speexor 0.1.1 → 0.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (54) hide show
  1. package/API-REFERENCE.md +96 -1
  2. package/ARCHITECTURE.md +83 -32
  3. package/BENCHMARKS.md +73 -0
  4. package/CHANGELOG.md +59 -4
  5. package/CODE-OF-CONDUCT.md +83 -83
  6. package/CONTRIBUTING.md +92 -97
  7. package/FAQ.md +132 -105
  8. package/GLOSSARY.md +34 -0
  9. package/LICENSE.md +21 -21
  10. package/PUBLISH.md +82 -77
  11. package/README.md +220 -6
  12. package/REFACTOR-LOG.md +40 -40
  13. package/ROADMAP.md +31 -42
  14. package/SECURITY-DEFAULTS.md +118 -0
  15. package/SECURITY.md +80 -79
  16. package/SUMMARY.md +31 -8
  17. package/TESTING.md +140 -140
  18. package/dist/{agent-5D3BVWNK.js → agent-C64T66XT.js} +4 -4
  19. package/dist/agent-C64T66XT.js.map +1 -0
  20. package/dist/{chunk-B7WLHC4W.js → chunk-5OD5UWB5.js} +322 -121
  21. package/dist/chunk-5OD5UWB5.js.map +1 -0
  22. package/dist/chunk-GOGI3JQD.js +1637 -0
  23. package/dist/chunk-GOGI3JQD.js.map +1 -0
  24. package/dist/{chunk-2F66BZYJ.js → chunk-VEZQT5SX.js} +80 -8
  25. package/dist/chunk-VEZQT5SX.js.map +1 -0
  26. package/dist/cli/index.js +2058 -18
  27. package/dist/cli/index.js.map +1 -1
  28. package/dist/core/index.d.ts +682 -3
  29. package/dist/core/index.js +1 -1
  30. package/dist/index.d.ts +102 -14
  31. package/dist/index.js +55 -29
  32. package/dist/index.js.map +1 -1
  33. package/dist/plugins/index.d.ts +1 -1
  34. package/dist/plugins/index.js +1 -1
  35. package/dist/types-BOMap-tI.d.ts +389 -0
  36. package/docs/PRD03.md +119 -0
  37. package/docs/PRD06.md +125 -0
  38. package/docs/SETUP.md +94 -94
  39. package/docs/TROUBLESHOOTING.md +113 -113
  40. package/docs/adr/0001-record-architecture-decisions.md +44 -0
  41. package/docs/adr/0002-plugin-architecture.md +53 -0
  42. package/docs/adr/0003-recursive-task-decomposition.md +57 -0
  43. package/docs/adr/0004-local-first-security.md +58 -0
  44. package/docs/adr/0005-data-directory-layout.md +69 -0
  45. package/examples/basic.yaml +61 -61
  46. package/package.json +103 -102
  47. package/schema/config.schema.json +119 -119
  48. package/speexor.config.yaml.example +30 -30
  49. package/dist/agent-5D3BVWNK.js.map +0 -1
  50. package/dist/chunk-2F66BZYJ.js.map +0 -1
  51. package/dist/chunk-B7WLHC4W.js.map +0 -1
  52. package/dist/chunk-SXALZEOJ.js +0 -345
  53. package/dist/chunk-SXALZEOJ.js.map +0 -1
  54. package/dist/types-0q_okI2g.d.ts +0 -205
package/PUBLISH.md CHANGED
@@ -1,77 +1,82 @@
1
- # Publishing Speexor
2
-
3
- This document describes the process for publishing `speexor` to npm.
4
-
5
- ## Prerequisites
6
- - npm account with access to `@speexjs` organization
7
- - GitHub repository write access
8
- - Clean working tree (no uncommitted changes)
9
-
10
- ## Version Bumping
11
-
12
- We follow [Semantic Versioning](https://semver.org/):
13
- - **Patch** (`0.1.0` `0.1.1`): Bug fixes, minor changes
14
- - **Minor** (`0.1.0` → `0.2.0`): New features, backwards compatible
15
- - **Major** (`0.1.0` → `1.0.0`): Breaking changes
16
-
17
- ## Pre-Publish Checklist
18
-
19
- - [ ] All tests pass: `pnpm test`
20
- - [ ] TypeScript compiles: `pnpm typecheck`
21
- - [ ] Linter passes: `pnpm lint`
22
- - [ ] Build succeeds: `pnpm build`
23
- - [ ] CHANGELOG.md updated
24
- - [ ] Version bumped in package.json
25
- - [ ] Git tag created
26
- - [ ] Docs updated (README, architecture, etc.)
27
-
28
- ## Publishing Steps
29
-
30
- ### 1. Update Version
31
- ```bash
32
- # From the speexor package directory
33
- pnpm version patch # or minor, or major
34
- ```
35
-
36
- ### 2. Update Changelog
37
- Update `CHANGELOG.md` with the new version, date, and changes.
38
-
39
- ### 3. Build
40
- ```bash
41
- pnpm build
42
- ```
43
-
44
- ### 4. Publish to npm
45
- ```bash
46
- pnpm publish --access public
47
- ```
48
-
49
- ### 5. Tag and Push
50
- ```bash
51
- git tag speexor-v0.1.0
52
- git push --tags
53
- git push origin main
54
- ```
55
-
56
- ### 6. Create GitHub Release
57
