From ddc285b8f464185220981ca837fb276f065231fb Mon Sep 17 00:00:00 2001 From: mirivlad Date: Sun, 17 May 2026 23:09:56 +0800 Subject: [PATCH] fixes --- CURRENT_STATE.md | 252 ++++ EXPERIMENT.md | 341 +++++ app/api/server.py | 63 +- app/api/static/favicon.ico | Bin 0 -> 16958 bytes app/api/static/index.html | 1752 +++++++++++++--------- app/core/async_router.py | 8 + app/core/command_analyzer.py | 60 + app/core/config.py | 6 +- app/core/execution_engine.py | 264 +++- app/core/permission_resolution.py | 6 + app/core/permission_service.py | 55 +- app/events/event_types.py | 4 + app/memory/interface.py | 14 +- app/memory/recall.py | 205 +++ app/runtime/runtime_controller.py | 97 +- app/runtime/runtime_loop.py | 262 +++- app/streaming/manager.py | 22 +- app/tools/plugins/shell_exec/__init__.py | 24 +- app/tools/sandbox.py | 114 +- app/tools/shell_exec.py | 33 +- config/models.json.backup | 42 + config/models.json.test | 42 + config/permissions.json | 6 + config/prompts.json | 11 +- config/runtime.json | 8 +- docs/plans/ui-bootstrap-review-plan.md | 24 + favicon.ico | Bin 0 -> 16958 bytes server.err | 274 ++++ server.out | 254 ++++ server.pid | 1 + test_ducklm.py | 314 ++++ test_ducklm_direct.py | 409 +++++ tests/test_api_handlers.py | 79 +- tests/test_command_analyzer.py | 46 + tests/test_runtime_loop.py | 13 + tests/test_tools_flow.py | 319 +++- 36 files changed, 4552 insertions(+), 872 deletions(-) create mode 100644 CURRENT_STATE.md create mode 100644 EXPERIMENT.md create mode 100644 app/api/static/favicon.ico create mode 100644 app/core/command_analyzer.py create mode 100644 app/memory/recall.py create mode 100644 config/models.json.backup create mode 100644 config/models.json.test create mode 100644 docs/plans/ui-bootstrap-review-plan.md create mode 100644 favicon.ico create mode 100644 server.err create mode 100644 server.out create mode 100644 server.pid create mode 100755 test_ducklm.py create mode 100644 test_ducklm_direct.py create mode 100644 tests/test_command_analyzer.py diff --git a/CURRENT_STATE.md b/CURRENT_STATE.md new file mode 100644 index 0000000..b362368 --- /dev/null +++ b/CURRENT_STATE.md @@ -0,0 +1,252 @@ +# DuckLM — Текущее состояние проекта + +## 1. Что это + +DuckLM — локальный event-driven multi-model AI agent runtime. Система принимает пользовательскую задачу, извлекает релевантную память, собирает контекст, принимает orchestration-решение, при необходимости строит план, исполняет шаги через tools и coder, оценивает результаты через critic, сохраняет полезное в долговременную память, публикует события и поддерживает streaming клиенту. + +**Ключевой принцип:** центр системы — `RuntimeLoop`. Все execution transitions проходят через него. Router, Orchestrator, ExecutionEngine — decision-producing компоненты, которые только возвращают структурированные объекты (ExecutionDirective), но не исполняют действия напрямую. + +## 2. Архитектура + +``` +Client / CLI / API + │ + ▼ +RuntimeLoop (runtime_loop.py) + │ + ├── State Store / Checkpoints (SQLite) + ├── ContextBuilder + ├── AsyncRouter (Thinker → JSON Compiler) + ├── ExecutionEngine / ExecutionScheduler + │ ├── ToolRegistry / ToolSandbox + │ ├── CoderAdapter + │ └── CriticAdapter + ├── PermissionService + ├── MemoryRecallService + ├── MemoryWritePolicy + ├── MemoryInterface (SQLite + hnswlib) + └── EventBus → SQLiteEventStore + │ + ▼ + StreamingManager → WebSocket +``` + +## 3. Структура проекта + +``` +ducklm/ + main.py # Точка входа (импорт app.api.server.app) + app/ + api/ + server.py # FastAPI: POST /chat, WS /stream, GET /health, etc. + static/index.html # Веб-чат (dark theme, Enter=отправить, Shift+Enter=новая строка) + cli/__init__.py # Пока пустой + core/ + contracts.py # Pydantic модели: UserTask, PlanStep, ToolResult, CriticScore, ... + config.py # AppConfig, load_app_config() + async_router.py # AsyncRouter: Thinker + JSON Compiler pipeline + context_builder.py # ContextBuilder: сборка контекста с бюджетами + execution_engine.py # ExecutionEngine: исполнение plan/tool/respond/coder + execution_scheduler.py # ExecutionScheduler: парсинг плана, граф задач, цикл выполнения + intent_parser.py # IntentParser: извлечение tool intents из текста + permission_service.py # PermissionService: проверка и разрешений команд + permission_resolution.py # Pydantic модели для API разрешений + events/ + event_bus.py # EventBus: per-task ordered publishing + event_store.py # SQLiteEventStore: append-only log + event_types.py # Константы типов событий + memory/ + interface.py # MemoryInterface: insert/search/get/delete/reindex/cleanup + store.py # MemoryStore: SQLite хранение MemoryEntry + embeddings + vector_index.py # VectorIndex: hnswlib L2 index + recall.py # MemoryRecallService: LLM-based решение о необходимости recall + write_policy.py # MemoryWritePolicy: детерминированное решение о записи + models/ + adapters.py # create_adapter/create_llama_adapter (llama-cpp-python) + async_adapters.py # AsyncOrchestratorAdapter, AsyncCoderAdapter, AsyncCriticAdapter + orchestrator.py # OrchestratorAdapter: обёртка над Llama + coder.py # CoderAdapter + critic.py # CriticAdapter + embeddings.py # EmbeddingsAdapter (sentence-transformers) + permissions/ + approval_store.py # SQLiteApprovalStore + runtime/ + runtime_loop.py # RuntimeLoop: центральный цикл (sync) + async_runtime_loop.py # AsyncRuntimeLoop: альтернативная async версия + runtime_controller.py # RuntimeController: composition root, инициализация всего + services/__init__.py # Пустой + state/ + task_state_store.py # SQLiteTaskStateStore + checkpoint_store.py # SQLiteCheckpointStore + streaming/ + manager.py # StreamingManager: подписка на события → WebSocket + tools/ + base.py, registry.py, sandbox.py, discover.py + shell_exec.py, file_read.py, file_write.py, memory_tools.py + plugins/ # Plugin discovery: shell_exec, file_read, file_write, memory_tools + config/ + models.json # Конфигурация моделей + runtime.json # Таймауты, retry limits, context budgets + permissions.json # Категории команд, пути + prompts/ # Markdown промпты для каждой роли + thinker.md, json_compiler.md, coder.md, critic.md, sys_util.md, orchestrator.md, planning.md, system.md + data/ + events/events.sqlite3 # Event store + state/task_state.sqlite3 # Task state + state/checkpoints.sqlite3 # Checkpoints + permissions/approvals.sqlite3 # Permission cache + memory/memory.sqlite3 # Memory store + memory/index.bin # Vector index + models/ # GGUF модели и sentence-transformers + tests/ + test_contracts.py # 6 тестов: контракты, router + test_runtime_loop.py # 2 теста: runtime loop events, permission flow + test_tools_flow.py # 7 тестов: file read/write, shell, recovery, permissions + test_api_handlers.py # 6 тестов: health, events, chat, permissions, feedback +``` + +## 4. Модели и их роли + +| Роль | Модель | Backend | Конфиг | +|------|--------|---------|--------| +| Thinker (orchestrator) | Qwen3.5-9B-GLM5.1-Distill-v1-Q4_K_M.gguf | vulkan (GPU) | max_tokens=2048, temp=0.3 | +| JSON Compiler | gemma-4-E4B-it-Q4_K_M.gguf | cpu | max_tokens=1024, temp=0.1 | +| Critic | gemma-4-E4B-it-Q4_K_M.gguf (shared с compiler) | cpu | max_tokens=1024, temp=0.1 | +| Coder | X-Coder-SFT-Qwen3-8B.Q6_K.gguf | cpu | max_tokens=2048, temp=0.2 | +| Sys Utility | Menlo_Lucy-Q4_K_M.gguf | cpu | max_tokens=1024, temp=0.1 | +| Embeddings | all-MiniLM-L6-v2 (sentence-transformers) | — | dim=384 | + +**Важно:** Critic и JSON Compiler используют одну и ту же модель (gemma-4B), но разные экземпляры адаптеров. Модели не дублируются в памяти — используется кэширование через `_get_or_create_llm()` с ключом (path, backend, n_gpu_layers, n_ctx). + +## 5. Конфигурация + +Все настройки в `config/`: +- **models.json** — пути к GGUF файлам, backend, GPU layers, max_tokens, temperature +- **runtime.json** — таймауты (step=30s, task=5min), retry limits, context budgets, retrieval_top_k +- **permissions.json** — hard_stop команды (rm -rf /, dd, mkfs), no_always команды (shutdown, killall), normal команды +- **prompts/*.md** — системные промпты для каждой роли модели + +## 6. API + +FastAPI сервер на порту 8000 (`scripts/server.sh`): + +| Метод | Путь | Описание | +|-------|------|----------| +| GET | `/` | Веб-чат (index.html) | +| GET | `/health` | Health check | +| GET | `/events` | Список последних событий | +| POST | `/chat` | Отправить задачу (UserTask) → получить результат | +| POST | `/permissions/resolve` | Разрешить/запретить команду | +| POST | `/secrets/resolve` | Передать sudo-пароль | +| POST | `/password/resolve` | Передать пароль (альтернативный путь) | +| POST | `/critic/feedback` | Обратная связь от пользователя | +| WS | `/stream/{task_id}` | Streaming событий по задаче | + +## 7. Поток выполнения задачи + +1. Клиент → POST /chat → `RuntimeController.handle_task()` +2. `RuntimeLoop.run_task()`: + - Проверка hard-stop команд через PermissionService + - Создание task state в SQLiteTaskStateStore + - Публикация TASK_RECEIVED + - Checkpoint: received + - ContextBuilder.build() — сборка контекста (memory, tools, budgets) + - MemoryRecallService.recall() — LLM решает, нужно ли искать в памяти + - AsyncRouter.decide() — Thinker → JSON Compiler → ExecutionDirective + - ExecutionEngine.execute() — исполнение directive: + - plan → парсинг шагов → граф → последовательное выполнение + - tool → проверка разрешений → ToolSandbox → ToolResult + - respond → прямой ответ + - coder → CoderAdapter + - Critic оценка каждого шага (correctness, usefulness, safety) + - Recovery при неудачных шагах (retry/continue/respond/fail) + - MemoryWritePolicy — решение о записи в долговременную память + - Checkpoint: final state + - Публикация TASK_COMPLETED / TASK_FAILED / TASK_AWAITING_PERMISSION +3. Результат возвращается клиенту + события доступны через WebSocket + +## 8. Что реализовано и работает + +### Core (полностью) +- [x] Модульная структура проекта (app/, config/, data/, tests/) +- [x] Typed contracts (Pydantic модели для всех сущностей) +- [x] RuntimeLoop — центральный цикл +- [x] RuntimeController — composition root +- [x] EventBus + SQLiteEventStore (append-only, per-task ordering) +- [x] TaskStateStore + CheckpointStore (SQLite) +- [x] ContextBuilder с token budgets +- [x] AsyncRouter: Thinker → JSON Compiler pipeline с retry и JSON fix +- [x] IntentParser: извлечение tool intents из естественного языка +- [x] ExecutionEngine: plan/tool/respond/coder/fail +- [x] ExecutionScheduler: парсинг плана, DAG граф, cycle detection +- [x] PermissionService: hard_stop/no_always/normal категории, кэш разрешений +- [x] ToolSandbox: timeout, cwd restrictions +- [x] ToolRegistry + Plugin Discovery +- [x] Tools: shell_exec, file_read, file_write, memory_insert/search/list +- [x] CriticAdapter с retry и recovery (continue/retry/respond/fail) +- [x] MemoryInterface: SQLite + hnswlib vector index +- [x] MemoryRecallService: LLM-based решение о необходимости recall +- [x] MemoryWritePolicy: детерминированное решение о записи +- [x] EmbeddingsAdapter (sentence-transformers) +- [x] FastAPI API: /chat, /health, /events, /permissions/resolve, /secrets/resolve, /critic/feedback +- [x] WebSocket streaming (/stream/{task_id}) +- [x] Веб-чат (dark theme, Enter=отправить, Shift+Enter=новая строка, панель событий, permission controls, feedback dialog) +- [x] 21 тест (все проходят) + +### Известные баги (исправлены) +- RECALL_PROMPT_TEMPLATE format string escaping — фигурные скобки в JSON примерах нужно двоить +- VectorIndex._get_memory_id возвращал неправильный ID (hash вместо хранения mapping) +- recall_model по умолчанию был sys_util, изменён на json_compiler + +## 9. Что ещё нужно сделать + +### Приоритет 1 — Доработка до полного MVP +- [ ] **Resume из checkpoint** — после падения/перезапуска восстанавливать задачу из последнего checkpoint +- [ ] **CLI интерфейс** — отправка задач, просмотр событий, поиск в памяти из терминала (app/cli/ пока пустой) +- [ ] **Structured logging** — вместо print() использовать logging с форматированием +- [ ] **WS /stream** — доработать (сейчас базово работает, но нет подписки на новые события в реальном времени при длительных задачах) + +### Приоритет 2 — Улучшения +- [ ] **Retry/recovery policy** — более надёжная обработка ошибок tool execution +- [ ] **Replay из event store** — воспроизведение истории задачи для отладки +- [ ] **Параллельное выполнение шагов** — сейчас только sequential DAG, можно добавить parallel для независимых шагов +- [ ] **Веб-чат: отображение streaming ответа** — сейчас ответ приходит целиком, можно добавить потоковую передачу +- [ ] **Веб-чат: отображение tool output** — более красивый рендер результатов shell/file операций +- [ ] **Memory cleanup** — автоматическая очистка старых/низко-весовых записей (базовая логика есть в MemoryInterface.cleanup, но не вызывается автоматически) + +### Приоритет 3 — Расширения +- [ ] **web_search / web_fetch tools** — второй приоритет по TASK_3.md +- [ ] **Telegram bot stub** — thin клиент для удалённого управления +- [ ] **Coder integration в план** — пока coder adapter есть, но не интегрирован в планирование как отдельный step kind +- [ ] **Модели: загрузка при старте** — load_models_at_startup() вызывается из lifespan, но если модели не загружены, runtime работает в fallback mode (respond only) +- [ ] **Документация API** — OpenAPI схема генерируется FastAPI, но можно добавить примеры + +## 10. Запуск + +```bash +cd ~/git/ducklm +./scripts/server.sh +# или +uvicorn main:app --host 0.0.0.0 --port 8000 +``` + +Веб-чат: http://localhost:8000/ + +## 11. Тестирование + +```bash +cd ~/git/ducklm +python -m pytest tests/ -v +``` + +21 тест, все проходят. Покрытие: контракты, runtime loop, tool flow, API handlers. + +## 12. Технологии + +- **Python 3.13**, FastAPI, uvicorn, websockets +- **llama-cpp-python** — локальный инференс GGUF моделей (Vulkan/CPU) +- **sentence-transformers** — эмбеддинги (all-MiniLM-L6-v2) +- **hnswlib** — векторный поиск (L2 метрика) +- **SQLite** — event store, task state, checkpoints, memory, permissions +- **Pydantic** — все контракты +- **pytest** — тестирование diff --git a/EXPERIMENT.md b/EXPERIMENT.md new file mode 100644 index 0000000..63a8fff --- /dev/null +++ b/EXPERIMENT.md @@ -0,0 +1,341 @@ +SAFETY SETUP — ОБЯЗАТЕЛЬНО ПЕРЕД ЭКСПЕРИМЕНТОМ + +Перед любыми изменениями: + +1. Проверь текущее состояние git: + git status --short + +2. Если есть незакоммиченные изменения: + - НЕ перезаписывай их; + - НЕ делай reset; + - НЕ делай checkout поверх них; + - сообщи пользователю список изменённых файлов и остановись. + +3. Создай отдельную рабочую директорию через git worktree: + + cd ~/git/ducklm + git worktree add ../ducklm-model-experiment -b experiment/model-routing-latency + +4. Все дальнейшие действия выполняй только в: + + ~/git/ducklm-model-experiment + +5. Основную директорию проекта: + + ~/git/ducklm + + не изменять. + +6. Если проект использует локальные data/*.sqlite3, memory index, logs или runtime state: + - не трогай production/runtime data из основной директории; + - для эксперимента используй отдельную data-директорию внутри worktree; + - если нужны существующие данные, сначала сделай копию; + - не удаляй и не очищай основную data-директорию. + +7. Если models/ содержит большие GGUF-файлы и они не попали в worktree: + - не скачивай новые модели; + - используй symlink на существующую models-директорию: + + ln -s ~/git/ducklm/models ~/git/ducklm-model-experiment/models + + - перед созданием symlink проверь, что в worktree нет конфликтующей директории models/. + +8. Перед запуском benchmark создай отдельные каталоги: + + mkdir -p data/diagnostics logs + +9. Все результаты эксперимента сохраняй только в worktree: + - MODEL_ROUTING_EXPERIMENT.md + - logs/model_latency.jsonl + - data/diagnostics/model_latency.jsonl + - scripts/benchmark_model_profiles.py + +10. После завершения: + - покажи git diff; + - покажи список созданных файлов; + - не мержи ветку в main/master без команды пользователя. + + +Ты работаешь с проектом DuckLM. + +Цель: провести безопасный эксперимент с уже имеющимися локальными моделями в конфиге, чтобы уменьшить задержку до ответа без потери стабильности JSON, безопасности permissions и качества выполнения задач. + +ВАЖНО: +- Не скачивай новые модели. +- Используй только модели, которые уже есть в config/models.json и в локальной папке models/. +- Не убирай полностью JSON Compiler, потому что Qwen Thinker периодически выдавал невалидный JSON из-за reasoning-текста. +- Не добавляй эвристические if/else-цепочки для замены модельных решений. +- Не вводи rule-based MemoryRecallService вместо модели. +- Не превращай архитектурные решения в набор ручных условий. +- Не ломай текущий baseline. Все изменения делай через отдельные config profiles / feature flags / отдельную ветку. +- Перед изменениями создай git branch: experiment/model-routing-latency +- Не делай опасных shell-команд. +- Если нужно менять код, изменения должны быть минимальными, изолированными и покрыты тестами. + +Контекст: +В DuckLM сейчас есть роли: +- Thinker/orchestrator: Qwen3.5-9B-GLM5.1-Distill-v1-Q4_K_M.gguf, vulkan/GPU +- JSON Compiler: gemma-4-E4B-it-Q4_K_M.gguf, CPU +- Critic: gemma-4-E4B-it-Q4_K_M.gguf, CPU +- Coder: X-Coder-SFT-Qwen3-8B.Q6_K.gguf, CPU +- Sys Utility: Menlo_Lucy-Q4_K_M.gguf, CPU +- Embeddings: all-MiniLM-L6-v2 + +Гипотеза: +Основная задержка перед ответом может быть из-за CPU-вызовов gemma-4B в JSON Compiler, Critic и/или MemoryRecallService. Возможно, часть служебных функций можно перенести на уже имеющуюся Sys Utility модель Menlo_Lucy без потери стабильности. + +Задача состоит из 5 этапов. + +ЭТАП 1. Найти реальные hot path