@geekbeer/minion 4.3.4 → 4.4.0

package/core/lib/claude-settings-sync.js

@@ -0,0 +1,106 @@
+'use strict'
+
+/**
+ * Sync bundled Claude Code settings (permissions + hooks) into
+ * <homeDir>/.claude/settings.json. Shared by the Linux and Windows servers so
+ * both platforms get identical baseline permissions and the PreToolUse hooks.
+ *
+ * User overrides live in settings.local.json which Claude merges on top of the
+ * settings.json we write here, so re-syncing on every boot is safe.
+ */
+
+const fs = require('fs')
+const path = require('path')
+
+// packages/minion/core/lib/claude-settings-sync.js -> packages/minion
+const PACKAGE_ROOT = path.join(__dirname, '..', '..')
+
+/**
+ * Copy bundled hook scripts to <claudeDir>/hooks/ and return the PreToolUse
+ * hook config block to embed in settings.json. Returns null when no hooks are
+ * bundled.
+ *
+ * Currently wires block-hq-navigation.js, which denies Playwright navigation to
+ * HQ (*.minion-agent.com) so the minion uses the API instead of scraping the
+ * dashboard.
+ */
+function syncHookScripts(claudeDir, log) {
+  try {
+    const bundledHooksDir = path.join(PACKAGE_ROOT, 'settings', 'hooks')
+    if (!fs.existsSync(bundledHooksDir)) return null
+
+    const targetHooksDir = path.join(claudeDir, 'hooks')
+    if (!fs.existsSync(targetHooksDir)) {
+      fs.mkdirSync(targetHooksDir, { recursive: true })
+    }
+
+    const files = fs.readdirSync(bundledHooksDir).filter((f) => f.endsWith('.js'))
+    for (const file of files) {
+      fs.copyFileSync(
+        path.join(bundledHooksDir, file),
+        path.join(targetHooksDir, file),
+      )
+    }
+
+    const navHook = path.join(targetHooksDir, 'block-hq-navigation.js')
+    if (!fs.existsSync(navHook)) return null
+
+    log(`[Hooks] Synced ${files.length} hook script(s) to ~/.claude/hooks/`)
+    return {
+      PreToolUse: [
+        {
+          matcher: 'mcp__playwright__browser_navigate',
+          hooks: [{ type: 'command', command: `node ${navHook}` }],
+        },
+      ],
+    }
+  } catch (err) {
+    log(`[Hooks] Failed to sync hook scripts: ${err.message}`)
+    return null
+  }
+}
+
+/**
+ * Sync bundled permissions + hooks to <homeDir>/.claude/settings.json.
+ * @param {string} homeDir - the minion HOME (config.HOME_DIR)
+ * @param {(msg: string) => void} [log] - logger (defaults to console.log)
+ */
+function syncClaudeSettings(homeDir, log = console.log) {
+  const bundledPath = path.join(PACKAGE_ROOT, 'settings', 'permissions.json')
+  const settingsDir = path.join(homeDir, '.claude')
+  const settingsPath = path.join(settingsDir, 'settings.json')
+
+  try {
+    if (!fs.existsSync(bundledPath)) return
+
+    const bundled = JSON.parse(fs.readFileSync(bundledPath, 'utf-8'))
+
+    let settings = {}
+    if (fs.existsSync(settingsPath)) {
+      try {
+        settings = JSON.parse(fs.readFileSync(settingsPath, 'utf-8'))
+      } catch {
+        log('[Permissions] existing settings.json invalid, overwriting')
+      }
+    }
+
+    settings.permissions = {
+      allow: bundled.allow || [],
+      deny: bundled.deny || [],
+    }
+
+    fs.mkdirSync(settingsDir, { recursive: true })
+
+    const hooks = syncHookScripts(settingsDir, log)
+    if (hooks) {
+      settings.hooks = hooks
+    }
+
+    fs.writeFileSync(settingsPath, JSON.stringify(settings, null, 2) + '\n', 'utf-8')
+    log(`[Permissions] Synced: allow=${(bundled.allow || []).length}, deny=${(bundled.deny || []).length}`)
+  } catch (err) {
+    log(`[Permissions] Failed to sync permissions: ${err.message}`)
+  }
+}
+
+module.exports = { syncClaudeSettings }