- - Go to https://github.com/superdevids/speexjs/releases
58
- - Draft a new release
59
- - Use the git tag as version
60
- - Copy changelog entry as release notes
61
- - Attach any relevant binaries
62
-
63
- ## npm Package Contents
64
-
65
- The published package includes:
66
- - `dist/` Compiled ESM + type declarations
67
- - `schema/` — JSON Schema for config
68
- - `examples/` Example configurations
69
- - `speexor.config.yaml.example` — Config template
70
- - `*.md` Documentation files
71
-
72
- ## CI/CD
73
-
74
- Publishing can also be automated via GitHub Actions:
75
- - Trigger: pushing a tag matching `speexor-v*`
76
- - Steps: install → build → test → publish
77
- - Secrets: `NPM_TOKEN` must be configured in GitHub repository secrets
1
+ # Publishing Speexor
2
+
3
+ This document describes the process for publishing `speexor` to npm.
4
+
5
+ > **Branding Note:** The product is **Speexor**, published under the `@speexor` npm scope.
6
+ > The GitHub organization is [`superdevids`](https://github.com/superdevids).
7
+ > For the monorepo/ecosystem umbrella, see [`speexjs`](https://github.com/superdevids/speexjs).
8
+ > (Per PRD06 C5 fix: `speexjs` = monorepo org, `speexor` = product/package.)
9
+
10
+ ## Prerequisites
11
+ - npm account with access to `@speexor` organization
12
+ - GitHub repository write access (`github.com/superdevids/speexor`)
13
+ - Clean working tree (no uncommitted changes)
14
+
15
+ ## Version Bumping
16
+
17
+ We follow [Semantic Versioning](https://semver.org/):
18
+ - **Patch** (`0.1.0` → `0.1.1`): Bug fixes, minor changes
19
+ - **Minor** (`0.1.0` `0.2.0`): New features, backwards compatible
20
+ - **Major** (`0.1.0` `1.0.0`): Breaking changes
21
+
22
+ ## Pre-Publish Checklist
23
+
24
+ - [ ] All tests pass: `pnpm test`
25
+ - [ ] TypeScript compiles: `pnpm typecheck`
26
+ - [ ] Linter passes: `pnpm lint`
27
+ - [ ] Build succeeds: `pnpm build`
28
+ - [ ] CHANGELOG.md updated
29
+ - [ ] Version bumped in package.json
30
+ - [ ] Git tag created
31
+ - [ ] Docs updated (README, architecture, etc.)
32
+
33
+ ## Publishing Steps
34
+
35
+ ### 1. Update Version
36
+ ```bash
37
+ # From the speexor package directory
38
+ pnpm version patch # or minor, or major
39
+ ```
40
+
41
+ ### 2. Update Changelog
42
+ Update `CHANGELOG.md` with the new version, date, and changes.
43
+
44
+ ### 3. Build
45
+ ```bash
46
+ pnpm build
47
+ ```
48
+
49
+ ### 4. Publish to npm
50
+ ```bash
51
+ pnpm publish --access public
52
+ ```
53
+
54
+ ### 5. Tag and Push
55
+ ```bash
56
+ git tag speexor-v0.1.0
57
+ git push --tags
58
+ git push origin main
59
+ ```
60
+
61
+ ### 6. Create GitHub Release
62
+ - Go to https://github.com/superdevids/speexjs/releases
63
+ - Draft a new release
64
+ - Use the git tag as version
65
+ - Copy changelog entry as release notes
66
+ - Attach any relevant binaries
67
+
68
+ ## npm Package Contents
69
+
70
+ The published package includes:
71
+ - `dist/` — Compiled ESM + type declarations
72
+ - `schema/` — JSON Schema for config
73
+ - `examples/` — Example configurations
74
+ - `speexor.config.yaml.example` Config template
75
+ - `*.md` Documentation files
76
+
77
+ ## CI/CD
78
+
79
+ Publishing can also be automated via GitHub Actions:
80
+ - Trigger: pushing a tag matching `speexor-v*`
81
+ - Steps: install → build → test → publish
82
+ - Secrets: `NPM_TOKEN` must be configured in GitHub repository secrets
package/README.md CHANGED
@@ -6,6 +6,8 @@
6
6
  [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
7
7
  [![Node](https://img.shields.io/badge/node-%3E%3D18.0.0-brightgreen)](https://nodejs.org)
8
8
  [![TypeScript](https://img.shields.io/badge/%3C/%3E-TypeScript-3178C6)](https://www.typescriptlang.org/)
9
+ [![CI](https://github.com/superdevids/speexor/actions/workflows/ci.yml/badge.svg)](https://github.com/superdevids/speexor/actions/workflows/ci.yml)
10
+ [![Coverage](https://img.shields.io/badge/coverage-~90%25-brightgreen)](https://github.com/superdevids/speexor)
9
11
 
