speexor 0.1.0 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (46) hide show
  1. package/API-REFERENCE.md +96 -1
  2. package/ARCHITECTURE.md +84 -33
  3. package/BENCHMARKS.md +52 -0
  4. package/CHANGELOG.md +35 -4
  5. package/CODE-OF-CONDUCT.md +83 -83
  6. package/CONTRIBUTING.md +98 -98
  7. package/FAQ.md +105 -105
  8. package/GLOSSARY.md +33 -0
  9. package/LICENSE.md +21 -21
  10. package/PUBLISH.md +77 -77
  11. package/README.md +222 -8
  12. package/REFACTOR-LOG.md +40 -40
  13. package/ROADMAP.md +37 -15
  14. package/SECURITY-DEFAULTS.md +118 -0
  15. package/SECURITY.md +79 -79
  16. package/SUMMARY.md +31 -8
  17. package/TESTING.md +140 -140
  18. package/dist/{agent-5D3BVWNK.js → agent-D4BRWEOZ.js} +4 -4
  19. package/dist/agent-D4BRWEOZ.js.map +1 -0
  20. package/dist/{chunk-2F66BZYJ.js → chunk-2DX54KIM.js} +2 -2
  21. package/dist/chunk-2DX54KIM.js.map +1 -0
  22. package/dist/{chunk-B7WLHC4W.js → chunk-7VZHDGRQ.js} +2 -2
  23. package/dist/chunk-7VZHDGRQ.js.map +1 -0
  24. package/dist/{chunk-SXALZEOJ.js → chunk-AOFWQZWY.js} +2 -2
  25. package/dist/chunk-AOFWQZWY.js.map +1 -0
  26. package/dist/cli/index.js +4 -4
  27. package/dist/cli/index.js.map +1 -1
  28. package/dist/core/index.js +1 -1
  29. package/dist/index.js +3 -3
  30. package/dist/index.js.map +1 -1
  31. package/dist/plugins/index.js +1 -1
  32. package/docs/SETUP.md +94 -94
  33. package/docs/TROUBLESHOOTING.md +113 -113
  34. package/docs/adr/0001-record-architecture-decisions.md +44 -0
  35. package/docs/adr/0002-plugin-architecture.md +53 -0
  36. package/docs/adr/0003-recursive-task-decomposition.md +57 -0
  37. package/docs/adr/0004-local-first-security.md +58 -0
  38. package/docs/adr/0005-data-directory-layout.md +69 -0
  39. package/examples/basic.yaml +61 -61
  40. package/package.json +103 -102
  41. package/schema/config.schema.json +119 -119
  42. package/speexor.config.yaml.example +30 -30
  43. package/dist/agent-5D3BVWNK.js.map +0 -1
  44. package/dist/chunk-2F66BZYJ.js.map +0 -1
  45. package/dist/chunk-B7WLHC4W.js.map +0 -1
  46. package/dist/chunk-SXALZEOJ.js.map +0 -1
package/API-REFERENCE.md CHANGED
@@ -154,10 +154,56 @@ function createEventBus(): EventBus
154
154
  // EventBus: { emit(event, data), on(event, handler), off(event, handler), once(event, handler) }
155
155
  ```
156
156
 
157
+ ## SecretsVault API
158
+
159
+ ```typescript
160
+ interface SecretsVault {
161
+ setSecret(scope: string, key: string, value: string): Promise<void>
162
+ getSecret(scope: string, key: string): Promise<string | null>
163
+ hasScope(scope: string): Promise<boolean>
164
+ grantScope(scope: string): Promise<void>
165
+ }
166
+ ```
167
+
168
+ ## ExtensionManager API
169
+
170
+ ```typescript
171
+ interface ExtensionManager {
172
+ install(name: string, source?: string): Promise<void>
173
+ remove(name: string): Promise<void>
174
+ list(): Promise<ExtensionInfo[]>
175
+ search(query: string): Promise<ExtensionInfo[]>
176
+ verifyInstall(name: string): Promise<{ valid: boolean; checksum: string }>
177
+ }
178
+ ```
179
+
180
+ ## GovernanceEngine API
181
+
182
+ ```typescript
183
+ interface GovernanceEngine {
184
+ evaluateTaskProposal(task: AgentTask): Promise<ApprovalDecision>
185
+ evaluateAction(action: ActionProposal): Promise<ApprovalDecision>
186
+ canRollback(actionId: string): Promise<boolean>
187
+ executeRollback(actionId: string): Promise<void>
188
+ }
189
+ ```
190
+
191
+ ## Scheduler API
192
+
193
+ ```typescript
194
+ interface Scheduler {
195
+ processGraph(graphId: string): Promise<void>
196
+ spawnNodeAgent(nodeId: string): Promise<string>
197
+ getStatus(): SchedulerStatus
198
+ start(): Promise<void>
199
+ stop(): Promise<void>
200
+ }
201
+ ```
202
+
157
203
  ## Configuration Schema
158
204
 
159
205
  ```yaml
160
- version: "1"
206
+ version: "5"
161
207
