@geekbeer/minion 3.43.0 → 3.49.0

package/mac/vnc-auth-proxy.js

@@ -0,0 +1,402 @@
+/**
+ * VNC Auth Proxy (macOS)
+ *
+ * Replaces websockify for the macOS Screen Sharing backend.
+ *
+ * Why this exists:
+ *   macOS `screensharingd` (port 5900) requires authentication; there is no
+ *   no-auth mode for the system display. websockify is a dumb WS<->TCP relay
+ *   and cannot perform RFB authentication, so noVNC on the HQ side hangs at
+ *   the security handshake unless it is given a password — which would force
+ *   storing VNC credentials in the HQ database.
+ *
+ *   This proxy keeps the password local to the minion (read from
+ *   `~/.minion/.env` as VNC_PASSWORD). It speaks RFB on both sides:
+ *     - acts as a no-auth VNC SERVER toward noVNC (on the WS side)
+ *     - acts as a VNC CLIENT toward screensharingd (on the TCP side),
+ *       performing VNC Auth (RFB security type 2) with the local password
+ *   After both handshakes complete it bridges the streams transparently.
+ *
+ * Flow:
+ *   browser (noVNC) <--WS--> HQ proxy <--WS--> THIS (port 6080)
+ *                                                     |
+ *                                                     +--TCP--> localhost:5900 (screensharingd)
+ *
+ * RFB protocol references: RFC 6143
+ */
+
+const http = require('http')
+const net = require('net')
+const crypto = require('crypto')
+const fs = require('fs')
+const path = require('path')
+const { WebSocketServer } = require('ws')
+
+const PROXY_PORT = 6080
+const VNC_BACKEND_HOST = '127.0.0.1'
+const VNC_BACKEND_PORT = 5900
+
+const RFB_VERSION = Buffer.from('RFB 003.008\n', 'ascii')
+const SEC_TYPE_NONE = 1
+const SEC_TYPE_VNC_AUTH = 2
+const SECURITY_RESULT_OK = Buffer.from([0, 0, 0, 0])
+
+/**
+ * Mangle a VNC password into an 8-byte DES key.
+ * VNC Auth historic quirk: password is NUL-padded / truncated to 8 bytes,
+ * then the bit order of each byte is REVERSED (LSB<->MSB).
+ */
+function vncPasswordToKey(password) {
+  const key = Buffer.alloc(8, 0)
+  Buffer.from(password, 'utf-8').copy(key, 0, 0, Math.min(8, password.length))
+  for (let i = 0; i < 8; i++) {
+    let b = key[i]
+    b = ((b & 0x01) << 7) | ((b & 0x02) << 5) | ((b & 0x04) << 3) | ((b & 0x08) << 1)
+      | ((b & 0x10) >> 1) | ((b & 0x20) >> 3) | ((b & 0x40) >> 5) | ((b & 0x80) >> 7)
+    key[i] = b
+  }
+  return key
+}
+
+/**
+ * Encrypt the 16-byte server challenge with DES-ECB using the mangled password key.
+ * Two 8-byte blocks; no padding (block-aligned by definition).
+ */
+function vncEncryptChallenge(challenge, password) {
+  const key = vncPasswordToKey(password)
+  const cipher = crypto.createCipheriv('des-ecb', key, null)
+  cipher.setAutoPadding(false)
+  return Buffer.concat([cipher.update(challenge), cipher.final()])
+}
+
+/**
+ * Build a sequential "read N bytes" function over a socket.
+ *
+ * Why not just attach/detach 'data' listeners per call: in flowing mode,
+ * any over-read bytes that we'd `socket.unshift()` are lost — they were
+ * already drained out of the internal buffer before the next listener
+ * attaches. Maintaining one persistent listener + a single accumulating
+ * buffer avoids that race entirely.
+ *
+ * Concurrent reads are not allowed. The handshake is sequential by spec.
+ *
+ * Also exposes `release()` which detaches our listeners and returns the
+ * residual buffered bytes — used to hand the socket off to the bridge
+ * after the handshake completes.
+ */
+function makeSocketReader(socket) {
+  let buf = Buffer.alloc(0)
+  let pending = null
+  let closed = false
+  let lastError = null
+
+  const tryResolve = () => {
+    if (pending && buf.length >= pending.n) {
+      const { n, resolve } = pending
+      const out = buf.subarray(0, n)
+      buf = buf.subarray(n)
+      pending = null
+      resolve(out)