package/docs/task-guides.md

@@ -41,6 +41,17 @@ curl -X POST http://localhost:8080/api/web/extract \
 | 「ログインしてダッシュボード操作」 | Playwright MCP |
 | 「フォームを送信」 | Playwright MCP |
 | 「複数ページ巡回して全件取得」 | `/api/web/extract` をループ呼び出し (各ページに対して) |
+| **HQ (`*.minion-agent.com`) のノート/タスク/プロジェクト** | **HQ API（Playwright禁止）** |
+
+### HQ (`*.minion-agent.com`) のリンクは API で取得する
+
+HQダッシュボードのページURLを Playwright MCP で開いてはならない（PreToolUse フック `block-hq-navigation.js` で拒否される）。受け取ったURL／タグは以下に変換する。チャットで参照された場合、本文はプロンプト先頭の「参照ノート」「参照チケット」ブロックに既に注入済みなので、まずそれを読む。
+
+| 受け取った形 | 取得方法 |
+|------|---------|
+| `[note:UUID]` / `…/notes/:id` | `GET $HQ_URL/api/minion/workspaces/:wsId/notes/:id`（または `…/projects/:pid/notes/:id`） |
+| `[task:UUID]` / `…/tasks/:id` | `GET $HQ_URL/api/minion/projects/:pid/tasks/:id` |
+| `…/projects/:id` | `GET $HQ_URL/api/minion/projects/:id` |
 
 ### キャッシュの確認・破棄 (debug)
 

package/linux/routes/chat.js

@@ -44,7 +44,7 @@ async function chatRoutes(fastify) {
       return { success: false, error: 'Unauthorized' }
     }
 
-    const { message, session_id, context, workspace_id, referenced_tasks } = request.body || {}
+    const { message, session_id, context, workspace_id, referenced_tasks, referenced_notes } = request.body || {}
 
     if (!message || typeof message !== 'string') {
       reply.code(400)
@@ -54,9 +54,10 @@ async function chatRoutes(fastify) {
     const workspaceId = workspace_id || null
 
     // Build prompt — add memory context on new sessions + page context + workspace
-    // referenced_tasks is injected into the prompt only (not stored in history)
-    // so the user's chat log keeps just the [task:UUID] tag, not a noisy dump.
-    const prompt = await buildContextPrefix(message, context, session_id, workspaceId, referenced_tasks)
+    // referenced_tasks / referenced_notes are injected into the prompt only (not
+    // stored in history) so the user's chat log keeps just the [task:UUID] /
+    // [note:UUID] tag (or pasted URL), not a noisy dump.
+    const prompt = await buildContextPrefix(message, context, session_id, workspaceId, referenced_tasks, referenced_notes)
 
     // Persist the user message BEFORE invoking the LLM so that crashes,
     // timeouts, or unparseable CLI output can't lose it. For new sessions we
@@ -267,7 +268,7 @@ ${indexed}`
  * On new sessions (no session_id), injects minion memory + recent daily logs.
  * No conversation history injection — Claude CLI handles that via --resume.
  */
-async function buildContextPrefix(message, context, sessionId, workspaceId, referencedTasks) {
+async function buildContextPrefix(message, context, sessionId, workspaceId, referencedTasks, referencedNotes) {
   const parts = []
 
   // Resolved [task:UUID] tags from HQ — surface ticket details so Claude can
@@ -288,6 +289,29 @@ async function buildContextPrefix(message, context, sessionId, workspaceId, refe
     parts.push('')
   }
 
