@smilintux/skcapstone 0.6.2 → 0.6.3

package/src/skcapstone/notifications.py

@@ -59,7 +59,9 @@ def _store_notification_memory(title: str, body: str, urgency: str) -> None:
         if not home.exists():
             return
 
-        agent_name = os.environ.get("SKCAPSTONE_AGENT", "lumina")
+        from . import active_agent_name
+
+        agent_name = os.environ.get("SKCAPSTONE_AGENT") or active_agent_name()
         notif_dir = home / "agents" / agent_name / "skcomm" / "notifications"
         notif_dir.mkdir(parents=True, exist_ok=True)
 
@@ -89,7 +91,9 @@ def _store_click_event(action: str, detail: str) -> None:
         if not home.exists():
             return
 
-        agent_name = os.environ.get("SKCAPSTONE_AGENT", "lumina")
+        from . import active_agent_name
+
+        agent_name = os.environ.get("SKCAPSTONE_AGENT") or active_agent_name()
         notif_dir = home / "agents" / agent_name / "skcomm" / "notifications"
         notif_dir.mkdir(parents=True, exist_ok=True)
 

package/src/skcapstone/onboard.py

@@ -93,6 +93,7 @@ def _step_identity(home_path: Path, name: str, email: str | None) -> tuple[str,
     from .pillars.memory import initialize_memory
     from .pillars.sync import initialize_sync
     from .models import AgentConfig, SyncConfig
+    from .operator_link import build_agent_manifest, discover_human_operator
     from .soul import SoulManager
 
     with Status("  Generating PGP identity…", console=console, spinner="dots") as s:
@@ -158,12 +159,11 @@ def _step_identity(home_path: Path, name: str, email: str | None) -> tuple[str,
         for d in skeleton_dirs:
             d.mkdir(parents=True, exist_ok=True)
 
-        manifest = {
-            "name": name,
-            "version": __version__,
-            "created_at": datetime.now(timezone.utc).isoformat(),
-            "connectors": [],
-        }
+        manifest = build_agent_manifest(
+            name,
+            __version__,
+            operator=discover_human_operator(),
+        )
         (home_path / "manifest.json").write_text(
             json.dumps(manifest, indent=2), encoding="utf-8"
         )
@@ -1652,7 +1652,7 @@ def run_onboard(home: Optional[str] = None) -> None:
     # -----------------------------------------------------------------------
     # Write global CLAUDE.md and register Claude Code hooks
     # -----------------------------------------------------------------------
-    # Write global CLAUDE.md
+    # Write global CLAUDE.md from bundled skeleton template
     try:
         from .cli.setup import _write_global_claude_md
         _write_global_claude_md(home_path, name)
@@ -1660,7 +1660,18 @@ def run_onboard(home: Optional[str] = None) -> None:
     except Exception as exc:
         _warn(f"Could not write CLAUDE.md: {exc}")
 
-    # Register Claude Code hooks (skmemory)
+    # Write ~/.claude/settings.json with SK hooks (merge with existing)
+    try:
+        from .cli.setup import _write_claude_settings
+        settings_path = _write_claude_settings(merge=True)
+        if settings_path:
+            _ok(f"~/.claude/settings.json updated ({settings_path})")
+        else:
+            _info("claude settings: skipped (skmemory not installed or template missing)")
+    except Exception as exc:
+        _warn(f"Could not write claude settings: {exc}")
+
+    # Register Claude Code hooks via skmemory (adds any hooks not yet in settings.json)
     try:
         from skmemory.register import register_hooks
         actions = register_hooks()