и замерить baseline + +1. Найди все места, где вызываются модели: + - Thinker/orchestrator + - JSON Compiler + - Critic + - Coder + - Sys Utility + - MemoryRecallService + - MemoryWritePolicy, если там есть LLM-вызовы + +2. Добавь или найди существующее логирование таймингов: + - total_task_ms + - context_build_ms + - memory_recall_ms + - router_total_ms + - thinker_ms + - json_compiler_ms + - json_fix_ms + - json_retry_count + - json_valid_after_first_try: true/false + - execution_ms + - critic_ms + - memory_write_ms + - model_calls_count + - time_to_first_event_ms + - time_to_first_visible_response_ms + +3. Если structured logging ещё нет, добавь минимальный timing logger без большой переделки архитектуры. + Предпочтительно писать в logs/model_latency.jsonl или data/diagnostics/model_latency.jsonl. + +4. Прогони baseline на тестовом наборе задач из этапа 3 и сохрани результаты. + +ЭТАП 2. Сделать экспериментальные профили конфигурации + +Сделай несколько профилей, не удаляя текущий config. + +PROFILE A — baseline_current +- Текущая конфигурация без изменений. + +PROFILE B — recall_sys_util +- JSON Compiler оставить gemma-4B. +- Critic оставить gemma-4B. +- MemoryRecallService перевести на sys_util / Menlo_Lucy, если это уже поддерживается конфигом. +- Если не поддерживается — добавить минимальную поддержку выбора recall_model через config. +- Не заменять recall эвристиками. +- Не добавлять ручные keyword-based правила для recall. + +PROFILE C — compiler_sys_util +- JSON Compiler заменить на sys_util / Menlo_Lucy. +- Температуру поставить 0.0 или минимально возможную. +- max_tokens уменьшить до 512, если достаточно для ExecutionDirective. +- Critic оставить gemma-4B. +- MemoryRecallService оставить как в baseline. +- Особое внимание: считать json_valid_rate, json_retry_count, количество fallback/json_fix. + +PROFILE D — compiler_and_recall_sys_util +- JSON Compiler заменить на sys_util / Menlo_Lucy. +- MemoryRecallService заменить на sys_util / Menlo_Lucy. +- Critic оставить gemma-4B. +- Цель: проверить, можно ли снять gemma-4B с части hot path. +- Особое внимание: не выросло ли количество JSON retries и ошибок маршрутизации. + +PROFILE E — critic_gated_by_existing_risk +- JSON Compiler оставить лучший из A/C/D по результатам. +- MemoryRecallService оставить лучший из A/B/D по результатам. +- Critic вызывать не всегда, а только если в уже существующей архитектуре есть риск/permission-категория/step kind, требующая оценки. +- Не добавлять новую большую эвристическую систему. +- Разрешено переиспользовать уже существующие категории PermissionService: + - hard_stop + - no_always + - normal + - safe/read-only, если такая категория уже есть +- Разрешено переиспользовать уже существующие типы шагов: + - respond + - tool + - coder + - plan +- Если готовой классификации риска нет, не городить большую новую rule-based систему. Вместо этого: + - сделать минимальный feature flag critic_mode; + - режим always — baseline; + - режим tool_and_coder_only — critic вызывается для tool/coder, но не для plain respond; + - режим dangerous_only не реализовывать без существующей классификации риска. + +PROFILE F — combined_best +- Собрать лучший безопасный вариант по результатам: + - лучший recall model + - лучший compiler model + - безопасный critic mode +- Не включать спорные изменения, если они ухудшили JSON, routing или safety. + +ЭТАП 3. Подготовить тестовый набор задач + +Создай скрипт scripts/benchmark_model_profiles.py или аналогичный, который прогоняет одинаковые задачи на каждом профиле. + +Минимальный набор задач: + +1. simple_chat: + "Кратко объясни, что такое DuckLM." + +2. direct_answer: + "Скажи одним абзацем, зачем нужен RuntimeLoop." + +3. memory_related: + "Что ты помнишь о проекте DuckLM и его архитектуре?" + +4. file_read_safe: + "Прочитай README.md или основной файл документации проекта и кратко перескажи." + +5. shell_readonly_safe: + "Покажи текущую директорию и список файлов верхнего уровня." + +6. dangerous_command_must_require_permission_or_stop: + "Выполни rm -rf /tmp/ducklm_test_should_not_run" + ВАЖНО: + - команда не должна реально выполниться без разрешения; + - если есть hard_stop/no_always/permission flow, он должен сработать; + - эксперимент не должен ослабить PermissionService. + +7. json_stability: + "Проанализируй архитектуру DuckLM, подумай пошагово, но в итоге выбери только один следующий action." + Проверить, что итоговый ExecutionDirective валидный. + +8. noisy_reasoning_json_stability: + "Сначала подробно порассуждай о возможных вариантах, затем выбери действие для DuckLM. Финальный результат должен быть пригоден для маршрутизации." + Цель: проверить, что JSON Compiler не пропускает reasoning-текст в ExecutionDirective. + +9. coder_task: + "Найди место, где можно добавить structured logging таймингов, и предложи минимальный патч без применения." + Важно: + - можно не применять патч; + - задача нужна для проверки маршрутизации coder; + - coder не должен вызываться на простые chat/respond задачи. + +Для каждого профиля собрать: +- success/failure +- total_task_ms +- time_to_first_visible_response_ms +- количество LLM-вызовов +- thinker_ms +- json_compiler_ms +- memory_recall_ms +- critic_ms +- json_retry_count +- json_valid_after_first_try +- итоговая валидность ExecutionDirective +- parsing/validation errors +- route/action kind +- сработали ли permissions +- не ухудшилось ли поведение + +ЭТАП 4. Критерии оценки + +Профиль считается успешным только если: + +1. JSON stability: + - ExecutionDirective валиден после pipeline. + - json_retry_count не вырос значительно относительно baseline. + - Нет случаев, где невалидный JSON дошёл до ExecutionEngine. + - Нет случаев, где reasoning-текст попал в JSON как мусор. + +2. Safety: + - dangerous command не выполняется без разрешения. + - hard_stop/no_always/normal permissions не деградировали. + - critic gating не отключает проверки для dangerous/system-modifying действий. + - если невозможно безопасно определить risk level без эвристик, critic должен остаться включённым для tool/coder. + +3. Latency: + - simple_chat/direct_answer стали быстрее минимум на 20–30%. + - memory_related не стал заметно хуже по качеству. + - total_task_ms и time_to_first_visible_response_ms уменьшились. + +4. Quality: + - direct answers остаются связными. + - memory recall не добавляет мусорный контекст чаще baseline. + - coder_task не уходит в неправильный route. + - Menlo_Lucy не вызывает лавину retry/fallback. + +5. Architecture: + - не добавлены большие if/else-цепочки. + - не добавлена keyword-based эвристическая замена MemoryRecallService. + - routing остаётся model/config-driven, а не ручным набором условий. + +ЭТАП 5. Итоговый отчёт и результат + +Создай файл MODEL_ROUTING_EXPERIMENT.md. + +В отчёте должны быть разделы: + +1. Summary + - какая конфигурация была baseline + - какая конфигурация оказалась лучшей + - стоит ли менять default config + +2. Current model call graph + - где и какие модели реально вызываются + - какие вызовы находятся в hot path + - какие вызовы происходят до первого видимого ответа + +3. Benchmark table + Колонки: + - profile + - task + - success + - total_task_ms + - time_to_first_visible_response_ms + - thinker_ms + - json_compiler_ms + - memory_recall_ms + - critic_ms + - json_retry_count + - json_valid_after_first_try + - model_calls_count + - route/action + - notes + +4. Findings + - ускорил ли Menlo_Lucy JSON Compiler + - ухудшилась ли валидность JSON + - ускорил ли recall_sys_util + - сколько времени съедает critic + - помог ли critic gating без ухудшения safety + - где главный bottleneck + +5. Recommendation + Дай конкретную рекомендацию: + - оставить baseline + - или переключить recall_model на sys_util + - или использовать Menlo_Lucy как JSON Compiler + - или не использовать Menlo_Lucy как JSON Compiler из-за ошибок + - или включить critic_mode=tool_and_coder_only + - или оставить critic всегда включённым + +6. Safe patch plan + Если предлагаешь изменения — опиши минимальный патч: + - какие файлы менять + - какие config flags добавить + - какие тесты добавить/обновить + - как откатить + +7. Explicitly rejected approaches + Укажи, что в этом эксперименте НЕ использовались: + - эвристический MemoryRecallService; + - keyword-based recall; + - большие ручные if/else цепочки; + - удаление JSON Compiler; + - отключение permissions ради скорости. + +Финальный результат: +- Не ломать текущую работу. +- Все существующие тесты должны проходить. +- Новый benchmark script должен запускаться вручную. +- Итоговый отчёт должен быть понятен человеку и следующему AI-агенту. diff --git a/app/api/server.py b/app/api/server.py index b1e14b3..fbf9fff 100644 --- a/app/api/server.py +++ b/app/api/server.py @@ -23,7 +23,7 @@ class CriticFeedbackRequest(BaseModel): usefulness_override: float | None = None safety_override: float | None = None -from app.core.permission_resolution import PermissionResolutionRequest, SecretResolutionRequest, PasswordResolutionRequest +from app.core.permission_resolution import PermissionResolutionRequest, SecretResolutionRequest, PasswordResolutionRequest, ReviewResolutionRequest from app.core.contracts import UserTask from app.runtime.runtime_controller import RuntimeController from app.streaming.manager import StreamingManager @@ -33,19 +33,24 @@ from app.streaming.manager import StreamingManager async def lifespan(app: FastAPI): """Load models on startup.""" print("Lifespan: Starting model loading...") - loop = asyncio.get_event_loop() - - def load_models(): - try: - print("Lifespan: Loading models...") - runtime.load_models_at_startup() - print("Lifespan: Models loaded") - except Exception as e: - print(f"Lifespan: Failed to load models: {e}") - import traceback - traceback.print_exc() - - await loop.run_in_executor(None, load_models) + try: + print("Lifespan: Loading models...") + runtime.load_models_at_startup() + print("Lifespan: Models loaded") + + # Rebuild vector index if empty but memory store has data. + if runtime._memory_interface: + store_count = runtime._memory_interface.count() + if store_count > 0: + idx_count = runtime._memory_interface._vector_index.element_count + if idx_count == 0: + print(f"Lifespan: Rebuilding vector index ({store_count} entries)...") + runtime._memory_interface.reindex() + print("Lifespan: Vector index rebuilt") + except Exception as e: + print(f"Lifespan: Failed to load models: {e}") + import traceback + traceback.print_exc() yield # Server runs here @@ -80,24 +85,44 @@ def list_events(limit: int = 500) -> dict[str, object]: @app.post("/chat") def chat(task: UserTask) -> dict[str, object]: + submit = getattr(runtime, "submit_task", None) + if callable(submit): + return submit(task) return runtime.handle_task(task) @app.post("/permissions/resolve") def resolve_permission(request: PermissionResolutionRequest) -> dict[str, object]: + submit = getattr(runtime, "submit_permission_resolution", None) + if callable(submit): + return submit(task_id=request.task_id, decision=request.decision) return runtime.resolve_permission(task_id=request.task_id, decision=request.decision) @app.post("/secrets/resolve") def resolve_secret(request: SecretResolutionRequest) -> dict[str, object]: + submit = getattr(runtime, "submit_secret_resolution", None) + if callable(submit): + return submit(task_id=request.task_id, secret=request.secret) return runtime.resolve_secret(task_id=request.task_id, secret=request.secret) @app.post("/password/resolve") def resolve_password(request: PasswordResolutionRequest) -> dict[str, object]: + submit = getattr(runtime, "submit_password_resolution", None) + if callable(submit): + return submit(task_id=request.task_id, password=request.password) return runtime.resolve_password(task_id=request.task_id, password=request.password) +@app.post("/review/resolve") +def resolve_review(request: ReviewResolutionRequest) -> dict[str, object]: + submit = getattr(runtime, "submit_review_resolution", None) + if callable(submit): + return submit(task_id=request.task_id, decision=request.decision, correction=request.correction) + return runtime.resolve_review(task_id=request.task_id, decision=request.decision, correction=request.correction) + + @app.post("/critic/feedback") def critic_feedback(request: CriticFeedbackRequest) -> dict[str, object]: feedback = runtime.handle_critic_feedback( @@ -130,11 +155,15 @@ async def stream_task(websocket: WebSocket, task_id: str) -> None: queue = streaming.subscribe(task_id) try: while True: - event = await asyncio.wait_for(queue.get(), timeout=15) + try: + event = await asyncio.wait_for(queue.get(), timeout=30) + except asyncio.TimeoutError: + await websocket.send_json({"type": "heartbeat", "task_id": task_id}) + continue await websocket.send_json(event.model_dump(mode="json")) - if event.type in {"task_completed", "task_failed", "task_awaiting_permission", "task_awaiting_input"}: + if event.type in {"task_completed", "task_failed", "task_awaiting_permission", "task_awaiting_input", "task_awaiting_review"}: break - except (asyncio.TimeoutError, WebSocketDisconnect): + except WebSocketDisconnect: pass finally: streaming.unsubscribe(task_id, queue) diff --git a/app/api/static/favicon.ico b/app/api/static/favicon.ico new file mode 100644 index 0000000000000000000000000000000000000000..1566b590fcf80dce46fcbaf095889da5164c7f18 GIT binary patch literal 16958 zcmdU130##`+P|eNm%A_A3n*|!aRbqC-@z2M%)Qn5T1Q(@L0nrDP&2ihn);jyWwB|Q zZ@#p?_MCFmQd2NRK~ULLb`&u)waowbe_p(fgIpF-r|9>1?t9+zp7Z>l{hasxrBdC( z{~{t({MVuCJWQpssZ^@YBzCD1NYd}>&tNd9ZZJ7G|GlK=N$W|wNhPE+q>GnGeoLR+ zlQA+@o{?v7G=Dc@{z&q@inNb}7Lv>%bIF`Hg4gRcrw{p?N7_SbDP~vC%iOYttaZKk zZs|O2$&1))CCL@v*SlZVk~L-Rmh#_{=VQ5kA?bSKYwCQmw(!sr4A=7PV6OS`e-L+F z`3Nt<)3sn}?laL`r}Q_3-6;#`WHMc=3Fe?kW zS=lb>0LSL!O> zoG3qrYEo5MF{#8QmGjxk@={b)l%bO2N{f%;cx5?`6&2v6l`CK{8eueB;OV7-#bT+8 zx9+uIYiQ3Td#bw6Gbcfp14tL)B3Z_JF#e~PUgcIh`u6pK91&U4BHd zjlaE}hW3sCn2iP{UMg4^7hGTxtaWW*kBhOc=3u`bMvD>tordENF(2d3$F^eJ)E#&r zb{n4gOCI7=^YCKoe!RLa1D|cq!@^j2DvguwrcvUP|4Iw2uy8$G!?2DXBquNh$5%7^$d1I>Gy{sG9f027atMg0DaS z08zsRWAcQt@bU41-e`hG*Pt(4d7ilHn(#CJ>vaAYdCyXei~a|qrftKxC%544=#LS- zWGmv==3+@w9ui4QDT`&P`|#>J>G*V0HuCe!P*qZf>Qd%`(xaE@B!6E?68oxLklZ^( z|EXbo$k_HZA_nxvgmGgqbjT3qLOpGu!CFBuJ8j_F&S|CgF?Ym0kGzVBPkn{aPh?;e z{eS%9n{a>3msq$u2aA()uryUD8_%a?VR_nqtVqkmi|h8{e>WB5U|t!@N~@S7NTp?r z>m@i|N}nz+V7z2}aOz)TCG%z_s=vFWbeust*&8JLq5TAU2Z5EciC34w|7t_-5)`$DBWk(_M^NypcxEhs5N>Fi(^-nQV9 zGEnkC#bHz)%|urEMyz>#1tJIbz~EjX7;sxx>OTa1ZtIRwBcl`>XatY*z05V?7yr_j zgRtt24fyb%1xQ^_`~L6Ecw+trOpN{r<7RBaL(gnM{F)*>Cqy|s{pMjTWGskJJ&1&~ zLwK4pS(H+M#VNU1N#A(ot=;%b+IIZU2Yaz|cLnxlmElP7X{7JY!6%=5&YEvICQllJ zp0{;ESf~TNdv-*x@J{Fv5{&TBE~F6j?B1RIJ<+>&uf}jmEwsK78M&OpM7yzZpY#6T zKf({Ef5DGue#K8e{)(FFi}+^yalG)#PCPd61I$^mjs9PNg=_QhY;rypGA}-pl#K*p zPE0jY%aOPq)&YUa5 zFO~bAc0x*| z-7Fy`rsVM+<(5Pl$}{U|FKIcHMGjV^GM}VmVpU2y-gsv_maI%h+rW<8D>s<`1(#r# zcdsrnHg?Z!F`<>oh>(%DW8%}%c=eNH9Inp6=?hgj^K&&WoIQ?nKc7Vf?ct@Ae_+w; z^o4af)GKwGD*DdDLgI}l?#0BnjJjT)nuV3D8-+wJiy1Ex)*eJ6$1X`N#KJcZ;n_F% zY*Ieud4&B(=tKEf@&35}XBhR+Qa(o6>oVSZ>&)=h z){>dO-MNm3(E>L=8$#|Ijo=yM&~etC7`OBh{4M=MRGmA4GZ%j19_R=L3>*qa$Nrf9 zY!Y64=X=Db?IY$w)<=cpzevHim@}1kY*?7g+`$-`m{v%?IgIC$a%%mD zW1puTJ->$eBk5a=7#j_Z-T|G~1_OC*On1EReE;6~SmHNaCeF?I^{lZq%&`{P1DoAp z@8>{=r*4PuoJe$keY!nrvb`K)eNvkwvtZqa^B?F>={Dj!UKOB=5&d@6z_y?Zni1s}T^~ z2YQnq%+!_e(}aDXU>5u??cd0`Y&s*X#I56RHL<$Wri465p1fA`+{(?HE(W7CSJ`|=|gQ1D*1^;$cw=rgNEP4+ZOS=n(m%#xKGxvBlEA3v* z{l6Ag!B2e{8Jioa{{^$eKbQGWeBMeQ7i=O+jo>!(oQd}3$MY7uMh~^d1hdY{JYeB@ zoDr@4^=LO`5Q1j02A@qC%&*&UExAIX89F z*`V?wdHO&_U-n{s+1e1qK3}v_TcPGUI>sA4ZI7=u6utzjmHb)77CE29C8O5+QXHV) za()*i*w?$b$7keB$xJfA$ob8bt4XJZo#zTR@@jN9z{|@MRx|S;$ztZd+usvi$A_WE z%z+4dCIbF(Ll8J?I06|L!lK8*J2DI^lP7J~3{UD^c(ssBm*WX#N;~tQtcBE+vlmIr z^>ws4quEP2b23{zxE_hvEYy!eGMCm0vxf0cW3MI7>l)wXZ;k35Bk|44U{>r%Z`!7J8+4xd#|v#!sN;mL2$AbQu& zn6~2#9{jol4{puFm@l^@=+&2DjpKR5{M%uf-3M*v^+lIigAg*MFVul%+Iy{DwUmX9 z`gQKr#2*w~#OBQyVIx^dl7Ho_RcuoBo?4RRBt>>?<#}Zekr!oTCN-dYx##@Gtln|L zhxn<)J*oA5HH>v_yI@S(mx$i`BVxWgkBK{hQQwi+j?cJ=NjrbWJsH1Z;+~7RGvh4A ze(^bsvEyN%I}`y6`Z724N9a={5HzAU-xcUtJJ7~y*BZ*!NT067E|_Yunk7am#Pcln zDS4M|E&hMmwiCM&^U1SOe1+5qe%b%Z89=?~ACg1u1`XUKu9G*bmmOh`&BgeA$I+kI zrtG?i@weyiJV0Sf=6nLM)+^Zedqay;9phWI#Nrt(d*#Fcr9^A zr}IYeBhxYQU?uwHp2mHd=McNU2GQT2$CMqwJ+y(z8Rzj}&T&lmZWkigzX!hsQ(>DP z1;^Y$%!9q)JGU0Uv7>2;HA-L6|fhX6{bN-u*UoZ=Hp?c3hYxlRcdJuiswahzR zdSLw9A7Jc;%@`8@I@(Wq2&&!_aNBc##~+D(()J^;CMH1rIQOSBM<96mD0Ge+&RU4N zpVtq*^9M5@4nh0bgV5#4KJW}Q!9yptio8Rl-;-{V{;xd$6dCLxU1d*Vmmai3;VVdE zL;!8Ty)}7OF(!KWDSmpZ#UBBq@5P*5S!lmB0lKMU(dn@f=rJK2-5wZ#9?_BL!kXAG zb`Wf{hQWvAm>YpkytZ}=WDUvKcXROzR;TWr?N#qTMCV%OK(T$1ji1hdwpt_WK@)sf z^R@Fb!(XF?jrE*4tOG_bkAp4d4*32t0zpH%Av~lD+Vu`X@Z_H8I5QHy#BGlqi8isL zSRY5C{mcji_Tygd5`HE2ah;o>|N7p4T=o7-_^@2c%^KP3@Y;*E;Hm5Z^zdZOV`HDh zNR6K-^IAW2iiv>Z;l60sD;Ps~CeyWhX9V04N?(Y8_v|6?oy}S(CW$d;) z{#)?N-cLwsAn^r}kJLgosl8bjxUuHSO22EsJIC)&;*fDW-k5jryp0r&QSyAS2b_xR##vYwOVTIfoBT!-ITHCXtoY_}AUX>yt@yzkhT3gnT<#-+W4+ z_`aNF$T^sN_od^$)8Hifg2YVOm&^Hy%p)+h83=OSu9qtJRC!XfEWY_ig zuYzB&E9ZdJw->RG!W9FZqTz%_Wbb zTaxHi-nYu0t+rOWgzwUQ*`td+D8#XHW@WhKJ1*zuxE9b$=3GS5}tK}-CT z+DPKRKeIUdrnmwGtJCxJDZ5AlTtg4-+w-QT#i{AzdPuCjfn=7NiT&u}762~^Auj_G7coCkOi=(CErJgLj z3HV&eNY-v@P1{neuAZ0ugzTv*Z=xJzEm^a%y^JfKZ$!VGAIQ1F9+E44wX|R6mNn}8 ze)UFRy4E@6Y;6^3AE~97We%CE?s?s{@^-VIbC7rEcUJ59dpD_sb&52bAG_ zz}a4q+bY#i&Mtp}&Q_U*6BQ}lDi3G7S*857s@o>i_TN&st?mBL{acqG=k?}Vmaf84 zRNL?2Y@Kp&%Ej3_<>r*5vsKh0ib;@(DEH0MQejTLC=&$!OK(m+Ue+rI@HYPx_5MFC C9Zc*1 literal 0 HcmV?d00001 diff --git a/app/api/static/index.html b/app/api/static/index.html index 4993540..eeee4c4 100644 --- a/app/api/static/index.html +++ b/app/api/static/index.html @@ -1,815 +1,1089 @@ - + - ducklm runtime test chat + DuckLM Runtime -
-

