Elwyn Benson (6c5a9c69) at 18 Mar 00:04

Summary

Extract action dispatch logic from NodeExecutor into an ActionExecutor interface and factory pattern, preparing for sandboxed execution in follow-up MRs.

Changes

• Add ActionExecutor interface with execute() and dispose()
• Add ActionExecutorFactory interface with createExecutor()
• Add DirectActionExecutor that wraps existing handler dispatch logic
• Add DefaultActionExecutorFactory (returns DirectActionExecutor)
• Update NodeExecutor to inject ActionExecutorFactory instead of collection(WorkflowActionHandler)
• Register DefaultActionExecutorFactory in workflowExecutorContributions
• Update node_executor.test.ts to use mockActionExecutor / mockActionExecutorFactory

No behavior change. This is a pure refactor that introduces the seam for a follow-up MR to swap in a SandboxedActionExecutor when the DuoSandboxedExecution feature flag is enabled.

Related issues

Part of https://gitlab.com/gitlab-org/editor-extensions/gitlab-lsp/-/issues/2068

Elwyn Benson (5ee2760b) at 18 Mar 00:03

... and 1 more commit

Hey @mcorren, @donaldcook, assuming the CI detection is working, does this implementation seem ok?

Description

Adds a beta consent prompt to Duo CLI that requires users to accept GitLab's Testing Agreement before using the tool.

On first launch, the CLI shows the consent text and waits (y/Y to accept, n/N to reject). Once accepted, consent is persisted to storage and the prompt isn't shown again.

Handles non-interactive environments (throws with instructions to accept via storage config) and CI environments (silently skips beta consent).

behaviour	scenario
	user runs main TUI, declines agreement
	user runs main TUI, accepts agreement
	user runs run command, declines agreement
	user runs run command, accepts agreement
	user runs run command in non-interactive terminal environment
TODO: VERIFY CORRECTLY DETECTED	GitLab runs run command in CI environment, agreement is silently skipped

I changed the implementation to show which key the user pressed, after I recorded all of these. Sorry too lazy to re-record, but it will show the y/n that was pressed

Related Issues

#2148

How has this been tested?

• checkout this branch
• mise install && npm install
• npm run cli
• observe the beta consent prompt appears
• press n to decline, confirm Duo CLI exits
• npm run cli
• observe the beta consent prompt appears again
• press y to accept, confirm the TUI loads
• run again, confirm the prompt is not shown a second time
• persisted value can be removed from inside ~/.gitlab/storage.json to reset testing

What CHANGELOG entry will this MR create?

• feature: New feature - a user-facing change which adds functionality - included in changelog

Elwyn Benson (b8becfdb) at 17 Mar 23:10

Nice @kjamoralin, this is a clean separation!

Summary

Extract action dispatch logic from NodeExecutor into an ActionExecutor interface and factory pattern, preparing for sandboxed execution in follow-up MRs.

Changes

• Add ActionExecutor interface with execute() and dispose()
• Add ActionExecutorFactory interface with createExecutor()
• Add DirectActionExecutor that wraps existing handler dispatch logic
• Add DefaultActionExecutorFactory (returns DirectActionExecutor)
• Update NodeExecutor to inject ActionExecutorFactory instead of collection(WorkflowActionHandler)
• Register DefaultActionExecutorFactory in workflowExecutorContributions
• Update node_executor.test.ts to use mockActionExecutor / mockActionExecutorFactory

No behavior change. This is a pure refactor that introduces the seam for a follow-up MR to swap in a SandboxedActionExecutor when the DuoSandboxedExecution feature flag is enabled.

Related issues

Part of https://gitlab.com/gitlab-org/editor-extensions/gitlab-lsp/-/issues/2068

Summary

Replaces the Anthropic backend's workflow-executor-based tools with pi-mono-derived tool implementations, and simplifies the system prompt.

Changes

New pi_tools/ module (packages/cli/src/backend/anthropic/pi_tools/):

• read.ts — File reading with offset/limit and head-truncation (line + byte limits)
• write.ts — File writing with auto-mkdir
• edit.ts — Exact text replacement with fuzzy matching and diff generation
• bash.ts — Shell execution with timeout support and tail-truncation
• truncate.ts — Shared head/tail truncation utilities
• path_utils.ts — Path resolution with macOS filename variant fallbacks
• edit_diff.ts — Fuzzy text matching and unified diff generation

Tool layer refactor (tools.ts):

• WorkflowTools → PiTools with 4 built-in tools (read, write, edit, bash) + MCP
• Removed dependencies on WorkflowActionHandler, FileStateTracker, CredentialProvider
• DI reduced to Logger, ParsedCliInput, McpManager

System prompt (system_prompt.ts):

• Replaced ~120 line verbose prompt with ~10 line concise prompt

TUI integration (tool_input_formatter.ts):

• Maps pi tool names to existing TUI display types
• Edit tool computes diffs for display

Out of scope

• Image support in read tool
• Streaming bash output
• Windows shell support

Generally LGTM @viktomas! I'm ok with the split, so long as we're intentional in direct no longer having parity with tui since the overhead of supporting features in both will be harder now in some cases

This isn't necessary right? The tool descriptions themselves are already provided in the context

Love it!

and images (jpg, png, gif, webp). Images are sent as attachments.

Not sure we should say this? Images are NOT sent as attachments, they are read and sent directly as text via the tool response. And while the LLM can read some image metadata, it won't actually "see" the image like other harnesses do when using the actual provider image APIs

I personally dislike the lack of read-before-edit enforcement 😅 have had my manual edits clobbered by LLM one too many times.

Not a problem if the agent is running in isolation, annoying problem if you're running an agent in the same place you're actively working!

We can at least try to make it less likely to make changes in plan mode, though I don't like that it's not enforced and I can't trust it completely!

- Do NOT produce code edits, diffs, or implementation artifacts. Your output is analysis and a plan only.
- Do NOT use 'bash' tool to modify files (e.g. with `sed`, `echo`). User MUST switch to \`build\` mode before you may run those commands.`;

This break in tools also means any future custom agents or integration with agent catalog will be unsupported in duo direct

Noting difference from DAP run_command which filters certain known sensitive CI env vars

Async issue update

• Current status: workflowcomplete

This is merged, prompt history responsibilities are extracted, helping the effort to thin-down our tui_controller

Async issue update

• Current status: workflowcomplete

This test tidyup is merged. All tests working with AsyncIterators / AsyncGenerators (e.g. workflow streams) are updated to use a new consolidated set of test helpers instead of re-declaring helpers inline every time.