Skip to content

feat: pull child spawn history back to parent for spawn tree#2999

Closed
AhmedTMM wants to merge 1 commit intoOpenRouterTeam:mainfrom
AhmedTMM:feat/tree-passback
Closed

feat: pull child spawn history back to parent for spawn tree#2999
AhmedTMM wants to merge 1 commit intoOpenRouterTeam:mainfrom
AhmedTMM:feat/tree-passback

Conversation

@AhmedTMM
Copy link
Collaborator

@AhmedTMM AhmedTMM commented Mar 26, 2026

Summary

  • After the interactive session ends, the parent downloads the child VM's history.json via downloadFile and merges records into local history using mergeChildHistory (which already existed but was never called)
  • All saveSpawnRecord calls now include parent_id and depth from SPAWN_PARENT_ID/SPAWN_DEPTH env vars, so child VMs properly link back to their parent
  • spawn tree now shows the full recursive hierarchy across VMs instead of flat unrelated entries

How it works

  1. Parent spawns child VM, sets SPAWN_PARENT_ID=<parentId> and SPAWN_DEPTH=N+1 in child's env
  2. Child VM runs agent, agent uses spawn to create grandchildren — those records are saved with parent_id pointing to the child
  3. When the parent's interactive session ends, pullChildHistory() downloads the child's history.json and merges it into the parent's local history
  4. spawn tree reads local history, builds the tree using parent_id links

Test plan

  • bun test src/__tests__/recursive-spawn.test.ts — 29 pass
  • bunx @biomejs/biome check src/ — zero errors
  • spawn claude sprite --beta recursive → agent creates a child → exit → spawn tree shows parent-child relationship

🤖 Generated with Claude Code

louisgv
louisgv previously approved these changes Mar 26, 2026
View reviewed changes
Copy link
Member

@louisgv louisgv left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Security Review

Verdict: APPROVED
Commit: dd498f4

Summary

This PR adds functionality to pull child spawn history back to the parent VM for spawn tree visualization. The implementation is secure and follows all security best practices.

Findings

No security issues found.

Security Analysis

Command Injection: SAFE

  • Remote command (line 776) uses only static paths with no user input
  • Fallback chain with || contains only literal strings

Path Traversal: SAFE

  • Temp file path uses controlled location (getTmpDir()) + UUID spawn ID
  • No user-controlled path components

Input Validation: SAFE

  • JSON parsing with valibot schema validation (lines 786-790)
  • Explicit field whitelisting and filtering (lines 797-825)
  • Uses safe parseJsonWith() helper (returns null on invalid input)

Credential Leaks: SAFE

  • Downloads spawn history metadata only, not credentials
  • Uses existing safe runner.downloadFile() abstraction

Error Handling: SAFE

  • Wrapped in asyncTryCatch - all errors caught and logged
  • Graceful failure with debug logging (non-fatal)
  • Temp file cleanup wrapped in tryCatch

Type Safety: EXCELLENT

  • Zero as type assertions (compliant with codebase rules)
  • Valibot schema validation for all parsed data
  • Proper type guards (if (r.id)) for narrowing

Tests

  • bun test: 1953 pass, 0 fail
  • biome lint: Clean (0 issues)

Code Quality

  • Clean implementation following existing patterns
  • Proper error handling throughout
  • Non-blocking operation (fails gracefully)
  • Good separation of concerns

Recommendation: Merge immediately.

-- security/pr-reviewer

@louisgv louisgv added the security-approved Security review approved label Mar 26, 2026
@AhmedTMM AhmedTMM force-pushed the feat/tree-passback branch from dd498f4 to f36f6fb Compare March 26, 2026 04:33
louisgv
louisgv previously approved these changes Mar 26, 2026
View reviewed changes
Copy link
Member

@louisgv louisgv left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Security Review

Verdict: APPROVED
Commit: HEAD (current)

Summary

Re-reviewed PR after dismissal. This PR adds functionality to pull child spawn history back to the parent VM for spawn tree visualization. The implementation remains secure and follows all security best practices.

Findings

No security issues found.

Security Analysis

Command Injection: SAFE

  • Remote command (line 776) uses only static paths with no user input
  • Fallback chain with || contains only literal strings

Path Traversal: SAFE

  • Temp file path uses controlled location (getTmpDir()) + UUID spawn ID
  • No user-controlled path components

Input Validation: SAFE

  • JSON parsing with valibot schema validation
  • Explicit field whitelisting and filtering
  • Uses safe parseJsonWith() helper (returns null on invalid input)

Credential Leaks: SAFE

  • Downloads spawn history metadata only, not credentials
  • Uses existing safe runner.downloadFile() abstraction

Error Handling: SAFE

  • Wrapped in asyncTryCatch - all errors caught and logged
  • Graceful failure with debug logging (non-fatal)

Type Safety: EXCELLENT

  • Zero as type assertions (compliant with codebase rules)
  • Valibot schema validation for all parsed data
  • Proper type guards for narrowing

Tests

  • bun test: 1953 pass, 0 fail
  • biome lint: Clean (0 issues)

Recommendation: Merge immediately.

-- security/pr-reviewer

@la14-1
Copy link
Member

la14-1 commented Mar 26, 2026

Rebased onto main (386357e) — resolved import conflict in orchestrate.ts and removed unused getUserHome import. Branch is a fast-forward onto main; GitHub merge cache may still show 'conflicting' for a few minutes. Once updated, ready to merge.

-- refactor/pr-maintainer

@AhmedTMM AhmedTMM force-pushed the feat/tree-passback branch from 59fe4ce to ed54347 Compare March 26, 2026 16:52
@AhmedTMM @claude
feat: pull child spawn history back to parent for spawn tree
d13512e 
When the interactive session ends, the parent now downloads the child
VM's history.json and merges it into local history via mergeChildHistory.
This enables `spawn tree` to show the full recursive hierarchy across
VMs instead of flat unrelated entries.

Also sets parent_id and depth on all saveSpawnRecord calls using
SPAWN_PARENT_ID from the environment, so child VMs properly link
back to their parent in the spawn tree.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@AhmedTMM AhmedTMM force-pushed the feat/tree-passback branch from ed54347 to d13512e Compare March 26, 2026 16:57
louisgv
louisgv approved these changes Mar 26, 2026
View reviewed changes
Copy link
Member

@louisgv louisgv left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Security Review

Verdict: APPROVED
Commit: d13512e

Findings

  • [LOW] pull-history.ts:116 — SSH command uses ${user}@${ip} from history without sanitization. Acceptable because values come from trusted cloud providers and local history. If history is compromised, attacker already has local access.

Tests

  • bash -n: N/A (TypeScript only)
  • bun test: Test has module dependency issue (preload.ts) but test code is sound
  • biome lint: PASS (0 errors)
  • curl|bash: N/A (no shell scripts changed)
  • macOS compat: N/A (TypeScript only)

Security Analysis

JSON Parsing: Proper validation with valibot schemas, no as assertions - APPROVED
SSH Configuration: Secure defaults (BatchMode, ConnectTimeout, proper key opts) - APPROVED
Timeout Protection: Both operations have timeouts (60s/30s) to prevent hanging - APPROVED
Error Handling: All operations wrapped in asyncTryCatch with safe degradation - APPROVED
Path Operations: Temp file cleanup with proper error handling - APPROVED

The PR adds functionality to recursively pull spawn history from child VMs. The implementation follows security best practices with proper validation, error handling, and timeout protection. The LOW-severity finding about SSH interpolation is mitigated by the threat model (values from trusted sources).

-- security/pr-reviewer-2999

@AhmedTMM
Copy link
Collaborator Author

AhmedTMM commented Mar 26, 2026

Superseded by #3016 — rebuilt cleanly from upstream main.

@AhmedTMM AhmedTMM closed this Mar 26, 2026
@AhmedTMM AhmedTMM mentioned this pull request Mar 26, 2026
Closed
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@louisgv louisgv louisgv approved these changes

Assignees

No one assigned

Labels

security-approved Security review approved

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@AhmedTMM @la14-1 @louisgv