bosun 0.32.0 → 0.33.1

package/.env.example

@@ -332,9 +332,9 @@ TELEGRAM_MINIAPP_ENABLED=false
 # by the next agent working on that branch. Default: true
 # TASK_UPSTREAM_SYNC_MAIN=true
 
-# ─── GitHub App (Bosun[botswain] Identity + Auth) ────────────────────────────
-# App: https://github.com/apps/bosun-botswain  (slug: bosun-botswain)
-# Bot identity: bosun-botswain[bot]  (appears as contributor on every agent commit)
+# ─── GitHub App (Bosun[VE] Identity + Auth) ────────────────────────────
+# App: https://github.com/apps/bosun-ve  (slug: bosun-ve)
+# Bot identity: bosun-ve[bot]  (appears as contributor on every agent commit)
 #
 # Numeric App ID (shown on the App settings page under "About"):
 # BOSUN_GITHUB_APP_ID=2911413
@@ -350,9 +350,9 @@ TELEGRAM_MINIAPP_ENABLED=false
 # BOSUN_GITHUB_WEBHOOK_SECRET=
 #
 # Path to the PEM private key downloaded from App settings → Generate a private key:
-# BOSUN_GITHUB_PRIVATE_KEY_PATH=/path/to/bosun-botswain.pem
+# BOSUN_GITHUB_PRIVATE_KEY_PATH=/path/to/bosun-ve.pem
 #
-# ─── GitHub App Settings (enable all three in https://github.com/settings/apps/bosun-botswain) ────
+# ─── GitHub App Settings (enable all three in https://github.com/settings/apps/bosun-ve) ────
 # ✅ Callback URL  →  http://127.0.0.1:54317/github/callback  (set this FIRST, then Save)
 # ✅ "Request user authorization (OAuth) during installation"  →  ON
 #      GitHub does OAuth at install time, redirecting to the Callback URL with
@@ -435,6 +435,12 @@ TELEGRAM_MINIAPP_ENABLED=false
 # BOSUN_ENFORCE_TASK_LABEL=true
 # Optional issue fetch cap per sync/poll cycle (default: 1000)
 # GITHUB_ISSUES_LIST_LIMIT=1000
+# Task context limits (comments + attachments)
+# BOSUN_TASK_CONTEXT_MAX_COMMENTS=8
+# BOSUN_TASK_CONTEXT_MAX_COMMENT_CHARS=1200
+# BOSUN_TASK_CONTEXT_MAX_ATTACHMENTS=20
+# Max upload size for task/chat attachments (MB)
+# BOSUN_ATTACHMENT_MAX_MB=25
 
 # Jira backend (KANBAN_BACKEND=jira)
 # Jira Cloud site URL (no trailing slash)

package/README.md

@@ -36,6 +36,7 @@ bosun --setup
 ```
 
 Requires:
+
 - Node.js 18+
 - Git
 - Bash (for `.sh` wrappers) or PowerShell 7+ (for `.ps1` wrappers)
@@ -60,6 +61,7 @@ Requires:
 **Source docs (markdown):** `_docs/` is the source of truth for long-form documentation. The website should be generated from the same markdown content so docs stay in sync.
 
 Key references:
+
 - [GitHub adapter enhancements](_docs/KANBAN_GITHUB_ENHANCEMENT.md)
 - [GitHub Projects v2 index](_docs/GITHUB_PROJECTS_V2_INDEX.md)
 - [GitHub Projects v2 quickstart](_docs/GITHUB_PROJECTS_V2_QUICKSTART.md)
@@ -79,6 +81,7 @@ Bosun enforces a strict quality pipeline in both local hooks and CI:
 
 - **Pre-commit hooks** auto-format and lint staged files.
 - **Pre-push hooks** run targeted checks based on changed files (Go, portal, docs).
+- **Demo load smoke test** runs in `npm test` and blocks push if `site/indexv2.html` or `site/ui/demo.html` fails to load required assets.
 - **Prepublish checks** validate package contents and release readiness.
