When forcedAgentType is set (failover), the role's configured model
(e.g. claude-opus-4-6 for reviewer) was injected as CODEX_MODEL,
causing codex SDK to reject it. Now model overrides are only injected
for the primary agent type, not failover runs.
Model/effort keys (CLAUDE_MODEL, CODEX_MODEL, etc.) are now excluded
from docker run creation args and only injected at docker exec time
matching the active agent type. Removes the empty-value override hack.
Container-level env has CLAUDE_MODEL baked in from creation.
Explicitly clear it on docker exec when running codex agent
to prevent 'model not supported with ChatGPT account' errors.
When Claude reviewer hits retryable session failure twice, hand off
to codex instead of silently failing. Adds 'session-failure' to
AgentTriggerReason and shouldHandoffToCodex check.
- Build both agent-runner and codex-runner into container image
- Select runner path based on group.agentType at docker exec time
- Update README to role-centric overview, generic MoA references
- Add MoA reference opinions guidance to arbiter prompt
Progress messages (phase: 'progress') were setting sawVisibleOutput=true,
which blocked failover handoffs when Claude usage was exhausted. Now only
final-phase output counts as visible, allowing reviewer handoff to codex
even after progress messages were shown.
- fix: pass forcedRole/forcedAgentType through handoff execution chain
so reviewer failover actually runs codex instead of retrying Claude
- fix: preserve intended_role in service handoff records
- feat: replace Memento MCP with local SQLite memory store
- feat: add memory selection with TTL decay
- Fix source_ref mismatch: update to workspace HEAD on first owner run
so change detection compares against the correct repo
- Treat hasNewChanges === null as "no changes" at finalize to prevent
infinite re-review when source_ref is unresolvable
- Add AGENT_LANGUAGE env var: when set, appends language instruction to
all paired room prompts (owner, reviewer, arbiter)
Token refresh updated internal array and .env file but not process.env,
so docker exec -e kept injecting the stale startup token. Now syncs
to process.env after refresh. Container kill on refresh is no longer
needed since docker exec picks up the latest token each turn.