@adaptic/maestro 1.1.8 → 1.4.1

package/plugins/maestro-skills/skills/code-review-graph.md

@@ -0,0 +1,99 @@
+---
+name: code-review-graph
+description: Structural code analysis via tree-sitter knowledge graph — blast radius, review context, architecture overview, semantic search. Use for PR reviews, refactoring, and engineering health checks.
+---
+
+# Structural Code Analysis (code-review-graph)
+
+You are a Maestro agent. Use code-review-graph to build and query a tree-sitter-based knowledge graph of any codebase for structural analysis.
+
+## When to Invoke
+
+- **PR reviews** — assess blast radius of changes before approving
+- **Refactoring** — understand call chains, import graphs, and dependencies before making changes
+- **Engineering health checks** — generate architecture overviews for repos in the portfolio
+- **Pre-change analysis** — determine what will break if a function/class is modified
+- **Semantic code search** — find functions, patterns, or relationships across a codebase
+
+## Background
+
+code-review-graph uses tree-sitter to parse source code and build a knowledge graph mapping functions, classes, imports, and call relationships. It provides both CLI tools and an MCP server with specialized analysis tools.
+
+## Steps
+
+### One-Time Setup
+
+1. **Index the target repository**:
+   ```bash
+   npx code-review-graph index /path/to/repo
+   ```
+   This parses all source files and builds the knowledge graph. Re-run after significant changes.
+
+2. **Configure as MCP server** (optional, for persistent access):
+   Add to `.claude/settings.json` under `mcpServers`:
+   ```json
+   {
+     "code-review-graph": {
+       "command": "npx",
+       "args": ["code-review-graph", "serve", "--port", "3848"]
+     }
+   }
+   ```
+
+### Analysis Workflows
+
+3. **Blast radius analysis** — before approving a PR or making a change:
+   - Query which functions/modules depend on the changed code
+   - Identify downstream consumers that may break
+   - Map the full call chain from changed function to entry points
+   - Tool: `blast_radius` (via MCP) or CLI equivalent
+
+4. **Review context** — when reviewing a PR:
+   - Pull structural context for changed files (what calls them, what they call)
+   - Identify if changes touch hot paths or critical modules
+   - Surface related functions that should have been changed but were not
+   - Tool: `review_context` (via MCP)
+
+5. **Architecture overview** — for engineering health checks:
+   - Generate module dependency graph
+   - Identify circular dependencies
+   - Map public API surface vs internal implementation
+   - Surface orphaned code (defined but never called)
+   - Tool: `architecture_overview` (via MCP)
+
+6. **Semantic search** — finding code by intent:
+   - Search for functions matching a description or pattern
+   - Find all implementations of a given interface
+   - Locate similar code patterns across the codebase
+   - Tool: `semantic_search` (via MCP)
+
+## Output
+
+Report findings appropriate to the workflow:
+
+**For blast radius:**
+```
+## Blast Radius: [function/file]
+- Direct dependents: [N] functions in [N] files
+- Transitive impact: [N] modules
+- Risk level: [low/medium/high]
+- Affected entry points: [list]
+```
+
+**For architecture overview:**
+```
+## Architecture: [repo]
+- Modules: [N]
+- Key dependency chains: [list top 3]
+- Circular dependencies: [list or "none"]
+- Orphaned exports: [count]
+- Hottest module (most dependents): [name]
+```
+
+## Integration Notes
+
+- Recommended for coding-oriented agents (engineering, platform, product)
+- Optional for operational agents (comms, hiring, strategy) — they rarely need code-level analysis
+- Re-index after merging significant PRs to keep the graph current
+- The MCP server runs on port 3848 by default — ensure no conflicts
+- Graph build time scales with repo size; large monorepos may take 30-60 seconds

package/scaffold/CLAUDE.md

@@ -131,6 +131,70 @@ npm run gen:list                      # List available prompt specs
 
