@desplega.ai/agent-swarm 1.79.0 → 1.79.2

package/src/http/pages-public.ts

@@ -22,8 +22,8 @@
  */
 import type { IncomingMessage, ServerResponse } from "node:http";
 import { z } from "zod";
-import { BROWSER_SDK_JS } from "../artifact-sdk/browser-sdk";
-import { getPage } from "../be/db";
+import { BROWSER_SDK_JS, SWARM_UI_JS } from "../artifact-sdk/browser-sdk";
+import { getPage, incrementPageViewCount } from "../be/db";
 import type { Page } from "../types";
 import { extractAndVerifyCookie, issuePageSessionCookie } from "../utils/page-session";
 import { scrubSecrets } from "../utils/secret-scrubber";
@@ -113,10 +113,31 @@ const PAGE_HEAD_DEFAULTS = `<base target="_blank">
   code, pre, kbd, samp { font-family: "Space Mono", ui-monospace, monospace; }
   a { color: var(--swarm-primary); }
   ::selection { background: var(--swarm-primary); color: #fff; }
+  @media print {
+    /* Override theme variables so built-in primitives (swarm-diff, swarm-card)
+       that read var(--swarm-card) / var(--swarm-border) etc. inline-styled
+       backgrounds also flip to light. Without this, diff cards stay dark navy
+       on print. */
+    :root {
+      --swarm-bg: #ffffff;
+      --swarm-card: #ffffff;
+      --swarm-border: #cccccc;
+      --swarm-text: #000000;
+      --swarm-muted: #555555;
+    }
+    html, body { background: white !important; color: black !important; }
+    a { color: black !important; text-decoration: underline; }
+    /* Hide any swarm chrome the agent (or built-in primitives) tagged with
+       .no-print. Use this class on annotation badges, jump-list nav, anything
+       that shouldn't appear in the PDF export. */
+    .no-print { display: none !important; }
+    /* Avoid page-break inside cards / diff blocks. */
+    .swarm-card, swarm-diff { break-inside: avoid; }
+  }
 </style>`;
 
 function injectBrowserSdk(html: string): string {
-  const injection = `${PAGE_HEAD_DEFAULTS}<script>${BROWSER_SDK_JS}</script>`;
+  const injection = `${PAGE_HEAD_DEFAULTS}<script>${BROWSER_SDK_JS}</script><script>${SWARM_UI_JS}</script>`;
   // Use the first occurrence of `<head>` (case-insensitive). A page that
   // doesn't have a `<head>` element (raw fragment) still gets the SDK at the
   // front of the document.
@@ -181,11 +202,14 @@ function buildCsp(): string {
   // Fonts (`fonts.googleapis.com` stylesheets + `fonts.gstatic.com` font
   // files) for the swarm default typography, and same-origin /@swarm/api/*
   // for the Browser SDK. Inline scripts/styles remain allowed so
-  // agent-emitted styles work.
+  // agent-emitted styles work. `cdn.jsdelivr.net` + `unpkg.com` are the two
+  // dominant npm-package CDNs (Chart.js, ApexCharts, D3, htmx, Alpine, …) so
+  // pages that need a viz library can `<script src="…">` instead of inlining
+  // a multi-hundred-KB bundle.
   return [
     "default-src 'self'",
-    "script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.tailwindcss.com",
-    "style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.tailwindcss.com",
+    "script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.tailwindcss.com https://cdn.jsdelivr.net https://unpkg.com",
+    "style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.tailwindcss.com https://cdn.jsdelivr.net https://unpkg.com",
     "font-src 'self' https://fonts.gstatic.com data:",
     "img-src 'self' data: https:",
     "connect-src 'self'",
@@ -438,6 +462,7 @@ export async function handlePagesPublic(
         body: page.body,
       }),
     );
+    bumpViewCount(page.id);
     return true;
   }
 
@@ -447,6 +472,9 @@ export async function handlePagesPublic(
     if (inlineSetCookie) headers["Set-Cookie"] = inlineSetCookie;
     res.writeHead(302, headers);
     res.end();
+    // 302 redirects are intentionally NOT counted — they're a stop-over for
+    // JSON pages, and the SPA's subsequent `/p/:id.json` fetch bumps the
+    // counter via the JSON path above. Counting both would double-count.
     return true;
   }
 
