speexor 0.1.0 → 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/API-REFERENCE.md +96 -1
- package/ARCHITECTURE.md +84 -33
- package/BENCHMARKS.md +52 -0
- package/CHANGELOG.md +35 -4
- package/CODE-OF-CONDUCT.md +83 -83
- package/CONTRIBUTING.md +98 -98
- package/FAQ.md +105 -105
- package/GLOSSARY.md +33 -0
- package/LICENSE.md +21 -21
- package/PUBLISH.md +77 -77
- package/README.md +222 -8
- package/REFACTOR-LOG.md +40 -40
- package/ROADMAP.md +37 -15
- package/SECURITY-DEFAULTS.md +118 -0
- package/SECURITY.md +79 -79
- package/SUMMARY.md +31 -8
- package/TESTING.md +140 -140
- package/dist/{agent-5D3BVWNK.js → agent-D4BRWEOZ.js} +4 -4
- package/dist/agent-D4BRWEOZ.js.map +1 -0
- package/dist/{chunk-2F66BZYJ.js → chunk-2DX54KIM.js} +2 -2
- package/dist/chunk-2DX54KIM.js.map +1 -0
- package/dist/{chunk-B7WLHC4W.js → chunk-7VZHDGRQ.js} +2 -2
- package/dist/chunk-7VZHDGRQ.js.map +1 -0
- package/dist/{chunk-SXALZEOJ.js → chunk-AOFWQZWY.js} +2 -2
- package/dist/chunk-AOFWQZWY.js.map +1 -0
- package/dist/cli/index.js +4 -4
- package/dist/cli/index.js.map +1 -1
- package/dist/core/index.js +1 -1
- package/dist/index.js +3 -3
- package/dist/index.js.map +1 -1
- package/dist/plugins/index.js +1 -1
- package/docs/SETUP.md +94 -94
- package/docs/TROUBLESHOOTING.md +113 -113
- package/docs/adr/0001-record-architecture-decisions.md +44 -0
- package/docs/adr/0002-plugin-architecture.md +53 -0
- package/docs/adr/0003-recursive-task-decomposition.md +57 -0
- package/docs/adr/0004-local-first-security.md +58 -0
- package/docs/adr/0005-data-directory-layout.md +69 -0
- package/examples/basic.yaml +61 -61
- package/package.json +103 -102
- package/schema/config.schema.json +119 -119
- package/speexor.config.yaml.example +30 -30
- package/dist/agent-5D3BVWNK.js.map +0 -1
- package/dist/chunk-2F66BZYJ.js.map +0 -1
- package/dist/chunk-B7WLHC4W.js.map +0 -1
- package/dist/chunk-SXALZEOJ.js.map +0 -1
package/API-REFERENCE.md
CHANGED
|
@@ -154,10 +154,56 @@ function createEventBus(): EventBus
|
|
|
154
154
|
// EventBus: { emit(event, data), on(event, handler), off(event, handler), once(event, handler) }
|
|
155
155
|
```
|
|
156
156
|
|
|
157
|
+
## SecretsVault API
|
|
158
|
+
|
|
159
|
+
```typescript
|
|
160
|
+
interface SecretsVault {
|
|
161
|
+
setSecret(scope: string, key: string, value: string): Promise<void>
|
|
162
|
+
getSecret(scope: string, key: string): Promise<string | null>
|
|
163
|
+
hasScope(scope: string): Promise<boolean>
|
|
164
|
+
grantScope(scope: string): Promise<void>
|
|
165
|
+
}
|
|
166
|
+
```
|
|
167
|
+
|
|
168
|
+
## ExtensionManager API
|
|
169
|
+
|
|
170
|
+
```typescript
|
|
171
|
+
interface ExtensionManager {
|
|
172
|
+
install(name: string, source?: string): Promise<void>
|
|
173
|
+
remove(name: string): Promise<void>
|
|
174
|
+
list(): Promise<ExtensionInfo[]>
|
|
175
|
+
search(query: string): Promise<ExtensionInfo[]>
|
|
176
|
+
verifyInstall(name: string): Promise<{ valid: boolean; checksum: string }>
|
|
177
|
+
}
|
|
178
|
+
```
|
|
179
|
+
|
|
180
|
+
## GovernanceEngine API
|
|
181
|
+
|
|
182
|
+
```typescript
|
|
183
|
+
interface GovernanceEngine {
|
|
184
|
+
evaluateTaskProposal(task: AgentTask): Promise<ApprovalDecision>
|
|
185
|
+
evaluateAction(action: ActionProposal): Promise<ApprovalDecision>
|
|
186
|
+
canRollback(actionId: string): Promise<boolean>
|
|
187
|
+
executeRollback(actionId: string): Promise<void>
|
|
188
|
+
}
|
|
189
|
+
```
|
|
190
|
+
|
|
191
|
+
## Scheduler API
|
|
192
|
+
|
|
193
|
+
```typescript
|
|
194
|
+
interface Scheduler {
|
|
195
|
+
processGraph(graphId: string): Promise<void>
|
|
196
|
+
spawnNodeAgent(nodeId: string): Promise<string>
|
|
197
|
+
getStatus(): SchedulerStatus
|
|
198
|
+
start(): Promise<void>
|
|
199
|
+
stop(): Promise<void>
|
|
200
|
+
}
|
|
201
|
+
```
|
|
202
|
+
|
|
157
203
|
## Configuration Schema
|
|
158
204
|
|
|
159
205
|
```yaml
