Skip to content

fix(client,ci): migrate agentos-client to current secure-exec wire API + unblock release pipeline#1608

Open
NathanFlurry wants to merge 2 commits into
mainfrom
fix/agentos-client-wire-migration-and-release-ci
Open

fix(client,ci): migrate agentos-client to current secure-exec wire API + unblock release pipeline#1608
NathanFlurry wants to merge 2 commits into
mainfrom
fix/agentos-client-wire-migration-and-release-ci

Conversation

@NathanFlurry

Copy link
Copy Markdown
Member

Reconciles agent-os with the secure-exec it targets and unblocks the release pipeline. Companion secure-exec PR: rivet-dev/secure-exec#267 (agent pack bin fix + crates.io fixture path).

Client wire-API migration (the release blocker)

  • agentos-client was a regression: the committed .github/refs/secure-exec was bumped (chore(deps): bump secure-exec ref to per-binary cmd entry point #1598–1600) without re-fitting the client, whose last re-fit (d4cbe82) targeted the older secure-exec 0bf7dcb. It no longer compiled against the ref'd secure-exec.
  • Re-fit against the current wire API: PackageDescriptor{ dir }; READ_DIR entries → GuestDirEntry.name; handle the new ResponsePayload::{GuestKernelResultResponse, ResourceSnapshotResponse} variants; add JsRuntimeConfig.high_resolution_time. Keeps main's newer client features (listMounts / readdirEntries / listSoftware).

Release-pipeline CI fixes

  • Verify the secure-exec crate via the crates.io sparse index (the v1 API now 403s under crates.io's data-access policy).
  • Install wasm-pack in the publish-npm job so @rivet-dev/agentos-browser's build:dist-wasm works.
  • Drop the --filter='!@agentos/website' turbo filter (website is excluded from the workspace, so the filter matched no package and turbo errored).

Notes on leaked "do-not-commit" workarounds on main (context, addressed operationally)

  • The crates/agentos-sidecar-browser workspace member and the browser wasm build now work because secure-exec-sidecar-browser was published to crates.io and wasm-pack is installed in CI.
  • The website-excluded-from-workspace workaround is worked around by dropping the turbo filter above.

Pi agent adapter

  • The createSession("pi")Cannot find module '/unknown/pi-sdk-acp' failure is fixed by the secure-exec pack change (feat: add durable storage MVP #267): agent bin now points at the real entry file, so published agents keep their entrypoint. Verified: the adapter now boots and runs.
  • Remaining (not in this PR): the pi agent then fails resolving its lazy external @anthropic-ai/sdk — the snapshot-restored adapter's require base doesn't include the package's node_modules. That's a secure-exec runtime fix (require resolution must follow the entrypoint symlink to the package's node_modules, like #225 did for module-mode).

The committed .github/refs/secure-exec was bumped (PRs #1598-1600) without
re-fitting agentos-client, which was last re-fit (d4cbe82) for the older
secure-exec 0bf7dcb. Re-fit against the current wire API:
- wire::PackageDescriptor { name, dir, acp_entrypoint } -> { dir } (the sidecar
  reads name/acpEntrypoint from the package manifest at dir)
- READ_DIR entries are now list<GuestDirEntry> -> project each .name
- handle new ResponsePayload::{GuestKernelResultResponse, ResourceSnapshotResponse}
- JsRuntimeConfig gained high_resolution_time
…op stale website filter

- verify the secure-exec crate via the crates.io sparse index (the v1 API now
  returns 403 under crates.io's data-access policy)
- install wasm-pack in the publish-npm job so @rivet-dev/agentos-browser's
  build:dist-wasm (wasm-pack build agentos-sidecar-browser) works
- drop the turbo --filter='!@agentos/website' (website is excluded from the
  workspace, so the filter matches no package and turbo errors)
@railway-app

railway-app Bot commented Jul 4, 2026

Copy link
Copy Markdown

🚅 Deployed to the agentos-pr-1608 environment in agentos

Service Status Web Updated (UTC)
agentos 😴 Sleeping (View Logs) Web Jul 4, 2026 at 5:53 am

🚅 Environment agentos-pr-1608 in rivet-frontend has no services deployed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant