.run(
+                        ["taskkill", "/F", "/T", "/PID", str(proc.pid)],
+                        capture_output=True,
+                    )
+            except Exception:
+                pass
+            finally:
+                try:
+                    proc.kill()
+                except Exception:
+                    pass
             # Drain any remaining output after kill
             try:
                 remaining, _ = await asyncio.wait_for(proc.communicate(), timeout=5)
@@ -1999,6 +2211,7 @@ class ProcessManager:
                 cwd=str(cwd),
                 env=env,
                 limit=100 * 1024 * 1024,  # 100MB line buffer for large JSON output from long sessions
+                start_new_session=True,  # own process group → killpg on timeout kills all children
             )
             self.active_processes[task_id] = proc
             stdout, stderr, returncode = await self._stream_process(
@@ -2068,9 +2281,57 @@ class ProcessManager:
         self, agent: DiscoveredAgent, prompt: str, cwd: Path, timeout: int, task_id: str,
         on_chunk: Any = None,
     ) -> TaskResult:
-        """Run Codex CLI in exec mode (non-interactive)."""
-        cmd = [agent.command, "exec", "--full-auto", "--json", "-"]
+        """Run Codex CLI in exec mode (non-interactive).
+
+        Sandbox mode selection (FACTORY_CODEX_SANDBOX env var):
+          - "bypass" (default): --dangerously-bypass-approvals-and-sandbox
+            Safe for daemon context: the daemon already runs on a controlled
+            machine and the workspace path is pre-scoped to the project.
+            Required when running inside Docker or any environment that lacks
+            CAP_NET_ADMIN, because codex --full-auto internally uses bubblewrap
+            (bwrap) which tries to set up a loopback network interface and fails
+            with "bwrap: loopback: Failed RTM_NEWADDR: Operation not permitted".
+          - "bwrap": --full-auto (uses bubblewrap Linux sandbox).  Only works
+            when bwrap can create user+network namespaces (bare-metal Linux,
+            not inside most Docker containers).
+        """
+        sandbox_mode = os.environ.get("FACTORY_CODEX_SANDBOX", "bypass").strip().lower()
+        if sandbox_mode == "bwrap":
+            sandbox_flag = "--full-auto"
+        else:
+            # Default: bypass sandbox entirely — no bwrap, no approval prompts.
+            # Equivalent to Kimi's --yolo and OpenCode's --dangerously-skip-permissions.
+            sandbox_flag = "--dangerously-bypass-approvals-and-sandbox"
+
+        cmd = [agent.command, "exec", sandbox_flag, "--json", "-"]
         result = await self._run_cli(cmd, cwd, timeout, task_id, stdin_input=prompt, on_chunk=on_chunk)
+
+        # Detect the bwrap loopback error and surface a clear, actionable message.
+        # This happens when FACTORY_CODEX_SANDBOX=bwrap (or any future codex version
+        # that enables bwrap by default) is used inside Docker/container environments
+        # that lack CAP_NET_ADMIN.
+        if result.status == "failed" and "RTM_NEWADDR" in (result.stderr or ""):
+            logger.error(
+                "Codex sandbox (bwrap) failed for task %s with network namespace error. "
+                "Set FACTORY_CODEX_SANDBOX=bypass (default) to disable bwrap sandboxing. "
+                "Original error: %s",
+                task_id, (result.stderr or "").strip()[:500],
+            )
+            result = TaskResult(
+                status="failed",
+                exit_code=result.exit_code,
+                stdout=result.stdout,
+                stderr=result.stderr,
+                error=(
+                    "codex_sandbox_error: bubblewrap (bwrap) failed to create a network "
+                    "namespace (RTM_NEWADDR: Operation not permitted). This environment "
+                    "does not support bwrap sandboxing (e.g. Docker without CAP_NET_ADMIN). "
+                    "Fix: set FACTORY_CODEX_SANDBOX=bypass in the daemon environment "
+                    "(this is already the default — check that no override is set)."
+                ),
+                metrics=result.metrics,
+            )
+
         parsed_metrics = self._parse_agent_jsonl_output(result.stdout)
         result.metrics.update(parsed_metrics)
         return result
@@ -2079,14 +2340,25 @@ class ProcessManager:
         self, agent: DiscoveredAgent, prompt: str, cwd: Path, timeout: int, task_id: str,
         on_chunk: Any = None,
     ) -> TaskResult:
-        """Run OpenCode CLI in non-interactive mode."""
+        """Run OpenCode CLI in non-interactive mode.
+
+        Uses `opencode run --format json --dir <cwd>` for headless execution.
+        The message is passed as a positional argument.
+        NOTE: `--dir` is the correct flag (not `--cwd` which is invalid).
+        """
         cmd = [
             agent.command, "run",
             "--format", "json",
             "--dangerously-skip-permissions",
-            "--cwd", str(cwd),
-            prompt,
+            "--dir", str(cwd),
         ]
+        # Apply model override if configured (e.g. FACTORY_OPENCODE_MODEL=copilot/gpt-4.1)
+        model_override = os.environ.get("FACTORY_OPENCODE_MODEL")
+        if model_override:
+            cmd += ["--model", model_override]
+        # -- ensures yargs treats everything after it as positional args, not flags.
+        # Without this, prompts containing --flag-like text cause yargs to print help and exit 1.
+        cmd += ["--", prompt]
         result = await self._run_cli(cmd, cwd, timeout, task_id, on_chunk=on_chunk)
         parsed_metrics = self._parse_agent_jsonl_output(result.stdout)
         result.metrics.update(parsed_metrics)
@@ -2135,6 +2407,7 @@ class ProcessManager:
                 stdin=asyncio.subprocess.PIPE if stdin_input else None,
                 cwd=str(cwd),
                 limit=100 * 1024 * 1024,  # 100MB line buffer for large agent output
+                start_new_session=True,  # own process group → killpg on timeout kills all children
             )
             self.active_processes[task_id] = proc
             stdin_bytes = stdin_input.encode() if stdin_input else None
@@ -2150,8 +2423,28 @@ class ProcessManager:
                 error="" if status == "success" else f"Exited with code {returncode}",
             )
         except asyncio.TimeoutError:
-            if task_id in self.active_processes:
-                self.active_processes[task_id].kill()
+            proc = self.active_processes.pop(task_id, None)
+            if proc:
+                try:
+                    if sys.platform != "win32":
+                        import signal as _signal
+                        try:
+                            os.killpg(os.getpgid(proc.pid), _signal.SIGKILL)
+                        except (ProcessLookupError, PermissionError, OSError):
+                            pass
+                    else:
+                        import subprocess as _subprocess
+                        _subprocess.run(
+                            ["taskkill", "/F", "/T", "/PID", str(proc.pid)],
+                            capture_output=True,
+                        )
+                except Exception:
+                    pass
+                finally:
+                    try:
+                        proc.kill()
+                    except Exception:
+                        pass
             return TaskResult(
                 status="failed", exit_code=-1, stdout="", stderr="",
                 error=f"Timed out after {timeout}s",
@@ -2556,10 +2849,28 @@ class ProcessManager:
         return info
 