+    } else if (pending && (closed || lastError)) {
+      const { reject } = pending
+      pending = null
+      reject(lastError || new Error(`Socket closed before reading ${pending?.n} bytes`))
+    }
+  }
+
+  const onData = (chunk) => {
+    buf = Buffer.concat([buf, Buffer.isBuffer(chunk) ? chunk : Buffer.from(chunk)])
+    tryResolve()
+  }
+  const onError = (err) => { lastError = err; tryResolve() }
+  const onClose = () => { closed = true; tryResolve() }
+
+  socket.on('data', onData)
+  socket.once('error', onError)
+  socket.once('close', onClose)
+
+  return {
+    readExactly(n) {
+      return new Promise((resolve, reject) => {
+        if (pending) return reject(new Error('Concurrent reads not supported'))
+        pending = { n, resolve, reject }
+        tryResolve()
+      })
+    },
+    /** Detach handlers and return whatever bytes are still buffered (for bridging). */
+    release() {
+      socket.removeListener('data', onData)
+      socket.removeListener('error', onError)
+      socket.removeListener('close', onClose)
+      const residual = buf
+      buf = Buffer.alloc(0)
+      return residual
+    },
+  }
+}
+
+/**
+ * Drive the upstream RFB handshake with screensharingd.
+ * Returns when the upstream connection is fully authenticated and ready
+ * to receive ClientInit.
+ */
+async function authenticateUpstream(reader, write, password) {
+  // 1. ProtocolVersion: server -> client
+  const serverVersion = await reader.readExactly(12)
+  if (!serverVersion.toString('ascii').startsWith('RFB ')) {
+    throw new Error(`Unexpected ProtocolVersion from upstream: ${serverVersion.toString('ascii')}`)
+  }
+  // 2. ProtocolVersion: client -> server (we always speak 3.8)
+  write(RFB_VERSION)
+
+  // 3. Security types: server -> client
+  const numTypes = (await reader.readExactly(1))[0]
+  if (numTypes === 0) {
+    // Failure: server sends 4-byte reason length + reason string
+    const reasonLen = (await reader.readExactly(4)).readUInt32BE(0)
+    const reason = (await reader.readExactly(reasonLen)).toString('utf-8')
+    throw new Error(`Upstream rejected handshake: ${reason}`)
+  }
+  const types = await reader.readExactly(numTypes)
+
+  // Pick VNC Auth (type 2) — that's what macOS Screen Sharing uses with -setvncpw
+  if (!types.includes(SEC_TYPE_VNC_AUTH)) {
+    throw new Error(`Upstream does not offer VNC Auth (type 2). Offered: [${[...types].join(',')}]. Did you enable "VNC viewers may control screen with password"?`)
+  }
+  write(Buffer.from([SEC_TYPE_VNC_AUTH]))
+
+  // 4. VNC Auth challenge: 16 bytes
+  const challenge = await reader.readExactly(16)
+  const response = vncEncryptChallenge(challenge, password)
+  write(response)
+
+  // 5. SecurityResult: 4 bytes (0=OK, 1=failed)
+  const result = (await reader.readExactly(4)).readUInt32BE(0)
+  if (result !== 0) {
+    // RFB 3.8 includes a failure reason after a non-zero result
+    try {
+      const reasonLen = (await reader.readExactly(4)).readUInt32BE(0)
+      const reason = (await reader.readExactly(reasonLen)).toString('utf-8')
+      throw new Error(`Upstream VNC Auth failed: ${reason}`)
+    } catch {
+      throw new Error(`Upstream VNC Auth failed (no reason provided)`)
+    }
+  }
+}
+
+/**
+ * Drive the downstream RFB handshake with noVNC, presenting "no auth required".
+ * After this returns, noVNC is in the post-security state and will send
+ * ClientInit next, which we just forward to upstream.
+ */
+async function presentNoAuthDownstream(reader, write) {
+  // 1. ProtocolVersion: server (us) -> client (noVNC)
+  write(RFB_VERSION)
+  // 2. ProtocolVersion: client (noVNC) -> server (us)
+  const clientVersion = await reader.readExactly(12)
+  if (!clientVersion.toString('ascii').startsWith('RFB ')) {
+    throw new Error(`noVNC sent unexpected ProtocolVersion: ${clientVersion.toString('ascii')}`)