10
12
  ---
11
13
 
@@ -15,9 +17,9 @@ Speexor is an **agent orchestrator** purpose-built for teams and solo developers
15
17
 
16
18
  Coordinating multiple coding agents manually is error-prone and slow. Speexor solves this with a **7-plugin slot architecture** that separates agent adapters, runtime backends, workspace management, issue tracking, SCM operations, notifications, and terminal I/O into clean, swappable modules. Git worktree isolation keeps each agent session on its own branch without polluting your working tree.
17
19
 
18
- Speexor ships with a built-in **HTTP dashboard**, a **reaction engine** for automated CI-fix loops, JSON-file session persistence, and two runtime backends `tmux` on Unix and `Process` on Windows so it works wherever you do.
20
+ Speexor ships with a built-in **interactive dashboard**, a **reaction engine** for automated CI-fix loops, **recursive task decomposition** with DAG-based scheduling, a **governance engine** for risk-aware approvals, a **secrets vault** for secure credential storage, and an **extension marketplace** for community plugins.
19
21
 
20
- > **Status:** v0.1.0Early release. The plugin API and core commands are stable; breaking changes are possible before 1.0.
22
+ > **Status:** v0.2.1 — Hardening release. All PRD v5 gap fixes implemented: proper sandbox security, async session store, budget guard enforcement, real-time terminal streaming, TypeScript strict zero errors. 320+ tests passing.
21
23
 
22
24
  ---
23
25
 
@@ -25,13 +27,28 @@ Speexor ships with a built-in **HTTP dashboard**, a **reaction engine** for auto
25
27
 
26
28
  - **Parallel Agent Dispatch** — Spawn multiple coding agents (OpenCode, Claude Code, Aider, Codex) across different repositories simultaneously
27
29
  - **Multi-Provider Routing** — Configure primary and fallback AI providers per project with concurrent-limit controls
28
- - **Git Worktree Isolation** — Every agent task operates on its own isolated `git worktree` branch — zero interference with your main workspace
30
+ - **Recursive Task Decomposition** — LLM-driven planner breaks high-level tasks into a DAG of sub-tasks with automatic dependency resolution
31
+ - **Parallel Agent Scheduler** — Execute decomposed tasks in parallel with resource-aware throttling and auto-retry
32
+ - **Governance Engine** — Two-axis approval model (Task Origin Gate + Action Risk Gate) with risk-based action classification
33
+ - **Cost Tracking** — Per-provider, per-project, per-task-node cost tracking with budget guard enforcement
34
+ - **Secrets Vault** — OS-native secure credential storage (macOS Keychain, Windows Credential Manager, Linux encrypted file)
35
+ - **Extension Marketplace** — Search, install, list, update, and remove extensions via `speexor ext` commands
36
+ - **Plugin SDK** — `@speexor/sdk` with extension scaffold generator and TypeScript types
37
+ - **Decision Quality Eval** — Confidence calibration reporting, decision logging, and auto-labeling
38
+ - **Worktree Hierarchy Protocol** — Pin-to-commit-hash forking, serialized subagent merges, and conflict escalation
39
+ - **Interactive Dashboard v2** — Task Tree View, Agent Fleet, Approvals Inbox, Cost Panel, Decision Log, Simple Mode, WCAG accessibility
40
+ - **Session Guard** — AFK auto-pause, budget enforcement, idle timeout
41
+ - **Provider Error Retry** — Exponential backoff on provider failures with automatic fallback
29
42
  - **Reaction Engine** — Automatically detect CI failures, PR review changes, and approvals; trigger fix, notify, or escalate actions with configurable retries
30
- - **Built-in HTTP Dashboard** — Monitor sessions, worktrees, and agent status in real time (Node.js built-in `http` module, no external dependencies)
43
+ - **Git Worktree Isolation** — Every agent task operates on its own isolated `git worktree` branch zero interference with your main workspace
31
44
  - **7-Plugin Slot Architecture** — Swap or extend every layer: agent adapters, runtimes, workspace, tracker, SCM, notifier, and terminal
32
45
  - **Cross-Platform Runtimes** — `tmux` for Unix, `Process` for Windows — pick the backend that matches your OS
33
46
  - **JSON-File Persistence** — Session state, worktrees, and runtimes persist to `.speexor/state.json` automatically
34
47
  - **Zod-Validated Config** — YAML configuration validated at load with clear error messages for every field
48
+ - **19 Test Files / ~320 Tests** — Comprehensive Vitest coverage across core, CLI, plugins, and scheduler
49
+ - **CI/CD Pipeline** — GitHub Actions for test, lint, build, and publish
50
+ - **Architecture Decision Records** — 5 ADRs in `docs/adr/` documenting key design choices
51
+ - **Glossary** — Canonical terminology reference in `GLOSSARY.md`
35
52
 