 - 5-layer defence defined in `policies/prompt-injection-defence.yaml`
 
+### Persistent Session Memory (Claude-Mem)
+
+- **Claude-Mem** automatically captures tool usage, generates semantic summaries, and injects relevant context into future sessions
+- Lifecycle hooks: SessionStart, UserPromptSubmit, PostToolUse, Stop, SessionEnd
+- Storage: Local SQLite database with Chroma vector search at `~/.claude-mem/`
+- Configuration: `~/.claude-mem/settings.json`
+- Install/update: `npx claude-mem install`
+
+### Rate Limit Awareness (Claude-Pace)
+
+- **Claude-Pace** displays real-time quota usage (5-hour + 7-day), reset countdowns, and burn rate in the status line
+- Pace delta indicator: green = headroom, red = burning too fast
+- Pure Bash + jq — ~10ms runtime, no network calls
+- Install: `claude plugin marketplace add Astro-Han/claude-pace && claude plugin install claude-pace`
+- See `docs/guides/claude-pace-setup.md`
+
+### Token Diagnostics (ccxray)
+
+- **ccxray** provides X-ray vision into Claude Code sessions via HTTP proxy + live dashboard
+- Per-turn token/cost breakdown, context window heatmaps, system prompt diffs
+- On-demand diagnostic tool (not default runtime): `npx ccxray claude`
+- See `docs/guides/ccxray-diagnostics.md`
+
+### Persistent Sessions (Claudraband)
+
+- **Claudraband** adds persistent, resumable sessions and daemon mode with HTTP API to Claude Code
+- Daemon mode: `npx @halfwhey/claudraband serve --port 7842`
+- Prompt injection into running sessions: `npx @halfwhey/claudraband prompt --session <id> "keep going"`
+- Enable as session backend: set `MAESTRO_SESSION_BACKEND=claudraband` in `.env`
+- See `docs/guides/claudraband-sessions.md`
+
+### Swarm Orchestration (ClawTeam) [optional]
+
+- **ClawTeam** orchestrates multi-agent coding swarms using git worktrees + tmux + filesystem messaging
+- Leader/worker pattern with task dependencies and auto-unblocking
+- Each worker gets its own worktree branch — no file conflicts between agents
+- Enable: set `MAESTRO_ENABLE_SWARM=1` before running `init-agent.sh`
+- See `docs/guides/clawteam-swarm.md`
+
+### Multi-Agent Observability (Agents Observe) [optional]
+
+- **Agents Observe** provides a real-time dashboard for monitoring Claude Code agent teams
+- WebSocket-streamed UI showing live tool calls, agent hierarchy trees, and session state
+- 3-5ms latency via background hooks with SQLite storage
+- Best for debugging parallel agent execution and performance profiling
+- Install: `./scripts/setup/install-dev-tools.sh --tool agents-observe`
+- See `docs/guides/agents-observe-setup.md`
+
+### Codebase Knowledge Graph (code-review-graph) [optional]
+
+- **code-review-graph** builds a Tree-sitter-powered structural knowledge graph of codebases
+- MCP tools: blast-radius analysis, review context, architecture overview, semantic search, refactor planning
+- Auto-updates on file changes — persistent structural awareness
+- Best for coding-oriented agents doing PR reviews, engineering health checks, and refactoring
+- Install: `./scripts/setup/install-dev-tools.sh --tool code-review-graph`
+- See `docs/guides/code-review-graph-setup.md`
+
+### Self-Optimization Pattern (AutoAgent-inspired) [optional]
+
+- Standardized framework for agents to autonomously improve their own configuration via benchmark-driven iteration
+- Define scoring rubrics → run scenarios → propose changes → compare scores → keep if better
+- Experiment log: `self-optimization/experiments.jsonl`
+- See `docs/guides/self-optimization-pattern.md`
+
 ### Audit & Hooks
 
 - Pre-send audit hook gates all outbound Slack/Gmail communications

package/scaffold/config/agent.ts.example

@@ -57,7 +57,8 @@ export const agent = {
   /** Agent's phone number (E.164 format) — used for Twilio SMS/voice/WhatsApp */
   phone: '+16282656712',
 
-  /** Agent's Slack member ID (e.g. U097N5R0M7U) — used for mentions and DM routing */
+  /** Agent's Slack member ID (e.g. U097N5R0M7U) — used for mentions, DM routing,
+   *  and cross-agent message filtering (see config/known-agents.json) */
   slackMemberId: '',
 
