fix(workflows): concise failure messages for bash/script nodes (#1389)

[Wirasm]

Summary

Fixes #1389.

When a bash: or script: node fails, the user-visible error message currently embeds the entire substituted script body. Node's promisify(execFile) puts the body into err.message, err.cmd, and the first line of err.stack; the old catch blocks interpolated err.message verbatim and logged the raw err, so Pino's default serializer ended up writing the body three times per failure and the CLI / web UI / DB event all carried the same noisy string. Useful diagnostics (e.g. Expected ")" but found "x" at [eval]:4:241) were buried at the end.

This change routes both catch blocks through a new formatSubprocessFailure(err, label) helper in executor-shared.ts that prefers err.stderr, strips the Command failed: <cmd> prefix line, and tail-caps at 2 KB. The helper also returns a controlled logFields subset so Pino never re-serializes message/stack/cmd.

Root Cause

Two lines, one in each catch block:

• dag-executor.ts:1325 (bash) — errorMsg = \Bash node '${node.id}' failed: ${err.message}``
• dag-executor.ts:1582 (script) — errorMsg = \Script node '${node.id}' failed: ${err.message}${stderrHint}``

err.message from Node's ExecFileException is "Command failed: <cmd> <args>\n<stderr>". For bash -c <body> / bun -e <body>, the first line contains the substituted script body. Compounded by getLog().error({ err, … }) which serializes err.message + err.stack + err.cmd — three copies of the body in one log line.

Changes

File	Change
packages/workflows/src/executor-shared.ts	Add formatSubprocessFailure(err, label) + RawSubprocessError type
packages/workflows/src/dag-executor.ts	Bash + script catch blocks route default branch through the helper; log controlled logFields instead of raw err; drop script-node redundant stderrHint
packages/workflows/src/executor-shared.test.ts	7 unit tests for the helper (prefix stripping, stderr-first, 2 KB tail truncation, log-field safety, no-code fallback, empty-error fallback)
packages/workflows/src/dag-executor.test.ts	2 regression tests asserting the stored data.error on the node_failed event does not contain the Command failed: prefix and caps at a small size

Timeout / ENOENT / EACCES branches are preserved verbatim.

Before / After

Before (real output from the issue):

[format-changelog] Failed: Script node 'format-changelog' failed: Command failed: bun --no-env-file -e import { mkdirSync, writeFileSync } from "node:fs";
import { join } from "node:path";
… [the 50-line script repeated 3× — once in err.message, once in err.stack, once in err.cmd] …
error: Expected ")" but found "claudeBinaryPath"
    at /Users/rasmus/Projects/cole/Archon/[eval]:4:241

After:

[format-changelog] Failed: Script node 'format-changelog' failed [exit 1]: error: Expected ")" but found "claudeBinaryPath"
    at /Users/rasmus/Projects/cole/Archon/[eval]:4:241

Location markers (at [eval]:L:C) are preserved so agents can still parse them for structured follow-up edits.

Test plan

• bun run type-check — 10/10 packages
• bun test packages/workflows/src/executor-shared.test.ts — 58/58 pass (7 new)
• bun test packages/workflows/src/dag-executor.test.ts — 191/191 pass (2 new regression)
• bun run validate — clean exit 0 (bundled check, type-check, lint, prettier, full test suite)
• Manual repro: create a script: node with a body containing a syntax error, run the workflow, confirm the error is ~150 chars and preserves the at [eval]:L:C location

Scope

• In scope: the two else branches in the bash/script node catch blocks and the new helper
• Out of scope (deferred as separate issues if needed):
  • Structured failedAt: { line, col } field on NodeFailedEvent
  • Heuristic hint for substituted values containing backticks
  • Other getLog().error({ err, … }) callsites (AI-provider errors don't exhibit the same body-leak)
  • Changes to the @archon/git execFileAsync primitive

Summary by CodeRabbit

• Bug Fixes
  • Sanitized subprocess failure messages for bash/script nodes to remove embedded script content, standardize wording, and cap diagnostic size.
• Tests
  • Added regression tests to verify sanitized error messages, truncation behavior, and safe logging of failure details.
• Documentation
  • Clarified script-node capture and failure reporting so stderr is shown in failures but script bodies are not returned.

