Commit Graph

681 Commits

Author SHA1 Message Date
Eyejoker
dddf18428e fix: /stop leaves stale paired task, sawOutput guard, progress text overwrite
- /stop now resets the active paired task to completed so the next
  user message routes to the owner instead of the stuck reviewer
- Owner completion with sawOutput=false (e.g. interrupted by /stop)
  no longer auto-triggers the reviewer — treated as interrupted
- Clear pendingProgressText when intermediate updates arrive on an
  existing progress message, preventing flushPendingProgress from
  overwriting latestProgressText with stale buffered content
2026-03-31 02:54:04 +09:00
Eyejoker
33575c84f1 fix: remove hardcoded server IP from README, simplify deploy command 2026-03-31 02:20:45 +09:00
Eyejoker
862881ac91 fix: show actual memory usage (exclude cache) + add build:container script
- Dashboard memory: use /proc/meminfo MemAvailable instead of os.freemem()
  to exclude Linux buffer/cache from reported usage
- Add build:container npm script for reviewer Docker image rebuild
- Update deploy commands in CLAUDE.md and README.md to include build:container
2026-03-31 02:17:44 +09:00
Eyejoker
0fb7ba6b57 chore: rename MAGI to Tribunal, add gstack prompt attribution 2026-03-31 01:54:22 +09:00
Eyejoker
e9f9340ece chore: update README for MAGI/MoA/Bun + show model names in MoA dashboard 2026-03-31 01:51:44 +09:00
Eyejoker
da27d30079 feat: MoA supports Anthropic Messages format (MOA_{NAME}_API_FORMAT=anthropic)
Kimi coding plan and GLM both use Anthropic-compatible API, not OpenAI.
queryModel now dispatches to /v1/messages or /chat/completions based on
apiFormat config per reference model.
2026-03-31 01:49:34 +09:00
Eyejoker
a89ab757b6 feat: restore Kimi usage dashboard (api.kimi.com/coding/v1/usages)
Recovered kimi-usage.ts from bot session logs — original was deleted
during March 27 fallback cleanup. Shows 5h/7d usage bars in dashboard
alongside Claude and Codex, using sk-kimi-* coding plan API key.
2026-03-31 01:46:19 +09:00
Eyejoker
68901e5da9 feat: global failover + dashboard model config section
- Failover is now global (account-level, not per-channel)
- Dashboard shows role model config (Owner/Reviewer/Arbiter + MoA refs)
- Dashboard shows failover status when active
- Auto-clear failover on successful Claude rotation
- Remove per-channel lease writes from failover path
2026-03-31 00:38:29 +09:00
Eyejoker
f98dd27712 refactor: MoA uses lightweight API references + SDK arbiter as aggregator
Instead of spawning separate processes or using OpenRouter, MoA now:
- Queries external API models (Kimi, GLM) in parallel for opinions
- Injects opinions into the SDK arbiter's prompt
- The existing subscription-based arbiter aggregates all perspectives

No extra SDK processes, no OpenRouter dependency. Per-model config via
MOA_REF_MODELS + MOA_{NAME}_MODEL/BASE_URL/API_KEY env vars.
2026-03-31 00:26:24 +09:00
Eyejoker
f4b04d6c4d feat: add Mixture of Agents (MoA) for arbiter verdicts
When MOA_ENABLED=true, arbiter queries multiple LLM models in parallel
via OpenAI-compatible API, then an aggregator model synthesizes the
final verdict from all opinions. Falls back to single-agent arbiter
when MoA is disabled.

Config: MOA_BASE_URL, MOA_API_KEY, MOA_REFERENCE_MODELS, MOA_AGGREGATOR_MODEL
2026-03-31 00:20:41 +09:00
Eyejoker
35ba7cb5ba chore: replace all node/npm/tsx references with bun across codebase
- Source: setup/service.ts, runners.ts, agent-runner.ts error messages
- Scripts: restart-stack.sh, run-migrations.ts → bun
- Bootstrap: setup.sh check_node→check_bun, npm install→bun install
- Docs: CLAUDE.md, README.md, all SKILL.md files
- Tests: service.test.ts, restart-stack.test.ts expectations updated
2026-03-31 00:10:23 +09:00
Eyejoker
0112f5a2d6 feat: migrate runtime from Node.js to Bun
- Replace better-sqlite3 with bun:sqlite (native, no native addon build)
- Change all spawn('node') to spawn('bun') for agent processes
- Update package.json scripts: node→bun, tsx→bun, npm→bun
- Add bun-types for tsc compatibility
- Add bun:sqlite→better-sqlite3 shim for vitest (tests run on Node.js)
- Update Dockerfile: install bun alongside Node.js (CLIs need Node)
- Update setup/platform.ts: getNodePath() resolves bun binary
- Remove better-sqlite3 from production dependencies (devDep only for tests)
2026-03-30 23:58:54 +09:00
Eyejoker
3e2954ebcf refactor: extract resolveEffectiveAgentType/resolveSessionFolder as SSOT, deduplicate CONTAINER_IMAGE 2026-03-30 23:44:49 +09:00
Eyejoker
e649432a40 feat: add per-role model selection via .env (OWNER/REVIEWER/ARBITER_MODEL, _EFFORT, _FALLBACK_ENABLED) 2026-03-30 23:40:36 +09:00
Eyejoker
4a5edaceb6 refactor: remove SERVICE_AGENT_TYPE legacy constant
SERVICE_AGENT_TYPE was always 'claude-code' in the unified service,
making it a misleading constant. Each group already has its own
agentType field.

