Commit Graph

160 Commits

Author SHA1 Message Date
Codex
822ac34c0e fix(merge): integrate gitea/main fork — renumber migrations, dedup, fix paired_tasks insert
Resolves the gitea/main <-> deployed-line merge:
- DB migrations: renumber gitea's colliding 019/020 to 021/022
  (reviewer_failure_count -> v21, turn_progress_text_compat -> v22) so all
  four migrations have distinct versions; update ordered list + bootstrap test.
- paired_tasks INSERT: add the missing VALUES placeholder so both new columns
  (reviewer_failure_count + arbiter_intervention_count) bind (26 cols/values).
- index.ts: drop duplicate startUsagePrimer import from the auto-merge.
- discord output: keep the deployed pipeline (attachment rejection notice) and
  call sanitizeForOutbound at the channel boundary so prose escaping done in
  prepareDiscordOutbound is not double-applied; keep gitea's reviewer
  silent-failure cap + router markdown-escape helpers.
- usage-primer/codex-warmup: keep the dawn-hold removal over gitea's primer.

Full test suite: only pre-existing env/bun-path failures remain; no merge regressions.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-06-18 05:49:10 +09:00
Codex
e14ac3dfca Merge remote-tracking branch 'gitea/main'
# Conflicts:
#	prompts/owner-common-paired-room.md
#	src/channels/discord.ts
#	src/codex-warmup.ts
#	src/db/bootstrap.test.ts
#	src/db/migrations/index.ts
#	src/paired-execution-context-reviewer.ts
#	src/usage-primer.test.ts
#	src/usage-primer.ts
2026-06-18 05:41:07 +09:00
Codex
1dd948a7ac merge: integrate origin/main (406 commits) into live branch
Merge upstream's paired-room stabilization, dedicated message-runtime-loop,
outbound delivery refactor (ipc-outbound-delivery / deliverFormattedCanonicalMessage),
discord module split, dashboard rework, and migrations 015-018 into our branch.

Conflict policy: prefer upstream for the heavily-refactored paired-room /
message-runtime / db cluster (it supersedes our earlier loop band-aids), keep
only orthogonal unique fixes:
- codex bundled-JS launcher fix (codex-warmup.ts)
- slot-aligned Claude+Codex usage primer (usage-primer.ts) re-wired into index.ts
- MemoryHigh=3G cgroup bound, discord perms diagnostic, prompt docs
- progress null-race + silent-failure publish guards (message-turn-controller.ts)

Dropped (superseded by upstream or unwired): reviewer STEP_DONE/TASK_DONE loop
band-aids, router markdown-escape override, register tribunal-default+git-init,
restart-context rewindToSeq (unwired).

Verified: typecheck clean, build clean, vitest shows zero new regressions vs the
origin/main baseline (only pre-existing env-config failures remain).
2026-06-08 21:15:39 +09:00
claude-bot
5af1c5b1d1 fix(router): escape Discord markdown delimiters instead of stripping 2026-06-01 17:49:54 +09:00
claude-bot
5b16bb6694 feat(primer): add usage-window alignment primer on GitHub-main base
Port the local primer subsystem onto the upstream base by intent:
- add src/usage-primer.ts (KST-slot primer firing Claude + Codex signals)
- extend codex-warmup with the ignoreZeroUsageWindow runtime option used
  by the primer so a slot is never skipped just because Codex is partway
  through its weekly window
- Codex primer fires unconditionally (maxUsagePct/maxD7UsagePct=100),
  mirroring the Claude primer, refreshing usage before selection
- wire startUsagePrimer() into the runtime bootstrap

Co-Authored-By: Claude Opus 4 <noreply@anthropic.com>
2026-06-01 17:25:34 +09:00
Codex
cf9bf08197 fix(router): escape Discord markdown delimiters instead of stripping
Previously formatOutbound stripped `*`, `_`, `~`, `|`, `` ` ``, `#`, `>`
from prose so they wouldn't trigger Discord formatting. That worked but
silently lost information — `**DONE**`, `STEP_DONE`, ~~strike~~ all
arrived in Discord with the source characters missing.

Switch to backslash-escape so the literal source text shows up while
still suppressing the formatting interpretation. Triple-backtick fenced
code blocks are still preserved verbatim.