36
53
  ---
37
54
 
@@ -70,7 +87,7 @@ Speexor is configured via `speexor.config.yaml` (or `.speexor.yaml`, `speexor.ya
70
87
  Create one with `speexor start <repo>` or manually:
71
88
 
72
89
  ```yaml
73
- version: "1"
90
+ version: "5" # v5 schema — see speexor.config.yaml.example for full reference
74
91
 
75
92
  projects:
76
93
  - name: my-app
@@ -106,10 +123,158 @@ projects:
106
123
  concurrentLimit: 2
107
124
  ```
108
125
 
126
+ Validate your configuration against the schema and run any pending migrations:
127
+
128
+ ```bash
129
+ speexor config validate
130
+ ```
131
+
109
132
  See the full schema with `speexor config-help`.
110
133
 
111
134
  ---
112
135
 
136
+ ## Recursive Task Decomposition & Scheduling
137
+
138
+ Speexor's task system transforms high-level descriptions into an executable DAG of sub-tasks:
139
+
140
+ ### LLM-Driven Planner
141
+ - Submit a task with `speexor task submit "Implement user authentication"`
142
+ - The LLM planner decomposes it into a directed acyclic graph of atomic sub-tasks
143
+ - Dependencies are automatically resolved: a sub-task only executes after all its predecessors succeed
144
+
145
+ ### Parallel Agent Scheduler
146
+ - The scheduler executes independent sub-tasks in parallel across the configured agent fleet
147
+ - **Resource-aware throttling** — respects per-project `concurrentLimit` and system load
148
+ - **Auto-retry** — failed sub-tasks are retried up to the configured limit before escalation
149
+ - **Cost tracking per node** — every executed sub-task is attributed with provider, tokens, and duration
150
+
151
+ ### Worktree Hierarchy Protocol
152
+ - Each decomposed sub-task forks from its parent's commit hash via `git worktree`
153
+ - Completed sub-tasks merge back serially, respecting the dependency chain
154
+ - Merge conflicts are detected and escalated for resolution
155
+
156
+ ```bash
157
+ # Submit a high-level task for decomposition
158
+ speexor task submit "Implement OAuth2 login flow"
159
+ ```
160
+
161
+ ---
162
+
163
+ ## Governance & Security
164
+
165
+ ### Governance Engine
166
+ Speexor implements a two-axis approval model:
167
+
168
+ | Axis | Gate | What It Checks |
169
+ |------|------|----------------|
170
+ | **Task Origin Gate** | Who submitted? | Validates the user, session, or CI trigger against configured policies |
171
+ | **Action Risk Gate** | What will it do? | Classifies every action by risk (low / medium / high / critical) based on file scope, provider, and command |
172
+
173
+ Actions are automatically classified:
174
+ - **Low** — read-only, documentation, lint fixes — auto-approved
175
+ - **Medium** — isolated file edits — requires single approval
176
+ - **High** — cross-module refactors, dependency changes — requires peer approval
177
+ - **Critical** — production config, secrets, destructive operations — requires multi-party approval
178
+
179
+ ### Secrets Vault
180
+ Credentials are stored in the OS-native secure store:
181
+ - **macOS** — Keychain via `security` CLI
182
+ - **Windows** — Credential Manager via `cmdkey`
183
+ - **Linux** — AES-256-GCM encrypted file at `~/.speexor/vault.enc`
184
+
185
+ ### Session Guard
186
+ - **AFK auto-pause** — pauses agent sessions after a configurable period of keyboard inactivity
187
+ - **Budget enforcement** — hard-stops execution when per-session or per-project cost limits are reached
188
+ - **Idle timeout** — auto-terminates sessions that have no output for a configurable duration
189
+
190
+ ### Provider Error Retry
191
+ Provider failures (rate limits, timeouts, 5xx) are handled with:
192
+ - **Exponential backoff** — 1s, 2s, 4s, 8s, max 60s between retries
193
+ - **Automatic fallback** — switches to the configured fallback provider after exhausting retries
194
+ - Each retry and fallback event is logged for audit
195
+
196
+ ---
197
+
198
+ ## Extension Marketplace
199
+
200
+ Speexor supports community extensions published to npm under the `@speexor/ext-*` scope.
201
+
202
+ ```bash
203
+ # Search the marketplace
204
+ speexor ext search "gitlab"
205
+
206
+ # Install an extension
207
+ speexor ext install @speexor/ext-gitlab-tracker
208
+
209
+ # List installed extensions
210
+ speexor ext list