[coderabbitai]

📝 Walkthrough

Walkthrough

Subprocess failure formatting was added and integrated into DAG executor error paths for bash: and script: nodes. A new formatSubprocessFailure utility sanitizes and truncates diagnostics (preferring stderr, stripping Node's "Command failed:" prefix, appending [exit N] when present) and returns limited logFields. Tests were added to validate behavior and storage of sanitized messages.

Changes

Cohort / File(s)	Summary
Formatter utility packages/workflows/src/executor-shared.ts	Adds exported formatSubprocessFailure(err, label) and RawSubprocessError plus SUBPROCESS_ERROR_MAX_CHARS. Produces a user-facing message (stderr-preferred, strips "Command failed:", tail-truncates, appends [exit N]) and limited logFields (exitCode, killed, stderrTail).
Formatter tests packages/workflows/src/executor-shared.test.ts	New tests covering: stderr vs message preference, removal of "Command failed:", truncation behavior with [truncated] marker and size bounds, safe handling of empty errors, and ensuring logFields do not embed full message/stack/cmd.
Executor integration packages/workflows/src/dag-executor.ts	Integrates formatSubprocessFailure() into executeBashNode and executeScriptNode catch paths; derives node-specific labels; uses formatted.userMessage for stored node_failed.data.error (except normalized timeout/ENOENT/EACCES cases); logs { ...formatted.logFields, nodeId, nodeType, isTimeout } instead of raw error.
Executor regression tests packages/workflows/src/dag-executor.test.ts	Adds two regression tests asserting that bash/script node failures preserve diagnostic text and exit code, omit "Command failed:" and script body leakage, and keep stored error sizes within expected limits.
Docs & Changelog packages/docs-web/src/content/docs/guides/script-nodes.md, CHANGELOG.md	Docs updated to clarify stderr surfacing for failed script nodes and state that script body is not returned; CHANGELOG notes the new sanitization behavior.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  participant Executor as DAG Executor
  participant Subproc as Subprocess (bash/script)
  participant Formatter as formatSubprocessFailure
  participant Logger as Logger / Node Store

  Executor->>Subproc: spawn/run node subprocess
  Subproc-->>Executor: exit non‑zero / error (stderr, message, code, killed)
  Executor->>Formatter: formatSubprocessFailure(err, label)
  Formatter-->>Executor: { userMessage, logFields }
  Executor->>Logger: store node_failed.data.error = userMessage
  Executor->>Logger: emit dag_node_failed with { ...logFields, nodeId, nodeType, isTimeout }

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• feat: script node type for DAG workflows (bun/uv runtimes) #999 — Also modifies subprocess error handling and executor paths; likely overlaps formatter intent and tests.
• fix(workflows): export ARTIFACTS_DIR, LOG_DIR, BASE_BRANCH to bash nodes #1387 — Changes executeBashNode; touches the same executor error-handling area and may conflict.
• [codex] Implement managed execution env propagation #1178 — Modifies DAG executor codepaths (executeBashNode/executeScriptNode) and is related to subprocess execution concerns.

Poem

🐰
I nibble noise and keep the seed—
stderr sings the fix we need.
No script spam stuffed in the log,
Just [exit N] and a tidy cog.
Hop on, retry, the path's now freed. 🥕

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and specifically describes the main change: fixing failure messages for bash/script workflow nodes to be concise rather than dumping the entire script body.
Description check	✅ Passed	The PR description is comprehensive, covering the problem, root cause, detailed changes across files, before/after examples, test results, and explicit scope boundaries. It maps directly to the template structure.
Linked Issues check	✅ Passed	The PR fully implements the core objectives from #1389: stopping script-body repetition, surfacing stderr first, tail-capping at 2KB, and preserving location markers for agent parsing.
Out of Scope Changes check	✅ Passed	All changes are tightly scoped to the formatSubprocessFailure helper and its integration into bash/script catch blocks. No unrelated modifications to error handling, logging infrastructure, or other subsystems are present.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/issue-1389-concise-node-failure-messages

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Review rate limit: 7/8 reviews remaining, refill in 7 minutes and 30 seconds.}