+  // Resolved [note:UUID] tags / pasted note URLs from HQ — surface the note body
+  // inline so Claude answers WITHOUT opening the HQ page with Playwright. The
+  // body is a snippet; the full note is one API call away.
+  if (Array.isArray(referencedNotes) && referencedNotes.length > 0) {
+    parts.push('[参照ノート — ユーザーがメッセージ内で `[note:UUID]` 形式またはURLで参照しているHQノート。Playwrightで開かず、全文が必要なら下記APIを使うこと]')
+    const NOTE_LIMIT = 2000
+    for (const n of referencedNotes) {
+      if (!n || !n.id) continue
+      const body = String(n.content || '').trim()
+      const truncated = body.length > NOTE_LIMIT
+      const snippet = truncated ? body.slice(0, NOTE_LIMIT) : body
+      parts.push(`- [note:${n.id}] ${n.title || '(無題)'} (status: ${n.status || '?'})`)
+      if (snippet) {
+        parts.push('  ```', ...snippet.split('\n').map((l) => `  ${l}`), '  ```')
+      }
+      parts.push(
+        `  全文/更新: GET|PATCH $HQ_URL/api/minion/workspaces/${n.workspace_id}/notes/${n.id}` +
+          (truncated ? ' (本文は上記抜粋、全文はAPIで取得)' : ''),
+      )
+    }
+    parts.push('')
+  }
+
   // Inject workspace context so Claude Code knows which workspace it's operating in
   if (workspaceId) {
     const workspaceStore = require('../../core/stores/workspace-store')
@@ -388,6 +412,8 @@ async function buildContextPrefix(message, context, sessionId, workspaceId, refe
       '',
       'Playwright MCP (`mcp__playwright__*`) は **ログイン・フォーム入力・複数画面の対話操作**が必要な場合のみ使用する。',
       '単純な閲覧・要約・一覧取得用途ではMCPを使わない。',
+      '',
+      'HQ (`*.minion-agent.com`) のページURLは **Playwrightで開かずAPIで取得する**。ノートは `GET $HQ_URL/api/minion/workspaces/:wsId/notes/:id`、タスクは `GET $HQ_URL/api/minion/projects/:pid/tasks/:id`。チャットで参照されたノート/タスクの本文は上記「参照ノート」「参照チケット」ブロックに既に注入済み。',
       ''
     )
   }

package/linux/server.js

@@ -38,6 +38,7 @@ const PACKAGE_ROOT = path.join(__dirname, '..')
 // Core shared modules
 const { config, validate, isHqConfigured } = require('../core/config')
 const { sendHeartbeat } = require('../core/api')
+const { syncClaudeSettings } = require('../core/lib/claude-settings-sync')
 const { version } = require('../package.json')
 
 const workflowStore = require('../core/stores/workflow-store')
@@ -159,34 +160,11 @@ process.on('SIGTERM', () => shutdown('SIGTERM'))
 process.on('SIGINT', () => shutdown('SIGINT'))
 
 /**
- * Sync bundled permissions into ~/.claude/settings.json.
+ * Sync bundled permissions + PreToolUse hooks into ~/.claude/settings.json.
+ * Delegates to the shared core module so Linux and Windows stay in sync.
  */
 function syncPermissions() {
-  const bundledPath = path.join(PACKAGE_ROOT, 'settings', 'permissions.json')
-  const settingsDir = path.join(config.HOME_DIR, '.claude')
-  const settingsPath = path.join(settingsDir, 'settings.json')
-
-  try {
-    if (!fs.existsSync(bundledPath)) return
-
-    const bundled = JSON.parse(fs.readFileSync(bundledPath, 'utf-8'))
-
-    let settings = {}
-    if (fs.existsSync(settingsPath)) {
-      settings = JSON.parse(fs.readFileSync(settingsPath, 'utf-8'))
-    }
-
-    settings.permissions = {
-      allow: bundled.allow || [],
-      deny: bundled.deny || [],
-    }
-
-    fs.mkdirSync(settingsDir, { recursive: true })
-    fs.writeFileSync(settingsPath, JSON.stringify(settings, null, 2) + '\n', 'utf-8')
-    console.log(`[Permissions] Synced: allow=${bundled.allow.length}, deny=${bundled.deny.length}`)
-  } catch (err) {
-    console.error(`[Permissions] Failed to sync permissions: ${err.message}`)
-  }
+  syncClaudeSettings(config.HOME_DIR, (msg) => console.log(msg))
 }
 