  projects:
162
208
  - name: <string>
163
209
  repository: <string>
@@ -177,6 +223,35 @@ projects:
177
223
  scm?: string
178
224
  runtime?: string
179
225
  notifier?: string
226
+ decomposition?:
227
+ maxTaskGraphDepth?: <number> # default: 3
228
+ maxAgentSpawnDepth?: <number> # default: 5
229
+ plannerProvider?: <string>
230
+ scheduler?:
231
+ maxConcurrentAgents?: <number> # default: 4
232
+ retryOnFailure?: <boolean> # default: true
233
+ providerFallbackChain?: <string[]>
234
+ worktreeHierarchy?:
235
+ pinToCommitHash?: <boolean> # default: false
236
+ serializeMerges?: <boolean> # default: true
237
+ conflictEscalatesToApproval?: <boolean> # default: true
238
+ governance?:
239
+ autoApproveProposedTasks?: <boolean> # default: false
240
+ autoApproveCategories?: <string[]>
241
+ riskPolicy?:
242
+ autoApprove?: <string[]> # risk categories auto-approved
243
+ requireApproval?: <string[]> # risk categories requiring approval
244
+ approvalTimeout?: <number> # seconds, default: 300
245
+ budgetLimitUSD?: <number>
246
+ extensions?:
247
+ marketplaceIndex?: <string>
248
+ permissionsMode?: "strict" | "permissive"
249
+ security?:
250
+ secretsBackend?: "keychain" | "credential-manager" | "encrypted-file"
251
+ encryptAtRest?: <boolean>
252
+ sandboxModel?: "vm" | "worker-threads" | "docker"
253
+ performance?:
254
+ workerThreadPoolSize?: <number> # default: 4
180
255
  ```
181
256
 
182
257
  ## Dashboard API
@@ -187,6 +262,18 @@ projects:
187
262
  | GET | `/api/projects` | Project configurations |
188
263
  | GET | `/api/sessions` | Active sessions, worktrees, runtimes |
189
264
  | GET | `/api/health` | Health check with memory stats |
265
+ | GET | `/api/task-graphs` | All task graphs |
266
+ | GET | `/api/task-graphs/:id` | Single task graph with nodes |
267
+ | GET | `/api/task-graphs/:id/nodes/:nodeId` | Task node detail with agent, skills, commands |
268
+ | GET | `/api/approvals` | Pending and all approvals |
269
+ | POST | `/api/approvals/:id/approve` | Approve an approval item |
270
+ | POST | `/api/approvals/:id/reject` | Reject an approval item |
271
+ | POST | `/api/approvals/:id/rollback` | Rollback an approved action |
272
+ | GET | `/api/decision-log` | Decision log entries |
273
+ | GET | `/api/activity-feed` | Live agent activity feed |
274
+ | GET | `/api/cost` | Cost data by provider/project/task node |
275
+ | GET | `/api/eval/calibration` | Confidence calibration report |
276
+ | GET | `/api/events` | SSE event stream (real-time updates) |
190
277
  | GET | `/` or `/dashboard` | HTML dashboard UI |
191
278
 
192
279
  ## CLI Reference
@@ -199,3 +286,11 @@ projects:
199
286
  | `speexor stop <session-id>` | Stop agent session |
200
287
  | `speexor logs <session-id>` | Tail session logs |
201
288
  | `speexor config-help` | Print config schema |
289
+ | `speexor task submit <description>` | Submit high-level task for recursive decomposition |
290
+ | `speexor ext search <query>` | Search extension marketplace |
291
+ | `speexor ext install <name>` | Install extension with permission confirmation |
292
+ | `speexor ext list` | List installed extensions |
293
+ | `speexor ext update [name]` | Update extension(s) |
294
+ | `speexor ext remove <name>` | Remove extension |
295
+ | `speexor config validate` | Validate config schema, run migration if needed |
296
+ | `speexor eval decisions` | Run decision quality evaluation and calibration report |
package/ARCHITECTURE.md CHANGED
@@ -1,6 +1,6 @@
1
1
  # Speexor Architecture
2
2
 
3
- **Version:** 0.1.0 — **Package:** `@speexjs/speexor`
3
+ **Version:** 0.1.0 — **Package:** `speexor`
4
4
 
5
5
  ---
6
6
 
@@ -21,26 +21,37 @@ Speexor (Agent Orchestrator) is a plugin-based, agent-agnostic orchestrator for
21
21
  ## 2. High-Level Architecture
22
22
 
23
23
  ```
24
- ┌──────────────────────────────────────────────────────────────────────┐