Escape is non-idempotent (running it twice double-escapes backslashes),
so split the pipeline:

  - sanitizeForOutbound: strip internal tags + tool-call leaks + redact
    secrets. Use this for intermediate text that will pass through
    another formatOutbound call downstream (work-item storage, channel
    wrappers, session-command output).
  - formatOutbound: sanitize + neutralizeStrayMarkdown. Reserved for the
    single Discord-send boundary in channels/discord.ts.

Internal callers (message-turn-controller, session-commands, the
sendFormattedChannelMessage / sendFormattedTrackedChannelMessage /
editFormattedTrackedChannelMessage wrappers in index.ts, and the cron
reviewer-bot path) now use sanitizeForOutbound so the markdown escape
runs exactly once at the channel boundary.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-27 14:52:33 +09:00
Codex
1509108e04 backup current stable ejclaw state 2026-05-27 10:53:31 +09:00
ejclaw
71650da534 fix: recover local paired attempts after restart 2026-05-27 06:27:10 +09:00
ejclaw
0177437a8a fix: recover interrupted paired turn attempts 2026-05-27 05:57:29 +09:00
Eyejoker
6eb89cdc51 fix: skip restart recovery announcements when no channel is connected
Prevents web-dashboard-only startup from crashing when Discord channels are unavailable.

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-05-23 13:00:01 +09:00
Eyejoker
fd3145e2a7 feat: refresh dashboard settings UX and Codex feature toggles (#153)
* feat: refresh dashboard settings UX and Codex feature toggles

Improve settings/tasks mobile layout, model effort validation by agent type, and preset models for GPT 5.5 and Opus 4.7. Store Codex fast mode and goals in config.toml with Claude fastMode session sync and updated docs for Codex 0.133.

Co-authored-by: Cursor <cursoragent@cursor.com>

* style: apply pre-commit formatting after dashboard settings commit

Co-authored-by: Cursor <cursoragent@cursor.com>

---------

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-05-23 12:18:42 +09:00
Eyejoker
77c2d031bc Recover only active groups after restart
Limit restart interruption snapshots, announcements, and recovery queueing to groups that were actively processing. Waiting groups remain compatible in stored context but no longer receive restart recovery signals.
2026-05-21 04:54:00 +09:00
ejclaw
4dcd4037f1 chore: clear low-risk lint warnings 2026-04-29 13:31:11 +09:00
ejclaw
274e234365 Extract paired verdict signal helpers 2026-04-29 10:05:26 +09:00
ejclaw
4daa1382f0 Route outbound messages through canonical delivery 2026-04-29 00:07:06 +09:00
ejclaw
d2a27ecf34 Unify IPC outbound delivery through work items 2026-04-28 23:36:34 +09:00
Eyejoker
8bb77ffaa3 Fix structured IPC envelope leakage
Normalize EJClaw structured send_message envelopes, preserve attachments, unwrap stored room payloads, and add regression tests.
2026-04-28 01:35:26 +09:00
Eyejoker
c2a6889567 Codex accounts: 6h auto-refresh, manual refresh, manual switch (#48)
Auto refresh
- New refreshCodexAccount(index) calls https://auth.openai.com/oauth/token
  with grant_type=refresh_token and persists rotated tokens back to
  ~/.codex-accounts/{N}/auth.json. JWT's subscription_active_until
  reflects the latest plan state OpenAI hands back.
- startCodexAccountRefreshLoop() runs every 6h (first run delayed 60s
  after boot to keep startup snappy). Hooked into main()/shutdown()
  alongside the existing claude token refresh loop.

Manual controls (Settings → 계정 → Codex)
- "갱신" button per row: forces an immediate refresh for that account.
- "전체 갱신" button: refreshes all codex accounts in sequence.
- "전환" button: writes data/codex-rotation-state.json so the next codex
  spawn picks the chosen account. Active account marked with a green-
  bordered card and "사용중" badge.

Endpoints
- POST /api/settings/accounts/codex/{i}/refresh
- POST /api/settings/accounts/codex/refresh-all
- PUT  /api/settings/accounts/codex/current  { index }
- GET  /api/settings/accounts now also returns codexCurrentIndex.