     async def cancel(self, task_id: str):
-        proc = self.active_processes.get(task_id)
+        proc = self.active_processes.pop(task_id, None)
         if proc:
-            proc.kill()
-            self.active_processes.pop(task_id, None)
+            try:
+                if sys.platform != "win32":
+                    import signal as _signal
+                    try:
+                        os.killpg(os.getpgid(proc.pid), _signal.SIGKILL)
+                    except (ProcessLookupError, PermissionError, OSError):
+                        pass
+                else:
+                    import subprocess as _subprocess
+                    _subprocess.run(
+                        ["taskkill", "/F", "/T", "/PID", str(proc.pid)],
+                        capture_output=True,
+                    )
+            except Exception:
+                pass
+            finally:
+                try:
+                    proc.kill()
+                except Exception:
+                    pass
 
 
 # ── Progress Reporter ──
@@ -3966,12 +4277,27 @@ class RuntimeDaemon:
 
             # Testing-specific: validate structured test assets
             if node_type == "testing":
-                # Check if this type requires full test artifacts
+                # Determine which checks to run for this requirement type.
+                #
+                # _skip_test_artifacts = True  → skip ALL artifact checks
+                #   (set for types that explicitly list "test_coverage" in
+                #    skip_dimensions, e.g. "task", "documentation", "spike")
+                #
+                # _requires_structured_artifacts = True  → test-cases.json and
+                #   coverage-matrix.json are *required* deliverables.
+                #   Set only for "feature" and "improvement" — types whose
+                #   testing phase is a full QA suite rather than regression
+                #   verification.  For "bugfix", "refactor", etc. these files
+                #   are *optional*: if they exist they are validated, but their
+                #   absence is not an error (the agent only writes regression
+                #   tests + test-report.md).
                 _skip_test_artifacts = False
+                _requires_structured_artifacts = False
                 try:
                     from app.services.type_workflow_profiles import get_profile
                     _profile = get_profile(req_type)
                     _skip_test_artifacts = "test_coverage" in _profile.skip_dimensions
+                    _requires_structured_artifacts = req_type in ("feature", "improvement")
                 except Exception:
                     pass
 