 
 Local commands you can run any time:

package/agent-event-bus.mjs

@@ -785,6 +785,7 @@ export class AgentEventBus {
         branchName:
           result?.branch || task?.branchName || task?.meta?.branch_name,
         description: task?.description || "",
+        taskContext: task?._taskContextBlock || task?.meta?.taskContextBlock || "",
       });
       this.emit(AGENT_EVENT.AUTO_REVIEW, taskId, {
         title: task?.title || "",

package/agent-prompts.mjs

@@ -119,6 +119,12 @@ const PROMPT_DEFS = [
     description:
       "Task management agent prompt with full CRUD access via CLI and REST API.",
   },
+  {
+    key: "frontendAgent",
+    filename: "frontend-agent.md",
+    description:
+      "Front-end specialist agent with screenshot-based validation and visual verification.",
+  },
 ];
 
 export const AGENT_PROMPT_DEFINITIONS = Object.freeze(
@@ -234,6 +240,7 @@ You are the always-on reliability guardian for bosun in devmode.
 
 ## Description
 {{TASK_DESCRIPTION}}
+{{TASK_CONTEXT}}
 
 ## Environment
 - Working Directory: {{WORKTREE_PATH}}
@@ -320,6 +327,7 @@ Please:
 
 Original task description:
 {{TASK_DESCRIPTION}}
+{{TASK_CONTEXT}}
 `,
   taskExecutorContinueHasCommits: `# {{TASK_ID}} — CONTINUE (Verify and Push)
 
@@ -330,6 +338,7 @@ You already made commits.
 2. If passing, push: git push origin HEAD
 3. If failing, fix issues, commit, and push.
 4. Task is not complete until push succeeds.
+{{TASK_CONTEXT}}
 `,
   taskExecutorContinueHasEdits: `# {{TASK_ID}} — CONTINUE (Commit and Push)
 
@@ -340,6 +349,7 @@ You made file edits but no commit yet.
 2. Run relevant tests.
 3. Commit with conventional format.
 4. Push: git push origin HEAD
+{{TASK_CONTEXT}}
 `,
   taskExecutorContinueNoProgress: `# CONTINUE - Resume Implementation
 
@@ -354,6 +364,7 @@ Execute now:
 
 Task: {{TASK_TITLE}}
 Description: {{TASK_DESCRIPTION}}
+{{TASK_CONTEXT}}
 `,
   reviewer: `You are a senior code reviewer for a production software project.
 
@@ -379,6 +390,7 @@ Review the following PR diff for CRITICAL issues ONLY.
 
 ## Task Description
 {{TASK_DESCRIPTION}}
+{{TASK_CONTEXT}}
 
 ## Response Format
 Respond with JSON only:
@@ -604,6 +616,75 @@ Types: feat, fix, docs, refactor, test, chore
 Statuses: draft → todo → inprogress → inreview → done
 
 See .bosun/agents/task-manager.md for full documentation.
+`,
+  frontendAgent: `# Frontend Specialist Agent
+
+You are a **front-end development specialist** agent managed by Bosun.
+
+## Core Responsibilities
+
+1. Implement HTML, CSS, and JavaScript/TypeScript UI changes
+2. Build responsive, accessible UI components
+3. Ensure visual accuracy matching specifications
+4. Validate changes through automated testing AND visual verification
+
+## Special Skills
+
+- CSS Grid/Flexbox layout
+- Component architecture (React, Preact, Vue, Svelte, vanilla)
+- Responsive design (mobile-first)
+- Accessibility (WCAG 2.1 AA)
+- CSS animations and transitions
+- Design system adherence
+
+## CRITICAL: Evidence-Based Validation
+
+After completing implementation, you MUST collect visual evidence:
+
+### Screenshot Protocol
+1. Start the dev server if not already running
+2. Navigate to every page/component you modified
+3. Take screenshots at THREE viewport sizes:
+   - Desktop (1920×1080)
+   - Tablet (768×1024)
+   - Mobile (375×812)
+4. Save ALL screenshots to \`.bosun/evidence/\` directory
+5. Use descriptive filenames: \`<page>-<viewport>-<timestamp>.png\`
+6. Also screenshot any interactive states (modals, dropdowns, hover states)
+
+### Evidence Naming Convention
+\`\`\`
+.bosun/evidence/
+  homepage-desktop-1234567890.png
+  homepage-tablet-1234567890.png
+  homepage-mobile-1234567890.png
+  modal-open-desktop-1234567890.png
+  dark-mode-desktop-1234567890.png
+\`\`\`
+
+## Workflow
+1. Read task requirements and any linked designs/specs
+2. Load relevant skills from \`.bosun/skills/\`
+3. Implement frontend changes
+4. Run build: \`npm run build\` (zero errors AND zero warnings)
+5. Run lint: \`npm run lint\`
+6. Run tests: \`npm test\`
+7. Start dev server and collect screenshots (see protocol above)
+8. Commit with conventional format: \`feat(ui): ...\` or \`fix(ui): ...\`
+9. Push branch
+
+## IMPORTANT: Do NOT mark the task complete
+The Bosun workflow engine handles completion verification.