|
|
160
|
-
version: "
|
|
206
|
+
version: "5"
|
|
161
207
|
projects:
|
|
162
208
|
- name: <string>
|
|
163
209
|
repository: <string>
|
|
@@ -177,6 +223,35 @@ projects:
|
|
|
177
223
|
scm?: string
|
|
178
224
|
runtime?: string
|
|
179
225
|
notifier?: string
|
|
226
|
+
decomposition?:
|
|
227
|
+
maxTaskGraphDepth?: <number> # default: 3
|
|
228
|
+
maxAgentSpawnDepth?: <number> # default: 5
|
|
229
|
+
plannerProvider?: <string>
|
|
230
|
+
scheduler?:
|
|
231
|
+
maxConcurrentAgents?: <number> # default: 4
|
|
232
|
+
retryOnFailure?: <boolean> # default: true
|
|
233
|
+
providerFallbackChain?: <string[]>
|
|
234
|
+
worktreeHierarchy?:
|
|
235
|
+
pinToCommitHash?: <boolean> # default: false
|
|
236
|
+
serializeMerges?: <boolean> # default: true
|
|
237
|
+
conflictEscalatesToApproval?: <boolean> # default: true
|
|
238
|
+
governance?:
|
|
239
|
+
autoApproveProposedTasks?: <boolean> # default: false
|
|
240
|
+
autoApproveCategories?: <string[]>
|
|
241
|
+
riskPolicy?:
|
|
242
|
+
autoApprove?: <string[]> # risk categories auto-approved
|
|
243
|
+
requireApproval?: <string[]> # risk categories requiring approval
|
|
244
|
+
approvalTimeout?: <number> # seconds, default: 300
|
|
245
|
+
budgetLimitUSD?: <number>
|
|
246
|
+
extensions?:
|
|
247
|
+
marketplaceIndex?: <string>
|
|
248
|
+
permissionsMode?: "strict" | "permissive"
|
|
249
|
+
security?:
|
|
250
|
+
secretsBackend?: "keychain" | "credential-manager" | "encrypted-file"
|
|
251
|
+
encryptAtRest?: <boolean>
|
|
252
|
+
sandboxModel?: "vm" | "worker-threads" | "docker"
|
|
253
|
+
performance?:
|
|
254
|
+
workerThreadPoolSize?: <number> # default: 4
|
|
180
255
|
```
|
|
181
256
|
|
|
182
257
|
## Dashboard API
|
|
@@ -187,6 +262,18 @@ projects:
|
|
|
187
262
|
| GET | `/api/projects` | Project configurations |
|
|
188
263
|
| GET | `/api/sessions` | Active sessions, worktrees, runtimes |
|
|
189
264
|
| GET | `/api/health` | Health check with memory stats |
|
|
265
|
+
| GET | `/api/task-graphs` | All task graphs |
|
|
266
|
+
| GET | `/api/task-graphs/:id` | Single task graph with nodes |
|
|
267
|
+
| GET | `/api/task-graphs/:id/nodes/:nodeId` | Task node detail with agent, skills, commands |
|
|
268
|
+
| GET | `/api/approvals` | Pending and all approvals |
|
|
269
|
+
| POST | `/api/approvals/:id/approve` | Approve an approval item |
|
|
270
|
+
| POST | `/api/approvals/:id/reject` | Reject an approval item |
|
|
271
|
+
| POST | `/api/approvals/:id/rollback` | Rollback an approved action |
|
|
272
|
+
| GET | `/api/decision-log` | Decision log entries |
|
|
273
|
+
| GET | `/api/activity-feed` | Live agent activity feed |
|
|
274
|
+
| GET | `/api/cost` | Cost data by provider/project/task node |
|
|
275
|
+
| GET | `/api/eval/calibration` | Confidence calibration report |
|
|
276
|
+
| GET | `/api/events` | SSE event stream (real-time updates) |
|
|
190
277
|
| GET | `/` or `/dashboard` | HTML dashboard UI |
|
|
191
278
|
|
|
192
279
|
## CLI Reference
|
|
@@ -199,3 +286,11 @@ projects:
|
|
|
199
286
|
| `speexor stop <session-id>` | Stop agent session |
|
|
200
287
|
| `speexor logs <session-id>` | Tail session logs |
|
|
201
288
|
| `speexor config-help` | Print config schema |
|
|
289
|
+
| `speexor task submit <description>` | Submit high-level task for recursive decomposition |
|
|
290
|
+
| `speexor ext search <query>` | Search extension marketplace |
|
|
291
|
+
| `speexor ext install <name>` | Install extension with permission confirmation |
|
|
292
|
+
| `speexor ext list` | List installed extensions |
|
|
293
|
+
| `speexor ext update [name]` | Update extension(s) |
|
|
294
|
+
| `speexor ext remove <name>` | Remove extension |
|
|
295
|
+
| `speexor config validate` | Validate config schema, run migration if needed |
|
|
296
|
+
| `speexor eval decisions` | Run decision quality evaluation and calibration report |
|
package/ARCHITECTURE.md