211
+
212
+ # Update all extensions
213
+ speexor ext update
214
+
215
+ # Remove an extension
216
+ speexor ext remove @speexor/ext-gitlab-tracker
217
+ ```
218
+
219
+ ### Plugin SDK (`@speexor/sdk`)
220
+
221
+ Build your own extensions:
222
+
223
+ ```bash
224
+ npm create @speexor/ext my-extension
225
+ cd my-extension
226
+ npm install
227
+ npm run build
228
+ npm publish
229
+ ```
230
+
231
+ The SDK provides:
232
+ - TypeScript types for all 7 plugin slots
233
+ - Extension scaffold generator (`npm create @speexor/ext`)
234
+ - Validation utilities matching the core Zod schemas
235
+ - Lifecycle hooks (`initialize`, `destroy`) for clean setup/teardown
236
+
237
+ ---
238
+
239
+ ## Interactive Dashboard
240
+
241
+ The built-in HTTP dashboard has been upgraded to **v2** with six panels:
242
+
243
+ | Panel | Description |
244
+ |-------|-------------|
245
+ | **Task Tree View** | Visual DAG of decomposed tasks with status, dependencies, and execution order |
246
+ | **Agent Fleet** | Live view of all running agents, their sessions, resource usage, and logs |
247
+ | **Approvals Inbox** | Pending governance approvals with risk classification and context |
248
+ | **Cost Panel** | Real-time cost accumulation per provider, project, and task node |
249
+ | **Decision Log** | Searchable history of governance decisions with confidence calibration |
250
+ | **Simple Mode** | Reduced UI for read-only monitoring — hides actions and approvals |
251
+
252
+ Accessibility: The dashboard targets WCAG 2.1 AA compliance with keyboard navigation, ARIA labels, and high-contrast mode support.
253
+
254
+ ```bash
255
+ speexor start https://github.com/your-org/your-repo --port 3000
256
+ # Open http://localhost:3000
257
+ ```
258
+
259
+ ---
260
+
261
+ ## Decision Quality Evaluation
262
+
263
+ Speexor logs every governance decision and can evaluate decision quality:
264
+
265
+ ```bash
266
+ # Run decision quality evaluation
267
+ speexor eval decisions
268
+ ```
269
+
270
+ This produces a **confidence calibration report** showing:
271
+ - Accuracy of risk classification vs. actual outcomes
272
+ - Decision latency distribution
273
+ - Auto-labeling quality metrics
274
+ - Recommendations for policy tuning
275
+
276
+ ---
277
+
113
278
  ## Plugin Architecture
114
279
 
115
280
  Speexor defines **7 plugin slots**. Each slot can have multiple implementations registered at startup.
@@ -126,6 +291,8 @@ Speexor defines **7 plugin slots**. Each slot can have multiple implementations
126
291
 
127
292
  Plugins implement `PluginModule` with a standard lifecycle (`initialize` / `destroy`) and receive typed access to the config, event bus, and logger through `PluginContext`.
128
293
 
294
+ Extensions published on the marketplace implement the same interface and are loaded dynamically at startup.
295
+
129
296
  ---
130
297
 
131
298
  ## CLI Reference
@@ -138,13 +305,57 @@ speexor <command> [options]
138
305
  |---------|-------------|
139
306
  | `start [repo]` | Initialize a project config and start the HTTP dashboard. Options: `--port`, `--name`, `--no-dashboard` |
140
307
  | `agent spawn --task <id>` | Spawn an agent for a GitHub issue. Options: `--agent` (opencode, claude-code, aider, codex) |
308
+ | `task submit <description>` | Submit a high-level task description for LLM-based decomposition into a DAG of sub-tasks |
141
309
  | `list` | List all projects and active agent statuses |
142
310
  | `stop <session-id>` | Stop an agent session safely |
143
311
  | `logs <session-id>` | Tail logs for an agent session. Options: `--follow`, `--lines` |
312
+ | `ext search <query>` | Search the extension marketplace for available extensions |
313
+ | `ext install <package>` | Install an extension from the marketplace |
314
+ | `ext list` | List all installed extensions |
315
+ | `ext update [package]` | Update all extensions or a specific one |
316
+ | `ext remove <package>` | Uninstall an extension |
317
+ | `config validate` | Validate configuration against the schema and run pending migrations |
318
+ | `eval decisions` | Run decision quality evaluation with confidence calibration report |
144
319
  | `config-help` | Print the full YAML config schema reference |
145
320
 