package/src/skcapstone/operator_link.py

@@ -0,0 +1,164 @@
+"""Human-operator link helpers for manifests and identity attestations."""
+
+from __future__ import annotations
+
+import json
+from datetime import datetime, timezone
+from pathlib import Path
+from typing import Any
+
+
+def discover_human_operator(capauth_home: Path | None = None) -> dict[str, str] | None:
+    """Return the active human operator from the local CapAuth profile.
+
+    Args:
+        capauth_home: Optional CapAuth home directory. Defaults to ``~/.capauth``.
+
+    Returns:
+        A compact operator mapping, or ``None`` if no human profile is available.
+    """
+    base = Path(capauth_home).expanduser() if capauth_home else _resolve_operator_home()
+    profile_path = base / "identity" / "profile.json"
+    if not profile_path.exists():
+        return None
+
+    try:
+        data = json.loads(profile_path.read_text(encoding="utf-8"))
+    except (json.JSONDecodeError, OSError):
+        return None
+
+    entity = data.get("entity", {})
+    key_info = data.get("key_info", {})
+    entity_type = str(entity.get("entity_type", "")).lower()
+    if entity_type not in {"human", "entitytype.human"}:
+        return None
+
+    name = entity.get("name", "").strip()
+    if not name:
+        return None
+
+    operator = {
+        "name": name,
+        "relationship": "human-operator",
+        "entity_type": "human",
+        "source": "capauth",
+    }
+    if entity.get("email"):
+        operator["email"] = entity["email"]
+    if entity.get("handle"):
+        operator["handle"] = entity["handle"]
+    if key_info.get("fingerprint"):
+        operator["fingerprint"] = key_info["fingerprint"]
+    return operator
+
+
+def build_agent_manifest(
+    name: str,
+    version: str,
+    *,
+    created_at: str | None = None,
+    connectors: list[str] | None = None,
+    operator: dict[str, str] | None = None,
+    entity_type: str = "ai-agent",
+) -> dict[str, Any]:
+    """Build a standard manifest for a sovereign agent."""
+    manifest: dict[str, Any] = {
+        "name": name,
+        "version": version,
+        "entity_type": entity_type,
+        "created_at": created_at or datetime.now(timezone.utc).isoformat(),
+        "connectors": connectors or [],
+    }
+    if operator:
+        manifest["operator"] = operator
+    return manifest
+
+
+def create_operator_attestation(
+    agent_name: str,
+    agent_fingerprint: str,
+    agent_public_key_path: Path,
+    output_dir: Path,
+    *,
+    capauth_home: Path | None = None,
+) -> dict[str, Any] | None:
+    """Create a signed attestation linking a human operator to an agent key.
+
+    The operator remains distinct from the agent identity. This produces a
+    signed claim that the human operator vouches for the agent fingerprint.
+
+    Args:
+        agent_name: Agent display name.
+        agent_fingerprint: Agent PGP fingerprint.
+        agent_public_key_path: Path to the agent public key armor.
+        output_dir: Directory where the attestation JSON should be written.
+        capauth_home: Optional CapAuth home for the human operator.
+
+    Returns:
+        The attestation mapping, or ``None`` if no human operator profile is
+        available or signing failed.
+    """
+    base = Path(capauth_home).expanduser() if capauth_home else _resolve_operator_home()
+    profile_path = base / "identity" / "profile.json"
+    private_key_path = base / "identity" / "private.asc"
+    public_key_path = base / "identity" / "public.asc"
+    if not profile_path.exists() or not private_key_path.exists() or not public_key_path.exists():
+        return None
+
+    try:
+        from capauth.crypto import get_backend  # type: ignore[import-untyped]
+        from capauth.profile import load_profile  # type: ignore[import-untyped]
+    except ImportError:
+        return None
+
+    try:
+        profile = load_profile(base_dir=base)
+    except Exception:
+        return None
+
+    entity_type = str(profile.entity.entity_type).lower()
+    if entity_type not in {"human", "entitytype.human"}:
+        return None
+
+    try:
+        payload = {
+            "agent_name": agent_name,
+            "agent_fingerprint": agent_fingerprint,
+            "agent_public_key_path": str(agent_public_key_path),
+            "relationship": "human-operator",
+            "operator_name": profile.entity.name,
+            "operator_email": profile.entity.email,
+            "operator_handle": profile.entity.handle,
+            "operator_fingerprint": profile.key_info.fingerprint,
+            "signed_at": datetime.now(timezone.utc).isoformat(),
+        }
+        payload_bytes = json.dumps(payload, indent=2, sort_keys=True).encode("utf-8")
+        private_armor = private_key_path.read_text(encoding="utf-8")
+        operator_public_armor = public_key_path.read_text(encoding="utf-8")
+        backend = get_backend(profile.crypto_backend)
+        signature = backend.sign(payload_bytes, private_armor, "")
+    except Exception:
+        return None
+
+    attestation = {
+        "payload": payload,
+        "signature": signature,
+        "operator_public_key_path": str(public_key_path),
+        "operator_public_key_armor": operator_public_armor,
+    }
+    output_dir.mkdir(parents=True, exist_ok=True)
+    (output_dir / "operator-attestation.json").write_text(
+        json.dumps(attestation, indent=2),
+        encoding="utf-8",
+    )
+    return attestation
+
+
+def _resolve_operator_home() -> Path:
+    """Resolve the human operator's CapAuth home."""
+    try:
+        from capauth import resolve_capauth_home  # type: ignore[import-untyped]
+
+        return resolve_capauth_home()
+    except Exception:
+        return Path.home() / ".skcapstone" / "capauth"