   // ---------------------------------------------------------------------------

package/scaffold/config/known-agents.json

@@ -0,0 +1,35 @@
+{
+  "_comment": "Registry of all AI agents in the organisation. Used by the daemon classifier to prevent cross-agent message interception — when a message @-mentions a specific agent, only that agent's daemon should respond. Each agent repo should have its own copy of this file. Update when agents are added or removed.",
+  "agents": [
+    {
+      "name": "Sophie",
+      "slackId": "U099N1JFPRQ",
+      "role": "Chief of Staff",
+      "repo": "sophie-ai"
+    },
+    {
+      "name": "Ravi",
+      "slackId": "U099N1JE0LA",
+      "role": "CTO",
+      "repo": "ravi-ai"
+    },
+    {
+      "name": "Lucas",
+      "slackId": "U099N17LVCJ",
+      "role": "Head of Legal Ops",
+      "repo": "lucas-ai"
+    },
+    {
+      "name": "Jacob",
+      "slackId": "U099N19NXT4",
+      "role": "Head of Engineering",
+      "repo": "jacob-ai"
+    },
+    {
+      "name": "Hessa",
+      "slackId": "U0ALUES7ERY",
+      "role": "Head of AI Research",
+      "repo": "hessa-surface"
+    }
+  ]
+}

package/scripts/daemon/classifier.mjs

@@ -5,28 +5,99 @@
  * action type, and which Claude model should handle them.
  *
  * Classification chain:
- *   1. Anthropic Claude Haiku (primary)
+ *   1. Claude Haiku via `claude --print` CLI (Max subscription, no API quota)
  *   2. OpenAI gpt-4o-mini (fallback)
  *   3. Rule-based heuristics (final fallback)
+ *
+ * Tier 1 was migrated off `@anthropic-ai/sdk` per CEO directive
+ * (Slack DM D099N1JGKRQ, 2026-04-27 09:38Z + 11:33Z): all agent
+ * daemon paths must funnel through Claude Code CLI sessions, not
+ * the Anthropic API. The Tier 2 OpenAI fallback is retained as a
+ * safety net for when the CLI is unavailable; Tier 3 rule-based
+ * remains the final fallback.
  */
 
-import Anthropic from "@anthropic-ai/sdk";
 import OpenAI from "openai";
 import dotenv from "dotenv";
+import { spawn } from "child_process";
 import { fileURLToPath } from "url";
 import { dirname, resolve } from "path";
+import { readFileSync } from "fs";
 
 // Load .env from project root
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = dirname(__filename);
 dotenv.config({ path: resolve(__dirname, "../../.env") });
 
+// ── Agent identity + peer agents ──────────────────────────────────────────
+// Loaded from config/known-agents.json and AGENT_DIR to determine which
+// agent is "me" and which are peers. Prevents cross-agent message
+// interception in shared channels (ib-20260418-cross-agent-routing).
+
+const AGENT_DIR = process.env.AGENT_DIR || process.env.AGENT_ROOT || resolve(__dirname, "../..");
+
+let _agentIdentity = null;   // { name, slackId, role }
+let _peerAgents = [];         // [{ name, slackId, role }] — all agents EXCEPT me
+
+function loadAgentRegistry() {
+  if (_agentIdentity) return; // already loaded
+
+  // 1. Load known-agents.json (try agent repo first, then maestro scaffold)
+  let agents = [];
+  for (const base of [AGENT_DIR, resolve(process.env.HOME || "", "maestro")]) {
+    try {
+      const raw = readFileSync(resolve(base, "config/known-agents.json"), "utf-8");
+      agents = JSON.parse(raw).agents || [];
+      if (agents.length > 0) break;
+    } catch { /* try next */ }
+  }
+
+  // 2. Determine which agent is "me" — match by AGENT_DIR basename
+  const repoSlug = AGENT_DIR.split("/").pop(); // e.g. "sophie-ai"
+  const me = agents.find(a => a.repo === repoSlug);
+
+  if (me) {
+    _agentIdentity = me;
+    _peerAgents = agents.filter(a => a.slackId !== me.slackId);
+  } else {
+    // Fallback: try to extract from agent.ts or CLAUDE.md
+    try {
+      const agentTs = readFileSync(resolve(AGENT_DIR, "config/agent.ts"), "utf-8");
+      const nameMatch = agentTs.match(/firstName:\s*['"](\w+)['"]/);
+      const slackMatch = agentTs.match(/slackMemberId:\s*['"]([^'"]+)['"]/);
+      _agentIdentity = {
+        name: nameMatch ? nameMatch[1] : "Unknown",
+        slackId: slackMatch ? slackMatch[1] : "",
+        role: "agent",
+      };
+      _peerAgents = agents.filter(a => a.slackId !== (_agentIdentity.slackId || "NONE"));
+    } catch {
+      _agentIdentity = { name: "Sophie", slackId: "", role: "agent" };
+      _peerAgents = agents;
+    }
+  }
+
+  console.log(`[classifier] Agent identity: ${_agentIdentity.name} (${_agentIdentity.slackId || "no slack ID"}), ${_peerAgents.length} peer agents`);
+}
+
 const ANTHROPIC_MODEL = "claude-haiku-4-5-20251001";
 const OPENAI_MODEL = "gpt-4o-mini";
+const CLAUDE_BIN = process.env.CLAUDE_BIN || "/Users/sophie/.local/bin/claude";
+const CLAUDE_CLI_TIMEOUT_MS = 30_000;
 