+An independent model will review your screenshots against the task
+requirements before the task is marked as done.
+
+## Task Context
+- Task: {{TASK_TITLE}}
+- Description: {{TASK_DESCRIPTION}}
+- Branch: {{BRANCH}}
+- Working Directory: {{WORKTREE_PATH}}
+
+{{COAUTHOR_INSTRUCTION}}
 `,
 };
 
@@ -670,19 +751,40 @@ export function getDefaultPromptTemplate(key) {
   return DEFAULT_PROMPTS[key] || "";
 }
 
-export function renderPromptTemplate(template, values = {}) {
+export function renderPromptTemplate(template, values = {}, rootDir) {
   if (typeof template !== "string") return "";
   const normalized = {};
   for (const [k, v] of Object.entries(values || {})) {
     normalized[String(k).trim().toUpperCase()] = normalizeTemplateValue(v);
   }
 
-  return template.replace(/\{\{\s*([A-Za-z0-9_]+)\s*\}\}/g, (full, key) => {
+  // Resolve namespaced library refs: {{prompt:name}}, {{agent:name}}, {{skill:name}}
+  let result = template;
+  if (rootDir && _libraryResolver) {
+    try {
+      result = _libraryResolver(result, rootDir, {});
+    } catch {
+      // library resolver failed — skip namespaced refs
+    }
+  }
+
+  return result.replace(/\{\{\s*([A-Za-z0-9_]+)\s*\}\}/g, (full, key) => {
     const hit = normalized[String(key).toUpperCase()];
     return hit == null ? "" : hit;
   });
 }
 
+/**
+ * Register the library reference resolver. Called by library-manager or at
+ * startup to enable {{prompt:name}}, {{agent:name}}, {{skill:name}} syntax.
+ *
+ * @param {(template: string, rootDir: string, vars: Object) => string} resolver
+ */
+let _libraryResolver = null;
+export function setLibraryResolver(resolver) {
+  _libraryResolver = typeof resolver === "function" ? resolver : null;
+}
+
 export function resolvePromptTemplate(template, values, fallback) {
   const base = typeof fallback === "string" ? fallback : "";
   if (typeof template !== "string" || !template.trim()) return base;

package/anomaly-detector.mjs

@@ -1211,3 +1211,57 @@ export function createAnomalyDetector(options = {}) {
  */
 
 export default AnomalyDetector;
+
+// ── Workflow Engine Integration ─────────────────────────────────────────────
+
+/**
+ * Registered workflow engine reference for anomaly → workflow triggers.
+ * @type {import("./workflow-engine.mjs").WorkflowEngine | null}
+ */
+let _workflowEngine = null;
+
+/**
+ * Register a workflow engine to receive anomaly trigger events.
+ * When set, every anomaly emitted will also call engine.evaluateTriggers("anomaly", anomalyData).
+ *
+ * @param {import("./workflow-engine.mjs").WorkflowEngine} engine
+ */
+export function setWorkflowEngine(engine) {
+  _workflowEngine = engine;
+}
+
+/** Get the currently registered workflow engine (or null) */
+export function getWorkflowEngine() {
+  return _workflowEngine;
+}
+
+/**
+ * Create an onAnomaly callback that also fires workflow triggers.
