lobstakit-cloud 1.0.16 → 1.1.0

package/.github/workflows/claude-review.yml

@@ -0,0 +1,57 @@
+name: Claude Code Review
+on:
+  pull_request:
+    types: [opened, synchronize, reopened]
+
+jobs:
+  review:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pull-requests: write
+      id-token: write
+    steps:
+      - uses: actions/checkout@v6
+        with:
+          fetch-depth: 0
+
+      - uses: anthropics/claude-code-action@v1
+        with:
+          claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
+          track_progress: true
+          prompt: |
+            REPO: ${{ github.repository }}
+            PR NUMBER: ${{ github.event.pull_request.number }}
+
+            You are a senior code reviewer for LobstaCloud (RedLobsta Cloud hosting platform).
+            Review this pull request thoroughly. Focus on:
+
+            **Security (HIGH PRIORITY — we run a hosting platform):**
+            - Auth/token handling (Bearer tokens, encryption, timing-safe comparison)
+            - Input validation and sanitization
+            - CORS, CSP, and header security
+            - Cloud-init / server provisioning safety
+            - No secrets in code, logs, or error messages
+
+            **Code Quality:**
+            - Logic errors and edge cases
+            - Error handling (fail gracefully, not silently)
+            - TypeScript type safety
+            - DRY violations and dead code
+
+            **Performance:**
+            - N+1 queries, unnecessary API calls
+            - Memory leaks, unbounded loops
+
+            **Architecture:**
+            - Separation of concerns
+            - API contract consistency
+
+            Be direct and specific. Skip praising obvious things.
+            Flag blockers as 🚨, suggestions as 💡, nits as 📝.
+
+            Use inline comments for specific code issues.
+            Use a single summary PR comment for overall assessment.
+
+          claude_args: |
+            --allowedTools "mcp__github_inline_comment__create_inline_comment,Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*),Bash(cat:*),Bash(find:*),Bash(grep:*)"

package/lib/mc-db.js

@@ -0,0 +1,437 @@
+/**
+ * Mission Control — SQLite Database Module
+ * 
+ * Separate database for multi-agent coordination.
+ * Uses better-sqlite3 for synchronous, fast access.
+ * Auto-creates tables on first access.
+ */
+
+const Database = require('better-sqlite3');
+const path = require('path');
+const os = require('os');
+
+const DB_PATH = path.join(os.homedir(), '.lobstakit', 'mission-control.db');
+
+let db = null;
+
+function getDb() {
+  if (db) return db;
+
+  // Ensure directory exists
+  const fs = require('fs');
+  const dir = path.dirname(DB_PATH);
+  if (!fs.existsSync(dir)) fs.mkdirSync(dir, { recursive: true });
+
+  db = new Database(DB_PATH);
+  db.pragma('journal_mode = WAL');
+  db.pragma('foreign_keys = ON');
+
+  initSchema();
+  return db;
+}
+
+function initSchema() {
+  db.exec(`
+    CREATE TABLE IF NOT EXISTS agents (
+      id INTEGER PRIMARY KEY AUTOINCREMENT,
+      name TEXT NOT NULL,
+      role TEXT,
+      level TEXT DEFAULT 'SPC',
+      status TEXT DEFAULT 'idle',
+      session_key TEXT,
+      soul_summary TEXT,
+      avatar_emoji TEXT,
+      created_at TEXT DEFAULT (strftime('%Y-%m-%dT%H:%M:%SZ', 'now')),
+      updated_at TEXT DEFAULT (strftime('%Y-%m-%dT%H:%M:%SZ', 'now'))
+    );
+
+    CREATE TABLE IF NOT EXISTS tasks (
+      id INTEGER PRIMARY KEY AUTOINCREMENT,
+      title TEXT NOT NULL,
+      description TEXT,
