Commit Graph

760 Commits

Author SHA1 Message Date
Eyejoker
3546a35354 refactor: skip token auto-refresh when using env-based auth
When CLAUDE_CODE_OAUTH_TOKEN or ANTHROPIC_API_KEY is set in .env,
the credentials.json refresh loop is unnecessary. setup-token
generates a 1-year token, making auto-refresh redundant.
2026-03-14 19:01:30 +09:00
Eyejoker
e4eca65c7c feat: suppress Discord link embed previews on bot messages
Add MessageFlags.SuppressEmbeds to all send() calls so URLs in
agent responses don't generate large preview cards.
2026-03-14 03:29:26 +09:00
Eyejoker
f388323987 chore: increase text file inline limit from 8000 to 32000 chars
11k char deployment logs were getting truncated, cutting off the
actual error. 32k is safe for 200k context window.
2026-03-14 02:34:34 +09:00
Eyejoker
ae1b37694e feat: inline text file attachments from Discord
Download and inline content of .txt and other text-based file
attachments instead of showing just the filename placeholder.
Handles long copy-pastes that Discord auto-converts to .txt files.
Truncates at 8000 chars with a note.
2026-03-14 02:32:14 +09:00
Eyejoker
b8421b659d feat: switch audio transcription from OpenAI Whisper to Groq Whisper
Groq runs the same whisper-large-v3-turbo model at 200x+ real-time speed.
Falls back to OpenAI Whisper if GROQ_API_KEY is not set.
Logs elapsed time per transcription for monitoring.
2026-03-14 01:51:38 +09:00
Eyejoker
b8292e14a1 feat: shared transcription cache to avoid duplicate Whisper API calls
Both services (nanoclaw + nanoclaw-codex) now share cache/transcriptions/
directory. When one service transcribes audio, the other reads from cache
instead of making a second Whisper API call. Uses .pending file to
coordinate concurrent transcription attempts.
2026-03-14 01:40:35 +09:00
Eyejoker
7a726c335d feat: purge status channel on startup for clean dashboard
- Add purgeChannel() to Channel interface and DiscordChannel
- Uses bulkDelete for recent messages, individual delete for old ones
- Called once at startup before creating fresh dashboard messages
2026-03-14 00:52:41 +09:00
Eyejoker
d06a835163 fix: usage dashboard - remove title, use system uptime, handle null limitName, drop seconds from timestamp
- Remove "📊 Usage 보고" title line
- Use os.uptime() instead of process.uptime() for actual server uptime
- Handle null limitName in Codex rate limits (fallback to limitId or 'Codex')
- Fix Codex usage parsing: extract from rateLimitsByLimitId object
- Fix formatResetKST to handle unix timestamps (number type)
- Remove seconds from update timestamp display
2026-03-14 00:50:29 +09:00
Eyejoker
26d50933de fix: re-throw editMessage errors so dashboard can reset message ID 2026-03-14 00:45:25 +09:00
Eyejoker
9e36d9d8d2 style: prettier formatting for discord test 2026-03-14 00:44:02 +09:00
Eyejoker
e0fcf836f4 feat: gate usage dashboard behind USAGE_DASHBOARD env var
Only one service needs to show system resources + API usage.
Set USAGE_DASHBOARD=true on the primary service only.
2026-03-13 23:51:31 +09:00
Eyejoker
cf75a1b993 feat: API usage in live dashboard + Discord channel names
- Fetch Claude Code usage via OAuth API (five_hour/seven_day)
- Fetch Codex usage via app-server JSON-RPC (rateLimits/read)
- System resources: CPU%, memory, disk in GB with emoji thresholds
- Show actual Discord channel names (#name) instead of DB-stored names
- Guard against overlapping usage updates (async API calls)
2026-03-13 23:48:36 +09:00
Eyejoker
7dcb3fe1e4 feat: status dashboard categories/ordering + live usage dashboard
- Add getChannelMeta to Discord channel (batch guild fetch)
- Status dashboard groups by Discord category, sorts by position
- Add live usage dashboard (CPU, memory, disk, uptime) with message edit
- Fix 4 failing discord.test.ts tests (sendMessage format, image fetch mock)
2026-03-13 23:42:45 +09:00
Eyejoker
27d4ea05dc feat: add status dashboard for live agent monitoring
Dedicated Discord channel shows per-group agent status with live
elapsed time. Single message is edited every 10s instead of spamming.