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Wirasm]

Automated self-review

Verdict: PASS (0 critical, 0 important)

Strengths

• All three body-leak paths are genuinely closed: err.message interpolation replaced by formatSubprocessFailure, raw err removed from the Pino payload, and the redundant stderrHint concatenation in the script-node catch block is deleted.
• The fallback chain in the helper is safe: when hasCommandFailedPrefix is true and both stderr and bodyAfterPrefix are empty, the result is 'no diagnostic output' — rawMessage is never used as a final fallback in that case.
• Retry classification (classifyError) is unaffected — those matchers operate on the formatted errorMsg, and 'exited with code' never appeared in bash/script node error messages before or after this change (bash/script nodes classified UNKNOWN via this path, Claude/Codex SDK crash messages classified via a different path).
• logFields excludes message, stack, and cmd by construction, so Pino's default error serializer has nothing to expand into the log line.
• Regression tests exercise a live subprocess with a unique body marker; unit tests cover empty stderr, empty message, missing code, huge stderr, no Command failed: prefix, and mixed stderr+message content.

Suggestions (non-blocking)

• executor-shared.ts:132 — the third operand rawMessage in the fallback chain is reachable only when hasCommandFailedPrefix is false AND both stderr and bodyAfterPrefix are falsy. In that case bodyAfterPrefix === rawMessage, so the branch resolves to 'unknown error' anyway. Slightly redundant but not a bug.
• executor-shared.ts:140 — typeof err.code === 'string' accepts the empty string. In practice Node only produces numeric codes or undefined, but an explicit err.code !== '' guard would make intent clearer. Minor.

No security concerns.

Checklist

• Fix addresses all three root causes from the investigation
• Code follows codebase patterns (helper extraction mirrors classifyError)
• Tests cover the change (unit + regression)
• No obvious bugs introduced
• Retry/classification behavior preserved

[coderabbitai]

🧹 Nitpick comments (2)

packages/workflows/src/dag-executor.ts (2)

1315-1336: Consider populating logFields in the timeout/ENOENT/EACCES branches for consistency.

In the non-formatSubprocessFailure branches, logFields stays {}, so the resulting dag_node_failed log entry loses potentially useful diagnostic fields (exitCode, killed) that are present on err. The user-facing message is already concise for these branches, but the structured log entry is now less informative than before this change (where the raw err was logged). A minimal adjustment that keeps the script body out while preserving structured diagnostics:

♻️ Proposed refactor

-    const err = error as Error & { killed?: boolean; code?: number | string; stderr?: string };
+    const err = error as Error & { killed?: boolean; code?: number | string; stderr?: string };
     const isTimeout = err.killed === true || (err.message ?? '').includes('timed out');
     const label = `Bash node '${node.id}'`;
     let errorMsg: string;
-    let logFields: Record<string, unknown> = {};
+    let logFields: Record<string, unknown> = {
+      exitCode: err.code,
+      killed: err.killed === true,
+    };
     if (isTimeout) {
       errorMsg = `${label} timed out after ${String(timeout)}ms`;
     } else if (err.message?.includes('ENOENT')) {
       errorMsg = `${label} failed: bash executable not found in PATH`;
     } else if (err.message?.includes('EACCES')) {
       errorMsg = `${label} failed: permission denied (check cwd permissions)`;
     } else {
       const formatted = formatSubprocessFailure(err, label);
       errorMsg = formatted.userMessage;
       logFields = formatted.logFields;
     }

Non-blocking — feel free to skip if you prefer to keep those branches minimal.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@packages/workflows/src/dag-executor.ts` around lines 1315 - 1336, The
structured log (getLog().error) drops diagnostic fields in the
timeout/ENOENT/EACCES branches because logFields remains empty; update those
branches in the catch block around node execution to populate logFields with
relevant properties from err (e.g., killed, code or exitCode, stderr) so they
match the data returned by formatSubprocessFailure; keep the existing concise
user-facing errorMsg for each branch but set logFields = { killed: err.killed,
exitCode: err.code ?? (err as any).exitCode, stderr: err.stderr } (or similar
keys used by formatSubprocessFailure) before calling getLog().error for
consistent structured diagnostics for node.id and timeout cases.

