merge: catch up with upstream main

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
chore: remove direct pino/pino-pretty dependency
2026-06-12 18:11:51 +08:00 · 2026-03-28 15:28:05 +03:00 · 2026-03-27 22:39:12 +03:00 · 2026-03-08 22:37:30 +02:00 · 2026-03-08 22:37:01 +02:00
7 changed files with 1101 additions and 0 deletions
@@ -0,0 +1,153 @@
 ---
 name: add-github
 description: Add GitHub skill to container agents. Installs gh CLI in the container, passes GITHUB_TOKEN via stdin, and adds the agent-github skill doc so agents can manage issues, PRs, and code review.
 ---
 # Add GitHub Skill
 This skill gives container agents access to the GitHub CLI (`gh`) for managing issues, pull requests, and code review.
 ## Phase 1: Pre-flight
 ### Check if already applied
 Read `.nanoclaw/state.yaml`. If `github` is in `applied_skills`, skip to Phase 3 (Configure). The code changes are already in place.
 ### Ask the user
 Use `AskUserQuestion` to collect the GitHub token:
 AskUserQuestion: Do you have a GitHub personal access token, or do you need to create one?
 If they have one, collect it now. If not, guide them in Phase 3.
 ## Phase 2: Apply Code Changes
 ### Initialize skills system (if needed)
 If `.nanoclaw/` directory doesn't exist yet:
 ```bash
 npx tsx scripts/apply-skill.ts --init
 ```
 ### Apply the skill
 ```bash
 npx tsx scripts/apply-skill.ts .claude/skills/add-github
 ```
 This deterministically:
 - Adds `container/skills/agent-github/SKILL.md` (agent-facing GitHub CLI docs)
 - Three-way merges `gh` CLI installation into `container/Dockerfile`
 - Three-way merges `GITHUB_TOKEN` and `GH_REPO` into `readSecrets()` in `src/container-runner.ts`
 - Records the application in `.nanoclaw/state.yaml`
 If the apply reports merge conflicts, read the intent files:
 - `modify/container/Dockerfile.intent.md` — what changed for the Dockerfile
 - `modify/src/container-runner.ts.intent.md` — what changed for container-runner.ts
 ### Validate
 ```bash
 npm run build
 ```
 Build must be clean before proceeding.
 ## Phase 3: Configure Token and Repository
 ### Step 1: Ask for token or guide creation
 Use `AskUserQuestion`:
 AskUserQuestion: Do you have a GitHub personal access token already, or do you need to create one?
 If they need to create one, tell them:
 > Create a GitHub personal access token (classic):
 >
 > 1. Go to https://github.com/settings/tokens/new
 > 2. **Note**: `NanoClaw agent` (or whatever you like)
 > 3. **Expiration**: 90 days (recommended) or "No expiration"
 > 4. **Scopes**: select `repo` (full repo access — covers issues, PRs, code, status)
 > 5. Click **Generate token** and copy it immediately (you can only see it once)
 >
 > The token will start with `ghp_...`. Paste it here when you have it.
 Wait for the user to provide the token.
 ### Step 2: Ask for target repository
 Use `AskUserQuestion`:
 AskUserQuestion: Which GitHub repository should the agent manage? (format: `owner/repo`)
 ### Step 3: Add to `.env`
 Add both values to `.env`:
 ```bash
 GITHUB_TOKEN=ghp_...
 GH_REPO=owner/repo
 ```
 `GH_REPO` sets the default repository so the agent doesn't need `--repo` on every command.
 ### Step 4: Sync env and restart
 ```bash
 npm run build
 ./container/build.sh
 rm -r data/sessions/*/agent-runner-src 2>/dev/null || true
 launchctl kickstart -k gui/$(id -u)/com.nanoclaw  # macOS
 # Linux: systemctl --user restart nanoclaw
 ```
 ## Phase 4: Verify
 ### Test the connection
 Tell the user:
 > GitHub is connected! Send this in your main channel:
 >
 > "List the open issues on our repo"
 The agent should invoke `gh issue list` and return results.
 ### Check logs if needed
 ```bash
 tail -f logs/nanoclaw.log
 ```
 ## Troubleshooting
 ### gh: not found
 The container needs to be rebuilt with the `gh` CLI:
 ```bash
 ./container/build.sh
 rm -r data/sessions/*/agent-runner-src 2>/dev/null || true
 launchctl kickstart -k gui/$(id -u)/com.nanoclaw
 ```
 ### gh: authentication required
 - Check `GITHUB_TOKEN` is set in `.env`
 - Restart NanoClaw
 ### Rate limit exceeded
 GitHub allows 5,000 requests/hour with token auth. If hitting limits, the agent is likely making too many API calls in a loop.