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
# Speexor Architecture
|
|
2
2
|
|
|
3
|
-
**Version:** 0.1.0 — **Package:**
|
|
3
|
+
**Version:** 0.1.0 — **Package:** `speexor`
|
|
4
4
|
|
|
5
5
|
---
|
|
6
6
|
|
|
@@ -21,26 +21,37 @@ Speexor (Agent Orchestrator) is a plugin-based, agent-agnostic orchestrator for
|
|
|
21
21
|
## 2. High-Level Architecture
|
|
22
22
|
|
|
23
23
|
```
|
|
24
|
-
|
|
25
|
-
│
|
|
26
|
-
│ start | agent spawn | list | stop | logs |
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
│
|
|
34
|
-
│
|
|
35
|
-
│
|
|
36
|
-
│
|
|
37
|
-
│
|
|
38
|
-
│
|
|
39
|
-
│
|
|
40
|
-
│
|
|
41
|
-
│ │
|
|
42
|
-
│
|
|
43
|
-
|
|
24
|
+
┌──────────────────────────────────────────────────────────────────────────┐
|
|
25
|
+
│ CLI (Commander) │
|
|
26
|
+
│ start | agent spawn | task submit | list | stop | logs | │
|
|
27
|
+
│ ext (search/install/list/update/remove) | config (validate/help) | │
|
|
28
|
+
│ eval decisions | config-help │
|
|
29
|
+
└────────────────────────────┬─────────────────────────────────────────────┘
|
|
30
|
+
│
|
|
31
|
+
▼
|
|
32
|
+
┌──────────────────────────────────────────────────────────────────────────┐
|
|
33
|
+
│ SpeexorLifecycle │
|
|
34
|
+
│ │
|
|
35
|
+
│ ┌──────────┐ ┌──────────┐ ┌──────────┐ ┌────────────────────────┐ │
|
|
36
|
+
│ │ Plugin │ │ Plugin │ │ Plugin │ │ Session Manager │ │
|
|
37
|
+
│ │ Registry │ │ Loader │ │ Context │ │ (in-memory Map) │ │
|
|
38
|
+
│ └────┬─────┘ └────┬─────┘ └────┬─────┘ └────────────────────────┘ │
|
|
39
|
+
│ │ │ │ │
|
|
40
|
+
│ ▼ ▼ ▼ │
|
|
41
|
+
│ ┌──────────────────────────────────────────────────────────────────┐ │
|
|
42
|
+
│ │ EventBus │ │
|
|
43
|
+
│ │ (EventEmitter3 wrapper) │ │
|
|
44
|
+
│ └──────────────────────────────────────────────────────────────────┘ │
|
|
45
|
+
│ │
|
|
46
|
+
│ ┌──────────────────────────────────────────────────────────────────┐ │
|
|
47
|
+
│ │ v2 Core Components │ │
|
|
48
|
+
│ │ PlannerEngine | TaskGraphManager | Scheduler │ │
|
|
49
|
+
│ │ GovernanceEngine | ApprovalManager | CostTracker │ │
|
|
50
|
+
│ │ SecretsVault | ExtensionRegistry | SkillWrapper │ │
|
|
51
|
+
│ │ DecisionEvaluator | SessionGuard | DashboardState │ │
|
|
52
|
+
│ │ WorktreeHierarchyProtocol │ │
|
|
53
|
+
│ └──────────────────────────────────────────────────────────────────┘ │
|
|
54
|
+
└──────────────────────────────────────────────────────────────────────────┘
|
|
44
55
|
│ │ │ │
|
|
45
56
|
▼ ▼ ▼ ▼
|
|
46
57
|
┌─────────────┐ ┌──────────┐ ┌──────────┐ ┌──────────────────┐
|
|
@@ -48,13 +59,14 @@ Speexor (Agent Orchestrator) is a plugin-based, agent-agnostic orchestrator for
|
|
|
48
59
|
│ Adapters │ │ Adapters │ │ Adapters │ │ Adapters│Adapt. │
|
|
49
60
|
│ (4 impls) │ │ (2 impls)│ │ (1 impl) │ │ (1 impl)│(1impl)│
|
|
50
61
|
└─────────────┘ └──────────┘ └──────────┘ └──────────────────┘
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
│ Dashboard Server (Node.js HTTP)
|
|
55
|
-
│ /api/status | /api/projects | /api/sessions | /api/health | /
|
|
56
|
-
│ (4 JSON endpoints + single-page HTML dashboard, auto-refresh 5s)
|
|
57
|
-
|
|
62
|
+
│
|
|
63
|
+
▼
|
|
64
|
+
┌──────────────────────────────────────────────────────────────────────────┐
|
|
65
|
+
│ Dashboard Server (Node.js HTTP) │
|
|
66
|
+
│ /api/status | /api/projects | /api/sessions | /api/health | / │
|
|
67
|
+
│ (4 JSON endpoints + single-page HTML dashboard, auto-refresh 5s) │
|
|
68
|
+
│ v2 panels: Task Tree | Fleet | Approvals | Cost │
|
|
69
|
+
└──────────────────────────────────────────────────────────────────────────┘
|
|
58
70
|
```
|
|
59
71
|
|
|
60
72
|
The lifecycle is the central orchestrator. It holds a plugin registry (keyed by slot), an in-memory session map, and the EventBus. Plugins are loaded via `loadAllPlugins()`, registered by slot, and collaborate through the shared `PluginContext` (config + EventBus + logger).
