plato-sdk-v2 2.3.0__py3-none-any.whl → 2.3.3__py3-none-any.whl

plato/agents/__init__.py

@@ -85,6 +85,8 @@ __all__ = [
     "span",
     "log_event",
     "upload_artifacts",
+    "upload_artifact",
+    "upload_checkpoint",
     "reset_logging",
 ]
 
@@ -102,7 +104,9 @@ from plato.agents.logging import (
     log_event,
     reset_logging,
     span,
+    upload_artifact,
     upload_artifacts,
+    upload_checkpoint,
 )
 from plato.agents.runner import run_agent
 from plato.agents.trajectory import (

plato/agents/logging.py

@@ -399,3 +399,117 @@ async def upload_artifacts(dir_path: str) -> str | None:
     except Exception as e:
         logger.warning(f"Failed to upload artifacts: {e}")
         return None
+
+
+# =============================================================================
+# Artifact Upload (Generic)
+# =============================================================================
+
+
+async def upload_artifact(
+    data: bytes,
+    artifact_type: str,
+    filename: str | None = None,
+    extra: dict[str, Any] | None = None,
+) -> dict[str, Any] | None:
+    """Upload an artifact to Chronos.
+
+    Artifacts are stored in S3 and linked to the session in the database.
+
+    Args:
+        data: Raw bytes of the artifact
+        artifact_type: Type of artifact (e.g., "state", "logs", "trajectory")
+        filename: Optional filename for the artifact
+        extra: Optional extra data to store with the artifact
+
+    Returns:
+        Dict with artifact_id and s3_url if successful, None otherwise.
+    """
+    chronos = _ChronosLogger._instance
+    if not chronos or not chronos.enabled:
+        return None
+
+    try:
+        data_base64 = base64.b64encode(data).decode("utf-8")
+        logger.info(f"Uploading artifact: type={artifact_type}, size={len(data)} bytes")
+    except Exception as e:
+        logger.warning(f"Failed to encode artifact: {e}")
+        return None
+
+    try:
+        async with httpx.AsyncClient(timeout=120.0) as client:
+            response = await client.post(
+                f"{chronos.callback_url}/artifact",
+                json={
+                    "session_id": chronos.session_id,
+                    "artifact_type": artifact_type,
+                    "data_base64": data_base64,
+                    "filename": filename,
+                    "extra": extra or {},
+                },
+            )
+            if response.status_code == 200:
+                result = response.json()
+                logger.info(f"Uploaded artifact: {result}")
+                return result
+            else:
+                logger.warning(f"Failed to upload artifact: {response.status_code} {response.text}")
+                return None
+    except Exception as e:
+        logger.warning(f"Failed to upload artifact: {e}")
+        return None
+
+
+# =============================================================================
+# Checkpoint Upload
+# =============================================================================
+
+
+async def upload_checkpoint(
+    step_number: int,
+    env_snapshots: dict[str, str],
+    state_artifact_id: str | None = None,
+    extra: dict[str, Any] | None = None,
+) -> dict[str, Any] | None:
+    """Upload checkpoint data to Chronos.
+
+    A checkpoint includes:
+    - Environment snapshots (artifact IDs per env alias)
+    - State artifact (git bundle of /state directory)
+    - Extra data (step number, timestamp, etc.)
+
+    Args:
+        step_number: The step number when this checkpoint was created
+        env_snapshots: Dict mapping env alias to artifact_id
+        state_artifact_id: Artifact ID of the state bundle (from upload_artifact)
+        extra: Optional additional data
+
+    Returns:
+        Dict with checkpoint_id if successful, None otherwise.
+    """
+    chronos = _ChronosLogger._instance
+    if not chronos or not chronos.enabled:
+        return None
+
+    try:
+        async with httpx.AsyncClient(timeout=60.0) as client:
+            response = await client.post(
+                f"{chronos.callback_url}/checkpoint",
+                json={
+                    "session_id": chronos.session_id,
+                    "step_number": step_number,
+                    "env_snapshots": env_snapshots,
+                    "state_artifact_id": state_artifact_id,
+                    "extra": extra or {},
+                },
+            )
+            if response.status_code == 200:
+                result = response.json()
+                logger.info(f"Uploaded checkpoint: step={step_number}, checkpoint_id={result.get('checkpoint_id')}")
+                return result
+            else:
+                logger.warning(f"Failed to upload checkpoint: {response.status_code} {response.text}")
+                return None
+    except Exception as e:
+        logger.warning(f"Failed to upload checkpoint: {e}")
+        return None

plato/agents/runner.py

@@ -96,6 +96,8 @@ async def run_agent(
                     f"{logs_dir}:/logs",
                     "-v",
                     f"{config_file.name}:/config.json:ro",
+                    "-v",
+                    "/var/run/docker.sock:/var/run/docker.sock",
                     "-w",
                     "/workspace",
                 ]
@@ -116,17 +118,45 @@ async def run_agent(
                 stderr=asyncio.subprocess.STDOUT,
             )
 