 // ── System prompt shared by both LLM classifiers ────────────────────────────
 
-const SYSTEM_PROMPT = `You are a message classifier for Sophie Nguyen, Chief of Staff (AI-operated) at Adaptic.ai. Sophie is the autonomous executive command layer for CEO Mehran Granfar.
+function buildSystemPrompt() {
+  loadAgentRegistry();
+  const agentName = _agentIdentity.name;
+  const agentRole = _agentIdentity.role || "agent";
+
+  // Build peer agents context for the LLM so it knows who the other agents are
+  const peerContext = _peerAgents.length > 0
+    ? `\nKNOWN PEER AGENTS (other AI agents in the organisation — if a message @-mentions one of these by name or Slack ID, it is NOT directed at ${agentName}):\n${_peerAgents.map(a => `- ${a.name} (${a.role}, Slack: <@${a.slackId}>)`).join("\n")}\n`
+    : "";
+
+  return `You are a message classifier for ${agentName}, ${agentRole} (AI-operated) at Adaptic.ai. ${agentName} is the autonomous executive command layer for CEO Mehran Granfar.
 
 Your job: classify each incoming message and return a JSON object with exactly these fields:
 
@@ -38,7 +109,7 @@ Your job: classify each incoming message and return a JSON object with exactly t
   "category": "action_required" | "fyi" | "ignore",
   "directed_at_sophie": true | false
 }
-
+${peerContext}
 Classification rules:
 
 PRIORITY:
@@ -64,21 +135,22 @@ CATEGORY:
 - "fyi": Informational, no action needed
 - "ignore": No value
 