|
|
@@ -188,7 +200,7 @@ interface TerminalPlugin extends PluginModule {
|
|
|
188
200
|
|
|
189
201
|
## 4. Plugin Implementations
|
|
190
202
|
|
|
191
|
-
The built-in registry (`src/plugins/index.ts`) includes
|
|
203
|
+
The built-in registry (`src/plugins/index.ts`) includes 13+ implementations loaded at startup:
|
|
192
204
|
|
|
193
205
|
| Plugin | Class | Slot | Dependencies |
|
|
194
206
|
|--------|-------|------|-------------|
|
|
@@ -202,6 +214,9 @@ The built-in registry (`src/plugins/index.ts`) includes 10 implementations loade
|
|
|
202
214
|
| GitHub Tracker | `GitHubTracker` | tracker | `gh` CLI |
|
|
203
215
|
| GitHub SCM | `GitHubSCM` | scm | `gh` CLI |
|
|
204
216
|
| Desktop Notifier | `DesktopNotifier` | notifier | osascript / PowerShell / notify-send |
|
|
217
|
+
| ECC Skill | `EccSkillPlugin` | agent | ECC skill folders |
|
|
218
|
+
| Affaan M Skill | `AffaanSkillPlugin` | agent | affaan-m skill folders |
|
|
219
|
+
| Extension Manager | `ExtensionManagerPlugin` | agent | extension registry |
|
|
205
220
|
|
|
206
221
|
**Runtime fallback logic:** The loader registers both `TmuxRuntime` and `ProcessRuntime`. `TmuxRuntime.initialize()` throws if `tmux` is not available; lifecycle initialization failure is caught per-plugin, allowing `ProcessRuntime` to serve as the fallback on Windows.
|
|
207
222
|
|
|
@@ -236,7 +251,10 @@ speexor start <repo-url>
|
|
|
236
251
|
│ ├─ new GitWorktreeWorkspace()
|
|
237
252
|
│ ├─ new GitHubTracker()
|
|
238
253
|
│ ├─ new GitHubSCM()
|
|
239
|
-
│
|
|
254
|
+
│ ├─ new DesktopNotifier()
|
|
255
|
+
│ ├─ new EccSkillPlugin()
|
|
256
|
+
│ ├─ new AffaanSkillPlugin()
|
|
257
|
+
│ └─ new ExtensionManagerPlugin()
|
|
240
258
|
│
|
|
241
259
|
├─ 6. for each plugin → lifecycle.registerPlugin(plugin)
|
|
242
260
|
│ └─ plugin slot → Map<PluginSlot, PluginModule[]>
|
|
@@ -423,6 +441,9 @@ Retries are tracked per `issueId:eventType` key in a `Map<string, number>`. Once
|
|
|
423
441
|
| `GET` | `/api/projects` | All configured projects with provider routing |
|
|
424
442
|
| `GET` | `/api/sessions` | Active agent sessions, worktrees, runtimes |
|
|
425
443
|
| `GET` | `/api/health` | Health check with memory usage and timestamp |
|
|
444
|
+
| `GET` | `/api/tasks` | Task graph tree (v2) |
|
|
445
|
+
| `GET` | `/api/approvals` | Pending/approved/rejected approvals (v2) |
|
|
446
|
+
| `GET` | `/api/costs` | Cost breakdown by provider/project/node (v2) |
|
|
426
447
|
| `GET` | `/` or `/dashboard` | Single-page HTML dashboard |
|
|
427
448
|
|
|
428
449
|
All JSON endpoints return CORS headers (`Access-Control-Allow-Origin: *`).
|
|
@@ -435,7 +456,8 @@ The dashboard is served as an inline HTML string from `DashboardServer.serveDash
|
|
|
435
456
|
- **Stat cards**: project count, active agents, system status, uptime
|
|
436
457
|
- **Projects table**: name, repository, primary agent, fallback agents
|
|
437
458
|
- **Sessions table**: session ID, task, provider, status, start time
|
|
438
|
-
- **
|
|
459
|
+
- **v2 Panels**: Task Tree, Fleet, Approvals, Cost (toggleable)
|
|
460
|
+
- **Auto-refresh**: polls all JSON endpoints every 5 seconds via `setInterval`
|
|
439
461
|
- **No build step** — single HTML file with embedded `<style>` and `<script>`
|
|
440
462
|
|
|
441
463
|
### 8.3 Architecture
|
|
@@ -450,13 +472,16 @@ DashboardServer
|
|
|
450
472
|
│ └─ 'session:completed' → DashboardState.removeSession()
|
|
451
473
|
│
|
|
452
474
|
├─ DashboardState (in-memory)
|
|
453
|
-
