FE-1111: Reconcile executor agent runner#278
Conversation
|
Warning This pull request is not mergeable via GitHub because a downstack PR is open. Once all requirements are satisfied, merge this PR as a stack on Graphite.
This stack of pull requests is managed by Graphite. Learn more about stacking. |
a825f18 to
6c8c072
Compare
PR SummaryMedium Risk Overview The app layer adds Pi composition wires the default runner when subagent deps exist; CODE mode loads subagent definitions for executor runs even without dev Tests and Reviewed by Cursor Bugbot for commit 2777558. Bugbot is set up for automated code reviews on this repo. Configure here. |
060809f to
7407ef9
Compare
1d3a1aa to
1e716a1
Compare
lunelson
left a comment
There was a problem hiding this comment.
The sealed worker boundary is clear: bounded worktree tools, no shell, no nested agents, and failure does not advance run metadata.
One follow-up worth tracking: the persisted success result is mostly the worker's final text summary. For later recovery and promotion review, it may help to persist a more inspectable execution record, such as files written or tool-call evidence, alongside the summary. Not blocking this PR, since the authority boundary is already narrow.
92a6e1d to
3aa05a5
Compare
e929ea4 to
1ec2beb
Compare
Co-authored-by: Cursor <cursoragent@cursor.com>
1ec2beb to
e7de782
Compare
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 2 potential issues.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit e7de782. Configure here.
| if (target !== root && !target.startsWith(`${root}${sep}`)) { | ||
| throw new Error('write_worktree_file path escapes the worktree'); | ||
| } | ||
| return target; |
There was a problem hiding this comment.
Symlink bypasses worktree write bounds
Medium Severity
write_worktree_file checks paths with lexical resolve only, then writes with writeFile. A relative path under a symlink inside the worktree can still resolve under the worktree root while the write follows the link and lands outside the sandbox.
Reviewed by Cursor Bugbot for commit e7de782. Configure here.
| return { | ||
| status: 'completed', | ||
| summary: result.text, | ||
| }; |
There was a problem hiding this comment.
Result write failure leaves dirty worktree
Medium Severity
After a successful worker run, a failure while writing result.json throws out of AgentRunnerPort.run. ingestAgentResult then does not advance metadata, but worktree file changes from the worker may already be present, so a retry can re-run the slice on a mutated tree.
Reviewed by Cursor Bugbot for commit e7de782. Configure here.



Stack Context
Part of the orchestrator-cutover stack after FE-1109 executor sandbox.
What
Reconciles
execute_agent_resultto the executor agent-runner path.This PR wires
AgentRunnerPort, threads Pi model context into the runner, and adds a sealedworkerbackground agent with boundedread+write_worktree_fileauthority over the sandbox worktree. It proves the default app-composed runner path and addsexecutor-agent-runner-witness, a portable faux-provider witness probe that exercises the sealed worker tool call and captures request/result/proof artifacts.Runner failures fail closed without advancing run metadata.
Verification
npm run verify