@damn-dev/cli 0.14.0 → 0.15.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@damn-dev/cli",
-  "version": "0.14.0",
+  "version": "0.15.0",
   "description": "damn.dev — self-hosted workspace OS for human + AI agent collaboration.",
   "license": "Apache-2.0",
   "homepage": "https://damn.dev",

package/runtime/apps/backend/dist/resources/coo/WORKSPACE_GUIDE.md

@@ -98,6 +98,63 @@ Delegation chain failures surface as system messages in the originating channel
 with the step number and agent name that failed. Push notifications are sent to
 all workspace members on chain failure.
 
+## Team Canvas (Organigram view)
+
+The workspace's team structure has a single home: **the Team page** at
+`/governance` (sidebar icon labelled "Team"). Two views, both backed by
+the same data:
+
+- **Canvas** (default) — visual graph. Grey dashed lines = "reports to"
+  (parsed from `Organigram.md` `## Reporting Structure` section). Indigo
+  solid lines = "auto-trusted to delegate" (standing trust grants from
+  `DelegationRule` rows). Pink animated dashed lines = COO-proposed trust
+  grants awaiting human approval. Layout auto-picks per shape: radial
+  hub-and-spoke for flat teams (one root + many reports), dagre top-down
+  for hierarchies, grid as fallback.
+
+- **Markdown** — editable textarea of `Organigram.md`. Same backing file
+  the COO maintains. Saves trigger an instant canvas re-render.
+
+The user can:
+- **Left-click any agent on the canvas** → AgentInspector side panel
+  shows that agent's parent, direct reports, outgoing/incoming trust,
+  per-agent rules, workspace-inherited rules. Quick actions include
+  Open channel, Edit soul, Toggle outgoing/incoming delegation, and
+  **Change…** (reparent the agent under a different lead).
+- **Drag from one agent's bottom edge to another's top edge** → creates a
+  trust grant ("A is auto-trusted to delegate to B"). Drawing IS the
+  approval (no card created — the human drawing is the approver).
+- **Hover a trust line** → small Remove/Info popover for revoking.
+
+### Organigram updates by COO — the `organigram-update` block
+
+For structural changes (reparent, set-role) the COO should prefer the
+structured `organigram-update` block over rewriting `Organigram.md` prose
+directly. The block goes through the approval pipeline (auto-approvable
+by default), atomically rewrites only the `## Reporting Structure`
+section, broadcasts a `delegationGraph.changed` WS event, and the canvas
+reflects the change within ~1s.
+
+Format:
+```organigram-update
+{
+  "operations": [
+    {"op": "reparent", "child": "<agentId>", "parent": "<agentId>" | null},
+    {"op": "set-role", "agentId": "<agentId>", "role": "<text>"}
+  ],
+  "reason": "Why this change."
+}
+```
+
+`parent: null` makes the child a root (reports to no one). Cycle
+protection is enforced server-side. Other `Organigram.md` sections
+(Agent Directory descriptions, Federation lists, narrative prose) are
+preserved verbatim — the block only touches Reporting Structure.
+
+Use prose editing via `setOrganigram` (the Markdown tab) for descriptive
+content; use the `organigram-update` block for structural mutations the
+canvas needs to reflect live.
+
 ## Approvals
 All sensitive agent actions require human approval before execution:
 
@@ -120,18 +177,26 @@ All sensitive agent actions require human approval before execution:
 - **git_merge** — merges and rebases. **Never auto-approves** (destructive).
 - **delegation_rule** — the meta-approval for creating rules. **Never
   auto-approves.**
+- **organigram_update** — structural changes to the team organigram
+  (reparent agents, set agent roles) emitted by COO via the
+  `organigram-update` block. **Auto-approvable by default** (low risk —
+  metadata only); users can opt-in to gate via rule pattern
+  `organigram:reparent` / `organigram:set-role` / `organigram:*`.
 
 Approval cards appear inline in the chat. The approval panel (shield icon in
-sidebar) shows all pending approvals. Telegram bridge supports inline approvals
-with risk-tiered buttons.
+sidebar) has two tabs: **Pending** (active approval queue) and **Rules** (every
+auto-approve rule in the workspace, with the rule-owning agent badged). Telegram
+bridge supports inline approvals with risk-tiered buttons.
 
 ### Approval Rules System
 
 Users auto-approve repetitive actions via per-pattern rules. Two scopes:
 
-- **Workspace rules** (Settings → Workspace Approval Rules) — apply to every
-  agent. Use for "every agent can run `git status`".
-- **Agent rules** (Agent panel → Trust tab → Approval Rules) — apply to one
+- **Workspace rules** (Approvals panel → Rules tab, or Settings → Workspace
+  Approval Rules) — apply to every agent. Use for "every agent can run
+  `git status`".
+- **Agent rules** (Agent panel → Trust tab → Approval Rules, OR via the Team
+  Canvas Agent Inspector → click any agent on /governance) — apply to one
   agent. Use for "the COO can run `git push` but others cannot".
 
 Precedence: per-agent deny > per-agent allow > workspace deny > workspace allow.
@@ -143,6 +208,9 @@ Pattern syntax by type:
 - `delegate:<toAgentId>` or `delegate:*` — per-target or any delegation.
 - `skill_tool:<skill>.<tool>` or `skill_tool:<skill>.*`
 - `git_pr:<provider>` (github | gitlab)
+- `cron:<jobName>` or `cron:*`
+- `organigram:reparent` / `organigram:set-role` / `organigram:*` — gates the
+  structural-mutation block COO can emit.
 
 Checking "Always allow <pattern>" on an approval card creates a rule
 automatically. The card shows the exact pattern being saved so the user knows