@@ -3988,6 +4314,8 @@ class RuntimeDaemon:
                         base = workspace_path
 
                     # --- test-cases.json validation ---
+                    # Required for feature/improvement; optional (but validated
+                    # if present) for all other testing node types.
                     tc_path = base / "test-cases.json"
                     if tc_path.exists():
                         try:
@@ -3996,19 +4324,24 @@ class RuntimeDaemon:
                             if not cases:
                                 issues.append("test-cases.json exists but contains no test cases")
                             else:
+                                # Collect ALL malformed test cases in one pass so
+                                # the retry prompt can fix everything at once.
+                                # (Previously a `break` was used here which caused
+                                # a one-issue-per-retry cascade, burning through
+                                # max_retries before the file was fully corrected.)
                                 for tc in cases[:20]:
                                     if not tc.get("id") or not tc.get("title"):
-                                        issues.append(f"Test case missing 'id' or 'title': {tc.get('id', '?')}")
-                                        break
-                                    if not tc.get("steps"):
+                                        issues.append(
+                                            f"Test case missing 'id' or 'title': {tc.get('id', '?')}"
+                                        )
+                                    elif not tc.get("steps"):
                                         issues.append(f"Test case {tc['id']} has no 'steps'")
-                                        break
                                 p0_cases = [c for c in cases if c.get("priority") == "P0"]
                                 if not p0_cases:
                                     issues.append("No P0 priority test cases found in test-cases.json")
                         except (_json.JSONDecodeError, UnicodeDecodeError) as e:
                             issues.append(f"test-cases.json is not valid JSON: {e}")
-                    else:
+                    elif _requires_structured_artifacts:
                         issues.append(f"test-cases.json not found in {doc_dir or 'workspace root'}")
 
                     # --- coverage-matrix.json validation ---
@@ -4023,7 +4356,7 @@ class RuntimeDaemon:
                                 issues.append(f"Uncovered acceptance criteria in coverage-matrix.json: {ids}")
                         except (_json.JSONDecodeError, UnicodeDecodeError) as e:
                             issues.append(f"coverage-matrix.json is not valid JSON: {e}")
-                    else:
+                    elif _requires_structured_artifacts:
                         issues.append(f"coverage-matrix.json not found in {doc_dir or 'workspace root'}")
 
                     # --- test-report.md validation ---
@@ -5036,15 +5369,29 @@ class RuntimeDaemon:
                             )
 
                     logger.info("Found unpushed commits on %s, pushing...", branch)
-                    try:
-                        await git(
-                            "push", "-u", "origin", branch,
-                            cwd=workspace_path, project_key=project_key,
-                        )
-                        logger.info("Pushed branch %s to origin", branch)
-                    except RuntimeError as exc:
-                        logger.error("Push failed for branch %s: %s", branch, exc)
-                        return f"Push failed: {exc}"
+                    last_push_exc: Exception | None = None
+                    for attempt in range(1, 4):  # retry up to 3 times
+                        try:
+                            await git(
+                                "push", "-u", "origin", branch,
+                                cwd=workspace_path, project_key=project_key,
+                            )
+                            logger.info("Pushed branch %s to origin (attempt %d)", branch, attempt)
+                            last_push_exc = None
+                            break
+                        except RuntimeError as exc:
+                            last_push_exc = exc
+                            if attempt < 3:
+                                wait = attempt * 10  # 10s, 20s
+                                logger.warning(
+                                    "Push attempt %d failed for branch %s: %s — retrying in %ds",
+                                    attempt, branch, exc, wait,
+                                )
+                                await asyncio.sleep(wait)
+                            else:
+                                logger.error("Push failed for branch %s after 3 attempts: %s", branch, exc)
+                    if last_push_exc is not None:
+                        return f"Push failed: {last_push_exc}"
                 else:
                     logger.info("No unpushed commits on %s", branch)
             return None

{forgexa_cli-1.7.2 → forgexa_cli-1.7.6}/forgexa_cli.egg-info/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: forgexa-cli
-Version: 1.7.2
+Version: 1.7.6
 Summary: Forgexa CLI — command-line client and AI agent runtime for the Forgexa platform
 Author-email: Jason Sun <dev.winds@gmail.com>
 License: MIT

{forgexa_cli-1.7.2 → forgexa_cli-1.7.6}/pyproject.toml

@@ -1,6 +1,6 @@
 [project]
 name = "forgexa-cli"
-version = "1.7.2"
+version = "1.7.6"
 description = "Forgexa CLI — command-line client and AI agent runtime for the Forgexa platform"
 requires-python = ">=3.9"
 license = { text = "MIT" }