---

1315-1362: Near-identical catch blocks in executeBashNode and executeScriptNode — consider extracting.

The post-execFileAsync catch logic (error classification → errorMsg/logFields → structured log → logNodeError → event persist → emitter.emit → return failed NodeOutput) is duplicated between the two subprocess node executors, differing only in the label, the missing-executable name, and the event type: 'bash' | 'script'. A small helper (e.g., handleSubprocessFailure(…)) would keep both nodes in lockstep on future changes (idle-timeout handling, cancellation classification, etc.) and reduce the risk of the two paths drifting.

Not required for this PR — the current change is already a clear improvement; noting as a follow-up.

Also applies to: 1578-1625

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@packages/workflows/src/dag-executor.ts` around lines 1315 - 1362, The catch
block logic in executeBashNode and executeScriptNode is duplicated (error
classification → errorMsg/logFields → structured logging → logNodeError → event
persist → emitter.emit → return failed NodeOutput); extract this into a helper
like handleSubprocessFailure(node, workflowRun, err, label, eventType, timeout,
logDir, deps, emitter) that: classifies timeouts/ENOENT/EACCES using
formatSubprocessFailure, builds errorMsg/logFields, calls getLog().error with
nodeId/isTimeout/errType, awaits logNodeError(logDir, workflowRun.id, node.id,
errorMsg), calls deps.store.createWorkflowEvent({... data: { error: errorMsg,
type: eventType }}).catch(...), emits the same emitter.emit payload, and returns
the standard { state: 'failed', output: '', error: errorMsg } so both
executeBashNode and executeScriptNode just call handleSubprocessFailure(...) in
their catch blocks.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@packages/workflows/src/dag-executor.ts`:
- Around line 1315-1336: The structured log (getLog().error) drops diagnostic
fields in the timeout/ENOENT/EACCES branches because logFields remains empty;
update those branches in the catch block around node execution to populate
logFields with relevant properties from err (e.g., killed, code or exitCode,
stderr) so they match the data returned by formatSubprocessFailure; keep the
existing concise user-facing errorMsg for each branch but set logFields = {
killed: err.killed, exitCode: err.code ?? (err as any).exitCode, stderr:
err.stderr } (or similar keys used by formatSubprocessFailure) before calling
getLog().error for consistent structured diagnostics for node.id and timeout
cases.
- Around line 1315-1362: The catch block logic in executeBashNode and
executeScriptNode is duplicated (error classification → errorMsg/logFields →
structured logging → logNodeError → event persist → emitter.emit → return failed
NodeOutput); extract this into a helper like handleSubprocessFailure(node,
workflowRun, err, label, eventType, timeout, logDir, deps, emitter) that:
classifies timeouts/ENOENT/EACCES using formatSubprocessFailure, builds
errorMsg/logFields, calls getLog().error with nodeId/isTimeout/errType, awaits
logNodeError(logDir, workflowRun.id, node.id, errorMsg), calls
deps.store.createWorkflowEvent({... data: { error: errorMsg, type: eventType
}}).catch(...), emits the same emitter.emit payload, and returns the standard {
state: 'failed', output: '', error: errorMsg } so both executeBashNode and
executeScriptNode just call handleSubprocessFailure(...) in their catch blocks.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 8da317c5-a401-4122-8dd8-a90c8eb05165

📥 Commits

Reviewing files that changed from the base of the PR and between 2c15439 and ba561bc.

📒 Files selected for processing (4)

• packages/workflows/src/dag-executor.test.ts
• packages/workflows/src/dag-executor.ts
• packages/workflows/src/executor-shared.test.ts
• packages/workflows/src/executor-shared.ts

[Wirasm]

Hi @Wirasm — thanks for opening this PR.

This repository uses a PR template at .github/pull_request_template.md with several required sections. A few of them appear to be empty or placeholder here:

• UX Journey
• Architecture Diagram
• Label Snapshot
• Change Metadata
• Linked Issue
• Validation Evidence
• Security Impact
• Compatibility / Migration
• Human Verification
• Side Effects / Blast Radius
• Rollback Plan
• Risks and Mitigations

Could you fill those out (even briefly)? The template helps reviewers understand scope, risk, and rollback — it speeds up review significantly.

