Releases: BlockRunAI/Franklin
v3.24.1 — slow first tokens from reasoning models no longer time out at 90s
Point Franklin at a big, cache-cold prompt — "synthesize a long document from everything in context" — and a reasoning model can take 60–120s just to emit its first token. Until now Franklin gave up at 90s with a stream timeout, and /retry replayed the same prompt straight into the same wall, so the planning turn looped without ever producing output. The 180s budget meant to cover slow first tokens never applied: the gateway flushes the SSE response headers before the first token, so the wait fell under the shorter stream-idle timer instead of the request timer.
- First-token wait now gets the full request budget. The SSE reader splits two clocks that were tangled into one: time-to-first-token uses the 180s request budget, while the gap between later chunks keeps the tighter 90s idle budget. Slow first tokens are honored; a genuinely stalled mid-stream still aborts fast. Tune each independently with
FRANKLIN_MODEL_REQUEST_TIMEOUT_MSandFRANKLIN_MODEL_STREAM_IDLE_TIMEOUT_MS.
Fixes #74. 441/441 local tests pass.
v3.15.98 — image-bearing context-token counters across the codebase (PR #54 + 3 missed siblings)
Lands PR #54 from KillerQueen-Z plus three sibling sites caught in review.
The bug class: JSON.stringify(tool_result.content) was tokenizing image base64 as text. A 140KB image → ~70K phantom chars / ~35K phantom tokens. We've been fixing this site by site since 3.15.89; this release closes the last 4.
Empirical proof (from PR #54): same session with one 100KB image showed:
- Before:
/context = 75K/200K (37.8%) - After:
/context = 1.9K/200K (1.0%)— matches Anthropic's true count
40× over-count, which also triggered premature /compact calls.
8 sites total in this bug class — 5 fixed previously, 3 plus 4 sub-fixes landed here:
| Site | Status |
|---|---|
tokens.ts:estimateContentPartTokens |
PR #54 |
tokens.ts:getAnchoredTokenCount (contextUsagePct: 0 always) |
PR #54 |
loop.ts:contextPct integer-rounded → ring frozen |
PR #54 |
reduce.ts:estimateChars |
review |
compact.ts:tool_result preview (base64 in summary prompt) |
review |
commands.ts:/context tool char count (UI display) |
review |
3 new regression tests. 387/387 tests pass.
Credits: KillerQueen-Z (PR #54) — empirical 40× reproduction and clean three-part fix. Same contributor as PR #53.
Full write-up: docs/release-notes/2026-05-12-context-token-sweep.md
v3.8.8 — Reliability pass
Motivated by real user feedback that Franklin sometimes takes 2–3 tries to execute a task correctly. This release closes the widest gaps in the basic execution layer before adding any new capability.
Added
- `franklin doctor` — one-command health check covering Node version, config directory writability, chain configuration, wallet + balance, gateway reachability, MCP config validity, telemetry state, and PATH sanity on macOS. Prints color-coded verdicts with remedies; `--json` for machine-parseable output; exits non-zero on any failing check so CI scripts can gate on it.
- `PHILOSOPHY.md` — canonical statement of what Franklin is and isn't. One-line thesis: Franklin lets you give your AI a budget and walk away. Names the Economic Agent category, explains why the wallet is the mechanism, and gives the go/no-go test every future feature has to pass.
Changed
- Bash risk classifier extended from ~20 to ~40 dangerous patterns: `mv -f` / `cp -rf` overwrites, writes redirected into `/etc`, `/usr`, `/bin`, `/sbin`, `/boot`, `/lib`, `/var/lib`, `/sys`, `/proc`; `tar -C /…` / `unzip -d /…` extraction into system paths; `eval` and `exec bash`; `git filter-repo` / `filter-branch` history rewrites; `DELETE FROM x` without `WHERE`; `sed -i` against system paths; `truncate -s 0`; `dd of=` to raw block devices; `killall` / `poweroff`; privilege-escalated (`sudo` / `doas` / `su -c`) destructive ops; secret-exfiltration pipes from `.env` / `.ssh` / `.gnupg`.
- Read tool adds NUL-byte content sniff. Files without a known binary extension are now also rejected when the first 8KB contain a NUL byte — catches encrypted `.env.enc`, raw `.data`, compiled executables with no extension, etc.
- Write tool enforces a 10MB write cap and refuses to write content containing NUL bytes.
No behavior changes for code paths already within limits. 117 local tests pass.
Install
```bash
npm install -g @blockrun/franklin@3.8.8
franklin doctor
```