146
321
  ---
147
322
 
323
+ ## Testing & CI/CD
324
+
325
+ ### Test Suite
326
+
327
+ Speexor includes **19 test files** containing **~320 tests** across the following domains:
328
+
329
+ | Area | Files | Focus |
330
+ |------|-------|-------|
331
+ | Core | 6 | State management, config validation, event bus, session lifecycle |
332
+ | CLI | 4 | Command parsing, argument validation, output formatting |
333
+ | Plugins | 4 | Agent adapters, runtime backends, workspace isolation |
334
+ | Scheduler | 3 | DAG execution, parallelism, throttling, retry logic |
335
+ | Governance | 2 | Risk classification, approval workflow, budget enforcement |
336
+
337
+ Run the tests:
338
+
339
+ ```bash
340
+ npm test # Run all tests
341
+ npm run test:watch # Watch mode
342
+ npm run test:coverage # Coverage report (~90%)
343
+ ```
344
+
345
+ ### CI/CD Pipeline
346
+
347
+ GitHub Actions (`.github/workflows/ci.yml`) runs on every push and pull request:
348
+
349
+ | Stage | What It Does |
350
+ |-------|-------------|
351
+ | **Lint** | Biome check on `src/` |
352
+ | **Typecheck** | `tsc --noEmit` full project type validation |
353
+ | **Test** | Vitest with ~320 tests across all modules |
354
+ | **Build** | `tsup` production build |
355
+ | **Publish** | npm publish on tagged releases (`v*`) |
356
+
357
+ ---
358
+
148
359
  ## Examples
149
360
 
150
361
  A complete multi-project configuration with reaction rules is available in [`examples/basic.yaml`](./examples/basic.yaml).
@@ -158,6 +369,8 @@ A complete multi-project configuration with reaction rules is available in [`exa
158
369
  - [Behavior Spec (PRD 03)](./docs/PRD03.md)
159
370
  - [Design Docs (PRD 04)](./docs/PRD04.md)
160
371
  - [Specification (PRD 05)](./docs/PRD05.md)
372
+ - [Architecture Decision Records](./docs/adr/) — 5 ADRs covering key design decisions
373
+ - [Glossary](./GLOSSARY.md) — Canonical terminology reference
161
374
  - [Setup Guide](./docs/SETUP.md)
162
375
  - [Troubleshooting](./docs/TROUBLESHOOTING.md)
163
376
 
@@ -170,7 +383,8 @@ Speexor was created because existing agent orchestration tools were either tied
170
383
  - **Agent-agnostic** — run OpenCode, Claude Code, Aider, or Codex with the same CLI
171
384
  - **Lightweight** — zero external runtime dependencies beyond your agents and git
172
385
  - **Repository-native** — works with your existing GitHub repos, issues, and PR workflows
173
- - **Extensible** — swap any plugin slot with your own implementation
386
+ - **Extensible** — swap any plugin slot with your own implementation or install community extensions
387
+ - **Governance-ready** — built-in approval gates, cost controls, and audit logging for production use
174
388
 