If a section genuinely doesn't apply, just write "N/A" in it rather than leaving it blank.

[Wirasm]

PR Review Summary

Multi-agent review of PR 1393 — formatSubprocessFailure helper for bash/script node failures. CI green, mergeable clean. The fix is real and well-scoped; nothing critical, but a few worthwhile follow-ups.

Critical Issues

None.

Important Issues

Agent	Issue	Location
code-reviewer	getLog().error() was moved out of each branch and now spreads logFields (initialized to {}) for all four branches. Timeout / ENOENT / EACCES previously logged the full err; now they only log { nodeId, isTimeout, errType: 'Error' }. The PR description says only the default branch is affected — the diff actually narrows logging on all branches. Fix: log err.message (or move the getLog().error back inside each branch) for the non-default cases.	packages/workflows/src/dag-executor.ts (bash ~1339, script ~1596)
code-reviewer	errType: err.constructor.name is 'Error' for every real execFileAsync throw and 'Object' for the synthetic test inputs. It never discriminates anything in production — drop it or replace with nodeType: 'bash' / 'script'.	packages/workflows/src/dag-executor.ts (both catch blocks)
docs-impact	script-nodes.md says "stderr is logged as a warning and posted to the conversation but does not fail the node" — true on success, but on failure stderr is now the primary content of the user-facing error, not a side-channel warning. Split the sentence into success-path and failure-path behavior.	packages/docs-web/src/content/docs/guides/script-nodes.md:75-77
docs-impact	No [Unreleased] / Fixed entry for this user-visible error-format change.	CHANGELOG.md

Suggestions

Agent	Suggestion	Location
pr-test-analyzer	The two integration regression tests assert on the persisted node_failed event but not on what reaches Pino. Spy on getLog().error and assert the first arg never contains the script body — closes the integration gap on the secondary goal. (criticality 6)	packages/workflows/src/dag-executor.test.ts
pr-test-analyzer	No integration test for ENOENT/EACCES branches in either bash or script — a future refactor could silently change those user-visible strings. (criticality 6)	packages/workflows/src/dag-executor.test.ts
pr-test-analyzer	Script regression test asserts errorMsg.length < 4000 but the cap is ~2048 chars — would not catch an accidental doubling of the constant. Use < 2100. (criticality 4)	dag-executor.test.ts:5680
pr-test-analyzer	Final regex /error|expected|unexpected|syntax/ is broad enough to match the empty-error fallback ("unknown error"). Tighten to .toContain('[eval]') or similar. (criticality 4)	dag-executor.test.ts:5683
type-design-analyzer	RawSubprocessError is exported but has no external consumer (catch blocks use an inline intersection, not the named type). Drop the export to shrink the module surface.	executor-shared.ts:97
type-design-analyzer	code?: number | string should be code?: number | string | null to mirror Node's ExecFileException. The runtime guard already handles null; the type just needs to say so. A one-line comment explaining the union (numeric exit code OR errno symbol like 'ENOENT') would prevent future "simplification" to number.	executor-shared.ts:102
code-simplifier	The diagnostic fallback chain mixes || and a ternary. The third branch is partially unreachable (bodyAfterPrefix === rawMessage when no prefix). An explicit if/else if makes each case independently verifiable.	executor-shared.ts:129-134
code-simplifier	typeof err.code === 'number' || typeof err.code === 'string' reduces to err.code != null given the declared type.	executor-shared.ts:139-143
code-simplifier	stderrTail || undefined is the empty-string-to-undefined idiom. stderrTail.length > 0 ? stderrTail : undefined makes the intent explicit.	executor-shared.ts:152
code-simplifier	let logFields: Record<string, unknown> = {} then conditional reassignment in two parallel catch blocks. Capture formatted from the else branch and derive logFields once with const.	dag-executor.ts:1320-1330, 1583-1593
comment-analyzer	(issue #1389) in describe-block names and // Regression for issue #1389 … headers belong in the PR description, not in code. The it(...) names already state the behavior.	executor-shared.test.ts, dag-executor.test.ts (both regression blocks)
silent-failure-hunter	Tail-truncation is correct for Bun/Node syntax errors and Python tracebacks (error class is at the end). For combined uv-resolution + Python traceback >2 KB the uv header (at the top) could be lost — low-severity edge case.	executor-shared.ts:133
silent-failure-hunter	err.signal (e.g. SIGKILL) is no longer in structured logs; only killed: true survives. Minor debugging regression for timeout correlation with OS logs.	executor-shared.ts logFields