25
- CLI (Commander)
26
- │ start | agent spawn | list | stop | logs | config-help
27
- └──────────────────────────┬───────────────────────────────────────────┘
28
-
29
-
30
- ┌──────────────────────────────────────────────────────────────────────┐
31
- │ SpeexorLifecycle │
32
- │ │
33
- ┌──────────┐ ┌──────────┐ ┌──────────┐ ┌────────────────────┐
34
- Plugin │ │ Plugin │ │ Plugin │ │ Session Manager │ │
35
- │ Registry │ Loader Context │ │ (in-memory Map) │ │
36
- └────┬─────┘ └────┬─────┘ └────┬─────┘ └────────────────────┘
37
-
38
- ▼ ▼ ▼
39
- ┌──────────────────────────────────────────────────────────────┐
40
- EventBus │ │
41
- │ │ (EventEmitter3 wrapper) │ │
42
- └──────────────────────────────────────────────────────────────┘
43
- └──────────────────────────────────────────────────────────────────────┘
24
+ ┌──────────────────────────────────────────────────────────────────────────┐
25
+ CLI (Commander)
26
+ │ start | agent spawn | task submit | list | stop | logs |
27
+ │ ext (search/install/list/update/remove) | config (validate/help) | │
28
+ eval decisions | config-help │
29
+ └────────────────────────────┬─────────────────────────────────────────────┘
30
+
31
+
32
+ ┌──────────────────────────────────────────────────────────────────────────┐
33
+ SpeexorLifecycle
34
+
35
+ ┌──────────┐ ┌──────────┐ ┌──────────┐ ┌────────────────────────┐
36
+ Plugin Plugin │ Plugin │ │ Session Manager │ │
37
+ Registry Loader │ Context │ │ (in-memory Map) │ │
38
+ └────┬─────┘ └────┬─────┘ └────┬─────┘ └────────────────────────┘
39
+ │ │ │
40
+ ▼ ▼ ▼
41
+ ┌──────────────────────────────────────────────────────────────────┐
42
+ │ │ EventBus │ │
43
+ │ │ (EventEmitter3 wrapper) │ │
44
+ │ └──────────────────────────────────────────────────────────────────┘ │
45
+ │ │
46
+ │ ┌──────────────────────────────────────────────────────────────────┐ │
47
+ │ │ v2 Core Components │ │
48
+ │ │ PlannerEngine | TaskGraphManager | Scheduler │ │
49
+ │ │ GovernanceEngine | ApprovalManager | CostTracker │ │
50
+ │ │ SecretsVault | ExtensionRegistry | SkillWrapper │ │
51
+ │ │ DecisionEvaluator | SessionGuard | DashboardState │ │
52
+ │ │ WorktreeHierarchyProtocol │ │
53
+ │ └──────────────────────────────────────────────────────────────────┘ │
54
+ └──────────────────────────────────────────────────────────────────────────┘
44
55
  │ │ │ │
45
56
  ▼ ▼ ▼ ▼
46
57
  ┌─────────────┐ ┌──────────┐ ┌──────────┐ ┌──────────────────┐
@@ -48,13 +59,14 @@ Speexor (Agent Orchestrator) is a plugin-based, agent-agnostic orchestrator for
48
59
  │ Adapters │ │ Adapters │ │ Adapters │ │ Adapters│Adapt. │
49
60
  │ (4 impls) │ │ (2 impls)│ │ (1 impl) │ │ (1 impl)│(1impl)│
50
61
  └─────────────┘ └──────────┘ └──────────┘ └──────────────────┘
51
-
52
-
53
- ┌──────────────────────────────────────────────────────────────────────┐
54
- │ Dashboard Server (Node.js HTTP)
55
- │ /api/status | /api/projects | /api/sessions | /api/health | /
56
- │ (4 JSON endpoints + single-page HTML dashboard, auto-refresh 5s)
57
- └──────────────────────────────────────────────────────────────────────┘
62
+
63
+
64
+ ┌──────────────────────────────────────────────────────────────────────────┐
65
+ │ Dashboard Server (Node.js HTTP)
66
+ │ /api/status | /api/projects | /api/sessions | /api/health | /
67
+ │ (4 JSON endpoints + single-page HTML dashboard, auto-refresh 5s)
68
+ │ v2 panels: Task Tree | Fleet | Approvals | Cost │
69
+ └──────────────────────────────────────────────────────────────────────────┘
58
70
  ```
59
71
 
60
72
  The lifecycle is the central orchestrator. It holds a plugin registry (keyed by slot), an in-memory session map, and the EventBus. Plugins are loaded via `loadAllPlugins()`, registered by slot, and collaborate through the shared `PluginContext` (config + EventBus + logger).