+      status TEXT DEFAULT 'inbox' CHECK(status IN ('inbox','assigned','in_progress','review','done','blocked')),
+      priority INTEGER DEFAULT 0,
+      tags TEXT,
+      created_by INTEGER REFERENCES agents(id) ON DELETE SET NULL,
+      created_at TEXT DEFAULT (strftime('%Y-%m-%dT%H:%M:%SZ', 'now')),
+      updated_at TEXT DEFAULT (strftime('%Y-%m-%dT%H:%M:%SZ', 'now'))
+    );
+
+    CREATE TABLE IF NOT EXISTS task_assignees (
+      task_id INTEGER REFERENCES tasks(id) ON DELETE CASCADE,
+      agent_id INTEGER REFERENCES agents(id) ON DELETE CASCADE,
+      PRIMARY KEY(task_id, agent_id)
+    );
+
+    CREATE TABLE IF NOT EXISTS messages (
+      id INTEGER PRIMARY KEY AUTOINCREMENT,
+      task_id INTEGER REFERENCES tasks(id) ON DELETE CASCADE,
+      from_agent_id INTEGER REFERENCES agents(id) ON DELETE SET NULL,
+      content TEXT NOT NULL,
+      created_at TEXT DEFAULT (strftime('%Y-%m-%dT%H:%M:%SZ', 'now'))
+    );
+
+    CREATE TABLE IF NOT EXISTS activities (
+      id INTEGER PRIMARY KEY AUTOINCREMENT,
+      type TEXT NOT NULL,
+      agent_id INTEGER REFERENCES agents(id) ON DELETE SET NULL,
+      task_id INTEGER REFERENCES tasks(id) ON DELETE SET NULL,
+      message TEXT NOT NULL,
+      created_at TEXT DEFAULT (strftime('%Y-%m-%dT%H:%M:%SZ', 'now'))
+    );
+
+    CREATE TABLE IF NOT EXISTS notifications (
+      id INTEGER PRIMARY KEY AUTOINCREMENT,
+      mentioned_agent_id INTEGER REFERENCES agents(id) ON DELETE CASCADE,
+      from_agent_id INTEGER REFERENCES agents(id) ON DELETE SET NULL,
+      task_id INTEGER REFERENCES tasks(id) ON DELETE SET NULL,
+      content TEXT,
+      delivered INTEGER DEFAULT 0,
+      created_at TEXT DEFAULT (strftime('%Y-%m-%dT%H:%M:%SZ', 'now'))
+    );
+
+    CREATE INDEX IF NOT EXISTS idx_tasks_status ON tasks(status);
+    CREATE INDEX IF NOT EXISTS idx_activities_created ON activities(created_at DESC);
+    CREATE INDEX IF NOT EXISTS idx_notifications_agent ON notifications(mentioned_agent_id, delivered);
+    CREATE INDEX IF NOT EXISTS idx_messages_task ON messages(task_id);
+  `);
+}
+
+// ─── Helper: parse tags on read ──────────────────────────────────────────────
+
+function parseTags(row) {
+  if (!row) return row;
+  if (row.tags) {
+    try { row.tags = JSON.parse(row.tags); } catch { row.tags = []; }
+  }
+  return row;
+}
+
+function parseTagsArray(rows) {
+  return rows.map(parseTags);
+}
+
+// ─── Agents CRUD ─────────────────────────────────────────────────────────────
+
+function listAgents() {
+  return getDb().prepare('SELECT * FROM agents ORDER BY id').all();
+}
+
+function getAgent(id) {
+  return getDb().prepare('SELECT * FROM agents WHERE id = ?').get(id);
+}
+
+function createAgent({ name, role, level, session_key, soul_summary, avatar_emoji }) {
+  const result = getDb().prepare(
+    `INSERT INTO agents (name, role, level, session_key, soul_summary, avatar_emoji) 
+     VALUES (?, ?, ?, ?, ?, ?)`
+  ).run(name, role || null, level || 'SPC', session_key || null, soul_summary || null, avatar_emoji || null);
+  return getAgent(result.lastInsertRowid);
+}
+
+function updateAgent(id, fields) {
+  const allowed = ['name', 'role', 'level', 'status', 'session_key', 'soul_summary', 'avatar_emoji'];
+  const updates = [];
+  const values = [];
+  for (const key of allowed) {
+    if (fields[key] !== undefined) {
+      updates.push(`${key} = ?`);
+      values.push(fields[key]);
+    }
+  }
+  if (updates.length === 0) return getAgent(id);
+  updates.push(`updated_at = strftime('%Y-%m-%dT%H:%M:%SZ', 'now')`);
+  values.push(id);