+  }
+  // 3. Security types: us -> noVNC. Offer only "None" (type 1).
+  write(Buffer.from([1, SEC_TYPE_NONE]))
+  // 4. Chosen type: noVNC -> us. Must be 1.
+  const chosen = (await reader.readExactly(1))[0]
+  if (chosen !== SEC_TYPE_NONE) {
+    throw new Error(`noVNC chose unexpected security type: ${chosen} (expected ${SEC_TYPE_NONE})`)
+  }
+  // 5. SecurityResult: us -> noVNC. Always OK.
+  write(SECURITY_RESULT_OK)
+}
+
+/**
+ * Build a reader+writer for a WebSocket that has the same shape as
+ * `makeSocketReader(tcpSocket)`. Lets the handshake code be agnostic to
+ * the underlying transport.
+ */
+function makeWsReader(ws) {
+  // Re-emit incoming WS binary frames through an EventEmitter that quacks
+  // enough like a Socket for makeSocketReader (only on('data'|'error'|'close')).
+  const { EventEmitter } = require('events')
+  const fakeSock = new EventEmitter()
+  ws.on('message', (data) => fakeSock.emit('data', Buffer.isBuffer(data) ? data : Buffer.from(data)))
+  ws.on('error', (err) => fakeSock.emit('error', err))
+  ws.on('close', () => fakeSock.emit('close'))
+  // EventEmitter doesn't have removeListener-by-removeListener method that
+  // matches Socket's API exactly, but it does — same `removeListener` exists.
+  return makeSocketReader(fakeSock)
+}
+
+/**
+ * Load VNC password from ~/.minion/.env.
+ * Returns null if not configured (server should refuse connections in that case).
+ */
+function loadVncPassword() {
+  const envPath = path.join(process.env.HOME || '', '.minion', '.env')
+  try {
+    const content = fs.readFileSync(envPath, 'utf-8')
+    for (const line of content.split('\n')) {
+      const trimmed = line.trim()
+      if (!trimmed || trimmed.startsWith('#')) continue
+      const eq = trimmed.indexOf('=')
+      if (eq === -1) continue
+      const key = trimmed.slice(0, eq).trim()
+      if (key === 'VNC_PASSWORD') {
+        let value = trimmed.slice(eq + 1).trim()
+        // Strip surrounding quotes if any
+        if ((value.startsWith('"') && value.endsWith('"')) || (value.startsWith("'") && value.endsWith("'"))) {
+          value = value.slice(1, -1)
+        }
+        return value
+      }
+    }
+  } catch (err) {
+    if (err.code !== 'ENOENT') {
+      console.error(`[VNC Proxy] Failed to read ${envPath}: ${err.message}`)
+    }
+  }
+  return null
+}
+
+/**
+ * Handle a single WS upgrade: drive both handshakes, then bridge.
+ */
+async function handleConnection(ws, password) {
+  const tcp = net.connect(VNC_BACKEND_PORT, VNC_BACKEND_HOST)
+
+  let authDone = false
+  tcp.once('error', (err) => {
+    console.error(`[VNC Proxy] Backend connection error: ${err.message}`)
+    if (!authDone) {
+      try { ws.close(1011, 'Backend unavailable') } catch { /* noop */ }
+    }
+  })
+
+  try {
+    await new Promise((resolve, reject) => {
+      tcp.once('connect', resolve)
+      tcp.once('error', reject)
+    })
+
+    const tcpReader = makeSocketReader(tcp)
+    const wsReader = makeWsReader(ws)
+    const tcpWrite = (buf) => tcp.write(buf)
+    const wsWrite = (buf) => ws.send(buf, { binary: true })
+
+    // Drive both handshakes in parallel — they don't depend on each other
+    // until after both complete.
+    await Promise.all([
+      authenticateUpstream(tcpReader, tcpWrite, password),
+      presentNoAuthDownstream(wsReader, wsWrite),
+    ])
+
+    authDone = true
+
+    // Detach handshake readers; reclaim any over-buffered residual bytes.
+    const wsResidual = wsReader.release()
+    const tcpResidual = tcpReader.release()
+    console.log(`[VNC Proxy] Handshake complete, bridging (residual: ws=${wsResidual.length}b tcp=${tcpResidual.length}b)`)
+
+    // Forward residual bytes that arrived during handshake but past the
+    // handshake's read window (e.g. ClientInit piggybacked with the
