@geekbeer/minion 2.5.1 → 2.10.1

package/README.md

@@ -37,6 +37,19 @@ minion-cli health     # Run health check
 minion-cli log -m "Task completed" -l info -s skill-name
 ```
 
+### Issue Reporting
+
+```javascript
+const { reportIssue } = require('@geekbeer/minion/api')
+
+await reportIssue({
+  title: 'HQ APIで502エラーが発生する',
+  body: '## 状況\n...\n\n## 再現手順\n...',
+  labels: ['bug', 'critical']
+})
+// → { success: true, issue_url: '...', issue_number: 42 }
+```
+
 ## Environment Variables
 
 | Variable | Description | Default |

package/api.js

@@ -50,7 +50,33 @@ async function reportExecution(data) {
   })
 }
 
+/**
+ * Report a single workflow step completion to HQ.
+ * Called by the post-execution hook after a dispatched skill finishes.
+ * @param {object} data - { workflow_execution_id, step_index, status }
+ */
+async function reportStepComplete(data) {
+  return request('/step-complete', {
+    method: 'POST',
+    body: JSON.stringify(data),
+  })
+}
+
+/**
+ * Create a GitHub Issue via HQ for bug reports or enhancement suggestions
+ * @param {object} data - { title: string, body: string, labels?: string[] }
+ * @returns {Promise<{ success: boolean, issue_url: string, issue_number: number }>}
+ */
+async function reportIssue(data) {
+  return request('/report', {
+    method: 'POST',
+    body: JSON.stringify(data),
+  })
+}
+
 module.exports = {
   request,
   reportExecution,
+  reportStepComplete,
+  reportIssue,
 }

package/config.js

@@ -11,8 +11,32 @@
  *
  * Other optional environment variables:
  * - AGENT_PORT: Port for the local agent server (default: 3001)
+ * - MINION_USER: System user running the agent (used to resolve home directory)
  */
 
+const os = require('os')
+const { execSync } = require('child_process')
+
+/**
+ * Resolve the correct home directory for the minion user.
+ * In supervisord environments, os.homedir() may return /root because
+ * the HOME env var is not inherited. This function uses MINION_USER
+ * (set in .env during setup) to look up the correct home via getent passwd.
+ */
+function resolveHomeDir() {
+  const minionUser = process.env.MINION_USER
+  if (minionUser) {
+    try {
+      const entry = execSync(`getent passwd ${minionUser}`, { encoding: 'utf-8' }).trim()
+      const home = entry.split(':')[5]
+      if (home) return home
+    } catch {
+      // getent failed — fall back to os.homedir()
+    }
+  }
+  return os.homedir()
+}
+
 const config = {
   // HQ Server Configuration (optional - omit for standalone mode)
   HQ_URL: process.env.HQ_URL || '',
@@ -21,6 +45,9 @@ const config = {
 
   // Server settings
   AGENT_PORT: parseInt(process.env.AGENT_PORT, 10) || 3001,
+
+  // Resolved home directory (safe for supervisord environments)
+  HOME_DIR: resolveHomeDir(),
 }
 
 /**

package/execution-store.js

@@ -6,7 +6,8 @@
 
 const fs = require('fs').promises
 const path = require('path')
-const os = require('os')
+
+const { config } = require('./config')
 
 // Max executions to keep (older ones are pruned)
 const MAX_EXECUTIONS = 200
@@ -21,7 +22,7 @@ function getExecutionFilePath() {
     require('fs').accessSync(path.dirname(optPath))
     return optPath
   } catch {
-    return path.join(os.homedir(), 'executions.json')
+    return path.join(config.HOME_DIR, 'executions.json')
   }
 }
 

package/lib/llm-checker.js

@@ -0,0 +1,114 @@
+/**
+ * LLM Service authentication checker
+ *
+ * Detects whether supported LLM CLIs are authenticated and ready to use.
+ * CLIs are pre-installed on all minions; this module only checks auth status.
+ * Results are cached in memory for 60 seconds to avoid excessive filesystem checks.