 ## Removal
 1. Delete `container/skills/agent-github/SKILL.md`
 2. Remove `gh` installation block from `container/Dockerfile`
 3. Remove `GITHUB_TOKEN` and `GH_REPO` from `readSecrets()` in `src/container-runner.ts`
 4. Remove `GITHUB_TOKEN` and `GH_REPO` from `.env`
 5. Remove `github` from `.nanoclaw/state.yaml`
 6. Rebuild: `./container/build.sh && npm run build && launchctl kickstart -k gui/$(id -u)/com.nanoclaw`
@@ -0,0 +1,86 @@
 ---
 name: agent-github
 description: Manage GitHub issues, pull requests, and code review for the repository. Use for any GitHub task — listing issues, reviewing PRs, checking CI status, adding labels, posting comments.
 allowed-tools: Bash(gh:*)
 ---
 # GitHub CLI (`gh`)
 ## Authentication
 `gh` is pre-authenticated via `GITHUB_TOKEN` env var. The target repo is set via `GH_REPO` (e.g., `owner/repo`), so you don't need to specify `--repo` on every command.
 ## Read operations
 ### Issues
 ```bash
 gh issue list                              # Open issues
 gh issue list --state closed --limit 10    # Recent closed issues
 gh issue list --label "bug"                # Filter by label
 gh issue list --assignee "@me"             # Assigned to me
 gh issue list --search "keyword"           # Search issues
 gh issue view 42                           # View issue details
 gh issue view 42 --comments                # Include comments
 ```
 ### Pull requests
 ```bash
 gh pr list                                 # Open PRs
 gh pr list --state merged --limit 10       # Recent merged PRs
 gh pr list --author "username"             # Filter by author
 gh pr view 99                              # View PR details
 gh pr view 99 --comments                   # Include comments
 gh pr diff 99                              # View PR diff
 gh pr checks 99                            # CI/check status
 ```
 ### Repository info
 ```bash
 gh api repos/{owner}/{repo}/branches       # List branches
 gh api repos/{owner}/{repo}/commits?per_page=10  # Recent commits
 gh api repos/{owner}/{repo}/releases/latest # Latest release
 gh api repos/{owner}/{repo}/actions/runs?per_page=5  # Recent workflow runs
 ```
 ## Safe write operations
 ### Issue comments and labels
 ```bash
 gh issue comment 42 --body "Looks good, marking as reviewed."
 gh issue edit 42 --add-label "reviewed"
 gh issue edit 42 --remove-label "needs-triage"
 gh issue edit 42 --add-assignee "username"
 ```
 ### PR comments and reviews
 ```bash
 gh pr comment 99 --body "LGTM, one minor suggestion below."
 gh pr review 99 --approve --body "Approved."
 gh pr review 99 --request-changes --body "Please fix the failing test."
 gh pr review 99 --comment --body "Looks good overall."
 ```
 ## NOT allowed
 Do NOT perform these operations — they are destructive or require human decision:
 - `gh pr merge` / `gh pr close` / `gh pr reopen`
 - `gh issue create` / `gh issue close` / `gh issue reopen`
 - `gh release create` / `gh release delete`
 - `gh repo delete` / `gh repo rename`
 - `git push --force` / `git push --force-with-lease`
 - Any `gh api -X DELETE` call
 - Any `gh api -X PUT/PATCH` on branch protection rules
 ## Tips
 - Use `--json` for structured output: `gh issue list --json number,title,labels`
 - Combine with `jq` for filtering: `gh pr list --json number,title,checks --jq '.[] | select(.checks | length > 0)'`
 - Rate limits: GitHub allows 5,000 requests/hour with token auth — plenty for normal use
 - For large lists, use `--limit`: `gh issue list --limit 50`
 - To get the repo owner/name: `gh repo view --json nameWithOwner --jq .nameWithOwner`
@@ -0,0 +1,17 @@
 skill: github
 version: 1.0.0
 description: "GitHub CLI skill for container agents"
 core_version: 0.1.0
 adds:
  - container/skills/agent-github/SKILL.md
 modifies:
  - container/Dockerfile
  - src/container-runner.ts
 structured:
  npm_dependencies: {}
  env_additions:
    - GITHUB_TOKEN
    - GH_REPO
 conflicts: []
 depends: []
 test: "npm run build"
@@ -0,0 +1,77 @@
 # NanoClaw Agent Container
 # Runs Claude Agent SDK in isolated Linux VM with browser automation
 FROM node:22-slim
 # Install system dependencies for Chromium
 RUN apt-get update && apt-get install -y \
    chromium \
    fonts-liberation \
    fonts-noto-cjk \
    fonts-noto-color-emoji \
    libgbm1 \
    libnss3 \
    libatk-bridge2.0-0 \
    libgtk-3-0 \
    libx11-xcb1 \
    libxcomposite1 \
    libxdamage1 \
    libxrandr2 \
    libasound2 \
    libpangocairo-1.0-0 \
    libcups2 \
    libdrm2 \
    libxshmfence1 \
    curl \
    git \
    && rm -rf /var/lib/apt/lists/*
 # Install GitHub CLI
 RUN curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg \
      -o /usr/share/keyrings/githubcli-archive-keyring.gpg \
    && echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" \