 /**

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@geekbeer/minion",
-  "version": "4.3.4",
+  "version": "4.4.0",
   "description": "AI Agent runtime for Minion - manages status and skill deployment on VPS",
   "main": "linux/server.js",
   "bin": {

package/rules/core.md

@@ -47,6 +47,20 @@ Minion
 - **Workspace**: ミニオンは複数のワークスペースに所属でき、スキルやプロジェクトはワークスペース単位でスコープされる。チャットセッションもワークスペース別に分離される。所属ワークスペースはハートビートで自動同期され、`hq list workspaces` で確認できる。
 - ミニオンは複数プロジェクトに `pm`、`engineer`、`accountant` として参加できる。
 
+## HQ リソースへのリンクは API で取得する
+
+`*.minion-agent.com`（HQダッシュボード）のページURLを **Playwright MCP で開いてはならない**。ほぼ全リソースがAPIで取得できる。受け取ったURL／タグは以下のAPIに変換して使うこと。
+
+| 受け取った形 | 取得方法 |
+|------|---------|
+| `[note:UUID]` / `…/notes/:id` | `GET $HQ_URL/api/minion/workspaces/:wsId/notes/:id`（プロジェクト紐づきなら `…/projects/:pid/notes/:id` も可） |
+| `[task:UUID]` / `…/tasks/:id` | `GET $HQ_URL/api/minion/projects/:pid/tasks/:id` |
+| `…/projects/:id` | `GET $HQ_URL/api/minion/projects/:id` |
+
+- チャットでユーザーが `[note:UUID]` / `[task:UUID]` やノートURLを貼った場合、**本文はプロンプト先頭の「参照ノート」「参照チケット」ブロックに既に注入済み**。まずそれを読むこと。全文・最新版が要るときだけ上記APIを叩く。
+- 認証なしのPlaywright閲覧はログイン画面や不完全なHTMLを掴むため結果が壊れる。HQリンクは必ずAPIで取得する。
+- このルールは PreToolUse フックでも強制されており、`mcp__playwright__browser_navigate` で `*.minion-agent.com` を開こうとすると拒否される。
+
 ## Email
 