│ ├─ SpeexorState { sessions, worktrees, runtimes, projects }
|
|
475
|
+
│ ├─ SpeexorState { sessions, worktrees, runtimes, projects, taskGraph, approvals, costs }
|
|
454
476
|
│ └─ listener pattern for reactive updates
|
|
455
477
|
│
|
|
456
478
|
└─ Routes:
|
|
457
479
|
├─ /api/status → lifecycle.getStatus(), lifecycle.listSessions()
|
|
458
480
|
├─ /api/projects → lifecycle.getConfig().projects
|
|
459
481
|
├─ /api/sessions → lifecycle.listSessions()
|
|
482
|
+
├─ /api/tasks → taskGraphManager.toJSON()
|
|
483
|
+
├─ /api/approvals → approvalManager.list()
|
|
484
|
+
├─ /api/costs → costTracker.getBreakdown()
|
|
460
485
|
├─ /api/health → { status, timestamp, memory }
|
|
461
486
|
├─ / → serveDashboardHTML()
|
|
462
487
|
└─ 404 → { error: 'Not found' }
|
|
@@ -535,6 +560,28 @@ Implement `TrackerPlugin` for Jira, Linear, or GitLab issues. Implement `SCMPlug
|
|
|
535
560
|
|
|
536
561
|
---
|
|
537
562
|
|
|
563
|
+
## 11. v2 Core Components
|
|
564
|
+
|
|
565
|
+
The following components were added in v0.2.0 as Speexor's advanced orchestration layer:
|
|
566
|
+
|
|
567
|
+
| Component | Responsibility |
|
|
568
|
+
|-----------|---------------|
|
|
569
|
+
| PlannerEngine | LLM-based task decomposition, heuristic fallback |
|
|
570
|
+
| TaskGraphManager | DAG data model, topological sort, cycle detection |
|
|
571
|
+
| Scheduler | Tick-based parallel execution, retry/reassign |
|
|
572
|
+
| GovernanceEngine | Two-axis approval, duplicate detection, rollback |
|
|
573
|
+
| ApprovalManager | Approval lifecycle, expiry, default actions |
|
|
574
|
+
| CostTracker | Provider/project/node cost tracking, budget guard |
|
|
575
|
+
| SecretsVault | OS-native secure credential storage |
|
|
576
|
+
| ExtensionRegistry | Install, verify, enable/disable extensions |
|
|
577
|
+
| SkillWrapper | Auto-detect ECC/affaan-m skill folders |
|
|
578
|
+
| DecisionEvaluator | Confidence calibration, decision logging |
|
|
579
|
+
| SessionGuard | AFK auto-pause, idle timeout |
|
|
580
|
+
| WorktreeHierarchyProtocol | Fork/pin/merge subagent branches |
|
|
581
|
+
| DashboardState | Reactive state for all dashboard panels |
|
|
582
|
+
|
|
583
|
+
---
|
|
584
|
+
|
|
538
585
|
## Key Design Decisions
|
|
539
586
|
|
|
540
587
|
| Decision | Rationale |
|
|
@@ -545,4 +592,8 @@ Implement `TrackerPlugin` for Jira, Linear, or GitLab issues. Implement `SCMPlug
|
|
|
545
592
|
| Synchronous JSON state file | Simplicity — avoids database dependency for session tracking |
|
|
546
593
|
| Inline HTML dashboard | Zero build step, zero dependencies for the UI |
|
|
547
594
|
| `gh` CLI dependency | Avoids GitHub API token management; delegates auth to `gh` |
|
|
548
|
-
| Reverse-order destroy | Dependencies destroyed before dependents (terminal → notifier → scm → tracker → workspace → runtime → agent) |
|
|
595
|
+
| Reverse-order destroy | Dependencies destroyed before dependents (terminal → notifier → scm → tracker → workspace → runtime → agent) |
|
|
596
|
+
| SQLite for DAG persistence | Task graph durability without a full DBMS |
|
|
597
|
+
| OS-keychain for secrets | No .env files; credentials stored in OS secure storage |
|
|
598
|
+
| Two-axis governance | Separates approval authority from execution for audit compliance |
|
|
599
|
+
| ECC skill auto-detection | Zero-config integration with existing Claude skill ecosystem |
|
package/BENCHMARKS.md
ADDED
|
@@ -0,0 +1,52 @@
|
|
|
1
|
+
# Benchmarks
|
|
2
|
+
|
|
3
|
+
> Performance targets and baseline measurements for Speexor.