- GroupQueue tracks startedAt timestamps and exposes getStatuses()
- Channel interface gets editMessage/sendAndTrack for message editing
- STATUS_CHANNEL_ID env var to configure the dashboard channel
- Shows processing/idle/waiting/inactive per registered group
2026-03-13 23:05:32 +09:00
Eyejoker
6a65136ff2 style: collapse multiline parseInt in config 2026-03-13 22:44:58 +09:00
Eyejoker
8bd5f71a95 chore: remove container legacy references
- Delete container/build.sh (Docker build script, no longer used)
- Remove "auth" npm script (whatsapp-auth.ts doesn't exist)
- Remove CONTAINER_* env var fallbacks from config.ts
- Update CLAUDE.md: container-runner → agent-runner, fix descriptions
- Rename MAX_CONCURRENT_CONTAINERS → MAX_CONCURRENT_AGENTS in systemd
2026-03-13 20:22:17 +09:00
Eyejoker
d4e2d78585 fix: clean up empty bullet points after stripping image links 2026-03-13 19:32:34 +09:00
Eyejoker
288c3c63c7 feat: convert non-image markdown links to readable filenames in Discord
[BuildPanel.tsx](/long/path#L320) → `BuildPanel.tsx:320`
Keeps Discord output clean since local paths aren't clickable anyway.
2026-03-13 19:28:17 +09:00
Eyejoker
3cff07cc2e refactor: remove SendImage tag, rely on natural markdown link parsing
LLMs naturally produce [name.png](/path) markdown links for images.
Parse only this pattern instead of teaching agents a custom tag.
Remove Image Handling sections from instructions.
2026-03-13 19:24:49 +09:00
Eyejoker
fd5c81401d feat: also parse markdown image links for Discord image sending
Support [name.png](/path) format in addition to [SendImage: /path].
LLMs naturally produce markdown links, so both patterns are recognized.
Only absolute paths with image extensions are matched.
2026-03-13 19:23:49 +09:00
Eyejoker
a1db0e2161 feat: support agent-to-user image sending via Discord
Parse [SendImage: /absolute/path] tags from agent responses and send
them as Discord file attachments alongside the text message.
2026-03-13 19:18:09 +09:00
Eyejoker
8a0e407526 feat: add Discord image receiving for Claude Code and Codex agents
Download Discord image attachments to DATA_DIR/attachments/ and pass
them as multimodal content blocks to both agent types:
- Claude Code: base64 ImageBlockParam via Agent SDK MessageParam
- Codex: localImage input block via app-server turn/start
2026-03-13 19:15:23 +09:00
Eyejoker
09a089ccaf refactor: unify skill sync, remove commands directory
- Remove commands/ sync from agent-runner (skills/ is SSOT for both agents)
- Remove ~/.codex/skills/ as source (use ~/.claude/skills/ only)
- Codex uses $skill prefix, Claude Code uses /skill — both read from skills/
- Minor formatting fixes in config.ts, group-queue.test.ts, index.ts
2026-03-13 17:03:28 +09:00
Eyejoker
922ec60517 fix: sync Claude Code skills/commands to Codex sessions
Codex sessions now also receive skills and commands from ~/.claude/
in addition to ~/.codex/, so both agents share the same tool set
(patch, linear, sentry, coolify, exa, playwright, sprite, etc.)
2026-03-13 16:45:36 +09:00
Eyejoker
bd7f4408ae refactor: rename container references to agent across codebase
- container-runner.ts → agent-runner.ts
- ContainerInput/Output → AgentInput/Output
- ContainerConfig → AgentConfig
- runContainerAgent → runAgentProcess
- CONTAINER_TIMEOUT → AGENT_TIMEOUT (with env fallback)
- MAX_CONCURRENT_CONTAINERS → MAX_CONCURRENT_AGENTS
- containerName → processName, isTaskContainer → isTaskProcess
- DB column container_config kept as-is (backwards compat)
2026-03-13 16:18:36 +09:00
Eyejoker
35277cea0a feat: codex app-server integration, token sync fix, typing fix
- Rewrite codex-runner to use `codex app-server` JSON-RPC instead of
  `codex exec`. Supports streaming (item/agentMessage/delta), session
  persistence (thread/start, thread/resume), and mid-turn message
  injection (turn/steer with IPC polling during execution).
- Fix token refresh not syncing to per-group session directories,
  causing 401 errors on running agents.
- Fix typing indicator staying on when codex returns null result
  by always clearing typing on any streaming callback.
- Update README and CLAUDE.md to reflect dual-service architecture,
  host process mode, and codex app-server integration.
2026-03-13 16:03:08 +09:00
Eyejoker
0515edc93d feat: OAuth auto-refresh, Codex session resume, MCP injection, and secret sanitization
- Add token-refresh module that auto-renews Claude OAuth tokens 30min before expiry
- Fix Codex session loss on service restart by resuming previous sessions
- Inject nanoclaw MCP server into Codex config.toml for send_message/schedule_task
- Sanitize ANTHROPIC_API_KEY and CLAUDE_CODE_OAUTH_TOKEN from Codex subprocess env
2026-03-12 02:47:24 +09:00
Eyejoker
3fd9ce18b5 feat: sync skills to per-group Codex session dirs 2026-03-11 20:06:38 +09:00
Eyejoker
03c1a67649 fix: sync instructions.md to per-group Codex session dirs 2026-03-11 19:01:09 +09:00
Eyejoker
aed051fb96 fix: sync ~/.claude/.credentials.json to per-group session dirs
Without this, per-group credentials become stale when the home