Strengths

• Bug is real and reproducible (50-line script body repeated 3× in err.message + err.stack + err.cmd); fix is targeted and well-tested.
• formatSubprocessFailure correctly strips the Command failed: <cmd> prefix line, prefers stderr, tail-caps at 2 KB.
• Controlled logFields (exitCode, killed, stderrTail) prevents Pino's default error serializer from re-attaching the body via err.stack/err.cmd.
• [exit N] suffix is always present when an exit code exists, so the failure is never fully silent even when stderr is empty.
• Bash regression test uses a UNIQUE_CMDLINE_MARKER_1389 strategy that makes leak detection trivial; script test pads the body to ~3.2 KB so any future re-leak is caught by the size assertion.
• Type union number | string for code is intentional and accurate (covers numeric exit codes AND errno symbols like 'ENOENT').
• All seven documented behaviors of the helper have a named unit test.
• Timeout / ENOENT / EACCES error string literals are preserved verbatim (PR claim is accurate at the user-facing message level — see Important Issue Model stucked at response stream text #1 above for the log-side caveat).

Documentation Issues

• packages/docs-web/src/content/docs/guides/script-nodes.md:75-77 — stale stderr-behavior wording (success/failure paths now diverge).
• CHANGELOG.md — missing [Unreleased] / Fixed entry.

Verdict

NEEDS FIXES — non-blocking but worth addressing before merge. The two code-reviewer log-narrowing findings are real bugs (the timeout/ENOENT/EACCES branches lost log information that the PR description claimed was preserved), and the two doc updates are user-facing.

Recommended Actions

1. Fix the log-narrowing on the timeout/ENOENT/EACCES branches in both catch blocks (dag-executor.ts).
2. Drop or replace the always-'Error' errType field.
3. Update script-nodes.md and add a CHANGELOG.md entry.
4. Apply the high-value simplifications (explicit if/else for diagnostic, const logFields, err.code != null).
5. Optionally: tighten test assertions, add an ENOENT integration test, and a log spy in the regression tests.
6. Optionally: drop RawSubprocessError export and add | null to code.

---

Generated by /prp-review-agents (7 specialist agents).

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

packages/workflows/src/dag-executor.test.ts (1)

1141-1187: Add a logger assertion here too.

These regressions cover persisted node_failed.data.error, but they still leave the sanitized getLog().error(...) path untested. Since the leak fix also depends on passing only formatted.logFields in packages/workflows/src/dag-executor.ts, a future reintroduction of raw err logging would still pass this suite. A small mockLogger.error assertion that rejects Command failed: / body markers would close that gap.

Also applies to: 6177-6229

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@packages/workflows/src/dag-executor.test.ts` around lines 1141 - 1187, Add an
assertion against the logger used by executeDagWorkflow to ensure the sanitized
error was logged (so regressions that only fix persisted data but still log raw
errors will fail): inspect mockDeps.logger.error (or whatever mock logger is
provided by createMockDeps) call(s) after executeDagWorkflow and assert the
logged message for the 'node_failed' for step 'fail-bash-1389' contains
"diagnostic from stderr" and "[exit 1]" and does NOT contain "Command failed:"
or "UNIQUE_CMDLINE_MARKER_1389" (similar to the checks on
failedEvent.data.error); place this immediately after you locate failedEvent so
it validates the getLog().error path for the same failure.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@packages/docs-web/src/content/docs/guides/script-nodes.md`:
- Around line 76-80: The paragraph currently implies the full stderr is always
returned verbatim; update the wording so it matches formatSubprocessFailure():
state that the formatter prefers stderr but falls back to other output when
stderr is empty, and that diagnostics are tail-truncated to ~2 KB rather than
returned in full; keep the example failure pattern (Script node 'X' failed [exit
N]: <stderr>) but clarify that the shown <stderr> may be truncated or
substituted per formatSubprocessFailure() and that the script body is never
echoed back to users.

