oh-my-super-agent 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.agents/agents/advisor.md +15 -0
- package/.agents/agents/conductor.md +32 -0
- package/.agents/agents/dreamer.md +13 -0
- package/.agents/agents/executor.md +17 -0
- package/.agents/agents/grader.md +15 -0
- package/.agents/config/endurance-policy.json +8 -0
- package/.agents/config/oms-config.json +119 -0
- package/.agents/config/release-policy.json +12 -0
- package/.agents/config/secret-scan-policy.json +7 -0
- package/.agents/config/verification-plan.json +33 -0
- package/.agents/registry.json +11 -0
- package/.agents/rules/constitution.md +7 -0
- package/.agents/skills/conductor/SKILL.md +23 -0
- package/.agents/skills/dream/SKILL.md +14 -0
- package/.agents/skills/executor/SKILL.md +13 -0
- package/.agents/skills/oms/SKILL.md +52 -0
- package/.agents/skills/quota-aware/SKILL.md +12 -0
- package/.agents/skills/schedule/SKILL.md +13 -0
- package/.agents/skills/team-protocol/SKILL.md +20 -0
- package/LICENSE +21 -0
- package/README.md +146 -0
- package/dist/src/audit/run-ledger.d.ts +183 -0
- package/dist/src/audit/run-ledger.js +1655 -0
- package/dist/src/audit/run-ledger.js.map +1 -0
- package/dist/src/cli.d.ts +61 -0
- package/dist/src/cli.js +2096 -0
- package/dist/src/cli.js.map +1 -0
- package/dist/src/commands/github-queue-probe.d.ts +26 -0
- package/dist/src/commands/github-queue-probe.js +51 -0
- package/dist/src/commands/github-queue-probe.js.map +1 -0
- package/dist/src/commands/trace-fixture.d.ts +20 -0
- package/dist/src/commands/trace-fixture.js +72 -0
- package/dist/src/commands/trace-fixture.js.map +1 -0
- package/dist/src/conductor/activity.d.ts +46 -0
- package/dist/src/conductor/activity.js +224 -0
- package/dist/src/conductor/activity.js.map +1 -0
- package/dist/src/conductor/bridge.d.ts +53 -0
- package/dist/src/conductor/bridge.js +652 -0
- package/dist/src/conductor/bridge.js.map +1 -0
- package/dist/src/conductor/notifications.d.ts +59 -0
- package/dist/src/conductor/notifications.js +381 -0
- package/dist/src/conductor/notifications.js.map +1 -0
- package/dist/src/conductor/recovery.d.ts +29 -0
- package/dist/src/conductor/recovery.js +198 -0
- package/dist/src/conductor/recovery.js.map +1 -0
- package/dist/src/conductor/start.d.ts +73 -0
- package/dist/src/conductor/start.js +519 -0
- package/dist/src/conductor/start.js.map +1 -0
- package/dist/src/conductor/waiter.d.ts +88 -0
- package/dist/src/conductor/waiter.js +427 -0
- package/dist/src/conductor/waiter.js.map +1 -0
- package/dist/src/config.d.ts +9 -0
- package/dist/src/config.js +40 -0
- package/dist/src/config.js.map +1 -0
- package/dist/src/dispatch/advice-source.d.ts +61 -0
- package/dist/src/dispatch/advice-source.js +198 -0
- package/dist/src/dispatch/advice-source.js.map +1 -0
- package/dist/src/dispatch/advice-store.d.ts +41 -0
- package/dist/src/dispatch/advice-store.js +201 -0
- package/dist/src/dispatch/advice-store.js.map +1 -0
- package/dist/src/dispatch/advice.d.ts +34 -0
- package/dist/src/dispatch/advice.js +371 -0
- package/dist/src/dispatch/advice.js.map +1 -0
- package/dist/src/dispatch/authority.d.ts +124 -0
- package/dist/src/dispatch/authority.js +1202 -0
- package/dist/src/dispatch/authority.js.map +1 -0
- package/dist/src/dispatch/intent.d.ts +66 -0
- package/dist/src/dispatch/intent.js +71 -0
- package/dist/src/dispatch/intent.js.map +1 -0
- package/dist/src/dispatch/runtime-authority.d.ts +42 -0
- package/dist/src/dispatch/runtime-authority.js +52 -0
- package/dist/src/dispatch/runtime-authority.js.map +1 -0
- package/dist/src/doctor.d.ts +20 -0
- package/dist/src/doctor.js +85 -0
- package/dist/src/doctor.js.map +1 -0
- package/dist/src/domain/records.d.ts +44 -0
- package/dist/src/domain/records.js +138 -0
- package/dist/src/domain/records.js.map +1 -0
- package/dist/src/domain/role-policy.d.ts +67 -0
- package/dist/src/domain/role-policy.js +547 -0
- package/dist/src/domain/role-policy.js.map +1 -0
- package/dist/src/events/bus.d.ts +32 -0
- package/dist/src/events/bus.js +115 -0
- package/dist/src/events/bus.js.map +1 -0
- package/dist/src/events/kinds.d.ts +126 -0
- package/dist/src/events/kinds.js +14 -0
- package/dist/src/events/kinds.js.map +1 -0
- package/dist/src/evidence/immutable-file.d.ts +12 -0
- package/dist/src/evidence/immutable-file.js +141 -0
- package/dist/src/evidence/immutable-file.js.map +1 -0
- package/dist/src/evidence/store.d.ts +125 -0
- package/dist/src/evidence/store.js +1189 -0
- package/dist/src/evidence/store.js.map +1 -0
- package/dist/src/evidence/verdict.d.ts +17 -0
- package/dist/src/evidence/verdict.js +23 -0
- package/dist/src/evidence/verdict.js.map +1 -0
- package/dist/src/generation/agent.d.ts +5 -0
- package/dist/src/generation/agent.js +34 -0
- package/dist/src/generation/agent.js.map +1 -0
- package/dist/src/generation/frontmatter.d.ts +7 -0
- package/dist/src/generation/frontmatter.js +33 -0
- package/dist/src/generation/frontmatter.js.map +1 -0
- package/dist/src/github/adapter.d.ts +44 -0
- package/dist/src/github/adapter.js +592 -0
- package/dist/src/github/adapter.js.map +1 -0
- package/dist/src/github/dispatch-eligibility.d.ts +9 -0
- package/dist/src/github/dispatch-eligibility.js +94 -0
- package/dist/src/github/dispatch-eligibility.js.map +1 -0
- package/dist/src/github/projector.d.ts +23 -0
- package/dist/src/github/projector.js +181 -0
- package/dist/src/github/projector.js.map +1 -0
- package/dist/src/github/review.d.ts +39 -0
- package/dist/src/github/review.js +1450 -0
- package/dist/src/github/review.js.map +1 -0
- package/dist/src/github/sync.d.ts +21 -0
- package/dist/src/github/sync.js +518 -0
- package/dist/src/github/sync.js.map +1 -0
- package/dist/src/github/types.d.ts +134 -0
- package/dist/src/github/types.js +11 -0
- package/dist/src/github/types.js.map +1 -0
- package/dist/src/goals/artifact-store.d.ts +31 -0
- package/dist/src/goals/artifact-store.js +241 -0
- package/dist/src/goals/artifact-store.js.map +1 -0
- package/dist/src/goals/authority.d.ts +112 -0
- package/dist/src/goals/authority.js +621 -0
- package/dist/src/goals/authority.js.map +1 -0
- package/dist/src/goals/native-snapshot.d.ts +12 -0
- package/dist/src/goals/native-snapshot.js +53 -0
- package/dist/src/goals/native-snapshot.js.map +1 -0
- package/dist/src/goals/runtime-authority.d.ts +7 -0
- package/dist/src/goals/runtime-authority.js +20 -0
- package/dist/src/goals/runtime-authority.js.map +1 -0
- package/dist/src/health/release-assessment.d.ts +11 -0
- package/dist/src/health/release-assessment.js +83 -0
- package/dist/src/health/release-assessment.js.map +1 -0
- package/dist/src/health/release-policy.d.ts +16 -0
- package/dist/src/health/release-policy.js +40 -0
- package/dist/src/health/release-policy.js.map +1 -0
- package/dist/src/hooks/native.d.ts +30 -0
- package/dist/src/hooks/native.js +495 -0
- package/dist/src/hooks/native.js.map +1 -0
- package/dist/src/hooks/provider-runtime.d.ts +55 -0
- package/dist/src/hooks/provider-runtime.js +479 -0
- package/dist/src/hooks/provider-runtime.js.map +1 -0
- package/dist/src/hooks/provider.d.ts +102 -0
- package/dist/src/hooks/provider.js +358 -0
- package/dist/src/hooks/provider.js.map +1 -0
- package/dist/src/live/contact-journal.d.ts +73 -0
- package/dist/src/live/contact-journal.js +439 -0
- package/dist/src/live/contact-journal.js.map +1 -0
- package/dist/src/live-probes/gh-adapter.d.ts +28 -0
- package/dist/src/live-probes/gh-adapter.js +188 -0
- package/dist/src/live-probes/gh-adapter.js.map +1 -0
- package/dist/src/live-probes/github-queue.d.ts +1 -0
- package/dist/src/live-probes/github-queue.js +2 -0
- package/dist/src/live-probes/github-queue.js.map +1 -0
- package/dist/src/notifications/slack-request.d.ts +13 -0
- package/dist/src/notifications/slack-request.js +40 -0
- package/dist/src/notifications/slack-request.js.map +1 -0
- package/dist/src/outbox/processor.d.ts +27 -0
- package/dist/src/outbox/processor.js +63 -0
- package/dist/src/outbox/processor.js.map +1 -0
- package/dist/src/outbox/store.d.ts +158 -0
- package/dist/src/outbox/store.js +834 -0
- package/dist/src/outbox/store.js.map +1 -0
- package/dist/src/package-root.d.ts +1 -0