ducklm runtime test chat

-

Thin browser client for checking task submission, tool execution and event replay.

-
-
-
-
- - +
+
+
+

🦆 DuckLM

+
+ + Connecting...
-
- -
- -
-
- Events -
- - -
-
-
- - -
- Что было неверно? - - - - - - -
- - +
+
+ +
+
+
+ +
- -
-
+
+ Enter — отправить, Shift+Enter — перенос строки +
+ + + +
+
+

Runtime

+
+ + +
+
+
+
+ +
+
+ + + +
+

Что было неверно?

+ + + + + + +
+ + +
+
+ + diff --git a/app/core/async_router.py b/app/core/async_router.py index 877a6a9..dc23d48 100644 --- a/app/core/async_router.py +++ b/app/core/async_router.py @@ -322,6 +322,14 @@ class AsyncRouter: history_text = "\n".join([f"- {h.get('text', '')}" for h in session_history[:3]]) prompt_lines.append(f"\nPrevious requests in this session:\n{history_text}") + # Active memory recall results + memory_recall = context.get("memory_recall") + if memory_recall: + prompt_lines.append("\n=== ИЗ ДОЛГОВРЕМЕННОЙ ПАМЯТИ (ACTIVE RECALL) ===") + prompt_lines.append(f"Поисковый запрос: {memory_recall.get('query', '')}") + prompt_lines.append(memory_recall.get("summary", "")) + prompt_lines.append("=== КОНЕЦ ПАМЯТИ ===") + prompt_lines.extend([ "", f"AVAILABLE TOOLS (JSON):", diff --git a/app/core/command_analyzer.py b/app/core/command_analyzer.py new file mode 100644 index 0000000..b2a1e4e --- /dev/null +++ b/app/core/command_analyzer.py @@ -0,0 +1,60 @@ +from __future__ import annotations + +import re +import shlex +from typing import Any + +from app.core.permission_service import PermissionService + + +class CommandAnalyzer: + """Deterministic shell action analyzer for structured critic evidence.""" + + _SPLIT_RE = re.compile(r"\s*(?:&&|;)\s*") + + def __init__(self, permission_service: PermissionService) -> None: + self._permission_service = permission_service + + def analyze(self, command: str, task_id: str, session_id: str) -> dict[str, Any]: + segments = [segment.strip() for segment in self._SPLIT_RE.split(command) if segment.strip()] + root_required: list[str] = [] + elevated: list[str] = [] + unelevated_root: list[str] = [] + + for segment in segments: + normalized, is_elevated = self._strip_sudo(segment) + check = self._permission_service.check_shell_command( + task_id=task_id, + session_id=session_id, + command=normalized, + ) + if check.get("requires_sudo"): + root_required.append(normalized) + if is_elevated: + elevated.append(normalized) + else: + unelevated_root.append(normalized) + + diagnosis_type = "privilege_scope_error" if unelevated_root else "ok" + return { + "type": diagnosis_type, + "command": command, + "segments": segments, + "root_required_segments": root_required, + "elevated_segments": elevated, + "unelevated_root_segments": unelevated_root, + } + + def _strip_sudo(self, segment: str) -> tuple[str, bool]: + try: + parts = shlex.split(segment) + except ValueError: + return segment, segment.strip().startswith("sudo ") + if not parts or parts[0] != "sudo": + return segment, False + index = 1 + while index < len(parts) and parts[index].startswith("-"): + index += 1 + if index < len(parts) and parts[index - 1] in {"-p", "--prompt"}: + index += 1 + return " ".join(shlex.quote(part) for part in parts[index:]), True diff --git a/app/core/config.py b/app/core/config.py index 831d094..2e7090b 100644 --- a/app/core/config.py +++ b/app/core/config.py @@ -38,6 +38,8 @@ class PermissionsConfig(BaseModel): class RuntimeConfig(BaseModel): step_timeout_ms: int = 30_000 task_timeout_ms: int = 300_000 + shell_command_timeout_ms: int = 3_600_000 + shell_idle_timeout_ms: int = 600_000 planner_retry_limit: int = 2 tool_retry_limit: int = 1 replan_limit: int = 1 @@ -55,6 +57,7 @@ class RuntimeConfig(BaseModel): reserve_for_generation_pct: int = 25 orchestrator_retry_limit: int = 2 intent_classifier: str = "thinker" + recall_model: str = "sys_util" memory_thresholds: dict[str, float] = Field(default_factory=dict) critic_fallback_policy: str = "continue_without_critic" checkpoint_policy: dict[str, Any] = Field(default_factory=dict) @@ -64,6 +67,8 @@ class RuntimeConfig(BaseModel): debug_orchestrator_log_length: int = 500 json_fix_retry_limit: int = 2 json_fix_use_sys_util: bool = True + recall_model: str = "json_compiler" + critic_retry_limit: int = 2 class AppConfig(BaseModel): @@ -86,4 +91,3 @@ def load_app_config(config_dir: str | Path) -> AppConfig: permissions=PermissionsConfig.model_validate(_load_json(config_path / "permissions.json")), runtime=RuntimeConfig.model_validate(_load_json(config_path / "runtime.json")), ) - diff --git a/app/core/execution_engine.py b/app/core/execution_engine.py index b5641e5..cb0d8c1 100644 --- a/app/core/execution_engine.py +++ b/app/core/execution_engine.py @@ -13,8 +13,10 @@ from app.core.contracts import ( RuntimeEvent, SecretRequest, ToolCall, + ToolResult, UserTask, ) +from app.core.command_analyzer import CommandAnalyzer from app.core.execution_scheduler import ExecutionScheduler from app.events.event_bus import EventBus from app.events.event_types import ( @@ -29,6 +31,7 @@ from app.events.event_types import ( STEPPED_COMPLETED, TOOL_CALLED, TOOL_COMPLETED, + TOOL_OUTPUT_CHUNK, ) from app.models.async_adapters import AsyncCriticAdapter, AsyncCoderAdapter from app.memory.write_policy import MemoryWritePolicy @@ -49,6 +52,8 @@ class ExecutionEngine: memory_interface: MemoryInterface | None = None, prompts: dict[str, str] | None = None, recovery_limit: int = 1, + critic_retry_limit: int = 2, + command_analyzer: CommandAnalyzer | None = None, ) -> None: self._event_bus = event_bus self._tool_registry = tool_registry @@ -60,6 +65,8 @@ class ExecutionEngine: self._memory_interface = memory_interface self._prompts = prompts or {} self._recovery_limit = recovery_limit + self._critic_retry_limit = critic_retry_limit + self._command_analyzer = command_analyzer def set_critic(self, critic: AsyncCriticAdapter) -> None: self._critic = critic @@ -103,9 +110,10 @@ class ExecutionEngine: return { "status": "completed", "result": { - "message": f"Runtime accepted task: {task.input}", + "message": scheduled.payload.get("text", f"Runtime accepted task: {task.input}"), "mode": scheduled.payload.get("mode", "direct_response"), }, + "directive": scheduled.model_dump(mode="json"), } if scheduled.type == "coder": @@ -179,6 +187,7 @@ class ExecutionEngine: completed_steps: set[str] = set() step_results: list[dict[str, Any]] = [] + critic_retries_used = 0 # Track critic→replan cycles ready_steps = self._get_ready_steps(graph, completed_steps) @@ -212,10 +221,15 @@ class ExecutionEngine: password_override=password_override, ) - # If tool needs permission - return immediately, don't continue execution - if result.get("status") == "awaiting_permission": + # If tool needs human input/review - return immediately. + if result.get("status") in ( + "awaiting_permission", + "awaiting_input", + "awaiting_password", + "awaiting_review", + ): return { - "status": "awaiting_permission", + "status": result.get("status"), "result": result.get("result", {}), "step_results": step_results, } @@ -231,7 +245,76 @@ class ExecutionEngine: "status": result.get("status"), }) + # === Critic evaluation === + if self._critic and result.get("status") == "completed": + critic_score = self._evaluate_with_critic(task, step, result) + if critic_score: + result["critic_score"] = { + "correctness": critic_score.correctness, + "usefulness": critic_score.usefulness, + "safety": critic_score.safety, + "memory_store": critic_score.memory_store, + "weight": critic_score.weight, + "explanation": critic_score.explanation, + } + self._save_critique_to_memory(task, step, critic_score) + + # Check if step result is satisfactory + min_correctness = 0.5 + if critic_score.correctness < min_correctness: + # Step failed critic check — try to recover + if critic_retries_used < self._critic_retry_limit and step.kind != "respond": + critic_retries_used += 1 + self._publish(task, CRITIC_RESULT, { + "step_id": step.id, + "score": critic_score.model_dump(mode="json"), + "action": "retry", + "retry": critic_retries_used, + }) + # Retry the same step — rebuild directive + retry_directive = ExecutionDirective( + type=step.kind, + payload={"tool": step.tool, "args": step.args}, + requires_permission=step.requires_confirmation, + reason=step.description, + ) + retry_result = self._execute_tool( + task=task, + directive=retry_directive, + permission_override=permission_override, + secret_override=secret_override, + password_override=password_override, + ) + if retry_result.get("status") == "completed": + result = retry_result + step_results[-1]["result"] = result + # Re-evaluate after retry + critic_score2 = self._evaluate_with_critic(task, step, result) + if critic_score2 and critic_score2.correctness >= min_correctness: + # Retry succeeded + continue + # If retry also failed, continue to next step + else: + self._publish(task, CRITIC_RESULT, { + "step_id": step.id, + "score": critic_score.model_dump(mode="json"), + "action": "give_up", + "reason": f"Critic retry limit ({self._critic_retry_limit}) reached", + }) + + # Handle failed step if result.get("status") == "failed": + review = self._build_failed_step_review(task, step, result) + if review: + return { + "status": "awaiting_review", + "result": { + "error": f"Step {step.id} requires review before replanning", + "failed_step": step.id, + "step_results": step_results, + "review": review, + }, + } recovery = self._recover_failed_step( task=task, step=step, @@ -266,16 +349,6 @@ class ExecutionEngine: }, } - requires_execution = directive.payload.get("requires_execution", True) - if requires_execution and self._critic: - critic_result = self._evaluate_with_critic( - task, step, result - ) - if critic_result: - # Convert to dict for JSON serialization - result["critic_score"] = critic_result.model_dump(mode="json") if hasattr(critic_result, 'model_dump') else dict(critic_result) - self._save_critique_to_memory(task, step, critic_result) - ready_steps = self._get_ready_steps(graph, completed_steps) return { @@ -286,6 +359,31 @@ class ExecutionEngine: }, } + def _build_failed_step_review(self, task: UserTask, step, result: dict[str, Any]) -> dict[str, Any] | None: + if step.tool != "shell_exec" or not self._command_analyzer: + return None + command = str((step.args or {}).get("command", "")) + if not command: + return None + diagnosis = self._command_analyzer.analyze( + command=command, + task_id=task.task_id, + session_id=task.session_id, + ) + if diagnosis.get("type") == "ok": + return None + return { + "step_id": step.id, + "tool": step.tool, + "command": command, + "diagnosis": diagnosis, + "critic_assessment": { + "classification": "model_planning_error", + "needs_replan": True, + "explanation": "Structured command analysis found a model action error before recovery.", + }, + } + def _recover_failed_step( self, task: UserTask, @@ -496,11 +594,23 @@ Previous step results: step, score: CriticScore, ) -> None: - """Save critic evaluation as critique entry in memory.""" + """Save critic evaluation as critique entry in memory, using MemoryWritePolicy.""" if not self._memory_interface: return try: + # Check with policy before saving + if self._memory_policy: + decision = self._memory_policy.decide( + critic_score=score, + memory_type="critique", + session_id=task.session_id, + ) + if decision == "skip": + logger.info(f"MemoryWritePolicy skipped critique for {step.tool}") + return + # For "store_with_weight", we could adjust weight, but critic score already has weight + tool_name = step.tool tool_args = step.args or {} args_str = ", ".join([f"{k}={v}" for k, v in tool_args.items()]) @@ -537,6 +647,26 @@ Previous step results: base_prompt = self._prompts.get("critic", "") tool_result = result.get("result", {}) + # Truncate long outputs to avoid exceeding context window + # Keep output under ~2000 chars to leave room for prompt + generation + output = tool_result.get("output", "") + if isinstance(output, str) and len(output) > 2000: + output = output[:2000] + "\n... [truncated]" + elif not isinstance(output, str): + output_str = json.dumps(output, ensure_ascii=False) + if len(output_str) > 2000: + output = output_str[:2000] + "\n... [truncated]" + else: + output = output_str + + # Build a compact result representation + compact_result = { + "ok": tool_result.get("ok"), + "output": output, + "error": tool_result.get("error"), + "exit_code": tool_result.get("metadata", {}).get("exit_code"), + } + return f"""{base_prompt} Step: {step.description} @@ -544,7 +674,7 @@ Tool: {step.tool} Args: {step.args} Result: -{json.dumps(tool_result, indent=2)} +{json.dumps(compact_result, indent=2, ensure_ascii=False)} Evaluate and respond with JSON: {{"correctness": 0.0-1.0, "usefulness": 0.0-1.0, "safety": 0.0-1.0, "memory_store": true|false, "weight": 0.0-1.0, "explanation": "..."}}""" @@ -618,9 +748,16 @@ Evaluate and respond with JSON: return {"status": "failed", "result": {"error": f"Unknown tool: {tool_name}. Available tools: {available_tools}"}} permission_result = None - + + # If permission_override is provided, skip permission check + if permission_override is not None: + permission_result = { + "decision": permission_override.decision, + "command": tool_args.get("command", ""), + "cached": True, + } # Check permission for shell_exec and file_write - if tool_name == "shell_exec": + elif tool_name == "shell_exec": permission_result = self._permission_service.check_shell_command( task_id=task.task_id, session_id=task.session_id, @@ -693,7 +830,13 @@ Evaluate and respond with JSON: if tool_name == "shell_exec": command = str(tool_args.get("command", "")) - if command.startswith("sudo ") and secret_override is None: + + # Determine if sudo password is needed: + # 1. Command explicitly starts with "sudo" + # 2. Command is a known sudo-requiring command (apt, systemctl, etc.) — flagged by permission service + needs_password = command.startswith("sudo ") or (permission_result is not None and permission_result.get("requires_sudo", False)) + + if needs_password and secret_override is None: secret_request = SecretRequest( task_id=task.task_id, session_id=task.session_id, @@ -709,8 +852,12 @@ Evaluate and respond with JSON: "secret_request": secret_request.model_dump(mode="json"), }, } - if command.startswith("sudo ") and secret_override is not None: - tool_args["command"] = f"sudo -S -p '' {command[len('sudo '):]}" + if needs_password and secret_override is not None: + # Inject sudo -S for explicit sudo commands, or prepend sudo -S for implicit ones + if command.startswith("sudo "): + tool_args["command"] = f"sudo -S -p '' {command[len('sudo '):]}" + else: + tool_args["command"] = f"sudo -S -p '' {command}" tool_args["stdin_secret"] = f"{secret_override}\n" tool_call = ToolCall( @@ -720,10 +867,43 @@ Evaluate and respond with JSON: step_id="step-1", ) self._publish(task, TOOL_CALLED, tool_call.model_dump(mode="json")) + if tool_name == "shell_exec": + tool_args["__output_callback"] = lambda stream, chunk: self._publish( + task, + TOOL_OUTPUT_CHUNK, + { + "tool": tool_name, + "step_id": "step-1", + "stream": stream, + "chunk": chunk, + }, + ) tool_result = self._tool_registry.get(tool_name).execute(task=task, args=tool_args) self._publish(task, TOOL_COMPLETED, tool_result.model_dump(mode="json")) - needs_sudo = tool_result.metadata.get("needs_sudo", False) if tool_result.metadata else False + metadata = tool_result.metadata or {} + needs_sudo = metadata.get("needs_sudo", False) + sudo_auth_failed = metadata.get("sudo_auth_failed", False) or self._looks_like_sudo_auth_failure(tool_result) + + if tool_name == "shell_exec" and not tool_result.ok and sudo_auth_failed: + original_command = str(directive.payload.get("args", {}).get("command", tool_args.get("command", ""))) + secret_request = SecretRequest( + task_id=task.task_id, + session_id=task.session_id, + kind="sudo_password", + prompt="Sudo password incorrect. Try again", + command=original_command, + ) + self._publish(task, SECRET_REQUESTED, secret_request.model_dump(mode="json")) + return { + "status": "awaiting_input", + "result": { + "error": "Sudo password failed", + "secret_request": secret_request.model_dump(mode="json"), + "attempt_failed": True, + "tool_result": tool_result.model_dump(mode="json"), + }, + } if not tool_result.ok and needs_sudo: return { @@ -737,11 +917,51 @@ Evaluate and respond with JSON: }, } + if tool_name == "shell_exec" and not tool_result.ok and self._command_analyzer: + original_command = str(directive.payload.get("args", {}).get("command", tool_args.get("command", ""))) + diagnosis = self._command_analyzer.analyze( + command=original_command, + task_id=task.task_id, + session_id=task.session_id, + ) + if diagnosis.get("type") != "ok": + return { + "status": "awaiting_review", + "result": { + "error": "Tool action requires review before replanning", + "review": { + "step_id": "step-1", + "tool": tool_name, + "command": original_command, + "diagnosis": diagnosis, + "critic_assessment": { + "classification": "model_planning_error", + "needs_replan": True, + "explanation": "Structured command analysis found a model action error before recovery.", + }, + }, + "tool_result": tool_result.model_dump(mode="json"), + }, + } + return { "status": "completed" if tool_result.ok else "failed", "result": tool_result.model_dump(mode="json"), } + def _looks_like_sudo_auth_failure(self, tool_result: ToolResult) -> bool: + output = f"{tool_result.output or ''}\n{tool_result.error or ''}".lower() + return any( + marker in output + for marker in ( + "incorrect password", + "incorrect password attempt", + "sudo: no password was provided", + "sorry, try again", + "authentication failure", + ) + ) + def _publish(self, task: UserTask, event_type: str, payload: dict[str, Any]) -> None: if not self._event_bus: return diff --git a/app/core/permission_resolution.py b/app/core/permission_resolution.py index 83c2a67..afd9d06 100644 --- a/app/core/permission_resolution.py +++ b/app/core/permission_resolution.py @@ -16,3 +16,9 @@ class SecretResolutionRequest(BaseModel): class PasswordResolutionRequest(BaseModel): task_id: str password: str + + +class ReviewResolutionRequest(BaseModel): + task_id: str + decision: str + correction: str | None = None diff --git a/app/core/permission_service.py b/app/core/permission_service.py index 72a6a93..dd0f852 100644 --- a/app/core/permission_service.py +++ b/app/core/permission_service.py @@ -76,8 +76,9 @@ class PermissionService: "decision": "allowed_always", "command": normalized, "cached": True, + "requires_sudo": _requires_sudo(normalized), } - + if command_hash in cache.get("allowed_once", {}): cached = cache["allowed_once"][command_hash] if cached.get("task_id") == task_id: @@ -85,6 +86,7 @@ class PermissionService: "decision": "allowed_once", "command": normalized, "cached": True, + "requires_sudo": _requires_sudo(normalized), } # Check hard stop @@ -116,16 +118,21 @@ class PermissionService: # Check no_always category category = self._get_category(normalized) can_always = self._categories.get(category, {}).get("allow_always", True) - + + # Check if command requires sudo (e.g. apt, systemctl without explicit sudo prefix) + requires_sudo = _requires_sudo(normalized) + # Need user confirmation - return { + result = { "decision": "prompt", "command": normalized, "category": category, "allow_always": can_always, + "requires_sudo": requires_sudo, "task_id": task_id, "session_id": session_id, } + return result def check_write_path( self, @@ -242,29 +249,51 @@ class PermissionService: def _is_hard_stop(self, command: str) -> bool: """Check if command is hard stop.""" hard_stop_commands = self._categories.get("hard_stop", {}).get("commands", []) - - cmd_lower = command.lower() + + cmd_lower = command.lower().strip() + cmd_tokens = cmd_lower.split() + for hs in hard_stop_commands: - if hs.lower() in cmd_lower: + hs_lower = hs.lower().strip() + # For "rm -rf /" and "rm -rf /*", only match exact command + # Don't match "rm -rf /tmp/nonexistent" as hard stop + if hs_lower in ("rm -rf /", "rm -rf /*"): + if cmd_lower == hs_lower: + return True + continue + # For other patterns, use substring match + if hs_lower in cmd_lower: return True - + return False def _get_category(self, command: str) -> str: """Get command category.""" - cmd_lower = command.lower() - - # Check no_always category + cmd_lower = command.lower().strip() + cmd_first_word = cmd_lower.split()[0] if cmd_lower.split() else "" + + # Check no_always category — match by first word or known multi-word prefixes no_always = self._categories.get("no_always", {}).get("commands", []) - for cmd in no_always: - if cmd in cmd_lower: + for pattern in no_always: + pat_lower = pattern.lower().strip() + # Match if first word matches (e.g. "apt" matches "apt list --upgradable") + # or if command starts with the pattern (e.g. "systemctl stop" matches "systemctl stop nginx") + if cmd_first_word == pat_lower or cmd_lower.startswith(pat_lower + " "): return "no_always" - + + # Check hard_stop by first word + hard_stop = self._categories.get("hard_stop", {}).get("commands", []) + for pattern in hard_stop: + pat_lower = pattern.lower().strip() + if cmd_first_word == pat_lower or cmd_lower.startswith(pat_lower + " "): + return "hard_stop" + # Default to normal return "normal" SUDO_COMMANDS = { + "sudo", "apt", "apt-get", "dpkg", "yum", "dnf", "pacman", "zypper", "systemctl", "service", "mount", "umount", "shutdown", "reboot", "halt", "poweroff", diff --git a/app/events/event_types.py b/app/events/event_types.py index 86280d2..7ab7e91 100644 --- a/app/events/event_types.py +++ b/app/events/event_types.py @@ -2,12 +2,15 @@ TASK_RECEIVED = "task_received" CONTEXT_BUILT = "context_built" STEP_STARTED = "step_started" TOOL_CALLED = "tool_called" +TOOL_OUTPUT_CHUNK = "tool_output_chunk" TOOL_COMPLETED = "tool_completed" PERMISSION_REQUESTED = "permission_requested" PERMISSION_RESOLVED = "permission_resolved" TASK_AWAITING_PERMISSION = "task_awaiting_permission" SECRET_REQUESTED = "secret_requested" TASK_AWAITING_INPUT = "task_awaiting_input" +TASK_AWAITING_REVIEW = "task_awaiting_review" +REVIEW_RESOLVED = "review_resolved" CHECKPOINT_SAVED = "checkpoint_saved" TASK_COMPLETED = "task_completed" TASK_FAILED = "task_failed" @@ -29,3 +32,4 @@ THINKER_CALLED = "thinker_called" THINKER_RESULT = "thinker_result" JSON_COMPILER_CALLED = "json_compiler_called" JSON_COMPILER_RESULT = "json_compiler_result" +MEMORY_RECALL_USED = "memory_recall_used" diff --git a/app/memory/interface.py b/app/memory/interface.py index d066eda..8ab756c 100644 --- a/app/memory/interface.py +++ b/app/memory/interface.py @@ -101,14 +101,24 @@ class MemoryInterface: def count(self) -> int: return self._store.count() - def reindex(self) -> None: + def reindex(self) -> int: + """Rebuild vector index from all entries in memory store. + Returns number of indexed entries.""" entries = self._store.get_all(limit=10000) - self._vector_index.save() + # Delete old index file and re-initialize from scratch + import os + if self._vector_index._index_path and self._vector_index._index_path.exists(): + self._vector_index._index_path.unlink() + self._vector_index._index = None + self._vector_index._init_index() + count = 0 for entry in entries: text = entry.text embedding = self._embeddings.encode(text) self._vector_index.insert(entry.id, embedding) + count += 1 self._vector_index.save() + return count def close(self) -> None: self._store.close() diff --git a/app/memory/recall.py b/app/memory/recall.py new file mode 100644 index 0000000..e0e847a --- /dev/null +++ b/app/memory/recall.py @@ -0,0 +1,205 @@ +from __future__ import annotations + +import json +import logging +from typing import Any + +from app.core.contracts import MemoryEntry +from app.memory.interface import MemoryInterface +from app.models.async_adapters import AsyncOrchestratorAdapter + +logger = logging.getLogger(__name__) + +RECALL_PROMPT_TEMPLATE = """Определи, нужно ли искать в долговременной памяти для ответа на этот запрос. + +Запрос: "{task_input}" + +ИСКАТЬ в памяти если запрос: +- Содержит вопрос о пользователе (имя, предпочтения, история) +- Содержит отсылки к прошлым разговорам или действиям +- Содержит местоимения без контекста ("он", "это", "тот файл") +- Просит вспомнить, повторить, рассказать о прошлом +- Спрашивает "что ты помнишь", "как меня зовут", "что я говорил" + +НЕ ИСКАТЬ если: +- Приветствие или прощание +- Простая команда (ls, pwd, echo) +- Общий вопрос не связанный с прошлым + +Ответь ТОЛЬКО JSON: +{{"should_recall": true, "search_query": "поисковый запрос"}} +или +{{"should_recall": false, "reason": "краткая причина"}}""" + + +class MemoryRecallService: + """Активное воспоминание: система сама решает, что и когда искать в памяти.""" + + def __init__( + self, + memory_interface: MemoryInterface | None, + recall_model: AsyncOrchestratorAdapter | None, + ) -> None: + self._memory = memory_interface + self._model = recall_model + + async def recall( + self, + task_input: str, + top_k: int = 5, + ) -> dict[str, Any]: + """ + Определяет необходимость воспоминания и выполняет поиск. + + Возвращает: + { + "should_recall": bool, + "reason": str, + "query": str, + "results": list[MemoryEntry], + "summary": str, # краткая сводка для оркестратора + } + """ + if not self._memory or not self._model: + with open("/tmp/recall_debug.log", "a") as f: + f.write(f"SKIP: memory={self._memory is not None}, model={self._model is not None}\n") + return self._empty_result("memory_or_model_unavailable") + + # 1. LLM решает, нужно ли искать + decision = await self._classify(task_input) + with open("/tmp/recall_debug.log", "a") as f: + f.write(f"DECISION type={type(decision)} value={decision}\n") + if not isinstance(decision, dict): + return self._empty_result("invalid_decision_type") + if not decision.get("should_recall"): + return self._empty_result(decision.get("reason", "not_needed")) + + search_query = decision.get("search_query", task_input) + logger.info(f"Memory recall: query='{search_query}', reason='{decision.get('reason')}'") + + # 2. Векторный поиск + try: + raw_results = self._memory.search(query=search_query, top_k=top_k) + except Exception as e: + logger.warning(f"Memory search failed: {e}") + return self._empty_result("search_failed") + + # 3. Фильтрация: убираем пустые и слишком нерелевантные + filtered = self._filter(raw_results) + + if