## Description
Noticed this reading the terminal runner: when a `terminal_exec` command
times out we only `SIGTERM` the shell. The shell isn't spawned
`detached`, so anything it backgrounded (`server &`, `nohup`, a dev
server) gets reparented to init and keeps running — an orphan leak on
every timed-out command that backgrounded something.
Fix: spawn the shell `detached` and signal the whole process group
(negative PID) on timeout, SIGTERM → 5s → SIGKILL — same pattern as
`apps/stage-tamagotchi/scripts/desktop-overlay-live-window-smoke.ts`.
Falls back to a single-process kill, non-timeout path unchanged.
## Linked Issues
None — just something I noticed.
## Additional Context
Added a regression test (backgrounds a `sleep`, times out, asserts the
pid is gone) — fails on `main`, passes here. `moeru-lint` clean. Left
PTY teardown (`pty-runner.ts`) out on purpose: job control puts
background jobs in their own groups, needs session-wide cleanup — happy
to follow up.
## Summary
Restores `services/minecraft` to own **only Minecraft semantics**,
decoupling the already-merged #1915 runtime contract from the (unmerged)
#1916 desktop-relay design — as requested by @shinohara-rin in the #1916
review:
> I'd prefer we first restore `services/minecraft` to only own Minecraft
semantics, then reintroduce desktop relay/read-aloud through a generic
module capability/tool contribution path or a Minecraft adapter.
Otherwise `main` now contains half of a cross-PR runtime contract whose
other half we are saying should not land as-is.
The perception/reflex/brain reliability work from #1915 is untouched.
This PR only removes the three desktop-coupling points baked into the
bot service.
## Changes
- **`airi-bridge.ts` — `handleActionIntent`**: a `spark:command` is
high-level guidance from the AIRI server, now attributed to a neutral
`'airi'` source. Removed the hardcoded `username = '主人'` / `relayedFrom:
'desktop-airi'` "treat it as if the master typed it in-game" framing.
The generic server→bot directive still routes through
`signal:chat_message` to trigger a fresh decision cycle, exactly as
before — only the identity/provenance is neutralized. Binding a relayed
command to the master's in-game identity is desktop-relay policy and
will live in the Minecraft adapter.
- **`minecraft-context-service.ts`**: stopped emitting the
machine-readable `master:` status hint (whose only consumer was the
desktop `gaming-minecraft` store) and removed the desktop-coupling
NOTICE. The owner identity remains in the human-readable status **text**
for the bot's own brain.
- **`cognitive/index.ts`**: stopped forwarding the bot's own in-game
chat over the `context:update` lane `minecraft:speech` (only meaningful
with the #1916 desktop TTS consumer). The bot still ignores its own
messages.
## How tested
- Updated `minecraft-context-service.test.ts` to assert the neutral
behavior (owner identity in status text, **never** as a `master:` hint).
2/2 pass.
- `pnpm exec eslint <changed files>` → 0 problems.
- The changed files typecheck clean. (Note: this worktree surfaces
pre-existing `vec3@0.1.10` vs `vec3@0.2.0` dependency-resolution errors
in unrelated files —
`gaze.ts`/`runtime.ts`/`patched-goto.ts`/`world.ts`/`map-renderer`/`brain`/`rules`
— present on `main` before this change too; not introduced here.)
## Follow-up
Desktop relay (`relayToMinecraft`) and read-aloud will be reintroduced
through a Minecraft adapter in the renderer (registering tools/prompts
into the existing generic stores), so the runtime contract is owned by
the Minecraft surface rather than baked into the neutral bot service.
The generic stage-ui robustness fixes are already split out in #1949.
---------
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: Rin <shinohara-rin@users.noreply.github.com>
- Removed specific catalog references for '@unocss/core', 'es-toolkit', 'nanoid', and 'valibot' in pnpm-workspace.yaml and various service package.json files.
- Updated versions for '@vueuse/core', 'es-toolkit', 'nanoid', 'reka-ui', and 'valibot' to their latest compatible versions.
- Cleaned up unused catalog entries in pnpm-workspace.yaml.
## Summary
This PR upgrades the Minecraft bot's cognitive stack so it perceives
danger
accurately, reacts below the LLM brain with fast reflexes, and recovers
from
common brain failure modes. All changes are confined to
`services/minecraft/**`.
The desktop-side integration (spoken in-game chat, the online-gated
relay tool,
master binding in the UI) is submitted separately to keep this PR
focused; the
two are coupled only at runtime via AIRI context lanes, not at compile
time.
## What's included
**Perception — accurate damage attribution**
- `fall-tracker`: classify fall damage from physics-tick vertical
velocity.