+ * Wraps the user's original callback and additionally invokes
+ * evaluateTriggers on the registered workflow engine.
+ *
+ * @param {(anomaly: Anomaly) => void} [originalCallback]
+ * @returns {(anomaly: Anomaly) => void}
+ */
+export function wrapAnomalyCallback(originalCallback) {
+  return (anomaly) => {
+    // Always call the original callback
+    if (originalCallback) originalCallback(anomaly);
+
+    // Fire workflow triggers if engine is registered
+    if (_workflowEngine?.evaluateTriggers) {
+      try {
+        _workflowEngine.evaluateTriggers("anomaly", {
+          anomalyType: anomaly.type,
+          severity: anomaly.severity,
+          agentId: anomaly.processId || anomaly.shortId,
+          message: anomaly.message,
+          action: anomaly.action,
+          taskTitle: anomaly.taskTitle,
+          data: anomaly.data,
+          timestamp: Date.now(),
+        });
+      } catch { /* workflow trigger errors should not break anomaly detection */ }
+    }
+  };
+}

package/codex-config.mjs

@@ -1618,6 +1618,110 @@ export function printConfigSummary(result, log = console.log) {
   log(`     Config: ${result.path}`);
 }
 
+// ── Trusted Projects ─────────────────────────────────────────────────────────
+
+/**
+ * Escape a string for use inside a double-quoted TOML basic string.
+ * Handles backslashes (Windows paths) and double-quote characters.
+ */
+function tomlEscapeStr(s) {
+  return String(s).replace(/\\/g, "\\\\").replace(/"/g, '\\"');
+}
+
+/**
+ * Format an array of strings as a TOML array literal, correctly escaping
+ * backslashes so Windows paths are stored faithfully.
+ *
+ * Example output:  ["C:\\Users\\jon\\bosun", "/home/jon/bosun"]
+ */
+function formatTomlArrayEscaped(values) {
+  return `[${values.map((v) => `"${tomlEscapeStr(v)}"`).join(", ")}]`;
+}
+
+/**
+ * Parse a TOML basic-string array literal, unescaping backslash sequences.
+ */
+function parseTomlArrayLiteralEscaped(raw) {
+  if (!raw) return [];
+  const inner = raw.trim().replace(/^\[/, "").replace(/\]$/, "");
+  if (!inner.trim()) return [];
+  // Split on commas that are NOT inside quotes
+  const items = [];
+  let buf = "";
+  let inStr = false;
+  for (let i = 0; i < inner.length; i++) {
+    const ch = inner[i];
+    if (ch === "\\" && inStr) { buf += ch + (inner[++i] || ""); continue; }
+    if (ch === '"') { inStr = !inStr; buf += ch; continue; }
+    if (ch === "," && !inStr) { items.push(buf.trim()); buf = ""; continue; }
+    buf += ch;
+  }
+  if (buf.trim()) items.push(buf.trim());
+  return items
+    .map((item) => item.replace(/^"(.*)"$/s, "$1"))              // strip outer quotes
+    .map((item) => item.replace(/\\(["\\])/g, "$1"))             // unescape \" and \\
+    .filter(Boolean);
+}
+
+/**
+ * Ensure the given directory paths are listed in the `trusted_projects`
+ * top-level key in ~/.codex/config.toml.
+ *
+ * Codex refuses to load a per-project .codex/config.toml unless the project
+ * directory appears in this list — producing warnings like:
+ *   "⚠ Project config.toml files are disabled … add <dir> as a trusted project"
+ *
+ * Paths are stored as-is (forward or back slashes preserved) with proper TOML
+ * escaping so Windows paths survive round-trips through the file.