+ */
+
+const fs = require('fs')
+const path = require('path')
+const { config } = require('../config')
+
+const CACHE_TTL_MS = 60000
+
+let cachedResult = null
+let cachedAt = 0
+
+/**
+ * Check Claude Code authentication.
+ * Claude stores OAuth credentials in ~/.claude/.credentials.json
+ */
+function isClaudeAuthenticated() {
+  const candidates = [
+    path.join(config.HOME_DIR, '.claude', '.credentials.json'),
+    path.join(config.HOME_DIR, '.claude', 'credentials.json'),
+  ]
+  for (const p of candidates) {
+    try {
+      if (fs.existsSync(p)) {
+        const content = fs.readFileSync(p, 'utf-8')
+        const parsed = JSON.parse(content)
+        if (parsed && Object.keys(parsed).length > 0) return true
+      }
+    } catch {
+      // Invalid JSON or read error — not authenticated
+    }
+  }
+  return false
+}
+
+/**
+ * Check Gemini CLI authentication.
+ * Gemini uses Google OAuth tokens or API key env vars.
+ */
+function isGeminiAuthenticated() {
+  if (process.env.GEMINI_API_KEY || process.env.GOOGLE_API_KEY) return true
+
+  const possiblePaths = [
+    path.join(config.HOME_DIR, '.config', 'gemini'),
+    path.join(config.HOME_DIR, '.config', 'gcloud', 'application_default_credentials.json'),
+  ]
+  for (const p of possiblePaths) {
+    try {
+      if (!fs.existsSync(p)) continue
+      const stat = fs.statSync(p)
+      if (stat.isDirectory()) {
+        if (fs.readdirSync(p).length > 0) return true
+      } else {
+        if (fs.readFileSync(p, 'utf-8').trim().length > 0) return true
+      }
+    } catch {
+      // Ignore
+    }
+  }
+  return false
+}
+
+/**
+ * Check Codex (OpenAI) authentication.
+ * Codex CLI uses OPENAI_API_KEY or config in ~/.codex/
+ */
+function isCodexAuthenticated() {
+  if (process.env.OPENAI_API_KEY) return true
+
+  const codexConfig = path.join(config.HOME_DIR, '.codex')
+  try {
+    if (fs.existsSync(codexConfig) && fs.statSync(codexConfig).isDirectory()) {
+      if (fs.readdirSync(codexConfig).length > 0) return true
+    }
+  } catch {
+    // Ignore
+  }
+  return false
+}
+
+const SERVICE_DEFINITIONS = [
+  { name: 'claude', display_name: 'Claude Code', check: isClaudeAuthenticated },
+  { name: 'gemini', display_name: 'Gemini CLI', check: isGeminiAuthenticated },
+  { name: 'codex', display_name: 'Codex', check: isCodexAuthenticated },
+]
+
+/**
+ * Get authenticated LLM services (cached for 60s).
+ * Returns all services with their authentication status.
+ * @returns {{ name: string, display_name: string, authenticated: boolean }[]}
+ */
+function getLlmServices() {
+  const now = Date.now()
+  if (cachedResult && (now - cachedAt) < CACHE_TTL_MS) {
+    return cachedResult
+  }
+
+  const services = SERVICE_DEFINITIONS.map(({ name, display_name, check }) => ({
+    name,
+    display_name,
+    authenticated: check(),
+  }))
+
+  cachedResult = services
+  cachedAt = now
+  return services
+}
+
+module.exports = { getLlmServices }

package/minion-cli.sh

@@ -88,6 +88,17 @@ svc_control() {
 
 AGENT_URL="${MINION_AGENT_URL:-http://localhost:3001}"
 
+# Auto-load .env so that API_TOKEN etc. are available in interactive shells
+ENV_FILE="/opt/minion-agent/.env"
+if [ -f "$ENV_FILE" ] && [ -r "$ENV_FILE" ]; then
+  while IFS='=' read -r key value; do
+    [[ "$key" =~ ^#.*$ || -z "$key" ]] && continue
+    if [ -z "${!key:-}" ]; then
+      export "$key=$value"