- `attacker-tracker`: record the *real* attacker from the `entityHurt`
source,
fixing "a mob shot me but I chased the player standing next to me".
- `low-health`: emit a danger signal at health ≤ 6 when no ready food is
held.
- `damage-taken`: resolve the source via a lava → drown → fire → fall →
attacker chain and surface the attacker's name to the brain.
**Reflex — autonomic behaviors (run on the FSM tick, below the brain)**
- `defend`: auto-engage a hostile mob that attacks the bot/master and
hold the
fight instead of thrashing (suppress damage wakes while attacking).
- `escape-hazard`: climb out of lava, or surface when drowning.
- `auto-eat`: eat ready food at health ≤ 6 (skipped during combat).
- A `reflexEngaged` autonomy flag suppresses auto-follow and auto-eat
while a
defend/escape reflex owns the body.
**Conscious / skills — master recognition and reliability**
- Bind the "主人" role to the owner's in-game username so the bot
recognizes its
master in-world; enforce master-only command authority, never attack the
master, and react to a light hit with a short protest. Resolve players
by
username, never the literal "player"/"主人".
- `js-planner`: strip prose-mixed LLM replies that caused `X is not
defined` and
give-up spirals; add a `botCall` sandbox bridge and the `whereName`
query
chain method.
- Brain-prompt discipline: *saying is not doing*, *`recipePlan` is recon
not
crafting*, *eat only when food < 18* (regen is time-based), *defer equip
until
a queued craft lands*.
- Skills: collect drops that spawn shortly after a kill (no more 0
loot);
`goToBed` skips occupied beds; detach auto-follow while
mining/collecting so
digging is not interrupted.
- Platform: load perception rules on Windows (`fileURLToPath`); widen
the AIRI
client read timeout to stop connection flapping.
The master username is injected via `generateBrainSystemPrompt(..., {
masterUsername })`
from config — it is **not** hardcoded.
## How tested
```bash
pnpm -F @proj-airi/minecraft-bot exec vitest run # 220 tests; +56 new, all green
pnpm -F @proj-airi/minecraft-bot typecheck
pnpm exec moeru-lint services/minecraft # 0 problems on changed files
```
- Each feature ships with unit tests (trackers, reflex behaviors,
planner
salvage, skills, prompt, context service).
- Manual in-game testing: combat vs. pillagers/zombies, lava/water
escape,
low-health eating, crafting, master recognition with multiple players
present.
### Pre-existing baseline (not introduced by this PR)
Measured on `main` (`cb5c0783e`) before any change here:
- `tsc` reports 12 errors, all from a `vec3` 0.1.x/0.2.0
dependency-dedup
mismatch (`angleTo`) and `unknown[]` casts in `map-renderer.ts` /
`mcdata.ts` —
files this PR does not touch. This PR adds **0** new type errors.
- 7 unit tests already fail on `main` (4 in `map-renderer.test.ts`, 2
timing-sensitive `brain.test.ts`, 1 timing-sensitive `rules.test.ts`).
This
PR leaves those exactly as-is and does not touch those modules.
## Known limitations / follow-ups
- The `defend` reflex does not yet reliably engage ranged pillagers at
distance;
the brain's `attack` tool currently covers that case.
- `craftRecipe` does not auto-unpack blocks (e.g. diamond_block →
diamond) or
auto-gather missing intermediates for complex recipes.
- `inferDamageSource` orders environmental causes before
`recentAttacker`, which
can mis-attribute an in-water-while-shot hit; low impact, deferred.
## Summary
Adds browser DOM repair suggestions inside `services/computer-use-mcp`.
Known browser DOM action failures now get structured, advisory-only
repair suggestions for selector misses, hidden elements, timeouts,
detached frames, and stale elements. The registration path uses the
suggestions for `browser_dom_click` and `browser_dom_wait_for_element`
thrown-error responses.
## Boundary
- Only touches `services/computer-use-mcp`.
- Does not touch app, renderer, overlay, extension assets, desktop v3
files, or root project governance files.
- Does not import preview changes that delete current upstream
Chrome/desktop files.
- Does not include local AI config, screenshots, tokens, account
identifiers, or raw environment dumps.
## Validation
Sanitized evidence is committed in
`services/computer-use-mcp/validation/browser-repair-contract.md`.
