Commit Graph

1049 Commits

Author SHA1 Message Date
Codex
80bc078a24 fix(paired): bound reviewer STEP_DONE loop even when arbiter is disabled
The previous fix gated the step_done deadlock guard on the same
deadlockThreshold every verdict uses — but handleReviewerCompletion
passes Infinity for that threshold when no arbiter is configured
(isArbiterEnabled()=false, e.g. production with the ARBITER__AGENT_TYPE
env typo). So step_done never tripped the guard and the
owner TASK_DONE ⇄ reviewer STEP_DONE loop still ran forever.

Give step_done its own always-finite threshold
(stepDoneDeadlockThreshold = ARBITER_DEADLOCK_THRESHOLD) independent of
arbiter availability. Once hit, requestArbiterOrEscalate routes to the
arbiter when enabled, or completes the task with completion_reason
'escalated' (user escalation) when not. Productive REVISE/continue
disagreement still uses deadlockThreshold and is intentionally left on
the existing policy (loops to owner when arbiter is off), matching the
existing "returns reviewer change requests to owner ... deadlock
threshold" test.

Adds a shared regression unit test (deadlockThreshold=Infinity +
step_done still escalates) and three integration tests through
completePairedExecutionContext: arbiter-off+threshold -> escalated,
arbiter-on+threshold -> arbiter_requested, below-threshold -> active.

Co-Authored-By: Claude Opus 4 <noreply@anthropic.com>
2026-06-06 18:11:42 +09:00
Codex
184a8eff6a fix(paired): break reviewer step_done ⇄ owner task_done infinite loop
The reviewer step_done verdict mapped to request_owner_changes
unconditionally, bypassing the deadlock guard that every sibling
verdict respects. When the owner kept replying task_done and the
reviewer kept replying step_done, the room oscillated forever,
spamming duplicate reviewer messages into the channel.

Apply the same `roundTripCount >= deadlockThreshold` guard used by
the done_with_concerns/continue/default branch so step_done
oscillation escalates to the arbiter (or completes via escalation
when no arbiter) instead of looping. Reuses existing round_trip_count
and deadlockThreshold; no migration needed.

Co-Authored-By: Claude Opus 4 <noreply@anthropic.com>
2026-06-06 18:05:12 +09:00
Codex
8cf351580b fix(service): bound ejclaw cgroup page cache with MemoryHigh=3G
Per-turn agent runners do heavy file I/O (git clone, builds, ffmpeg/video
scratch) inside the ejclaw service cgroup. The kernel retains those reads as
reclaimable page cache, so systemd's MemoryCurrent climbs to 4-5GB even though
real anon usage stays ~300MB and the host has 13GB free. Add a soft MemoryHigh
so the cache is reclaimed under pressure before the number balloons; MemoryMax
stays unset (infinity) so a legitimate burst is throttled, never OOM-killed.

Co-Authored-By: Claude Opus 4 <noreply@anthropic.com>
2026-06-03 22:24:18 +09:00
Codex
d7b5166862 fix(discord): route >2000-char finals to chunked send, keep editMessage pure
editMessage is called repeatedly by the progress ticker and dashboard
refresh, so appending overflow chunks there duplicated text on every edit.
Revert editMessage to a pure single-message edit and instead expose the
platform per-message cap via Channel.maxMessageLength; deliverOpenWorkItem
now skips the doomed in-place edit and hands the full payload to the
chunking sendMessage path when the final exceeds that cap.

Co-Authored-By: Claude Opus 4 <noreply@anthropic.com>
2026-06-03 22:18:26 +09:00
Codex
c001905678 fix(discord): chunk long editMessage payloads and guard progress null race
- editMessage now splits >2000-char text: edits the tracked message with the
  first chunk and appends the rest as follow-up messages, instead of throwing
  Discord "Invalid Form Body … Must be 2000 or fewer" when promoting a long
  owner result over a progress message.
- syncTrackedProgressMessage captures latestProgressText in a local before the
  editMessage await, fixing a race where a concurrent resetProgressState()
  nulled it and crashed with "null is not an object (this.latestProgressText.length)".
- Add editMessage regression tests (in-place edit vs. chunked overflow).