---

Nitpick comments:
In `@packages/workflows/src/dag-executor.test.ts`:
- Around line 1141-1187: Add an assertion against the logger used by
executeDagWorkflow to ensure the sanitized error was logged (so regressions that
only fix persisted data but still log raw errors will fail): inspect
mockDeps.logger.error (or whatever mock logger is provided by createMockDeps)
call(s) after executeDagWorkflow and assert the logged message for the
'node_failed' for step 'fail-bash-1389' contains "diagnostic from stderr" and
"[exit 1]" and does NOT contain "Command failed:" or
"UNIQUE_CMDLINE_MARKER_1389" (similar to the checks on failedEvent.data.error);
place this immediately after you locate failedEvent so it validates the
getLog().error path for the same failure.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 7d44f3cc-e5be-411c-b2cf-43cf420ba8fd

📥 Commits

Reviewing files that changed from the base of the PR and between ba561bc and fe1deba.

📒 Files selected for processing (6)

• CHANGELOG.md
• packages/docs-web/src/content/docs/guides/script-nodes.md
• packages/workflows/src/dag-executor.test.ts
• packages/workflows/src/dag-executor.ts
• packages/workflows/src/executor-shared.test.ts
• packages/workflows/src/executor-shared.ts

✅ Files skipped from review due to trivial changes (2)

• CHANGELOG.md
• packages/workflows/src/executor-shared.ts

🚧 Files skipped from review as they are similar to previous changes (2)

• packages/workflows/src/executor-shared.test.ts
• packages/workflows/src/dag-executor.ts

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Soften the failure-format wording to match the formatter.

This reads like the full stderr is always returned verbatim, but formatSubprocessFailure() actually prefers stderr, falls back when it is empty, and tail-truncates diagnostics at 2 KB. A wording tweak here would avoid setting the wrong expectation for long or stderr-less failures.

📝 Suggested wording

-  `$nodeId.output`. On a successful run, `stderr` is logged as a warning and
-  posted to the conversation but does **not** fail the node. A non-zero exit
-  code fails the node; on failure, `stderr` is the diagnostic surfaced in the
-  error message (`Script node 'X' failed [exit N]: <stderr>`) — the script
-  body is never echoed back to users.
+  `$nodeId.output`. On a successful run, `stderr` is logged as a warning and
+  posted to the conversation but does **not** fail the node. A non-zero exit
+  code fails the node; on failure, the error message prefers `stderr`, strips
+  the leading `Command failed:` wrapper, and tail-caps very large diagnostics
+  (for example: `Script node 'X' failed [exit N]: <diagnostic>`). The script
+  body is never echoed back to users.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	`$nodeId.output`. On a successful run, `stderr` is logged as a warning and
	posted to the conversation but does **not** fail the node. A non-zero exit
	code fails the node; on failure, `stderr` is the diagnostic surfaced in the
	error message (`Script node 'X' failed [exit N]: <stderr>`) — the script
	body is never echoed back to users.
	`$nodeId.output`. On a successful run, `stderr` is logged as a warning and
	posted to the conversation but does **not** fail the node. A non-zero exit
	code fails the node; on failure, the error message prefers `stderr`, strips
	the leading `Command failed:` wrapper, and tail-caps very large diagnostics
	(for example: `Script node 'X' failed [exit N]: <diagnostic>`). The script
	body is never echoed back to users.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@packages/docs-web/src/content/docs/guides/script-nodes.md` around lines 76 -
80, The paragraph currently implies the full stderr is always returned verbatim;
update the wording so it matches formatSubprocessFailure(): state that the
formatter prefers stderr but falls back to other output when stderr is empty,
and that diagnostics are tail-truncated to ~2 KB rather than returned in full;
keep the example failure pattern (Script node 'X' failed [exit N]: <stderr>) but
clarify that the shown <stderr> may be truncated or substituted per
formatSubprocessFailure() and that the script body is never echoed back to
users.