+    // chosen security type).
+    if (wsResidual.length > 0 && !tcp.destroyed) tcp.write(wsResidual)
+    if (tcpResidual.length > 0 && ws.readyState === ws.OPEN) ws.send(tcpResidual, { binary: true })
+
+    // Transparent bridge: WS frames <-> TCP bytes
+    ws.on('message', (data) => {
+      const buf = Buffer.isBuffer(data) ? data : Buffer.from(data)
+      if (!tcp.destroyed) tcp.write(buf)
+    })
+    tcp.on('data', (chunk) => {
+      if (ws.readyState === ws.OPEN) ws.send(chunk, { binary: true })
+    })
+
+    const cleanup = () => {
+      try { tcp.destroy() } catch { /* noop */ }
+      try { ws.close() } catch { /* noop */ }
+    }
+    tcp.on('close', cleanup)
+    tcp.on('error', cleanup)
+    ws.on('close', cleanup)
+    ws.on('error', cleanup)
+  } catch (err) {
+    console.error(`[VNC Proxy] Handshake failed: ${err.message}`)
+    try { tcp.destroy() } catch { /* noop */ }
+    try { ws.close(1011, `Handshake failed: ${err.message}`) } catch { /* noop */ }
+  }
+}
+
+/**
+ * Start the VNC auth proxy server on PROXY_PORT (default 6080).
+ * Returns a Promise that resolves once listening, or rejects on bind failure.
+ */
+function startVncAuthProxy() {
+  return new Promise((resolve, reject) => {
+    const httpServer = http.createServer((req, res) => {
+      // Non-WebSocket requests get a friendly error (websockify does the same)
+      res.writeHead(426, { 'Content-Type': 'text/plain', 'Upgrade': 'websocket' })
+      res.end('WebSocket connections only')
+    })
+
+    const wss = new WebSocketServer({ server: httpServer, handleProtocols: (protocols) => {
+      // noVNC asks for 'binary' subprotocol; honor it if offered
+      if (protocols.has('binary')) return 'binary'
+      return false
+    } })
+
+    wss.on('connection', (ws, req) => {
+      console.log(`[VNC Proxy] Connection from ${req.socket.remoteAddress}`)
+      const password = loadVncPassword()
+      if (!password) {
+        console.error('[VNC Proxy] VNC_PASSWORD not configured in ~/.minion/.env; refusing')
+        ws.close(1011, 'VNC password not configured on minion')
+        return
+      }
+      handleConnection(ws, password).catch((err) => {
+        console.error(`[VNC Proxy] Unhandled error: ${err.message}`)
+      })
+    })
+
+    httpServer.listen(PROXY_PORT, '0.0.0.0', () => {
+      console.log(`[VNC Proxy] Listening on port ${PROXY_PORT}, backend ${VNC_BACKEND_HOST}:${VNC_BACKEND_PORT}`)
+      resolve(httpServer)
+    })
+    httpServer.once('error', (err) => {
+      console.error(`[VNC Proxy] Failed to bind ${PROXY_PORT}: ${err.message}`)
+      reject(err)
+    })
+  })
+}
+
+/**
+ * Smoke-test DES availability at startup. Node 17+ (OpenSSL 3) requires
+ * --openssl-legacy-provider to enable DES. Failing fast here is much clearer
+ * than failing per-connection at challenge encryption time.
+ */
+function assertDesAvailable() {
+  try {
+    const c = crypto.createCipheriv('des-ecb', Buffer.alloc(8, 0), null)
+    c.setAutoPadding(false)
+    c.update(Buffer.alloc(8, 0))
+    c.final()
+  } catch (err) {
+    if (err.code === 'ERR_OSSL_EVP_UNSUPPORTED') {
+      console.error('[VNC Proxy] FATAL: DES is unavailable in this Node build.')
+      console.error('[VNC Proxy] Re-launch node with --openssl-legacy-provider')
+      console.error('[VNC Proxy] (the bundled LaunchAgent plist sets this automatically; fix the plist if you are seeing this).')
+      process.exit(2)
+    }
+    throw err
+  }
+}
+
+if (require.main === module) {
+  // Standalone entrypoint for running under launchd
+  assertDesAvailable()
+  startVncAuthProxy().catch((err) => {
+    console.error(`[VNC Proxy] Fatal: ${err.message}`)
+    process.exit(1)
+  })
+}
+
+module.exports = { startVncAuthProxy, vncPasswordToKey, vncEncryptChallenge }