- package/dist/src/package-root.js +26 -0
- package/dist/src/package-root.js.map +1 -0
- package/dist/src/project.d.ts +12 -0
- package/dist/src/project.js +60 -0
- package/dist/src/project.js.map +1 -0
- package/dist/src/projection/generated-file.d.ts +15 -0
- package/dist/src/projection/generated-file.js +72 -0
- package/dist/src/projection/generated-file.js.map +1 -0
- package/dist/src/projection/project-workspace.d.ts +11 -0
- package/dist/src/projection/project-workspace.js +94 -0
- package/dist/src/projection/project-workspace.js.map +1 -0
- package/dist/src/projection/registry.d.ts +15 -0
- package/dist/src/projection/registry.js +59 -0
- package/dist/src/projection/registry.js.map +1 -0
- package/dist/src/projection/safe-path.d.ts +4 -0
- package/dist/src/projection/safe-path.js +106 -0
- package/dist/src/projection/safe-path.js.map +1 -0
- package/dist/src/providers/claude-interactive.d.ts +38 -0
- package/dist/src/providers/claude-interactive.js +287 -0
- package/dist/src/providers/claude-interactive.js.map +1 -0
- package/dist/src/providers/claude-structured-bridge.d.ts +32 -0
- package/dist/src/providers/claude-structured-bridge.js +215 -0
- package/dist/src/providers/claude-structured-bridge.js.map +1 -0
- package/dist/src/providers/claude-structured-completion.d.ts +23 -0
- package/dist/src/providers/claude-structured-completion.js +229 -0
- package/dist/src/providers/claude-structured-completion.js.map +1 -0
- package/dist/src/providers/claude-structured-pane.d.ts +23 -0
- package/dist/src/providers/claude-structured-pane.js +156 -0
- package/dist/src/providers/claude-structured-pane.js.map +1 -0
- package/dist/src/providers/claude-structured-store.d.ts +48 -0
- package/dist/src/providers/claude-structured-store.js +212 -0
- package/dist/src/providers/claude-structured-store.js.map +1 -0
- package/dist/src/providers/claude-structured.d.ts +56 -0
- package/dist/src/providers/claude-structured.js +250 -0
- package/dist/src/providers/claude-structured.js.map +1 -0
- package/dist/src/providers/codex-exec.d.ts +29 -0
- package/dist/src/providers/codex-exec.js +127 -0
- package/dist/src/providers/codex-exec.js.map +1 -0
- package/dist/src/providers/grading.d.ts +2 -0
- package/dist/src/providers/grading.js +20 -0
- package/dist/src/providers/grading.js.map +1 -0
- package/dist/src/providers/native-dispatch.d.ts +24 -0
- package/dist/src/providers/native-dispatch.js +34 -0
- package/dist/src/providers/native-dispatch.js.map +1 -0
- package/dist/src/providers/preflight.d.ts +65 -0
- package/dist/src/providers/preflight.js +256 -0
- package/dist/src/providers/preflight.js.map +1 -0
- package/dist/src/providers/process.d.ts +18 -0
- package/dist/src/providers/process.js +21 -0
- package/dist/src/providers/process.js.map +1 -0
- package/dist/src/queue/model.d.ts +37 -0
- package/dist/src/queue/model.js +51 -0
- package/dist/src/queue/model.js.map +1 -0
- package/dist/src/queue/service.d.ts +1 -0
- package/dist/src/queue/service.js +2 -0
- package/dist/src/queue/service.js.map +1 -0
- package/dist/src/reflections/store.d.ts +21 -0
- package/dist/src/reflections/store.js +60 -0
- package/dist/src/reflections/store.js.map +1 -0
- package/dist/src/reports/daily-trust.d.ts +11 -0
- package/dist/src/reports/daily-trust.js +98 -0
- package/dist/src/reports/daily-trust.js.map +1 -0
- package/dist/src/runs/controller.d.ts +187 -0
- package/dist/src/runs/controller.js +1182 -0
- package/dist/src/runs/controller.js.map +1 -0
- package/dist/src/runtime/composition.d.ts +9 -0
- package/dist/src/runtime/composition.js +35 -0
- package/dist/src/runtime/composition.js.map +1 -0
- package/dist/src/runtime/endurance-authorities.d.ts +44 -0
- package/dist/src/runtime/endurance-authorities.js +101 -0
- package/dist/src/runtime/endurance-authorities.js.map +1 -0
- package/dist/src/runtime/endurance-policy.d.ts +12 -0
- package/dist/src/runtime/endurance-policy.js +13 -0
- package/dist/src/runtime/endurance-policy.js.map +1 -0
- package/dist/src/runtime/lock.d.ts +63 -0
- package/dist/src/runtime/lock.js +577 -0
- package/dist/src/runtime/lock.js.map +1 -0
- package/dist/src/runtime/process-identity.d.ts +10 -0
- package/dist/src/runtime/process-identity.js +43 -0
- package/dist/src/runtime/process-identity.js.map +1 -0
- package/dist/src/runtime/quota.d.ts +130 -0
- package/dist/src/runtime/quota.js +590 -0
- package/dist/src/runtime/quota.js.map +1 -0
- package/dist/src/runtime/record-store.d.ts +45 -0
- package/dist/src/runtime/record-store.js +272 -0
- package/dist/src/runtime/record-store.js.map +1 -0
- package/dist/src/runtime/schema.d.ts +28 -0
- package/dist/src/runtime/schema.js +194 -0
- package/dist/src/runtime/schema.js.map +1 -0
- package/dist/src/runtime/stable-id.d.ts +3 -0
- package/dist/src/runtime/stable-id.js +27 -0
- package/dist/src/runtime/stable-id.js.map +1 -0
- package/dist/src/runtime/system-clock.d.ts +8 -0
- package/dist/src/runtime/system-clock.js +35 -0
- package/dist/src/runtime/system-clock.js.map +1 -0
- package/dist/src/schedule/service-plan.d.ts +58 -0
- package/dist/src/schedule/service-plan.js +327 -0
- package/dist/src/schedule/service-plan.js.map +1 -0
- package/dist/src/schedule/user-installation.d.ts +62 -0
- package/dist/src/schedule/user-installation.js +701 -0
- package/dist/src/schedule/user-installation.js.map +1 -0
- package/dist/src/schedule/user-plan.d.ts +47 -0
- package/dist/src/schedule/user-plan.js +286 -0
- package/dist/src/schedule/user-plan.js.map +1 -0
- package/dist/src/scheduler/minute.d.ts +31 -0
- package/dist/src/scheduler/minute.js +441 -0
- package/dist/src/scheduler/minute.js.map +1 -0
- package/dist/src/schemas/registry.d.ts +10 -0
- package/dist/src/schemas/registry.js +36 -0
- package/dist/src/schemas/registry.js.map +1 -0
- package/dist/src/security/secret-scan.d.ts +50 -0
- package/dist/src/security/secret-scan.js +384 -0
- package/dist/src/security/secret-scan.js.map +1 -0
- package/dist/src/sessions/registry.d.ts +89 -0
- package/dist/src/sessions/registry.js +443 -0
- package/dist/src/sessions/registry.js.map +1 -0
- package/dist/src/state.d.ts +27 -0
- package/dist/src/state.js +235 -0
- package/dist/src/state.js.map +1 -0
- package/dist/src/status/hud.d.ts +37 -0
- package/dist/src/status/hud.js +88 -0
- package/dist/src/status/hud.js.map +1 -0
- package/dist/src/team/plan.d.ts +31 -0
- package/dist/src/team/plan.js +184 -0
- package/dist/src/team/plan.js.map +1 -0
- package/dist/src/team/projection.d.ts +24 -0
- package/dist/src/team/projection.js +79 -0
- package/dist/src/team/projection.js.map +1 -0
- package/dist/src/tickets/admission.d.ts +34 -0
- package/dist/src/tickets/admission.js +169 -0
- package/dist/src/tickets/admission.js.map +1 -0
- package/dist/src/tickets/materializer.d.ts +1 -0
- package/dist/src/tickets/materializer.js +2 -0
- package/dist/src/tickets/materializer.js.map +1 -0
- package/dist/src/tickets/runtime-authority.d.ts +32 -0
- package/dist/src/tickets/runtime-authority.js +46 -0
- package/dist/src/tickets/runtime-authority.js.map +1 -0
- package/dist/src/tickets/store.d.ts +221 -0
- package/dist/src/tickets/store.js +2025 -0
- package/dist/src/tickets/store.js.map +1 -0
- package/dist/src/tracer/one-ticket.d.ts +58 -0
- package/dist/src/tracer/one-ticket.js +578 -0
- package/dist/src/tracer/one-ticket.js.map +1 -0
- package/dist/src/trust/assessment.d.ts +24 -0
- package/dist/src/trust/assessment.js +124 -0
- package/dist/src/trust/assessment.js.map +1 -0
- package/dist/src/trust/runs.d.ts +13 -0
- package/dist/src/trust/runs.js +46 -0
- package/dist/src/trust/runs.js.map +1 -0
- package/dist/src/types.d.ts +6 -0
- package/dist/src/types.js +2 -0
- package/dist/src/types.js.map +1 -0
- package/dist/src/utils/fs.d.ts +13 -0
- package/dist/src/utils/fs.js +188 -0
- package/dist/src/utils/fs.js.map +1 -0
- package/dist/src/verification/authority.d.ts +28 -0
- package/dist/src/verification/authority.js +153 -0
- package/dist/src/verification/authority.js.map +1 -0
- package/dist/src/verification/grade-source.d.ts +17 -0
- package/dist/src/verification/grade-source.js +30 -0
- package/dist/src/verification/grade-source.js.map +1 -0