175
389
  ---
176
390
 
package/REFACTOR-LOG.md CHANGED
@@ -1,40 +1,40 @@
1
- # Refactoring Log
2
-
3
- > Tracking significant architectural changes and refactoring decisions for Speexor.
4
-
5
- ## [2026-06-30] — Initial Implementation (v0.1.0)
6
-
7
- ### Context
8
- Initial implementation of the Agent Orchestrator based on PRD01.md. Built from scratch as `packages/speexor` in the speexjs monorepo.
9
-
10
- ### Decisions
11
- 1. **Plugin Architecture**: 7 fixed plugin slots (agent, runtime, workspace, tracker, scm, notifier, terminal) — inspired by AgentWrapper AO but with cleaner interface segregation
12
- 2. **Monorepo as Single Package**: Unlike AO's multi-package structure, v1 lives in a single `speexor` package with internal module separation. This reduces initial complexity while maintaining clean module boundaries via `src/` directories.
13
- 3. **TypeScript ESM Only**: No CJS support. The rest of speexjs ecosystem is ESM-first.
14
- 4. **Built-in HTTP Dashboard**: Using Node.js built-in `http` module instead of Express/NestJS to keep dependencies minimal for v1.
15
- 5. **No Dynamic Plugin Loading**: All built-in plugins are hardcoded in `loadAllPlugins()`. Dynamic loading from external packages is deferred to v2.
16
- 6. **Synchronous File I/O for State**: `SessionStore` uses `readFileSync`/`writeFileSync` for simplicity. Will migrate to async when performance requires it.
17
-
18
- ### Rebrand: Konduktor → Speexor
19
- The project was initially codenamed "Konduktor" internally. After initial implementation, renamed to "Speexor" to align with the SpeexJS brand ecosystem. All code identifiers, CLI names, config files, and documentation were updated.
20
-
21
- ### Patterns Established
22
- - `PluginModule` base interface with `initialize()`/`destroy()` lifecycle
23
- - Debug namespace pattern: `speexor:<module>:<submodule>`
24
- - Session ID format: `<prefix>-<task-id>-<timestamp>`
25
- - Worktree branch format: `speexor/<task-id>`
26
- - Config directory: `.speexor/` at project root
27
-
28
- ### Technical Debt
29
- - No test files yet (vitest configured but no tests written)
30
- - `getLiveStream()` throws "not implemented" in both runtime plugins
31
- - Terminal plugin has no implementation
32
- - Dashboard HTML is inline (hard to maintain)
33
- - Session store uses synchronous I/O
34
- - No dynamic plugin discovery mechanism
35
-
36
- ### What Worked Well
37
- - TypeScript strict mode caught several type errors during initial build
38
- - Event bus pattern cleanly decouples lifecycle from dashboard
39
- - Zod validation provides clear error messages for misconfigured YAML
40
- - Plugin interface design allows adding new providers without touching core
1
+ # Refactoring Log
2
+
3
+ > Tracking significant architectural changes and refactoring decisions for Speexor.
4
+
5
+ ## [2026-06-30] — Initial Implementation (v0.1.0)
6
+
7
+ ### Context
8
+ Initial implementation of the Agent Orchestrator based on PRD01.md. Built from scratch as `packages/speexor` in the speexjs monorepo.
9
+
10
+ ### Decisions
11
+ 1. **Plugin Architecture**: 7 fixed plugin slots (agent, runtime, workspace, tracker, scm, notifier, terminal) — inspired by AgentWrapper AO but with cleaner interface segregation
12
+ 2. **Monorepo as Single Package**: Unlike AO's multi-package structure, v1 lives in a single `speexor` package with internal module separation. This reduces initial complexity while maintaining clean module boundaries via `src/` directories.
13
+ 3. **TypeScript ESM Only**: No CJS support. The rest of speexjs ecosystem is ESM-first.
14
+ 4. **Built-in HTTP Dashboard**: Using Node.js built-in `http` module instead of Express/NestJS to keep dependencies minimal for v1.
15
+ 5. **No Dynamic Plugin Loading**: All built-in plugins are hardcoded in `loadAllPlugins()`. Dynamic loading from external packages is deferred to v2.
16
+ 6. **Synchronous File I/O for State**: `SessionStore` uses `readFileSync`/`writeFileSync` for simplicity. Will migrate to async when performance requires it.
17
+
18
+ ### Rebrand: Konduktor → Speexor
19
+ The project was initially codenamed "Konduktor" internally. After initial implementation, renamed to "Speexor" to align with the SpeexJS brand ecosystem. All code identifiers, CLI names, config files, and documentation were updated.
20
+
21
+ ### Patterns Established
22
+ - `PluginModule` base interface with `initialize()`/`destroy()` lifecycle
23
+ - Debug namespace pattern: `speexor:<module>:<submodule>`
24
+ - Session ID format: `<prefix>-<task-id>-<timestamp>`
25
+ - Worktree branch format: `speexor/<task-id>`
26
+ - Config directory: `.speexor/` at project root
27
+
28
+ ### Technical Debt
29
+ - No test files yet (vitest configured but no tests written)
30
+ - `getLiveStream()` throws "not implemented" in both runtime plugins
31
+ - Terminal plugin has no implementation
32
+ - Dashboard HTML is inline (hard to maintain)
33
+ - Session store uses synchronous I/O
34
+ - No dynamic plugin discovery mechanism
35
+
36
+ ### What Worked Well
37
+ - TypeScript strict mode caught several type errors during initial build
38
+ - Event bus pattern cleanly decouples lifecycle from dashboard
39
+ - Zod validation provides clear error messages for misconfigured YAML
40
+ - Plugin interface design allows adding new providers without touching core
package/ROADMAP.md CHANGED
@@ -2,48 +2,40 @@
2
2
 
3
3
  > Development roadmap for Speexor — Agent Orchestrator.
4
4
 
5
- ## Current Release: v0.1.0 (Foundation)
5
+ ## Current Release: v0.2.1 (Gap Analysis & Hardening)
6
6
 
