@adaptic/maestro 1.10.6 → 1.10.8

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@adaptic/maestro",
-  "version": "1.10.6",
+  "version": "1.10.8",
   "description": "Maestro — Autonomous AI agent operating system. Deploy AI employees on dedicated Mac minis.",
   "type": "module",
   "bin": {

package/scripts/poller/slack-poller.mjs

@@ -273,6 +273,59 @@ export async function pollSlack() {
     activeThreads = {};
   }
 
+  // ── CEO DM pre-pass ──────────────────────────────────────────────────
+  // Mehran's DMs are the single most time-sensitive signal. The channel
+  // loop below routinely eats the entire 55s cycle budget on a busy
+  // workspace and skips DMs entirely. Poll the CEO DMs FIRST (with a
+  // small dedicated budget) so they always get fresh data regardless of
+  // how the broader cycle plays out. The downstream DM section will
+  // re-iterate but the items dedup on raw_ref so duplicates are dropped.
+  const ceoDmItemsSeen = new Set(); // raw_refs we already pushed in the pre-pass
+  try {
+    const convos = await slackApi("conversations.list", { types: "im", limit: 50 });
+    if (convos.ok) {
+      const ceoDMs = (convos.channels || []).filter((im) => im.user === CEO_USER_ID);
+      for (const im of ceoDMs) {
+        const history = await slackApi("conversations.history", {
+          channel: im.id,
+          oldest,
+          limit: 10,
+        });
+        if (!history.ok) continue;
+        for (const msg of history.messages || []) {
+          if (msg.bot_id || msg.user === AGENT_USER_ID) continue;
+          if (isVoiceTranscript(msg.text || "")) continue; // handled in main DM loop
+          const rawRef = `slack:${im.id}:${msg.ts}`;
+          ceoDmItemsSeen.add(rawRef);
+          items.push({
+            id: msg.ts.replace(".", "-"),
+            service: "slack",
+            channel: `dm/${resolveName(msg.user)}`,
+            sender: resolveName(msg.user),
+            sender_privilege: resolvePrivilege(msg.user),
+            timestamp: new Date(parseFloat(msg.ts) * 1000).toISOString(),
+            subject: `DM from ${resolveName(msg.user)}`,
+            content: msg.text || "",
+            thread_id: msg.thread_ts && msg.thread_ts !== msg.ts ? msg.thread_ts : "",
+            is_reply: false,
+            is_voice_transcript: false,
+            priority_signals: {
+              from_ceo: true,
+              tagged_urgent:
+                /\b(urgent|emergency|asap|blocker|critical)\b/i.test(msg.text || ""),
+              contains_deadline: false,
+              mentions_agent: true,
+            },
+            raw_ref: rawRef,
+            channel_id: im.id,
+          });
+        }
+      }
+    }
+  } catch (err) {
+    errors.push(`CEO DM pre-pass: ${err.message}`);
+  }
+
   for (const channel of channelsThisCycle) {
     // Check cycle time budget — skip remaining channels if running long
     if (isCycleBudgetExceeded()) {
@@ -391,12 +444,16 @@ export async function pollSlack() {
     });
     if (convos.ok) {
       const allDMs = convos.channels || [];
-      // Separate CEO DMs (always poll) from other DMs (rotate in halves)
+      // Separate CEO DMs (always poll) from other DMs (rotate in halves).
+      // We still track ceoDMChannelIds for the downstream thread-scan
+      // priority pass, but skip CEO DMs in the per-channel polling loop
+      // below because the CEO DM pre-pass at the top of the cycle has
+      // already fetched + pushed their messages with fresh budget.
       const ceoDMs = allDMs.filter((im) => im.user === CEO_USER_ID);
       for (const dm of ceoDMs) ceoDMChannelIds.add(dm.id);
       const otherDMs = allDMs.filter((im) => im.user !== CEO_USER_ID);
       const rotatedOtherDMs = otherDMs.filter((_, i) => i % 2 === pollCycleCount % 2);
-      const dmsThisCycle = [...ceoDMs, ...rotatedOtherDMs];
+      const dmsThisCycle = rotatedOtherDMs;
 
       for (const im of dmsThisCycle) {
         // Check cycle time budget — skip remaining DMs if running long

package/scripts/slack-responded.sh

@@ -159,6 +159,49 @@ EOF
     exit 1  # Not yet handled
     ;;
 
+  release)
+    # release <channel_id> <message_ts> [session_id]
+    # Releases an unconfirmed lock so a legitimate retry isn't blocked by a
+    # 24h TTL. Called by slack-send.sh's exit trap when a send fails or the
+    # script crashes after acquiring the lock but before confirming the send.
+    #
+    # Safety:
+    #   - Refuse to release if the lock has been confirmed (real send happened)
+    #   - If session_id is provided, only release locks owned by that session
+    #     (prevents a buggy caller from blowing away a sibling's in-flight lock)
+    #
+    # Lock metadata is stored in `meta` (acquire/confirm both write to it)
+    # using the format produced by the acquire/confirm sections above:
+    #   session: "<id>"
+    #   status: acquired   (or confirmed)
+    CHANNEL="${2:?Channel ID required}"
+    MSG_TS="${3:?Message TS required}"
+    SESSION_ID="${4:-unknown}"
+
+    LOCK_DIR="$LOCK_BASE_DIR/${CHANNEL}-${MSG_TS}"
+    META="$LOCK_DIR/meta"
+
+    if [ ! -d "$LOCK_DIR" ]; then
+      echo "NOT_HELD"
+      exit 0
+    fi
+
+    if [ -f "$META" ] && grep -qE "^status:[[:space:]]*confirmed" "$META" 2>/dev/null; then
+      echo "ALREADY_CONFIRMED"
+      exit 0
+    fi
+
+    if [ -f "$META" ] && [ "$SESSION_ID" != "unknown" ]; then
+      if ! grep -qE "^session:[[:space:]]*\"?${SESSION_ID}\"?[[:space:]]*$" "$META" 2>/dev/null; then
+        echo "NOT_OWNED"
+        exit 0
+      fi
+    fi
+
+    rm -rf "$LOCK_DIR"
+    echo "RELEASED"
+    ;;
+
   mark)
     # mark <message_ts> — backward-compatible mark
     MSG_TS="${2:?Message TS required}"
@@ -175,11 +218,12 @@ EOF
     ;;
 