+  getDb().prepare(`UPDATE agents SET ${updates.join(', ')} WHERE id = ?`).run(...values);
+  return getAgent(id);
+}
+
+function deleteAgent(id) {
+  return getDb().prepare('DELETE FROM agents WHERE id = ?').run(id);
+}
+
+// ─── Tasks CRUD ──────────────────────────────────────────────────────────────
+
+function listTasks(statusFilter) {
+  const d = getDb();
+  let rows;
+  if (statusFilter) {
+    rows = d.prepare('SELECT * FROM tasks WHERE status = ? ORDER BY priority DESC, id DESC').all(statusFilter);
+  } else {
+    rows = d.prepare('SELECT * FROM tasks ORDER BY priority DESC, id DESC').all();
+  }
+  // Attach assignees
+  const assigneeStmt = d.prepare(
+    `SELECT a.* FROM agents a 
+     JOIN task_assignees ta ON ta.agent_id = a.id 
+     WHERE ta.task_id = ?`
+  );
+  for (const row of rows) {
+    parseTags(row);
+    row.assignees = assigneeStmt.all(row.id);
+  }
+  return rows;
+}
+
+function getTask(id) {
+  const d = getDb();
+  const row = d.prepare('SELECT * FROM tasks WHERE id = ?').get(id);
+  if (!row) return null;
+  parseTags(row);
+  row.assignees = d.prepare(
+    `SELECT a.* FROM agents a 
+     JOIN task_assignees ta ON ta.agent_id = a.id 
+     WHERE ta.task_id = ?`
+  ).all(id);
+  return row;
+}
+
+function createTask({ title, description, status, priority, tags, created_by, assignee_ids }) {
+  const d = getDb();
+  const tagsJson = tags ? JSON.stringify(tags) : null;
+  const result = d.prepare(
+    `INSERT INTO tasks (title, description, status, priority, tags, created_by) 
+     VALUES (?, ?, ?, ?, ?, ?)`
+  ).run(title, description || null, status || 'inbox', priority || 0, tagsJson, created_by || null);
+
+  const taskId = result.lastInsertRowid;
+
+  // Assign agents
+  if (assignee_ids && assignee_ids.length > 0) {
+    const assignStmt = d.prepare('INSERT OR IGNORE INTO task_assignees (task_id, agent_id) VALUES (?, ?)');
+    for (const agentId of assignee_ids) {
+      assignStmt.run(taskId, agentId);
+    }
+  }
+
+  return getTask(taskId);
+}
+
+function updateTask(id, fields) {
+  const d = getDb();
+  const allowed = ['title', 'description', 'status', 'priority', 'tags'];
+  const updates = [];
+  const values = [];
+  for (const key of allowed) {
+    if (fields[key] !== undefined) {
+      if (key === 'tags') {
+        updates.push(`${key} = ?`);
+        values.push(JSON.stringify(fields[key]));
+      } else {
+        updates.push(`${key} = ?`);
+        values.push(fields[key]);
+      }
+    }
+  }
+  if (updates.length > 0) {
+    updates.push(`updated_at = strftime('%Y-%m-%dT%H:%M:%SZ', 'now')`);
+    values.push(id);
+    d.prepare(`UPDATE tasks SET ${updates.join(', ')} WHERE id = ?`).run(...values);
+  }
+
+  // Update assignees if provided
+  if (fields.assignee_ids !== undefined) {
+    d.prepare('DELETE FROM task_assignees WHERE task_id = ?').run(id);
+    if (fields.assignee_ids && fields.assignee_ids.length > 0) {
+      const assignStmt = d.prepare('INSERT OR IGNORE INTO task_assignees (task_id, agent_id) VALUES (?, ?)');
+      for (const agentId of fields.assignee_ids) {
+        assignStmt.run(id, agentId);
+      }
+    }
+  }
+
+  return getTask(id);
+}
+
+function deleteTask(id) {
+  return getDb().prepare('DELETE FROM tasks WHERE id = ?').run(id);
+}
+
+// ─── Messages ────────────────────────────────────────────────────────────────
+
+function getMessages(taskId) {
+  return getDb().prepare(
+    `SELECT m.*, a.name as from_agent_name, a.avatar_emoji as from_agent_emoji
+     FROM messages m
+     LEFT JOIN agents a ON a.id = m.from_agent_id
+     WHERE m.task_id = ?