-            # Stream output line by line
+            # Stream output line by line, collecting for error reporting
+            output_lines: list[str] = []
             assert process.stdout is not None
             while True:
                 line = await process.stdout.readline()
                 if not line:
                     break
-                logger.info(f"[agent] {line.decode().rstrip()}")
+                decoded_line = line.decode().rstrip()
+                output_lines.append(decoded_line)
+                logger.info(f"[agent] {decoded_line}")
 
             await process.wait()
 
             if process.returncode != 0:
+                # Get last N lines of output for error context
+                error_context = "\n".join(output_lines[-50:]) if output_lines else "No output captured"
+
+                # Log error event with container output
+                await log_event(
+                    span_type="error",
+                    content=f"Agent failed with exit code {process.returncode}",
+                    source="agent",
+                    extra={
+                        "exit_code": process.returncode,
+                        "image": image,
+                        "agent_name": agent_name,
+                        "output": error_context,
+                        "output_line_count": len(output_lines),
+                    },
+                )
+
+                agent_span.set_extra(
+                    {
+                        "error": True,
+                        "exit_code": process.returncode,
+                        "output": error_context,
+                    }
+                )
+
                 raise RuntimeError(f"Agent failed with exit code {process.returncode}")
 
             agent_span.log("Agent completed successfully")

plato/v1/cli/main.py

@@ -11,7 +11,6 @@ from dotenv import load_dotenv
 from plato.v1.cli.agent import agent_app
 from plato.v1.cli.pm import pm_app
 from plato.v1.cli.sandbox import sandbox_app
-from plato.v1.cli.sim import sim_app
 from plato.v1.cli.utils import console
 from plato.v1.cli.world import world_app
 
@@ -70,7 +69,6 @@ app = typer.Typer(help="[bold blue]Plato CLI[/bold blue] - Manage Plato environm
 # Register sub-apps
 app.add_typer(sandbox_app, name="sandbox")
 app.add_typer(pm_app, name="pm")
-app.add_typer(sim_app, name="sim")
 app.add_typer(agent_app, name="agent")
 app.add_typer(world_app, name="world")
 

plato/v1/cli/sandbox.py

@@ -516,7 +516,6 @@ def sandbox_start(
                 console.print(f"  [cyan]Public URL:[/cyan]  {display_url}")
             if ssh_host and ssh_config_path:
                 console.print(f"  [cyan]SSH:[/cyan]         ssh -F {ssh_config_path} {ssh_host}")
-            console.print("  [cyan]Docker:[/cyan]      export DOCKER_HOST=unix:///var/run/docker-user.sock")
             console.print(f"\n[dim]State saved to {SANDBOX_FILE}[/dim]")
 
     except Exception as e:
@@ -1737,6 +1736,148 @@ def sandbox_state_cmd(
         raise typer.Exit(1)
 