+    fi
+  done < "$ENV_FILE"
+fi
+
 # ============================================================
 # setup subcommand
 # ============================================================
@@ -286,11 +297,11 @@ do_setup() {
     case "$PROC_MGR" in
       systemd)
         SUDOERS_CONTENT+="\n${TARGET_USER} ALL=(root) NOPASSWD: /usr/bin/systemctl restart minion-agent"
-        SUDOERS_CONTENT+="\n${TARGET_USER} ALL=(root) NOPASSWD: /usr/bin/systemctl restart xvfb fluxbox x11vnc novnc"
+        SUDOERS_CONTENT+="\n${TARGET_USER} ALL=(root) NOPASSWD: /usr/bin/systemctl restart xvfb fluxbox autocutsel vnc novnc"
         ;;
       supervisord)
         SUDOERS_CONTENT+="\n${TARGET_USER} ALL=(root) NOPASSWD: /usr/bin/supervisorctl restart minion-agent"
-        SUDOERS_CONTENT+="\n${TARGET_USER} ALL=(root) NOPASSWD: /usr/bin/supervisorctl restart xvfb fluxbox x11vnc novnc"
+        SUDOERS_CONTENT+="\n${TARGET_USER} ALL=(root) NOPASSWD: /usr/bin/supervisorctl restart xvfb fluxbox autocutsel vnc novnc"
         SUDOERS_CONTENT+="\n${TARGET_USER} ALL=(root) NOPASSWD: /usr/bin/supervisorctl status"
         ;;
     esac
@@ -354,12 +365,142 @@ Environment=MINION_USER=${TARGET_USER}
 WantedBy=multi-user.target
 SVCEOF
       echo "  -> /etc/systemd/system/minion-agent.service created"
+
+      # VNC stack services (only if Xvfb is installed)
+      if command -v Xvfb &>/dev/null; then
+        echo "  Creating VNC stack services..."
+
+        # xvfb: virtual display (-ac disables access control so any user can connect)
+        $SUDO tee /etc/systemd/system/xvfb.service > /dev/null <<XVFBEOF
+[Unit]
+Description=Xvfb virtual framebuffer
+After=network.target
+
+[Service]
+Type=simple
+ExecStart=/usr/bin/Xvfb :99 -screen 0 1920x1080x24 -ac
+Restart=always
+RestartSec=5
+
+[Install]
+WantedBy=multi-user.target
+XVFBEOF
+        echo "  -> /etc/systemd/system/xvfb.service created"
+
+        # fluxbox: window manager (runs as TARGET_USER so terminals open as that user)
+        $SUDO tee /etc/systemd/system/fluxbox.service > /dev/null <<FBEOF
+[Unit]
+Description=Fluxbox window manager
+After=xvfb.service
+Requires=xvfb.service
+
+[Service]
+Type=simple
+User=${TARGET_USER}
+Environment=DISPLAY=:99
+ExecStart=/usr/bin/fluxbox
+Restart=always
+RestartSec=5
+
+[Install]
+WantedBy=multi-user.target
+FBEOF
+        echo "  -> /etc/systemd/system/fluxbox.service created (User=${TARGET_USER})"
+
+        # autocutsel: clipboard sync (runs as TARGET_USER to match desktop session)
+        if command -v autocutsel &>/dev/null; then
+          $SUDO tee /etc/systemd/system/autocutsel.service > /dev/null <<ACEOF
+[Unit]
+Description=X clipboard synchronization
+After=xvfb.service
+Requires=xvfb.service
+
+[Service]
+Type=forking
+User=${TARGET_USER}
+Environment=DISPLAY=:99
+ExecStart=/usr/bin/autocutsel -fork
+Restart=always
+RestartSec=5
+
+[Install]
+WantedBy=multi-user.target
+ACEOF
+          echo "  -> /etc/systemd/system/autocutsel.service created (User=${TARGET_USER})"
+        fi
+
+        # vnc: VNC server (detect x0vncserver or x11vnc)
+        if command -v x0vncserver &>/dev/null; then
+          $SUDO tee /etc/systemd/system/vnc.service > /dev/null <<VNCEOF
+[Unit]
+Description=TigerVNC scraping server
+After=fluxbox.service
+Requires=xvfb.service
+
+[Service]
+Type=simple
+Environment=DISPLAY=:99