@@ -462,5 +490,21 @@ export async function handlePagesPublic(
   if (inlineSetCookie) headers["Set-Cookie"] = inlineSetCookie;
   res.writeHead(200, headers);
   res.end(html);
+  bumpViewCount(page.id);
   return true;
 }
+
+/**
+ * Best-effort view-count bump. Wrapped in try/catch so a counter write never
+ * fails the response — pages are served before the bump runs, and any DB
+ * error is swallowed silently. No dedup by viewer; one bump per successful
+ * 200 (HTML inline or JSON metadata fetch). 302/401/403/404 responses do
+ * NOT bump.
+ */
+function bumpViewCount(pageId: string): void {
+  try {
+    incrementPageViewCount(pageId);
+  } catch {
+    // intentional empty — analytics must never break page serving.
+  }
+}

package/src/http/status.ts

@@ -9,7 +9,7 @@
  *   `cred_status` column. This file only reads those rows.
  * - This is critical for the bun-compiled API binary: importing any
  *   provider-adapter code at module level drags worker-harness SDKs (e.g.
- *   `@mariozechner/pi-coding-agent`) into the bundle, which crashes at
+ *   `@earendil-works/pi-coding-agent`) into the bundle, which crashes at
  *   `/usr/local/bin/` on boot. Keep this file adapter-free.
  * - Setup checks beyond credentials are still env- and DB-only (zero
  *   network, zero side effects).

package/src/providers/claude-adapter.ts

@@ -1,4 +1,5 @@
-import { unlink, writeFile } from "node:fs/promises";
+import { readFile, unlink, writeFile } from "node:fs/promises";
+import { homedir } from "node:os";
 import { dirname, join } from "node:path";
 import { computeContextUsed, getContextWindowSize } from "../utils/context-window";
 import { validateClaudeCredentials } from "../utils/credentials";
@@ -60,6 +61,97 @@ async function cleanupTaskFile(pid: number): Promise<void> {
   }
 }
 