package/mac/workflow-runner.js

@@ -0,0 +1,7 @@
+/**
+ * macOS workflow runner — re-exports the Linux implementation.
+ *
+ * Uses tmux + Claude CLI for cron-scheduled workflow execution. Both are
+ * available on macOS via Homebrew, no platform branching needed.
+ */
+module.exports = require('../linux/workflow-runner')

package/package.json

@@ -1,19 +1,22 @@
 {
   "name": "@geekbeer/minion",
-  "version": "3.43.0",
+  "version": "3.49.0",
   "description": "AI Agent runtime for Minion - manages status and skill deployment on VPS",
   "main": "linux/server.js",
   "bin": {
     "minion-cli": "./linux/minion-cli.sh",
     "hq": "./linux/bin/hq",
     "minion-cli-win": "./win/bin/minion-cli-win.js",
-    "hq-win": "./win/bin/hq-win.js"
+    "hq-win": "./win/bin/hq-win.js",
+    "minion-cli-mac": "./mac/minion-cli.sh",
+    "hq-mac": "./mac/bin/hq"
   },
   "files": [
     "postinstall.js",
     "core/",
     "linux/",
     "win/",
+    "mac/",
     "skills/",
     "rules/",
     "roles/",
@@ -25,6 +28,7 @@
   "scripts": {
     "start": "node linux/server.js",
     "start:win": "node win/server.js",
+    "start:mac": "node mac/server.js",
     "postinstall": "node postinstall.js",
     "db:migration:new": "node scripts/new-migration.js"
   },

package/postinstall.js

@@ -1,18 +1,39 @@
 #!/usr/bin/env node
-// postinstall.js — Re-apply file ACLs on Windows after npm install -g.
-// On Linux this is a no-op (permissions are not affected by reinstall).
-
-if (process.platform !== 'win32') process.exit(0);
+// postinstall.js — Platform-specific post-install hooks.
+// - Windows: re-apply file ACLs via win/postinstall.ps1.
+// - macOS:   ensure mac/minion-cli.sh and mac/bin/hq are executable
+//            (npm preserves modes from the tarball, but defensive chmod matches the win pattern).
+// - Linux:   no-op.
 
 const { spawnSync } = require('child_process');
 const path = require('path');
+const fs = require('fs');
+
+if (process.platform === 'win32') {
+  const ps1 = path.join(__dirname, 'win', 'postinstall.ps1');
+  const result = spawnSync('powershell.exe', [
+    '-ExecutionPolicy', 'Bypass',
+    '-NoProfile',
+    '-NoLogo',
+    '-File', ps1,
+  ], { stdio: 'inherit', timeout: 30_000 });
+  process.exit(result.status || 0);
+}
 
-const ps1 = path.join(__dirname, 'win', 'postinstall.ps1');
-const result = spawnSync('powershell.exe', [
-  '-ExecutionPolicy', 'Bypass',
-  '-NoProfile',
-  '-NoLogo',
-  '-File', ps1,
-], { stdio: 'inherit', timeout: 30_000 });
+if (process.platform === 'darwin') {
+  const macFiles = [
+    path.join(__dirname, 'mac', 'minion-cli.sh'),
+    path.join(__dirname, 'mac', 'bin', 'hq'),
+  ];
+  for (const file of macFiles) {
+    try {
+      if (fs.existsSync(file)) fs.chmodSync(file, 0o755);
+    } catch (err) {
+      console.error(`[postinstall] Failed to chmod ${file}: ${err.message}`);
+    }
+  }
+  process.exit(0);
+}
 