- package/dist/src/verification/plan.d.ts +20 -0
- package/dist/src/verification/plan.js +128 -0
- package/dist/src/verification/plan.js.map +1 -0
- package/dist/src/verification/protected-runner.d.ts +50 -0
- package/dist/src/verification/protected-runner.js +171 -0
- package/dist/src/verification/protected-runner.js.map +1 -0
- package/dist/src/verification/result-gate-store.d.ts +72 -0
- package/dist/src/verification/result-gate-store.js +193 -0
- package/dist/src/verification/result-gate-store.js.map +1 -0
- package/dist/src/verification/result-gate.d.ts +41 -0
- package/dist/src/verification/result-gate.js +731 -0
- package/dist/src/verification/result-gate.js.map +1 -0
- package/dist/src/verification/runner.d.ts +38 -0
- package/dist/src/verification/runner.js +143 -0
- package/dist/src/verification/runner.js.map +1 -0
- package/dist/src/verification/sandbox.d.ts +16 -0
- package/dist/src/verification/sandbox.js +199 -0
- package/dist/src/verification/sandbox.js.map +1 -0
- package/dist/src/verify.d.ts +8 -0
- package/dist/src/verify.js +35 -0
- package/dist/src/verify.js.map +1 -0
- package/dist/src/watchdog/reconcile.d.ts +42 -0
- package/dist/src/watchdog/reconcile.js +440 -0
- package/dist/src/watchdog/reconcile.js.map +1 -0
- package/dist/src/workers/bridge.d.ts +35 -0
- package/dist/src/workers/bridge.js +426 -0
- package/dist/src/workers/bridge.js.map +1 -0
- package/dist/src/workers/delivery.d.ts +31 -0
- package/dist/src/workers/delivery.js +876 -0
- package/dist/src/workers/delivery.js.map +1 -0
- package/dist/src/workers/panes.d.ts +32 -0
- package/dist/src/workers/panes.js +212 -0
- package/dist/src/workers/panes.js.map +1 -0
- package/dist/src/workers/registry.d.ts +80 -0
- package/dist/src/workers/registry.js +351 -0
- package/dist/src/workers/registry.js.map +1 -0
- package/dist/src/workers/runtime.d.ts +44 -0
- package/dist/src/workers/runtime.js +21 -0
- package/dist/src/workers/runtime.js.map +1 -0
- package/dist/src/worktrees/manager.d.ts +35 -0
- package/dist/src/worktrees/manager.js +315 -0
- package/dist/src/worktrees/manager.js.map +1 -0
- package/docs/ARCHITECTURE.md +323 -0
- package/docs/PLAN.md +216 -0
- package/docs/REFERENCES.md +42 -0
- package/docs/ROADMAP.md +327 -0
- package/docs/SECURITY.md +242 -0
- package/docs/adr/0001-tracer-first-file-backed-certification.md +41 -0
- package/docs/adr/0002-conductor-first-typed-dispatch.md +102 -0
- package/docs/adr/0003-mandatory-pre-dispatch-advice.md +59 -0
- package/docs/compatibility/claude-code-2.1.207.md +25 -0
- package/loop/contract.md +102 -0
- package/package.json +54 -0
- package/schemas/advisor-evidence.schema.json +54 -0
- package/schemas/advisor-output.schema.json +31 -0
- package/schemas/conductor-activity-payload.schema.json +38 -0
- package/schemas/conductor-decision.schema.json +29 -0
- package/schemas/conductor-dispatch-intent.schema.json +71 -0
- package/schemas/conductor-dispatch-preparation.schema.json +46 -0
- package/schemas/conductor-dispatch-proposal.schema.json +82 -0
- package/schemas/conductor-goal-proposal.schema.json +30 -0
- package/schemas/conductor-manage-worker.schema.json +17 -0
- package/schemas/conductor-notification-payload.schema.json +39 -0
- package/schemas/conductor-process-result.schema.json +14 -0
- package/schemas/conductor-route.schema.json +51 -0
- package/schemas/conductor-start-team.schema.json +16 -0
- package/schemas/conductor-waiter-payload.schema.json +68 -0
- package/schemas/deterministic-check.schema.json +107 -0
- package/schemas/dispatch-acknowledgement.schema.json +15 -0
- package/schemas/dispatch-advice-payload.schema.json +64 -0
- package/schemas/dispatch-payload.schema.json +131 -0
- package/schemas/dispatch-result.schema.json +28 -0
- package/schemas/endurance-policy.schema.json +16 -0
- package/schemas/events/dispatch-delivery-requested.schema.json +17 -0
- package/schemas/events/github-observed.schema.json +28 -0
- package/schemas/events/native-hook-observed.schema.json +35 -0
- package/schemas/events/provider-observed.schema.json +64 -0
- package/schemas/events/run-heartbeat-due.schema.json +10 -0
- package/schemas/events/slack-notification-requested.schema.json +14 -0
- package/schemas/events/structured-role-completed.schema.json +54 -0
- package/schemas/events/ticket-resume-due.schema.json +28 -0
- package/schemas/events/watchdog-lease-expired.schema.json +14 -0
- package/schemas/events/watchdog-outbox-stalled.schema.json +12 -0
- package/schemas/events/watchdog-session-stalled.schema.json +11 -0
- package/schemas/evidence-record.schema.json +37 -0
- package/schemas/executor-result.schema.json +17 -0
- package/schemas/github-observation.schema.json +33 -0
- package/schemas/github-watermark.schema.json +66 -0
- package/schemas/goal-artifact.schema.json +19 -0
- package/schemas/goal-create-input.schema.json +14 -0
- package/schemas/goal-executor-result.schema.json +18 -0
- package/schemas/goal-payload.schema.json +95 -0
- package/schemas/grader-output.schema.json +33 -0
- package/schemas/lease-expiry.schema.json +19 -0
- package/schemas/live-disclosure.schema.json +16 -0
- package/schemas/live-outcome.schema.json +52 -0
- package/schemas/native-goal-snapshot.schema.json +27 -0
- package/schemas/provider-observed.schema.json +64 -0
- package/schemas/quota-observation.schema.json +72 -0
- package/schemas/reflection-evidence.schema.json +61 -0
- package/schemas/reflection.schema.json +13 -0
- package/schemas/regression-request.schema.json +54 -0
- package/schemas/release-assessment.schema.json +34 -0
- package/schemas/release-policy.schema.json +30 -0
- package/schemas/result-gate-payload.schema.json +244 -0
- package/schemas/review-delivery-payload.schema.json +42 -0
- package/schemas/role-policy.schema.json +111 -0
- package/schemas/run-abort-input.schema.json +11 -0
- package/schemas/run-completion-proof.schema.json +62 -0
- package/schemas/run-ledger-entry.schema.json +78 -0
- package/schemas/run-manifest.schema.json +74 -0
- package/schemas/run-start-intent.schema.json +74 -0
- package/schemas/runtime-record.schema.json +111 -0
- package/schemas/service-plan.schema.json +35 -0
- package/schemas/session-payload.schema.json +80 -0
- package/schemas/structured-role-read-request.schema.json +14 -0
- package/schemas/structured-role-request.schema.json +44 -0
- package/schemas/structured-role-result.schema.json +38 -0
- package/schemas/structured-role-submit-result.schema.json +15 -0
- package/schemas/team-checkpoint.schema.json +42 -0
- package/schemas/team-plan.schema.json +30 -0
- package/schemas/ticket-content.schema.json +38 -0
- package/schemas/ticket-queue-payload.schema.json +191 -0
- package/schemas/trust-report.schema.json +68 -0
- package/schemas/trust-run.schema.json +47 -0
- package/schemas/ultragoal-checkpoint.schema.json +49 -0
- package/schemas/user-schedule-installation-v1.schema.json +32 -0
- package/schemas/user-schedule-installation.schema.json +38 -0
- package/schemas/user-schedule-plan.schema.json +39 -0
- package/schemas/verification-plan-evidence.schema.json +37 -0
- package/schemas/worker-acknowledge-dispatch.schema.json +12 -0
- package/schemas/worker-payload.schema.json +47 -0
- package/schemas/worker-read-dispatch.schema.json +11 -0
- package/schemas/worker-record-dispatch-result.schema.json +14 -0
package/docs/SECURITY.md
ADDED
|
@@ -0,0 +1,242 @@
|
|
|
1
|
+
# Security Model
|
|
2
|
+
|
|
3
|
+
## Trust boundaries
|
|
4
|
+
|
|
5
|
+
OMS treats the following as untrusted input:
|
|
6
|
+
|
|
7
|
+
- GitHub issue titles, bodies, comments, labels, and branch suggestions;
|
|
8
|
+
- model, subagent, grader, and reflection output;
|
|
9
|
+
- tmux pane content and captured terminal output;
|
|
10
|
+
- raw native-hook input and external session metadata;
|
|
11
|
+
- repository content from a ticket branch;
|
|
12
|
+
- environment variables and runtime files not created through the current
|
|
13
|
+
validated authority.
|
|
14
|
+
|
|
15
|
+
Untrusted content is data, never command source or a tmux keystroke sequence.
|
|
16
|
+
Typed outbox events and canonical records become trusted only after exact schema,
|
|
17
|
+
identity, version, policy, path, and branded-authority checks.