+/**
+ * Parse `CLAUDE_BINARY` into argv prefix tokens.
+ *
+ * Accepts a single binary name (`"claude"`, `"shannon"`), an absolute path,
+ * or a whitespace-separated command string (`"bunx @dexh/shannon"`,
+ * `"npx -y @dexh/shannon"`). Trim + split on `/\s+/`. No shell parsing, no
+ * quote handling — keep it tiny and predictable. Empty / missing → `["claude"]`.
+ *
+ * Exported for unit testing.
+ */
+export function parseClaudeBinary(raw: string | undefined): string[] {
+  const trimmed = (raw ?? "claude").trim();
+  if (trimmed === "") return ["claude"];
+  return trimmed.split(/\s+/);
+}
+
+/**
+ * Resolve the effective `CLAUDE_BINARY` for a worker (raw string, pre-parse).
+ *
+ * Precedence (highest first), mirroring `resolveHarnessProvider`:
+ *   1. `resolvedEnv.CLAUDE_BINARY` — overlay from `swarm_config`
+ *      (scoped repo > agent > global, applied by `fetchResolvedEnv` in
+ *      `src/commands/runner.ts`). Lets operators flip a worker via
+ *      `set-config` without a container restart.
+ *   2. `fallbackEnv.CLAUDE_BINARY` — raw `process.env` (container env).
+ *   3. `"claude"` — final default; no behavior change for users who don't set it.
+ *
+ * Returns the raw string (caller pipes through `parseClaudeBinary` for argv split).
+ *
+ * Exported for unit testing.
+ */
+export function resolveClaudeBinary(
+  resolvedEnv: Record<string, string | undefined>,
+  fallbackEnv: Record<string, string | undefined> = process.env,
+): string {
+  const candidate = resolvedEnv.CLAUDE_BINARY?.trim() || fallbackEnv.CLAUDE_BINARY?.trim();
+  return candidate || "claude";
+}
+
+/**
+ * Pre-seed `~/.claude.json` so the per-project trust-dialog ("Quick safety
+ * check: Is this a project you trust?") doesn't block on first run.
+ *
+ * Mirrors the onboarding-skip hack in `Dockerfile.worker` (which writes
+ * `hasCompletedOnboarding` and `bypassPermissionsModeAccepted`). When the
+ * resolved binary contains "shannon", claude runs inside tmux and shannon
+ * does NOT auto-accept the dialog, so the pane hangs forever. Writing
+ * `projects[cwd].hasTrustDialogAccepted = true` (and `hasCompletedProjectOnboarding`)
+ * tells claude-code the cwd is pre-trusted.
+ *
+ * Idempotent (no-op when already true), read-merge-write (never clobbers
+ * other keys), graceful on missing / malformed file.
+ *
+ * Exported for unit testing.
+ */
+export async function preseedClaudeTrustDialog(
+  cwd: string,
+  // Prefer `$HOME` over `homedir()` so callers in tests / sandboxed envs that
+  // override HOME get the override. Bun's `os.homedir()` caches the real
+  // passwd entry at process boot and ignores HOME mutations.
+  homeDir: string = process.env.HOME ?? homedir(),
+): Promise<void> {
+  const claudeJsonPath = join(homeDir, ".claude.json");
+  let data: Record<string, unknown> = {};
+  try {
+    const raw = await readFile(claudeJsonPath, "utf-8");
+    const parsed = JSON.parse(raw);
+    if (parsed && typeof parsed === "object" && !Array.isArray(parsed)) {
+      data = parsed as Record<string, unknown>;
+    }
+  } catch {
+    // missing or malformed — start from {}
+  }
+
+  const projects = (data.projects ?? {}) as Record<string, Record<string, unknown>>;
+  const existing = projects[cwd] ?? {};
+  if (existing.hasTrustDialogAccepted === true) {
+    // Already trusted — no-op, no write.
+    return;
+  }
+
+  projects[cwd] = {
+    ...existing,
+    hasTrustDialogAccepted: true,
+    hasCompletedProjectOnboarding: true,
+  };
+  data.projects = projects;
+
+  await writeFile(claudeJsonPath, `${JSON.stringify(data, null, 2)}\n`);
+}
+
 /**
  * Merge a base MCP config (typically read from `.mcp.json`) with freshly-resolved
  * installed servers from the API, and inject the per-task `X-Source-Task-Id` header
@@ -178,7 +270,7 @@ class ClaudeSession implements ProviderSession {
     taskFilePath: string,
     taskFilePid: number,
     private sessionMcpConfig: string | null = null,
-    private claudeBinary: string = "claude",
+    private claudeBinaryArgv: readonly string[] = ["claude"],
   ) {
     this.taskFilePid = taskFilePid;
     this.contextWindowSize = getContextWindowSize(model);
@@ -217,7 +309,7 @@ class ClaudeSession implements ProviderSession {
 
   private buildCommand(): string[] {
     const cmd = [
-      this.claudeBinary,
+      ...this.claudeBinaryArgv,
       "--model",
       this.model,
       "--verbose",
@@ -518,7 +610,7 @@ class ClaudeSession implements ProviderSession {
           taskFilePath,
           this.taskFilePid,
           null,
-          this.claudeBinary,
+          this.claudeBinaryArgv,
         );
 
         // Forward events from retry to our listeners
@@ -548,8 +640,47 @@ export class ClaudeAdapter implements ProviderAdapter {
     const credType = validateClaudeCredentials(config.env || process.env);
     console.log(`\x1b[2m[claude]\x1b[0m Using credential: ${credType}`);
 