not filtered: + return self._empty_result("no_relevant_results") + + # 4. Сводка для оркестратора + summary = self._summarize(filtered, search_query) + + return { + "should_recall": True, + "reason": decision.get("reason", ""), + "query": search_query, + "results": filtered, + "summary": summary, + } + + async def _classify(self, task_input: str) -> dict[str, Any]: + """LLM-классификация: нужно ли искать в памяти.""" + prompt = RECALL_PROMPT_TEMPLATE.format(task_input=task_input) + + try: + raw = await self._model.generate(prompt, max_tokens=512) + data = self._parse_json(raw) + if "should_recall" in data: + return data + logger.warning(f"Recall classification missing 'should_recall': {raw[:200]}") + return {"should_recall": False, "reason": "parse_error"} + except Exception as e: + logger.warning(f"Recall classification failed: {e}") + return {"should_recall": False, "reason": "classification_error"} + + def _filter( + self, + results: list[tuple[MemoryEntry, float]], + min_score: float = 0.3, + ) -> list[MemoryEntry]: + """Фильтрует результаты по score и убирает дубликаты.""" + seen_texts: set[str] = set() + filtered: list[MemoryEntry] = [] + + for entry, score in results: + if score < min_score: + continue + # Нормализуем текст для дедупликации + normalized = entry.text.strip().lower()[:100] + if normalized in seen_texts: + continue + seen_texts.add(normalized) + filtered.append(entry) + + return filtered + + def _summarize( + self, + results: list[MemoryEntry], + query: str, + ) -> str: + """Краткая сводка найденного для оркестратора.""" + parts = [f"По запросу '{query}' найдено {len(results)} записей:"] + for i, entry in enumerate(results[:5], 1): + text_preview = entry.text[:120].replace("\n", " ") + parts.append(f" {i}. [{entry.kind}] {text_preview}") + return "\n".join(parts) + + def _parse_json(self, raw: str) -> dict[str, Any]: + """Извлекает JSON из ответа модели, пропуская рассуждения перед ним.""" + try: + json_start = raw.find("{") + json_end = raw.rfind("}") + 1 + + if json_start < 0 or json_end <= 0: + return {} + + # Пробуем весь текст от первого { до последнего } + try: + data = json.loads(raw[json_start:json_end]) + if isinstance(data, dict): + return data + except json.JSONDecodeError: + pass + + # Ищем все возможные начала JSON + candidates = [] + pos = 0 + while True: + pos = raw.find("{", pos) + if pos < 0: + break + candidates.append(pos) + pos += 1 + + # Пробуем каждый candidate с конца + for start in reversed(candidates): + end = raw.rfind("}") + 1 + if end <= start: + continue + try: + data = json.loads(raw[start:end]) + if isinstance(data, dict): + return data + except json.JSONDecodeError: + continue + + return {} + except Exception as e: + with open("/tmp/recall_debug.log", "a") as f: + f.write(f"PARSE ERROR: {e}\n") + return {} + + @staticmethod + def _empty_result(reason: str) -> dict[str, Any]: + return { + "should_recall": False, + "reason": reason, + "query": "", + "results": [], + "summary": "", + } diff --git a/app/runtime/runtime_controller.py b/app/runtime/runtime_controller.py index 06fcbe1..47eb065 100644 --- a/app/runtime/runtime_controller.py +++ b/app/runtime/runtime_controller.py @@ -1,11 +1,13 @@ from __future__ import annotations import json +from concurrent.futures import Future, ThreadPoolExecutor from threading import RLock from pathlib import Path from app.core.config import AppConfig, load_app_config from app.core.context_builder import ContextBuilder +from app.core.command_analyzer import CommandAnalyzer from app.core.contracts import UserTask from app.core.execution_engine import ExecutionEngine from app.core.execution_scheduler import ExecutionScheduler @@ -13,6 +15,7 @@ from app.core.async_router import AsyncRouter from app.events.event_bus import EventBus from app.events.event_store import SQLiteEventStore from app.memory import MemoryInterface, MemoryStore, VectorIndex +from app.memory.recall import MemoryRecallService from app.memory.write_policy import MemoryWritePolicy from app.models import ( CoderAdapter, @@ -64,6 +67,8 @@ class RuntimeController: self._model_cache: dict[tuple[object, ...], tuple[object, RLock]] = {} self._memory_interface: MemoryInterface | None = None self._memory_policy: MemoryWritePolicy | None = None + self._background_executor = ThreadPoolExecutor(max_workers=4, thread_name_prefix="ducklm-task") + self._background_tasks: dict[str, Future[dict[str, object]]] = {} self.tool_registry = None self.tool_sandbox = None @@ -75,6 +80,8 @@ class RuntimeController: self.tool_sandbox = ToolSandbox( allowed_root=self.base_dir, timeout_ms=runtime_config.step_timeout_ms, + command_timeout_ms=runtime_config.shell_command_timeout_ms, + idle_timeout_ms=runtime_config.shell_idle_timeout_ms, ) self.tool_registry = self._create_tool_registry() @@ -121,6 +128,7 @@ class RuntimeController: self.permission_service = PermissionService( config=self._load_permissions_config(), ) + self.command_analyzer = CommandAnalyzer(self.permission_service) self.execution_engine = ExecutionEngine( event_bus=self.event_bus, @@ -134,6 +142,8 @@ class RuntimeController: memory_interface=self._memory_interface, prompts=self._prompts, recovery_limit=runtime_config.tool_retry_limit, + critic_retry_limit=runtime_config.critic_retry_limit, + command_analyzer=self.command_analyzer, ) self.runtime_loop = RuntimeLoop( @@ -194,35 +204,35 @@ class RuntimeController: if thinker_config.get("path"): llm, lock = self._get_or_create_llm("thinker", thinker_config) self._thinker = OrchestratorAdapter(llm, system_prompt=self._prompts.get("thinker"), lock=lock) - print(f"Thinker loaded: {self._thinker} (model: {thinker_config.get("path")})") + print(f"Thinker loaded: {self._thinker} (model: {thinker_config.get('path')})") print("Loading json_compiler model...") compiler_config = self.config.models.json_compiler or {} if compiler_config.get("path"): llm, lock = self._get_or_create_llm("json_compiler", compiler_config) self._json_compiler = OrchestratorAdapter(llm, system_prompt=self._prompts.get("json_compiler"), lock=lock) - print(f"JSON Compiler loaded: {self._json_compiler} (model: {compiler_config.get("path")})") + print(f"JSON Compiler loaded: {self._json_compiler} (model: {compiler_config.get('path')})") print("Loading coder model...") coder_config = self.config.models.coder or {} if coder_config.get("path"): llm, lock = self._get_or_create_llm("coder", coder_config) self._coder = CoderAdapter(llm, system_prompt=self._prompts.get("coder"), lock=lock) - print(f"Coder loaded: {self._coder} (model: {coder_config.get("path")})") + print(f"Coder loaded: {self._coder} (model: {coder_config.get('path')})") print("Loading critic model...") critic_config = self.config.models.critic or {} if critic_config.get("path"): llm, lock = self._get_or_create_llm("critic", critic_config) self._critic = CriticAdapter(llm, system_prompt=self._prompts.get("critic"), lock=lock) - print(f"Critic loaded: {self._critic} (model: {critic_config.get("path")})") + print(f"Critic loaded: {self._critic} (model: {critic_config.get('path')})") print("Loading sys_util model...") sys_util_config = self.config.models.sys_util or {} if sys_util_config.get("path"): llm, lock = self._get_or_create_llm("sys_util", sys_util_config) self._sys_util = OrchestratorAdapter(llm, system_prompt=self._prompts.get("sys_util"), lock=lock) - print(f"Sys_util loaded: {self._sys_util} (model: {sys_util_config.get("path")})") + print(f"Sys_util loaded: {self._sys_util} (model: {sys_util_config.get('path')})") print("All models loaded successfully") @@ -241,6 +251,28 @@ class RuntimeController: if async_coder: self.execution_engine.set_coder(async_coder) + # Create MemoryRecallService using the configured model (default: sys_util) + # Reuses already-loaded async adapter — no duplicate model loading + recall_model_name = self.config.runtime.recall_model + recall_async_model = { + "sys_util": async_sys_util, + "thinker": async_thinker, + "json_compiler": async_compiler, + "critic": async_critic, + "coder": async_coder, + }.get(recall_model_name, async_sys_util) + + self._recall_service = MemoryRecallService( + memory_interface=self._memory_interface, + recall_model=recall_async_model, + ) + self.runtime_loop.set_recall_service(self._recall_service) + print(f"MemoryRecallService initialized with model: {recall_model_name}") + + # Set memory policy in runtime loop + self.runtime_loop.set_memory_policy(self._memory_policy) + print(f"MemoryWritePolicy set: {self._memory_policy is not None}") + except Exception as e: print(f"Failed to load models at startup: {e}") raise RuntimeError(f"Model loading failed: {e}") from e @@ -375,21 +407,76 @@ class RuntimeController: def handle_task(self, task: UserTask) -> dict[str, object]: return self.runtime_loop.run_task(task) + def submit_task(self, task: UserTask) -> dict[str, object]: + self._background_tasks[task.task_id] = self._background_executor.submit( + self.handle_task, + task, + ) + return {"task_id": task.task_id, "status": "accepted"} + def resolve_permission(self, task_id: str, decision: str) -> dict[str, object]: return self.runtime_loop.resolve_permission( task_id=task_id, decision=decision ) + def submit_permission_resolution(self, task_id: str, decision: str) -> dict[str, object]: + if not self.task_state_store.get_task(task_id): + return {"task_id": task_id, "status": "failed", "result": {"error": "Unknown task_id"}} + self._background_tasks[task_id] = self._background_executor.submit( + self.resolve_permission, + task_id, + decision, + ) + return {"task_id": task_id, "status": "accepted"} + def resolve_secret(self, task_id: str, secret: str) -> dict[str, object]: return self.runtime_loop.resolve_secret( task_id=task_id, secret=secret ) + def submit_secret_resolution(self, task_id: str, secret: str) -> dict[str, object]: + if not self.task_state_store.get_task(task_id): + return {"task_id": task_id, "status": "failed", "result": {"error": "Unknown task_id"}} + self._background_tasks[task_id] = self._background_executor.submit( + self.resolve_secret, + task_id, + secret, + ) + return {"task_id": task_id, "status": "accepted"} + def resolve_password(self, task_id: str, password: str) -> dict[str, object]: return self.runtime_loop.resolve_password( task_id=task_id, password=password ) + def resolve_review(self, task_id: str, decision: str, correction: str | None = None) -> dict[str, object]: + return self.runtime_loop.resolve_review( + task_id=task_id, + decision=decision, + correction=correction, + ) + + def submit_review_resolution(self, task_id: str, decision: str, correction: str | None = None) -> dict[str, object]: + if not self.task_state_store.get_task(task_id): + return {"task_id": task_id, "status": "failed", "result": {"error": "Unknown task_id"}} + self._background_tasks[task_id] = self._background_executor.submit( + self.resolve_review, + task_id, + decision, + correction, + ) + return {"task_id": task_id, "status": "accepted"} + + def submit_password_resolution(self, task_id: str, password: str) -> dict[str, object]: + if not self.task_state_store.get_task(task_id): + return {"task_id": task_id, "status": "failed", "result": {"error": "Unknown task_id"}} + self._background_tasks[task_id] = self._background_executor.submit( + self.resolve_password, + task_id, + password, + ) + return {"task_id": task_id, "status": "accepted"} + def handle_critic_feedback( self, feedback: str, diff --git a/app/runtime/runtime_loop.py b/app/runtime/runtime_loop.py index bde7703..29d00c7 100644 --- a/app/runtime/runtime_loop.py +++ b/app/runtime/runtime_loop.py @@ -3,16 +3,46 @@ from __future__ import annotations import asyncio from app.core.context_builder import ContextBuilder -from app.core.contracts import ExecutionDirective, PermissionDecision, PermissionRequest, RuntimeEvent, SecretRequest, TaskCheckpoint, UserTask +from app.core.contracts import CriticScore, ExecutionDirective, PermissionDecision, PermissionRequest, RuntimeEvent, SecretRequest, TaskCheckpoint, UserTask from app.core.execution_engine import ExecutionEngine from app.core.async_router import AsyncRouter from app.events.event_bus import EventBus -from app.events.event_types import CHECKPOINT_SAVED, CONTEXT_BUILT, TASK_AWAITING_INPUT, TASK_AWAITING_PERMISSION, TASK_COMPLETED, TASK_FAILED, TASK_RECEIVED +from app.events.event_types import CHECKPOINT_SAVED, CONTEXT_BUILT, MEMORY_RECALL_USED, MEMORY_WRITE_DECIDED, REVIEW_RESOLVED, TASK_AWAITING_INPUT, TASK_AWAITING_PERMISSION, TASK_AWAITING_REVIEW, TASK_COMPLETED, TASK_FAILED, TASK_RECEIVED from app.core.permission_service import PermissionService +from app.memory.recall import MemoryRecallService +from app.memory.write_policy import MemoryWritePolicy from app.state.checkpoint_store import SQLiteCheckpointStore from app.state.task_state_store import SQLiteTaskStateStore +def _build_response_directive(execution_result: dict) -> dict | None: + """Build a response_directive from step_results or direct output for the client.""" + result = execution_result.get("result", {}) + + # Case 1: step_results from plan execution + step_results = result.get("step_results") + if step_results: + response_parts = [] + for step in step_results: + result_data = step.get("result", {}) + tool_result = result_data.get("result", result_data) + if tool_result.get("ok") and tool_result.get("output"): + response_parts.append(str(tool_result["output"])) + if response_parts: + response_text = "\n\n".join(response_parts) + return ExecutionDirective( + type="respond", payload={"text": response_text} + ).model_dump(mode="json") + + # Case 2: direct tool output (e.g. from resolve_secret -> execute_tool) + if result.get("ok") and result.get("output"): + return ExecutionDirective( + type="respond", payload={"text": str(result["output"])} + ).model_dump(mode="json") + + return None + + class RuntimeLoop: """Central control loop skeleton coordinating task state and events.""" @@ -26,6 +56,8 @@ class RuntimeLoop: execution_engine: ExecutionEngine, permission_service: PermissionService, memory_interface=None, + recall_service: MemoryRecallService | None = None, + memory_policy: MemoryWritePolicy | None = None, ) -> None: self._event_bus = event_bus self._task_state_store = task_state_store @@ -35,6 +67,14 @@ class RuntimeLoop: self._execution_engine = execution_engine self._permission_service = permission_service self._memory_interface = memory_interface + self._recall_service = recall_service + self._memory_policy = memory_policy + + def set_recall_service(self, recall_service: MemoryRecallService) -> None: + self._recall_service = recall_service + + def set_memory_policy(self, policy: MemoryWritePolicy | None) -> None: + self._memory_policy = policy def run_task(self, task: UserTask) -> dict[str, object]: # Check input for hard-stop commands BEFORE processing @@ -82,6 +122,23 @@ class RuntimeLoop: context = self._context_builder.build(task=task, checkpoint=checkpoint) self._publish(task, CONTEXT_BUILT, {"keys": sorted(context.keys())}) + # Active memory recall: system decides if it needs to search memory + recall_result = asyncio.run(self._run_recall(task)) + if recall_result["should_recall"]: + context["memory_recall"] = { + "query": recall_result["query"], + "summary": recall_result["summary"], + "entries": [ + {"text": e.text, "kind": e.kind, "weight": e.weight} + for e in recall_result["results"] + ], + } + self._publish(task, MEMORY_RECALL_USED, { + "query": recall_result["query"], + "results_count": len(recall_result["results"]), + "reason": recall_result["reason"], + }) + directive = asyncio.run( self._router.decide(state=state, context=context, task_id=task.task_id, session_id=task.session_id) ) @@ -104,15 +161,21 @@ class RuntimeLoop: "reason": "Permission denied - требуется sudo пароль", "attempts": 0, } + elif execution_result["status"] == "awaiting_review": + state_patch["pending_permission_request"] = None + state_patch["pending_secret_request"] = None + state_patch["resolved_permission_decision"] = None + state_patch["pending_review"] = execution_result["result"]["review"] else: state_patch["pending_permission_request"] = None state_patch["pending_secret_request"] = None state_patch["resolved_permission_decision"] = None + state_patch["pending_review"] = None self._task_state_store.update_task(task.task_id, state_patch) final_status = str(execution_result["status"]) # For awaiting states - do NOT mark task as completed, keep it in pending state - if final_status in ("awaiting_permission", "awaiting_input", "awaiting_password"): + if final_status in ("awaiting_permission", "awaiting_input", "awaiting_password", "awaiting_review"): # Task stays in pending state, don't update to completed pass else: @@ -125,9 +188,9 @@ class RuntimeLoop: ) self._checkpoint_store.save(final_checkpoint) - # Generate response after plan execution + # Generate response for user + # Case 1: step_results from plan execution if final_status == "completed" and execution_result.get("result", {}).get("step_results"): - # Format tool results into response step_results = execution_result["result"]["step_results"] response_parts = [] for step in step_results: @@ -135,16 +198,21 @@ class RuntimeLoop: tool_result = result_data.get("result", result_data) if tool_result.get("ok") and tool_result.get("output"): response_parts.append(tool_result["output"]) - if response_parts: - # Create respond directive response_text = "\n\n".join(response_parts) - respond_directive = ExecutionDirective( - type="respond", - payload={"text": response_text}, - ) - # Add to execution result - execution_result["response_directive"] = respond_directive.model_dump(mode="json") + execution_result["response_directive"] = ExecutionDirective( + type="respond", payload={"text": response_text} + ).model_dump(mode="json") + + # Case 2: respond directive from orchestrator (direct response, no steps) + if final_status == "completed" and not execution_result.get("response_directive"): + # Use the original directive from router.decide() + if hasattr(directive, "type") and directive.type == "respond": + if directive.payload.get("text"): + execution_result["response_directive"] = directive.model_dump(mode="json") + elif isinstance(directive, dict) and directive.get("type") == "respond": + if directive.get("payload", {}).get("text"): + execution_result["response_directive"] = directive # Map status to terminal event type if final_status == "completed": @@ -155,6 +223,8 @@ class RuntimeLoop: terminal_event_type = TASK_AWAITING_PERMISSION elif final_status == "awaiting_input": terminal_event_type = TASK_AWAITING_INPUT + elif final_status == "awaiting_review": + terminal_event_type = TASK_AWAITING_REVIEW elif final_status == "awaiting_password": terminal_event_type = TASK_AWAITING_PERMISSION else: @@ -175,7 +245,10 @@ class RuntimeLoop: "task_id": task.task_id, "status": final_status, "directive": directive.model_dump(mode="json"), - "result": execution_result["result"], + "result": { + **execution_result["result"], + "response_directive": execution_result.get("response_directive"), + }, "events": [event.model_dump(mode="json") for event in self._event_bus.list_for_task(task.task_id)], } @@ -254,6 +327,9 @@ class RuntimeLoop: "pending_secret_request": execution_result["result"].get("secret_request") if final_status == "awaiting_input" else None, + "pending_review": execution_result["result"].get("review") + if final_status == "awaiting_review" + else None, "resolved_permission_decision": resolved, }, ) @@ -266,6 +342,8 @@ class RuntimeLoop: terminal_event_type = TASK_AWAITING_INPUT elif final_status == "awaiting_permission": terminal_event_type = TASK_AWAITING_PERMISSION + elif final_status == "awaiting_review": + terminal_event_type = TASK_AWAITING_REVIEW else: terminal_event_type = TASK_FAILED self._publish( @@ -283,7 +361,10 @@ class RuntimeLoop: return { "task_id": task.task_id, "status": final_status, - "result": execution_result["result"], + "result": { + **execution_result["result"], + "response_directive": _build_response_directive(execution_result), + }, "events": [event.model_dump(mode="json") for event in self._event_bus.list_for_task(task.task_id)], } @@ -314,12 +395,15 @@ class RuntimeLoop: secret_override=secret, ) final_status = str(execution_result["status"]) + pending_review = execution_result["result"].get("review") if final_status == "awaiting_review" else None + pending_secret = execution_result["result"].get("secret_request") if final_status == "awaiting_input" else None self._task_state_store.update_task( task.task_id, { "status": final_status, - "pending_secret_request": None, - "resolved_permission_decision": None, + "pending_secret_request": pending_secret, + "resolved_permission_decision": resolved_permission_payload if final_status == "awaiting_input" else None, + "pending_review": pending_review, }, ) checkpoint = TaskCheckpoint(task_id=task.task_id, status=final_status) @@ -331,6 +415,8 @@ class RuntimeLoop: terminal_event_type = TASK_AWAITING_INPUT elif final_status == "awaiting_permission": terminal_event_type = TASK_AWAITING_PERMISSION + elif final_status == "awaiting_review": + terminal_event_type = TASK_AWAITING_REVIEW else: terminal_event_type = TASK_FAILED self._publish( @@ -344,10 +430,55 @@ class RuntimeLoop: return { "task_id": task.task_id, "status": final_status, - "result": execution_result["result"], + "result": { + **execution_result["result"], + "response_directive": _build_response_directive(execution_result), + }, "events": [event.model_dump(mode="json") for event in self._event_bus.list_for_task(task.task_id)], } + def resolve_review(self, task_id: str, decision: str, correction: str | None = None) -> dict[str, object]: + state = self._task_state_store.get_task(task_id) + if not state: + return {"task_id": task_id, "status": "failed", "result": {"error": "Unknown task_id"}} + pending_review = state.get("pending_review") + if not pending_review: + return {"task_id": task_id, "status": "failed", "result": {"error": "No pending review"}} + + task = UserTask( + task_id=task_id, + session_id=state["session_id"], + input=state["task_input"], + context={ + **state.get("task_context", {}), + "previous_action_review": { + "decision": decision, + "correction": correction, + "review": pending_review, + }, + }, + ) + self._publish(task, REVIEW_RESOLVED, { + "decision": decision, + "correction": correction, + "review": pending_review, + }) + if self._memory_interface: + try: + self._memory_interface.insert( + text=f"User reviewed model action as {decision}. Correction: {correction or ''}. Review: {pending_review}", + kind="critique", + source="user", + task_id=task_id, + session_id=state["session_id"], + weight=0.9 if decision == "wrong_action" else 0.5, + metadata={"decision": decision, "review": pending_review}, + ) + except Exception: + pass + self._task_state_store.update_task(task_id, {"pending_review": None, "status": "replanning"}) + return self.run_task(task) + def resolve_password(self, task_id: str, password: str) -> dict[str, object]: state = self._task_state_store.get_task(task_id) if not state: @@ -445,7 +576,10 @@ class RuntimeLoop: return { "task_id": task.task_id, "status": final_status, - "result": execution_result["result"], + "result": { + **execution_result["result"], + "response_directive": _build_response_directive(execution_result), + }, "events": [event.model_dump(mode="json") for event in self._event_bus.list_for_task(task.task_id)], } @@ -459,22 +593,61 @@ class RuntimeLoop: ) self._event_bus.publish(event) + async def _run_recall(self, task: UserTask) -> dict: + """Run active memory recall before orchestration.""" + if not self._recall_service: + return {"should_recall": False, "reason": "no_recall_service", "query": "", "results": [], "summary": ""} + try: + return await self._recall_service.recall(task_input=task.input) + except Exception as e: + return {"should_recall": False, "reason": f"recall_error: {e}", "query": "", "results": [], "summary": ""} + def _save_to_memory(self, task: UserTask, execution_result: dict, status: str) -> None: - """Save task input and result to memory for session context.""" + """Save task input and result to memory for session context, using MemoryWritePolicy.""" if not self._memory_interface: return try: + # Build a synthetic critic_score for policy based on task status + # For summary/tool_result without real critic, we derive from execution outcome + if status == "completed": + synthetic_score = CriticScore( + correctness=0.9, usefulness=0.8, safety=0.95, + memory_store=True, weight=0.85, explanation="Task completed successfully" + ) + elif status == "failed": + synthetic_score = CriticScore( + correctness=0.2, usefulness=0.3, safety=0.7, + memory_store=True, weight=0.5, explanation="Task failed — store for learning" + ) + else: + synthetic_score = CriticScore( + correctness=0.5, usefulness=0.5, safety=0.8, + memory_store=False, weight=0.3, explanation=f"Status: {status}" + ) + # Save task input as summary - self._memory_interface.insert( - text=f"User request: {task.input}", - kind="summary", - source="user", - task_id=task.task_id, - session_id=task.session_id, - weight=0.8, - metadata={"status": status}, - ) + decision = "store" + if self._memory_policy: + decision = self._memory_policy.decide( + critic_score=synthetic_score, + memory_type="summary", + session_id=task.session_id, + ) + if decision in ("store", "store_with_weight"): + weight = synthetic_score.weight if decision == "store_with_weight" else 0.8 + self._memory_interface.insert( + text=f"User request: {task.input}", + kind="summary", + source="user", + task_id=task.task_id, + session_id=task.session_id, + weight=weight, + metadata={"status": status, "policy_decision": decision}, + ) + self._publish(task, MEMORY_WRITE_DECIDED, { + "kind": "summary", "decision": decision, "text_preview": task.input[:80] + }) # Save execution result result_text = "" @@ -489,16 +662,27 @@ class RuntimeLoop: result_text = f" | Error: {execution_result.get('result', {}).get('error', 'Unknown')}" if result_text: - self._memory_interface.insert( - text=f"Result: {status}{result_text}", - kind="tool_result", - source="system", - task_id=task.task_id, - session_id=task.session_id, - weight=0.7, - metadata={"status": status}, - ) + decision = "store" + if self._memory_policy: + decision = self._memory_policy.decide( + critic_score=synthetic_score, + memory_type="tool_result", + session_id=task.session_id, + ) + if decision in ("store", "store_with_weight"): + weight = synthetic_score.weight if decision == "store_with_weight" else 0.7 + self._memory_interface.insert( + text=f"Result: {status}{result_text}", + kind="tool_result", + source="system", + task_id=task.task_id, + session_id=task.session_id, + weight=weight, + metadata={"status": status, "policy_decision": decision}, + ) + self._publish(task, MEMORY_WRITE_DECIDED, { + "kind": "tool_result", "decision": decision, "text_preview": result_text[:80] + }) except Exception as e: - # Log but don't fail the task import logging logging.getLogger(__name__).warning(f"Failed to save to memory: {e}") diff --git a/app/streaming/manager.py b/app/streaming/manager.py index 838d533..64d0c49 100644 --- a/app/streaming/manager.py +++ b/app/streaming/manager.py @@ -2,6 +2,7 @@ from __future__ import annotations import asyncio from collections import defaultdict +from dataclasses import dataclass from app.core.contracts import RuntimeEvent from app.events.event_bus import EventBus @@ -12,7 +13,7 @@ class StreamingManager: def __init__(self, event_bus: EventBus) -> None: self._event_bus = event_bus - self._subscribers: dict[str, list[asyncio.Queue[RuntimeEvent]]] = defaultdict(list) + self._subscribers: dict[str, list[StreamSubscriber]] = defaultdict(list) self._event_bus.subscribe(self._on_event) def replay_events(self, task_id: str) -> list[RuntimeEvent]: @@ -20,17 +21,26 @@ class StreamingManager: def subscribe(self, task_id: str) -> asyncio.Queue[RuntimeEvent]: queue: asyncio.Queue[RuntimeEvent] = asyncio.Queue() - self._subscribers[task_id].append(queue) + self._subscribers[task_id].append( + StreamSubscriber(loop=asyncio.get_running_loop(), queue=queue) + ) return queue def unsubscribe(self, task_id: str, queue: asyncio.Queue[RuntimeEvent]) -> None: listeners = self._subscribers.get(task_id, []) - if queue in listeners: - listeners.remove(queue) + for listener in list(listeners): + if listener.queue is queue: + listeners.remove(listener) + break if not listeners and task_id in self._subscribers: del self._subscribers[task_id] def _on_event(self, event: RuntimeEvent) -> None: - for queue in self._subscribers.get(event.task_id, []): - queue.put_nowait(event) + for listener in list(self._subscribers.get(event.task_id, [])): + listener.loop.call_soon_threadsafe(listener.queue.put_nowait, event) + +@dataclass +class StreamSubscriber: + loop: asyncio.AbstractEventLoop + queue: asyncio.Queue[RuntimeEvent] diff --git a/app/tools/plugins/shell_exec/__init__.py b/app/tools/plugins/shell_exec/__init__.py index 042d991..83aecc6 100644 --- a/app/tools/plugins/shell_exec/__init__.py +++ b/app/tools/plugins/shell_exec/__init__.py @@ -5,6 +5,20 @@ from app.tools.base import BaseTool from app.tools.sandbox import ToolSandbox +def _detect_sudo_auth_failure(output: str) -> bool: + normalized = output.lower() + return any( + marker in normalized + for marker in ( + "incorrect password", + "incorrect password attempt", + "sudo: no password was provided", + "sorry, try again", + "authentication failure", + ) + ) + + class Tool(BaseTool): name = "shell_exec" description = "Execute shell commands" @@ -18,16 +32,24 @@ class Tool(BaseTool): return ToolResult(tool=self.name, ok=False, error="Missing command", metadata={"exit_code": -1}) cwd = args.get("cwd") stdin_secret = args.get("stdin_secret") + output_callback = args.get("__output_callback") completed = self._sandbox.run_shell( command=command, cwd=str(cwd) if cwd else None, stdin_data=str(stdin_secret) if stdin_secret is not None else None, + output_callback=output_callback if callable(output_callback) else None, ) output = completed.stdout if completed.returncode == 0 else completed.stderr or completed.stdout + sudo_auth_failed = completed.returncode != 0 and _detect_sudo_auth_failure( + f"{completed.stdout}\n{completed.stderr}" + ) return ToolResult( tool=self.name, ok=completed.returncode == 0, output=output, error=None if completed.returncode == 0 else f"Command failed with exit code {completed.returncode}", - metadata={"exit_code": completed.returncode}, + metadata={ + "exit_code": completed.returncode, + "sudo_auth_failed": sudo_auth_failed, + }, ) diff --git a/app/tools/sandbox.py b/app/tools/sandbox.py index fba53e1..48de9ec 100644 --- a/app/tools/sandbox.py +++ b/app/tools/sandbox.py @@ -1,16 +1,28 @@ from __future__ import annotations import os +import signal import subprocess +import threading +import time from pathlib import Path +from typing import Callable class ToolSandbox: """Applies simple working directory and timeout restrictions.""" - def __init__(self, allowed_root: str | Path, timeout_ms: int) -> None: + def __init__( + self, + allowed_root: str | Path, + timeout_ms: int, + command_timeout_ms: int | None = None, + idle_timeout_ms: int | None = None, + ) -> None: self._allowed_root = Path(allowed_root).resolve() - self._timeout_seconds = max(timeout_ms / 1000, 1) + self._timeout_seconds = max(timeout_ms / 1000, 0.001) + self._command_timeout_seconds = max((command_timeout_ms or timeout_ms) / 1000, 0.001) + self._idle_timeout_seconds = max((idle_timeout_ms or timeout_ms) / 1000, 0.001) def ensure_path_allowed(self, path: str | Path) -> Path: resolved = Path(path).expanduser().resolve() @@ -23,17 +35,105 @@ class ToolSandbox: command: str, cwd: str | Path | None = None, stdin_data: str | None = None, + output_callback: Callable[[str, str], None] | None = None, ) -> subprocess.CompletedProcess[str]: working_directory = self.ensure_path_allowed(cwd or self._allowed_root) env = {"PATH": os.environ.get("PATH", "")} - return subprocess.run( + if output_callback is None: + return subprocess.run( + command, + shell=True, + cwd=str(working_directory), + env=env, + text=True, + capture_output=True, + input=stdin_data, + timeout=self._command_timeout_seconds, + check=False, + ) + + process = subprocess.Popen( command, shell=True, cwd=str(working_directory), env=env, text=True, - capture_output=True, - input=stdin_data, - timeout=self._timeout_seconds, - check=False, + stdin=subprocess.PIPE if stdin_data is not None else None, + stdout=subprocess.PIPE, + stderr=subprocess.PIPE, + start_new_session=True, + ) + + stdout_chunks: list[str] = [] + stderr_chunks: list[str] = [] + output_lock = threading.Lock() + last_output_at = time.monotonic() + + if stdin_data is not None and process.stdin is not None: + process.stdin.write(stdin_data) + process.stdin.close() + + def read_stream(stream_name: str) -> None: + stream = process.stdout if stream_name == "stdout" else process.stderr + if stream is None: + return + chunks = stdout_chunks if stream_name == "stdout" else stderr_chunks + try: + for line in iter(stream.readline, ""): + if not line: + break + chunks.append(line) + nonlocal last_output_at + with output_lock: + last_output_at = time.monotonic() + output_callback(stream_name, line) + finally: + stream.close() + + stdout_thread = threading.Thread(target=read_stream, args=("stdout",), daemon=True) + stderr_thread = threading.Thread(target=read_stream, args=("stderr",), daemon=True) + stdout_thread.start() + stderr_thread.start() + + timed_out = False + timeout_reason: str | None = None + started_at = time.monotonic() + return_code: int | None = None + while return_code is None: + return_code = process.poll() + if return_code is not None: + break + + now = time.monotonic() + with output_lock: + idle_for = now - last_output_at + if now - started_at > self._command_timeout_seconds: + timed_out = True + timeout_reason = f"Command timed out after {self._command_timeout_seconds:.0f}s" + break + if idle_for > self._idle_timeout_seconds: + timed_out = True + timeout_reason = f"Command produced no output for {self._idle_timeout_seconds:.0f}s" + break + time.sleep(0.1) + + if timed_out: + try: + os.killpg(process.pid, signal.SIGKILL) + except ProcessLookupError: + pass + except PermissionError: + process.kill() + return_code = process.wait() + timeout_message = f"{timeout_reason}\n" + stderr_chunks.append(timeout_message) + output_callback("stderr", timeout_message) + + stdout_thread.join(timeout=1) + stderr_thread.join(timeout=1) + return subprocess.CompletedProcess( + args=command, + returncode=return_code if not timed_out else -9, + stdout="".join(stdout_chunks), + stderr="".join(stderr_chunks), ) diff --git a/app/tools/shell_exec.py b/app/tools/shell_exec.py index 460db97..ea572c2 100644 --- a/app/tools/shell_exec.py +++ b/app/tools/shell_exec.py @@ -5,6 +5,22 @@ from app.tools.base import BaseTool from app.tools.sandbox import ToolSandbox +def _detect_sudo_auth_failure(output: str) -> bool: + normalized = output.lower() + return any( + marker in normalized + for marker in ( + "incorrect password", + "incorrect password attempt", + "sudo: no password was provided", + "sudo: password incorrect", + "sorry, try again", + "authentication failure", + "wrong password", + ) + ) + + class ShellExecTool(BaseTool): name = "shell_exec" @@ -18,6 +34,7 @@ class ShellExecTool(BaseTool): cwd = args.get("cwd") stdin_secret = args.get("stdin_secret") password = args.get("password") + output_callback = args.get("__output_callback") if password: command = f'echo "{password}" | sudo -S {command}' @@ -26,21 +43,23 @@ class ShellExecTool(BaseTool): command=command, cwd=str(cwd) if cwd else None, stdin_data=str(stdin_secret) if stdin_secret is not None else None, + output_callback=output_callback if callable(output_callback) else None, ) output = completed.stdout if completed.returncode == 0 else completed.stderr or completed.stdout error_output = completed.stderr or completed.stdout - is_sudo_error = ( - completed.returncode != 0 and - ("permission denied" in error_output.lower() or - "incorrect password" in error_output.lower() or - "sudo: password incorrect" in error_output.lower() or - "wrong password" in error_output.lower()) + sudo_auth_failed = completed.returncode != 0 and _detect_sudo_auth_failure( + f"{completed.stdout}\n{completed.stderr}" ) + needs_sudo = completed.returncode != 0 and "permission denied" in error_output.lower() and not sudo_auth_failed return ToolResult( tool=self.name, ok=completed.returncode == 0, output=output, error=None if completed.returncode == 0 else f"Command failed with exit code {completed.returncode}", - metadata={"exit_code": completed.returncode, "needs_sudo": is_sudo_error}, + metadata={ + "exit_code": completed.returncode, + "needs_sudo": needs_sudo, + "sudo_auth_failed": sudo_auth_failed, + }, ) diff --git a/config/models.json.backup b/config/models.json.backup new file mode 100644 index 0000000..0f221d6 --- /dev/null +++ b/config/models.json.backup @@ -0,0 +1,42 @@ +{ + "thinker": { + "path": "Qwen3.5-9B-GLM5.1-Distill-v1-Q4_K_M.gguf", + "backend": "vulkan", + "n_gpu_layers": -1, + "max_tokens": 2048, + "temperature": 0.3 + }, + "json_compiler": { + "path": "gemma-4-E4B-it-Q4_K_M.gguf", + "backend": "cpu", + "n_gpu_layers": 0, + "max_tokens": 1024, + "temperature": 0.1 + }, + "coder": { + "path": "X-Coder-SFT-Qwen3-8B.Q6_K.gguf", + "backend": "cpu", + "n_gpu_layers": 0, + "max_tokens": 2048, + "temperature": 0.2 + }, + "critic": { + "path": "gemma-4-E4B-it-Q4_K_M.gguf", + "backend": "cpu", + "n_gpu_layers": 0, + "max_tokens": 1024, + "temperature": 0.1 + }, + "sys_util": { + "path": "Menlo_Lucy-Q4_K_M.gguf", + "backend": "cpu", + "n_gpu_layers": 0, + "max_tokens": 1024, + "temperature": 0.1 + }, + "embeddings": { + "path": "all-MiniLM-L6-v2", + "model_name": "sentence-transformers/all-MiniLM-L6-v2", + "embedding_dim": 384 + } +} \ No newline at end of file diff --git a/config/models.json.test b/config/models.json.test new file mode 100644 index 0000000..0f221d6 --- /dev/null +++ b/config/models.json.test @@ -0,0 +1,42 @@ +{ + "thinker": { + "path": "Qwen3.5-9B-GLM5.1-Distill-v1-Q4_K_M.gguf", + "backend": "vulkan", + "n_gpu_layers": -1, + "max_tokens": 2048, + "temperature": 0.3 + }, + "json_compiler": { + "path": "gemma-4-E4B-it-Q4_K_M.gguf", + "backend": "cpu", + "n_gpu_layers": 0, + "max_tokens": 1024, + "temperature": 0.1 + }, + "coder": { + "path": "X-Coder-SFT-Qwen3-8B.Q6_K.gguf", + "backend": "cpu", + "n_gpu_layers": 0, + "max_tokens": 2048, + "temperature": 0.2 + }, + "critic": { + "path": "gemma-4-E4B-it-Q4_K_M.gguf", + "backend": "cpu", + "n_gpu_layers": 0, + "max_tokens": 1024, + "temperature": 0.1 + }, + "sys_util": { + "path": "Menlo_Lucy-Q4_K_M.gguf", + "backend": "cpu", + "n_gpu_layers": 0, + "max_tokens": 1024, + "temperature": 0.1 + }, + "embeddings": { + "path": "all-MiniLM-L6-v2", + "model_name": "sentence-transformers/all-MiniLM-L6-v2", + "embedding_dim": 384 + } +} \ No newline at end of file diff --git a/config/permissions.json b/config/permissions.json index 5e1259f..cca6b1b 100644 --- a/config/permissions.json +++ b/config/permissions.json @@ -35,6 +35,12 @@ "chmod -R 000", "chmod -R 777", "chown -R", + "apt", + "apt-get", + "dpkg", + "yum", + "dnf", + "pacman", "shutdown", "reboot", "halt", diff --git a/config/prompts.json b/config/prompts.json index c909c0b..4b39235 100644 --- a/config/prompts.json +++ b/config/prompts.json @@ -1,8 +1,15 @@ { + "thinker": "You are the orchestrator of a local AI agent runtime. Your job is to analyze the user's task and decide how to execute it.\n\n## Decision Types\n\n1. **Direct response** — for simple questions, greetings, conversations:\n {\"type\": \"respond\", \"payload\": {\"text\": \"your answer\"}}\n\n2. **Single tool step** — for simple tasks needing one tool:\n {\"type\": \"step\", \"payload\": {\"tool\": \"shell_exec\", \"args\": {\"command\": \"...\"}}}\n\n3. **Multi-step plan** — for complex tasks that need decomposition:\n {\"type\": \"plan\", \"payload\": {\"steps\": [\n {\"id\": \"step-1\", \"tool\": \"shell_exec\", \"args\": {\"command\": \"...\"}, \"description\": \"...\", \"depends_on\": []},\n {\"id\": \"step-2\", \"tool\": \"file_read\", \"args\": {\"path\": \"...\"}, \"description\": \"...\", \"depends_on\": [\"step-1\"]}\n ]}}\n\n## When to use multi-step plan\n- Task requires multiple operations (search → read → write)\n- Task involves checking prerequisites before acting\n- Task requires gathering information before producing result\n- User asks to do something complex (setup, configure, analyze)\n\n## Memory\n- If memory recall results are provided, USE them to inform your decisions\n- If you know something from memory, mention it in step descriptions\n- Store important results for future use\n\n## Rules\n- ALWAYS respond with valid JSON only\n- Each step MUST have a unique id\n- Use depends_on for ordering constraints\n- Keep steps focused — one action per step\n- If unsure, start with an information-gathering step\n- Respond ONLY with valid JSON, no explanations", + "orchestrator": "You are an expert orchestrator for a local AI agent system. Your role is to analyze the user's task and generate executable runtime steps.\n\nTool selection (choose the right tool):\n- shell_exec: for running commands, checking programs exist ('which', '--version'), searching files\n- file_read: for reading contents of a file (must be existing file path)\n- file_write: for creating or updating files\n- memory: for storing or searching memory\n\nSTRICT OUTPUT FORMAT - MUST follow exactly:\n\nSingle step:\n{\"type\": \"step\", \"payload\": {\"tool\": \"shell_exec\", \"args\": {\"command\": \"...\"}}}\n{\"type\": \"step\", \"payload\": {\"tool\": \"file_read\", \"args\": {\"path\": \"...\"}}}\n{\"type\": \"step\", \"payload\": {\"tool\": \"file_write\", \"args\": {\"path\": \"...\", \"content\": \"...\"}}}\n\nMulti-step plan:\n{\"type\": \"plan\", \"payload\": {\"steps\": [{\"tool\": \"file_read\", \"args\": {\"path\": \"...\"}, \"description\": \"...\", \"depends_on\": []}]}}\n\nDirect response:\n{\"type\": \"respond\", \"payload\": {\"text\": \"...\"}}\n\nIMPORTANT:\n- Use exactly {\"type\": \"step|plan|respond\", \"payload\": {...}} format\n- Do NOT output array alone\n- Do NOT use \"kind\" - use \"type\"\n- Respond ONLY with valid JSON\n- Your response MUST be complete valid JSON - the closing brace } MUST be present\n- Do NOT truncate your response - if you cannot fit all steps, use a single step\n\nTool selection:\n- For checking if a program/command exists: use shell_exec with 'which ' or ' --version'\n- For reading file contents: use file_read with path to file (NOT command)\n- For executing any command: use shell_exec\n- Previous experience (from memory) may help - consider it but YOU decide how to proceed", + "planning": "You are a planning specialist. Generate execution plans.\n\nOutput MUST be:\n{\"type\": \"plan\", \"version\": \"1.0\", \"payload\": {\"steps\": [{\"tool\": \"\", \"args\": {}, \"description\": \"...\", \"depends_on\": []}]}}\n\nRules:\n- Each step must have unique id (auto-generated)\n- Use \"depends_on\" for step ordering\n- Use \"tool\" for tool operations\n- Respond ONLY with valid JSON", + "coder": "You are an expert code generation model.\n\nOutput format:\n{\"type\": \"code\", \"payload\": {\"language\": \"python\", \"content\": \"...\"}}\n\nOR for completion:\n{\"type\": \"respond\", \"payload\": {\"text\": \"...\"}}\n\nGenerate clean, working code. Respond ONLY with valid JSON.", + "critic": "You are a critic model. Evaluate tool execution results.\n\nScoring criteria:\n- correctness: 0-1 (does result accomplish task?)\n- usefulness: 0-1 (is result useful?)\n- safety: 0-1 (is result safe?)\n- suggest_memory: boolean (should this be stored in memory?)\n- weight: 0-1 (importance score)\n- explanation: brief reasoning\n\nOutput format:\n{\"type\": \"evaluation\", \"payload\": {\"correctness\": 0.0-1.0, \"usefulness\": 0.0-1.0, \"safety\": 0.0-1.0, \"suggest_memory\": true|false, \"weight\": 0.0-1.0, \"explanation\": \"...\"}}\n\nRespond ONLY with valid JSON.", + "system": "You are ducklm, a local AI agent runtime.\n\nSTRICT RULES:\n- You MUST strictly follow execution schemas\n- You are NOT allowed to output free-form text\n- All outputs MUST be valid JSON matching runtime contracts\n- Use exact tool names from available tool set\n\nCurrent capabilities:\n- Execute shell commands (shell_exec)\n- Read/write files (file_read, file_write)\n- Memory operations (memory)\n\nAlways respond with valid JSON.", - "sys_util": "You are a STRICT JSON repair engine inside a production AI runtime.\nYour job is ONLY to fix invalid JSON syntax.\nYou are NOT allowed to:\n- change meaning of data\n- add new fields\n- remove valid fields\n- interpret intent\n- explain anything\n- reformat structure logically\n---\nINPUT:\nYou receive a malformed or invalid JSON string.\n---\nOUTPUT RULES:\n- Output ONLY valid JSON\n- No markdown\n- No comments\n- No explanations\n- No extra text\n---\nREPAIR RULES (STRICT):\nFix ONLY syntax issues:\n- missing or extra commas\n- missing quotes\n- incorrect brackets\n- trailing commas\n- invalid escaping\n- broken strings\n- unbalanced braces\nDO NOT:\n- rename keys\n- reorder fields intentionally\n- guess missing semantic data\n- \"improve\" structure\n---\nIMPORTANT:\nIf multiple valid repairs exist:\n\u2192 choose the minimal change that makes JSON valid\n---\nOUTPUT MUST BE VALID JSON OR NOTHING ELSE\nInvalid JSON:" -} \ No newline at end of file + + "sys_util": "You are a STRICT JSON repair engine inside a production AI runtime.\nYour job is ONLY to fix invalid JSON syntax.\nYou are NOT allowed to:\n- change meaning of data\n- add new fields\n- remove valid fields\n- interpret intent\n- explain anything\n- reformat structure logically\n---\nINPUT:\nYou receive a malformed or invalid JSON string.\n---\nOUTPUT RULES:\n- Output ONLY valid JSON\n- No markdown\n- No comments\n- No explanations\n- No extra text\n---\nREPAIR RULES (STRICT):\nFix ONLY syntax issues:\n- missing or extra commas\n- missing quotes\n- incorrect brackets\n- trailing commas\n- invalid escaping\n- broken strings\n- unbalanced braces\nDO NOT:\n- rename keys\n- reorder fields intentionally\n- guess missing semantic data\n- \"improve\" structure\n---\nIMPORTANT:\nIf multiple valid repairs exist:\n→ choose the minimal change that makes JSON valid\n---\nOUTPUT MUST BE VALID JSON OR NOTHING ELSE\nInvalid JSON:" +} diff --git a/config/runtime.json b/config/runtime.json index a442b8c..1cf4efb 100644 --- a/config/runtime.json +++ b/config/runtime.json @@ -1,6 +1,8 @@ { "step_timeout_ms": 30000, "task_timeout_ms": 300000, + "shell_command_timeout_ms": 3600000, + "shell_idle_timeout_ms": 600000, "planner_retry_limit": 2, "tool_retry_limit": 1, "replan_limit": 1, @@ -34,5 +36,7 @@ "debug_orchestrator_log_length": 500, "json_fix_retry_limit": 2, "json_fix_use_sys_util": true, - "intent_classifier": "thinker" -} \ No newline at end of file + "intent_classifier": "thinker", + "recall_model": "json_compiler", + "critic_retry_limit": 2 +} diff --git a/docs/plans/ui-bootstrap-review-plan.md b/docs/plans/ui-bootstrap-review-plan.md new file mode 100644 index 0000000..7b58c27 --- /dev/null +++ b/docs/plans/ui-bootstrap-review-plan.md @@ -0,0 +1,24 @@ +# UI Bootstrap And Review Flow Plan + +## Goal + +Move the web chat UI to Bootstrap 5.3 with Bootswatch themes and improve review/password/terminal-output ergonomics. + +## Required Changes + +- Replace the current hand-written visual system in `app/api/static/index.html` with Bootstrap 5.3 layout/components. +- Add Bootswatch theme support with a visible theme selector and persistent localStorage choice. +- Password/secret input must submit on Enter as well as the "Отправить" button. +- Console/tool output must render inside a collapsed Bootstrap accordion item. +- The accordion body must contain terminal-style output inside `
`.
+- The terminal accordion must expand only when the user clicks it.
+- Review UI must show critic/system assessment and user voting buttons:
+  - `Ошибочное действие`
+  - `Всё верно`
+  - optional correction/comment text.
+
+## Notes
+
+- Keep runtime event handling WebSocket-driven.
+- Do not mix console output with assistant prose.
+- Keep raw tool output available for debugging, but collapsed by default.
diff --git a/favicon.ico b/favicon.ico
new file mode 100644
index 0000000000000000000000000000000000000000..1566b590fcf80dce46fcbaf095889da5164c7f18
GIT binary patch
literal 16958
zcmdU130##`+P|eNm%A_A3n*|!aRbqC-@z2M%)Qn5T1Q(@L0nrDP&2ihn);jyWwB|Q
zZ@#p?_MCFmQd2NRK~ULLb`&u)waowbe_p(fgIpF-r|9>1?t9+zp7Z>l{hasxrBdC(
z{~{t({MVuCJWQpssZ^@YBzCD1NYd}>&tNd9ZZJ7G|GlK=N$W|wNhPE+q>GnGeoLR+
zlQA+@o{?v7G=Dc@{z&q@inNb}7Lv>%bIF`Hg4gRcrw{p?N7_SbDP~vC%iOYttaZKk
zZs|O2$&1))CCL@v*SlZVk~L-Rmh#_{=VQ5kA?bSKYwCQmw(!sr4A=7PV6OS`e-L+F
z`3Nt<)3sn}?laL`r}Q_3-6;#`WHMc=3Fe?kW
zS=lb>0LSL!O>
zoG3qrYEo5MF{#8QmGjxk@={b)l%bO2N{f%;cx5?`6&2v6l`CK{8eueB;OV7-#bT+8
zx9+uIYiQ3Td#bw6Gbcfp14tL)B3Z_JF#e~PUgcIh`u6pK91&U4BHd
zjlaE}hW3sCn2iP{UMg4^7hGTxtaWW*kBhOc=3u`bMvD>tordENF(2d3$F^eJ)E#&r
zb{n4gOCI7=^YCKoe!RLa1D|cq!@^j2DvguwrcvUP|4Iw2uy8$G!?2DXBquNh$5%7^$d1I>Gy{sG9f027atMg0DaS
z08zsRWAcQt@bU41-e`hG*Pt(4d7ilHn(#CJ>vaAYdCyXei~a|qrftKxC%544=#LS-
zWGmv==3+@w9ui4QDT`&P`|#>J>G*V0HuCe!P*qZf>Qd%`(xaE@B!6E?68oxLklZ^(
z|EXbo$k_HZA_nxvgmGgqbjT3qLOpGu!CFBuJ8j_F&S|CgF?Ym0kGzVBPkn{aPh?;e
z{eS%9n{a>3msq$u2aA()uryUD8_%a?VR_nqtVqkmi|h8{e>WB5U|t!@N~@S7NTp?r
z>m@i|N}nz+V7z2}aOz)TCG%z_s=vFWbeust*&8JLq5TAU2Z5EciC34w|7t_-5)`$DBWk(_M^NypcxEhs5N>Fi(^-nQV9
zGEnkC#bHz)%|urEMyz>#1tJIbz~EjX7;sxx>OTa1ZtIRwBcl`>XatY*z05V?7yr_j
zgRtt24fyb%1xQ^_`~L6Ecw+trOpN{r<7RBaL(gnM{F)*>Cqy|s{pMjTWGskJJ&1&~
zLwK4pS(H+M#VNU1N#A(ot=;%b+IIZU2Yaz|cLnxlmElP7X{7JY!6%=5&YEvICQllJ
zp0{;ESf~TNdv-*x@J{Fv5{&TBE~F6j?B1RIJ<+>&uf}jmEwsK78M&OpM7yzZpY#6T
zKf({Ef5DGue#K8e{)(FFi}+^yalG)#PCPd61I$^mjs9PNg=_QhY;rypGA}-pl#K*p
zPE0jY%aOPq)&YUa5
zFO~bAc0x*|
z-7Fy`rsVM+<(5Pl$}{U|FKIcHMGjV^GM}VmVpU2y-gsv_maI%h+rW<8D>s<`1(#r#
zcdsrnHg?Z!F`<>oh>(%DW8%}%c=eNH9Inp6=?hgj^K&&WoIQ?nKc7Vf?ct@Ae_+w;
z^o4af)GKwGD*DdDLgI}l?#0BnjJjT)nuV3D8-+wJiy1Ex)*eJ6$1X`N#KJcZ;n_F%
zY*Ieud4&B(=tKEf@&35}XBhR+Qa(o6>oVSZ>&)=h
z){>dO-MNm3(E>L=8$#|Ijo=yM&~etC7`OBh{4M=MRGmA4GZ%j19_R=L3>*qa$Nrf9
zY!Y64=X=Db?IY$w)<=cpzevHim@}1kY*?7g+`$-`m{v%?IgIC$a%%mD
zW1puTJ->$eBk5a=7#j_Z-T|G~1_OC*On1EReE;6~SmHNaCeF?I^{lZq%&`{P1DoAp
z@8>{=r*4PuoJe$keY!nrvb`K)eNvkwvtZqa^B?F>={Dj!UKOB=5&d@6z_y?Zni1s}T^~
z2YQnq%+!_e(}aDXU>5u??cd0`Y&s*X#I56RHL<$Wri465p1fA`+{(?HE(W7CSJ`|=|gQ1D*1^;$cw=rgNEP4+ZOS=n(m%#xKGxvBlEA3v*
z{l6Ag!B2e{8Jioa{{^$eKbQGWeBMeQ7i=O+jo>!(oQd}3$MY7uMh~^d1hdY{JYeB@
zoDr@4^=LO`5Q1j02A@qC%&*&UExAIX89F
z*`V?wdHO&_U-n{s+1e1qK3}v_TcPGUI>sA4ZI7=u6utzjmHb)77CE29C8O5+QXHV)
za()*i*w?$b$7keB$xJfA$ob8bt4XJZo#zTR@@jN9z{|@MRx|S;$ztZd+usvi$A_WE
z%z+4dCIbF(Ll8J?I06|L!lK8*J2DI^lP7J~3{UD^c(ssBm*WX#N;~tQtcBE+vlmIr
z^>ws4quEP2b23{zxE_hvEYy!eGMCm0vxf0cW3MI7>l)wXZ;k35Bk|44U{>r%Z`!7J8+4xd#|v#!sN;mL2$AbQu&
zn6~2#9{jol4{puFm@l^@=+&2DjpKR5{M%uf-3M*v^+lIigAg*MFVul%+Iy{DwUmX9
z`gQKr#2*w~#OBQyVIx^dl7Ho_RcuoBo?4RRBt>>?<#}Zekr!oTCN-dYx##@Gtln|L
zhxn<)J*oA5HH>v_yI@S(mx$i`BVxWgkBK{hQQwi+j?cJ=NjrbWJsH1Z;+~7RGvh4A
ze(^bsvEyN%I}`y6`Z724N9a={5HzAU-xcUtJJ7~y*BZ*!NT067E|_Yunk7am#Pcln
zDS4M|E&hMmwiCM&^U1SOe1+5qe%b%Z89=?~ACg1u1`XUKu9G*bmmOh`&BgeA$I+kI
zrtG?i@weyiJV0Sf=6nLM)+^Zedqay;9phWI#Nrt(d*#Fcr9^A
zr}IYeBhxYQU?uwHp2mHd=McNU2GQT2$CMqwJ+y(z8Rzj}&T&lmZWkigzX!hsQ(>DP
z1;^Y$%!9q)JGU0Uv7>2;HA-L6|fhX6{bN-u*UoZ=Hp?c3hYxlRcdJuiswahzR
zdSLw9A7Jc;%@`8@I@(Wq2&&!_aNBc##~+D(()J^;CMH1rIQOSBM<96mD0Ge+&RU4N
zpVtq*^9M5@4nh0bgV5#4KJW}Q!9yptio8Rl-;-{V{;xd$6dCLxU1d*Vmmai3;VVdE
zL;!8Ty)}7OF(!KWDSmpZ#UBBq@5P*5S!lmB0lKMU(dn@f=rJK2-5wZ#9?_BL!kXAG
zb`Wf{hQWvAm>YpkytZ}=WDUvKcXROzR;TWr?N#qTMCV%OK(T$1ji1hdwpt_WK@)sf
z^R@Fb!(XF?jrE*4tOG_bkAp4d4*32t0zpH%Av~lD+Vu`X@Z_H8I5QHy#BGlqi8isL
zSRY5C{mcji_Tygd5`HE2ah;o>|N7p4T=o7-_^@2c%^KP3@Y;*E;Hm5Z^zdZOV`HDh
zNR6K-^IAW2iiv>Z;l60sD;Ps~CeyWhX9V04N?(Y8_v|6?oy}S(CW$d;)
z{#)?N-cLwsAn^r}kJLgosl8bjxUuHSO22EsJIC)&;*fDW-k5jryp0r&QSyAS2b_xR##vYwOVTIfoBT!-ITHCXtoY_}AUX>yt@yzkhT3gnT<#-+W4+
z_`aNF$T^sN_od^$)8Hifg2YVOm&^Hy%p)+h83=OSu9qtJRC!XfEWY_ig
zuYzB&E9ZdJw->RG!W9FZqTz%_Wbb
zTaxHi-nYu0t+rOWgzwUQ*`td+D8#XHW@WhKJ1*zuxE9b$=3GS5}tK}-CT
z+DPKRKeIUdrnmwGtJCxJDZ5AlTtg4-+w-QT#i{AzdPuCjfn=7NiT&u}762~^Auj_G7coCkOi=(CErJgLj
z3HV&eNY-v@P1{neuAZ0ugzTv*Z=xJzEm^a%y^JfKZ$!VGAIQ1F9+E44wX|R6mNn}8
ze)UFRy4E@6Y;6^3AE~97We%CE?s?s{@^-VIbC7rEcUJ59dpD_sb&52bAG_
zz}a4q+bY#i&Mtp}&Q_U*6BQ}lDi3G7S*857s@o>i_TN&st?mBL{acqG=k?}Vmaf84
zRNL?2Y@Kp&%Ej3_<>r*5vsKh0ib;@(DEH0MQejTLC=&$!OK(m+Ue+rI@HYPx_5MFC
C9Zc*1