package/src/skcapstone/pillars/consciousness.py

@@ -15,6 +15,7 @@ import os
 from datetime import datetime, timezone
 from pathlib import Path
 
+from .. import active_agent_name
 from ..models import ConsciousnessState, PillarStatus
 
 
@@ -27,7 +28,7 @@ def initialize_consciousness(home: Path) -> ConsciousnessState:
     Returns:
         ConsciousnessState with current status.
     """
-    agent_name = os.environ.get("SKCAPSTONE_AGENT", "lumina")
+    agent_name = os.environ.get("SKCAPSTONE_AGENT") or active_agent_name() or ""
     # home may be the agent dir (~/.skcapstone/agents/jarvis/) or the
     # shared root (~/.skcapstone/). Check for skwhisper/ directly first.
     whisper_dir = home / "skwhisper"

package/src/skcapstone/pillars/identity.py

@@ -9,16 +9,22 @@ from __future__ import annotations
 
 import json
 import logging
-import subprocess
 from datetime import datetime, timezone
+from shutil import copyfile
 from pathlib import Path
 from typing import Optional
 
 from ..models import IdentityState, PillarStatus
+from ..operator_link import create_operator_attestation
 
 logger = logging.getLogger("skcapstone.identity")
 
 
+def _capauth_home(home: Path) -> Path:
+    """Return the agent-local CapAuth home for an SKCapstone agent."""
+    return home / "capauth"
+
+
 def generate_identity(
     home: Path,
     name: str,
@@ -47,10 +53,14 @@ def generate_identity(
         status=PillarStatus.DEGRADED,
     )
 
-    capauth_state = _try_init_capauth(name, state.email, identity_dir)
+    capauth_home = _capauth_home(home)
+    capauth_state = _try_init_capauth(name, state.email, identity_dir, capauth_home)
     if capauth_state is not None:
         state.fingerprint = capauth_state.fingerprint
         state.key_path = capauth_state.key_path
+        state.name = capauth_state.name
+        state.email = capauth_state.email
+        state.created_at = capauth_state.created_at
         state.status = PillarStatus.ACTIVE
     else:
         state.fingerprint = _generate_placeholder_fingerprint(name)
@@ -63,18 +73,39 @@ def generate_identity(
         "created_at": state.created_at.isoformat() if state.created_at else None,
         "capauth_managed": state.status == PillarStatus.ACTIVE,
     }
+    if state.key_path is not None:
+        identity_manifest["public_key_path"] = str(state.key_path)
+    if state.status == PillarStatus.ACTIVE:
+        identity_manifest["capauth_home"] = str(capauth_home)
+
+        attestation = create_operator_attestation(
+            agent_name=state.name or name,
+            agent_fingerprint=state.fingerprint or "",
+            agent_public_key_path=state.key_path or (capauth_home / "identity" / "public.asc"),
+            output_dir=identity_dir,
+        )
+        if attestation is not None:
+            payload = attestation.get("payload", {})
+            identity_manifest["operator_attestation_path"] = str(
+                identity_dir / "operator-attestation.json"
+            )
+            identity_manifest["operator_attested_by"] = payload.get("operator_fingerprint")
+
     (identity_dir / "identity.json").write_text(json.dumps(identity_manifest, indent=2), encoding="utf-8")
 