-    // Resolve claude binary: CLAUDE_BINARY env var > "claude" (PATH lookup)
-    const claudeBinary = process.env.CLAUDE_BINARY || "claude";
+    // Resolve the argv prefix. Same flags (`-p`, `--model`, ...) work across
+    // alternates; only argv[0..n] changes. `CLAUDE_BINARY` accepts a single
+    // binary (`"shannon"`, `"/usr/local/bin/shannon"`) or a whitespace-separated
+    // command string (`"bunx @dexh/shannon"`, `"npx -y @dexh/shannon"`).
+    // Setting it to anything containing `shannon` opts into the dexhorthy/shannon
+    // variant, which drives `claude` interactively in tmux to stay on the
+    // subscription credit pool after the 2026-06-15 programmatic-credit split.
+    //
+    // `config.env` carries the swarm_config overlay (resolved repo > agent > global
+    // by `fetchResolvedEnv` in src/commands/runner.ts), so operators can flip
+    // a worker's binary via `set-config CLAUDE_BINARY=...` without a restart.
+    // Falls back to process.env, then "claude". See `resolveClaudeBinary` above.
+    //
+    // See `docs-site/.../shannon-experimental.mdx` for the user-facing guide
+    // and `runbooks/harness-providers.md` for engineering notes.
+    const claudeBinaryRaw = resolveClaudeBinary(config.env || process.env);
+    const claudeBinaryArgv = parseClaudeBinary(claudeBinaryRaw);
+    const isShannon = claudeBinaryRaw.toLowerCase().includes("shannon");
+
+    // Fail fast: shannon shells out to tmux. If it's missing, surface a
+    // clear error here rather than letting the spawn fail opaquely.
+    if (isShannon && !Bun.which("tmux")) {
+      throw new Error(
+        "CLAUDE_BINARY=shannon requires 'tmux' on PATH (install via apt/brew). See runbooks/harness-providers.md.",
+      );
+    }
+
+    // Shannon drives `claude` in tmux — claude's per-project trust dialog
+    // (first-run "Is this a project you trust?") hangs the pane because shannon
+    // doesn't auto-accept it. Pre-seed `~/.claude.json` so the dialog never
+    // prompts. Idempotent; no-op when already trusted. Engineering rationale:
+    // `runbooks/harness-providers.md` § "Trust-dialog pre-seed".
+    if (isShannon) {
+      try {
+        await preseedClaudeTrustDialog(config.cwd);
+      } catch (err) {
+        console.warn(
+          `\x1b[33m[claude]\x1b[0m Failed to pre-seed trust dialog for ${config.cwd}: ${err}`,
+        );
+      }
+    }
 
     const taskFilePid = process.pid;
     const taskFilePath = await writeTaskFile(taskFilePid, {
@@ -584,7 +715,7 @@ export class ClaudeAdapter implements ProviderAdapter {
       taskFilePath,
       taskFilePid,
       sessionMcpConfig,
-      claudeBinary,
+      claudeBinaryArgv,
     );
   }
 

package/src/providers/pi-mono-adapter.ts

@@ -8,20 +8,20 @@
 
 import { existsSync, lstatSync, symlinkSync, unlinkSync } from "node:fs";
 import { join } from "node:path";
-import { getModel } from "@mariozechner/pi-ai";
+import { getModel } from "@earendil-works/pi-ai";
 import type {
   AgentSessionEvent,
   CreateAgentSessionOptions,
   SessionStats,
   ToolDefinition,
-} from "@mariozechner/pi-coding-agent";
+} from "@earendil-works/pi-coding-agent";
 import {
   type AgentSession,
   createAgentSession,
   DefaultResourceLoader,
   getAgentDir,
   SessionManager,
-} from "@mariozechner/pi-coding-agent";
+} from "@earendil-works/pi-coding-agent";
 import { type TSchema, Type } from "typebox";
 import { scrubSecrets } from "../utils/secret-scrubber";
 import { createSwarmHooksExtension } from "./pi-mono-extension";

package/src/providers/pi-mono-extension.ts

@@ -6,7 +6,7 @@
  * with full behavioral parity.
  */
 
-import type { ExtensionFactory } from "@mariozechner/pi-coding-agent";
+import type { ExtensionFactory } from "@earendil-works/pi-coding-agent";
 import { buildRatingsFromLlm, fetchRetrievalsForTask, postRatings } from "../be/memory/raters/llm";
 import { checkToolLoop, clearToolHistory } from "../hooks/tool-loop-detection";
 import { summarizeSession as runSummarize } from "../utils/internal-ai";

package/src/server.ts

@@ -13,6 +13,14 @@ import { registerGetTaskDetailsTool } from "./tools/get-task-details";
 import { registerGetTasksTool } from "./tools/get-tasks";
 import { registerInjectLearningTool } from "./tools/inject-learning";
 import { registerJoinSwarmTool } from "./tools/join-swarm";
+// KV capability
+import {
+  registerKvDeleteTool,
+  registerKvGetTool,
+  registerKvIncrTool,
+  registerKvListTool,
+  registerKvSetTool,
+} from "./tools/kv";
 // Messaging capability
 import { registerListChannelsTool } from "./tools/list-channels";
 import { registerListServicesTool } from "./tools/list-services";
@@ -121,7 +129,8 @@ import {
 