-DIRECTED_AT_SOPHIE (CRITICAL — determines whether Sophie should respond. Default to false in channels/group chats.):
-- true: The message is a DM to Sophie (1:1)
-- true: The message explicitly mentions Sophie by name or @mention
+DIRECTED_AT_SOPHIE (CRITICAL — determines whether ${agentName} should respond. Default to false in channels/group chats.):
+- true: The message is a DM to ${agentName} (1:1)
+- true: The message explicitly mentions ${agentName} by name or @mention
 - true: The message is from the CEO in a DM (1:1 conversation)
-- true: The message explicitly asks Sophie to do something she's responsible for (scheduling, follow-ups, coordination, research) AND addresses her specifically by name or @mention
-- true: In a thread where Sophie previously replied, the message is a DIRECT reply to what Sophie said (e.g., answering her question, responding to her update) — not just any message in the same thread
-- false: CEO messages in channels/group chats that don't mention Sophie — the CEO talks to many people, not just Sophie
+- true: The message explicitly asks ${agentName} to do something they're responsible for AND addresses them specifically by name or @mention
+- true: In a thread where ${agentName} previously replied, the message is a DIRECT reply to what ${agentName} said (e.g., answering their question, responding to their update) — not just any message in the same thread
+- **FALSE — CROSS-AGENT RULE**: If the message explicitly @-mentions or names a DIFFERENT known AI agent (see KNOWN PEER AGENTS above), it is NOT directed at ${agentName} — even if the topic is relevant to ${agentName}'s role. The sender chose a specific agent; respect that routing.
+- false: CEO messages in channels/group chats that don't mention ${agentName} — the CEO talks to many people, not just ${agentName}
 - false: The message is general channel chatter between other team members
-- false: The message is a conversation between two people that doesn't involve Sophie, even if Sophie previously participated in the same thread
-- false: The message is a status update, FYI, or announcement not requiring Sophie's response
-- false: The message is someone responding to another person (not Sophie) in a thread
-- false: Short reactions like "thanks", "nice", "got it", "+1", emoji-only messages — even in threads Sophie is in
+- false: The message is a conversation between two people that doesn't involve ${agentName}, even if ${agentName} previously participated in the same thread
+- false: The message is a status update, FYI, or announcement not requiring ${agentName}'s response
+- false: The message is someone responding to another person (not ${agentName}) in a thread
+- false: Short reactions like "thanks", "nice", "got it", "+1", emoji-only messages — even in threads ${agentName} is in
 - false: Someone sharing a link, article, or resource with the channel generally
-- false: Sophie being in a thread does NOT mean every subsequent message is for her — only direct replies to her messages count
-- CRITICAL DEFAULT: When in doubt in any multi-person channel, group chat, or thread, ALWAYS default to false. Sophie must NOT insert herself into conversations she wasn't invited to. It is far worse to respond unnecessarily than to miss a message — someone will @mention Sophie if they need her.
+- false: ${agentName} being in a thread does NOT mean every subsequent message is for them — only direct replies to their messages count
+- CRITICAL DEFAULT: When in doubt in any multi-person channel, group chat, or thread, ALWAYS default to false. ${agentName} must NOT insert themselves into conversations they weren't invited to. It is far worse to respond unnecessarily than to miss a message — someone will @mention ${agentName} if they need them.
 
 Context:
 - sender_privilege "ceo" = Mehran Granfar (always critical, always opus)
@@ -106,8 +178,11 @@ Output: {"priority":"normal","action":"archive","model":"sonnet","summary":"Team
 Input: External email: "Following up on our conversation about the Singapore entity"
 Output: {"priority":"normal","action":"respond","model":"sonnet","summary":"External follow-up on Singapore entity discussion","category":"action_required","directed_at_sophie":true}
 
-Input: Channel message from Jacob: "@Sophie can you check the engine deployment?"
-Output: {"priority":"normal","action":"respond","model":"sonnet","summary":"Jacob asking Sophie to check engine deployment","category":"action_required","directed_at_sophie":true}
+Input: Channel message from Jacob: "@${agentName} can you check the engine deployment?"
+Output: {"priority":"normal","action":"respond","model":"sonnet","summary":"Jacob asking ${agentName} to check engine deployment","category":"action_required","directed_at_sophie":true}
+
+Input: Channel message from CEO: "@AnotherAgent can you review the agentic libraries in this channel?"
+Output: {"priority":"normal","action":"archive","model":"sonnet","summary":"CEO asking another agent to review agentic libraries — not directed at ${agentName}","category":"fyi","directed_at_sophie":false}
 
 Input: Channel message from Hootan to Nima: "Nima, did you file the DIFC response yet?"
 Output: {"priority":"normal","action":"archive","model":"sonnet","summary":"Hootan asking Nima about DIFC response filing","category":"fyi","directed_at_sophie":false}
@@ -115,11 +190,11 @@ Output: {"priority":"normal","action":"archive","model":"sonnet","summary":"Hoot
 Input: Channel thread — Jacob: "pushed the fix" / Hootan: "nice, looks good"
 Output: {"priority":"normal","action":"archive","model":"sonnet","summary":"Team exchange about code fix","category":"fyi","directed_at_sophie":false}
 
-Input: Thread where Sophie previously replied — Jacob: "yeah that makes sense, I'll handle it" (responding to Hootan, not Sophie)
+Input: Thread where ${agentName} previously replied — Jacob: "yeah that makes sense, I'll handle it" (responding to Hootan, not ${agentName})
 Output: {"priority":"normal","action":"archive","model":"sonnet","summary":"Jacob acknowledging Hootan in thread","category":"fyi","directed_at_sophie":false}
 