Co-Authored-By: Claude Opus 4 <noreply@anthropic.com>
2026-06-03 22:10:26 +09:00
Codex
f28399021a feat(primer): fire Codex primer unconditionally like the Claude primer
Raise CODEX_PRIMER_MAX_USAGE_PCT from 1 to 100 so the Codex usage-window
primer fires at every fixed KST slot regardless of current 5h usage level,
mirroring the Claude primer (which always fires unless rate-limited). The d7
gate stays at 100 so an account whose weekly quota is exhausted is still
skipped, matching Claude's rate-limit skip.

Co-Authored-By: Claude Opus 4 <noreply@anthropic.com>
2026-06-01 16:45:18 +09:00
Codex
f4de795b1e fix(primer): refresh Codex usage before primer and allow 1% fresh accounts
Codex primer was skipping with no_eligible_accounts because it read a
stale usage cache and required exactly 0% usage. Re-query usage right
before the primer call and treat freshly-reset 0~1% accounts as eligible
so the 5h window can be anchored at the fixed KST slot. Also hold new
Codex-owner turns at fresh usage until the next primer slot.

Co-Authored-By: Claude Opus 4 <noreply@anthropic.com>
2026-06-01 16:29:12 +09:00
Codex
db715c6329 style(prompts): prettier format owner paired-room rules
Follow-up to e3c8de6: prettier --check failed on the new section
(missing blank line after the "Before accepting any proposal..."
sentence ahead of the numbered list, and the "Do not include:" header
needed a blank line before the bullets). Running prettier --write
fixes those without changing semantics.

bunx prettier --check prompts/owner-common-paired-room.md → clean.
2026-06-01 10:46:39 +09:00
Codex
90c17c6890 style(scripts): prettier reflow on Discord perms diagnostic
Follow-up to 0d87778; the pre-commit prettier hook rewrapped a few long
console.log lines after the commit landed.
2026-06-01 10:44:51 +09:00
Codex
e3c8de61f1 docs(prompts): require finalize message to be a self-contained answer
The user only sees the final owner message, not the owner↔reviewer
back-and-forth. Recent turns leaked meta-narrative like "리뷰어 지적
반영해서 정정합니다" / "PROCEED 확정" into user-visible replies and
sometimes omitted explicit action items, leaving the user to guess
whether anything was needed from them.

Add a "Finalize message format (self-contained answer)" section to
owner-common-paired-room.md that mandates:
  - direct answer first
  - consolidated recap (no transcript, no narrating disagreement)
  - explicit "사용자 액션 아이템" section, with "없음" when there is
    nothing for the user to do
  - no meta phrases referencing the reviewer loop

The runner reads this prompt fresh per agent spawn
(src/agent-runner-environment.ts), so the change takes effect on the
next owner turn without a service restart.
2026-06-01 10:44:34 +09:00
Codex
0d87778b78 chore(scripts): add Discord bot permission diagnostic
One-off Bun script that logs each configured Discord bot in (owner /
reviewer / arbiter), walks every guild it sees, and prints the bot
member's effective permission bits for the capabilities we plan to
expose (ReadMessageHistory, ManageMessages, ManageChannels,
AddReactions, thread perms, etc.). Used to verify "current permissions
support feature X" empirically instead of guessing from intents.
2026-06-01 10:30:58 +09:00
Codex
047f0d3b70 style(discord): apply prettier reflow to chunker tests
Follow-up to 6505971: the pre-commit prettier hook rewrapped the new
import and an Array.from() call after the commit landed, leaving the
working tree dirty. Commit the reflow so the tree is clean.
2026-06-01 01:25:25 +09:00
Codex
65059719ce fix(discord): preserve fenced code blocks across 2000-char chunks
Long bot replies that exceeded Discord's 2000-char limit were split by a
naive byte-slice loop. When the split fell inside a ```fenced code block
the first chunk lost its closing fence and the next chunk lost its
opener, so Discord rendered raw backticks and the remainder as headings
or bold instead of code.