+ExecStart=/usr/bin/x0vncserver -display :99 -rfbport 5900 -SecurityTypes None -fg
+Restart=always
+RestartSec=5
+
+[Install]
+WantedBy=multi-user.target
+VNCEOF
+          echo "  -> /etc/systemd/system/vnc.service created (x0vncserver)"
+        elif command -v x11vnc &>/dev/null; then
+          $SUDO tee /etc/systemd/system/vnc.service > /dev/null <<VNCEOF
+[Unit]
+Description=x11vnc VNC server
+After=fluxbox.service
+Requires=xvfb.service
+
+[Service]
+Type=simple
+Environment=DISPLAY=:99
+ExecStart=/usr/bin/x11vnc -display :99 -rfbport 5900 -nopw -forever -shared
+Restart=always
+RestartSec=5
+
+[Install]
+WantedBy=multi-user.target
+VNCEOF
+          echo "  -> /etc/systemd/system/vnc.service created (x11vnc)"
+        else
+          echo "  WARNING: No VNC server found (x0vncserver or x11vnc)"
+        fi
+
+        # novnc: WebSocket proxy for browser access
+        if command -v websockify &>/dev/null; then
+          local NOVNC_WEB="/usr/share/novnc"
+          if [ ! -d "$NOVNC_WEB" ]; then
+            NOVNC_WEB="/usr/share/novnc/utils/../"
+          fi
+          $SUDO tee /etc/systemd/system/novnc.service > /dev/null <<NVNCEOF
+[Unit]
+Description=noVNC WebSocket proxy
+After=vnc.service
+Requires=vnc.service
+
+[Service]
+Type=simple
+ExecStart=/usr/bin/websockify --web=${NOVNC_WEB} 6080 localhost:5900
+Restart=always
+RestartSec=5
+
+[Install]
+WantedBy=multi-user.target
+NVNCEOF
+          echo "  -> /etc/systemd/system/novnc.service created"
+        fi
+      fi
       ;;
 
     supervisord)
       # Build environment line from .env values
+      # Include HOME and DISPLAY since supervisord does not set them when switching user
       local ENV_LINE="environment="
-      local ENV_PAIRS=()
+      local ENV_PAIRS=("HOME=\"${TARGET_HOME}\"" "DISPLAY=\":99\"")
       while IFS='=' read -r key value; do
         [[ -z "$key" || "$key" == \#* ]] && continue
         ENV_PAIRS+=("${key}=\"${value}\"")
@@ -394,11 +535,20 @@ SUPEOF
       ;;
   esac
 
-  # Step 7: Enable and start service
-  echo "[7/${TOTAL_STEPS}] Starting minion-agent service..."
+  # Step 7: Enable and start services
+  echo "[7/${TOTAL_STEPS}] Starting services..."
   case "$PROC_MGR" in
     systemd)
       $SUDO systemctl daemon-reload
+      # Enable and start VNC stack (if service files were created)
+      for svc in xvfb fluxbox autocutsel vnc novnc; do
+        if [ -f "/etc/systemd/system/${svc}.service" ]; then
+          $SUDO systemctl enable "$svc"
+          $SUDO systemctl restart "$svc"
+          echo "  -> ${svc} started"
+        fi
+      done
+      # Enable and start agent services
       $SUDO systemctl enable tmux-init
       $SUDO systemctl start tmux-init
       $SUDO systemctl enable minion-agent

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@geekbeer/minion",
-  "version": "2.5.1",
+  "version": "2.10.1",
   "description": "AI Agent runtime for Minion - manages status and skill deployment on VPS",
   "main": "server.js",
   "bin": {
@@ -13,6 +13,8 @@
     "terminal-proxy.js",
     "workflow-runner.js",
     "workflow-store.js",
+    "routine-runner.js",
+    "routine-store.js",
     "execution-store.js",
     "lib/",
     "routes/",

package/routes/directives.js

@@ -0,0 +1,163 @@
+/**
+ * Directive endpoints
+ *
+ * Receives temp skill directives from HQ and executes them.
+ * Used for one-shot workflow orchestration via system-embedded skills.