@@ -188,7 +200,7 @@ interface TerminalPlugin extends PluginModule {
188
200
 
189
201
  ## 4. Plugin Implementations
190
202
 
191
- The built-in registry (`src/plugins/index.ts`) includes 10 implementations loaded at startup:
203
+ The built-in registry (`src/plugins/index.ts`) includes 13+ implementations loaded at startup:
192
204
 
193
205
  | Plugin | Class | Slot | Dependencies |
194
206
  |--------|-------|------|-------------|
@@ -202,6 +214,9 @@ The built-in registry (`src/plugins/index.ts`) includes 10 implementations loade
202
214
  | GitHub Tracker | `GitHubTracker` | tracker | `gh` CLI |
203
215
  | GitHub SCM | `GitHubSCM` | scm | `gh` CLI |
204
216
  | Desktop Notifier | `DesktopNotifier` | notifier | osascript / PowerShell / notify-send |
217
+ | ECC Skill | `EccSkillPlugin` | agent | ECC skill folders |
218
+ | Affaan M Skill | `AffaanSkillPlugin` | agent | affaan-m skill folders |
219
+ | Extension Manager | `ExtensionManagerPlugin` | agent | extension registry |
205
220
 
206
221
  **Runtime fallback logic:** The loader registers both `TmuxRuntime` and `ProcessRuntime`. `TmuxRuntime.initialize()` throws if `tmux` is not available; lifecycle initialization failure is caught per-plugin, allowing `ProcessRuntime` to serve as the fallback on Windows.
207
222
 
@@ -236,7 +251,10 @@ speexor start <repo-url>
236
251
  │ ├─ new GitWorktreeWorkspace()
237
252
  │ ├─ new GitHubTracker()
238
253
  │ ├─ new GitHubSCM()
239
- └─ new DesktopNotifier()
254
+ ├─ new DesktopNotifier()
255
+ │ ├─ new EccSkillPlugin()
256
+ │ ├─ new AffaanSkillPlugin()
257
+ │ └─ new ExtensionManagerPlugin()
240
258
 
241
259
  ├─ 6. for each plugin → lifecycle.registerPlugin(plugin)
242
260
  │ └─ plugin slot → Map<PluginSlot, PluginModule[]>
@@ -423,6 +441,9 @@ Retries are tracked per `issueId:eventType` key in a `Map<string, number>`. Once
423
441
  | `GET` | `/api/projects` | All configured projects with provider routing |
424
442
  | `GET` | `/api/sessions` | Active agent sessions, worktrees, runtimes |
425
443
  | `GET` | `/api/health` | Health check with memory usage and timestamp |
444
+ | `GET` | `/api/tasks` | Task graph tree (v2) |
445
+ | `GET` | `/api/approvals` | Pending/approved/rejected approvals (v2) |
446
+ | `GET` | `/api/costs` | Cost breakdown by provider/project/node (v2) |
426
447
  | `GET` | `/` or `/dashboard` | Single-page HTML dashboard |
427
448
 
428
449
  All JSON endpoints return CORS headers (`Access-Control-Allow-Origin: *`).