 
+@sandbox_app.command(name="clear-audit")
+def sandbox_clear_audit(
+    config_path: Path | None = typer.Option(None, "--config-path", help="Path to plato-config.yml"),
+    dataset: str = typer.Option("base", "--dataset", "-d", help="Dataset name"),
+    json_output: bool = typer.Option(False, "--json", "-j", help="Output as JSON"),
+):
+    """
+    Clear the audit_log table(s) in the sandbox database.
+
+    Truncates all audit_log tables to reset mutation tracking. Use this after
+    initial setup/login to clear any mutations before running a clean login flow.
+
+    REQUIRES:
+
+        .sandbox.yaml in current directory (created by 'plato sandbox start')
+        plato-config.yml with database listener config
+
+    USAGE:
+
+        plato sandbox clear-audit                # Uses plato-config.yml in cwd
+        plato sandbox clear-audit -d base        # Specify dataset
+        plato sandbox clear-audit --json         # JSON output
+
+    WORKFLOW POSITION:
+
+        1. plato sandbox start -c
+        2. plato sandbox start-services
+        3. plato sandbox start-worker --wait
+        4. (agent does initial login/setup, generating mutations)
+        5. plato sandbox clear-audit            ← you are here
+        6. plato sandbox flow                   ← clean login flow
+        7. plato sandbox state --verify-no-mutations  ← should pass now
+        8. plato sandbox snapshot
+    """
+    state = require_sandbox_state()
+
+    # Get SSH info
+    ssh_host = state.get("ssh_host")
+    ssh_config_path = state.get("ssh_config_path")
+
+    if not ssh_host or not ssh_config_path:
+        console.print("[red]❌ SSH not configured. Missing ssh_host or ssh_config_path in .sandbox.yaml[/red]")
+        raise typer.Exit(1)
+
+    # Find plato-config.yml
+    if not config_path:
+        config_path = Path.cwd() / "plato-config.yml"
+        if not config_path.exists():
+            config_path = Path.cwd() / "plato-config.yaml"
+        if not config_path.exists():
+            console.print("[red]❌ plato-config.yml not found[/red]")
+            raise typer.Exit(1)
+
+    with open(config_path) as f:
+        plato_config = yaml.safe_load(f)
+
+    # Get dataset config
+    datasets = plato_config.get("datasets", {})
+    if dataset not in datasets:
+        console.print(f"[red]❌ Dataset '{dataset}' not found[/red]")
+        raise typer.Exit(1)
+
+    dataset_config = datasets[dataset]
+    listeners = dataset_config.get("listeners", {})
+
+    # Find DB listeners
+    db_listeners = []
+    for name, listener in listeners.items():
+        if isinstance(listener, dict) and listener.get("type") == "db":
+            db_listeners.append((name, listener))
+
+    if not db_listeners:
+        console.print("[red]❌ No database listeners found in plato-config.yml[/red]")
+        console.print("[yellow]Expected: datasets.<dataset>.listeners.<name>.type = 'db'[/yellow]")
+        raise typer.Exit(1)
+
+    results = []
+
+    for name, db_config in db_listeners:
+        db_type = db_config.get("db_type", "postgresql").lower()
+        db_host = db_config.get("db_host", "127.0.0.1")
+        db_port = db_config.get("db_port", 5432 if db_type == "postgresql" else 3306)
+        db_user = db_config.get("db_user", "postgres" if db_type == "postgresql" else "root")
+        db_password = db_config.get("db_password", "")
+        db_database = db_config.get("db_database", "postgres")
+
+        if not json_output:
+            console.print(f"[cyan]Clearing audit_log for listener '{name}' ({db_type})...[/cyan]")
+
+        # Build SQL command based on db_type
+        if db_type == "postgresql":
+            sql_cmd = f"PGPASSWORD='{db_password}' psql -h {db_host} -p {db_port} -U {db_user} -d {db_database} -c 'TRUNCATE TABLE audit_log RESTART IDENTITY CASCADE'"
+        elif db_type in ("mysql", "mariadb"):
+            sql_cmd = f"mysql -h {db_host} -P {db_port} -u {db_user} -p'{db_password}' {db_database} -e 'SET FOREIGN_KEY_CHECKS=0; DELETE FROM audit_log; SET FOREIGN_KEY_CHECKS=1;'"
+        else:
+            if not json_output:
+                console.print(f"[yellow]⚠ Unsupported db_type '{db_type}' for listener '{name}'[/yellow]")
+            results.append({"listener": name, "success": False, "error": f"Unsupported db_type: {db_type}"})
+            continue
+
+        # Run via SSH
+        ret, stdout, stderr = _run_ssh_command(ssh_config_path, ssh_host, sql_cmd)
+
+        if ret == 0:
+            if not json_output:
+                console.print(f"[green]✅ Cleared audit_log for '{name}'[/green]")
+            results.append({"listener": name, "success": True})
+        else:
+            if not json_output:
+                console.print(f"[red]❌ Failed to clear audit_log for '{name}': {stderr}[/red]")
+            results.append({"listener": name, "success": False, "error": stderr})
+
+    # Call state API to refresh in-memory mutation cache
+    session_id = state.get("session_id")
+    api_key = require_api_key()
+    if session_id:
+        if not json_output:
+            console.print("[dim]Refreshing state cache...[/dim]")
+        try:
+            with get_http_client() as client:
+                sessions_state.sync(
+                    client=client,
+                    session_id=session_id,
+                    x_api_key=api_key,
+                )
+        except Exception as e:
+            if not json_output:
+                console.print(f"[yellow]⚠ Failed to refresh state cache: {e}[/yellow]")
+
+    if json_output:
+        console.print(json.dumps({"results": results}))
+    else:
+        # Summary
+        success_count = sum(1 for r in results if r["success"])
+        total = len(results)
+        if success_count == total:
+            console.print(f"\n[green]✅ All {total} audit logs cleared successfully[/green]")
+        else:
+            console.print(f"\n[yellow]⚠ {success_count}/{total} audit logs cleared[/yellow]")
+            raise typer.Exit(1)
+
+
 @sandbox_app.command(name="audit-ui")
 def sandbox_audit_ui():
     """
@@ -1786,31 +1927,24 @@ def sandbox_audit_ui():
 