credentials are refreshed elsewhere, causing 401 auth errors.
2026-03-11 16:49:09 +09:00
Eyejoker
b0ef22e702 fix: use CODEX_HOME instead of CODEX_CONFIG_DIR for per-group session isolation
CODEX_CONFIG_DIR is not recognized by Codex CLI. CODEX_HOME is the correct
env var that controls the root directory for sessions, state, and config.
Without this, all groups sharing the same workDir would have their sessions
collide, causing resume --last to pick up wrong group's session.
2026-03-11 05:07:34 +09:00
Eyejoker
7c49bdf6ce feat: per-group model/effort overrides via containerConfig 2026-03-11 04:31:41 +09:00
Eyejoker
31d8eee5fe feat: transcribe Discord audio attachments via OpenAI Whisper API 2026-03-11 03:12:37 +09:00
Eyejoker
8de978ccf6 feat: sync project workDir commands and skills into agent sessions 2026-03-11 02:59:34 +09:00
Eyejoker
aec2cd27af feat: sync global ~/.claude/commands/ into agent sessions 2026-03-11 02:34:20 +09:00
Eyejoker
de0b166b5d feat: sync user's global ~/.claude/skills/ into agent sessions 2026-03-11 02:32:06 +09:00
Eyejoker
021014cc56 feat: add CODEX_MODEL and CODEX_EFFORT env var support for codex-runner 2026-03-11 02:25:20 +09:00
Eyejoker
b748622523 fix: skip EXTRA_BASE scan when workDir is set
Prevents the agent-runner from scanning all subdirectories of the
project as additionalDirectories, which caused SDK crashes.
2026-03-11 02:07:28 +09:00
Eyejoker
cb51ef36f9 feat: add per-group workDir for agent working directory override
Agents can now run in a specified project directory instead of the group
folder. The group's CLAUDE.md is still loaded via additionalDirectories.
2026-03-11 02:02:51 +09:00
Eyejoker
82becfdfd7 feat: convert @username mentions to Discord ping format 2026-03-11 01:53:40 +09:00
Eyejoker
68691b7ea9 style: apply prettier formatting 2026-03-11 01:01:56 +09:00
Eyejoker
57cafc19f8 refactor: dual-instance setup, remove dead container code
- Make STORE_DIR, DATA_DIR, GROUPS_DIR configurable via env vars
  (NANOCLAW_STORE_DIR, NANOCLAW_DATA_DIR, NANOCLAW_GROUPS_DIR)
  for running two instances from one codebase
- Remove broken 'both' agent type sequential loop from processGroupMessages
- Delete dead code: container-runtime, mount-security, credential-proxy,
  Dockerfiles, and related config constants (~1,085 lines removed)
- Add codex instance launchd plist template
2026-03-11 00:50:03 +09:00
Eyejoker
955a2901c8 feat: add 'both' agent type for shared Claude Code + Codex channels
- AgentType now supports 'both' — runs both agents sequentially
- Each agent gets its own folder suffix (_cc / _codex) for isolated sessions
- Claude Code bot handles message storage for 'both' channels
- Responses routed through the matching bot for each agent type
2026-03-10 23:58:13 +09:00
Eyejoker
bbe8354bfd fix: add npm-global to PATH for codex CLI, clear typing after response
- Enrich spawned process PATH with ~/.npm-global/bin so codex CLI is
  findable when running under launchd
- Clear typing indicator in streaming callback after sending response,
  instead of waiting for runner process to fully exit
2026-03-10 21:46:36 +09:00
Eyejoker
46f560ed67 fix: load agentType from DB, fix host process PATH and session resume
- Read/write agent_type column in getAllRegisteredGroups/setRegisteredGroup
  (was missing, causing all groups to fall back to claude-code)
- Strip CLAUDECODE env var to prevent nested session detection
- Add node binary path to spawned process PATH for launchd compatibility
- Clear stale container-era sessions that reference /workspace/group
2026-03-10 21:25:28 +09:00
Eyejoker
08dd468692 feat: remove container layer, run agents as direct host processes
- Rewrite container-runner.ts to spawn node processes directly instead
  of Docker/Apple Container
- Runner paths configurable via env vars (NANOCLAW_GROUP_DIR, etc.)
  with container-path defaults for backwards compat
- Pass real credentials directly (no credential proxy needed)
- Remove ensureContainerSystemRunning() and startCredentialProxy()
  from startup
- Add build:runners script for building agent-runner and codex-runner
- Fix TS strict mode errors in agent-runner ipc-mcp-stdio.ts
2026-03-10 21:05:21 +09:00
Eyejoker
4a34a9c802 feat: add Codex CLI support, dual Discord bots, and Discord typing fix
- Add Codex as alternative agent type (agentType: 'codex' per group)
- Codex container runner with session resume and 100-turn limit
- Dual Discord bot support (DISCORD_BOT_TOKEN + DISCORD_CODEX_BOT_TOKEN)
- Each bot handles only its agentType's registered groups
- Discord typing indicator refreshes every 8s (was single-shot, expired after ~10s)
- Agent runner 100-turn limit to prevent infinite bot-to-bot loops
- Apple Container runtime support (convert-to-apple-container skill)
- Session commands (/compact) support
- DB migration for agent_type column
2026-03-10 20:45:48 +09:00
Gabi Simons
13ce4aaf67 feat: enhance container environment isolation via credential proxy (#798)
* feat: implement credential proxy for enhanced container environment isolation