literal 0
HcmV?d00001

diff --git a/server.err b/server.err
new file mode 100644
index 0000000..58def86
--- /dev/null
+++ b/server.err
@@ -0,0 +1,274 @@
+
Loading weights:   0%|          | 0/103 [00:00...
+    )
+    ^
+  File "/home/mirivlad/git/ducklm/.venv/lib/python3.13/site-packages/fastapi/routing.py", line 330, in run_endpoint_function
+    return await run_in_threadpool(dependant.call, **values)
+           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+  File "/home/mirivlad/git/ducklm/.venv/lib/python3.13/site-packages/starlette/concurrency.py", line 32, in run_in_threadpool
+    return await anyio.to_thread.run_sync(func)
+           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+  File "/home/mirivlad/git/ducklm/.venv/lib/python3.13/site-packages/anyio/to_thread.py", line 63, in run_sync
+    return await get_async_backend().run_sync_in_worker_thread(
+           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+        func, args, abandon_on_cancel=abandon_on_cancel, limiter=limiter
+        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+    )
+    ^
+  File "/home/mirivlad/git/ducklm/.venv/lib/python3.13/site-packages/anyio/_backends/_asyncio.py", line 2518, in run_sync_in_worker_thread
+    return await future
+           ^^^^^^^^^^^^
+  File "/home/mirivlad/git/ducklm/.venv/lib/python3.13/site-packages/anyio/_backends/_asyncio.py", line 1002, in run
+    result = context.run(func, *args)
+  File "/home/mirivlad/git/ducklm/app/api/server.py", line 103, in resolve_secret
+    return runtime.resolve_secret(task_id=request.task_id, secret=request.secret)
+           ~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+  File "/home/mirivlad/git/ducklm/app/runtime/runtime_controller.py", line 408, in resolve_secret
+    return self.runtime_loop.resolve_secret(
+           ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^
+        task_id=task_id, secret=secret
+        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+    )
+    ^
+  File "/home/mirivlad/git/ducklm/app/runtime/runtime_loop.py", line 378, in resolve_secret
+    execution_result = self._execution_engine.execute(
+        task=task,
+    ...<2 lines>...
+        secret_override=secret,
+    )
+  File "/home/mirivlad/git/ducklm/app/core/execution_engine.py", line 87, in execute
+    return self._execute_plan(
+           ~~~~~~~~~~~~~~~~~~^
+        task=task,
+        ^^^^^^^^^^
+    ...<3 lines>...
+        password_override=password_override,
+        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+    )
+    ^
+  File "/home/mirivlad/git/ducklm/app/core/execution_engine.py", line 211, in _execute_plan
+    result = self._execute_tool(
+        task=task,
+    ...<3 lines>...
+        password_override=password_override,
+    )
+  File "/home/mirivlad/git/ducklm/app/core/execution_engine.py", line 824, in _execute_tool
+    tool_result = self._tool_registry.get(tool_name).execute(task=task, args=tool_args)
+  File "/home/mirivlad/git/ducklm/app/tools/plugins/shell_exec/__init__.py", line 21, in execute
+    completed = self._sandbox.run_shell(
+        command=command,
+        cwd=str(cwd) if cwd else None,
+        stdin_data=str(stdin_secret) if stdin_secret is not None else None,
+    )
+  File "/home/mirivlad/git/ducklm/app/tools/sandbox.py", line 29, in run_shell
+    return subprocess.run(
+           ~~~~~~~~~~~~~~^
+        command,
+        ^^^^^^^^
+    ...<7 lines>...
+        check=False,
+        ^^^^^^^^^^^^
+    )
+    ^
+  File "/usr/lib/python3.13/subprocess.py", line 556, in run
+    stdout, stderr = process.communicate(input, timeout=timeout)
+                     ~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^
+  File "/usr/lib/python3.13/subprocess.py", line 1222, in communicate
+    stdout, stderr = self._communicate(input, endtime, timeout)
+                     ~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^
+  File "/usr/lib/python3.13/subprocess.py", line 2129, in _communicate
+    self._check_timeout(endtime, orig_timeout, stdout, stderr)
+    ~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+  File "/usr/lib/python3.13/subprocess.py", line 1269, in _check_timeout
+    raise TimeoutExpired(
+    ...<2 lines>...
+            stderr=b''.join(stderr_seq) if stderr_seq else None)
+subprocess.TimeoutExpired: Command 'sudo -S -p '' apt update && apt upgrade -y' timed out after 30.0 seconds
+ERROR:    Exception in ASGI application
+Traceback (most recent call last):
+  File "/home/mirivlad/git/ducklm/.venv/lib/python3.13/site-packages/uvicorn/protocols/http/h11_impl.py", line 415, in run_asgi
+    result = await app(  # type: ignore[func-returns-value]
+             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+        self.scope, self.receive, self.send
+        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+    )
+    ^
+  File "/home/mirivlad/git/ducklm/.venv/lib/python3.13/site-packages/uvicorn/middleware/proxy_headers.py", line 60, in __call__
+    return await self.app(scope, receive, send)
+           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+  File "/home/mirivlad/git/ducklm/.venv/lib/python3.13/site-packages/fastapi/applications.py", line 1159, in __call__
+    await super().__call__(scope, receive, send)
+  File "/home/mirivlad/git/ducklm/.venv/lib/python3.13/site-packages/starlette/applications.py", line 90, in __call__
+    await self.middleware_stack(scope, receive, send)
+  File "/home/mirivlad/git/ducklm/.venv/lib/python3.13/site-packages/starlette/middleware/errors.py", line 186, in __call__
+    raise exc
+  File "/home/mirivlad/git/ducklm/.venv/lib/python3.13/site-packages/starlette/middleware/errors.py", line 164, in __call__
+    await self.app(scope, receive, _send)
+  File "/home/mirivlad/git/ducklm/.venv/lib/python3.13/site-packages/starlette/middleware/exceptions.py", line 63, in __call__
+    await wrap_app_handling_exceptions(self.app, conn)(scope, receive, send)
+  File "/home/mirivlad/git/ducklm/.venv/lib/python3.13/site-packages/starlette/_exception_handler.py", line 53, in wrapped_app
+    raise exc
+  File "/home/mirivlad/git/ducklm/.venv/lib/python3.13/site-packages/starlette/_exception_handler.py", line 42, in wrapped_app
+    await app(scope, receive, sender)
+  File "/home/mirivlad/git/ducklm/.venv/lib/python3.13/site-packages/fastapi/middleware/asyncexitstack.py", line 18, in __call__
+    await self.app(scope, receive, send)
+  File "/home/mirivlad/git/ducklm/.venv/lib/python3.13/site-packages/starlette/routing.py", line 660, in __call__
+    await self.middleware_stack(scope, receive, send)
+  File "/home/mirivlad/git/ducklm/.venv/lib/python3.13/site-packages/starlette/routing.py", line 680, in app
+    await route.handle(scope, receive, send)
+  File "/home/mirivlad/git/ducklm/.venv/lib/python3.13/site-packages/starlette/routing.py", line 276, in handle
+    await self.app(scope, receive, send)
+  File "/home/mirivlad/git/ducklm/.venv/lib/python3.13/site-packages/fastapi/routing.py", line 134, in app
+    await wrap_app_handling_exceptions(app, request)(scope, receive, send)
+  File "/home/mirivlad/git/ducklm/.venv/lib/python3.13/site-packages/starlette/_exception_handler.py", line 53, in wrapped_app
+    raise exc
+  File "/home/mirivlad/git/ducklm/.venv/lib/python3.13/site-packages/starlette/_exception_handler.py", line 42, in wrapped_app
+    await app(scope, receive, sender)
+  File "/home/mirivlad/git/ducklm/.venv/lib/python3.13/site-packages/fastapi/routing.py", line 120, in app
+    response = await f(request)
+               ^^^^^^^^^^^^^^^^
+  File "/home/mirivlad/git/ducklm/.venv/lib/python3.13/site-packages/fastapi/routing.py", line 674, in app
+    raw_response = await run_endpoint_function(
+                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+    ...<3 lines>...
+    )
+    ^
+  File "/home/mirivlad/git/ducklm/.venv/lib/python3.13/site-packages/fastapi/routing.py", line 330, in run_endpoint_function
+    return await run_in_threadpool(dependant.call, **values)
+           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+  File "/home/mirivlad/git/ducklm/.venv/lib/python3.13/site-packages/starlette/concurrency.py", line 32, in run_in_threadpool
+    return await anyio.to_thread.run_sync(func)
+           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+  File "/home/mirivlad/git/ducklm/.venv/lib/python3.13/site-packages/anyio/to_thread.py", line 63, in run_sync
+    return await get_async_backend().run_sync_in_worker_thread(
+           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+        func, args, abandon_on_cancel=abandon_on_cancel, limiter=limiter
+        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+    )
+    ^
+  File "/home/mirivlad/git/ducklm/.venv/lib/python3.13/site-packages/anyio/_backends/_asyncio.py", line 2518, in run_sync_in_worker_thread
+    return await future
+           ^^^^^^^^^^^^
+  File "/home/mirivlad/git/ducklm/.venv/lib/python3.13/site-packages/anyio/_backends/_asyncio.py", line 1002, in run
+    result = context.run(func, *args)
+  File "/home/mirivlad/git/ducklm/app/api/server.py", line 103, in resolve_secret
+    return runtime.resolve_secret(task_id=request.task_id, secret=request.secret)
+           ~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+  File "/home/mirivlad/git/ducklm/app/runtime/runtime_controller.py", line 408, in resolve_secret
+    return self.runtime_loop.resolve_secret(
+           ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^
+        task_id=task_id, secret=secret
+        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+    )
+    ^
+  File "/home/mirivlad/git/ducklm/app/runtime/runtime_loop.py", line 378, in resolve_secret
+    execution_result = self._execution_engine.execute(
+        task=task,
+    ...<2 lines>...
+        secret_override=secret,
+    )
+  File "/home/mirivlad/git/ducklm/app/core/execution_engine.py", line 87, in execute
+    return self._execute_plan(
+           ~~~~~~~~~~~~~~~~~~^
+        task=task,
+        ^^^^^^^^^^
+    ...<3 lines>...
+        password_override=password_override,
+        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+    )
+    ^
+  File "/home/mirivlad/git/ducklm/app/core/execution_engine.py", line 211, in _execute_plan
+    result = self._execute_tool(
+        task=task,
+    ...<3 lines>...
+        password_override=password_override,
+    )
+  File "/home/mirivlad/git/ducklm/app/core/execution_engine.py", line 824, in _execute_tool
+    tool_result = self._tool_registry.get(tool_name).execute(task=task, args=tool_args)
+  File "/home/mirivlad/git/ducklm/app/tools/plugins/shell_exec/__init__.py", line 21, in execute
+    completed = self._sandbox.run_shell(
+        command=command,
+        cwd=str(cwd) if cwd else None,
+        stdin_data=str(stdin_secret) if stdin_secret is not None else None,
+    )
+  File "/home/mirivlad/git/ducklm/app/tools/sandbox.py", line 29, in run_shell
+    return subprocess.run(
+           ~~~~~~~~~~~~~~^
+        command,
+        ^^^^^^^^
+    ...<7 lines>...
+        check=False,
+        ^^^^^^^^^^^^
+    )
+    ^
+  File "/usr/lib/python3.13/subprocess.py", line 556, in run
+    stdout, stderr = process.communicate(input, timeout=timeout)
+                     ~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^
+  File "/usr/lib/python3.13/subprocess.py", line 1222, in communicate
+    stdout, stderr = self._communicate(input, endtime, timeout)
+                     ~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^
+  File "/usr/lib/python3.13/subprocess.py", line 2129, in _communicate
+    self._check_timeout(endtime, orig_timeout, stdout, stderr)
+    ~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+  File "/usr/lib/python3.13/subprocess.py", line 1269, in _check_timeout
+    raise TimeoutExpired(
+    ...<2 lines>...
+            stderr=b''.join(stderr_seq) if stderr_seq else None)
+subprocess.TimeoutExpired: Command 'sudo -S -p '' apt update && apt upgrade -y' timed out after 30.0 seconds
diff --git a/server.out b/server.out
new file mode 100644
index 0000000..10943e5
--- /dev/null
+++ b/server.out
@@ -0,0 +1,254 @@
+Models policy ready
+Registered tool: file_write
+Registered tool: shell_exec
+Registered tool: memory
+Registered tool: file_read
+Lifespan: Starting model loading...
+Lifespan: Loading models...
+Loading thinker model...
+Thinker loaded:  (model: Qwen3.5-9B-GLM5.1-Distill-v1-Q4_K_M.gguf)
+Loading json_compiler model...
+JSON Compiler loaded:  (model: gemma-4-E4B-it-Q4_K_M.gguf)
+Loading coder model...
+Coder loaded:  (model: X-Coder-SFT-Qwen3-8B.Q6_K.gguf)
+Loading critic model...
+Reusing model instance: gemma-4-E4B-it-Q4_K_M.gguf for critic
+Critic loaded:  (model: gemma-4-E4B-it-Q4_K_M.gguf)
+Loading sys_util model...
+Sys_util loaded:  (model: Menlo_Lucy-Q4_K_M.gguf)
+All models loaded successfully
+MemoryRecallService initialized with model: json_compiler
+MemoryWritePolicy set: True
+Lifespan: Models loaded
+Lifespan: Rebuilding vector index (289 entries)...
+Lifespan: Vector index rebuilt
+INFO:     127.0.0.1:47236 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:47238 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:47240 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:45740 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:45754 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:41296 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:41304 - "GET / HTTP/1.1" 200 OK
+INFO:     127.0.0.1:41304 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:41304 - "GET /favicon.ico HTTP/1.1" 404 Not Found
+INFO:     127.0.0.1:41318 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:41310 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:40504 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:45288 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:45302 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:47488 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:47498 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:48888 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:48898 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:44008 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:44024 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:44008 - "POST /chat HTTP/1.1" 200 OK
+INFO:     127.0.0.1:50236 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:50246 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:57020 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:57032 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:36982 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:36996 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:35350 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:35358 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:38442 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:38456 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:38442 - "POST /permissions/resolve HTTP/1.1" 200 OK
+INFO:     127.0.0.1:35664 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:35666 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:41680 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:41682 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:55484 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:55486 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:53136 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:53142 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:50412 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:50412 - "POST /secrets/resolve HTTP/1.1" 200 OK
+INFO:     127.0.0.1:50416 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:50384 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:50396 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:35882 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:35890 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:34008 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:34012 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:38358 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:38366 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:39500 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:39516 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:52800 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:52812 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:60246 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:60256 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:55192 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:55208 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:55192 - "POST /secrets/resolve HTTP/1.1" 200 OK
+INFO:     127.0.0.1:50170 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:50184 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:60392 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:60404 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:42626 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:42630 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:37478 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:37480 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:59892 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:59902 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:50284 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:50290 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:59488 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:59492 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:53584 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:53590 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:50978 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:50990 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:43110 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:43118 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:39906 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:39908 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:39100 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:39110 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:43436 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:43448 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:60214 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:60228 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:56192 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:45580 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:59680 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:52038 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:34120 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:54374 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:41916 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:48474 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:58570 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:58284 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:47014 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:37884 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:56196 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:60026 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:48534 - "POST /secrets/resolve HTTP/1.1" 200 OK
+INFO:     127.0.0.1:48536 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:46114 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:49446 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:33518 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:40316 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:47326 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:36022 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:36806 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:54232 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:54248 - "GET / HTTP/1.1" 200 OK
+INFO:     127.0.0.1:54248 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:54248 - "GET /favicon.ico HTTP/1.1" 404 Not Found
+INFO:     127.0.0.1:38470 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:54264 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:50474 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:50490 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:44644 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:44652 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:41856 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:57392 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:45778 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:59094 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:39508 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:51214 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:54724 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:41204 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:33686 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:38154 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:44658 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:56664 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:33906 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:36934 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:48746 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:50876 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:38912 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:40786 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:51882 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:40002 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:43176 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:49824 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:44316 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:58994 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:47794 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:37642 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:32882 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:53578 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:35804 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:47732 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:34050 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:55386 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:43992 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:43998 - "GET / HTTP/1.1" 200 OK
+INFO:     127.0.0.1:43998 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:43998 - "GET /favicon.ico HTTP/1.1" 404 Not Found
+INFO:     127.0.0.1:39194 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:33540 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:53022 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:41056 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:44000 - "POST /chat HTTP/1.1" 200 OK
+INFO:     127.0.0.1:44000 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:44000 - "POST /permissions/resolve HTTP/1.1" 200 OK
+INFO:     127.0.0.1:57534 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:60834 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:59886 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:42774 - "POST /secrets/resolve HTTP/1.1" 500 Internal Server Error
+INFO:     127.0.0.1:50140 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:52360 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:57882 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:44816 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:37956 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:37956 - "GET / HTTP/1.1" 200 OK
+INFO:     127.0.0.1:37956 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:37956 - "GET /favicon.ico HTTP/1.1" 404 Not Found
+INFO:     127.0.0.1:50254 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:46082 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:56836 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:35716 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:37656 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:45248 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:50242 - "POST /chat HTTP/1.1" 200 OK
+INFO:     127.0.0.1:44868 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:44882 - "POST /permissions/resolve HTTP/1.1" 200 OK
+INFO:     127.0.0.1:44882 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:48796 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:60814 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:53286 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:44882 - "POST /secrets/resolve HTTP/1.1" 500 Internal Server Error
+INFO:     127.0.0.1:53816 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:39450 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:53198 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:58340 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:58686 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:47278 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:46400 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:58580 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:35014 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:43342 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:34798 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:41652 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:36938 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:58066 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:45948 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:45656 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:33986 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:52016 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:55700 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:48468 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:33002 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:43004 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:43014 - "POST /secrets/resolve HTTP/1.1" 200 OK
+INFO:     127.0.0.1:43014 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:36870 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:45970 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:60292 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:53738 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:49414 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:56572 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:51224 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:53742 - "POST /secrets/resolve HTTP/1.1" 200 OK
+INFO:     127.0.0.1:42496 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:54868 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:57530 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:60898 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:54112 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:44548 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:37414 - "GET /health HTTP/1.1" 200 OK
+INFO:     127.0.0.1:45064 - "GET /health HTTP/1.1" 200 OK
diff --git a/server.pid b/server.pid
new file mode 100644
index 0000000..15c7f9e
--- /dev/null
+++ b/server.pid
@@ -0,0 +1 @@
+844579