|
|
18
|
+
|
|
19
|
+
## Authentication and billing safety
|
|
20
|
+
|
|
21
|
+
Authentication mode, billing class, overage permission, and unattended
|
|
22
|
+
eligibility are explicitly declared per role. OMS fails closed when a value is
|
|
23
|
+
absent, unknown, or incompatible with an operation.
|
|
24
|
+
|
|
25
|
+
- Interactive panes must not be used to evade provider billing or automation
|
|
26
|
+
restrictions.
|
|
27
|
+
- Subscription credentials are used only through provider-supported native
|
|
28
|
+
application workflows.
|
|
29
|
+
- Programmatic or unattended traffic requires the provider-supported
|
|
30
|
+
credential and policy for that surface.
|
|
31
|
+
- Secrets are supplied at runtime and are never committed to `.agents/`, logs,
|
|
32
|
+
evidence, ticket files, Slack request events, or generated service plans.
|
|
33
|
+
- Local verification, tests, HUD, release assessment, and the trace fixture make
|
|
34
|
+
no paid or live model call.
|
|
35
|
+
|
|
36
|
+
Provider policy changes over time. Operators must confirm current official
|
|
37
|
+
guidance before a live run; the existence of a local adapter or launch plan is
|
|
38
|
+
not authorization to contact a provider.
|
|
39
|
+
|
|
40
|
+
## Implemented side-effect boundary
|
|
41
|
+
|
|
42
|
+
The human starts the read-only conductor with bare `oms`. On the first live run,
|
|
43
|
+
the CLI displays the inferred repository and exact side-effect boundary, then
|
|
44
|
+
requires one matching typed confirmation before initialization or provider
|
|
45
|
+
contact. That repository confirmation creates
|
|
46
|
+
two immutable, session-scoped authorities: the live-delivery authorization and
|
|
47
|
+
a separate pre-dispatch-advice authorization bound to the first authorization,
|
|
48
|
+
conductor session, and repository. Neither can be added to or widened on an
|
|
49
|
+
already-running conductor; the human must exit and run bare `oms` again.
|
|
50
|
+
|
|
51
|
+
Before that session can commit an accepted dispatch, OMS canonicalizes the
|
|
52
|
+
exact intent, journals the fresh Codex contact, and requires immutable protected
|
|
53
|
+
evidence approving that digest. Revision, veto, missing, tampered, stale, or
|
|
54
|
+
cross-ticket evidence creates no dispatch, worker reservation, delivery event,
|
|
55
|
+
provider probe, or pane. After an approved unchanged dispatch is committed, OMS
|
|
56
|
+
may launch its configured interactive Claude or Codex Goal worker in the
|
|
57
|
+
verified worktree. Lifecycle controls are typed OMS tools; raw tmux is not
|
|
58
|
+
exposed to the conductor.
|
|
59
|
+
|
|
60
|
+
OMS uses only fixed internal tmux input for provider workspace trust, dispatch-ID
|
|
61
|
+
activation, and native Codex `/goal pause` or `/goal resume`. Ticket text, model
|
|
62
|
+
output, and pane text never enter tmux input. Pane capture and sentinels are
|
|
63
|
+
diagnostic only and cannot acknowledge a dispatch or complete a ticket.
|
|
64
|
+
|
|
65
|
+
Schedule lifecycle is explicit and user-scoped: OMS can generate, install,
|
|
66
|
+
inspect, or remove only the exact two-job cron, systemd, or launchd plan after
|
|
67
|
+
state/workspace validation. It does not install a daemon or accept arbitrary
|
|
68
|
+
scheduled commands.
|
|
69
|
+
Slack support records a typed notification request only; there is no URL, token,
|
|
70
|
+
HTTP sender, retry worker, or provider delivery receipt. Automatic merge is
|
|
71
|
+
disabled and has no positive enabling state.
|
|
72
|
+
|
|
73
|
+
Provider launch still requires the operator-originated, repository-authorized
|
|
74
|
+
conductor, an accepted
|
|
75
|
+
dispatch, current policy and subscription eligibility, exact ticket/lease and
|
|
76
|
+
worktree authority, and a reviewed provider argument array. Unknown eligibility
|
|
77
|
+
parks before launch. No worker, Team manifest, or lifecycle tool grants
|
|
78
|
+
verification, trust, merge, or release authority.
|
|
79
|
+
|
|
80
|
+
GitHub polling has no admission authority. `prepare_dispatch` requires an
|
|
81
|
+
active repository-scoped goal, exact `github:label=oms:ready` membership,
|
|
82
|
+
authorized repository match when live delivery is enabled, selected ticket
|
|
83
|
+
version and content digest, and a subscription executor role. It writes an
|
|
84
|
+
immutable request before worktree/lease mutation and an immutable derived
|
|
85
|
+
intent afterward. Exact replay may recover the gap; nonce reuse, stale ticket
|
|
86
|
+
versions, changed requests, or a conflicting accepted dispatch fail before a
|
|
87
|
+
second advisor contact.
|
|
88
|
+
|
|
89
|
+
Claude executor panes receive only repository read/edit tools and the
|
|
90
|
+
session-bound OMS worker bridge; Bash, web, subagents, and raw tmux are denied.
|
|
91
|
+
The result tool creates a fixed local git commit with hooks and signing disabled.
|
|
92
|
+
Codex Goal workers keep the provider's native workspace-write sandbox. Each Goal
|
|
93
|
+
session uses a private, strict-config Codex home so unrelated user MCP servers,
|
|
94
|
+
plugins, apps, and configuration are not inherited. OMS does not copy the
|
|
95
|
+
subscription credential: it creates one validated session-private reference to
|
|
96
|
+
the provider's existing native auth file. Ambient `/tmp` and `TMPDIR` writable
|
|
97
|
+
roots are explicitly excluded, even when a test state root is temporary; only
|
|
98
|
+
the exact ticket worktree remains writable. Neither executor receives provider
|
|
99
|
+
credentials as task data or any merge/release tool.
|
|
100
|
+
|
|
101
|
+
## Command and content safety
|
|
102
|
+
|
|
103
|
+
- Pass opaque ticket IDs and absolute file paths across subprocess and future
|
|
104
|
+
tmux boundaries.
|
|
105
|
+
- Never interpolate issue text, model output, pane content, or hook input into
|
|
106
|
+
`eval`, `sh -c`, command substitutions, branch names, paths, service-manager
|
|
107
|
+
directives, or tmux key sequences.
|
|
108
|
+
- Construct provider and verification subprocesses with executable-plus-argument
|
|
109
|
+
arrays and no shell.
|
|
110
|
+
- Require the accepted ticket worktree to match its root, branch, base commit,
|
|
111
|
+
and a clean tracked/untracked status immediately before provider launch.
|
|
112
|
+
- Use `--` before externally derived positional arguments where supported.
|
|
113
|
+
- Reject identifiers containing path separators, controls, shell
|
|
114
|
+
metacharacters, or values outside their exact schema.
|
|
115
|
+
- Bound stdin, file, payload, and log sizes and redact credential-shaped values.
|
|
116
|
+
- Do not execute repository-provided hooks or scripts merely because a ticket
|
|
117
|
+
requests them; verification commands come from reviewed tracked policy.
|
|
118
|
+
|
|
119
|
+
Prompt injection is an authorization problem: issue or model text cannot widen
|
|
120
|
+
filesystem, network, merge, credential, provider, service, or command authority.
|
|
121
|
+
|
|
122
|
+
Fresh advisor output is untrusted model data. It may contain only the exact
|
|
123
|
+
intent digest, verdict, summary, recommendations, and risks. OMS owns and binds
|
|
124
|
+
the provider request, fresh-session, contact-journal, and human-authorization
|
|
125
|
+
identities before its protected writer can mint advisor evidence.
|
|
126
|
+
|
|
127
|
+
## Hook, event, session, and quota safety
|
|
128
|
+
|
|
129
|
+
`hook ingest` accepts one bounded JSON object from stdin and computes its source
|
|
130
|
+
digest internally. Callers cannot assert their own trusted digest. The projector
|
|
131
|
+
matches session role, engine, mode, run, ticket, native reference, pane ID,
|
|
132
|
+
version, state, timestamp, and event identity before mutation.
|
|
133
|
+
|
|
134
|
+
The stdin transport is not cryptographically authenticated to a provider in
|
|
135
|
+
this release. It is therefore a local operator/control-plane surface only and
|
|
136
|
+
does not establish live provider provenance or certification.
|
|
137
|
+
|
|
138
|
+
Event kinds have exact schemas. Immutable outbox events are idempotent per
|
|
139
|
+
identity and consumer receipts bind the operation nonce. A replay returns the
|
|
140
|
+
stored outcome; copied or foreign event buses and authorities are rejected.
|
|
141
|
+
|
|
142
|
+
Quota evidence is session-bound and freshness-bounded. A quota exhaustion event
|
|
143
|
+
must carry the active ticket's original version, attempt, actor, and lease
|
|
144
|
+
authority. Availability must be newer than the limiting observation and session
|
|
145
|
+
version. Stale, ambiguous, cross-policy, future-dated, or unrelated evidence
|
|
146
|
+
fails closed.
|
|
147
|
+
|
|
148
|
+
The watchdog can recover an expired lease, mark a missed-heartbeat session
|
|
149
|
+
stalled, supersede a dead waiter, repair the typed receipt/notification for an
|
|
150
|
+
exact waiting structured-role result, explicitly recover that request's exact
|
|
151
|
+
dead projector-lock generation, and resume the same proven dead conductor. It
|
|
152
|
+
may wake only a proven idle pane with an opaque notification ID;
|
|
153
|
+
it cannot interrupt working state, perform ordinary routing, send raw model
|
|
154
|
+
content, send Slack, or turn a stalled report into successful external
|
|
155
|
+
delivery.