-process.exit(result.status || 0);
+// Linux: nothing to do
+process.exit(0);

package/rules/core.md

@@ -43,6 +43,7 @@ Minion
   - **priority**: `low` / `normal` / `high` / `urgent` (default `normal`)。可視化とフィルタ用途(並び順は `sort_order` が優先)
   - **`milestone_id` は親 EPIC に付ければ配下の子タスクも自動的にその進捗に含まれる**(effective milestone)。子を個別にひもづけ直す必要はない。`/health` は leaf タスク基準で `progress_pct` を算出する
   - **タスク検索**: `?q=<keyword>` でタイトル+説明の部分一致検索(pg_trgm、日本語OK)、`?priority=high,urgent` でカンマ区切り複数指定
+  - **`[task:UUID]` チケットタグ**: HQチャットでユーザーがチケットを指す際に使う形式。受信メッセージに含まれる場合、HQが解決した詳細がプロンプト先頭の「参照チケット」ブロックに同梱される。応答内でチケットへ言及する際にも同タグを使ってよい(HQ側でチップに描画される)
   - 詳細は `~/.minion/docs/api-reference.md` の「Project Tasks」「Project Milestones」「Project Health」と `~/.minion/docs/task-guides.md` の「プロジェクトタスク管理」を参照
 - **Workspace**: ミニオンは複数のワークスペースに所属でき、スキルやプロジェクトはワークスペース単位でスコープされる。チャットセッションもワークスペース別に分離される。所属ワークスペースはハートビートで自動同期され、`hq list workspaces` で確認できる。
 - ミニオンは複数プロジェクトに `pm`、`engineer`、`accountant` として参加できる。
@@ -219,6 +220,35 @@ Routine 実行中は以下もtmuxセッション環境で利用可能:
 - `pm.md` — PM (Project Manager) のガイドライン
 - `engineer.md` — Engineer のガイドライン
 
+## Board Task Auto-Pickup (ボードタスク自動着手)
+
+アクティブスプリント (`sprint.status = 'active'`) に所属し、自分宛 (`assignee_minion_id == 自分`) かつ `status IN ('todo', 'doing')` のボードタスクは、`board-task-poller` が30秒間隔で自動検知し、claim→`doing`遷移→**専用 tmux セッションでの自走**を起動する (v3.46.0〜)。
+
+**重要 (v3.46.0):** 以前はチャットセッションを代用していたが、ユーザーの会話履歴を破壊するため廃止。**今は `bt-{taskId8}` 名の独立したtmuxセッション**で `claude -p` を直接実行する。Linuxはホスト上のtmux、Windowsは WSL 内の tmux で動作。
+
+セッションには以下が自動でプロンプトに注入される:
+
+- タスクのタイトル / 説明 / 優先度 / 期限
+- 受け入れ要件 (acceptance_criteria) のチェックリスト
+- プロジェクトコンテキスト (`project_contexts.content`)
+- プロジェクトメンバー一覧
+
+**自動着手時の動作ルール:**
+1. **受け入れ要件をすべて満たしてから `review` へ遷移する。** `done` への直接遷移は禁止 (人間レビュー後)。
+2. **acceptance_criteria のチェックを更新する場合は既存IDを保持する。** PATCH の body で `acceptance_criteria: [...]` を渡すと全置換になるため、未編集の項目もIDごと送ること。
+3. **判断に迷ったら勝手に進めない。** 受け入れ要件が曖昧/不足している場合は、状況を Notes (`hq note create`) や Memory (`POST /api/memory`) に記録し、`status` を `doing` のまま threads (`POST /api/threads`) で PM にエスカレーションする。
+4. **タスクIDは `[task:UUID]` 形式で参照する。** ノートやスレッドで言及するときも同じタグを使うこと (HQ側でチップ描画される)。
+
+**ステータス遷移と持ち越し:**
+- 実行ミニオンが行うのは `todo→doing` (claim時) と `doing→review` (受け入れ要件達成後) のみ。`done` 遷移はレビュアーの責務。
+- 前スプリントから `doing` 状態で持ち越されたタスクもポーラーが拾う。同名 tmux セッションが既に生きていれば再起動せずスキップ (二重実行防止)。
+
+**セッション可視性:**
+- Linuxミニオン: `tmux ls` で `bt-*` セッションが見える。WSターミナルからアタッチ可能。
+- Windowsミニオン: WSL内の tmux で動作。HQ ダッシュボードのターミナル一覧 (`/api/terminal/sessions`) でも `wsl-tmux` タイプとして表示される。
+
+詳細な API 仕様は `~/.minion/docs/api-reference.md` の「Project Sprints」「Project Tasks」セクションを参照。
+
 ## Todo運用ルール
 
 チャット中のタスクは `/api/todos` に登録して進捗管理すること。圧縮（context compaction）を跨いでも作業を完遂するための仕組みがある。