-Input: Thread where Sophie previously replied — Hootan: "Sophie, can you send the updated doc?"
-Output: {"priority":"high","action":"respond","model":"sonnet","summary":"Hootan asking Sophie for updated document","category":"action_required","directed_at_sophie":true}
+Input: Thread where ${agentName} previously replied — Hootan: "${agentName}, can you send the updated doc?"
+Output: {"priority":"high","action":"respond","model":"sonnet","summary":"Hootan asking ${agentName} for updated document","category":"action_required","directed_at_sophie":true}
 
 Input: Channel message: "FYI — the Cayman entity docs are signed and filed"
 Output: {"priority":"normal","action":"archive","model":"sonnet","summary":"FYI: Cayman entity docs signed and filed","category":"fyi","directed_at_sophie":false}
@@ -128,6 +203,7 @@ Input: Group chat — Nima: "Hootan, can we sync on the DFSA gaps tomorrow?"
 Output: {"priority":"normal","action":"archive","model":"sonnet","summary":"Nima asking Hootan to sync on DFSA gaps","category":"fyi","directed_at_sophie":false}
 
 Return ONLY the JSON object. No explanation, no markdown fencing, no extra text.`;
+}
 
 // ── Format the inbox item into a human-readable prompt ──────────────────────
 
@@ -158,7 +234,20 @@ function formatItemPrompt(item) {
 function parseClassification(text) {
   // Strip markdown code fences if present
   const cleaned = text.replace(/^```(?:json)?\s*/m, "").replace(/\s*```$/m, "").trim();
-  const parsed = JSON.parse(cleaned);
+  let parsed;
+  try {
+    parsed = JSON.parse(cleaned);
+  } catch (_) {
+    // CLI output may include prose around the JSON. Try regex-extract the
+    // first top-level {...} block. (Greedy match up to the last closing
+    // brace works for our flat schema; nested objects would need a real
+    // parser, but our classification objects are flat.)
+    const match = cleaned.match(/\{[\s\S]*\}/);
+    if (!match) {
+      throw new Error(`classifier: no JSON object found in output: ${cleaned.slice(0, 200)}`);
+    }
+    parsed = JSON.parse(match[0]);
+  }
 
   // Validate and coerce fields
   const validPriorities = ["critical", "high", "normal", "ignore"];
@@ -176,31 +265,109 @@ function parseClassification(text) {
   };
 }
 
-// ── Primary: Anthropic Claude Haiku ─────────────────────────────────────────
+// ── Primary: Claude Haiku via `claude --print` CLI ──────────────────────────
+//
+// We invoke the `claude` binary (Max subscription, Claude Code CLI) rather
+// than the Anthropic API SDK, per CEO directive (Slack DM D099N1JGKRQ,
+// 2026-04-27 09:38Z + 11:33Z): the daemon must NOT consume Anthropic API
+// quota; all model calls must funnel through `claude --print` sessions.
+//
+// Implementation notes:
+//   • child_process.spawn (not exec) — avoids shell-escape injection on
+//     potentially-hostile user message content.
+//   • System prompt rides on --append-system-prompt; the user prompt is
+//     written to stdin and the pipe is closed.
+//   • Output is parsed via parseClassification() which already handles
+//     ```json``` fences and bare JSON.
+//   • Any failure (non-zero exit, timeout, unparseable output) throws so
+//     the OpenAI Tier 2 fallback engages exactly as before.
+
+async function runClaudeCLI(systemPrompt, userPrompt) {
+  return new Promise((resolvePromise, rejectPromise) => {
+    const args = [
+      "--print",
+      "--dangerously-skip-permissions",
+      "--model", ANTHROPIC_MODEL,
+      "--append-system-prompt", systemPrompt,
+    ];
+
+    const proc = spawn(CLAUDE_BIN, args, {
+      stdio: ["pipe", "pipe", "pipe"],
+      // Force claude CLI onto keychain OAuth (Max subscription); strip any
+      // stale ANTHROPIC_API_KEY/AUTH_TOKEN inherited from the daemon env.
+      env: { ...process.env, ANTHROPIC_API_KEY: "", ANTHROPIC_AUTH_TOKEN: "" },
+    });
+
+    let stdout = "";
+    let stderr = "";
+    let settled = false;
+
+    const timer = setTimeout(() => {
+      if (settled) return;
+      settled = true;
+      try { proc.kill("SIGTERM"); } catch (_) { /* noop */ }
+      setTimeout(() => { try { if (!proc.killed) proc.kill("SIGKILL"); } catch (_) { /* noop */ } }, 2000);
+      rejectPromise(new Error(`claude CLI timed out after ${CLAUDE_CLI_TIMEOUT_MS}ms`));
+    }, CLAUDE_CLI_TIMEOUT_MS);
+
+    proc.stdout.on("data", (chunk) => { stdout += chunk.toString(); });
+    proc.stderr.on("data", (chunk) => { stderr += chunk.toString(); });
+
+    proc.on("error", (err) => {
+      if (settled) return;
+      settled = true;
+      clearTimeout(timer);
+      rejectPromise(new Error(`claude CLI spawn error: ${err.message}`));
+    });
+
+    proc.on("close", (code) => {
+      if (settled) return;
+      settled = true;
+      clearTimeout(timer);
+      if (code !== 0) {
+        const tail = (stderr || "").trim().slice(-500);
+        rejectPromise(new Error(`claude CLI exited ${code}: ${tail || "no stderr"}`));
+        return;
+      }
+      resolvePromise(stdout);
+    });
+
+    // Write the user prompt to stdin and close.
+    try {
+      proc.stdin.end(userPrompt, "utf8");
+    } catch (err) {
+      if (settled) return;
+      settled = true;
+      clearTimeout(timer);
+      rejectPromise(new Error(`claude CLI stdin write error: ${err.message}`));
+    }
+  });
+}
 