7
7
  Completed milestones:
8
- - M0: Monorepo setup, core lifecycle, plugin contract types
9
- - M1: Single-agent E2E (OpenCode + tmux/process + git worktree)
10
- - M2: GitHub integration (tracker + SCM + reaction engine)
11
- - M3: Multi-agent adapters (Claude Code, Aider, Codex)
12
- - M4: Dashboard MVP (REST API + HTML frontend)
8
+ - M0: Monorepo setup, core lifecycle, plugin contract types
9
+ - M1: Single-agent E2E (OpenCode + tmux/process + git worktree)
10
+ - M2: GitHub integration (tracker + SCM + reaction engine)
11
+ - M3: Multi-agent adapters (Claude Code, Aider, Codex)
12
+ - M4: Dashboard MVP (REST API + HTML frontend)
13
+ - M5: Cost tracking & provider panel ✅
14
+ - M6: Polish & Documentation ✅
15
+ - M7: Recursive Task Decomposition (DAG planner) ✅
16
+ - M8: Parallel Scheduler (resource-aware) ✅
17
+ - M9: Governance & Approval (two-axis model) ✅
18
+ - M10: Extension Manager & SDK ✅
19
+ - M11: Security & Secrets Vault ✅
20
+ - M12: Interactive Dashboard v2 ✅
21
+ - M22a: Critical Fixes (sandbox, approval, worktree, depth split) ✅
22
+ - M22b: Major Fixes (config migration, eval, rollback, budget, retry, AFK) ✅
23
+ - M22c: Documentation Consolidation ✅
24
+ - **M13: Hardening & Cost Guard** — async store, sandbox security, getLiveStream, budget enforcement, TS strict zero errors ✅
13
25
 
14
26
  ## Upcoming Milestones
15
27
 
16
- ### M5Cost & Provider Panel (Target: Q3 2026)
17
- - Multi-provider routing config
18
- - Cost tracking per provider per project
19
- - Usage analytics dashboard panel
20
- - Provider fallback configuration UI
21
-
22
- ### M6 — Polish & Documentation (Target: Q3 2026)
23
- - Comprehensive test suite (Vitest + integration tests)
24
- - CI/CD pipeline setup
25
- - Open-source readiness review
26
- - Performance benchmarking
27
-
28
- ### M7 — Recursive Task Decomposition (Target: Q4 2026)
29
- - DAG-based task breakdown
30
- - Parallel sub-agent spawning
31
- - Task dependency resolution
32
- - Progress tracking across sub-tasks
33
- - Context window management
34
-
35
- ### M8 — Real-Time Terminal (Target: Q4 2026)
36
- - WebSocket-based live terminal streaming
28
+ ### M8Real-Time Terminal (Target: Q3 2026)
29
+ - WebSocket-based live terminal streaming (core streaming implemented)
37
30
  - xterm.js integration in dashboard
38
31
  - Terminal resize and interactive input
39
32
  - Session recording and replay
40
33
 
41
- ### M9 — Extension Marketplace (Target: Q1 2027)
42
- - Extension manifest format
43
- - Plugin SDK (@speexor/sdk)
34
+ ### M9 — Extension Marketplace (Target: Q4 2026)
44
35
  - Marketplace index (GitHub-based registry)
45
- - Extension install/update/remove lifecycle
36
+ - Extension lifecycle with sandbox gating
46
37
  - Permission system for extensions
38
+ - Skill manifest wrapper for ECC/affaan-m folders (FR-97)
47
39
 
48
40
  ### M10 — Advanced Security & Compliance (Target: Q1 2027)
49
41
  - End-to-end encryption for cross-device sync
@@ -61,18 +53,15 @@ Completed milestones:
61
53
  ## Themes
62
54
 
63
55
  ### 🎯 Short-term (Q3 2026)
64
- - Polish existing features
65
- - Test coverage >80%
66
- - Documentation completion
67
- - Cost tracking
56
+ - Real-time terminal WebSocket + xterm.js (M8)
57
+ - Extension Marketplace beta (M9)
58
+ - npm public release
59
+ - CI/CD pipeline active
68
60
 
69
61
  ### 🚀 Medium-term (Q4 2026)
70
- - Recursive task decomposition
71
- - Real-time terminal streaming
72
- - Advanced observability
62
+ - Extension Marketplace full (M9)
63
+ - Advanced security & compliance (M10)
73
64
 
74
65
  ### 🌟 Long-term (2027)
75
- - Extension marketplace
76
- - Plugin SDK for community
77
- - Multi-host distributed execution
78
- - Enterprise security features
66
+ - Multi-host distributed execution (M11)
67
+ - Plugin SDK community adoption