- Removed SERVICE_AGENT_TYPE from config.ts
- Session functions now accept agentType parameter (default: 'claude-code')
- Task scheduler uses task-level agent_type for token rotation decisions
- All fallback defaults changed to 'claude-code' literal
- Logging uses 'unified' instead of the misleading type
2026-03-30 23:10:48 +09:00
Eyejoker
5562e30ce1 refactor: use resolveActiveRole() as SSOT for all status→role mapping
Eliminated duplicate task status checks in message-agent-executor.ts
and message-runtime.ts. All status→role decisions now flow through
the single resolveActiveRole() function.
2026-03-30 23:03:00 +09:00
Eyejoker
d3df67e08c chore: remove dead code (pairedCursorKey, unused ARBITER_AGENT_TYPE import) 2026-03-30 22:59:18 +09:00
Eyejoker
14d70f345a refactor: extract resolveActiveRole() as single source of status→role mapping
resolveCursorKey and resolveChannel both duplicated the same
taskStatus→role switch. Now resolveActiveRole() is the single
mapping, and both functions derive from it.
2026-03-30 22:58:00 +09:00
Eyejoker
a91776b067 refactor: centralize channel selection with resolveChannel()
Replace all manual channel selection (useReviewerChannel,
useArbiterChannel, isReviewerWorkItem, isArbiterWorkItem, 3-way
ternary chains) with a single resolveChannel(taskStatus) function
that maps task status to the correct Discord bot channel.
2026-03-30 22:56:40 +09:00
Eyejoker
7ad40276d9 refactor: centralize cursor key resolution with resolveCursorKey()
Replace all manual cursor key construction (hardcoded chatJid:reviewer,
chatJid:arbiter, pairedCursorKey, 3-way ternary) with a single
resolveCursorKey(chatJid, taskStatus) function.

- Removed pairedCursorKey import (no longer needed)
- Removed loopIsReviewerTurn, loopIsArbiterTurn intermediate variables
- All cursor key logic now flows through one function that maps
  task status to the correct role-specific key
2026-03-30 22:54:35 +09:00
Eyejoker
46926f32f3 fix: use role-specific cursor keys in review_ready and arbiter_requested paths
The review_ready and arbiter_requested paths in processGroupMessages
were advancing the default (owner) cursor instead of the role-specific
cursor. This caused the reviewer to miss the owner's messages because
the owner cursor had already moved past them.

Now review_ready advances chatJid:reviewer cursor only, and
arbiter_requested advances chatJid:arbiter cursor only.
2026-03-30 22:50:26 +09:00
Eyejoker
4ccd45e549 fix: arbiter always uses discord-review bot regardless of model 2026-03-30 22:34:49 +09:00
Eyejoker
f3b25b1b40 fix: apply role labels to arbiter conversation context 2026-03-30 22:33:42 +09:00
Eyejoker
25cec18ce8 fix: clear arbiter session on each invocation to prevent verdict bias 2026-03-30 22:30:42 +09:00
Eyejoker
cb79450572 fix: add arbiter verdict compliance to owner and reviewer prompts 2026-03-30 22:28:48 +09:00
Eyejoker
45fe80f5f5 fix: route BLOCKED/NEEDS_CONTEXT through arbiter before escalating
BLOCKED and NEEDS_CONTEXT verdicts went straight to completed,
bypassing the arbiter entirely. Now when arbiter is enabled, these
verdicts trigger arbiter intervention first — the arbiter may
resolve the block or decide to escalate to the user (ESCALATE).
2026-03-30 22:26:51 +09:00
Eyejoker
a043f2b79a feat: implement MAGI 3-agent arbiter system for deadlock resolution
Introduces a third agent role (arbiter) that is summoned on-demand
when owner and reviewer reach a deadlock (same verdict 3+ rounds).