@@ -435,7 +456,8 @@ The dashboard is served as an inline HTML string from `DashboardServer.serveDash
435
456
  - **Stat cards**: project count, active agents, system status, uptime
436
457
  - **Projects table**: name, repository, primary agent, fallback agents
437
458
  - **Sessions table**: session ID, task, provider, status, start time
438
- - **Auto-refresh**: polls all 3 JSON endpoints every 5 seconds via `setInterval`
459
+ - **v2 Panels**: Task Tree, Fleet, Approvals, Cost (toggleable)
460
+ - **Auto-refresh**: polls all JSON endpoints every 5 seconds via `setInterval`
439
461
  - **No build step** — single HTML file with embedded `<style>` and `<script>`
440
462
 
441
463
  ### 8.3 Architecture
@@ -450,13 +472,16 @@ DashboardServer
450
472
  │ └─ 'session:completed' → DashboardState.removeSession()
451
473
 
452
474
  ├─ DashboardState (in-memory)
453
- │ ├─ SpeexorState { sessions, worktrees, runtimes, projects }
475
+ │ ├─ SpeexorState { sessions, worktrees, runtimes, projects, taskGraph, approvals, costs }
454
476
  │ └─ listener pattern for reactive updates
455
477
 
456
478
  └─ Routes:
457
479
  ├─ /api/status → lifecycle.getStatus(), lifecycle.listSessions()
458
480
  ├─ /api/projects → lifecycle.getConfig().projects
459
481
  ├─ /api/sessions → lifecycle.listSessions()
482
+ ├─ /api/tasks → taskGraphManager.toJSON()
483
+ ├─ /api/approvals → approvalManager.list()
484
+ ├─ /api/costs → costTracker.getBreakdown()
460
485
  ├─ /api/health → { status, timestamp, memory }
461
486
  ├─ / → serveDashboardHTML()
462
487
  └─ 404 → { error: 'Not found' }
@@ -535,6 +560,28 @@ Implement `TrackerPlugin` for Jira, Linear, or GitLab issues. Implement `SCMPlug
535
560
 
536
561
  ---
537
562
 
563
+ ## 11. v2 Core Components
564
+
565
+ The following components were added in v0.2.0 as Speexor's advanced orchestration layer:
566
+
567
+ | Component | Responsibility |
568
+ |-----------|---------------|
569
+ | PlannerEngine | LLM-based task decomposition, heuristic fallback |
570
+ | TaskGraphManager | DAG data model, topological sort, cycle detection |
571
+ | Scheduler | Tick-based parallel execution, retry/reassign |
572
+ | GovernanceEngine | Two-axis approval, duplicate detection, rollback |
573
+ | ApprovalManager | Approval lifecycle, expiry, default actions |
574
+ | CostTracker | Provider/project/node cost tracking, budget guard |
575
+ | SecretsVault | OS-native secure credential storage |
576
+ | ExtensionRegistry | Install, verify, enable/disable extensions |
577
+ | SkillWrapper | Auto-detect ECC/affaan-m skill folders |
578
+ | DecisionEvaluator | Confidence calibration, decision logging |
579
+ | SessionGuard | AFK auto-pause, idle timeout |
580
+ | WorktreeHierarchyProtocol | Fork/pin/merge subagent branches |
581
+ | DashboardState | Reactive state for all dashboard panels |
582
+
583
+ ---
584
+
538
585
  ## Key Design Decisions
539
586
 
540
587
  | Decision | Rationale |
@@ -545,4 +592,8 @@ Implement `TrackerPlugin` for Jira, Linear, or GitLab issues. Implement `SCMPlug
545
592
  | Synchronous JSON state file | Simplicity — avoids database dependency for session tracking |
546
593
  | Inline HTML dashboard | Zero build step, zero dependencies for the UI |
547
594
  | `gh` CLI dependency | Avoids GitHub API token management; delegates auth to `gh` |
548
- | Reverse-order destroy | Dependencies destroyed before dependents (terminal → notifier → scm → tracker → workspace → runtime → agent) |
595
+ | Reverse-order destroy | Dependencies destroyed before dependents (terminal → notifier → scm → tracker → workspace → runtime → agent) |
596
+ | SQLite for DAG persistence | Task graph durability without a full DBMS |
597
+ | OS-keychain for secrets | No .env files; credentials stored in OS secure storage |
598
+ | Two-axis governance | Separates approval authority from execution for audit compliance |
599
+ | ECC skill auto-detection | Zero-config integration with existing Claude skill ecosystem |
package/BENCHMARKS.md ADDED
@@ -0,0 +1,52 @@
1
+ # Benchmarks
2
+
3
+ > Performance targets and baseline measurements for Speexor.