      > /etc/apt/sources.list.d/github-cli.list \
    && apt-get update && apt-get install -y gh \
    && rm -rf /var/lib/apt/lists/*
 # Set Chromium path for agent-browser
 ENV AGENT_BROWSER_EXECUTABLE_PATH=/usr/bin/chromium
 ENV PLAYWRIGHT_CHROMIUM_EXECUTABLE_PATH=/usr/bin/chromium
 # Install agent-browser and claude-code globally
 RUN npm install -g agent-browser @anthropic-ai/claude-code
 # Create app directory
 WORKDIR /app
 # Copy package files first for better caching
 COPY agent-runner/package*.json ./
 # Install dependencies
 RUN npm install
 # Copy source code
 COPY agent-runner/ ./
 # Build TypeScript
 RUN npm run build
 # Create workspace directories
 RUN mkdir -p /workspace/group /workspace/global /workspace/extra /workspace/ipc/messages /workspace/ipc/tasks /workspace/ipc/input
 # Create entrypoint script
 # Secrets are passed via stdin JSON — temp file is deleted immediately after Node reads it
 # Follow-up messages arrive via IPC files in /workspace/ipc/input/
 RUN printf '#!/bin/bash\nset -e\ncd /app && npx tsc --outDir /tmp/dist 2>&1 >&2\nln -s /app/node_modules /tmp/dist/node_modules\nchmod -R a-w /tmp/dist\ncat > /tmp/input.json\nnode /tmp/dist/index.js < /tmp/input.json\n' > /app/entrypoint.sh && chmod +x /app/entrypoint.sh
 # Set ownership to node user (non-root) for writable directories
 RUN chown -R node:node /workspace && chmod 777 /home/node
 # Switch to non-root user (required for --dangerously-skip-permissions)
 USER node
 # Set working directory to group workspace
 WORKDIR /workspace/group
 # Entry point reads JSON from stdin, outputs JSON to stdout
 ENTRYPOINT ["/app/entrypoint.sh"]
@@ -0,0 +1,30 @@
 # Intent: container/Dockerfile modifications
 ## What changed
 Added GitHub CLI (`gh`) installation from GitHub's official apt repository, placed after the existing system dependencies block.
 ## Key sections
 ### gh CLI installation
 - Added after the `rm -rf /var/lib/apt/lists/*` line that closes the system dependencies block:
  ```dockerfile
  RUN curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg \
        -o /usr/share/keyrings/githubcli-archive-keyring.gpg \
      && echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" \
        > /etc/apt/sources.list.d/github-cli.list \
      && apt-get update && apt-get install -y gh \
      && rm -rf /var/lib/apt/lists/*
  ```
 - Uses the official GitHub apt repo with signed keyring
 - Cleans apt lists to minimize image size
 ## Invariants
 - All existing system dependencies (chromium, fonts, curl, git) are unchanged
 - The Chromium env vars below are unchanged
 - All subsequent steps (npm install, COPY, build, entrypoint) are unchanged
 ## Must-keep
 - The existing `apt-get install` block for system dependencies
 - The `AGENT_BROWSER_EXECUTABLE_PATH` and `PLAYWRIGHT_CHROMIUM_EXECUTABLE_PATH` env vars
 - The npm global install of `agent-browser` and `@anthropic-ai/claude-code`
 - The entire build, COPY, and entrypoint sequence
@@ -0,0 +1,704 @@
 /**
 * Container Runner for NanoClaw
 * Spawns agent execution in containers and handles IPC
 */
 import { ChildProcess, exec, spawn } from 'child_process';
 import fs from 'fs';
 import path from 'path';
 import {
  CONTAINER_IMAGE,
  CONTAINER_MAX_OUTPUT_SIZE,
  CONTAINER_TIMEOUT,
  DATA_DIR,
  GROUPS_DIR,
  IDLE_TIMEOUT,
  TIMEZONE,
 } from './config.js';
 import { readEnvFile } from './env.js';
 import { resolveGroupFolderPath, resolveGroupIpcPath } from './group-folder.js';
 import { logger } from './logger.js';
 import {
  CONTAINER_RUNTIME_BIN,
  readonlyMountArgs,
  stopContainer,
 } from './container-runtime.js';
 import { validateAdditionalMounts } from './mount-security.js';
 import { RegisteredGroup } from './types.js';
 // Sentinel markers for robust output parsing (must match agent-runner)
 const OUTPUT_START_MARKER = '---NANOCLAW_OUTPUT_START---';
 const OUTPUT_END_MARKER = '---NANOCLAW_OUTPUT_END---';
 export interface ContainerInput {
  prompt: string;
  sessionId?: string;
  groupFolder: string;
  chatJid: string;
  isMain: boolean;
  isScheduledTask?: boolean;
  assistantName?: string;
  secrets?: Record<string, string>;
 }
 export interface ContainerOutput {
  status: 'success' | 'error';
  result: string | null;
  newSessionId?: string;
  error?: string;
 }
 interface VolumeMount {
  hostPath: string;
  containerPath: string;
  readonly: boolean;
 }
 function buildVolumeMounts(
  group: RegisteredGroup,
  isMain: boolean,
 ): VolumeMount[] {
  const mounts: VolumeMount[] = [];
  const projectRoot = process.cwd();
  const groupDir = resolveGroupFolderPath(group.folder);
  if (isMain) {
    // Main gets the project root read-only. Writable paths the agent needs
    // (group folder, IPC, .claude/) are mounted separately below.