 
 def _copy_files_respecting_gitignore(src_dir: Path, dst_dir: Path) -> None:
-    """Copy files from src to dst respecting .gitignore rules."""
-    # Copy .gitignore first if it exists
-    gitignore_src = src_dir / ".gitignore"
-    if gitignore_src.exists():
-        gitignore_dst = dst_dir / ".gitignore"
-        if not gitignore_dst.exists():
-            shutil.copy2(gitignore_src, gitignore_dst)
-
-    def should_copy(file_path: Path) -> bool:
-        """Check if file should be copied (not ignored by git)."""
-        base_name = file_path.name
-        # Skip .git directories and .plato-hub.json
-        if base_name.startswith(".git") or base_name == ".plato-hub.json":
-            return False
-        # Use git check-ignore to respect .gitignore rules
-        try:
-            result = subprocess.run(
-                ["git", "check-ignore", "-q", str(file_path)],
-                cwd=src_dir,
-                capture_output=True,
-            )
-            # git check-ignore returns 0 if path IS ignored, 1 if NOT ignored
-            return result.returncode != 0
-        except Exception:
+    """Copy files from src to dst, skipping .git/ and .plato-hub.json.
+
+    Note: This function intentionally does NOT respect .gitignore because
+    start-services needs to copy all workspace files to the VM, including
+    config files that might be gitignored locally (like docker-compose.yml
+    in a 'base/' directory).
+    """
+
+    def should_skip(rel_path: Path) -> bool:
+        """Check if path should be skipped."""
+        parts = rel_path.parts
+        # Skip anything inside .git/ directory
+        if ".git" in parts:
+            return True
+        # Skip .plato-hub.json
+        if rel_path.name == ".plato-hub.json":
             return True
+        return False
 
     # Walk through source directory
     for src_path in src_dir.rglob("*"):
@@ -1820,8 +1954,8 @@ def _copy_files_respecting_gitignore(src_dir: Path, dst_dir: Path) -> None:
         if str(rel_path) == ".":
             continue
 
-        # Check if should copy
-        if not should_copy(src_path):
+        # Check if should skip
+        if should_skip(rel_path):
             continue
 
         dst_path = dst_dir / rel_path
@@ -2007,6 +2141,34 @@ def sandbox_start_services(
 
     try:
         with get_http_client() as client:
+
+            def start_services_on_vm(repo_dir: str) -> list[dict[str, str]]:
+                """Start docker compose services on the VM."""
+                services_started: list[dict[str, str]] = []
+                for svc_name, svc_config in services_config.items():
+                    svc_type = svc_config.get("type", "")
+                    if svc_type == "docker-compose":
+                        compose_file = svc_config.get("file", "docker-compose.yml")
+                        compose_cmd = f"cd {repo_dir} && docker compose -f {compose_file} up -d"
+
+                        if not json_output:
+                            console.print(f"[cyan]  Starting docker compose service: {svc_name}...[/cyan]")
+
+                        ret, stdout, stderr = _run_ssh_command(ssh_config_path, ssh_host, compose_cmd)
+                        if ret != 0:
+                            console.print(f"[red]❌ Failed to start service '{svc_name}': {stderr}[/red]")
+                            raise typer.Exit(1)
+
+                        services_started.append({"name": svc_name, "type": "docker-compose", "file": compose_file})
+                        if not json_output:
+                            console.print(f"[green]  ✓ Started docker compose service: {svc_name}[/green]")
+                    else:
+                        if not json_output:
+                            console.print(
+                                f"[yellow]  ⚠ Skipped service '{svc_name}' (unknown type: {svc_type})[/yellow]"
+                            )
+                return services_started
+
             # Step 1: Get Gitea credentials
             if not json_output:
                 console.print("[cyan]Step 1: Getting Gitea credentials...[/cyan]")
@@ -2064,6 +2226,8 @@ def sandbox_start_services(
             if not json_output:
                 console.print("[cyan]Step 4: Pushing code to hub...[/cyan]")
 
