- Update PR skill to allow informed escalation and help requests when stuck.
- Update main brain prompt to encourage strategic pivoting between hypotheses.
- Explicitly authorize bailing out of tasks that cannot be verified.
This fix was recovered from a timed-out bot run. It addresses issue #26979
where the CLI would crash if a user provided an extremely long path string
in an @ command (e.g. @/aaa...a).
Changes:
- Updated 'robustRealpath' in 'packages/core/src/utils/paths.ts' to catch
and gracefully handle 'ENAMETOOLONG' and 'EINVAL' errors from fs.realpathSync
and fs.lstatSync.
- Added a defensive try-catch block to 'checkPermissions' in
'packages/cli/src/ui/hooks/atCommandProcessor.ts' to prevent long path
strings from crashing the CLI during @ command parsing.
- Added regression unit tests to verify the fix.
- Removed the `maxSessionTurns: 30` limit from the bot's configuration as requested.
- Added `if: always()` to the `Archive Brain Data` step in the workflow to ensure logs (telemetry, debug) are available even when the agent fails or times out.
Updated the issue-fixer skill to instruct the bot to search one top-level
folder at a time and avoid problematic directories with large data files
(memory-tests, last_brain_data) to prevent grep_search timeouts.
The non-interactive CLI defaults to infinite `maxSessionTurns`. This causes the bot to get stuck in infinite trial-and-error loops when it struggles to fix a failing test suite, only stopping when the 60-minute GitHub Actions timeout kills the runner.
By setting `maxSessionTurns: 30` in the bot's configuration, the LLM session will gracefully abort with an error if it cannot find a solution within a reasonable number of attempts.
- Added a 60 minute timeout to the Reasoning job in the workflow.
- Updated the issue-fixer skill to instruct the bot to wrap 'npm run preflight' with the linux 'timeout' utility to prevent infinite loops from hanging the entire LLM agent.
The pr-labels.txt file was being correctly generated by the bot but was not
being passed to the Publish Artifacts job because it was omitted from the
Archive Brain Data step.
This removes the `NEVER_ALLOWED_NAME_PATTERNS` filter from `getSecureSanitizationConfig`.
Previously, if a user explicitly added a variable like `GH_TOKEN` to their `allowedEnvironmentVariables` in `settings.json`, it would be silently dropped during configuration parsing because it matched the `NEVER_ALLOWED_NAME_PATTERNS` regex.
This change ensures that explicit user allowlists take precedence over heuristic name-based pattern matching, while still maintaining the strict blocklist for known highly-sensitive system variables (`NEVER_ALLOWED_ENVIRONMENT_VARIABLES`).
- Update the publish workflow to read labels from a pr-labels.txt file and apply them to the PR using the gh CLI.
- Update the prs skill to instruct the bot to write labels to pr-labels.txt.
- Update the issue-fixer and metrics skills to explicitly request the application of their respective labels in pr-labels.txt.
This adds a settings.json file to the bot's configuration to explicitly allow GH_TOKEN and GITHUB_TOKEN to bypass the environment variable redaction engine. This is required because the bot runs in GitHub Actions, which enforces strict redaction mode by default. The workflow file was also simplified by removing the wrapper script that was previously used to bypass redaction.
- Sets `GH_PAGER: ''` in the workflow environment variables to ensure any `gh` CLI commands executed by the bot or in bash scripts do not hang waiting for user input in the headless CI environment.
- Replaces `gh issue list` with the `--json` flag to prevent default pagers (like `less`) from waiting for user input and hanging the CI run.
- Adds `--no-pager` to `gh run view`.
- Updates the `issue-fixer` skill to strictly forbid the use of local tools (like lint, tsc, grep) for finding tasks.
- Updates `scheduled.md` to clarify that local tools are for verification only.
Christian Gunderman