Architecture:
- 3 Discord bots: owner (codex), reviewer (claude), arbiter (claude/codex)
- Arbiter is NOT always-on — only invoked when deadlock detected
- Arbiter renders binding verdict: PROCEED/REVISE/RESET/ESCALATE
- Non-escalate verdicts reset round_trip_count and resume ping-pong
- Backward compatible: ARBITER_AGENT_TYPE unset = existing 2-agent mode

Changes across 13 source files + 7 test files:
- types.ts: PairedRoomRole += 'arbiter', new statuses, ArbiterVerdict type
- config.ts: ARBITER_AGENT_TYPE, ARBITER_SERVICE_ID, ARBITER_DEADLOCK_THRESHOLD
- db.ts: schema migration (arbiter columns in channel_owner + paired_tasks)
- service-routing.ts: arbiter_service_id in lease
- room-role-context.ts: arbiter role detection
- paired-execution-context.ts: deadlock->arbiter, verdict handling
- message-runtime.ts: arbiter turn routing, cursor, sender labeling
- message-agent-executor.ts: arbiter mode, failover
- agent-runner.ts + environment.ts: arbiter container mode
- platform-prompts.ts: arbiter prompt loading

New files:
- prompts/arbiter-paired-room.md: arbiter system prompt
- src/arbiter-context.ts: builds conversation context for arbiter judgment
2026-03-30 22:20:42 +09:00
Eyejoker
58ed721d6e feat: auto-recreate reviewer containers on token rotation
When OAuth tokens rotate or refresh, all reviewer containers are
automatically removed. The next reviewer turn recreates them with
the latest token, preventing 401 auth failures.

Uses callback pattern to avoid circular dependencies:
- token-rotation.ts: onTokenRotated(cb)
- token-refresh.ts: onTokenRefreshed(cb)
- index.ts: registers recreateAllReviewerContainers as callback
2026-03-30 21:51:45 +09:00
Eyejoker
0e528bf471 fix: update test mocks for voice message flag and CI watcher
- discord.test.ts: add IsVoiceMessage to MessageFlags mock, add
  flags.has() to message mock
- paired-execution-context.test.ts: add hasActiveCiWatcherForChat mock
2026-03-30 21:51:28 +09:00
Eyejoker
7ee915bbeb fix: only reset round_trip_count on human messages
The counter was being reset to 0 on every owner turn, including
bot-only ping-pong turns. This prevented the 3-round-trip echo
loop breaker from ever triggering. Now only human messages reset
the counter.
2026-03-30 21:09:41 +09:00
Eyejoker
27bf36c833 fix: break DONE_WITH_CONCERNS echo loop after 3 round trips
When both owner and reviewer keep echoing DONE_WITH_CONCERNS without
making progress, the system now stops the ping-pong after 3 round
trips and sets the task to completed, escalating to the user.
2026-03-30 21:00:31 +09:00
Eyejoker
196c885c9e fix: clarify owner/reviewer action expectations in paired room prompts
Owner was "agreeing" with concerns instead of fixing code. Reviewer
was listing issues without directing the owner to fix them. Now:
- Reviewer: explicitly direct the owner to fix specific issues
- Owner: fix issues when flagged, don't just acknowledge
2026-03-30 20:49:02 +09:00
Eyejoker
fde29db227 fix: break DONE_WITH_CONCERNS echo loop in paired room prompts
Both agents were repeating "agreed, 3 concerns remain" without
taking action. Now DONE_WITH_CONCERNS requires listing specific
actions, and repeating the same concerns for 2+ turns triggers
BLOCKED escalation.
2026-03-30 20:41:32 +09:00
Eyejoker
c954a383d3 fix: route reviewer failover handoffs via reviewer channel
Reviewer failover handoffs were routed through the owner channel,
causing codex-review to run in owner mode instead of reviewer mode.
Now detects reviewer handoffs by reason prefix and routes them
through the correct reviewer channel.
2026-03-30 20:32:20 +09:00
Eyejoker
39e94c47b3 fix: collect handoffs for all service IDs in unified service
The unified service runs all three bots (claude, codex-main,
codex-review) in one process but only queried handoffs for SERVICE_ID
(claude). Reviewer failover handoffs targeting codex-review were
never picked up. Now queries all three service IDs.
2026-03-30 20:26:43 +09:00
Eyejoker
b209061006 fix: use separate cursors for owner and reviewer in paired rooms
Root cause: owner and reviewer shared the same message cursor. When
the owner's turn completed, the cursor advanced past the owner's
message. The reviewer's turn then only saw messages after that cursor,
missing the owner's response entirely.