+     ORDER BY m.created_at ASC`
+  ).all(taskId);
+}
+
+function createMessage({ task_id, from_agent_id, content }) {
+  const result = getDb().prepare(
+    'INSERT INTO messages (task_id, from_agent_id, content) VALUES (?, ?, ?)'
+  ).run(task_id, from_agent_id || null, content);
+  return getDb().prepare(
+    `SELECT m.*, a.name as from_agent_name, a.avatar_emoji as from_agent_emoji
+     FROM messages m
+     LEFT JOIN agents a ON a.id = m.from_agent_id
+     WHERE m.id = ?`
+  ).get(result.lastInsertRowid);
+}
+
+// ─── Activities ──────────────────────────────────────────────────────────────
+
+function getActivities(limit = 50) {
+  return getDb().prepare(
+    `SELECT act.*, a.name as agent_name, a.avatar_emoji as agent_emoji, t.title as task_title
+     FROM activities act
+     LEFT JOIN agents a ON a.id = act.agent_id
+     LEFT JOIN tasks t ON t.id = act.task_id
+     ORDER BY act.created_at DESC
+     LIMIT ?`
+  ).all(limit);
+}
+
+function logActivity({ type, agent_id, task_id, message }) {
+  const result = getDb().prepare(
+    'INSERT INTO activities (type, agent_id, task_id, message) VALUES (?, ?, ?, ?)'
+  ).run(type, agent_id || null, task_id || null, message);
+  return result.lastInsertRowid;
+}
+
+// ─── Notifications ───────────────────────────────────────────────────────────
+
+function getUnreadNotifications(agentId) {
+  return getDb().prepare(
+    `SELECT n.*, a.name as from_agent_name, a.avatar_emoji as from_agent_emoji, t.title as task_title
+     FROM notifications n
+     LEFT JOIN agents a ON a.id = n.from_agent_id
+     LEFT JOIN tasks t ON t.id = n.task_id
+     WHERE n.mentioned_agent_id = ? AND n.delivered = 0
+     ORDER BY n.created_at DESC`
+  ).all(agentId);
+}
+
+function markNotificationRead(id) {
+  return getDb().prepare('UPDATE notifications SET delivered = 1 WHERE id = ?').run(id);
+}
+
+function createNotification({ mentioned_agent_id, from_agent_id, task_id, content }) {
+  const result = getDb().prepare(
+    'INSERT INTO notifications (mentioned_agent_id, from_agent_id, task_id, content) VALUES (?, ?, ?, ?)'
+  ).run(mentioned_agent_id, from_agent_id || null, task_id || null, content);
+  return result.lastInsertRowid;
+}
+
+// ─── Standup ─────────────────────────────────────────────────────────────────
+
+function getStandupData() {
+  const d = getDb();
+  const today = new Date().toISOString().split('T')[0]; // YYYY-MM-DD
+
+  const completedToday = d.prepare(
+    `SELECT t.*, GROUP_CONCAT(a.name) as assignee_names
+     FROM tasks t
+     LEFT JOIN task_assignees ta ON ta.task_id = t.id
+     LEFT JOIN agents a ON a.id = ta.agent_id
+     WHERE t.status = 'done' AND t.updated_at >= ?