 各ミニオンには専用メールアドレス `m-{MINION_ID}@minion-agent.com` が割り当てられている。

package/settings/hooks/block-hq-navigation.js

@@ -0,0 +1,114 @@
+#!/usr/bin/env node
+/**
+ * PreToolUse hook: block Playwright navigation to HQ (*.minion-agent.com).
+ *
+ * The minion must read HQ resources (notes, tasks, projects) via the Agent/HQ
+ * API, not by scraping the dashboard with Playwright — unauthenticated browser
+ * navigation just lands on a login page or partial HTML and corrupts results.
+ * This hook is the enforcement layer behind the "HQ リソースへのリンクは API で
+ * 取得する" rule in core.md.
+ *
+ * Wired into ~/.claude/settings.json as:
+ *   hooks.PreToolUse[] -> matcher "mcp__playwright__browser_navigate"
+ *
+ * Receives the tool call as JSON on stdin; denies via hookSpecificOutput when
+ * the target host matches HQ, allows everything else. Blocked attempts are
+ * appended to ~/.minion/logs/hq-nav-blocks.log for effectiveness measurement.
+ */
+const fs = require('fs')
+const os = require('os')
+const path = require('path')
+
+function readStdin() {
+  try {
+    return fs.readFileSync(0, 'utf8')
+  } catch {
+    return ''
+  }
+}
+
+/** Hosts considered "HQ". Overridable via HQ_NAV_BLOCK_HOSTS (comma-separated). */
+function blockedHostSuffixes() {
+  const fromEnv = (process.env.HQ_NAV_BLOCK_HOSTS || '')
+    .split(',')
+    .map((s) => s.trim().toLowerCase())
+    .filter(Boolean)
+  const suffixes = new Set(['minion-agent.com', ...fromEnv])
+  // Also include the configured HQ host, in case it lives on a custom domain.
+  if (process.env.HQ_URL) {
+    try {
+      suffixes.add(new URL(process.env.HQ_URL).hostname.toLowerCase())
+    } catch {
+      /* ignore malformed HQ_URL */
+    }
+  }
+  return [...suffixes]
+}
+
+function isBlocked(rawUrl, suffixes) {
+  let host
+  try {
+    host = new URL(rawUrl).hostname.toLowerCase()
+  } catch {
+    return false
+  }
+  return suffixes.some((s) => host === s || host.endsWith(`.${s}`))
+}
+
+function logBlock(url) {
+  try {
+    const dir = path.join(os.homedir(), '.minion', 'logs')
+    fs.mkdirSync(dir, { recursive: true })
+    fs.appendFileSync(
+      path.join(dir, 'hq-nav-blocks.log'),
+      `${new Date().toISOString()}\t${url}\n`,
+    )
+  } catch {
+    /* best-effort logging only */
+  }
+}
+
+function allow() {
+  process.exit(0)
+}
+
+function deny(url) {
+  logBlock(url)
+  const reason =
+    `Playwright で ${url} を開くことは禁止されています。HQ (*.minion-agent.com) の` +
+    'リソースはAPIで取得してください。例: ノートは `GET $HQ_URL/api/minion/workspaces/:wsId/notes/:id`、' +
+    'タスクは `GET $HQ_URL/api/minion/projects/:pid/tasks/:id`。' +
+    'チャットで参照されたノート/タスクの本文はプロンプト先頭の「参照ノート」「参照チケット」ブロックに既に注入されています。'
+  process.stdout.write(
+    JSON.stringify({
+      hookSpecificOutput: {
+        hookEventName: 'PreToolUse',
+        permissionDecision: 'deny',
+        permissionDecisionReason: reason,
+      },
+    }),
+  )
+  process.exit(0)
+}
+
+function main() {
+  let payload
+  try {
+    payload = JSON.parse(readStdin() || '{}')
+  } catch {
+    allow()
+    return
+  }
+  const url = payload?.tool_input?.url
+  if (typeof url !== 'string' || !url) {
+    allow()
+    return
+  }
+  if (isBlocked(url, blockedHostSuffixes())) {
+    deny(url)
+  } else {
+    allow()
+  }
+}
+
+main()

package/win/routes/chat.js

@@ -119,7 +119,7 @@ async function chatRoutes(fastify) {
       return { success: false, error: 'Unauthorized' }
     }
 
-    const { message, session_id, context, wsl_mode, workspace_id, referenced_tasks } = request.body || {}
+    const { message, session_id, context, wsl_mode, workspace_id, referenced_tasks, referenced_notes } = request.body || {}
     if (!message || typeof message !== 'string') {
       reply.code(400)
       return { success: false, error: 'message is required' }
@@ -128,7 +128,7 @@ async function chatRoutes(fastify) {
     const workspaceId = workspace_id || null
     // referenced_tasks is injected into the prompt only (not stored in history)
     // so the user's chat log keeps just the [task:UUID] tag, not a noisy dump.
-    const prompt = await buildContextPrefix(message, context, session_id, workspaceId, referenced_tasks)
+    const prompt = await buildContextPrefix(message, context, session_id, workspaceId, referenced_tasks, referenced_notes)
     const currentSessionId = session_id || null
 
     // Persist the user message BEFORE invoking the LLM so that crashes,
@@ -336,7 +336,7 @@ ${indexed}`
   })
 }
 
-async function buildContextPrefix(message, context, sessionId, workspaceId, referencedTasks) {
+async function buildContextPrefix(message, context, sessionId, workspaceId, referencedTasks, referencedNotes) {
   const parts = []
 
   // Resolved [task:UUID] tags from HQ — surface ticket details so Claude can
@@ -355,6 +355,29 @@ async function buildContextPrefix(message, context, sessionId, workspaceId, refe
     parts.push('')
   }
 