+            repo_dir = f"/home/plato/worktree/{service_name}"
+
             with tempfile.TemporaryDirectory(prefix="plato-hub-") as temp_dir:
                 temp_repo = Path(temp_dir) / "repo"
 
@@ -2148,8 +2312,6 @@ def sandbox_start_services(
             if not json_output:
                 console.print("[cyan]Step 5: Cloning repo on VM...[/cyan]")
 
-            repo_dir = f"/home/plato/worktree/{service_name}"
-
             # Create worktree directory
             _run_ssh_command(ssh_config_path, ssh_host, "mkdir -p /home/plato/worktree")
 
@@ -2170,27 +2332,7 @@ def sandbox_start_services(
             if not json_output:
                 console.print("[cyan]Step 6: Starting services...[/cyan]")
 
-            services_started = []
-            for svc_name, svc_config in services_config.items():
-                svc_type = svc_config.get("type", "")
-                if svc_type == "docker-compose":
-                    compose_file = svc_config.get("file", "docker-compose.yml")
-                    compose_cmd = f"cd {repo_dir} && DOCKER_HOST=unix:///var/run/docker-user.sock docker compose -f {compose_file} up -d"
-
-                    if not json_output:
-                        console.print(f"[cyan]  Starting docker compose service: {svc_name}...[/cyan]")
-
-                    ret, stdout, stderr = _run_ssh_command(ssh_config_path, ssh_host, compose_cmd)
-                    if ret != 0:
-                        console.print(f"[red]❌ Failed to start service '{svc_name}': {stderr}[/red]")
-                        raise typer.Exit(1)
-
-                    services_started.append({"name": svc_name, "type": "docker-compose", "file": compose_file})
-                    if not json_output:
-                        console.print(f"[green]  ✓ Started docker compose service: {svc_name}[/green]")
-                else:
-                    if not json_output:
-                        console.print(f"[yellow]  ⚠ Skipped service '{svc_name}' (unknown type: {svc_type})[/yellow]")
+            services_started = start_services_on_vm(repo_dir)
 
             # Output results
             if json_output:

plato/v1/cli/ssh.py

@@ -9,9 +9,21 @@ from cryptography.hazmat.primitives import serialization
 from cryptography.hazmat.primitives.asymmetric import ed25519
 
 
+def get_plato_dir() -> Path:
+    """Get the directory for plato config/SSH files.
+
+    Uses /workspace/.plato if /workspace exists (container environment),
+    otherwise uses ~/.plato (local development).
+    """
+    workspace = Path("/workspace")
+    if workspace.exists() and workspace.is_dir():
+        return workspace / ".plato"
+    return Path.home() / ".plato"
+
+
 def get_next_sandbox_number() -> int:
-    """Find next available sandbox number by checking existing config files in ~/.plato/."""
-    plato_dir = Path.home() / ".plato"
+    """Find next available sandbox number by checking existing config files."""
+    plato_dir = get_plato_dir()
     if not plato_dir.exists():
         return 1
 
@@ -35,7 +47,7 @@ def generate_ssh_key_pair(sandbox_num: int) -> tuple[str, str]:
 
     Returns (public_key_str, private_key_path).
     """
-    plato_dir = Path.home() / ".plato"
+    plato_dir = get_plato_dir()
     plato_dir.mkdir(mode=0o700, exist_ok=True)
 
     private_key_path = plato_dir / f"ssh_{sandbox_num}_key"
@@ -160,7 +172,7 @@ def create_ssh_config(
     TCPKeepAlive yes
 """
 
-    plato_dir = Path.home() / ".plato"
+    plato_dir = get_plato_dir()
     plato_dir.mkdir(mode=0o700, exist_ok=True)
 
     config_path = plato_dir / f"ssh_{sandbox_num}.conf"