+     GROUP BY t.id
+     ORDER BY t.updated_at DESC`
+  ).all(today + 'T00:00:00Z');
+
+  const inProgress = d.prepare(
+    `SELECT t.*, GROUP_CONCAT(a.name) as assignee_names
+     FROM tasks t
+     LEFT JOIN task_assignees ta ON ta.task_id = t.id
+     LEFT JOIN agents a ON a.id = ta.agent_id
+     WHERE t.status = 'in_progress'
+     GROUP BY t.id
+     ORDER BY t.priority DESC`
+  ).all();
+
+  const blocked = d.prepare(
+    `SELECT t.*, GROUP_CONCAT(a.name) as assignee_names
+     FROM tasks t
+     LEFT JOIN task_assignees ta ON ta.task_id = t.id
+     LEFT JOIN agents a ON a.id = ta.agent_id
+     WHERE t.status = 'blocked'
+     GROUP BY t.id
+     ORDER BY t.priority DESC`
+  ).all();
+
+  // Recent activity from today
+  const recentActivity = d.prepare(
+    `SELECT act.*, a.name as agent_name, a.avatar_emoji as agent_emoji, t.title as task_title
+     FROM activities act
+     LEFT JOIN agents a ON a.id = act.agent_id
+     LEFT JOIN tasks t ON t.id = act.task_id
+     WHERE act.created_at >= ?
+     ORDER BY act.created_at DESC
+     LIMIT 15`
+  ).all(today + 'T00:00:00Z');
+
+  const agentCount = d.prepare('SELECT COUNT(*) as count FROM agents').get().count;
+  const activeAgents = d.prepare("SELECT COUNT(*) as count FROM agents WHERE status != 'offline'").get().count;
+
+  return {
+    date: today,
+    summary: {
+      completed: completedToday.length,
+      inProgress: inProgress.length,
+      blocked: blocked.length,
+      agents: { total: agentCount, active: activeAgents }
+    },
+    completedToday: parseTagsArray(completedToday),
+    inProgress: parseTagsArray(inProgress),
+    blocked: parseTagsArray(blocked),
+    recentActivity
+  };
+}
+
+// ─── Seed ────────────────────────────────────────────────────────────────────
+
+function seedData() {
+  const d = getDb();
+  const count = d.prepare('SELECT COUNT(*) as count FROM agents').get().count;
+  if (count > 0) return { seeded: false, message: 'Agents already exist, skipping seed' };
+
+  const coordinator = createAgent({
+    name: 'Coordinator',
+    role: 'orchestrator',
+    level: 'LEAD',
+    avatar_emoji: '🦞',
+    soul_summary: 'The central coordinator for Mission Control. Manages task assignment and agent communication.'
+  });
+
+  logActivity({
+    type: 'system',
+    agent_id: coordinator.id,
+    message: 'Mission Control initialized. Coordinator agent created.'
+  });
+
+  return { seeded: true, agent: coordinator };
+}
+
+// ─── Exports ─────────────────────────────────────────────────────────────────
+
+module.exports = {
+  getDb,
+  // Agents
+  listAgents,
+  getAgent,
+  createAgent,
+  updateAgent,
+  deleteAgent,
+  // Tasks
+  listTasks,
+  getTask,
+  createTask,
+  updateTask,
+  deleteTask,
+  // Messages
+  getMessages,
+  createMessage,
+  // Activities
+  getActivities,
+  logActivity,
+  // Notifications
+  getUnreadNotifications,
+  markNotificationRead,
+  createNotification,
+  // Standup
+  getStandupData,
+  // Seed
+  seedData
+};