+ *
+ * Endpoints:
+ * - POST /api/directive - Receive and execute a temp skill directive
+ */
+
+const fs = require('fs').promises
+const path = require('path')
+const crypto = require('crypto')
+
+const { verifyToken } = require('../lib/auth')
+const { config } = require('../config')
+const { writeSkillToLocal } = require('./skills')
+const workflowRunner = require('../workflow-runner')
+const executionStore = require('../execution-store')
+const logManager = require('../lib/log-manager')
+
+/**
+ * Parse frontmatter from skill content to extract body
+ * @param {string} content - Full skill content with frontmatter
+ * @returns {{ metadata: object, body: string }}
+ */
+function parseFrontmatter(content) {
+  const match = content.match(/^---\n([\s\S]*?)\n---\n([\s\S]*)$/)
+  if (!match) return { metadata: {}, body: content }
+
+  const metadata = {}
+  for (const line of match[1].split('\n')) {
+    const [key, ...rest] = line.split(':')
+    if (key && rest.length) {
+      metadata[key.trim()] = rest.join(':').trim()
+    }
+  }
+  return { metadata, body: match[2].trimStart() }
+}
+
+/**
+ * Register directive routes as Fastify plugin
+ * @param {import('fastify').FastifyInstance} fastify
+ */
+async function directiveRoutes(fastify) {
+  // Receive and execute a temp skill directive from HQ
+  fastify.post('/api/directive', async (request, reply) => {
+    if (!verifyToken(request)) {
+      reply.code(401)
+      return { success: false, error: 'Unauthorized' }
+    }
+
+    const { skill_name, skill_content, execution_id, context } = request.body || {}
+
+    if (!skill_name || !skill_content) {
+      reply.code(400)
+      return { success: false, error: 'skill_name and skill_content are required' }
+    }
+
+    // Validate temp skill name (must start with __)
+    if (!skill_name.startsWith('__')) {
+      reply.code(400)
+      return { success: false, error: 'Directive skill names must start with __' }
+    }
+
+    const effectiveExecutionId = execution_id || crypto.randomUUID()
+    const sessionName = `dir-${effectiveExecutionId.substring(0, 8)}-${effectiveExecutionId.substring(8, 12)}`
+
+    console.log(`[Directive] Received directive: ${skill_name} (execution: ${effectiveExecutionId})`)
+    console.log(`[Directive] Session: ${sessionName}`)
+
+    try {
+      // 1. Write temp skill to local filesystem
+      // The skill_content is the full content with frontmatter — write as-is
+      const homeDir = config.HOME_DIR
+      const skillDir = path.join(homeDir, '.claude', 'skills', skill_name)
+      await fs.mkdir(skillDir, { recursive: true })
+      await fs.writeFile(path.join(skillDir, 'SKILL.md'), skill_content, 'utf-8')
+
+      console.log(`[Directive] Temp skill written: ${skillDir}`)
+    } catch (err) {
+      console.error(`[Directive] Failed to write temp skill: ${err.message}`)
+      reply.code(500)
+      return { success: false, error: `Failed to write temp skill: ${err.message}` }
+    }
+
+    const startedAt = new Date().toISOString()
+    const logFile = logManager.getLogPath(effectiveExecutionId)
+    const workflowName = context?.workflow_name || skill_name
+
+    // Save initial execution record
+    await executionStore.save({
+      id: effectiveExecutionId,
+      skill_name,
+      workflow_id: null,
+      workflow_name: workflowName,
+      status: 'running',
+      outcome: null,
+      started_at: startedAt,
+      completed_at: null,
+      parent_execution_id: null,
+      error_message: null,
+      log_file: logFile,
+    })
+
+    // 2. Run async — respond immediately with 202
+    const executionPromise = (async () => {
+      const homeDir = config.HOME_DIR
+      const skillDir = path.join(homeDir, '.claude', 'skills', skill_name)
+
+      try {
+        // Execute as a single-skill workflow
+        // skipExecutionReport: the orchestration template has its own
+        // completion report (section 5), so /execution-report is redundant
+        // and would use the wrong (local) execution ID.