|
|
156
|
+
|
|
157
|
+
## Filesystem and concurrency safety
|
|
158
|
+
|
|
159
|
+
- Resolve and validate `OMS_STATE_ROOT` as an absolute path before use.
|
|
160
|
+
- Reject empty, root, home, repository-root, or otherwise unsafe state roots.
|
|
161
|
+
- Prevent traversal, no-follow violations, and symlink swaps at canonical runtime
|
|
162
|
+
paths. The sole deliberate runtime symlink is the private Codex auth reference;
|
|
163
|
+
its exact regular-file target is revalidated before launch and it is never read
|
|
164
|
+
as OMS state or evidence.
|
|
165
|
+
- Create sensitive runtime directories and files with restrictive permissions.
|
|
166
|
+
- Use same-filesystem temporary files, atomic rename, expected versions,
|
|
167
|
+
nonces, and exclusive locks for mutable state.
|
|
168
|
+
- Validate durable JSON against its schema before and after a transition.
|
|
169
|
+
- Write evidence, manifests, decisions, plans, and receipts immutably; a replay
|
|
170
|
+
must match existing bytes.
|
|
171
|
+
- Treat stale-lock recovery and lease expiry as explicit auditable operations.
|
|
172
|
+
|
|
173
|
+
Cleanup commands must prove that their target is below the validated state root
|
|
174
|
+
and must never follow an untrusted path recursively.
|
|
175
|
+
|
|
176
|
+
## Git and worktree safety
|
|
177
|
+
|
|
178
|
+
- One traced ticket uses one dedicated opaque branch and worktree.
|
|
179
|
+
- Branch names derive from validated identifiers, not issue titles.
|
|
180
|
+
- Preserve unrelated workspace changes.
|
|
181
|
+
- Do not force-push, rewrite shared history, publish a remote, or merge without
|
|
182
|
+
explicit operator authority.
|
|
183
|
+
- Deterministic verification runs before supplemental grading.
|
|
184
|
+
- A completed local ticket remains `human_hold`; trust reporting cannot change
|
|
185
|
+
that disposition.
|
|
186
|
+
|
|
187
|
+
A future merge gate would require deterministic checks, provenance, trust
|
|
188
|
+
evidence, executor-group evidence, and an explicit
|
|
189
|
+
idempotent reviewed transition. None is inferred from local test success.
|
|
190
|
+
|
|
191
|
+
Passing live GitHub results may enter one fixed review-delivery authority. It
|
|
192
|
+
accepts only the exact protected result chain, validates the local `origin`,
|
|
193
|
+
runs pinned redacted Gitleaks scans over the commit range, tracked worktree,
|
|
194
|
+
immutable evidence, canonical issue content, fixed argv, and draft-PR content,
|
|
195
|
+
then pushes the verified commit without force and creates at most one draft PR.
|
|
196
|
+
Fresh GraphQL readback must show the exact remote branch and draft PR still bind
|
|
197
|
+
the verified commit; a typed check event must show the named deterministic check passed. Raw scanner
|
|
198
|
+
reports are always removed; durable scan and contact records retain digests,
|
|
199
|
+
not secrets or response bodies.
|
|
200
|
+
|
|
201
|
+
## Doctor, probes, runs, and release evidence
|
|
202
|
+
|
|
203
|
+
Offline `doctor` checks local executables, configuration, schemas, paths,
|
|
204
|
+
permissions, and git prerequisites. Tests and `verify` remain deterministic and
|
|
205
|
+
network-free.
|
|
206
|
+
|
|
207
|
+
The GitHub queue probe remains a separately confirmed diagnostic contact. The
|
|
208
|
+
first normal live path is interactive bare `oms`. It infers the GitHub
|
|
209
|
+
repository when possible and requires the human to type the displayed
|
|
210
|
+
repository-scoped authorization phrase. That start creates both the immutable
|
|
211
|
+
live-delivery authorization and its separately validated pre-dispatch-advice
|
|
212
|
+
authorization. Later bare invocations reuse those session-scoped authorities;
|
|
213
|
+
no invocation widens a running session, and non-interactive bare invocation
|
|
214
|
+
contacts no provider. The explicit `oms conductor start` form remains an
|
|
215
|
+
advanced recovery/state-root override. Advisor, worker, grade, reflection,
|
|
216
|
+
GitHub sync, review-read,
|
|
217
|
+
branch-push, and draft-PR contacts each write a digest-only disclosure before
|
|
218
|
+
contact. None grants merge or release authority, and this repository still
|
|
219
|
+
contains no claimed completed live proof.
|
|
220
|
+
|
|
221
|
+
`run start --for 12h|24h` creates a non-certifying audit manifest; the label
|
|
222
|
+
does not prove elapsed runtime. Manifests freeze `provider_started: false`,
|
|
223
|
+
manual start required, `release: not_stable`, and human hold. `release status`
|
|
224
|
+
can express only the negative assessment and cannot ingest flags or evidence to
|
|
225
|
+
promote itself.
|
|
226
|
+
|
|
227
|
+
Run admission binds ticket content and policy, not only IDs. Native hooks,
|
|
228
|
+
scheduler resumes, watchdog recovery, and terminal operations serialize through
|
|
229
|
+
the controller lock and append continuity-aware audit events. Terminal status
|
|
230
|
+
is accepted only with the exact immutable controller payload and proof/reason
|
|
231
|
+
artifact. Timed close remains audit-only. Crashed controller-lock recovery is a
|
|
232
|
+
separate explicit command requiring the exact generation and refusing a live
|
|
233
|
+
owner process.
|
|
234
|
+
|
|
235
|
+
## Incident posture
|
|
236
|
+
|
|
237
|
+
On invalid state, a lease conflict, stale authority, unknown authentication,
|
|
238
|
+
suspected injection, credential exposure, outbox conflict, goal mismatch, or
|
|
239
|
+
verification ambiguity, OMS stops the affected transition and preserves
|
|
240
|
+
evidence. Recovery uses a new audited operation or explicit reconciliation; it
|
|
241
|
+
does not rewrite history, fabricate completion, certify a canary, or mark the
|
|
242
|
+
release stable.
|
|
@@ -0,0 +1,41 @@
|
|
|
1
|
+
# ADR 0001: Tracer-first, file-backed certification
|
|
2
|
+
|
|
3
|
+
## Status
|
|
4
|
+
|
|
5
|
+
Accepted; branch-protection requirements removed by operator decision on 2026-07-12.
|
|
6
|
+
|
|
7
|
+
## Context
|
|
8
|
+
|
|
9
|
+
OMS must coordinate ticket work for long periods without becoming a second agent runtime. Its decisions must survive process restarts, remain auditable, and fail closed when execution, verification, quota, remote-identity, or provider evidence is missing. A background service or database would add another authority before the file-backed tracer has proved insufficient.
|
|
10
|
+
|
|
11
|
+
Release certification also needs evidence from real elapsed operation. Fast-forwarded clocks, mocked timers, and a model's claim that a run completed cannot certify endurance.
|
|
12
|
+
|
|
13
|
+
## Decision
|
|
14
|
+
|
|
15
|
+
OMS is tracer-first. One ticket is followed through its durable lifecycle, and each consequential transition is justified by immutable, schema-validated evidence stored under the runtime root.
|
|
16
|
+
|
|
17
|
+
V1 uses tracked JSON policy and file-backed runtime records. It adds no daemon and no database. Native completion hooks and outbox events drive normal progress; the 15-minute heartbeat and watchdog are recovery mechanisms only. Recovery stops after two unsuccessful heartbeats and requires operator attention.
|
|
18
|
+
|
|
19
|
+
Merges remain human-held. Automatic merge is disabled and OMS exposes no merge or ready-for-review mutation. Server-side branch protection is not an OMS dependency; repository administrators remain responsible for any controls outside OMS.
|
|
20
|
+
|
|
21
|
+
Release certification requires manually attested, real elapsed canaries in this order: a 12-hour run, followed by a fresh 24-hour run. The 24-hour canary cannot reuse the 12-hour process, session, lease, or elapsed-time claim.
|
|
22
|
+
|
|
23
|
+
## Alternatives
|
|
24
|
+
|
|
25
|
+
- A custom orchestration daemon was rejected because native hooks and one-shot commands cover normal flow while a heartbeat covers recovery.
|
|
26
|
+
- A database-backed queue was rejected because atomic, locked file records are sufficient for the current single-host boundary and are easier to audit and recover.
|
|
27
|
+
- Polling as the normal execution path was rejected because it duplicates native completion signals and makes latency and failure ownership less clear.
|
|
28
|
+
- Automatic merge after deterministic checks was rejected because verification success alone does not prove human review authority, provenance, or endurance certification.
|
|
29
|
+
- Simulated or accelerated canaries were rejected because they do not demonstrate real quota windows, process recovery, or elapsed-time stability.
|
|
30
|
+
|
|
31
|
+
## Consequences
|
|
32
|
+
|
|
33
|
+
Runtime behavior remains inspectable with ordinary file and Git tools, and each release claim can be traced to immutable evidence. Normal operation does not depend on a resident OMS process. Deterministic recovery is deliberately bounded and may park work for human review instead of guessing.