 async function classifyWithAnthropic(item) {
-  const client = new Anthropic();
-  const response = await client.messages.create({
-    model: ANTHROPIC_MODEL,
-    max_tokens: 256,
-    system: SYSTEM_PROMPT,
-    messages: [
-      { role: "user", content: formatItemPrompt(item) },
-    ],
-  });
-  const text = response.content[0].text;
-  return parseClassification(text);
+  const systemPrompt = buildSystemPrompt();
+  const userPrompt =
+    `${formatItemPrompt(item)}\n\n` +
+    `Respond ONLY with the JSON object specified in the system prompt. ` +
+    `No markdown fences, no commentary, no preamble — JSON only.`;
+
+  const stdout = await runClaudeCLI(systemPrompt, userPrompt);
+  if (!stdout || !stdout.trim()) {
+    throw new Error("claude CLI returned empty stdout");
+  }
+  return parseClassification(stdout);
 }
 
 // ── Fallback 1: OpenAI gpt-4o-mini ─────────────────────────────────────────
 
 async function classifyWithOpenAI(item) {
+  const systemPrompt = buildSystemPrompt();
   const client = new OpenAI();
   const response = await client.chat.completions.create({
     model: OPENAI_MODEL,
     max_tokens: 256,
     messages: [
-      { role: "system", content: SYSTEM_PROMPT },
+      { role: "system", content: systemPrompt },
       { role: "user", content: formatItemPrompt(item) },
     ],
   });
@@ -211,42 +378,89 @@ async function classifyWithOpenAI(item) {
 // ── Fallback 2: Rule-based classification ───────────────────────────────────
 