+        const result = await workflowRunner.runWorkflow({
+          id: effectiveExecutionId,
+          name: workflowName,
+          pipeline_skill_names: [skill_name],
+        }, { skipExecutionReport: true })
+
+        console.log(`[Directive] Execution completed: ${skill_name} (success: ${result.execution_id ? 'yes' : 'no'})`)
+      } catch (err) {
+        console.error(`[Directive] Execution failed: ${err.message}`)
+        await executionStore.save({
+          id: effectiveExecutionId,
+          skill_name,
+          workflow_id: null,
+          workflow_name: workflowName,
+          status: 'failed',
+          outcome: 'failure',
+          started_at: startedAt,
+          completed_at: new Date().toISOString(),
+          parent_execution_id: null,
+          error_message: err.message,
+          log_file: logFile,
+        })
+      } finally {
+        // 3. Cleanup temp skill directory
+        try {
+          await fs.rm(skillDir, { recursive: true, force: true })
+          console.log(`[Directive] Temp skill cleaned up: ${skillDir}`)
+        } catch (cleanupErr) {
+          console.error(`[Directive] Failed to cleanup temp skill: ${cleanupErr.message}`)
+        }
+      }
+    })()
+
+    executionPromise.catch(err => {
+      console.error(`[Directive] Unhandled error: ${err.message}`)
+    })
+
+    reply.code(202)
+    return {
+      success: true,
+      session_name: sessionName,
+      execution_id: effectiveExecutionId,
+      message: 'Directive accepted',
+    }
+  })
+}
+
+module.exports = { directiveRoutes }

package/routes/files.js

@@ -14,12 +14,13 @@
 const fs = require('fs').promises
 const fsSync = require('fs')
 const path = require('path')
-const os = require('os')
+const { spawn } = require('child_process')
 
 const { verifyToken } = require('../lib/auth')
+const { config } = require('../config')
 
 /** Base directory for file storage */
-const FILES_DIR = path.join(os.homedir(), 'files')
+const FILES_DIR = path.join(config.HOME_DIR, 'files')
 
 /** Max upload size: 50MB */
 const MAX_UPLOAD_SIZE = 50 * 1024 * 1024
@@ -124,7 +125,7 @@ async function fileRoutes(fastify) {
     }
   })
 
-  // GET /api/files/* - Download a file
+  // GET /api/files/* - Download a file or directory (with ?format=tar.gz for directories)
   fastify.get('/api/files/*', async (request, reply) => {
     if (!verifyToken(request)) {
       reply.code(401)
@@ -146,12 +147,6 @@ async function fileRoutes(fastify) {
     try {
       const stat = await fs.lstat(resolved)
 
-      // Don't allow downloading directories
-      if (stat.isDirectory()) {
-        reply.code(400)
-        return { success: false, error: 'Cannot download a directory' }
-      }
-
       // Check symlink safety
       if (stat.isSymbolicLink()) {
         const realPath = await fs.realpath(resolved)
@@ -161,6 +156,25 @@ async function fileRoutes(fastify) {
         }
       }
 
+      // Directory download as tar.gz
+      if (stat.isDirectory()) {
+        const format = request.query.format
+        if (format !== 'tar.gz') {
+          reply.code(400)
+          return { success: false, error: 'Cannot download a directory. Use ?format=tar.gz' }
+        }
+
+        const dirName = path.basename(resolved)
+        const parentDir = path.dirname(resolved)
+
+        reply
+          .type('application/gzip')
+          .header('Content-Disposition', `attachment; filename="${encodeURIComponent(dirName)}.tar.gz"`)
+
+        const tar = spawn('tar', ['-czf', '-', '-C', parentDir, dirName])
+        return reply.send(tar.stdout)
+      }
+
       const filename = path.basename(resolved)
       reply
         .type('application/octet-stream')

package/routes/health.js

@@ -8,6 +8,7 @@
  */
 
 const { version } = require('../package.json')
+const { getLlmServices } = require('../lib/llm-checker')
 
 // Shared status state
 let currentStatus = 'online'
@@ -48,6 +49,7 @@ async function healthRoutes(fastify) {
       uptime: process.uptime(),
       version,
       timestamp: new Date().toISOString(),
+      llm_services: getLlmServices(),
     }
   })