4
+
5
+ ## Performance Targets (v4 §8.3)
6
+
7
+ | Metric | Target | Measured (Baseline) | Notes |
8
+ |--------|--------|---------------------|-------|
9
+ | Agent spawn time | <2s | — | Time from `spawnAgent()` call to agent process accepting input |
10
+ | Dashboard API latency | <200ms | — | P95 response time for `/api/status`, `/api/projects`, `/api/sessions` |
11
+ | Event-to-dashboard latency | <1s | — | Time from event emission to dashboard state update |
12
+ | Store throughput | ≥100 writes/sec | — | Concurrent `state.json` or SQLite write operations |
13
+ | Memory footprint (idle) | <200MB | — | RSS after startup with no active agents |
14
+ | Memory footprint (per agent) | <50MB | — | Additional RSS per active agent session |
15
+ | CLI startup time | <500ms | — | Time from `speexor <command>` to first output |
16
+
17
+ ## Benchmark Baseline
18
+
19
+ Baseline measurements are collected via:
20
+
21
+ ```bash
22
+ # Agent spawn time
23
+ hyperfine --warmup 3 'speexor agent spawn --task benchmark --agent opencode'
24
+
25
+ # Dashboard API latency
26
+ wrk -t4 -c10 -d30s http://localhost:3000/api/status
27
+
28
+ # Store throughput
29
+ node benchmarks/store-throughput.js
30
+
31
+ # Memory footprint
32
+ node -e "const m = process.memoryUsage(); console.log('RSS:', m.rss / 1024 / 1024, 'MB')"
33
+ ```
34
+
35
+ ## How to Run Benchmarks
36
+
37
+ ```bash
38
+ # Install benchmark dependencies
39
+ pnpm add -D hyperfine wrk
40
+
41
+ # Run full benchmark suite
42
+ pnpm benchmark
43
+
44
+ # Run specific benchmark
45
+ node benchmarks/store-throughput.js
46
+ ```
47
+
48
+ ## Benchmark Results History
49
+
50
+ | Date | Version | Spawn Time | Dashboard Latency (P95) | Event-to-Dashboard | Store Writes/s | Idle Memory | Notes |
51
+ |------|---------|-----------|------------------------|-------------------|---------------|-------------|-------|
52
+ | — | 0.1.0 | — | — | — | — | — | Baseline not yet collected |
package/CHANGELOG.md CHANGED
@@ -30,12 +30,43 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
30
30
  - Configurable reaction rules (ci-failed, changes-requested, approved-and-green)
31
31
  - Graceful shutdown with SIGINT/SIGTERM handling
32
32
 
33
- ## [0.2.0] — Planned
33
+ ## [0.2.0] — 2026-06-30
34
34
 
35
35
  ### Added
36
- - Recursive task decomposition (DAG-based multi-agent orchestration)
37
- - Real-time WebSocket terminal streaming
38
- - Cost/usage tracking per provider
36
+ - Recursive Task Decomposition: DAG-based task graph with LLM Planner engine, heuristic decomposition fallback, depth control (maxTaskGraphDepth/maxAgentSpawnDepth)
37
+ - Parallel Scheduler: Resource-aware agent orchestration with tick-based scheduling, auto-retry on failure, provider fallback chain
38
+ - Governance Engine: Two-axis Approval Model (Task Origin Gate + Action Risk Gate), risk-based action classification, approval timeout with default actions
39
+ - Cost Tracking: Per-provider, per-project, per-task-node cost tracking with budget guard (80% warning, 100% halt)
40
+ - Extension Manager CLI: `speexor ext search/install/list/update/remove` commands with marketplace index support
41
+ - Secrets Vault: OS-native secure credential storage (macOS Keychain, Windows Credential Manager, Linux encrypted file)
42
+ - Plugin SDK scaffold: `src/sdk/` with extension scaffold generator for 6 extension types
43
+ - Decision Quality Eval: `speexor eval decisions` with calibration report, confidence bucketing, under/over-confidence detection
44
+ - Worktree Hierarchy Protocol: Fork-with-pin, serialized merges, conflict escalation to approval
45
+ - Interactive Dashboard v2: Collapsible Task Tree, node drill-down panel, Cost by Task Node bar chart, Simple Mode toggle, Unicode status icons, WCAG 2.1 AA keyboard navigation
46
+ - Session Guard: AFK auto-pause with configurable maxAfkDurationHours
47
+ - Provider Error Retry: Exponential backoff (1s→2s→4s→8s) with automatic provider fallback
48
+ - Skill Manifest Wrapper: Auto-detect ECC/affaan-m-style skill folders and generate compatible manifests
49
+ - Config Schema Migration: Version detection, automatic migration with backup
50
+ - Task Graph Persistence: SQLite-backed task graph store with WAL mode
51
+ - Instrumented Agent Adapters: Command wrapper, file watcher, activity feed for all 4 agent backends