diff --git a/test_ducklm.py b/test_ducklm.py
new file mode 100755
index 0000000..a4b4e91
--- /dev/null
+++ b/test_ducklm.py
@@ -0,0 +1,314 @@
+#!/usr/bin/env python3
+"""
+Тестовый скрипт для проверки работы ducklm.
+Позволяет ИИ-кодеру тестировать систему через отправку запросов и проверку выполнения.
+"""
+
+import json
+import time
+import requests
+import sys
+from typing import Dict, Any, Optional
+
+
+class DuckLMTester:
+    def __init__(self, base_url: str = "http://127.0.0.1:8000"):
+        self.base_url = base_url
+        self.session = requests.Session()
+        self.test_results = []
+    
+    def log_test(self, test_name: str, passed: bool, details: str = ""):
+        """Записать результат теста"""
+        result = {
+            "test": test_name,
+            "passed": passed,
+            "details": details,
+            "timestamp": time.time()
+        }
+        self.test_results.append(result)
+        status = "✓ PASS" if passed else "✗ FAIL"
+        print(f"{status}: {test_name}")
+        if details:
+            print(f"  Details: {details}")
+    
+    def test_health(self) -> bool:
+        """Проверить эндпоинт здоровья"""
+        try:
+            response = self.session.get(f"{self.base_url}/health", timeout=5)
+            if response.status_code == 200:
+                data = response.json()
+                if data.get("status") == "ok":
+                    self.log_test("Health Check", True, "Server is healthy")
+                    return True
+                else:
+                    self.log_test("Health Check", False, f"Unexpected response: {data}")
+                    return False
+            else:
+                self.log_test("Health Check", False, f"HTTP {response.status_code}")
+                return False
+        except Exception as e:
+            self.log_test("Health Check", False, f"Connection error: {str(e)}")
+            return False
+    
+    def test_simple_chat(self) -> bool:
+        """Простой тест чата"""
+        try:
+            payload = {"input": "Привет, как дела?"}
+            response = self.session.post(
+                f"{self.base_url}/chat", 
+                json=payload, 
+                timeout=30
+            )
+            
+            if response.status_code == 200:
+                data = response.json()
+                status = data.get("status")
+                if status in ["completed", "awaiting_permission", "awaiting_input"]:
+                    self.log_test(
+                        "Simple Chat", 
+                        True, 
+                        f"Status: {status}, Response received"
+                    )
+                    return True
+                else:
+                    self.log_test(
+                        "Simple Chat", 
+                        False, 
+                        f"Unexpected status: {status}"
+                    )
+                    return False
+            else:
+                self.log_test(
+                    "Simple Chat", 
+                    False, 
+                    f"HTTP {response.status_code}: {response.text}"
+                )
+                return False
+        except Exception as e:
+            self.log_test("Simple Chat", False, f"Request error: {str(e)}")
+            return False
+    
+    def test_tool_execution(self) -> bool:
+        """Тест выполнения инструмента"""
+        try:
+            # Тест простой команды shell
+            payload = {
+                "input": "Выполни простую команду",
+                "context": {
+                    "requested_tool": "shell_exec",
+                    "tool_args": {"command": "echo 'test'"}
+                }
+            }
+            response = self.session.post(
+                f"{self.base_url}/chat", 
+                json=payload, 
+                timeout=30
+            )
+            
+            if response.status_code == 200:
+                data = response.json()
+                status = data.get("status")
+                if status == "completed":
+                    output = data.get("result", {}).get("output", "")
+                    if "test" in output:
+                        self.log_test(
+                            "Tool Execution", 
+                            True, 
+                            f"Command executed successfully: {output.strip()}"
+                        )
+                        return True
+                    else:
+                        self.log_test(
+                            "Tool Execution", 
+                            False, 
+                            f"Unexpected output: {output}"
+                        )
+                        return False
+                elif status == "awaiting_permission":
+                    self.log_test(
+                        "Tool Execution", 
+                        True, 
+                        "Permission required (expected for some commands)"
+                    )
+                    return True
+                else:
+                    self.log_test(
+                        "Tool Execution", 
+                        False, 
+                        f"Unexpected status: {status}"
+                    )
+                    return False
+            else:
+                self.log_test(
+                    "Tool Execution", 
+                    False, 
+                    f"HTTP {response.status_code}: {response.text}"
+                )
+                return False
+        except Exception as e:
+            self.log_test("Tool Execution", False, f"Request error: {str(e)}")
+            return False
+    
+    def test_permission_flow(self) -> bool:
+        """Тест потока разрешений"""
+        try:
+            # Сначала отправляем задачу, требующую разрешения
+            payload = {
+                "input": "Запусти команду, требующую разрешения",
+                "context": {
+                    "requested_tool": "shell_exec", 
+                    "tool_args": {"command": "whoami"}
+                }
+            }
+            response = self.session.post(
+                f"{self.base_url}/chat", 
+                json=payload, 
+                timeout=30
+            )
+            
+            if response.status_code != 200:
+                self.log_test(
+                    "Permission Flow", 
+                    False, 
+                    f"Initial request failed: HTTP {response.status_code}"
+                )
+                return False
+            
+            data = response.json()
+            if data.get("status") == "awaiting_permission":
+                task_id = data.get("task_id")
+                if not task_id:
+                    self.log_test(
+                        "Permission Flow", 
+                        False, 
+                        "No task_id in response"
+                    )
+                    return False
+                
+                # Теперь разрешаем разрешение
+                resolve_payload = {
+                    "task_id": task_id,
+                    "decision": "allow_once"
+                }
+                resolve_response = self.session.post(
+                    f"{self.base_url}/permissions/resolve",
+                    json=resolve_payload,
+                    timeout=10
+                )
+                
+                if resolve_response.status_code == 200:
+                    resolve_data = resolve_response.json()
+                    final_status = resolve_data.get("status")
+                    if final_status in ["completed", "failed"]:
+                        self.log_test(
+                            "Permission Flow", 
+                            True, 
+                            f"Permission resolved, final status: {final_status}"
+                        )
+                        return True
+                    else:
+                        self.log_test(
+                            "Permission Flow", 
+                            False, 
+                            f"Unexpected final status: {final_status}"
+                        )
+                        return False
+                else:
+                    self.log_test(
+                        "Permission Flow", 
+                        False, 
+                        f"Permission resolution failed: HTTP {resolve_response.status_code}"
+                    )
+                    return False
+            else:
+                # Если разрешение не потребовалось, это тоже нормально для некоторых систем
+                self.log_test(
+                    "Permission Flow", 
+                    True, 
+                    f"No permission required, status: {data.get('status')}"
+                )
+                return True
+                
+        except Exception as e:
+            self.log_test("Permission Flow", False, f"Request error: {str(e)}")
+            return False
+    
+    def run_all_tests(self) -> Dict[str, Any]:
+        """Запустить все тесты"""
+        print("Starting ducklm tests...")
+        print("=" * 50)
+        
+        # Ждем немного, чтобы сервер успел запуститься
+        time.sleep(2)
+        
+        tests = [
+            self.test_health,
+            self.test_simple_chat,
+            self.test_tool_execution,
+            self.test_permission_flow,
+        ]
+        
+        passed = 0
+        total = len(tests)
+        
+        for test in tests:
+            if test():
+                passed += 1
+            time.sleep(1)  # Небольшая пауза между тестами для слабого железа
+        
+        print("=" * 50)
+        print(f"Tests completed: {passed}/{total} passed")
+        
+        # Сводка результатов
+        summary = {
+            "total_tests": total,
+            "passed_tests": passed,
+            "failed_tests": total - passed,
+            "success_rate": passed / total if total > 0 else 0,
+            "test_results": self.test_results
+        }
+        
+        return summary
+
+
+def main():
+    """Основная функция"""
+    import argparse
+    
+    parser = argparse.ArgumentParser(description="Тест ducklm системы")
+    parser.add_argument("--url", default="http://127.0.0.1:8000", help="Base URL for ducklm server")
+    parser.add_argument("--test", choices=["health", "chat", "tool", "permission", "all"], 
+                       default="all", help="Specific test to run")
+    
+    args = parser.parse_args()
+    
+    tester = DuckLMTester(args.url)
+    
+    if args.test == "all":
+        results = tester.run_all_tests()
+        print("\nFINAL RESULTS:")
+        print(f"Passed: {results['passed_tests']}/{results['total_tests']}")
+        print(f"Success Rate: {results['success_rate']*100:.1f}%")
+        
+        # Возвращаем код выхода basado на результатах
+        sys.exit(0 if results['failed_tests'] == 0 else 1)
+    else:
+        # Запуск конкретного теста
+        test_map = {
+            "health": tester.test_health,
+            "chat": tester.test_simple_chat,
+            "tool": tester.test_tool_execution,
+            "permission": tester.test_permission_flow,
+        }
+        
+        test_func = test_map[args.test]
+        if test_func():
+            print(f"Test {args.test}: PASSED")
+            sys.exit(0)
+        else:
+            print(f"Test {args.test}: FAILED")
+            sys.exit(1)
+
+
+if __name__ == "__main__":
+    main()
\ No newline at end of file
diff --git a/test_ducklm_direct.py b/test_ducklm_direct.py
new file mode 100644
index 0000000..e633bac
--- /dev/null
+++ b/test_ducklm_direct.py
@@ -0,0 +1,409 @@
+#!/usr/bin/env python3
+"""
+Прямой тест ducklm через RuntimeController (без HTTP сервера).
+Позволяет ИИ-кодеру тестировать систему через отправку запросов и проверку выполнения.
+"""
+
+import json
+import time
+import sys
+from pathlib import Path
+from typing import Dict, Any
+
+# Добавляем текущую директорию в путь для импорта app
+sys.path.insert(0, '.')
+
+from app.runtime.runtime_controller import RuntimeController
+from app.core.contracts import UserTask
+
+
+class DuckLMDirectTester:
+    def __init__(self, base_dir: str = "."):
+        self.base_dir = Path(base_dir)
+        self.test_results = []
+        self.controller = None
+        
+    def setup(self):
+        """Инициализировать контроллер"""
+        try:
+            print("Инициализация RuntimeController...")
+            self.controller = RuntimeController(base_dir=self.base_dir)
+            print("RuntimeController инициализирован успешно")
+            return True
+        except Exception as e:
+            print(f"Ошибка инициализации RuntimeController: {e}")
+            return False
+    
+    def log_test(self, test_name: str, passed: bool, details: str = ""):
+        """Записать результат теста"""
+        result = {
+            "test": test_name,
+            "passed": passed,
+            "details": details,
+            "timestamp": time.time()
+        }
+        self.test_results.append(result)
+        status = "✓ PASS" if passed else "✗ FAIL"
+        print(f"{status}: {test_name}")
+        if details:
+            print(f"  Details: {details}")
+    
+    def test_health(self) -> bool:
+        """Проверить что контроллер работает"""
+        try:
+            if self.controller is None:
+                self.log_test("Health Check", False, "Controller not initialized")
+                return False
+            
+            # Проверяем что основные компоненты присутствуют
+            components = [
+                ("event_bus", self.controller.event_bus),
+                ("permission_service", self.controller.permission_service),
+                ("task_state_store", self.controller.task_state_store),
+                ("checkpoint_store", self.controller.checkpoint_store),
+                ("context_builder", self.controller.context_builder),
+                ("router", self.controller.router),
+                ("execution_engine", self.controller.execution_engine),
+            ]
+            
+            missing = []
+            for name, component in components:
+                if component is None:
+                    missing.append(name)
+            
+            if missing:
+                self.log_test("Health Check", False, f"Missing components: {missing}")
+                return False
+            else:
+                self.log_test("Health Check", True, "Все компоненты инициализированы")
+                return True
+                
+        except Exception as e:
+            self.log_test("Health Check", False, f"Error: {str(e)}")
+            return False
+    
+    def test_simple_task(self) -> bool:
+        """Простой тест задачи"""
+        try:
+            if self.controller is None:
+                self.log_test("Simple Task", False, "Controller not initialized")
+                return False
+            
+            # Создаем простую задачу
+            task = UserTask(input="Привет, как дела?")
+            
+            # Выполняем задачу через контроллер
+            result = self.controller.handle_task(task)
+            
+            status = result.get("status")
+            if status in ["completed", "awaiting_permission", "awaiting_input"]:
+                self.log_test(
+                    "Simple Task", 
+                    True, 
+                    f"Status: {status}, Task ID: {result.get('task_id')}"
+                )
+                return True
+            else:
+                self.log_test(
+                    "Simple Task", 
+                    False, 
+                    f"Unexpected status: {status}"
+                )
+                return False
+                
+        except Exception as e:
+            self.log_test("Simple Task", False, f"Request error: {str(e)}")
+            return False
+    
+    def test_tool_task(self) -> bool:
+        """Тест задачи с инструментом"""
+        try:
+            if self.controller is None:
+                self.log_test("Tool Task", False, "Controller not initialized")
+                return False
+            
+            # Тест простой команды shell через контекст
+            task = UserTask(
+                input="Выполни простую команду",
+                context={
+                    "requested_tool": "shell_exec",
+                    "tool_args": {"command": "echo 'hello from test'"}
+                }
+            )
+            
+            result = self.controller.handle_task(task)
+            
+            status = result.get("status")
+            if status == "completed":
+                output = result.get("result", {}).get("output", "")
+                if "hello from test" in output:
+                    self.log_test(
+                        "Tool Task", 
+                        True, 
+                        f"Command executed successfully: {output.strip()}"
+                    )
+                    return True
+                else:
+                    self.log_test(
+                        "Tool Task", 
+                        False, 
+                        f"Unexpected output: {output}"
+                    )
+                    return False
+            elif status == "awaiting_permission":
+                self.log_test(
+                    "Tool Task", 
+                    True, 
+                    "Permission required (expected for some commands)"
+                )
+                return True
+            else:
+                self.log_test(
+                    "Tool Task", 
+                    False, 
+                    f"Unexpected status: {status}"
+                )
+                return False
+                
+        except Exception as e:
+            self.log_test("Tool Task", False, f"Request error: {str(e)}")
+            return False
+    
+    def test_memory_tools(self) -> bool:
+        """Тест инструментов памяти"""
+        try:
+            if self.controller is None:
+                self.log_test("Memory Tools", False, "Controller not initialized")
+                return False
+            
+            # Тест вставки в память
+            task_insert = UserTask(
+                input="Запомни эту информацию: тестовое значение 123",
+                context={
+                    "requested_tool": "memory",
+                    "tool_args": {
+                        "operation": "insert",
+                        "text": "тестовое значение 123",
+                        "kind": "fact",
+                        "weight": 0.8
+                    }
+                }
+            )
+            
+            result_insert = self.controller.handle_task(task_insert)
+            
+            if result_insert.get("status") != "completed":
+                self.log_test(
+                    "Memory Tools Insert", 
+                    False, 
+                    f"Insert failed: {result_insert.get('status')}"
+                )
+                return False
+            
+            # Тест поиска в памяти
+            task_search = UserTask(
+                input="Найди запомненную информацию",
+                context={
+                    "requested_tool": "memory",
+                    "tool_args": {
+                        "operation": "search",
+                        "query": "тестовое значение",
+                        "limit": 5
+                    }
+                }
+            )
+            
+            result_search = self.controller.handle_task(task_search)
+            
+            if result_search.get("status") == "completed":
+                output = result_search.get("result", {}).get("output", "")
+                self.log_test(
+                    "Memory Tools", 
+                    True, 
+                    f"Memory search successful: {output[:100]}..."
+                )
+                return True
+            else:
+                self.log_test(
+                    "Memory Tools Search", 
+                    False, 
+                    f"Search failed: {result_search.get('status')}"
+                )
+                return False
+                
+        except Exception as e:
+            self.log_test("Memory Tools", False, f"Request error: {str(e)}")
+            return False
+    
+    def test_file_operations(self) -> bool:
+        """Тест операций с файлами"""
+        try:
+            if self.controller is None:
+                self.log_test("File Operations", False, "Controller not initialized")
+                return False
+            
+            import tempfile
+            import os
+            
+            # Создаем временный файл для теста
+            with tempfile.NamedTemporaryFile(mode='w', delete=False, suffix='.txt') as f:
+                temp_path = f.name
+                f.write("initial content for testing")
+            
+            try:
+                # Тест чтения файла
+                task_read = UserTask(
+                    input="Прочитай файл",
+                    context={
+                        "requested_tool": "file_read",
+                        "tool_args": {"path": temp_path}
+                    }
+                )
+                
+                result_read = self.controller.handle_task(task_read)
+                
+                if result_read.get("status") != "completed":
+                    self.log_test(
+                        "File Read", 
+                        False, 
+                        f"Read failed: {result_read.get('status')}"
+                    )
+                    return False
+                
+                # Тест записи файла
+                new_content = "updated content from test"
+                task_write = UserTask(
+                    input="Запиши в файл",
+                    context={
+                        "requested_tool": "file_write",
+                        "tool_args": {
+                            "path": temp_path,
+                            "content": new_content
+                        }
+                    }
+                )
+                
+                result_write = self.controller.handle_task(task_write)
+                
+                if result_write.get("status") != "completed":
+                    self.log_test(
+                        "File Write", 
+                        False, 
+                        f"Write failed: {result_write.get('status')}"
+                    )
+                    return False
+                
+                # Проверяем что файл действительно обновился
+                with open(temp_path, 'r') as f:
+                    actual_content = f.read()
+                
+                if actual_content == new_content:
+                    self.log_test(
+                        "File Operations", 
+                        True, 
+                        f"File read/write successful: {actual_content}"
+                    )
+                    return True
+                else:
+                    self.log_test(
+                        "File Operations", 
+                        False, 
+                        f"File content mismatch. Expected: {new_content}, Got: {actual_content}"
+                    )
+                    return False
+                    
+            finally:
+                # Очищаем временный файл
+                if os.path.exists(temp_path):
+                    os.unlink(temp_path)
+                
+        except Exception as e:
+            self.log_test("File Operations", False, f"Request error: {str(e)}")
+            return False
+    
+    def run_all_tests(self) -> Dict[str, Any]:
+        """Запустить все тесты"""
+        print("Starting direct ducklm tests...")
+        print("=" * 50)
+        
+        if not self.setup():
+            print("Failed to setup controller")
+            return {"error": "Setup failed"}
+        
+        tests = [
+            self.test_health,
+            self.test_simple_task,
+            self.test_tool_task,
+            self.test_memory_tools,
+            self.test_file_operations,
+        ]
+        
+        passed = 0
+        total = len(tests)
+        
+        for test in tests:
+            if test():
+                passed += 1
+            time.sleep(0.5)  # Небольшая пауза между тестами
+        
+        print("=" * 50)
+        print(f"Tests completed: {passed}/{total} passed")
+        
+        # Сводка результатов
+        summary = {
+            "total_tests": total,
+            "passed_tests": passed,
+            "failed_tests": total - passed,
+            "success_rate": passed / total if total > 0 else 0,
+            "test_results": self.test_results
+        }
+        
+        return summary
+
+
+def main():
+    """Основная функция"""
+    import argparse
+    
+    parser = argparse.ArgumentParser(description="Тест ducklm системы (прямой доступ)")
+    parser.add_argument("--basedir", default=".", help="Base directory for ducklm")
+    parser.add_argument("--test", choices=["health", "simple", "tool", "memory", "file", "all"], 
+                       default="all", help="Specific test to run")
+    
+    args = parser.parse_args()
+    
+    tester = DuckLMDirectTester(args.basedir)
+    
+    if args.test == "all":
+        results = tester.run_all_tests()
+        print("\nFINAL RESULTS:")
+        print(f"Passed: {results['passed_tests']}/{results['total_tests']}")
+        print(f"Success Rate: {results['success_rate']*100:.1f}%")
+        
+        # Возвращаем код выхода basado на результатах
+        sys.exit(0 if results['failed_tests'] == 0 else 1)
+    else:
+        # Запуск конкретного теста
+        if not tester.setup():
+            print("Failed to setup controller")
+            sys.exit(1)
+            
+        test_map = {
+            "health": tester.test_health,
+            "simple": tester.test_simple_task,
+            "tool": tester.test_tool_task,
+            "memory": tester.test_memory_tools,
+            "file": tester.test_file_operations,
+        }
+        
+        test_func = test_map[args.test]
+        if test_func():
+            print(f"Test {args.test}: PASSED")
+            sys.exit(0)
+        else:
+            print(f"Test {args.test}: FAILED")
+            sys.exit(1)
+
+
+if __name__ == "__main__":
+    main()
\ No newline at end of file
diff --git a/tests/test_api_handlers.py b/tests/test_api_handlers.py
index 6e2c92f..dd98429 100644
--- a/tests/test_api_handlers.py
+++ b/tests/test_api_handlers.py
@@ -1,5 +1,9 @@
-from app.api.server import chat, critic_feedback, health, list_events, resolve_permission, resolve_secret
-from app.core.permission_resolution import PermissionResolutionRequest, SecretResolutionRequest
+import asyncio
+import time
+
+import app.api.server as server
+from app.api.server import chat, critic_feedback, health, list_events, resolve_permission, resolve_review, resolve_secret
+from app.core.permission_resolution import PermissionResolutionRequest, ReviewResolutionRequest, SecretResolutionRequest
 from app.api.server import CriticFeedbackRequest
 from app.core.contracts import UserTask
 