    // Read-only prevents the agent from modifying host application code
    // (src/, dist/, package.json, etc.) which would bypass the sandbox
    // entirely on next restart.
    mounts.push({
      hostPath: projectRoot,
      containerPath: '/workspace/project',
      readonly: true,
    });
    // Shadow .env so the agent cannot read secrets from the mounted project root.
    // Secrets are passed via stdin instead (see readSecrets()).
    const envFile = path.join(projectRoot, '.env');
    if (fs.existsSync(envFile)) {
      mounts.push({
        hostPath: '/dev/null',
        containerPath: '/workspace/project/.env',
        readonly: true,
      });
    }
    // Main also gets its group folder as the working directory
    mounts.push({
      hostPath: groupDir,
      containerPath: '/workspace/group',
      readonly: false,
    });
  } else {
    // Other groups only get their own folder
    mounts.push({
      hostPath: groupDir,
      containerPath: '/workspace/group',
      readonly: false,
    });
    // Global memory directory (read-only for non-main)
    // Only directory mounts are supported, not file mounts
    const globalDir = path.join(GROUPS_DIR, 'global');
    if (fs.existsSync(globalDir)) {
      mounts.push({
        hostPath: globalDir,
        containerPath: '/workspace/global',
        readonly: true,
      });
    }
  }
  // Per-group Claude sessions directory (isolated from other groups)
  // Each group gets their own .claude/ to prevent cross-group session access
  const groupSessionsDir = path.join(
    DATA_DIR,
    'sessions',
    group.folder,
    '.claude',
  );
  fs.mkdirSync(groupSessionsDir, { recursive: true });
  const settingsFile = path.join(groupSessionsDir, 'settings.json');
  if (!fs.existsSync(settingsFile)) {
    fs.writeFileSync(
      settingsFile,
      JSON.stringify(
        {
          env: {
            // Enable agent swarms (subagent orchestration)
            // https://code.claude.com/docs/en/agent-teams#orchestrate-teams-of-claude-code-sessions
            CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS: '1',
            // Load CLAUDE.md from additional mounted directories
            // https://code.claude.com/docs/en/memory#load-memory-from-additional-directories
            CLAUDE_CODE_ADDITIONAL_DIRECTORIES_CLAUDE_MD: '1',
            // Enable Claude's memory feature (persists user preferences between sessions)
            // https://code.claude.com/docs/en/memory#manage-auto-memory
            CLAUDE_CODE_DISABLE_AUTO_MEMORY: '0',
          },
        },
        null,
        2,
      ) + '\n',
    );
  }
  // Sync skills from container/skills/ into each group's .claude/skills/
  const skillsSrc = path.join(process.cwd(), 'container', 'skills');
  const skillsDst = path.join(groupSessionsDir, 'skills');
  if (fs.existsSync(skillsSrc)) {
    for (const skillDir of fs.readdirSync(skillsSrc)) {
      const srcDir = path.join(skillsSrc, skillDir);
      if (!fs.statSync(srcDir).isDirectory()) continue;
      const dstDir = path.join(skillsDst, skillDir);
      fs.cpSync(srcDir, dstDir, { recursive: true });
    }
  }
  mounts.push({
    hostPath: groupSessionsDir,
    containerPath: '/home/node/.claude',
    readonly: false,
  });
  // Per-group IPC namespace: each group gets its own IPC directory
  // This prevents cross-group privilege escalation via IPC
  const groupIpcDir = resolveGroupIpcPath(group.folder);
  fs.mkdirSync(path.join(groupIpcDir, 'messages'), { recursive: true });
  fs.mkdirSync(path.join(groupIpcDir, 'tasks'), { recursive: true });
  fs.mkdirSync(path.join(groupIpcDir, 'input'), { recursive: true });
  mounts.push({
    hostPath: groupIpcDir,
    containerPath: '/workspace/ipc',
    readonly: false,
  });
  // Copy agent-runner source into a per-group writable location so agents
  // can customize it (add tools, change behavior) without affecting other
  // groups. Recompiled on container startup via entrypoint.sh.