 /**
- * Rule-based check for whether a message is directed at Sophie.
+ * Check if the message explicitly @-mentions a DIFFERENT known AI agent.
+ * If it does AND does NOT also mention the current agent, the message
+ * should be skipped — the sender chose a specific agent.
+ *
+ * Added in ib-20260418-cross-agent-routing to fix the recurring issue
+ * where Lucas's agent intercepted messages tagged for Sophie in #dev-tooling.
+ */
+function mentionsOtherAgent(item) {
+  loadAgentRegistry();
+  if (_peerAgents.length === 0) return false;
+
+  const content = (item.content || "").toLowerCase();
+  const myName = (_agentIdentity.name || "").toLowerCase();
+  const mySlackId = (_agentIdentity.slackId || "").toLowerCase();
+
+  // Check if the message mentions the CURRENT agent (by name or Slack ID)
+  const mentionsMe = (myName && content.includes(myName))
+    || (mySlackId && content.includes(mySlackId.toLowerCase()));
+
+  // Check if the message mentions any PEER agent
+  const mentionedPeer = _peerAgents.find(peer => {
+    const peerName = (peer.name || "").toLowerCase();
+    const peerSlackId = (peer.slackId || "").toLowerCase();
+    return (peerName && content.includes(peerName))
+      || (peerSlackId && content.includes(peerSlackId.toLowerCase()));
+  });
+
+  // If a peer is mentioned but I am NOT mentioned, this is directed at them
+  if (mentionedPeer && !mentionsMe) {
+    return true;
+  }
+
+  return false;
+}
+
+/**
+ * Rule-based check for whether a message is directed at the current agent.
  * Used by both the rule-based classifier fallback and as a pre-check
  * that can override the LLM's assessment in clear-cut cases.
+ *
+ * Backward-compatible export name: isDirectedAtSophie (used by sophie-daemon.mjs).
  */
 function isDirectedAtSophie(item) {
-  // DMs are always directed at Sophie
+  loadAgentRegistry();
+
+  // ── Cross-agent gate (ib-20260418-cross-agent-routing) ──────────────────
+  // If the message explicitly @-mentions a different known agent and does
+  // NOT mention the current agent, skip it — the sender chose someone else.
+  if (mentionsOtherAgent(item)) return false;
+
+  // DMs are always directed at the current agent
   if (item.is_dm) return true;
   if ((item.channel || "").startsWith("dm/")) return true;
 
-  // CEO DMs are always directed at Sophie, but in channels/group chats
-  // the CEO may be talking to other people — don't auto-insert Sophie.
-  // CEO channel messages only count as directed if they mention Sophie.
+  // CEO DMs are always directed at the current agent
   if (item.sender_privilege === "ceo" && item.is_dm) return true;
 
   // Explicit @mention or name mention in the message content
   const content = (item.content || "").toLowerCase();
-  if (content.includes("sophie") || content.includes("<@u09") || content.includes("<@u0a")) return true; // Sophie user ID prefixes
+  const myName = (_agentIdentity.name || "sophie").toLowerCase();
+  const mySlackId = (_agentIdentity.slackId || "").toLowerCase();
+
+  if (content.includes(myName)) return true;
+  if (mySlackId && content.includes(mySlackId.toLowerCase())) return true;
 
-  // Gmail/calendar messages are directed at Sophie (they're in her inbox)
+  // Gmail/calendar messages are directed at the current agent (they're in its inbox)
   if (item.service === "gmail" || item.service === "calendar") return true;
 
-  // Sophie being in a thread is NOT enough on its own — in group chats,
+  // Agent being in a thread is NOT enough on its own — in group chats,
   // other people may be talking to each other. Only treat it as directed
   // if the message also contains a question, request keyword, or is a
-  // direct follow-up to Sophie's last message in the thread.
-  if (item.sophie_in_thread || (item.thread_context && /^Sophie:/m.test(item.thread_context))) {
-    // Check if Sophie was the last speaker in the thread (sender is replying to her)
+  // direct follow-up to the agent's last message in the thread.
+  const agentNameRegex = new RegExp(`^${myName}:`, "im");
+  if (item.sophie_in_thread || (item.thread_context && agentNameRegex.test(item.thread_context))) {
+    // Check if the agent was the last speaker in the thread
     if (item.thread_context) {
       const lines = item.thread_context.trim().split("\n").filter(Boolean);
       const lastLine = lines[lines.length - 1] || "";
-      if (/^Sophie:/i.test(lastLine)) return true;
+      if (agentNameRegex.test(lastLine)) return true;
     }
-    // Check for question marks or request-like language directed at Sophie
+    // Check for question marks or request-like language
     if (/\?/.test(content)) return true;
     if (/(?:can you|could you|please|would you|do you|let me know|update|status|any update)/i.test(content)) return true;
-    // Otherwise, don't assume the message is for Sophie just because she's in the thread
   }
 
   return false;
@@ -323,7 +537,7 @@ function classifyWithRules(item) {
 }
 
 // Export for use in daemon's pre-classification gate
-export { isDirectedAtSophie };
+export { isDirectedAtSophie, mentionsOtherAgent, loadAgentRegistry };
 
 // ── Main export ─────────────────────────────────────────────────────────────