     return state
 
 
 def _try_init_capauth(
-    name: str, email: str, identity_dir: Path
+    name: str,
+    email: str,
+    identity_dir: Path,
+    capauth_home: Path,
 ) -> Optional[IdentityState]:
     """Try to create or load a real CapAuth identity.
 
     Attempts (in order):
-    1. Load an existing CapAuth profile from ~/.capauth/
+    1. Load an existing CapAuth profile from the agent-local CapAuth home
     2. Create a new profile via capauth.profile.init_profile()
     3. Fall back to legacy capauth.keys.generate_keypair()
 
@@ -90,12 +121,17 @@ def _try_init_capauth(
     try:
         from capauth.profile import load_profile  # type: ignore[import-untyped]
 
-        profile = load_profile()
+        profile = load_profile(base_dir=capauth_home)
+        key_path = Path(profile.key_info.public_key_path)
+        legacy_key_path = identity_dir / "agent.pub"
+        if key_path.exists() and not legacy_key_path.exists():
+            copyfile(key_path, legacy_key_path)
         return IdentityState(
             fingerprint=profile.key_info.fingerprint,
-            key_path=Path(profile.key_info.public_key_path),
+            key_path=key_path,
             name=profile.entity.name,
             email=profile.entity.email,
+            created_at=profile.key_info.created,
             status=PillarStatus.ACTIVE,
         )
     except ImportError:
@@ -105,18 +141,26 @@ def _try_init_capauth(
 
     # No existing profile — try creating one
     try:
+        from capauth.models import EntityType  # type: ignore[import-untyped]
         from capauth.profile import init_profile  # type: ignore[import-untyped]
 
         profile = init_profile(
             name=name,
             email=email,
             passphrase="",
+            entity_type=EntityType.AI,
+            base_dir=capauth_home,
         )
+        key_path = Path(profile.key_info.public_key_path)
+        legacy_key_path = identity_dir / "agent.pub"
+        if key_path.exists():
+            copyfile(key_path, legacy_key_path)
         return IdentityState(
             fingerprint=profile.key_info.fingerprint,
-            key_path=Path(profile.key_info.public_key_path),
+            key_path=key_path,
             name=profile.entity.name,
             email=profile.entity.email,
+            created_at=profile.key_info.created,
             status=PillarStatus.ACTIVE,
         )
     except Exception as exc:

package/src/skcapstone/pillars/memory.py

@@ -11,9 +11,11 @@ store/search/recall/list/gc capabilities. The optional external
 
 from __future__ import annotations
 
+import os
 from pathlib import Path
 from typing import Optional
 
+from .. import active_agent_name
 from ..models import MemoryLayer, MemoryState, PillarStatus
 
 
@@ -31,9 +33,13 @@ def initialize_memory(home: Path, memory_home: Optional[Path] = None) -> MemoryS
     Returns:
         MemoryState after initialization.
     """
-    # Use agent-specific memory directory
-    agent_name = os.environ.get("SKCAPSTONE_AGENT", "lumina")
-    memory_dir = home / "agents" / agent_name / "memory"
+    agent_name = os.environ.get("SKCAPSTONE_AGENT") or active_agent_name()
+    if home.parent.name == "agents":
+        memory_dir = home / "memory"
+    elif agent_name:
+        memory_dir = home / "agents" / agent_name / "memory"
+    else:
+        memory_dir = home / "memory"
     memory_dir.mkdir(parents=True, exist_ok=True)
 
     for layer in MemoryLayer:

package/src/skcapstone/runtime.py

@@ -94,10 +94,14 @@ class AgentRuntime:
         logger.info("Awakening agent from %s (shared: %s)", self.home, self.shared_root)
 
         manifest_file = self.home / "manifest.json"
+        manifest_name_loaded = False
         if manifest_file.exists():
             try:
                 data = json.loads(manifest_file.read_text(encoding="utf-8"))
-                self.manifest.name = data.get("name", self.manifest.name)
+                manifest_name = data.get("name")
+                if manifest_name:
+                    self.manifest.name = manifest_name
+                    manifest_name_loaded = True
                 if data.get("created_at"):
                     self.manifest.created_at = datetime.fromisoformat(data["created_at"])
                 connectors_data = data.get("connectors", [])
@@ -105,8 +109,6 @@ class AgentRuntime:
             except (json.JSONDecodeError, ValueError) as exc:
                 logger.warning("Failed to load manifest: %s", exc)
 
-        self.manifest.name = self.config.agent_name
-
         # Discover pillars from per-agent home
         pillars = discover_all(self.home, shared_root=self.shared_root)
         self.manifest.identity = pillars["identity"]
@@ -117,6 +119,14 @@ class AgentRuntime:
         self.manifest.sync = pillars["sync"]
         self.manifest.skills = pillars["skills"]
 
+        if (
+            self.manifest.identity.name
+            and self.manifest.identity.status == PillarStatus.ACTIVE
+        ):
+            self.manifest.name = self.manifest.identity.name
+        elif not manifest_name_loaded and self.config.agent_name:
+            self.manifest.name = self.config.agent_name
+
         self.manifest.last_awakened = datetime.now(timezone.utc)
         self._awakened = True
 

package/src/skcapstone/service_health.py

@@ -32,6 +32,10 @@ logger = logging.getLogger("skcapstone.service_health")
 # Default timeout per service check (seconds).
 CHECK_TIMEOUT = 3
 
+# Hostname tag for multi-machine dedup — prevents Syncthing conflicts when
+# multiple daemons write to the same ITIL incident files.
+_HOSTNAME = socket.gethostname()
+
 
 # ---------------------------------------------------------------------------
 # Individual service checks
@@ -218,18 +222,23 @@ def _create_incident_for_down_service(service_result: dict[str, Any]) -> None:
         from .itil import ITILManager
 
         svc_name = service_result["name"]
+        error_info = service_result.get("error") or "unreachable"
         mgr = ITILManager(os.path.expanduser(SHARED_ROOT))
 
         # Dedup: skip if there's already an open incident for this service
         existing = mgr.find_open_incident_for_service(svc_name)
         if existing:
-            logger.debug(
-                "Skipping incident creation for %s — open incident %s exists",
-                svc_name, existing.id,
-            )
+            # Only add a "still down" note if this host hasn't noted it recently
+            last_notes = [e.get("note", "") for e in (existing.timeline or [])[-3:]]
+            host_tag = f"[{_HOSTNAME}]"
+            if any(host_tag in n and "still down" in n for n in last_notes):
+                logger.debug("Skipping duplicate down note for %s from %s", svc_name, _HOSTNAME)
+            else:
+                mgr.update_incident(
+                    existing.id, "service_health",
+                    note=f"[{_HOSTNAME}] Service {svc_name} still down: {error_info}",
+                )
             return
-
-        error_info = service_result.get("error") or "unreachable"
         mgr.create_incident(
             title=f"{svc_name} down",
             severity="sev3",
@@ -267,10 +276,14 @@ def _auto_resolve_recovered_service(service_result: dict[str, Any]) -> None:
             logger.info("Auto-resolved sev4 incident %s for recovered service %s",
                         existing.id, svc_name)
         else:
-            mgr.update_incident(
-                existing.id, "service_health",
-                note=f"Service {svc_name} appears to be back up",
-            )
+            # Skip if this host already noted recovery recently
+            last_notes = [e.get("note", "") for e in (existing.timeline or [])[-3:]]
+            host_tag = f"[{_HOSTNAME}]"
+            if not any(host_tag in n and "back up" in n for n in last_notes):
+                mgr.update_incident(
+                    existing.id, "service_health",
+                    note=f"[{_HOSTNAME}] Service {svc_name} appears to be back up",
+                )
     except Exception as exc:
         logger.debug("Failed to auto-resolve incident for %s: %s",
                       service_result.get("name"), exc)

