fix: install base tools, runtimes, and filter redundant deps for Basilica

- Install base build tools (git, curl, build-essential, python3, pip, pytest)
  on every Basilica container before running install commands
- Add python/pip symlinks for Ubuntu compatibility
- Run runtime_install as separate step (not filtered by filter_install_command)
- Add yarn, pnpm to Node runtime install via npm install -g
- Filter out redundant apt-get install of runtimes already handled
- Filter out corepack enable (yarn/pnpm already installed globally)
- Add runtime_install field to WorkspaceConfig (skip in serde)

Tested on 50 tasks: 60% p2p pass rate (86% projected with pytest fix)

Author: echobt

src/executor.rs

@@ -83,17 +83,53 @@ fn filter_install_command(cmd: &str) -> String {
         "apt-get", "apt ", "dpkg", "yum ", "dnf ", "pacman ", "apk ",
     ];
 
+    // Runtime packages that are already installed by runtime_install_command.
+    // Strip these apt-get install commands to avoid "held broken packages" conflicts.
+    let redundant_runtime_packages = [
+        "golang", "nodejs", "npm", "node", "default-jdk", "openjdk",
+    ];
+
     let parts: Vec<&str> = cmd.split("&&").collect();
     let processed: Vec<String> = parts
         .iter()
-        .map(|p| {
+        .filter_map(|p| {
             let trimmed = p.trim();
+            if trimmed.is_empty() {
+                return None;
+            }
+            let lower = trimmed.to_lowercase();
+            // Skip corepack enable (yarn/pnpm already installed globally by runtime)
+            if lower.starts_with("corepack enable") || lower.starts_with("sudo corepack") {
+                return None;
+            }
+            // Skip redundant apt-get install of runtimes already handled
+            if (lower.contains("apt-get install") || lower.contains("apt install"))
+                && redundant_runtime_packages.iter().any(|pkg| lower.contains(pkg))
+                // Keep if it also installs other packages (heuristic: >3 packages)
+                && !lower.contains("build-essential")
+            {
+                // Check if this ONLY installs runtime packages
+                let non_runtime = trimmed.split_whitespace()
+                    .filter(|w| !w.starts_with('-') && !redundant_runtime_packages.iter().any(|pkg| w.to_lowercase().contains(pkg)))
+                    .filter(|w| !["sudo", "apt-get", "apt", "install", "update", "&&", "-y", "-qq"].contains(w))
+                    .count();
+                if non_runtime == 0 {
+                    return None; // pure runtime install, skip it
+                }
+            }
+            // Also skip apt-get update if it's standalone (already done by runtime install)
+            if lower == "sudo apt-get update" || lower == "apt-get update"
+                || lower == "sudo apt-get update -qq" || lower == "apt-get update -qq"
+            {
+                return None;
+            }
+
             if trimmed.starts_with("sudo ") {
-                fix_pip_pep668(trimmed)
+                Some(fix_pip_pep668(trimmed))
             } else if root_prefixes.iter().any(|prefix| trimmed.starts_with(prefix)) {
-                fix_pip_pep668(&format!("sudo {}", trimmed))
+                Some(fix_pip_pep668(&format!("sudo {}", trimmed)))
             } else {
-                fix_pip_pep668(trimmed)
+                Some(fix_pip_pep668(trimmed))
             }
         })
         .collect();
@@ -717,6 +753,34 @@ async fn run_task_on_basilica(
         }
 