|
|
34
|
+
|
|
35
|
+
This design accepts lower throughput and manual merge latency in exchange for a smaller authority surface. OMS itself refuses force-push and merge operations, but without server-side branch protection it cannot prevent repository administrators or other credentials from changing remote history. File-backed coordination remains limited to the reviewed single-host concurrency model; evidence compaction or distributed coordination would require a new decision.
|
|
36
|
+
|
|
37
|
+
## Follow-ups
|
|
38
|
+
|
|
39
|
+
- Run and manually attest a real elapsed 12-hour canary.
|
|
40
|
+
- Start a fresh run and manually attest a real elapsed 24-hour canary only after the 12-hour canary passes.
|
|
41
|
+
- Revisit a daemon, database, or automatic merge only through a superseding ADR backed by observed tracer limitations and new deterministic gates.
|
|
@@ -0,0 +1,102 @@
|
|
|
1
|
+
# ADR: Conductor-First Typed Dispatch Authority
|
|
2
|
+
|
|
3
|
+
Status: Accepted on 2026-07-11; bridge counts and dispatch admission are superseded by ADR 0003.
|
|
4
|
+
|
|
5
|
+
## Context
|
|
6
|
+
|
|
7
|
+
OMS already has a TypeScript, file-backed queue/control/evidence foundation, bounded provider hooks, reconciliation, worktrees, role policy, a local tracer, and a negative-only release assessment. It does not yet run the desired live product flow.
|
|
8
|
+
|
|
9
|
+
The required operator experience is one human-started persistent Claude Opus conductor in tmux. The human types the goal once; the read-only conductor then routes work across configured Claude and Codex lanes. OMS must observe provider and GitHub changes, survive restarts and quota pauses, and prepare verified pull requests without becoming a daemon or granting models merge/release authority.
|
|
10
|
+
|
|
11
|
+
The previous operator-first design required a human start ceremony for every worker and emitted product instructions for an external team runtime. That does not satisfy the desired OMS-owned conductor loop.
|
|
12
|
+
|
|
13
|
+
## Decision
|
|
14
|
+
|
|
15
|
+
V1 uses a conductor-first, typed-dispatch architecture:
|
|
16
|
+
|
|
17
|
+
1. A human runs interactive bare `oms` to create or resume an interactive read-only Claude Opus conductor in the OMS tmux session. On the first live run, the CLI obtains one exact repository-scoped human confirmation before state initialization or provider contact. The explicit `oms conductor start` form remains only for advanced recovery or a selected state root; non-interactive bare invocation prints help and contacts no provider.
|
|
18
|
+
2. The human enters a freeform goal. CD-01 begins with exactly two proposal tools on the session-scoped local stdio `oms conductor bridge`: `mcp__oms__propose_goal` and `mcp__oms__propose_dispatch`. The goal tool validates and atomically commits durable objective, scope, stopping condition, horizon, and budget/policy state. The dispatch tool is initially advertised and schema-valid but deterministically returns `dispatch-not-enabled` with no mutation.
|
|
19
|
+
3. CD-02 activates that same dispatch handler without adding tools or permissions. Every worker assignment then becomes a validated, persisted OMS envelope bound to exact goal, ticket, lease, attempt, role/model, provider eligibility, worktree, capabilities, budget, acceptance/evidence requirements, and nonce before delivery. Freeform content never enters argv, a shell, or file Write.
|
|
20
|
+
4. CD-03 adds exactly two narrow control tools: `mcp__oms__manage_worker` for observe/park/resume/stop and `mcp__oms__start_team` for grouping already accepted dispatch IDs. The complete conductor bridge therefore has four tools: two proposal tools and two fixed-action controls. It exposes no generic shell, filesystem, tmux, provider, GitHub, verification, merge, or release authority.
|
|
21
|
+
5. OMS provider adapters start and observe interactive Claude workers, resumable Codex Goal workers, and eligible fresh read-only exec roles. Worker sessions require an explicitly reviewed `operator_originated_oms_managed_interactive` policy; legacy per-worker human-start flags are not silently reinterpreted. Direct tmux operations are encapsulated; the conductor cannot invoke them.
|
|
22
|
+
6. Provider hooks drive immediate session/activity/health/completion-observed/quota observations. Completion hooks cannot set `agent=done` or `ticket=verifying`; only one dispatch-bound typed result receipt can. A one-shot GitHub sync runs every 60 seconds by default. Projected events form opaque notification batches, and a version-pinned `asyncRewake` waiter wakes an idle conductor to re-read canonical state. Waiter generations are durable CAS records bound to conductor session/process identity. The 15-minute watchdog is the sole dead-waiter recovery owner: it may resume/respawn only a proven idle/dead conductor so `SessionStart` re-arms, never interrupt active work, and otherwise record visible stalled/blocked state.
|
|
23
|
+
7. Deterministic verification is the final vote. Exactly one fresh opposite-engine grade is mandatory and supplemental. An unavailable/ineligible opposite engine parks or blocks visibly; bounded reflection/retry cannot bypass attempts or verification.
|
|
24
|
+
8. OMS may push isolated branches, open/update draft pull requests, attach evidence, and report `READY_FOR_HUMAN`. Only a human may merge, tag, publish, or release.
|
|
25
|
+
|
|
26
|
+
## Simplicity boundary
|
|
27
|
+
|
|
28
|
+
- Native primitives provide provider sessions, local stdio MCP tools, `asyncRewake` hooks, tmux, worktrees, GitHub access, and scheduling.
|
|
29
|
+
- Skills define conductor, worker, advisor, grader, reflection, quota, schedule, and team behavior.
|
|
30
|
+
- Small Node.js/TypeScript commands provide the four-tool session bridge, state, dispatch, adapters, event synchronization, generation-safe notification waiting, watchdog recovery, verification, and evidence.
|
|
31
|
+
- V1 adds no daemon, database, framework, webhook listener, custom mux library, tracked shell automation, or general workflow engine.
|
|
32
|
+
- A team is only a group of executor dispatches. V1 uses one deterministic review gate followed by one fresh structured cross-engine grade; teams add no second verifier/model-review lane.
|
|
33
|
+
|
|
34
|
+
## Authority boundary
|
|
35
|
+
|
|
36
|
+
The conductor may prioritize eligible tickets, select configured roles/lanes, ask for advice or grading, launch/observe/park/resume/stop workers through OMS, and select a legal retry or escalation.
|
|
37
|
+
|
|
38
|
+
The conductor may not edit product code or canonical state, modify durable policy, widen goal scope silently, introduce providers/models/credentials/spend classes, issue raw tmux commands, override verification or stale authority, exceed attempts/budget, merge, publish, release, or claim stability. It has no Edit/Write permission. Freeform goal and task proposals use only the two proposal tools; worker lifecycle and team grouping use the two narrow control tools with opaque canonical IDs. All other access is read-only diagnostics.
|
|
39
|
+
|
|
40
|
+
Workers may mutate only their isolated ticket worktrees and may acknowledge/return results only for their dispatch. They cannot write goal, verification, trust, queue, merge, or release authority.
|
|
41
|
+
|
|
42
|
+
OMS owns durable goal, ticket, lease, dispatch, worker/session, event, quota, verification, evidence, attempt, audit, and human-hold state.
|
|
43
|
+
|
|
44
|
+
## State semantics
|
|
45
|
+
|
|
46
|
+
- Agent activity: `idle | working | blocked | done`
|
|
47
|
+
- Agent health: `healthy | parked | stalled | stopped`
|
|
48
|
+
- Ticket lifecycle: `pending | leased | running | verifying | completed | retryable | parked | blocked`
|
|
49
|
+
|
|
50
|
+
`agent=done` means one schema-valid result receipt bound to the current goal, dispatch, attempt, lease, session, worktree, and commit arrived. It moves the ticket to `verifying`; only protected deterministic evidence plus the mandatory opposite-engine grade may complete it.
|
|
51
|
+
|
|
52
|
+
## Security boundary
|
|
53
|
+
|
|
54
|
+
- Raw issue, comment, review, provider, hook, pane, and model text is untrusted content and never becomes a command or authority.
|
|
55
|
+
- Freeform goal/task text crosses only the two proposal tools. CD-01 can mutate only goal authority while dispatch remains `dispatch-not-enabled`; CD-02 activates dispatch; CD-03 adds two schema-bound lifecycle/team controls that accept canonical IDs and bounded control fields. The bridge rejects oversize/non-schema input, stale authority, capability expansion, changed identity, and replay before canonical mutation and exposes no ambient filesystem/shell/provider/GitHub/verification/merge/release capability.
|
|
56
|
+
- Dispatch, hook, event, result, and evidence identities are replay-safe and exact-version bound.
|
|
57
|
+
- One expected-version/nonce waiter generation is active per conductor session/process. Dead-waiter recovery is watchdog-owned; duplicate recovery, PID reuse, unsafe resume, or lost notification fails visible rather than widening authority.
|
|
58
|
+
- Hook completion is observational only. Missing/stale/cross-dispatch result receipts cannot create `done` or `verifying` state regardless of event order.
|
|
59
|
+
- Pane text and sentinels are diagnostic only.
|
|
60
|
+
- Candidate code cannot replace the installed verifier, frozen plan, policy snapshot, or evidence writer.
|
|
61
|
+
- Unknown provider/auth/billing/version eligibility, credential widening, stale authority, or deterministic failure stops the path.
|
|
62
|
+
- Hook/receipt evidence proves the documented local OMS continuity boundary, not cryptographic provider attestation.
|
|
63
|
+
|
|
64
|
+
## Alternatives
|
|
65
|
+
|
|
66
|
+
### Human starts every worker
|
|
67
|
+
|
|
68
|
+
Rejected. It preserves a narrow operator boundary but fails the intended experience that the human starts only the conductor.