   *)
-    echo "Usage: slack-responded.sh {acquire|confirm|check|mark|clean} [args...]"
+    echo "Usage: slack-responded.sh {acquire|confirm|release|check|mark|clean} [args...]"
     echo ""
     echo "Commands:"
     echo "  acquire <channel> <msg_ts> [session_id]  — Atomically claim a response lock"
     echo "  confirm <channel> <msg_ts> [preview]      — Record successful send"
+    echo "  release <channel> <msg_ts> [session_id]  — Release unconfirmed lock (send failed)"
     echo "  check <msg_ts> [channel]                   — Check if already handled"
     echo "  mark <msg_ts>                              — Legacy: mark as handled"
     echo "  clean                                       — Purge old entries"

package/scripts/slack-send.sh

@@ -72,6 +72,36 @@ if [ -z "$CHANNEL" ] || [ -z "$MESSAGE" ]; then
   exit 1
 fi
 
+# Auto-detect --responding_to from the inbox if the caller didn't pass it.
+# Protects against operator-vs-daemon duplicate replies: when a human-prompted
+# session replies via this script, it should claim the dedup lock so the
+# daemon's session (which always passes --responding_to) finds the lock
+# already taken and skips its own send. Without auto-detect, two reply
+# sources race and the user gets duplicate substantive responses (observed
+# on 2026-05-12 when operator + daemon both replied to a CEO DM 3 min apart).
+#
+# Strategy: scan state/inbox/slack/ for the most recent unprocessed YAML
+# whose body references this channel; extract its raw_ref ts as RESPONDING_TO.
+# Operator can override by passing --responding_to explicitly, or skip auto-
+# detect with --responding_to "" (proactive send not tied to an inbox item).
+if [ -z "$RESPONDING_TO" ] && [[ "$CHANNEL" =~ ^[CD][A-Z0-9]+$ ]]; then
+  INBOX_DIR="$AGENT_REPO_DIR/state/inbox/slack"
+  if [ -d "$INBOX_DIR" ]; then
+    LATEST_INBOX=$(
+      ls -t "$INBOX_DIR"/*.yaml 2>/dev/null |
+        xargs -I{} grep -l "channel_id: \"$CHANNEL\"" {} 2>/dev/null |
+        head -1
+    )
+    if [ -n "$LATEST_INBOX" ]; then
+      AUTO_TS=$(grep "^raw_ref:" "$LATEST_INBOX" 2>/dev/null | sed -E 's/.*:([0-9]+\.[0-9]+)".*/\1/')
+      if [ -n "$AUTO_TS" ]; then
+        RESPONDING_TO="$AUTO_TS"
+        echo "[slack-send] auto-detected --responding_to=$RESPONDING_TO from $(basename "$LATEST_INBOX")" >&2
+      fi
+    fi
+  fi
+fi
+
 # Dedup check: if --responding_to is set, use atomic locking to prevent concurrent sends
 DEDUP_ACQUIRED=""
 if [ -n "$RESPONDING_TO" ]; then
@@ -88,6 +118,21 @@ if [ -n "$RESPONDING_TO" ]; then
     exit 0
   fi
   DEDUP_ACQUIRED="1"
+
+  # Lock-release safety net. If this script exits BEFORE confirming the
+  # lock (e.g. validation failed, Slack API errored, python script crashed
+  # during message conversion, caller killed us), we must release the lock
+  # so the next legitimate retry isn't blocked for 24 hours. The trap is
+  # cleared after the post-send confirm; if the confirm runs, we leave
+  # the lock in place (it's now a real send marker, not a placeholder).
+  cleanup_unconfirmed_lock() {
+    local exit_code=$?
+    if [ -n "$DEDUP_ACQUIRED" ] && [ -z "$DEDUP_CONFIRMED" ]; then
+      "$SCRIPT_DIR/slack-responded.sh" release "$CHANNEL" "$RESPONDING_TO" "$SESSION_ID" 2>/dev/null || true
+    fi
+    return "$exit_code"
+  }
+  trap cleanup_unconfirmed_lock EXIT
 fi
 
 # Show typing indicator before sending (non-blocking, fire-and-forget)
@@ -200,7 +245,11 @@ if [ "$STATUS" = "invalid_auth" ] || [ "$STATUS" = "token_revoked" ] || [ "$STAT
 fi
 
 # Post-send: confirm the response lock with message details (audit trail)
+# and mark the trap as fulfilled so the exit-handler does NOT release the
+# now-legitimate confirmation marker. Any non-OK status leaves DEDUP_CONFIRMED
+# unset, so the EXIT trap releases the lock for legitimate retry.
 if [ "$STATUS" = "OK" ] && [ -n "$RESPONDING_TO" ] && [ -n "$DEDUP_ACQUIRED" ]; then
   PREVIEW=$(echo "$MESSAGE" | head -c 200)
   "$SCRIPT_DIR/slack-responded.sh" confirm "$CHANNEL" "$RESPONDING_TO" "$PREVIEW" 2>/dev/null || true
+  DEDUP_CONFIRMED="1"
 fi