 // Capability-based feature flags
 // Default: all capabilities enabled
-const DEFAULT_CAPABILITIES = "core,task-pool,profiles,services,scheduling,memory,workflows,pages";
+const DEFAULT_CAPABILITIES =
+  "core,task-pool,profiles,services,scheduling,memory,workflows,pages,kv";
 const CAPABILITIES = new Set(
   (process.env.CAPABILITIES || DEFAULT_CAPABILITIES).split(",").map((s) => s.trim()),
 );
@@ -293,6 +302,16 @@ export function createServer() {
     registerCreatePageTool(server);
   }
 
+  // KV capability — namespaced Redis-like key/value (see src/be/migrations/061_kv_store.sql).
+  // Enabled by default; opt out via `CAPABILITIES=...` without `kv`.
+  if (hasCapability("kv")) {
+    registerKvGetTool(server);
+    registerKvSetTool(server);
+    registerKvDeleteTool(server);
+    registerKvIncrTool(server);
+    registerKvListTool(server);
+  }
+
   // MCP Servers - always registered
   registerMcpServerCreateTool(server);
   registerMcpServerUpdateTool(server);

package/src/tasks/context-key.ts

@@ -6,6 +6,11 @@
  * a task belongs to. We persist the key on `agent_tasks.contextKey` so that a
  * single indexed lookup can return all sibling tasks for a given entity.
  *
+ * The same vocabulary is reused by the KV store (`kv_entries.namespace`) so a
+ * caller can read/write state scoped to the entity that triggered the call
+ * (Slack thread, PR, Linear issue, agent, page, ...) without inventing a
+ * separate namespace scheme.
+ *
  * Key schema:
  *   task:slack:{channelId}:{threadTs}
  *   task:agentmail:{threadId}
@@ -15,6 +20,8 @@
  *   task:trackers:jira:{issueIdentifier}          (e.g. PROJ-123 — case preserved)
  *   task:schedule:{scheduleId}
  *   task:workflow:{workflowRunId}
+ *   task:agent:{agentId}                          (KV-only: per-agent scratchpad)
+ *   task:page:{pageId}                            (KV-only: per-page state, proxy-enforced)
  *
  * Rules:
  *   - Fixed prefix tokens (`task`, family, sub-family, kind) are always lowercase.
@@ -157,6 +164,27 @@ export function workflowContextKey(input: { workflowRunId: string }): string {
   return ["task", "workflow", workflowRunId].join(SEPARATOR);
 }
 
+/**
+ * Per-agent KV scratchpad namespace. Not used as a task `contextKey` (tasks
+ * always derive their context from an ingress entity), but reused here so the
+ * KV layer can resolve "the caller has no task header, just an agent id" into
+ * a stable namespace string with the same shape as everything else.
+ */
+export function agentContextKey(input: { agentId: string }): string {
+  const agentId = assertSafePart(input.agentId, "agentId");
+  return ["task", "agent", agentId].join(SEPARATOR);
+}
+
+/**
+ * Per-page KV namespace. Enforced at the page-proxy boundary
+ * (src/http/page-proxy.ts) — pages can never write outside their own
+ * `task:page:<id>` namespace regardless of what the request body or URL says.
+ */
+export function pageContextKey(input: { pageId: string }): string {
+  const pageId = assertSafePart(input.pageId, "pageId");
+  return ["task", "page", pageId].join(SEPARATOR);
+}
+
 /**
  * Parse a context key back into a structured form. Throws on malformed input.
  * Useful for diagnostics and downstream routing; not used on the hot insert path.