|
|
69
|
+
|
|
70
|
+
### Raw conductor-driven tmux commands
|
|
71
|
+
|
|
72
|
+
Rejected. It exposes brittle TUI transport and injection risk as public authority. OMS adapters may use tmux internally with typed validated inputs.
|
|
73
|
+
|
|
74
|
+
### Path-scoped proposal files
|
|
75
|
+
|
|
76
|
+
Rejected. A session-scoped stdio bridge keeps Edit/Write entirely disabled and passes freeform proposal fields through native JSON tool input instead of relying on dynamic filesystem permissions.
|
|
77
|
+
|
|
78
|
+
### Custom orchestration service
|
|
79
|
+
|
|
80
|
+
Rejected. Native CLIs, skills, one-shot commands, tmux, hooks, and user schedulers cover v1.
|
|
81
|
+
|
|
82
|
+
### Webhook server
|
|
83
|
+
|
|
84
|
+
Deferred. Sixty-second polling with durable watermarks is sufficient for v1 and avoids a listener/secret/deployment boundary.
|
|
85
|
+
|
|
86
|
+
### Automatic merge or release
|
|
87
|
+
|
|
88
|
+
Rejected for v1. It requires endurance evidence, explicit trust policy, and a separate reviewed ADR.
|
|
89
|
+
|
|
90
|
+
## Consequences
|
|
91
|
+
|
|
92
|
+
- The first human action remains explicit and visible.
|
|
93
|
+
- The conductor can behave agentically without owning deterministic authority.
|
|
94
|
+
- OMS must keep the four-tool session bridge narrow, implement one generation-safe event waiter with watchdog-owned recovery, and retain small provider/pane and schedule boundaries.
|
|
95
|
+
- The operator-originated OMS-managed interactive worker policy must be checked against current official provider policy and CLI behavior; it remains distinct from headless/unattended eligibility and fails closed when uncertain.
|
|
96
|
+
- Long runs depend on durable state, hooks, polling, and recovery rather than model context.
|
|
97
|
+
- A successful run ends at a verified review-ready PR and negative-only release assessment.
|
|
98
|
+
|
|
99
|
+
## Follow-ups
|
|
100
|
+
|
|
101
|
+
- Promote this ADR and add a regression test in CD-01.
|
|
102
|
+
- Consider webhooks, additional schedulers, automatic merge, package release, or unattended credential lanes only through separate reviewed changes after the 12-hour and fresh 24-hour proofs.
|
|
@@ -0,0 +1,59 @@
|
|
|
1
|
+
# ADR: Mandatory Pre-Dispatch Advice Authority
|
|
2
|
+
|
|
3
|
+
Status: Accepted on 2026-07-13.
|
|
4
|
+
|
|
5
|
+
## Context
|
|
6
|
+
|
|
7
|
+
ADR 0002 established a read-only conductor and typed dispatch boundary, but an
|
|
8
|
+
instruction to request advice was only prompt policy. Prompt policy cannot prove
|
|
9
|
+
that a fresh advisor reviewed the exact executor-affecting intent, prevent advice
|
|
10
|
+
from being reused after a change, or stop direct dispatch when the advisor
|
|
11
|
+
recommends revision or vetoes the work.
|
|
12
|
+
|
|
13
|
+
OMS needs mandatory cross-engine advice without adding a daemon, a generic
|
|
14
|
+
command tool, or model-owned authority.
|
|
15
|
+
|
|
16
|
+
## Decision
|
|
17
|
+
|
|
18
|
+
1. The conductor bridge exposes version-bound `mcp__oms__prepare_dispatch`
|
|
19
|
+
followed by distinct `mcp__oms__advise_dispatch` before
|
|
20
|
+
`mcp__oms__propose_dispatch`. The complete bridge has seven narrow tools.
|
|
21
|
+
2. Advice accepts the distinct dispatch-intent schema. OMS canonicalizes every
|
|
22
|
+
executor-affecting field, including the operation nonce, and computes the
|
|
23
|
+
exact SHA-256 digest.
|
|
24
|
+
3. A fresh Codex contact requires a separate human-confirmed pre-dispatch-advice
|
|
25
|
+
authorization bound to the live-delivery authorization, conductor session,
|
|
26
|
+
and repository. OMS journals the contact before launching the provider.
|
|
27
|
+
4. Model output contains only the intent digest, `approve | revise | veto`,
|
|
28
|
+
summary, recommendations, and risks. OMS owns provider-request,
|
|
29
|
+
fresh-session, contact-reference, and authorization identities and mints the
|
|
30
|
+
protected immutable evidence.
|
|
31
|
+
5. Advice operations persist `prepared -> contacting -> completed | blocked`.
|
|
32
|
+
The contacting claim includes its OMS Linux process identity (PID, boot ID,
|
|
33
|
+
and process start ticks). A live owner remains in progress without mutation;
|
|
34
|
+
a dead, restarted, or PID-reused owner is ambiguous and never causes an
|
|
35
|
+
automatic second provider launch. At most three unique intents may be
|
|
36
|
+
advised for one ticket attempt. Only one intent for that ticket attempt and
|
|
37
|
+
lease may be prepared or contacting at a time.
|
|
38
|
+
A veto is terminal for the ticket attempt and lease. After `revise`, another
|
|
39
|
+
contact requires a substantive canonical-intent change; changing only the
|
|
40
|
+
operation nonce is not a revision.
|
|
41
|
+
6. Dispatch admission recomputes the intent digest and requires exact immutable
|
|
42
|
+
`approve` evidence for the unchanged ticket and intent before creating a
|
|
43
|
+
dispatch record, worker reservation, or delivery event.
|
|
44
|
+
7. The accepted dispatch stores the intent digest and evidence reference.
|
|
45
|
+
Worker delivery independently validates both before any provider probe or
|
|
46
|
+
pane creation. Historical resolved records remain readable; unresolved
|
|
47
|
+
historical records without this authority cannot advance.
|
|
48
|
+
|
|
49
|
+
## Consequences
|
|
50
|
+
|
|
51
|
+
- Advice is mandatory authority, not an optional prompt convention.
|
|
52
|
+
- Any substantively revised intent requires fresh advice; veto, nonce-only
|
|
53
|
+
resubmission, missing evidence, tampering, replay ambiguity, or changed
|
|
54
|
+
authority fails closed.
|
|
55
|
+
- Deterministic verification remains the final vote after execution, and the
|
|
56
|
+
opposite-engine grader remains supplemental.
|
|
57
|
+
- The conductor remains read-only and agentic through seven narrow tools. OMS
|
|
58
|
+
still adds no daemon, generic workflow engine, shell tool, or merge/release
|
|
59
|
+
authority.
|
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
# Claude Code 2.1.207 conductor compatibility proof
|
|
2
|
+
|
|
3
|
+
Date: 2026-07-11
|
|
4
|
+
Scope: CD-01, human-started interactive conductor only
|
|
5
|
+
|
|
6
|
+
## Environment
|
|
7
|
+
|
|
8
|
+
- Claude Code `2.1.207` using first-party Claude Max subscription auth
|
|
9
|
+
- tmux `3.6`
|
|
10
|
+
- OMS launched with `bin/oms conductor start`; no print/headless Claude mode
|
|
11
|
+
- Model resolved from policy to Opus; Fable was shown only as an optional Claude UI notice and was not selected
|
|
12
|
+
|
|
13
|
+
## Observed results
|
|
14
|
+
|
|
15
|
+
1. The command created the `oms:conductor` pane and attached an interactive TTY.
|
|
16
|
+
2. `/mcp` showed exactly one server, `oms`, connected with two tools. The launch uses `--strict-mcp-config` and `--no-chrome`.
|
|
17
|
+
3. `propose_goal` persisted a version-0 canonical goal containing repository/queue scope, stopping condition, `until-empty`, `subscription-only`, `default`, and a stable nonce.
|
|
18
|
+
4. The literal objective text `$(touch /tmp/oms-conductor-injection)` remained data. The named file was not created.
|
|
19
|
+
5. A schema-valid `propose_dispatch` call returned `{"status":"dispatch-not-enabled"}` and created no ticket, lease, worker, or worktree state.
|
|
20
|
+
6. After killing and recreating the tmux session, `oms conductor start` reused the persisted Claude session UUID and resumed the prior conversation.
|
|
21
|
+
7. The launch advertises only `Read`, `Glob`, `Grep`, `mcp__oms__propose_goal`, and `mcp__oms__propose_dispatch`; provider-plan tests reject Edit, Write, Bash, raw tmux, web, agent, print, and background authority.
|
|
22
|
+
|
|
23
|
+
The smoke exposed one real-client detail before passing: Claude Code includes an MCP `_meta` envelope on tool calls. OMS now accepts that protocol metadata while continuing to validate the tool payload against a closed schema.
|
|
24
|
+
|
|
25
|
+
This is compatibility evidence for the pinned version, not a general certification of later Claude Code versions, billing behavior, unattended execution, worker dispatch, merge, or release readiness.
|
package/loop/contract.md
ADDED
|
@@ -0,0 +1,102 @@
|
|
|
1
|
+
# OMS Runtime Contract
|
|
2
|
+
|
|
3
|
+
This contract describes the implemented local TypeScript control plane. It does
|
|
4
|
+
not certify a live provider run, unattended endurance, or production readiness.
|
|
5
|
+
|
|
6
|
+
## MUST
|
|
7
|
+
|
|
8
|
+
- Keep `.agents/` as the tracked source of truth and preserve user-owned text
|
|
9
|
+
around generated managed blocks.