Replace the slice loop with chunkForDiscord(), a fence-aware splitter
that prefers newline boundaries, re-closes any open fence at the end of
a chunk, and reopens it (with the same language tag) at the start of the
next. Single oversize lines still fall back to a surrogate-pair-safe
byte split. Adds 10 unit tests covering the seam, multi-fence
documents, surrogate pairs, and single-line overflow.
2026-06-01 01:20:28 +09:00
Codex
32fbb00dd2 fix(paired): cap consecutive reviewer silent-failure retries
The reviewer (codex) sometimes emits a final result with no visible text.
The runtime marks the run failed → handleFailedReviewerExecution
preserves status as review_ready → the follow-up scheduler re-queues
another reviewer-turn → loop. The existing round_trip / arbiter caps
never fire because round_trip_count only advances on owner-side
submissions; bot-side reviewer flakes never increment it.

Mirror the owner_failure_count pattern: add reviewer_failure_count to
paired_tasks, increment on each silent failure, and escalate via
requestArbiterOrEscalate once it reaches 2. Reset to 0 on every
successful reviewer completion path (PROCEED/REVISE/arbiter/wait-for-user)
and when the owner re-submits a fresh review cycle.

Repro chat: 1507762222724546560 (stock-adiviser). Task
33968d31-0da2-480c-85d3-7a3999822ab4 logged 11 consecutive
reviewer-turn entries with no work_items and round_trip_count stuck
at 1.
2026-05-29 23:40:35 +09:00
Codex
cdb59ce9fe fix(dashboard): preserve registered room aliases 2026-05-29 18:47:46 +09:00
Codex
85085e2782 fix(codex): align primer warmup with fixed slots 2026-05-28 18:29:51 +09:00
Codex
cf9bf08197 fix(router): escape Discord markdown delimiters instead of stripping
Previously formatOutbound stripped `*`, `_`, `~`, `|`, `` ` ``, `#`, `>`
from prose so they wouldn't trigger Discord formatting. That worked but
silently lost information — `**DONE**`, `STEP_DONE`, ~~strike~~ all
arrived in Discord with the source characters missing.

Switch to backslash-escape so the literal source text shows up while
still suppressing the formatting interpretation. Triple-backtick fenced
code blocks are still preserved verbatim.

Escape is non-idempotent (running it twice double-escapes backslashes),
so split the pipeline:

  - sanitizeForOutbound: strip internal tags + tool-call leaks + redact
    secrets. Use this for intermediate text that will pass through
    another formatOutbound call downstream (work-item storage, channel
    wrappers, session-command output).
  - formatOutbound: sanitize + neutralizeStrayMarkdown. Reserved for the
    single Discord-send boundary in channels/discord.ts.

Internal callers (message-turn-controller, session-commands, the
sendFormattedChannelMessage / sendFormattedTrackedChannelMessage /
editFormattedTrackedChannelMessage wrappers in index.ts, and the cron
reviewer-bot path) now use sanitizeForOutbound so the markdown escape
runs exactly once at the channel boundary.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-27 14:52:33 +09:00
Codex
890991394d remove one-shot reviewer mode 2026-05-27 12:43:15 +09:00
Codex
4e90e1d7ec fix bun path for one-shot review workspaces 2026-05-27 11:31:24 +09:00
Codex
7ed0af98a2 fix one-shot review for rooms without workDir 2026-05-27 11:20:30 +09:00
Codex
51512c9aeb add one-shot reviewer mode for single rooms 2026-05-27 10:57:57 +09:00
Codex
1509108e04 backup current stable ejclaw state 2026-05-27 10:53:31 +09:00
Eyejoker
646bc34372 [codex] Improve mobile dashboard UX (#19)
* feat(dashboard): improve mobile control plane UX