|
|
4
|
+
|
|
5
|
+
## Performance Targets (v4 §8.3)
|
|
6
|
+
|
|
7
|
+
| Metric | Target | Measured (Baseline) | Notes |
|
|
8
|
+
|--------|--------|---------------------|-------|
|
|
9
|
+
| Agent spawn time | <2s | — | Time from `spawnAgent()` call to agent process accepting input |
|
|
10
|
+
| Dashboard API latency | <200ms | — | P95 response time for `/api/status`, `/api/projects`, `/api/sessions` |
|
|
11
|
+
| Event-to-dashboard latency | <1s | — | Time from event emission to dashboard state update |
|
|
12
|
+
| Store throughput | ≥100 writes/sec | — | Concurrent `state.json` or SQLite write operations |
|
|
13
|
+
| Memory footprint (idle) | <200MB | — | RSS after startup with no active agents |
|
|
14
|
+
| Memory footprint (per agent) | <50MB | — | Additional RSS per active agent session |
|
|
15
|
+
| CLI startup time | <500ms | — | Time from `speexor <command>` to first output |
|
|
16
|
+
|
|
17
|
+
## Benchmark Baseline
|
|
18
|
+
|
|
19
|
+
Baseline measurements are collected via:
|
|
20
|
+
|
|
21
|
+
```bash
|
|
22
|
+
# Agent spawn time
|
|
23
|
+
hyperfine --warmup 3 'speexor agent spawn --task benchmark --agent opencode'
|
|
24
|
+
|
|
25
|
+
# Dashboard API latency
|
|
26
|
+
wrk -t4 -c10 -d30s http://localhost:3000/api/status
|
|
27
|
+
|
|
28
|
+
# Store throughput
|
|
29
|
+
node benchmarks/store-throughput.js
|
|
30
|
+
|
|
31
|
+
# Memory footprint
|
|
32
|
+
node -e "const m = process.memoryUsage(); console.log('RSS:', m.rss / 1024 / 1024, 'MB')"
|
|
33
|
+
```
|
|
34
|
+
|
|
35
|
+
## How to Run Benchmarks
|
|
36
|
+
|
|
37
|
+
```bash
|
|
38
|
+
# Install benchmark dependencies
|
|
39
|
+
pnpm add -D hyperfine wrk
|
|
40
|
+
|
|
41
|
+
# Run full benchmark suite
|
|
42
|
+
pnpm benchmark
|
|
43
|
+
|
|
44
|
+
# Run specific benchmark
|
|
45
|
+
node benchmarks/store-throughput.js
|
|
46
|
+
```
|
|
47
|
+
|
|
48
|
+
## Benchmark Results History
|
|
49
|
+
|
|
50
|
+
| Date | Version | Spawn Time | Dashboard Latency (P95) | Event-to-Dashboard | Store Writes/s | Idle Memory | Notes |
|
|
51
|
+
|------|---------|-----------|------------------------|-------------------|---------------|-------------|-------|
|
|
52
|
+
| — | 0.1.0 | — | — | — | — | — | Baseline not yet collected |
|
package/CHANGELOG.md
CHANGED
|
@@ -30,12 +30,43 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
|
|
30
30
|
- Configurable reaction rules (ci-failed, changes-requested, approved-and-green)
|
|
31
31
|
- Graceful shutdown with SIGINT/SIGTERM handling
|
|
32
32
|
|
|
33
|
-
## [0.2.0] —
|
|
33
|
+
## [0.2.0] — 2026-06-30
|
|
34
34
|
|
|
35
35
|
### Added
|
|
36
|
-
- Recursive
|
|
37
|
-
-
|
|
38
|
-
-
|
|
36
|
+
- Recursive Task Decomposition: DAG-based task graph with LLM Planner engine, heuristic decomposition fallback, depth control (maxTaskGraphDepth/maxAgentSpawnDepth)
|
|
37
|
+
- Parallel Scheduler: Resource-aware agent orchestration with tick-based scheduling, auto-retry on failure, provider fallback chain
|
|
38
|
+
- Governance Engine: Two-axis Approval Model (Task Origin Gate + Action Risk Gate), risk-based action classification, approval timeout with default actions
|
|
39
|
+
- Cost Tracking: Per-provider, per-project, per-task-node cost tracking with budget guard (80% warning, 100% halt)
|
|
40
|
+
- Extension Manager CLI: `speexor ext search/install/list/update/remove` commands with marketplace index support
|
|
41
|
+
- Secrets Vault: OS-native secure credential storage (macOS Keychain, Windows Credential Manager, Linux encrypted file)
|
|
42
|
+
- Plugin SDK scaffold: `src/sdk/` with extension scaffold generator for 6 extension types
|
|
43
|
+
- Decision Quality Eval: `speexor eval decisions` with calibration report, confidence bucketing, under/over-confidence detection
|
|
44
|
+
- Worktree Hierarchy Protocol: Fork-with-pin, serialized merges, conflict escalation to approval
|
|
45
|
+
- Interactive Dashboard v2: Collapsible Task Tree, node drill-down panel, Cost by Task Node bar chart, Simple Mode toggle, Unicode status icons, WCAG 2.1 AA keyboard navigation
|
|
46
|
+
- Session Guard: AFK auto-pause with configurable maxAfkDurationHours
|
|
47
|
+
- Provider Error Retry: Exponential backoff (1s→2s→4s→8s) with automatic provider fallback
|
|
48
|
+
- Skill Manifest Wrapper: Auto-detect ECC/affaan-m-style skill folders and generate compatible manifests
|
|
49
|
+
- Config Schema Migration: Version detection, automatic migration with backup
|
|
50
|
+
- Task Graph Persistence: SQLite-backed task graph store with WAL mode
|
|
51
|
+
- Instrumented Agent Adapters: Command wrapper, file watcher, activity feed for all 4 agent backends
|
|
52
|
+
- Canonical data directory: `~/.speexor/` with per-project hash isolation
|
|
53
|
+
- 19 test files with ~320 unit/integration tests across all modules
|
|
54
|
+
- GitHub Actions CI/CD pipeline (test, lint, build, publish)
|
|
55
|
+
- 5 Architecture Decision Records in docs/adr/
|
|
56
|
+
- Glossary (GLOSSARY.md) with 22 canonical terms
|
|
57
|
+
- Performance benchmarks (BENCHMARKS.md) with tracked targets
|
|
58
|
+
- Updated ROADMAP.md with v5 milestones
|
|
59
|
+
|
|
60
|
+
### Architecture
|
|
61
|
+
- Split maxDepth into maxTaskGraphDepth / maxAgentSpawnDepth with independent defaults
|
|
62
|
+
- IsolatedSandbox reimplemented with node:vm (not worker_threads) for true security boundary
|
|
63
|
+
- Extension permission verification with SHA-256 checksums at install time
|
|
64
|
+
- Rollback API for approved actions within configurable grace window
|
|
65
|
+
- Unified two-axis Approval Model surfacing in single Approvals panel
|
|
66
|
+
|
|
67
|
+
### Fixed
|
|
68
|
+
- DEFAULT_REACTION_RULES changed approved-and-green escalateAfter from 0 to 1 (was invalid per Zod min(1))
|
|
69
|
+
- Permission enforcer now documents worker_threads as performance-only, not security boundary
|
|
39
70
|
|
|
40
71
|
## [0.3.0] — Planned
|
|
41
72
|
|
package/CODE-OF-CONDUCT.md
CHANGED
|
@@ -1,83 +1,83 @@
|
|
|
1
|
-
# Contributor Covenant Code of Conduct
|
|
2
|
-
|
|
3
|
-
## Our Pledge
|
|
4
|
-
|
|
5
|
-
We as members, contributors, and leaders pledge to make participation in our
|
|
6
|
-
community a harassment-free experience for everyone, regardless of age, body
|
|
7
|
-
size, visible or invisible disability, ethnicity, sex characteristics, gender
|
|
8
|
-
identity and expression, level of experience, education, socio-economic status,
|
|
9
|
-
nationality, personal appearance, race, caste, color, religion, or sexual
|
|
10
|
-
identity and orientation.