package/src/skcapstone/session_briefing.py

@@ -0,0 +1,108 @@
+"""Session briefing helpers for SKCapstone startup flows."""
+
+from __future__ import annotations
+
+import json
+import os
+import subprocess
+import sys
+from datetime import datetime, timezone
+from pathlib import Path
+from typing import Any
+
+from .context_loader import format_text, gather_context
+
+
+DEFAULT_HAMMERTIME_ROOT = Path("/mnt/cloud/onedrive/projects/DAVE AI/hammerTime")
+
+
+def _resolve_hammertime_root() -> Path:
+    """Resolve the HammerTime workspace root."""
+    return Path(os.environ.get("HAMMERTIME_ROOT", DEFAULT_HAMMERTIME_ROOT)).expanduser()
+
+
+def load_hammertime_briefing(
+    *,
+    python_bin: str | None = None,
+    root: Path | None = None,
+) -> dict[str, Any] | None:
+    """Load the HammerTime case briefing if the repo is available."""
+    if os.environ.get("SK_INCLUDE_HAMMERTIME_BRIEFING", "1") == "0":
+        return None
+
+    hammer_root = root or _resolve_hammertime_root()
+    script = hammer_root / "scripts" / "case-briefing.py"
+    if not script.exists():
+        return None
+
+    try:
+        completed = subprocess.run(
+            [python_bin or sys.executable, str(script)],
+            check=True,
+            capture_output=True,
+            text=True,
+        )
+    except (OSError, subprocess.CalledProcessError):
+        return None
+
+    try:
+        payload = json.loads(completed.stdout)
+    except json.JSONDecodeError:
+        return None
+    return payload if isinstance(payload, dict) else None
+
+
+def build_session_briefing(
+    home: Path,
+    *,
+    memory_limit: int = 10,
+    python_bin: str | None = None,
+) -> dict[str, Any]:
+    """Build a native session briefing payload."""
+    return {
+        "generated_at": datetime.now(timezone.utc).isoformat(),
+        "agent_home": str(home),
+        "skcapstone_context": gather_context(home, memory_limit=memory_limit),
+        "hammertime_briefing": load_hammertime_briefing(python_bin=python_bin),
+    }
+
+
+def format_session_briefing_text(payload: dict[str, Any]) -> str:
+    """Render a human-readable session briefing."""
+    lines = [
+        "# SKCapstone Session Briefing",
+        "",
+        f"generated_at={payload.get('generated_at')}",
+        f"agent_home={payload.get('agent_home')}",
+        "",
+        "## skcapstone context",
+        format_text(payload["skcapstone_context"]).rstrip(),
+    ]
+
+    briefing = payload.get("hammertime_briefing")
+    if briefing:
+        top = briefing.get("top_priority") or {}
+        lines.extend(
+            [
+                "",
+                "## hammertime briefing",
+                f"- alert_count: {briefing.get('alert_count', 0)}",
+                f"- queue_size: {briefing.get('summary', {}).get('queue_size', 0)}",
+            ]
+        )
+        if top:
+            lines.extend(
+                [
+                    f"- do_this_now_incident: {top.get('incident_id')} ({top.get('problem_slug')})",
+                    f"- do_this_now_action: {top.get('action')}",
+                    f"- do_this_now_status: {top.get('status')}",
+                ]
+            )
+        for item in (briefing.get("focus_items") or [])[:3]:
+            lines.append(
+                f"- focus: {item.get('incident_id')} -> {item.get('action')} [{item.get('status')}]"
+            )
+    else:
+        lines.extend(["", "## hammertime briefing", "- unavailable"])
+
+    return "\n".join(lines).rstrip() + "\n"