|
|
10
|
+
- Keep runtime automation in Node.js/TypeScript; do not add tracked shell
|
|
11
|
+
automation scripts as an orchestration layer.
|
|
12
|
+
- Initialize runtime data only below one validated absolute state root with
|
|
13
|
+
restrictive permissions. Make `init` idempotent and read-only surfaces
|
|
14
|
+
non-creating.
|
|
15
|
+
- Keep `doctor`, `verify`, tests, HUD, release status, and the local trace fixture
|
|
16
|
+
offline and deterministic.
|
|
17
|
+
- Keep raw ticket content in immutable blobs and pass only opaque IDs or
|
|
18
|
+
absolute file paths across process and future tmux boundaries.
|
|
19
|
+
- Require expected versions, attempts, actors, operation nonces, and lease
|
|
20
|
+
tokens at ticket mutation boundaries.
|
|
21
|
+
- Validate exact event schemas and consume immutable outbox events through
|
|
22
|
+
idempotent per-consumer receipts.
|
|
23
|
+
- Bind session and quota changes to canonical hook events, session versions,
|
|
24
|
+
timestamps, policy identity, and active ticket authority.
|
|
25
|
+
- Let deterministic verification vote before and finally; treat grader output as
|
|
26
|
+
supplemental evidence only.
|
|
27
|
+
- Keep trust reports review-only and derive canonical trust runs only from live,
|
|
28
|
+
ticket-bound deterministic evidence.
|
|
29
|
+
- Keep one canonical OMS goal record; treat native goal, Team, Ultragoal, HUD,
|
|
30
|
+
and report state as checkpoint evidence or projections.
|
|
31
|
+
- Persist audit manifests, conductor decisions, goal artifacts, Team plans, and
|
|
32
|
+
service plans immutably and reject conflicting replay.
|
|
33
|
+
- Freeze complete ticket admission identity before starting an audit; require
|
|
34
|
+
immutable completion evidence, continuity-safe run events, and an explicit
|
|
35
|
+
exact-generation operation for crashed controller-lock recovery.
|
|
36
|
+
- Keep the initial conductor session human-started. Launch executor panes only
|
|
37
|
+
from accepted dispatch delivery after fresh policy, provider, ticket, and
|
|
38
|
+
worktree checks.
|
|
39
|
+
- Admit open ready GitHub tickets before notifying the conductor. Keep role,
|
|
40
|
+
model, task, and routing judgment in the conductor skill, not the admission
|
|
41
|
+
command.
|
|
42
|
+
- Journal every authorized provider/GitHub contact before contact. After a
|
|
43
|
+
protected pass, permit only the fixed secret-scanned non-force branch and
|
|
44
|
+
draft-PR handoff, then wait for typed PR/check events before
|
|
45
|
+
`READY_FOR_HUMAN`.
|
|
46
|
+
- Keep all merge dispositions on human hold and release status fixed to the
|
|
47
|
+
negative-only `not_stable` schema.
|
|
48
|
+
- Require a named live confirmation to persist contact/spend disclosure before
|
|
49
|
+
any provider or GitHub contact.
|
|
50
|
+
|
|
51
|
+
## MUST NOT
|
|
52
|
+
|
|
53
|
+
- Contact a provider or GitHub from `doctor`, `verify`, tests, HUD, release
|
|
54
|
+
status, the trace fixture, or any command without an explicit named live
|
|
55
|
+
confirmation.
|
|
56
|
+
- Use interactive panes to evade metering, authentication, usage limits, or
|
|
57
|
+
provider policy.
|
|
58
|
+
- Evaluate untrusted text or send raw issue/model content as tmux keystrokes,
|
|
59
|
+
shell source, service-manager source, a branch name, or a path.
|
|
60
|
+
- Let an unaccepted conductor decision invoke a provider, pass untrusted content
|
|
61
|
+
through tmux keys, or claim delivery without a bound receipt.
|
|
62
|
+
- Install, enable, start, stop, or remove generated cron, systemd, or launchd
|
|
63
|
+
artifacts.
|
|
64
|
+
- Send Slack messages or interpret a request-only event as delivery evidence.
|
|
65
|
+
- Let the watchdog resume quota-parked work, retry an external provider, or
|
|
66
|
+
convert a stall report into success.
|
|
67
|
+
- Let a grader, trust assessment, HUD, Team plan, or goal projection grant queue,
|
|
68
|
+
execution, release, or merge authority.
|
|
69
|
+
- Claim a live GitHub ticket, elapsed canary, provider session, executor-group
|
|
70
|
+
checkpoint, or stable release without independent matching
|
|
71
|
+
evidence.
|
|
72
|
+
- Merge automatically, overwrite active queue state from GitHub, or parse a
|
|
73
|
+
positive release state in the current release.
|
|
74
|
+
- Mark a draft ready-for-review, merge, force-push, tag, publish, or release
|
|
75
|
+
through the review-delivery path.
|
|
76
|
+
|
|
77
|
+
## IMPLEMENTATION DONE WHEN
|
|
78
|
+
|
|
79
|
+
- `make verify` passes from a clean checkout with no network or provider call.
|
|
80
|
+
- Unsafe state roots are rejected and read-only commands do not create missing
|
|
81
|
+
runtime state.
|
|
82
|
+
- Generated `AGENTS.md`, `CLAUDE.md`, native agents, and skills are idempotent
|
|
83
|
+
while preserving user-owned content.
|
|
84
|
+
- The offline ticket fixture reaches human-held completion with deterministic
|
|
85
|
+
evidence before supplemental grading and without tracked source mutation.
|
|
86
|
+
- Duplicate hook, outbox, queue, scheduler, watchdog, audit, goal, trust, and
|
|
87
|
+
Team operations replay or fail closed according to their authority.
|
|
88
|
+
- Service artifacts are generated immutably but never installed; audit runs and
|
|
89
|
+
conductor routes remain truthful about whether an accepted dispatch produced
|
|
90
|
+
a provider delivery receipt.
|
|
91
|
+
- HUD and release status remain read-only and report `not_stable`.
|
|
92
|
+
- Runtime, secret, temporary, and log files remain untracked.
|
|
93
|
+
|
|
94
|
+
## RELEASE REMAINS BLOCKED UNTIL
|
|
95
|
+
|
|
96
|
+
- one real live GitHub ticket has reviewed evidence;
|
|
97
|
+
- an elapsed 12-hour canary and a fresh elapsed 24-hour canary have reviewed
|
|
98
|
+
evidence;
|
|
99
|
+
- a real executor-group delivery plus normal per-ticket deterministic checks and
|
|
100
|
+
opposite-engine grade are captured; and
|
|
101
|
+
- a future reviewed positive-release design, if one is wanted, explicitly
|
|
102
|
+
grants authority. The current implementation intentionally cannot do so.
|
package/package.json
ADDED
|
@@ -0,0 +1,54 @@
|
|
|
1
|
+
{
|
|
2
|
+
"name": "oh-my-super-agent",
|
|
3
|
+
"version": "0.1.0",
|
|
4
|
+
"description": "A simple-first harness for supported Claude Code and Codex CLI ticket workflows.",
|
|
5
|
+
"type": "module",
|
|
6
|
+
"homepage": "https://www.npmjs.com/package/oh-my-super-agent",
|
|
7
|
+
"publishConfig": {
|
|
8
|
+
"access": "public"
|
|
9
|
+
},
|
|
10
|
+
"exports": {},
|
|
11
|
+
"bin": {
|
|
12
|
+
"oh-my-super-agent": "dist/src/cli.js",
|
|
13
|
+
"oms": "dist/src/cli.js"
|
|
14
|
+
},
|
|
15
|
+
"files": [
|
|
16
|
+
".agents",
|
|
17
|
+
"dist",
|
|
18
|
+
"docs/ARCHITECTURE.md",
|
|
19
|
+
"docs/PLAN.md",
|
|
20
|
+
"docs/REFERENCES.md",
|
|
21
|
+
"docs/ROADMAP.md",
|
|
22
|
+
"docs/SECURITY.md",
|
|
23
|
+
"docs/adr",
|
|
24
|
+
"docs/compatibility",
|
|
25
|
+
"loop",
|
|
26
|
+
"schemas",
|
|
27
|
+
"LICENSE",
|
|
28
|
+
"README.md"
|
|
29
|
+
],
|
|
30
|
+
"scripts": {
|
|
31
|
+
"build": "tsc -p tsconfig.json",
|
|
32
|
+
"typecheck": "tsc -p tsconfig.test.json --noEmit",
|
|
33
|
+
"test": "npm run build && vitest run",
|
|
34
|
+
"verify": "npm run typecheck && npm test && node dist/src/cli.js verify",
|
|
35
|
+
"prepack": "npm run build",
|
|
36
|
+
"prepublishOnly": "npm run verify"
|
|
37
|
+
},
|
|
38
|
+
"engines": {
|
|
39
|
+
"node": ">=20"
|
|
40
|
+
},
|
|
41
|
+
"keywords": [
|
|
42
|
+
"agents",
|
|
43
|
+
"claude-code",
|
|
44
|
+
"codex",
|
|
45
|
+
"orchestration",
|
|
46
|
+
"tmux"
|
|
47
|
+
],
|
|
48
|
+
"license": "MIT",
|
|
49
|
+
"devDependencies": {
|
|
50
|
+
"@types/node": "^26.0.1",
|
|
51
|
+
"typescript": "^6.0.3",
|
|
52
|
+
"vitest": "^4.1.9"
|
|
53
|
+
}
|
|
54
|
+
}
|