|
|
11
|
-
|
|
12
|
-
We pledge to act and interact in ways that contribute to an open, welcoming,
|
|
13
|
-
diverse, inclusive, and healthy community.
|
|
14
|
-
|
|
15
|
-
## Our Standards
|
|
16
|
-
|
|
17
|
-
Examples of behavior that contributes to a positive environment:
|
|
18
|
-
|
|
19
|
-
* Demonstrating empathy and kindness toward other people
|
|
20
|
-
* Being respectful of differing opinions, viewpoints, and experiences
|
|
21
|
-
* Giving and gracefully accepting constructive feedback
|
|
22
|
-
* Accepting responsibility and apologizing to those affected by our mistakes
|
|
23
|
-
* Focusing on what is best not just for us as individuals, but for the overall community
|
|
24
|
-
|
|
25
|
-
Examples of unacceptable behavior:
|
|
26
|
-
|
|
27
|
-
* The use of sexualized language or imagery, and sexual attention or advances
|
|
28
|
-
* Trolling, insulting or derogatory comments, and personal or political attacks
|
|
29
|
-
* Public or private harassment
|
|
30
|
-
* Publishing others' private information without explicit permission
|
|
31
|
-
* Other conduct which could reasonably be considered inappropriate in a professional setting
|
|
32
|
-
|
|
33
|
-
## Enforcement Responsibilities
|
|
34
|
-
|
|
35
|
-
Project maintainers are responsible for clarifying and enforcing our standards of
|
|
36
|
-
acceptable behavior and will take appropriate and fair corrective action in
|
|
37
|
-
response to any behavior that they deem inappropriate, threatening, offensive,
|
|
38
|
-
or harmful.
|
|
39
|
-
|
|
40
|
-
## Scope
|
|
41
|
-
|
|
42
|
-
This Code of Conduct applies within all community spaces, and also applies when
|
|
43
|
-
an individual is officially representing the community in public spaces.
|
|
44
|
-
|
|
45
|
-
## Enforcement
|
|
46
|
-
|
|
47
|
-
Instances of abusive, harassing, or otherwise unacceptable behavior may be
|
|
48
|
-
reported to the project maintainers at opensource@superdevids.com.
|
|
49
|
-
All complaints will be reviewed and investigated promptly and fairly.
|
|
50
|
-
|
|
51
|
-
## Enforcement Guidelines
|
|
52
|
-
|
|
53
|
-
Project maintainers will follow these Community Impact Guidelines:
|
|
54
|
-
|
|
55
|
-
### 1. Correction
|
|
56
|
-
**Community Impact:** Use of inappropriate language or other behavior deemed
|
|
57
|
-
unprofessional or unwelcome.
|
|
58
|
-
**Consequence:** A private, written warning, providing clarity around the nature
|
|
59
|
-
of the violation and an explanation of why the behavior was inappropriate.
|
|
60
|
-
|
|
61
|
-
### 2. Warning
|
|
62
|
-
**Community Impact:** A violation through a single incident or series of actions.
|
|
63
|
-
**Consequence:** A warning with consequences for continued behavior. No
|
|
64
|
-
interaction with the people involved for a specified period of time.
|
|
65
|
-
|
|
66
|
-
### 3. Temporary Ban
|
|
67
|
-
**Community Impact:** A serious violation of community standards.
|
|
68
|
-
**Consequence:** A temporary ban from any sort of interaction or public
|
|
69
|
-
communication with the community for a specified period of time.
|
|
70
|
-
|
|
71
|
-
### 4. Permanent Ban
|
|
72
|
-
**Community Impact:** Demonstrating a pattern of violation of community standards.
|
|
73
|
-
**Consequence:** A permanent ban from any sort of public interaction within the
|
|
74
|
-
community.
|
|
75
|
-
|
|
76
|
-
## Attribution
|
|
77
|
-
|
|
78
|
-
This Code of Conduct is adapted from the [Contributor Covenant][homepage],
|
|
79
|
-
version 2.1, available at
|
|
80
|
-
[https://www.contributor-covenant.org/version/2/1/code_of_conduct.html][v2.1].