package/src/telemetry.ts

@@ -14,11 +14,60 @@ const TIMEOUT_MS = 5_000;
 
 let installationId: string | null = null;
 let source = "unknown";
+let cachedIsCloud = false;
 
 function isEnabled(): boolean {
   return process.env.ANONYMIZED_TELEMETRY !== "false";
 }
 
+/**
+ * Hosts we own that indicate a cloud-pointed install. Exact-match for known
+ * hostnames + suffix-match for the cloud apexes so future cloud subdomains
+ * (`mcp.agent-swarm.dev`, `api.agent-swarm.cloud`, etc.) are automatically
+ * classified as cloud. Substring match is intentionally avoided —
+ * `agent-swarm.dev.attacker.com` must NOT be treated as cloud.
+ */
+const CLOUD_HOST_EXACT = new Set<string>([
+  "agent-swarm-mcp.desplega.sh",
+  "agent-swarm.dev",
+  "agent-swarm.cloud",
+]);
+const CLOUD_HOST_SUFFIXES = [".agent-swarm.dev", ".agent-swarm.cloud"];
+
+function isCloudHostname(hostname: string): boolean {
+  if (!hostname) return false;
+  const normalized = hostname.toLowerCase();
+  if (CLOUD_HOST_EXACT.has(normalized)) return true;
+  return CLOUD_HOST_SUFFIXES.some((suffix) => normalized.endsWith(suffix));
+}
+
+/**
+ * Parse `MCP_BASE_URL` (or any candidate URL) into the cloud flag we ship on
+ * every telemetry event. URL parsing — not substring match — so we never
+ * confuse an attacker-controlled `agent-swarm.dev.bad` for cloud. On any
+ * parse failure returns a safe `false` so callers never need to defend
+ * against this throwing.
+ *
+ * The hostname itself is intentionally NOT emitted — telemetry is anonymous,
+ * and leaking the deployment host would defeat that. Only the boolean
+ * cloud-cohort flag ships.
+ *
+ * Exported for tests; not part of the public API.
+ */
+export function _resolveCloudMode(mcpBaseUrl: string | undefined | null): {
+  isCloud: boolean;
+} {
+  if (!mcpBaseUrl) return { isCloud: false };
+  let hostname: string;
+  try {
+    hostname = new URL(mcpBaseUrl).hostname;
+  } catch {
+    return { isCloud: false };
+  }
+  if (!hostname) return { isCloud: false };
+  return { isCloud: isCloudHostname(hostname) };
+}
+
 interface InitTelemetryOptions {
   /**
    * Whether to mint and persist a new install ID when the config read returns
@@ -48,6 +97,11 @@ export async function initTelemetry(
   if (!isEnabled()) return;
   source = sourceId;
   const generateIfMissing = options.generateIfMissing === true;
+
+  const resolved = _resolveCloudMode(process.env.MCP_BASE_URL);
+  cachedIsCloud = resolved.isCloud;
+  console.log(`telemetry: cloud=${cachedIsCloud}`);
+
   try {
     const existing = await getConfig("telemetry_installation_id");
     if (existing) {
@@ -110,7 +164,16 @@ export function track(options: TrackOptions): void {
       source,
       actor_mode: "anonymous" as const,
       actor_anonymous_id: installationId,
-      properties: options.properties ?? {},
+      properties: {
+        ...(options.properties ?? {}),
+        // Cloud-cohort signal derived from MCP_BASE_URL at init time.
+        // Placed at the top level of `properties_json` so ClickHouse can
+        // GROUP BY without descending into nested objects. Spread LAST so
+        // caller-supplied keys can never spoof the cohort classification.
+        // The hostname is intentionally NOT included — telemetry must stay
+        // anonymous, and the boolean is sufficient to split cloud vs self-host.
+        is_cloud: cachedIsCloud,
+      },
       metadata: {
         transport: "https",
         schema_version: 1,
@@ -138,6 +201,7 @@ export function track(options: TrackOptions): void {
 export function _resetTelemetryStateForTests(): void {
   installationId = null;
   source = "unknown";
+  cachedIsCloud = false;
 }
 
 /** Test-only: read the resolved install ID. */