Now paired rooms use role-aware cursor keys (chatJid for owner,
chatJid:reviewer for reviewer). Each role advances only its own
cursor, so the reviewer always sees the owner's latest messages
and vice versa.
2026-03-30 20:23:16 +09:00
Eyejoker
78fa078921 fix: only reset merge_ready to active when human message is present
The finalize turn (auto-triggered after reviewer approval) was being
treated as a new working turn because merge_ready was unconditionally
reset to active. Now merge_ready is only reset when a human message
is in the batch, preserving the finalize flow for bot-only turns.
2026-03-30 19:48:25 +09:00
Eyejoker
f30b25d2b4 fix: use English role labels (owner/reviewer) for paired room sender names 2026-03-30 19:31:31 +09:00
Eyejoker
c17edd8773 feat: label bot messages with role names in paired rooms
In paired rooms, bot messages now show sender as "오너" or "리뷰어"
instead of the Discord nickname. Uses channel.isOwnMessage() to
identify which bot sent each message, then maps via the channel
lease to determine the role. This ensures agents correctly identify
who is the owner and who is the reviewer regardless of bot nicknames.
2026-03-30 19:30:59 +09:00
Eyejoker
7ec86433ad feat: add comprehensive verification tools to reviewer container
Media: ffmpeg, sox, mediainfo, imagemagick
Build: make, gcc, g++, python3, pip
Utils: jq, file, sqlite3, rsync, zip/unzip, strace
2026-03-30 19:20:39 +09:00
Eyejoker
b1d9b4cd5b feat: add common verification tools to reviewer container
Add ffmpeg, sox, imagemagick, jq, python3 so the reviewer can verify
audio encoding, image assets, and data without claiming tools are
missing.
2026-03-30 19:16:17 +09:00
Eyejoker
0bcfa72b6b fix: include original filename in attachment prompt text
Agents receive `[Audio: original.wav → /path/to/saved.wav]` instead
of just the path, so they know what file it is and where to find it.
2026-03-30 18:41:36 +09:00
Eyejoker
ad34062dbc feat: mount attachments directory in reviewer container
Discord file attachments are downloaded to data/attachments/ on the
host. Mount this directory read-only in the reviewer container at the
same absolute path so both owner and reviewer can access uploaded
files (WAV, images, etc.) using the same path.
2026-03-30 18:40:36 +09:00
Eyejoker
fcd180434d feat: download audio file attachments instead of transcribing them
Voice messages (Discord IsVoiceMessage flag or attachment with duration)
are still transcribed via Whisper. Regular audio file attachments (WAV,
MP3, etc.) are now downloaded to disk and the path is passed to the
agent, matching image attachment behavior.
2026-03-30 18:37:10 +09:00
Eyejoker
e51afc27f0 feat: failover reviewer to codex when Claude reviewer is unavailable
When the reviewer is Claude and hits auth/429/overloaded errors,
hand off the review turn to codex-review instead of swapping
owner/reviewer roles (which is the owner failover path).
2026-03-30 18:15:17 +09:00
Eyejoker
fa8ca476d8 fix: reset task status to active on new human message
When a user sends a new message while the task is in merge_ready,
review_ready, or in_review status, the owner's turn was incorrectly
treated as a finalize turn. This caused premature task completion
(DONE → completed) even when the user wanted to continue working.

Now resets status to active alongside round_trip_count, ensuring
the owner gets a fresh working turn instead of a finalize turn.
2026-03-30 17:59:27 +09:00
Eyejoker
d5d0ee5332 Merge pull request #4 from phj1081/codex/fix-stale-final-leak
fix: isolate stale finals from next runs
2026-03-30 08:09:03 +09:00
Eyejoker
17e92d4c3d fix: isolate stale finals from next runs 2026-03-30 05:23:29 +09:00
Eyejoker
008154b57d fix: inject real OAuth token to reviewer container instead of proxy
The credential proxy cached the OAuth token at startup, but Anthropic
no longer supports raw OAuth Bearer tokens on the API. The Claude Code
SDK handles OAuth internally, so the proxy was breaking auth.

Now injects the real token both at container creation and at each
docker exec, so token rotation is picked up without recreating the
container.
2026-03-30 05:14:03 +09:00
Eyejoker
3281736390 feat: inject Sentry read-only token into reviewer container 2026-03-30 04:21:18 +09:00