+ *
+ * @param {string[]} paths   Absolute directories to trust (e.g. [bosunHome])
+ * @param {{ dryRun?: boolean }} [opts]
+ * @returns {{ added: string[], already: string[], path: string }}
+ */
+export function ensureTrustedProjects(paths, { dryRun = false } = {}) {
+  const result = { added: [], already: [], path: CONFIG_PATH };
+  const desired = (paths || []).map((p) => resolve(p)).filter(Boolean);
+  if (desired.length === 0) return result;
+
+  let toml = readCodexConfig() || "";
+
+  // Parse existing trusted_projects (multi-line arrays may span lines)
+  const existingMatch = toml.match(/^trusted_projects\s*=\s*(\[[^\]]*\])/m);
+  const existing = existingMatch ? parseTomlArrayLiteralEscaped(existingMatch[1]) : [];
+
+  let changed = false;
+  for (const p of desired) {
+    if (existing.includes(p)) {
+      result.already.push(p);
+    } else {
+      existing.push(p);
+      result.added.push(p);
+      changed = true;
+    }
+  }
+
+  if (!changed) return result;
+  if (dryRun) return result;
+
+  const newLine = `trusted_projects = ${formatTomlArrayEscaped(existing)}`;
+
+  if (existingMatch) {
+    toml = toml.replace(/^trusted_projects\s*=\s*\[[^\]]*\]/m, newLine);
+  } else {
+    // Insert before the first section header (or at top if no sections)
+    const firstSection = toml.search(/^\[/m);
+    if (firstSection === -1) {
+      toml = `${newLine}\n${toml}`;
+    } else {
+      toml = `${toml.slice(0, firstSection)}${newLine}\n\n${toml.slice(firstSection)}`;
+    }
+  }
+
+  mkdirSync(CODEX_DIR, { recursive: true });
+  writeFileSync(CONFIG_PATH, toml, "utf8");
+  return result;
+}
+
 // ── Internal Helpers ─────────────────────────────────────────────────────────
 
 function escapeRegex(str) {

package/github-app-auth.mjs

@@ -2,7 +2,7 @@
 /**
  * github-app-auth.mjs — GitHub App JWT + Installation Token helpers
  *
- * Provides credential helpers for the Bosun[botswain] GitHub App:
+ * Provides credential helpers for the Bosun[VE] GitHub App:
  *   - signAppJWT()                        — RS256 JWT proving Bosun IS the app
  *   - getInstallationToken(installationId) — short-lived install access token
  *   - getInstallationTokenForRepo(owner,repo) — auto-resolves install from repo
@@ -90,7 +90,7 @@ export async function getInstallationToken(installationId) {
         Authorization: `Bearer ${jwt}`,
         Accept: "application/vnd.github+json",
         "X-GitHub-Api-Version": "2022-11-28",
-        "User-Agent": "bosun-botswain",
+        "User-Agent": "bosun-ve",
       },
     },
   );
@@ -123,7 +123,7 @@ export async function getInstallationTokenForRepo(owner, repo) {
         Authorization: `Bearer ${jwt}`,
         Accept: "application/vnd.github+json",
         "X-GitHub-Api-Version": "2022-11-28",
-        "User-Agent": "bosun-botswain",
+        "User-Agent": "bosun-ve",
       },
     },
   );
@@ -163,7 +163,7 @@ export async function startDeviceFlow(scope = "repo") {
     headers: {
       Accept: "application/json",
       "Content-Type": "application/x-www-form-urlencoded",
-      "User-Agent": "bosun-botswain",
+      "User-Agent": "bosun-ve",
     },
     body: body.toString(),
   });
@@ -217,7 +217,7 @@ export async function pollDeviceToken(deviceCode) {
     headers: {
       Accept: "application/json",
       "Content-Type": "application/x-www-form-urlencoded",
-      "User-Agent": "bosun-botswain",
+      "User-Agent": "bosun-ve",
     },
     body: body.toString(),
   });
@@ -281,7 +281,7 @@ export async function exchangeOAuthCode(code) {
     headers: {