52
+ - Canonical data directory: `~/.speexor/` with per-project hash isolation
53
+ - 19 test files with ~320 unit/integration tests across all modules
54
+ - GitHub Actions CI/CD pipeline (test, lint, build, publish)
55
+ - 5 Architecture Decision Records in docs/adr/
56
+ - Glossary (GLOSSARY.md) with 22 canonical terms
57
+ - Performance benchmarks (BENCHMARKS.md) with tracked targets
58
+ - Updated ROADMAP.md with v5 milestones
59
+
60
+ ### Architecture
61
+ - Split maxDepth into maxTaskGraphDepth / maxAgentSpawnDepth with independent defaults
62
+ - IsolatedSandbox reimplemented with node:vm (not worker_threads) for true security boundary
63
+ - Extension permission verification with SHA-256 checksums at install time
64
+ - Rollback API for approved actions within configurable grace window
65
+ - Unified two-axis Approval Model surfacing in single Approvals panel
66
+
67
+ ### Fixed
68
+ - DEFAULT_REACTION_RULES changed approved-and-green escalateAfter from 0 to 1 (was invalid per Zod min(1))
69
+ - Permission enforcer now documents worker_threads as performance-only, not security boundary
39
70
 
40
71
  ## [0.3.0] — Planned
41
72
 
@@ -1,83 +1,83 @@
1
- # Contributor Covenant Code of Conduct
2
-
3
- ## Our Pledge
4
-
5
- We as members, contributors, and leaders pledge to make participation in our
6
- community a harassment-free experience for everyone, regardless of age, body
7
- size, visible or invisible disability, ethnicity, sex characteristics, gender
8
- identity and expression, level of experience, education, socio-economic status,
9
- nationality, personal appearance, race, caste, color, religion, or sexual
10
- identity and orientation.
11
-
12
- We pledge to act and interact in ways that contribute to an open, welcoming,
13
- diverse, inclusive, and healthy community.
14
-
15
- ## Our Standards
16
-
17
- Examples of behavior that contributes to a positive environment:
18
-
19
- * Demonstrating empathy and kindness toward other people
20
- * Being respectful of differing opinions, viewpoints, and experiences
21
- * Giving and gracefully accepting constructive feedback
22
- * Accepting responsibility and apologizing to those affected by our mistakes
23
- * Focusing on what is best not just for us as individuals, but for the overall community
24
-
25
- Examples of unacceptable behavior:
26
-
27
- * The use of sexualized language or imagery, and sexual attention or advances
28
- * Trolling, insulting or derogatory comments, and personal or political attacks
29
- * Public or private harassment
30
- * Publishing others' private information without explicit permission
31
- * Other conduct which could reasonably be considered inappropriate in a professional setting
32
-
33
- ## Enforcement Responsibilities
34
-
35
- Project maintainers are responsible for clarifying and enforcing our standards of
36
- acceptable behavior and will take appropriate and fair corrective action in
37
- response to any behavior that they deem inappropriate, threatening, offensive,
38
- or harmful.
39
-
40
- ## Scope
41
-
42
- This Code of Conduct applies within all community spaces, and also applies when
43
- an individual is officially representing the community in public spaces.
44
-
45
- ## Enforcement
46
-
47
- Instances of abusive, harassing, or otherwise unacceptable behavior may be
48
- reported to the project maintainers at opensource@superdevids.com.
49
- All complaints will be reviewed and investigated promptly and fairly.
50
-
51
- ## Enforcement Guidelines
52
-
53
- Project maintainers will follow these Community Impact Guidelines:
54
-
55
- ### 1. Correction
56
- **Community Impact:** Use of inappropriate language or other behavior deemed
57
- unprofessional or unwelcome.
58
- **Consequence:** A private, written warning, providing clarity around the nature
59
- of the violation and an explanation of why the behavior was inappropriate.
60
-
61
- ### 2. Warning
62
- **Community Impact:** A violation through a single incident or series of actions.
63
- **Consequence:** A warning with consequences for continued behavior. No
64
- interaction with the people involved for a specified period of time.
65
-
66
- ### 3. Temporary Ban
67
- **Community Impact:** A serious violation of community standards.