  const agentRunnerSrc = path.join(
    projectRoot,
    'container',
    'agent-runner',
    'src',
  );
  const groupAgentRunnerDir = path.join(
    DATA_DIR,
    'sessions',
    group.folder,
    'agent-runner-src',
  );
  if (!fs.existsSync(groupAgentRunnerDir) && fs.existsSync(agentRunnerSrc)) {
    fs.cpSync(agentRunnerSrc, groupAgentRunnerDir, { recursive: true });
  }
  mounts.push({
    hostPath: groupAgentRunnerDir,
    containerPath: '/app/src',
    readonly: false,
  });
  // Additional mounts validated against external allowlist (tamper-proof from containers)
  if (group.containerConfig?.additionalMounts) {
    const validatedMounts = validateAdditionalMounts(
      group.containerConfig.additionalMounts,
      group.name,
      isMain,
    );
    mounts.push(...validatedMounts);
  }
  return mounts;
 }
 /**
 * Read allowed secrets from .env for passing to the container via stdin.
 * Secrets are never written to disk or mounted as files.
 */
 function readSecrets(): Record<string, string> {
  return readEnvFile([
    'CLAUDE_CODE_OAUTH_TOKEN',
    'ANTHROPIC_API_KEY',
    'ANTHROPIC_BASE_URL',
    'ANTHROPIC_AUTH_TOKEN',
    'GITHUB_TOKEN',
    'GH_REPO',
  ]);
 }
 function buildContainerArgs(
  mounts: VolumeMount[],
  containerName: string,
 ): string[] {
  const args: string[] = ['run', '-i', '--rm', '--name', containerName];
  // Pass host timezone so container's local time matches the user's
  args.push('-e', `TZ=${TIMEZONE}`);
  // Run as host user so bind-mounted files are accessible.
  // Skip when running as root (uid 0), as the container's node user (uid 1000),
  // or when getuid is unavailable (native Windows without WSL).
  const hostUid = process.getuid?.();
  const hostGid = process.getgid?.();
  if (hostUid != null && hostUid !== 0 && hostUid !== 1000) {
    args.push('--user', `${hostUid}:${hostGid}`);
    args.push('-e', 'HOME=/home/node');
  }
  for (const mount of mounts) {
    if (mount.readonly) {
      args.push(...readonlyMountArgs(mount.hostPath, mount.containerPath));
    } else {
      args.push('-v', `${mount.hostPath}:${mount.containerPath}`);
    }
  }
  args.push(CONTAINER_IMAGE);
  return args;
 }
 export async function runContainerAgent(
  group: RegisteredGroup,
  input: ContainerInput,
  onProcess: (proc: ChildProcess, containerName: string) => void,
  onOutput?: (output: ContainerOutput) => Promise<void>,
 ): Promise<ContainerOutput> {
  const startTime = Date.now();
  const groupDir = resolveGroupFolderPath(group.folder);
  fs.mkdirSync(groupDir, { recursive: true });
  const mounts = buildVolumeMounts(group, input.isMain);
  const safeName = group.folder.replace(/[^a-zA-Z0-9-]/g, '-');
  const containerName = `nanoclaw-${safeName}-${Date.now()}`;
  const containerArgs = buildContainerArgs(mounts, containerName);
  logger.debug(
    {
      group: group.name,
      containerName,
      mounts: mounts.map(
        (m) =>
          `${m.hostPath} -> ${m.containerPath}${m.readonly ? ' (ro)' : ''}`,
      ),
      containerArgs: containerArgs.join(' '),
    },
    'Container mount configuration',
  );
  logger.info(
    {
      group: group.name,
      containerName,
      mountCount: mounts.length,
      isMain: input.isMain,
    },
    'Spawning container agent',
  );
  const logsDir = path.join(groupDir, 'logs');
  fs.mkdirSync(logsDir, { recursive: true });
  return new Promise((resolve) => {
    const container = spawn(CONTAINER_RUNTIME_BIN, containerArgs, {
      stdio: ['pipe', 'pipe', 'pipe'],
    });
    onProcess(container, containerName);
    let stdout = '';
    let stderr = '';
    let stdoutTruncated = false;
    let stderrTruncated = false;
    // Pass secrets via stdin (never written to disk or mounted as files)
    input.secrets = readSecrets();
    container.stdin.write(JSON.stringify(input));
    container.stdin.end();
    // Remove secrets from input so they don't appear in logs
    delete input.secrets;
    // Streaming output: parse OUTPUT_START/END marker pairs as they arrive
    let parseBuffer = '';
    let newSessionId: string | undefined;
    let outputChain = Promise.resolve();
    container.stdout.on('data', (data) => {
      const chunk = data.toString();
      // Always accumulate for logging
      if (!stdoutTruncated) {