* fix(dashboard): improve mobile nav accessibility

* feat(dashboard): add mobile drawer and usage glance cards

* feat(dashboard): add compact usage matrix and i18n

* fix(dashboard): make usage-first console layout

* fix(dashboard): remove chrome and group usage rows
2026-04-26 21:29:13 +09:00
Eyejoker
5ba607644f Add read-only web dashboard MVP
Adds a disabled-by-default loopback web dashboard MVP with read-only control-plane views, prompt preview redaction, Vite React UI, and validation coverage.
2026-04-26 17:05:50 +09:00
Eyejoker
d52556fd28 fix: preserve structured attachment outputs (#17) 2026-04-25 14:41:46 +09:00
Eyejoker
a74ea4bad0 fix: preserve paired owner workspace branch invariant
Safely re-anchor drifted paired owner workspaces, guard owner completion handling, and tighten generated attachment temp-dir allowlisting.
2026-04-25 12:02:02 +09:00
Eyejoker
a459c0d47f Merge pull request #15 from phj1081/codex/parse-fenced-ejclaw-output
[codex] Parse fenced EJClaw output envelopes
2026-04-25 10:16:05 +09:00
ejclaw
cd7e35a8b0 Parse fenced EJClaw output envelopes 2026-04-25 10:14:33 +09:00
Eyejoker
5ee0859a53 Merge pull request #14 from phj1081/codex/allow-codex-warmup-state
[codex] Allow Codex warm-up state file
2026-04-25 09:33:39 +09:00
ejclaw
bd7e8a2deb Allow Codex warm-up state file 2026-04-25 09:30:40 +09:00
Eyejoker
852d3ced68 Merge pull request #13 from phj1081/codex/structured-discord-attachments
[codex] Add structured Discord attachments
2026-04-25 09:25:39 +09:00
ejclaw
3c13ab6ed8 style: format structured attachment test 2026-04-25 09:22:01 +09:00
ejclaw
83b7aef494 Add structured Discord attachments 2026-04-25 09:21:47 +09:00
Eyejoker
bdaecb2552 Merge Codex warm-up zero-window guard
Avoid repeated zero-usage Codex warm-ups
2026-04-24 19:04:59 +09:00
ejclaw
ee8b18145e fix: avoid repeated zero-usage Codex warm-ups 2026-04-24 19:04:22 +09:00
Eyejoker
2c5ab05534 Merge Codex warm-up fresh-window defaults
Restrict Codex warm-up to fresh quota windows
2026-04-24 18:56:16 +09:00
ejclaw
884aef5c99 fix: restrict Codex warm-up to fresh quota windows 2026-04-24 18:53:04 +09:00
Eyejoker
cfcac88ddb Merge optional Codex warm-up scheduler
Adds opt-in Codex warm-up with state, stagger, and failure backoff. Disabled by default.
2026-04-24 18:42:37 +09:00
ejclaw
bd56a5d765 feat: add optional Codex warm-up scheduler 2026-04-24 18:40:36 +09:00
Eyejoker
9b0ddce337 Merge EJClaw runtime hardening
Merge salvage hardening after CI pass: dist freshness guard, Codex usage fallback/path fix, IPC message_source_kind provenance, and workspace verification fixes.
2026-04-24 15:49:44 +09:00
ejclaw
deca9dab74 test: include message source migration in bootstrap expectations 2026-04-24 15:48:11 +09:00
ejclaw
e036521054 fix: salvage EJClaw runtime hardening
- add dist freshness guard to deploy flow
- preserve message source provenance for IPC injection
- harden Codex usage fallback and workspace package manager detection
- document owner branch return protocol
2026-04-24 15:02:09 +09:00
Eyejoker
a36c8a5f07 Merge dev stabilization into main
Promote STEP_DONE routing, paired telemetry, and bundled runner fixes from dev.
2026-04-24 14:12:00 +09:00
ejclaw
3eee842164 fix: restore bundled agent CLI resolution
- Upgrade EJClaw bundled Codex CLI to 0.124.0 for gpt-5.5 access
- Resolve Claude Agent SDK native binary packages via package.json
- Prefer glibc Claude binary before musl on Linux and align platform binary names
- Add regression coverage for optional package resolution
2026-04-24 13:13:11 +09:00
ejclaw
f84dccfa10 Route STEP_DONE through reviewer 2026-04-24 12:03:32 +09:00
ejclaw
6d28a4ae19 style: format paired stepdone telemetry files 2026-04-23 18:53:36 +09:00
ejclaw
9ef79e3828 Add STEP_DONE guards, verdict storage, and stale delivery suppression 2026-04-23 15:28:42 +09:00
ejclaw
afd9c7a538 Phase 0 — STEP_DONE/TASK_DONE split + owner-follow-up integration smoke 2026-04-23 13:07:20 +09:00
ejclaw
3b0875e80d test: cast readonly sandbox expectation through unknown 2026-04-22 20:59:31 +09:00
ejclaw
bf4cbd0319 test: cast readonly sandbox expectation shape 2026-04-22 20:58:17 +09:00