+  // Resolved [note:UUID] tags / pasted note URLs from HQ — surface the note body
+  // inline so Claude answers WITHOUT opening the HQ page with Playwright. The
+  // body is a snippet; the full note is one API call away.
+  if (Array.isArray(referencedNotes) && referencedNotes.length > 0) {
+    parts.push('[参照ノート — ユーザーがメッセージ内で `[note:UUID]` 形式またはURLで参照しているHQノート。Playwrightで開かず、全文が必要なら下記APIを使うこと]')
+    const NOTE_LIMIT = 2000
+    for (const n of referencedNotes) {
+      if (!n || !n.id) continue
+      const body = String(n.content || '').trim()
+      const truncated = body.length > NOTE_LIMIT
+      const snippet = truncated ? body.slice(0, NOTE_LIMIT) : body
+      parts.push(`- [note:${n.id}] ${n.title || '(無題)'} (status: ${n.status || '?'})`)
+      if (snippet) {
+        parts.push('  ```', ...snippet.split('\n').map((l) => `  ${l}`), '  ```')
+      }
+      parts.push(
+        `  全文/更新: GET|PATCH $HQ_URL/api/minion/workspaces/${n.workspace_id}/notes/${n.id}` +
+          (truncated ? ' (本文は上記抜粋、全文はAPIで取得)' : ''),
+      )
+    }
+    parts.push('')
+  }
+
   // Inject workspace context so Claude Code knows which workspace it's operating in
   if (workspaceId) {
     const workspaceStore = require('../../core/stores/workspace-store')
@@ -454,6 +477,8 @@ async function buildContextPrefix(message, context, sessionId, workspaceId, refe
       '',
       'Playwright MCP (`mcp__playwright__*`) は **ログイン・フォーム入力・複数画面の対話操作**が必要な場合のみ使用する。',
       '単純な閲覧・要約・一覧取得用途ではMCPを使わない。',
+      '',
+      'HQ (`*.minion-agent.com`) のページURLは **Playwrightで開かずAPIで取得する**。ノートは `GET $HQ_URL/api/minion/workspaces/:wsId/notes/:id`、タスクは `GET $HQ_URL/api/minion/projects/:pid/tasks/:id`。チャットで参照されたノート/タスクの本文は上記「参照ノート」「参照チケット」ブロックに既に注入済み。',
       ''
     )
   }

package/win/server.js

@@ -35,6 +35,7 @@ const { getConfigWarnings } = require('../core/lib/config-warnings')
 
 // Bundled skill deployment (version-gated, see core/lib/bundled-skills.js)
 const { syncBundledSkills } = require('../core/lib/bundled-skills')
+const { syncClaudeSettings } = require('../core/lib/claude-settings-sync')
 const { getActiveSkillDirs } = require('../core/llm-plugins/lib/skill-dirs')
 
 // Pull-model daemons (from core/)
@@ -126,27 +127,11 @@ process.on('SIGTERM', () => shutdown('SIGTERM'))
 process.on('SIGINT', () => shutdown('SIGINT'))
 
 /**
- * Sync bundled permissions into ~/.claude/settings.json.
+ * Sync bundled permissions + PreToolUse hooks into ~/.claude/settings.json.
+ * Delegates to the shared core module so Linux and Windows stay in sync.
  */
 function syncPermissions() {
-  const bundledPath = path.join(__dirname, '..', 'settings', 'permissions.json')
-  const settingsDir = path.join(config.HOME_DIR, '.claude')
-  const settingsPath = path.join(settingsDir, 'settings.json')
-
-  try {
-    if (!fs.existsSync(bundledPath)) return
-    const bundled = JSON.parse(fs.readFileSync(bundledPath, 'utf-8'))
-    let settings = {}
-    if (fs.existsSync(settingsPath)) {
-      settings = JSON.parse(fs.readFileSync(settingsPath, 'utf-8'))
-    }
-    settings.permissions = { allow: bundled.allow || [], deny: bundled.deny || [] }
-    fs.mkdirSync(settingsDir, { recursive: true })
-    fs.writeFileSync(settingsPath, JSON.stringify(settings, null, 2) + '\n', 'utf-8')
-    console.log(`[Permissions] Synced: allow=${bundled.allow.length}, deny=${bundled.deny.length}`)
-  } catch (err) {
-    console.error(`[Permissions] Failed to sync permissions: ${err.message}`)
-  }
+  syncClaudeSettings(config.HOME_DIR, (msg) => console.log(msg))
 }
 
 /**