Ran:
- `pnpm install --ignore-scripts --frozen-lockfile`
- `pnpm -F @proj-airi/computer-use-mcp exec vitest run
src/browser-dom/browser-repair-contract.test.ts
src/server/register-tools-pty-approval.test.ts --config
./vitest.config.ts`
- `pnpm exec moeru-lint --fix
services/computer-use-mcp/validation/browser-repair-contract.md
services/computer-use-mcp/src/browser-dom/browser-repair-contract.ts
services/computer-use-mcp/src/browser-dom/browser-repair-contract.test.ts
services/computer-use-mcp/src/server/register-tools.ts
services/computer-use-mcp/src/server/register-tools-pty-approval.test.ts`
- `git diff --check`
`pnpm -F @proj-airi/computer-use-mcp typecheck` is currently blocked by
existing baseline errors in `chrome-session-manager` and
`desktop-grounding`, outside this patch. The validation note lists the
error classes without local paths or raw logs.
## Summary
Adds advisory-only tool lane hygiene inside `services/computer-use-mcp`.
This tracks the most recent non-exempt tool lane and appends a
non-blocking advisory when a registered tool is called from a different
active lane. The change is intentionally scoped to computer-use MCP
server registration and run state.
## Boundary
- Only touches `services/computer-use-mcp`.
- Does not touch app, renderer, overlay, extension, or root project
governance files.
- Does not include local AI config, local worktree artifacts,
screenshots, tokens, account identifiers, or raw environment dumps.
## Validation
Sanitized evidence is committed in
`services/computer-use-mcp/validation/tool-lane-hygiene.md`.
Ran:
- `pnpm install --ignore-scripts --frozen-lockfile`
- `pnpm -F @proj-airi/computer-use-mcp exec vitest run
src/server/tool-lane-hygiene.test.ts --config ./vitest.config.ts`
- `pnpm -F @proj-airi/computer-use-mcp exec vitest run
src/server/tool-lane-hygiene.test.ts
src/server/register-tools-coordinate-contract.test.ts
src/server/register-tools-pty-approval.test.ts --config
./vitest.config.ts`
- `pnpm exec moeru-lint --fix
services/computer-use-mcp/validation/tool-lane-hygiene.md
services/computer-use-mcp/src/server/tool-lane-hygiene.ts
services/computer-use-mcp/src/server/tool-lane-hygiene.test.ts
services/computer-use-mcp/src/server/register-tools.ts
services/computer-use-mcp/src/state.ts`
- `git diff --check`
`pnpm -F @proj-airi/computer-use-mcp typecheck` is currently blocked by
existing baseline errors in `chrome-session-manager` and
`desktop-grounding`, outside this patch. The validation note lists the
error classes without local paths or raw logs.
### Description
Upgrades Playwright from `^1.59.1` to `^1.60.0` across the monorepo
workspace.
### Why is this needed?
In clean CI environments using Node.js 24 (the current LTS), Playwright
versions older than `1.60.0` hang indefinitely during the zip extraction
phase of `playwright install chromium`.
This is a known compatibility issue with Playwright's older extraction
utility (`yauzl`) running on Node 24+. Playwright resolved this bug in
version `1.60.0`. Upgrading ensures the CI test pipeline runs smoothly
without hanging.
### Proposed Changes
- Upgraded `"playwright"` to `^1.60.0` in:
- Root `package.json`
- `packages/vishot-runner-browser/package.json`
- `packages/vishot-runner-electron/package.json`
- `services/twitter-services/package.json`
- Regenerated `pnpm-lock.yaml` via `pnpm install`.
---------
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
## Summary\n- Pass the remaining waitForElement budget into each
frame-level CU_ACTION send so unresponsive frames cannot consume the
fixed 8s sendMessage timeout.\n- Use the remaining deadline for each
poll and stop polling immediately when the budget is exhausted.\n-
Reduce the bridge-side waitForElement grace from the legacy 9.5s buffer
to a small transport grace.\n- Add a regression test covering the
hanging-extension case.\n\n## Validation\n- pnpm -C
services/computer-use-mcp exec vitest run --config ./vitest.config.ts
src/browser-dom/extension-bridge.test.ts
---------
Co-authored-by: Neko <neko@ayaka.moe>
Co-authored-by: 刘梓恒 <160735726+3361559784@users.noreply.github.com>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
## Summary
- cap local `terminal_exec` stdout/stderr capture at a fixed per-stream
limit
- report whether each stream was truncated, along with the original
captured length
- add runner coverage for commands that emit large stdout and stderr
payloads
## Why
The local shell runner currently appends stdout/stderr without a
boundary before returning `TerminalCommandResult`. Large command output
can grow the MCP response and stored terminal state far beyond what is
useful for the agent.
This keeps command execution semantics the same while bounding the
returned text and making truncation explicit to callers.
## Tests
- `pnpm -F @proj-airi/computer-use-mcp test --
src/terminal/runner.test.ts`
- `pnpm -F @proj-airi/computer-use-mcp typecheck`
- `git diff --check origin/main...HEAD`
Co-authored-by: 刘梓恒 <160735726+3361559784@users.noreply.github.com>