Why
JWTs cache subscription state at issue-time. When a Pro plan lapses or
a user upgrades/downgrades, the dashboard kept showing stale data until
the user logged in again. Periodic refresh + explicit "갱신" button
keeps the displayed state honest, and the manual switch unblocks the
user when rotation lands on a known-bad account.

Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
2026-04-27 22:23:06 +09:00
Eyejoker
92e4e22e4d feat(dashboard): create and edit scheduled tasks 2026-04-27 03:05:04 +09:00
Eyejoker
1676f53f4d feat(dashboard): send room messages from web (#33) 2026-04-27 02:23:32 +09:00
Eyejoker
5ba607644f Add read-only web dashboard MVP
Adds a disabled-by-default loopback web dashboard MVP with read-only control-plane views, prompt preview redaction, Vite React UI, and validation coverage.
2026-04-26 17:05:50 +09:00
ejclaw
e036521054 fix: salvage EJClaw runtime hardening
- add dist freshness guard to deploy flow
- preserve message source provenance for IPC injection
- harden Codex usage fallback and workspace package manager detection
- document owner branch return protocol
2026-04-24 15:02:09 +09:00
ejclaw
a1617b7456 runtime: unify final delivery and startup preconditions 2026-04-11 13:48:54 +09:00
ejclaw
e88073f2f8 fix: block stale paired IPC and duplicate finalize turns 2026-04-11 04:18:43 +09:00
ejclaw
d8b34db92c fix: persist direct terminal verdicts for paired reviewers 2026-04-10 23:41:41 +09:00
ejclaw
497e6dec74 refactor: decompose runtime coordination and runner internals (PR6) 2026-04-10 22:48:49 +09:00
ejclaw
4e05f60400 refactor: land approved runtime cleanup and room binding cutover 2026-04-10 21:04:23 +09:00
ejclaw
c67bd1c622 Finalize turn-role invariants and legacy migration cutover 2026-04-10 11:44:34 +09:00
ejclaw
8e8c771ab1 Continue runtime and scheduler cleanup 2026-04-08 01:06:47 +09:00
ejclaw
bf55ad65fd Format files touched by reviewer runtime cleanup 2026-04-06 07:56:59 +09:00
ejclaw
aaa9eeb50a Remove paired reviewer container execution path 2026-04-06 07:56:24 +09:00
Eyejoker
b6c8546f25 Dedup reviewer finals only after actual IPC delivery 2026-04-05 08:02:02 +09:00
Eyejoker
ac225f2b1e Add paired delivery diagnostic logging 2026-04-05 00:00:09 +09:00
Eyejoker
7f0fbd5811 Route IPC send_message by paired room role 2026-04-04 23:02:30 +09:00
Eyejoker
3dd772c229 Refactor local memory and role-fixed runtime routing 2026-04-04 03:50:28 +09:00
Eyejoker
2070e0391f refactor: remove register_group legacy surface 2026-03-31 21:59:01 +09:00
Eyejoker
b9538e54bc feat: add room-level assignment write path 2026-03-31 21:21:57 +09:00
Eyejoker
68901e5da9 feat: global failover + dashboard model config section
- Failover is now global (account-level, not per-channel)
- Dashboard shows role model config (Owner/Reviewer/Arbiter + MoA refs)
- Dashboard shows failover status when active
- Auto-clear failover on successful Claude rotation
- Remove per-channel lease writes from failover path
2026-03-31 00:38:29 +09:00
Eyejoker
4a5edaceb6 refactor: remove SERVICE_AGENT_TYPE legacy constant
SERVICE_AGENT_TYPE was always 'claude-code' in the unified service,
making it a misleading constant. Each group already has its own
agentType field.

- Removed SERVICE_AGENT_TYPE from config.ts
- Session functions now accept agentType parameter (default: 'claude-code')
- Task scheduler uses task-level agent_type for token rotation decisions
- All fallback defaults changed to 'claude-code' literal
- Logging uses 'unified' instead of the misleading type
2026-03-30 23:10:48 +09:00
Eyejoker
58ed721d6e feat: auto-recreate reviewer containers on token rotation
When OAuth tokens rotate or refresh, all reviewer containers are
automatically removed. The next reviewer turn recreates them with
the latest token, preventing 401 auth failures.