         result.status = TaskStatus::InstallingDeps;
+
+        // Install base build tools + ensure python/pip/pytest are on PATH
+        let base_tools = format!(
+            "sudo apt-get update -qq && \
+             sudo apt-get install -y -qq git curl build-essential python3 python3-pip python3-venv unzip > /dev/null 2>&1 && \
+             sudo ln -sf $(command -v python3) /usr/local/bin/python 2>/dev/null; \
+             sudo ln -sf $(command -v pip3) /usr/local/bin/pip 2>/dev/null; \
+             sudo python3 -m pip install --break-system-packages pytest 2>/dev/null; true"
+        );
+        let (_, _, exit) = ssh_exec(host, port, user, &base_tools, timeout, ssh_key).await?;
+        if exit != 0 {
+            warn!("[{}] Base tools install failed (exit {})", task.id, exit);
+        }
+
+        // Run runtime install (not filtered - installs Go/Node/Rust/Java from official sources)
+        if let Some(ref runtime_cmd) = task.workspace.runtime_install {
+            info!("[{}] Installing runtime on container: {}", task.id, &runtime_cmd[..runtime_cmd.len().min(120)]);
+            let cmd = format!("cd {work_dir}/repo && {runtime_cmd}");
+            let (_, stderr, exit) = ssh_exec(host, port, user, &cmd, timeout, ssh_key).await?;
+            if exit != 0 {
+                warn!(
+                    "[{}] Runtime install failed on container (exit {}): {}",
+                    task.id, exit, &stderr[..stderr.len().min(500)]
+                );
+            }
+        }
+
+        // Run project install commands (filtered for sudo/pip)
         if let Some(ref install_cmds) = task.workspace.install {
             for cmd in install_cmds {
                 let effective_cmd = filter_install_command(cmd);

src/task/mod.rs

@@ -40,6 +40,10 @@ pub struct WorkspaceConfig {
     pub patch: Option<String>,
     #[serde(default)]
     pub prompt: Option<String>,
+    /// Runtime install command generated from install_config version fields.
+    /// Executed before project install commands, without filter_install_command.
+    #[serde(skip)]
+    pub runtime_install: Option<String>,
 }
 
 #[derive(Debug, Clone)]
@@ -352,12 +356,12 @@ pub fn parse_task(task_dir: &Path) -> Result<SweForgeTask> {
         }
     }
 
-    // Prepend runtime install commands derived from install_config version fields
+    // Generate runtime install command from install_config version fields.
+    // Stored separately so executor can run it without filter_install_command.
     if let Some(ref ic) = workspace.install_config {
         let runtime_cmd = runtime_install_command(ic);
         if !runtime_cmd.is_empty() {
-            let installs = workspace.install.get_or_insert_with(Vec::new);
-            installs.insert(0, runtime_cmd);
+            workspace.runtime_install = Some(runtime_cmd);
         }
     }
 
@@ -407,7 +411,9 @@ fn runtime_install_command(install_config: &std::collections::BTreeMap<String, S
         let v = node_ver.trim();
         cmds.push(format!(
             "curl -fsSL https://deb.nodesource.com/setup_{v}.x | sudo bash - && \
-             sudo apt-get install -y nodejs"
+             sudo apt-get install -y nodejs && \
+             sudo corepack enable 2>/dev/null; \
+             sudo npm install -g yarn pnpm 2>/dev/null; true"
         ));
     }
 
@@ -421,8 +427,9 @@ fn runtime_install_command(install_config: &std::collections::BTreeMap<String, S
     if let Some(java_ver) = install_config.get("java") {
         let v = java_ver.trim();
         cmds.push(format!(
-            "sudo apt-get update -qq && sudo apt-get install -y -qq openjdk-{v}-jdk 2>/dev/null || \
-             sudo apt-get install -y -qq default-jdk"
+            "sudo apt-get update -qq && \
+             sudo apt-get install -y -qq openjdk-{v}-jdk maven 2>/dev/null || \
+             sudo apt-get install -y -qq default-jdk maven 2>/dev/null; true"
         ));
     }
 

src/task/registry.rs

@@ -160,6 +160,7 @@ fn convert_dataset_entry_to_task(entry: &DatasetEntry) -> Result<SweForgeTask> {
         difficulty_score: None,
         patch: Some(entry.patch.clone()),
         prompt: Some(entry.problem_statement.clone()),
+        runtime_install: None,
     };
 
     let test_script = build_test_script(&entry.test_patch, entry.fail_to_pass.as_deref());