        const remaining = CONTAINER_MAX_OUTPUT_SIZE - stdout.length;
        if (chunk.length > remaining) {
          stdout += chunk.slice(0, remaining);
          stdoutTruncated = true;
          logger.warn(
            { group: group.name, size: stdout.length },
            'Container stdout truncated due to size limit',
          );
        } else {
          stdout += chunk;
        }
      }
      // Stream-parse for output markers
      if (onOutput) {
        parseBuffer += chunk;
        let startIdx: number;
        while ((startIdx = parseBuffer.indexOf(OUTPUT_START_MARKER)) !== -1) {
          const endIdx = parseBuffer.indexOf(OUTPUT_END_MARKER, startIdx);
          if (endIdx === -1) break; // Incomplete pair, wait for more data
          const jsonStr = parseBuffer
            .slice(startIdx + OUTPUT_START_MARKER.length, endIdx)
            .trim();
          parseBuffer = parseBuffer.slice(endIdx + OUTPUT_END_MARKER.length);
          try {
            const parsed: ContainerOutput = JSON.parse(jsonStr);
            if (parsed.newSessionId) {
              newSessionId = parsed.newSessionId;
            }
            hadStreamingOutput = true;
            // Activity detected — reset the hard timeout
            resetTimeout();
            // Call onOutput for all markers (including null results)
            // so idle timers start even for "silent" query completions.
            outputChain = outputChain.then(() => onOutput(parsed));
          } catch (err) {
            logger.warn(
              { group: group.name, error: err },
              'Failed to parse streamed output chunk',
            );
          }
        }
      }
    });
    container.stderr.on('data', (data) => {
      const chunk = data.toString();
      const lines = chunk.trim().split('\n');
      for (const line of lines) {
        if (line) logger.debug({ container: group.folder }, line);
      }
      // Don't reset timeout on stderr — SDK writes debug logs continuously.
      // Timeout only resets on actual output (OUTPUT_MARKER in stdout).
      if (stderrTruncated) return;
      const remaining = CONTAINER_MAX_OUTPUT_SIZE - stderr.length;
      if (chunk.length > remaining) {
        stderr += chunk.slice(0, remaining);
        stderrTruncated = true;
        logger.warn(
          { group: group.name, size: stderr.length },
          'Container stderr truncated due to size limit',
        );
      } else {
        stderr += chunk;
      }
    });
    let timedOut = false;
    let hadStreamingOutput = false;
    const configTimeout = group.containerConfig?.timeout || CONTAINER_TIMEOUT;
    // Grace period: hard timeout must be at least IDLE_TIMEOUT + 30s so the
    // graceful _close sentinel has time to trigger before the hard kill fires.
    const timeoutMs = Math.max(configTimeout, IDLE_TIMEOUT + 30_000);
    const killOnTimeout = () => {
      timedOut = true;
      logger.error(
        { group: group.name, containerName },
        'Container timeout, stopping gracefully',
      );
      exec(stopContainer(containerName), { timeout: 15000 }, (err) => {
        if (err) {
          logger.warn(
            { group: group.name, containerName, err },
            'Graceful stop failed, force killing',
          );
          container.kill('SIGKILL');
        }
      });
    };
    let timeout = setTimeout(killOnTimeout, timeoutMs);
    // Reset the timeout whenever there's activity (streaming output)
    const resetTimeout = () => {
      clearTimeout(timeout);
      timeout = setTimeout(killOnTimeout, timeoutMs);
    };
    container.on('close', (code) => {
      clearTimeout(timeout);
      const duration = Date.now() - startTime;
      if (timedOut) {
        const ts = new Date().toISOString().replace(/[:.]/g, '-');
        const timeoutLog = path.join(logsDir, `container-${ts}.log`);
        fs.writeFileSync(
          timeoutLog,
          [
            `=== Container Run Log (TIMEOUT) ===`,
            `Timestamp: ${new Date().toISOString()}`,
            `Group: ${group.name}`,
            `Container: ${containerName}`,
            `Duration: ${duration}ms`,
            `Exit Code: ${code}`,
            `Had Streaming Output: ${hadStreamingOutput}`,
          ].join('\n'),
        );
        // Timeout after output = idle cleanup, not failure.