       Accept: "application/json",
       "Content-Type": "application/x-www-form-urlencoded",
-      "User-Agent": "bosun-botswain",
+      "User-Agent": "bosun-ve",
     },
     body: body.toString(),
   });
@@ -318,7 +318,7 @@ export async function getOAuthUser(accessToken) {
       Authorization: `Bearer ${accessToken}`,
       Accept: "application/vnd.github+json",
       "X-GitHub-Api-Version": "2022-11-28",
-      "User-Agent": "bosun-botswain",
+      "User-Agent": "bosun-ve",
     },
   });
   if (!res.ok) {

package/github-auth-manager.mjs

@@ -82,7 +82,7 @@ async function verifyToken(token) {
         Authorization: `Bearer ${token}`,
         Accept: "application/vnd.github+json",
         "X-GitHub-Api-Version": "2022-11-28",
-        "User-Agent": "bosun-botswain",
+        "User-Agent": "bosun-ve",
       },
     });
     if (!res.ok) return null;
@@ -162,7 +162,7 @@ export async function getAuthHeaders(options = {}) {
     Authorization: `Bearer ${token}`,
     Accept: "application/vnd.github+json",
     "X-GitHub-Api-Version": "2022-11-28",
-    "User-Agent": "bosun-botswain",
+    "User-Agent": "bosun-ve",
   };
 }
 

package/github-oauth-portal.mjs

@@ -1,5 +1,5 @@
 /**
- * github-oauth-portal.mjs — Self-contained OAuth setup portal for Bosun[botswain]
+ * github-oauth-portal.mjs — Self-contained OAuth setup portal for Bosun[VE]
  *
  * Serves a local HTTP portal on port 54317 (bound to 127.0.0.1) that guides
  * users through GitHub App installation and OAuth authorisation.
@@ -13,7 +13,7 @@
  *   GET  /api/status          — JSON status endpoint
  *   GET  /api/installations   — list App installations (requires App JWT)
  *
- * GitHub App settings (https://github.com/settings/apps/bosun-botswain):
+ * GitHub App settings (https://github.com/settings/apps/bosun-ve):
  *   Callback URL:  http://127.0.0.1:54317/github/callback  ← ONLY URL needed
  *
  * Notes:
@@ -54,7 +54,7 @@ import {
 
 const DEFAULT_PORT = 54317;
 const DEFAULT_HOST = "127.0.0.1";
-const GITHUB_APP_NAME = "bosun-botswain";
+const GITHUB_APP_NAME = "bosun-ve";
 const GITHUB_APP_URL = `https://github.com/apps/${GITHUB_APP_NAME}`;
 const GITHUB_APP_INSTALL_URL = `${GITHUB_APP_URL}/installations/new`;
 const STATE_FILE = join(homedir(), ".bosun", "github-auth-state.json");
@@ -271,7 +271,7 @@ function htmlPage(title, bodyHtml) {
 <body>
   <div class="logo">⚓</div>
   <h1>Bosun</h1>
-  <div class="subtitle">GitHub App OAuth Setup Portal · <code>bosun-botswain</code></div>
+  <div class="subtitle">GitHub App OAuth Setup Portal · <code>bosun-ve</code></div>
   ${bodyHtml}
   <script>
     function copyToClipboard(text, btn) {
@@ -569,7 +569,7 @@ async function handleSetup(req, res) {
             Authorization: `Bearer ${jwt}`,
             Accept: "application/vnd.github+json",
             "X-GitHub-Api-Version": "2022-11-28",
-            "User-Agent": "bosun-botswain",
+            "User-Agent": "bosun-ve",
           },
         },
       );
@@ -703,7 +703,7 @@ function handleWebhookEvent(eventType, payload) {
 }
 
 const CMD_RE = /\/bosun[ \t]+(\w+)(?:[ \t]+(\S+))?/g;
-const MENTION_RE = /@bosun-botswain/i;
+const MENTION_RE = /@bosun-ve/i;
 
 function processBosunCommand(body, payload) {
   if (MENTION_RE.test(body)) {
@@ -766,7 +766,7 @@ async function handleApiInstallations(req, res) {
         Authorization: `Bearer ${jwt}`,
         Accept: "application/vnd.github+json",
         "X-GitHub-Api-Version": "2022-11-28",
-        "User-Agent": "bosun-botswain",
+        "User-Agent": "bosun-ve",
       },
     });