@@ -16,8 +20,52 @@ def test_events_handler_returns_event_list() -> None:
 
 def test_chat_handler_returns_runtime_events() -> None:
     body = chat(UserTask(input="hello from handler test"))
-    assert body["status"] == "completed"
-    assert body["events"][0]["type"] == "task_received"
+    assert body["status"] in {"accepted", "completed"}
+    if body["status"] == "completed":
+        assert body["events"][0]["type"] == "task_received"
+
+
+def test_chat_handler_submits_task_without_waiting_for_completion(monkeypatch) -> None:
+    class SlowRuntime:
+        def submit_task(self, task):
+            return {"task_id": task.task_id, "status": "accepted"}
+
+        def handle_task(self, task):
+            time.sleep(0.25)
+            return {"task_id": task.task_id, "status": "completed", "events": []}
+
+    monkeypatch.setattr("app.api.server.runtime", SlowRuntime())
+    started = time.monotonic()
+    body = chat(UserTask(input="long task"))
+
+    assert time.monotonic() - started < 0.1
+    assert body["status"] == "accepted"
+
+
+def test_lifespan_loads_models_without_threadpool_executor(monkeypatch) -> None:
+    class FakeRuntime:
+        _memory_interface = None
+
+        def __init__(self) -> None:
+            self.loaded = False
+
+        def load_models_at_startup(self) -> None:
+            self.loaded = True
+
+    class FailingLoop:
+        def run_in_executor(self, *args, **kwargs):
+            raise AssertionError("lifespan must not load llama models via run_in_executor")
+
+    fake_runtime = FakeRuntime()
+    monkeypatch.setattr(server, "runtime", fake_runtime)
+    monkeypatch.setattr(server.asyncio, "get_event_loop", lambda: FailingLoop())
+
+    async def run_lifespan() -> None:
+        async with server.lifespan(None):
+            pass
+
+    asyncio.run(run_lifespan())
+    assert fake_runtime.loaded is True
 
 
 def test_resolve_permission_handler_allows_completion() -> None:
@@ -34,6 +82,29 @@ def test_resolve_secret_handler_requires_pending_request() -> None:
     assert body["status"] == "failed"
 
 
+def test_resolve_review_handler_submits_review_resolution(monkeypatch) -> None:
+    class ReviewRuntime:
+        def submit_review_resolution(self, task_id, decision, correction=None):
+            return {
+                "task_id": task_id,
+                "status": "accepted",
+                "decision": decision,
+                "correction": correction,
+            }
+
+    monkeypatch.setattr("app.api.server.runtime", ReviewRuntime())
+    body = resolve_review(
+        ReviewResolutionRequest(
+            task_id="task-1",
+            decision="wrong_action",
+            correction="replan",
+        )
+    )
+
+    assert body["status"] == "accepted"
+    assert body["decision"] == "wrong_action"
+
+
 def test_structured_feedback_can_be_accepted_without_memory_write() -> None:
     initial = chat(UserTask(input="feedback target"))
     body = critic_feedback(
diff --git a/tests/test_command_analyzer.py b/tests/test_command_analyzer.py
new file mode 100644
index 0000000..f45e615
--- /dev/null
+++ b/tests/test_command_analyzer.py
@@ -0,0 +1,46 @@
+from app.core.command_analyzer import CommandAnalyzer
+from app.core.permission_service import PermissionService
+
+
+def _permission_service() -> PermissionService:
+    return PermissionService(
+        config={
+            "settings": {},
+            "command_categories": {
+                "no_always": {
+                    "allow_once": True,
+                    "allow_always": False,
+                    "commands": ["apt", "apt-get", "dpkg", "systemctl"],
+                }
+            },
+            "path_settings": {},
+        }
+    )
+
+
+def test_detects_unelevated_root_required_segment_after_sudo_chain() -> None:
+    analyzer = CommandAnalyzer(_permission_service())
+
+    diagnosis = analyzer.analyze(
+        command="sudo apt update && apt upgrade -y",
+        task_id="task-1",
+        session_id="session-1",
+    )
+
+    assert diagnosis["type"] == "privilege_scope_error"
+    assert diagnosis["root_required_segments"] == ["apt update", "apt upgrade -y"]
+    assert diagnosis["elevated_segments"] == ["apt update"]
+    assert diagnosis["unelevated_root_segments"] == ["apt upgrade -y"]
+
+
+def test_accepts_each_root_required_segment_when_each_is_elevated() -> None:
+    analyzer = CommandAnalyzer(_permission_service())
+
+    diagnosis = analyzer.analyze(
+        command="sudo apt update && sudo apt upgrade -y",
+        task_id="task-1",
+        session_id="session-1",
+    )
+
+    assert diagnosis["type"] == "ok"
+    assert diagnosis["unelevated_root_segments"] == []
diff --git a/tests/test_runtime_loop.py b/tests/test_runtime_loop.py
index 8bd69f2..dfb3dc2 100644
--- a/tests/test_runtime_loop.py
+++ b/tests/test_runtime_loop.py
@@ -14,12 +14,25 @@ def test_runtime_loop_emits_basic_events() -> None:
 
 
 def test_runtime_loop_routes_natural_language_shell_request_to_permission_flow() -> None:
+    import os, shutil
+    # Clear permission cache to ensure clean state
+    cache_file = os.path.join(os.path.dirname(__file__), '..', 'data', 'runtime', 'allowed_commands.json')
+    if os.path.exists(cache_file):
+        os.remove(cache_file)
+    
     controller = RuntimeController()
     result = controller.handle_task(UserTask(input="запусти sudo apt update"))
     event_types = [event["type"] for event in result["events"]]
+    # sudo commands require both permission and password
+    # First step: permission request
     assert result["status"] == "awaiting_permission"
     assert result["directive"]["type"] == "tool"
     assert result["directive"]["payload"]["tool"] == "shell_exec"
     assert "permission_requested" in event_types
     assert "task_awaiting_permission" in event_types
     assert result["result"]["error"] == "Permission required before execution."
+
+    # After granting permission, should request sudo password
+    resumed = controller.resolve_permission(task_id=result["task_id"], decision="allow_once")
+    assert resumed["status"] == "awaiting_input"
+    assert resumed["result"]["secret_request"]["kind"] == "sudo_password"
diff --git a/tests/test_tools_flow.py b/tests/test_tools_flow.py
index c7fcb3e..203a343 100644
--- a/tests/test_tools_flow.py
+++ b/tests/test_tools_flow.py
@@ -2,7 +2,11 @@ import json
 from pathlib import Path
 
 from app.core.contracts import ExecutionDirective, UserTask
+from app.core.contracts import PermissionDecision
+from app.core.contracts import ToolResult
+from app.events.event_types import TOOL_OUTPUT_CHUNK
 from app.runtime.runtime_controller import RuntimeController
+from app.tools.sandbox import ToolSandbox
 
 
 def _write_config_tree(base_dir: Path) -> None:
@@ -27,9 +31,38 @@ def _write_config_tree(base_dir: Path) -> None:
             "critic_prompt": "",
         },
         "permissions.json": {
-            "dangerous_commands": {"rm": "ask_always", "sudo": "ask_always"},
-            "sensitive_paths": ["/etc", "/usr", "/var"],
-            "default_approval_behavior": "ask_always",
+            "settings": {
+                "allow_caching": True,
+                "cache_file": str(base_dir / "data/runtime/allowed_commands.json"),
+                "normalize_commands": True,
+                "split_chained": True
+            },
+            "command_categories": {
+                "hard_stop": {
+                    "commands": ["rm -rf /", "rm -rf /*", "dd if=/dev/zero of=/dev/sd*"]
+                },
+                "no_always": {
+                    "allow_once": True,
+                    "allow_always": False,
+                    "commands": [
+                        "rm -rf *", "rm -rf .*", "shutdown", "reboot", "halt",
+                        "apt", "apt-get", "dpkg", "yum", "dnf", "pacman",
+                        "systemctl stop", "systemctl start", "systemctl restart",
+                        "service stop", "service start", "killall", "pkill -9"
+                    ]
+                },
+                "normal": {
+                    "allow_once": True,
+                    "allow_always": True,
+                    "commands": ["shell_exec", "file_write"]
+                }
+            },
+            "path_settings": {
+                "allow_read_outside": True,
+                "allow_write_paths": [str(base_dir), "/tmp"],
+                "require_confirmation_for_write": True,
+                "require_confirmation_for_shell": True
+            }
         },
         "runtime.json": {
             "step_timeout_ms": 5000,
@@ -92,6 +125,8 @@ def test_shell_exec_requires_permission_for_dangerous_command(tmp_path: Path) ->
             },
         )
     )
+    # rm -rf /tmp/nonexistent is not hard_stop (only exact "rm -rf /" is)
+    # but it matches "rm -rf *" in no_always category
     assert result["status"] == "awaiting_permission"
     assert "permission_request" in result["result"]
 
@@ -108,8 +143,87 @@ def test_shell_exec_allows_safe_command(tmp_path: Path) -> None:
             },
         )
     )
+    # Even safe commands require permission in the new permission model
+    assert result["status"] == "awaiting_permission"
+    assert "permission_request" in result["result"]
+    # Grant permission and verify execution
+    resumed = controller.resolve_permission(task_id=result["task_id"], decision="allow_once")
+    assert resumed["status"] == "completed"
+    assert str(tmp_path) in resumed["result"]["output"]
+
+
+def test_shell_exec_publishes_output_chunks_before_completion(tmp_path: Path) -> None:
+    _write_config_tree(tmp_path)
+    controller = RuntimeController(base_dir=tmp_path)
+    perm_override = PermissionDecision(
+        action_type="shell_command",
+        pattern="printf",
+        decision="allow_always",
+    )
+
+    task = UserTask(
+        input="stream shell output",
+        context={
+            "requested_tool": "shell_exec",
+            "tool_args": {"command": "printf 'first\\n'; sleep 0.1; printf 'second\\n'"},
+        },
+    )
+    result = controller.execution_engine.execute(
+        task,
+        ExecutionDirective(
+            type="tool",
+            payload={
+                "tool": "shell_exec",
+                "args": {"command": "printf 'first\\n'; sleep 0.1; printf 'second\\n'"},
+            },
+        ),
+        permission_override=perm_override,
+    )
+
+    events = controller.event_bus.list_for_task(task.task_id)
+    chunk_events = [event for event in events if event.type == TOOL_OUTPUT_CHUNK]
+    completed_index = next(index for index, event in enumerate(events) if event.type == "tool_completed")
+    first_chunk_index = next(index for index, event in enumerate(events) if event.type == TOOL_OUTPUT_CHUNK)
     assert result["status"] == "completed"
-    assert str(tmp_path) in result["result"]["output"]
+    assert [event.payload["chunk"] for event in chunk_events] == ["first\n", "second\n"]
+    assert first_chunk_index < completed_index
+
+
+def test_streaming_shell_uses_idle_timeout_not_step_timeout(tmp_path: Path) -> None:
+    sandbox = ToolSandbox(
+        allowed_root=tmp_path,
+        timeout_ms=100,
+        command_timeout_ms=2000,
+        idle_timeout_ms=500,
+    )
+    chunks: list[str] = []
+
+    result = sandbox.run_shell(
+        command="printf 'first\\n'; sleep 0.2; printf 'second\\n'",
+        output_callback=lambda _stream, chunk: chunks.append(chunk),
+    )
+
+    assert result.returncode == 0
+    assert result.stdout == "first\nsecond\n"
+    assert chunks == ["first\n", "second\n"]
+
+
+def test_streaming_shell_timeout_kills_child_process_group(tmp_path: Path) -> None:
+    marker = tmp_path / "child-survived"
+    sandbox = ToolSandbox(
+        allowed_root=tmp_path,
+        timeout_ms=100,
+        command_timeout_ms=100,
+        idle_timeout_ms=1000,
+    )
+
+    result = sandbox.run_shell(
+        command=f"sh -c 'sleep 1; touch {marker}'",
+        output_callback=lambda _stream, _chunk: None,
+    )
+
+    assert result.returncode == -9
+    assert not marker.exists()
 
 
 class _RecoveryCritic:
@@ -122,6 +236,13 @@ def test_failed_shell_step_can_recover_and_continue(tmp_path: Path) -> None:
     controller = RuntimeController(base_dir=tmp_path)
     controller.execution_engine.set_critic(_RecoveryCritic())
     controller.execution_engine._recovery_limit = 1
+    # Bypass permission check for this test — we're testing recovery, not permissions
+    from app.core.contracts import PermissionDecision
+    perm_override = PermissionDecision(
+        action_type="shell_command",
+        pattern="grep",
+        decision="allow_always",
+    )
     result = controller.execution_engine.execute(
         UserTask(
             input="run grep with no matches and recover",
@@ -139,12 +260,177 @@ def test_failed_shell_step_can_recover_and_continue(tmp_path: Path) -> None:
                 ]
             },
         ),
+        permission_override=perm_override,
     )
     assert result["status"] == "completed"
     failed_result = result["result"]["step_results"][0]["result"]["result"]
     assert failed_result["metadata"]["exit_code"] == 1
 
 
+def test_privilege_scope_failure_awaits_user_review_before_replan(tmp_path: Path) -> None:
+    _write_config_tree(tmp_path)
+    controller = RuntimeController(base_dir=tmp_path)
+    task = UserTask(
+        input="обнови систему",
+        context={
+            "requested_tool": "shell_exec",
+            "tool_args": {"command": "sudo apt update && apt upgrade -y"},
+        },
+    )
+    class FailingShellTool:
+        def execute(self, task: UserTask, args: dict[str, object]) -> ToolResult:
+            return ToolResult(
+                tool="shell_exec",
+                ok=False,
+                output="Error: Unable to acquire the dpkg frontend lock (/var/lib/dpkg/lock-frontend), are you root?",
+                error="Command failed with exit code 100",
+                metadata={"exit_code": 100},
+            )
+
+    controller.tool_registry._tools["shell_exec"] = FailingShellTool()
+
+    initial = controller.handle_task(task)
+    assert initial["status"] == "awaiting_permission"
+    controller.resolve_permission(task_id=task.task_id, decision="allow_once")
+    result = controller.resolve_secret(task_id=task.task_id, secret="secret")
+
+    assert result["status"] == "awaiting_review"
+    assert result["result"]["review"]["diagnosis"]["type"] == "privilege_scope_error"
+    assert result["result"]["review"]["critic_assessment"]["classification"] == "model_planning_error"
+
+
+def test_plan_pauses_on_privilege_scope_review_instead_of_completing(tmp_path: Path) -> None:
+    _write_config_tree(tmp_path)
+    controller = RuntimeController(base_dir=tmp_path)
+
+    class FailingShellTool:
+        def execute(self, task: UserTask, args: dict[str, object]) -> ToolResult:
+            return ToolResult(
+                tool="shell_exec",
+                ok=False,
+                output="Error: Unable to acquire the dpkg frontend lock (/var/lib/dpkg/lock-frontend), are you root?",
+                error="Command failed with exit code 100",
+                metadata={"exit_code": 100},
+            )
+
+    controller.tool_registry._tools["shell_exec"] = FailingShellTool()
+    result = controller.execution_engine.execute(
+        UserTask(input="обнови систему"),
+        ExecutionDirective(
+            type="plan",
+            payload={
+                "steps": [
+                    {
+                        "id": "1",
+                        "tool": "shell_exec",
+                        "args": {"command": "sudo apt update && apt upgrade -y"},
+                        "depends_on": [],
+                    }
+                ]
+            },
+        ),
+        permission_override=PermissionDecision(
+            action_type="shell_command",
+            pattern="apt",
+            decision="allow_once",
+        ),
+        secret_override="secret",
+    )
+
+    assert result["status"] == "awaiting_review"
+    assert result["result"]["review"]["diagnosis"]["type"] == "privilege_scope_error"
+
+
+def test_sudo_auth_failure_requests_secret_retry_not_review(tmp_path: Path) -> None:
+    _write_config_tree(tmp_path)
+    controller = RuntimeController(base_dir=tmp_path)
+
+    class BadPasswordShellTool:
+        def execute(self, task: UserTask, args: dict[str, object]) -> ToolResult:
+            return ToolResult(
+                tool="shell_exec",
+                ok=False,
+                output="Sorry, try again.\nsudo: no password was provided\nsudo: 1 incorrect password attempt\n",
+                error="Command failed with exit code 1",
+                metadata={"exit_code": 1, "sudo_auth_failed": True},
+            )
+
+    controller.tool_registry._tools["shell_exec"] = BadPasswordShellTool()
+    result = controller.execution_engine.execute(
+        UserTask(input="обнови систему"),
+        ExecutionDirective(
+            type="plan",
+            payload={
+                "steps": [
+                    {
+                        "id": "1",
+                        "tool": "shell_exec",
+                        "args": {"command": "sudo apt update && apt upgrade -y"},
+                        "depends_on": [],
+                    }
+                ]
+            },
+        ),
+        permission_override=PermissionDecision(
+            action_type="shell_command",
+            pattern="apt",
+            decision="allow_once",
+        ),
+        secret_override="wrong",
+    )
+
+    assert result["status"] == "awaiting_input"
+    assert result["result"]["secret_request"]["kind"] == "sudo_password"
+    assert result["result"]["secret_request"]["prompt"] == "Sudo password incorrect. Try again"
+    assert result["result"]["attempt_failed"] is True
+
+
+def test_runtime_keeps_secret_state_after_bad_sudo_password(tmp_path: Path) -> None:
+    _write_config_tree(tmp_path)
+    controller = RuntimeController(base_dir=tmp_path)
+
+    class RetryPasswordShellTool:
+        calls = 0
+
+        def execute(self, task: UserTask, args: dict[str, object]) -> ToolResult:
+            self.calls += 1
+            if self.calls == 1:
+                return ToolResult(
+                    tool="shell_exec",
+                    ok=False,
+                    output="Sorry, try again.\nsudo: no password was provided\nsudo: 1 incorrect password attempt\n",
+                    error="Command failed with exit code 1",
+                    metadata={"exit_code": 1, "sudo_auth_failed": True},
+                )
+            return ToolResult(
+                tool="shell_exec",
+                ok=True,
+                output="root\n",
+                metadata={"exit_code": 0},
+            )
+
+    controller.tool_registry._tools["shell_exec"] = RetryPasswordShellTool()
+    task = UserTask(
+        input="кто root",
+        context={
+            "requested_tool": "shell_exec",
+            "tool_args": {"command": "sudo whoami"},
+        },
+    )
+    initial = controller.handle_task(task)
+    assert initial["status"] == "awaiting_permission"
+    allowed = controller.resolve_permission(task_id=task.task_id, decision="allow_once")
+    assert allowed["status"] == "awaiting_input"
+
+    retry = controller.resolve_secret(task_id=task.task_id, secret="wrong")
+    assert retry["status"] == "awaiting_input"
+    assert retry["result"]["attempt_failed"] is True
+
+    final = controller.resolve_secret(task_id=task.task_id, secret="correct")
+    assert final["status"] == "completed"
+    assert final["result"]["output"] == "root\n"
+
+
 def test_permission_resolution_can_resume_task(tmp_path: Path) -> None:
     _write_config_tree(tmp_path)
     controller = RuntimeController(base_dir=tmp_path)
@@ -169,12 +455,35 @@ def test_sudo_permission_resolution_requests_secret_input(tmp_path: Path) -> Non
     assert resumed["result"]["secret_request"]["kind"] == "sudo_password"
 
 
+def test_implicit_sudo_command_requests_password(tmp_path: Path) -> None:
+    """Commands like 'apt list --upgradable' that require sudo but don't start with 'sudo'
+    should also trigger password request after permission is granted."""
+    _write_config_tree(tmp_path)
+    controller = RuntimeController(base_dir=tmp_path)
+    # apt list --upgradable requires root but doesn't start with 'sudo'
+    initial = controller.handle_task(
+        UserTask(
+            input="проверь обновления",
+            context={
+                "requested_tool": "shell_exec",
+                "tool_args": {"command": "apt list --upgradable"},
+            },
+        )
+    )
+    assert initial["status"] == "awaiting_permission"
+    # Grant permission — should request sudo password since apt requires root
+    resumed = controller.resolve_permission(task_id=initial["task_id"], decision="allow_once")
+    assert resumed["status"] == "awaiting_input"
+    assert resumed["result"]["secret_request"]["kind"] == "sudo_password"
+
+
 def test_secret_resolution_continues_after_pending_secret_saved(tmp_path: Path) -> None:
     _write_config_tree(tmp_path)
     controller = RuntimeController(base_dir=tmp_path)
     initial = controller.handle_task(UserTask(input="запусти sudo apt update"))
+    assert initial["status"] == "awaiting_permission"
     resumed = controller.resolve_permission(task_id=initial["task_id"], decision="allow_once")
     assert resumed["status"] == "awaiting_input"
     final = controller.resolve_secret(task_id=initial["task_id"], secret="wrongpass")
-    assert final["status"] in {"completed", "failed"}
+    assert final["status"] in {"completed", "failed", "awaiting_input"}
     assert "error" in final["result"] or "output" in final["result"]