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: address PR review — bind proxy to loopback, scope OAuth injection, add tests

- Bind credential proxy to 127.0.0.1 instead of 0.0.0.0 (security)
- OAuth mode: only inject Authorization on token exchange endpoint
- Add 5 integration tests for credential-proxy.ts
- Remove dangling comment
- Extract host gateway into container-runtime.ts abstraction
- Update Apple Container skill for credential proxy compatibility

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: scope OAuth token injection by header presence instead of path

Path-based matching missed auth probe requests the CLI sends before
the token exchange. Now the proxy replaces Authorization only when
the container actually sends one, leaving x-api-key-only requests
(post-exchange) untouched.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bind credential proxy to docker0 bridge IP on Linux

On bare-metal Linux Docker, containers reach the host via the bridge IP
(e.g. 172.17.0.1), not loopback. Detect the docker0 interface address
via os.networkInterfaces() and bind there instead of 0.0.0.0, so the
proxy is reachable by containers but not exposed to the LAN.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: bind credential proxy to loopback on WSL

WSL uses Docker Desktop with the same VM routing as macOS, so
127.0.0.1 is correct and secure. Without this, the fallback to
0.0.0.0 was triggered because WSL has no docker0 interface.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: detect WSL via /proc instead of env var

WSL_DISTRO_NAME isn't set under systemd. Use
/proc/sys/fs/binfmt_misc/WSLInterop which is always present on WSL.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-09 00:27:13 +02:00
glifocat
a689a18dfa fix: close task container promptly when agent uses IPC-only messaging (#840)
Scheduled tasks that send messages via send_message (IPC) instead of
returning text as result left the container idle for ~30 minutes until
the hard timeout killed it (exit 137). This blocked new messages for
the group during that window.

Root cause: scheduleClose() was only called inside the
`if (streamedOutput.result)` branch. Tasks that communicate solely
through IPC (e.g. heartbeat check-ins) complete with result=null,
so the 10s close timer was never set.

Fix: also call scheduleClose() on status==='success', covering both
result-based and IPC-only task completions.

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-08 21:43:21 +02:00
Gabi Simons
74b02c8715 fix(db): add LIMIT to unbounded message history queries (#692) (#735)
getNewMessages() and getMessagesSince() loaded all rows after a
checkpoint with no cap, causing growing memory and token costs.
Both queries now use a DESC LIMIT subquery to return only the
most recent N messages, re-sorted chronologically.

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-06 18:34:55 +02:00