|
|
81
|
-
|
|
82
|
-
[homepage]: https://www.contributor-covenant.org
|
|
83
|
-
[v2.1]: https://www.contributor-covenant.org/version/2/1/code_of_conduct.html
|
|
1
|
+
# Contributor Covenant Code of Conduct
|
|
2
|
+
|
|
3
|
+
## Our Pledge
|
|
4
|
+
|
|
5
|
+
We as members, contributors, and leaders pledge to make participation in our
|
|
6
|
+
community a harassment-free experience for everyone, regardless of age, body
|
|
7
|
+
size, visible or invisible disability, ethnicity, sex characteristics, gender
|
|
8
|
+
identity and expression, level of experience, education, socio-economic status,
|
|
9
|
+
nationality, personal appearance, race, caste, color, religion, or sexual
|
|
10
|
+
identity and orientation.
|
|
11
|
+
|
|
12
|
+
We pledge to act and interact in ways that contribute to an open, welcoming,
|
|
13
|
+
diverse, inclusive, and healthy community.
|
|
14
|
+
|
|
15
|
+
## Our Standards
|
|
16
|
+
|
|
17
|
+
Examples of behavior that contributes to a positive environment:
|
|
18
|
+
|
|
19
|
+
* Demonstrating empathy and kindness toward other people
|
|
20
|
+
* Being respectful of differing opinions, viewpoints, and experiences
|
|
21
|
+
* Giving and gracefully accepting constructive feedback
|
|
22
|
+
* Accepting responsibility and apologizing to those affected by our mistakes
|
|
23
|
+
* Focusing on what is best not just for us as individuals, but for the overall community
|
|
24
|
+
|
|
25
|
+
Examples of unacceptable behavior:
|
|
26
|
+
|
|
27
|
+
* The use of sexualized language or imagery, and sexual attention or advances
|
|
28
|
+
* Trolling, insulting or derogatory comments, and personal or political attacks
|
|
29
|
+
* Public or private harassment
|
|
30
|
+
* Publishing others' private information without explicit permission
|
|
31
|
+
* Other conduct which could reasonably be considered inappropriate in a professional setting
|
|
32
|
+
|
|
33
|
+
## Enforcement Responsibilities
|
|
34
|
+
|
|
35
|
+
Project maintainers are responsible for clarifying and enforcing our standards of
|
|
36
|
+
acceptable behavior and will take appropriate and fair corrective action in
|
|
37
|
+
response to any behavior that they deem inappropriate, threatening, offensive,
|
|
38
|
+
or harmful.
|
|
39
|
+
|
|
40
|
+
## Scope
|
|
41
|
+
|
|
42
|
+
This Code of Conduct applies within all community spaces, and also applies when
|
|
43
|
+
an individual is officially representing the community in public spaces.
|
|
44
|
+
|
|
45
|
+
## Enforcement
|
|
46
|
+
|
|
47
|
+
Instances of abusive, harassing, or otherwise unacceptable behavior may be
|
|
48
|
+
reported to the project maintainers at opensource@superdevids.com.
|
|
49
|
+
All complaints will be reviewed and investigated promptly and fairly.
|
|
50
|
+
|
|
51
|
+
## Enforcement Guidelines
|
|
52
|
+
|
|
53
|
+
Project maintainers will follow these Community Impact Guidelines:
|
|
54
|
+
|
|
55
|
+
### 1. Correction
|
|
56
|
+
**Community Impact:** Use of inappropriate language or other behavior deemed
|
|
57
|
+
unprofessional or unwelcome.
|
|
58
|
+
**Consequence:** A private, written warning, providing clarity around the nature
|
|
59
|
+
of the violation and an explanation of why the behavior was inappropriate.
|
|
60
|
+
|
|
61
|
+
### 2. Warning
|
|
62
|
+
**Community Impact:** A violation through a single incident or series of actions.
|
|
63
|
+
**Consequence:** A warning with consequences for continued behavior. No
|
|
64
|
+
interaction with the people involved for a specified period of time.
|
|
65
|
+
|
|
66
|
+
### 3. Temporary Ban
|
|
67
|
+
**Community Impact:** A serious violation of community standards.
|
|
68
|
+
**Consequence:** A temporary ban from any sort of interaction or public
|
|
69
|
+
communication with the community for a specified period of time.
|
|
70
|
+
|
|
71
|
+
### 4. Permanent Ban
|
|
72
|
+
**Community Impact:** Demonstrating a pattern of violation of community standards.
|
|
73
|
+
**Consequence:** A permanent ban from any sort of public interaction within the
|
|
74
|
+
community.
|
|
75
|
+
|
|
76
|
+
## Attribution
|
|
77
|
+
|
|
78
|
+
This Code of Conduct is adapted from the [Contributor Covenant][homepage],
|
|
79
|
+
version 2.1, available at
|
|
80
|
+
[https://www.contributor-covenant.org/version/2/1/code_of_conduct.html][v2.1].
|
|
81
|
+
|
|
82
|
+
[homepage]: https://www.contributor-covenant.org
|
|
83
|
+
[v2.1]: https://www.contributor-covenant.org/version/2/1/code_of_conduct.html
|