        // The agent already sent its response; this is just the
        // container being reaped after the idle period expired.
        if (hadStreamingOutput) {
          logger.info(
            { group: group.name, containerName, duration, code },
            'Container timed out after output (idle cleanup)',
          );
          outputChain.then(() => {
            resolve({
              status: 'success',
              result: null,
              newSessionId,
            });
          });
          return;
        }
        logger.error(
          { group: group.name, containerName, duration, code },
          'Container timed out with no output',
        );
        resolve({
          status: 'error',
          result: null,
          error: `Container timed out after ${configTimeout}ms`,
        });
        return;
      }
      const timestamp = new Date().toISOString().replace(/[:.]/g, '-');
      const logFile = path.join(logsDir, `container-${timestamp}.log`);
      const isVerbose =
        process.env.LOG_LEVEL === 'debug' || process.env.LOG_LEVEL === 'trace';
      const logLines = [
        `=== Container Run Log ===`,
        `Timestamp: ${new Date().toISOString()}`,
        `Group: ${group.name}`,
        `IsMain: ${input.isMain}`,
        `Duration: ${duration}ms`,
        `Exit Code: ${code}`,
        `Stdout Truncated: ${stdoutTruncated}`,
        `Stderr Truncated: ${stderrTruncated}`,
        ``,
      ];
      const isError = code !== 0;
      if (isVerbose || isError) {
        logLines.push(
          `=== Input ===`,
          JSON.stringify(input, null, 2),
          ``,
          `=== Container Args ===`,
          containerArgs.join(' '),
          ``,
          `=== Mounts ===`,
          mounts
            .map(
              (m) =>
                `${m.hostPath} -> ${m.containerPath}${m.readonly ? ' (ro)' : ''}`,
            )
            .join('\n'),
          ``,
          `=== Stderr${stderrTruncated ? ' (TRUNCATED)' : ''} ===`,
          stderr,
          ``,
          `=== Stdout${stdoutTruncated ? ' (TRUNCATED)' : ''} ===`,
          stdout,
        );
      } else {
        logLines.push(
          `=== Input Summary ===`,
          `Prompt length: ${input.prompt.length} chars`,
          `Session ID: ${input.sessionId || 'new'}`,
          ``,
          `=== Mounts ===`,
          mounts
            .map((m) => `${m.containerPath}${m.readonly ? ' (ro)' : ''}`)
            .join('\n'),
          ``,
        );
      }
      fs.writeFileSync(logFile, logLines.join('\n'));
      logger.debug({ logFile, verbose: isVerbose }, 'Container log written');
      if (code !== 0) {
        logger.error(
          {
            group: group.name,
            code,
            duration,
            stderr,
            stdout,
            logFile,
          },
          'Container exited with error',
        );
        resolve({
          status: 'error',
          result: null,
          error: `Container exited with code ${code}: ${stderr.slice(-200)}`,
        });
        return;
      }
      // Streaming mode: wait for output chain to settle, return completion marker
      if (onOutput) {
        outputChain.then(() => {
          logger.info(
            { group: group.name, duration, newSessionId },
            'Container completed (streaming mode)',
          );
          resolve({
            status: 'success',
            result: null,
            newSessionId,
          });
        });
        return;
      }
      // Legacy mode: parse the last output marker pair from accumulated stdout
      try {
        // Extract JSON between sentinel markers for robust parsing
        const startIdx = stdout.indexOf(OUTPUT_START_MARKER);
        const endIdx = stdout.indexOf(OUTPUT_END_MARKER);
        let jsonLine: string;
        if (startIdx !== -1 && endIdx !== -1 && endIdx > startIdx) {
          jsonLine = stdout
            .slice(startIdx + OUTPUT_START_MARKER.length, endIdx)
            .trim();
        } else {
          // Fallback: last non-empty line (backwards compatibility)
          const lines = stdout.trim().split('\n');
          jsonLine = lines[lines.length - 1];
        }
        const output: ContainerOutput = JSON.parse(jsonLine);
        logger.info(
          {
            group: group.name,
            duration,
            status: output.status,
            hasResult: !!output.result,
          },
          'Container completed',
        );
        resolve(output);
      } catch (err) {