Uses callback pattern to avoid circular dependencies:
- token-rotation.ts: onTokenRotated(cb)
- token-refresh.ts: onTokenRefreshed(cb)
- index.ts: registers recreateAllReviewerContainers as callback
2026-03-30 21:51:45 +09:00
Eyejoker
ab2680ba11 feat: route cron output via reviewer bot in paired rooms
In paired rooms, cron output was posted by the owner bot. Since the
owner can't respond to its own messages, the cron report just sat
there with no follow-up action.

Now cron output in paired rooms is posted via the reviewer bot. The
owner picks it up as a peer request, analyzes the report, and acts
on it (e.g., fixing Sentry errors). The normal paired review loop
then kicks in to verify the fix.
2026-03-30 01:32:06 +09:00
Eyejoker
382c9f49d4 fix: bind credential proxy to docker0 interface on Linux
Proxy was binding to 127.0.0.1 which is unreachable from Docker
containers. Now uses PROXY_BIND_HOST (detects docker0 IP on Linux)
so containers can reach the proxy via host.docker.internal.
2026-03-29 23:56:46 +09:00
Eyejoker
b965a7e43d feat: add pnpm store mount, pre-flight checks, and idle timeout for reviewer containers
- Detect pnpm projects and mount global store read-only so hardlinks resolve
- npm/yarn/bun need no extra mounts (node_modules is self-contained)
- Pre-flight check: verify Docker running + image exists (cached after first call)
- Add activity-based idle timeout (reset on stdout/stderr like host runner)
- Clean up orphaned containers on shutdown (not just startup)
2026-03-29 22:46:20 +09:00
Eyejoker
d8cb4b691e feat: verdict-based ping-pong control with merge_ready finalization
- DONE → merge_ready → owner final turn (commit/push) → completed
- DONE_WITH_CONCERNS → active → owner addresses → ping-pong continues
- BLOCKED/NEEDS_CONTEXT → completed (escalate to user, stop ping-pong)
- Regular feedback → active → ping-pong continues
- Owner detects merge_ready status and finalizes autonomously
2026-03-29 20:59:08 +09:00
Eyejoker
16d20fe627 feat: paired review system overhaul — unified service, configurable agents, silent output removal
- Remove UNIFIED_MODE legacy: single service manages all 3 Discord bots
- Add OWNER_AGENT_TYPE / REVIEWER_AGENT_TYPE env vars for configurable agent selection
- Fix Discord channel routing: reviewer output goes through correct bot (discord/discord-review)
- Fix channel name assignment: explicit names prevent agentTypeFilter collision
- Remove silent output suppression system: harness-level protections replace prompt workarounds
- Add reviewer approval detection: DONE marker on first line stops ping-pong
- Include user's original message in reviewer prompt for context
- Fix round_trip_count auto-reset on new user message
- Fix session ID conflict: reviewer doesn't reuse owner's session
- Fix pending progress text flush in runner on close sentinel
- Promote buffered intermediate text to final result when result event has no text
- Remove legacy files: .env.codex.example, .env.codex-review.example, migrate-unify.cjs
- Update CLAUDE.md: server-side build deployment, unified architecture docs
2026-03-29 20:50:32 +09:00
Eyejoker
9e0de1297c fix: /clear now resets both owner and reviewer sessions in paired rooms 2026-03-29 19:00:42 +09:00
Eyejoker
d01f98bd61 feat: unify 3 bot services into single process
- Add UNIFIED_MODE flag (default on, disable with UNIFIED_MODE=0)
- Register all 3 Discord bots in one process (claude, codex, review)
- Load all registered groups regardless of agent_type (codex/owner priority)
- Start credential proxy and container cleanup at unified startup
- shouldServiceProcessChat returns true in unified mode
- Add findChannelByName for role-based response routing
- Backward compatible: UNIFIED_MODE=0 restores per-service behavior
2026-03-29 18:37:17 +09:00
Eyejoker
e1fdc47552 style: sync pre-commit formatting fallout 2026-03-28 05:41:16 +09:00
Eyejoker
ba9f6871b6 feat: add codex review failover and suppress output hardening 2026-03-28 05:40:38 +09:00
Eyejoker
f79baf1ff8 fix: avoid Claude token refresh races across services 2026-03-26 10:25:09 +09:00