68
- **Consequence:** A temporary ban from any sort of interaction or public
69
- communication with the community for a specified period of time.
70
-
71
- ### 4. Permanent Ban
72
- **Community Impact:** Demonstrating a pattern of violation of community standards.
73
- **Consequence:** A permanent ban from any sort of public interaction within the
74
- community.
75
-
76
- ## Attribution
77
-
78
- This Code of Conduct is adapted from the [Contributor Covenant][homepage],
79
- version 2.1, available at
80
- [https://www.contributor-covenant.org/version/2/1/code_of_conduct.html][v2.1].
81
-
82
- [homepage]: https://www.contributor-covenant.org
83
- [v2.1]: https://www.contributor-covenant.org/version/2/1/code_of_conduct.html
1
+ # Contributor Covenant Code of Conduct
2
+
3
+ ## Our Pledge
4
+
5
+ We as members, contributors, and leaders pledge to make participation in our
6
+ community a harassment-free experience for everyone, regardless of age, body
7
+ size, visible or invisible disability, ethnicity, sex characteristics, gender
8
+ identity and expression, level of experience, education, socio-economic status,
9
+ nationality, personal appearance, race, caste, color, religion, or sexual
10
+ identity and orientation.
11
+
12
+ We pledge to act and interact in ways that contribute to an open, welcoming,
13
+ diverse, inclusive, and healthy community.
14
+
15
+ ## Our Standards
16
+
17
+ Examples of behavior that contributes to a positive environment:
18
+
19
+ * Demonstrating empathy and kindness toward other people
20
+ * Being respectful of differing opinions, viewpoints, and experiences
21
+ * Giving and gracefully accepting constructive feedback
22
+ * Accepting responsibility and apologizing to those affected by our mistakes
23
+ * Focusing on what is best not just for us as individuals, but for the overall community
24
+
25
+ Examples of unacceptable behavior:
26
+
27
+ * The use of sexualized language or imagery, and sexual attention or advances
28
+ * Trolling, insulting or derogatory comments, and personal or political attacks
29
+ * Public or private harassment
30
+ * Publishing others' private information without explicit permission
31
+ * Other conduct which could reasonably be considered inappropriate in a professional setting
32
+
33
+ ## Enforcement Responsibilities
34
+
35
+ Project maintainers are responsible for clarifying and enforcing our standards of
36
+ acceptable behavior and will take appropriate and fair corrective action in
37
+ response to any behavior that they deem inappropriate, threatening, offensive,
38
+ or harmful.
39
+
40
+ ## Scope
41
+
42
+ This Code of Conduct applies within all community spaces, and also applies when
43
+ an individual is officially representing the community in public spaces.
44
+
45
+ ## Enforcement
46
+
47
+ Instances of abusive, harassing, or otherwise unacceptable behavior may be
48
+ reported to the project maintainers at opensource@superdevids.com.
49
+ All complaints will be reviewed and investigated promptly and fairly.
50
+
51
+ ## Enforcement Guidelines
52
+
53
+ Project maintainers will follow these Community Impact Guidelines:
54
+
55
+ ### 1. Correction
56
+ **Community Impact:** Use of inappropriate language or other behavior deemed
57
+ unprofessional or unwelcome.
58
+ **Consequence:** A private, written warning, providing clarity around the nature
59
+ of the violation and an explanation of why the behavior was inappropriate.
60
+
61
+ ### 2. Warning
62
+ **Community Impact:** A violation through a single incident or series of actions.
63
+ **Consequence:** A warning with consequences for continued behavior. No
64
+ interaction with the people involved for a specified period of time.
65
+
66
+ ### 3. Temporary Ban
67
+ **Community Impact:** A serious violation of community standards.
68
+ **Consequence:** A temporary ban from any sort of interaction or public
69
+ communication with the community for a specified period of time.
70
+
71
+ ### 4. Permanent Ban
72
+ **Community Impact:** Demonstrating a pattern of violation of community standards.
73
+ **Consequence:** A permanent ban from any sort of public interaction within the
74
+ community.
75
+
76
+ ## Attribution
77
+
78
+ This Code of Conduct is adapted from the [Contributor Covenant][homepage],
79
+ version 2.1, available at
80
+ [https://www.contributor-covenant.org/version/2/1/code_of_conduct.html][v2.1].
81
+
82
+ [homepage]: https://www.contributor-covenant.org
83
+ [v2.1]: https://www.contributor-covenant.org/version/2/1/code_of_conduct.html