        logger.error(
          {
            group: group.name,
            stdout,
            stderr,
            error: err,
          },
          'Failed to parse container output',
        );
        resolve({
          status: 'error',
          result: null,
          error: `Failed to parse container output: ${err instanceof Error ? err.message : String(err)}`,
        });
      }
    });
    container.on('error', (err) => {
      clearTimeout(timeout);
      logger.error(
        { group: group.name, containerName, error: err },
        'Container spawn error',
      );
      resolve({
        status: 'error',
        result: null,
        error: `Container spawn error: ${err.message}`,
      });
    });
  });
 }
 export function writeTasksSnapshot(
  groupFolder: string,
  isMain: boolean,
  tasks: Array<{
    id: string;
    groupFolder: string;
    prompt: string;
    schedule_type: string;
    schedule_value: string;
    status: string;
    next_run: string | null;
  }>,
 ): void {
  // Write filtered tasks to the group's IPC directory
  const groupIpcDir = resolveGroupIpcPath(groupFolder);
  fs.mkdirSync(groupIpcDir, { recursive: true });
  // Main sees all tasks, others only see their own
  const filteredTasks = isMain
    ? tasks
    : tasks.filter((t) => t.groupFolder === groupFolder);
  const tasksFile = path.join(groupIpcDir, 'current_tasks.json');
  fs.writeFileSync(tasksFile, JSON.stringify(filteredTasks, null, 2));
 }
 export interface AvailableGroup {
  jid: string;
  name: string;
  lastActivity: string;
  isRegistered: boolean;
 }
 /**
 * Write available groups snapshot for the container to read.
 * Only main group can see all available groups (for activation).
 * Non-main groups only see their own registration status.
 */
 export function writeGroupsSnapshot(
  groupFolder: string,
  isMain: boolean,
  groups: AvailableGroup[],
  registeredJids: Set<string>,
 ): void {
  const groupIpcDir = resolveGroupIpcPath(groupFolder);
  fs.mkdirSync(groupIpcDir, { recursive: true });
  // Main sees all groups; others see nothing (they can't activate groups)
  const visibleGroups = isMain ? groups : [];
  const groupsFile = path.join(groupIpcDir, 'available_groups.json');
  fs.writeFileSync(
    groupsFile,
    JSON.stringify(
      {
        groups: visibleGroups,
        lastSync: new Date().toISOString(),
      },
      null,
      2,
    ),
  );
 }
@@ -0,0 +1,34 @@
 # Intent: src/container-runner.ts modifications
 ## What changed
 Added `GITHUB_TOKEN` and `GH_REPO` to the `readSecrets()` allowlist so they are passed to the container via stdin JSON.
 ## Key sections
 ### readSecrets()
 - Added two keys to the array passed to `readEnvFile()`:
  ```typescript
  function readSecrets(): Record<string, string> {
    return readEnvFile([
      'CLAUDE_CODE_OAUTH_TOKEN',
      'ANTHROPIC_API_KEY',
      'ANTHROPIC_BASE_URL',
      'ANTHROPIC_AUTH_TOKEN',
      'GITHUB_TOKEN',
      'GH_REPO',
    ]);
  }
  ```
 - These values flow via stdin -> `containerInput.secrets` -> `sdkEnv` -> available to Bash
 - `GITHUB_TOKEN` and `GH_REPO` are NOT added to `SECRET_ENV_VARS` in agent-runner because `gh` CLI needs them visible in Bash commands
 ## Invariants
 - All existing secrets (`CLAUDE_CODE_OAUTH_TOKEN`, `ANTHROPIC_API_KEY`, `ANTHROPIC_BASE_URL`, `ANTHROPIC_AUTH_TOKEN`) are unchanged
 - The stdin-based secret passing flow is unchanged
 - No changes to volume mounts, container args, or any other functions
 ## Must-keep
 - All existing volume mounts
 - The mount security model
 - Container lifecycle (spawn, timeout, output parsing)
 - The `buildContainerArgs`, `runContainerAgent`, and all other functions
Author	SHA1	Message	Date
gavrielc	db42032ca4	merge: catch up with upstream main Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-03-28 15:28:05 +03:00
gavrielc	f773b73ee0	chore: remove direct pino/pino-pretty dependency Pino was replaced with a built-in logger on main. For branches with baileys (WhatsApp), pino resolves as a transitive dependency of @whiskeysockets/baileys. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-03-27 22:39:12 +03:00
Gabi Simons	c7a24f4716	Merge branch 'main' into feat/add-github-skill	2026-03-08 22:37:30 +02:00
Gabi Simons	b582498e27	feat(skill): add GitHub skill for container agents Installs gh CLI in the container, passes GITHUB_TOKEN and GH_REPO via stdin, and adds agent-facing docs so agents can manage issues, PRs, and code review. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-08 22:37:01 +02:00