trantor 0.17.31 → 0.17.32

package/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "trantor",
-  "version": "0.17.31",
+  "version": "0.17.32",
   "description": "Trantor — the hub-world for AI agent crews: live message bus, presence, project Kanban/flow board + crew orchestration for independent AI coding agents (Claude, Codex, Gemini, Kimi, DeepSeek)",
   "mcpServers": {
     "relay": {

package/bin/cli.mjs

@@ -27,6 +27,7 @@ switch (cmd) {
   case "watch":   run("bin/relay-watch.mjs"); break;
   case "catchup": run("bin/catchup.mjs"); break;
   case "agents":  run("bin/agents.mjs"); break;
+  case "gates":   run("bin/gates.mjs"); break;
   case "backfill": run("bin/git-backfill.mjs"); break;
   case "handoff": run("bin/baton.mjs"); break;
   case "ui": {
@@ -50,6 +51,7 @@ switch (cmd) {
   trantor ui          open the live dashboard (board + flow views)
   trantor catchup     "where are we?" — the continuous board + git, with a synthesized brief
   trantor agents      what this session's sub-agents did (task · returned? · files written · survived on disk) — [<sessionId>] [--json]
+  trantor gates       verification gates: "must verify before shipping" claims that survive handoffs — [--all] [--json]
   trantor backfill    card past GIT work onto the board (solo commits that were never carded) — [--since "14 days ago"] [--dry-run]
   trantor handoff     finish this session NOW: write a handoff, open a fresh session that takes over, and close this one (manual baton)
   trantor advise      ask the Advisor directly (JSON on stdin; --demo to see it)

package/bin/gates.mjs

@@ -0,0 +1,41 @@
+#!/usr/bin/env node
+// trantor gates [--all] [--json] — verification gates for THIS project: structured "must verify
+// before shipping" claims that survive handoffs and surface to whoever takes over. Open by default;
+// --all includes resolved ones. Set/resolve gates from inside a session via the relay_verify_gate tool.
+import { readFileSync } from "node:fs";
+import { join } from "node:path";
+import { homedir } from "node:os";
+import { resolveProject } from "../lib/project.mjs";
+
+const args = process.argv.slice(2);
+const all = args.includes("--all");
+const asJson = args.includes("--json");
+
+function relayUrl() {
+  if (process.env.RELAY_URL) return process.env.RELAY_URL;
+  try { const u = JSON.parse(readFileSync(join(homedir(), ".agent-bus", "config.json"), "utf8")).url; if (u) return u; } catch {}
+  return "http://127.0.0.1:4477";
+}
+
+const project = resolveProject(process.cwd());
+const url = `${relayUrl()}/verify-gates?project=${encodeURIComponent(project)}${all ? "&all=1" : ""}`;
+let gates = [];
+try {
+  const r = await fetch(url, { signal: AbortSignal.timeout(2500) });
+  gates = (await r.json()).gates || [];
+} catch {
+  console.error(`could not reach the hub at ${relayUrl()} — is it running? (trantor setup / trantor hub)`);
+  process.exit(1);
+}
+
+if (asJson) { process.stdout.write(JSON.stringify(gates, null, 2) + "\n"); process.exit(0); }
+if (!gates.length) { console.log(`${project}: no ${all ? "" : "open "}verification gates`); process.exit(0); }
+
+console.log(`${project} — ${gates.length} ${all ? "" : "open "}verification gate(s):`);
+for (const g of gates) {
+  const badge = g.status === "open" ? "⚠️ OPEN" : `✓ ${g.status}`;
+  console.log(`\n#${g.id}  ${badge}  ${g.claim}`);
+  if (g.why) console.log(`    why: ${g.why}`);
+  if (g.howToVerify) console.log(`    how: ${g.howToVerify}`);
+  if (g.status !== "open" && g.resolvedNote) console.log(`    resolved: ${g.resolvedNote}`);
+}

package/hooks/lib/handoff.mjs

@@ -227,6 +227,15 @@ export function writeHandoff({ projectDir, sessionId, transcript, trigger, summa
   // baked copy is just orientation if the live command isn't available. Best-effort; never throws.
   let subagents = null;
   try { subagents = deriveSubagentManifest(transcript, { projectRoot: projectDir }); } catch {}
+  // Open verification gates for this project — structured "must verify before shipping" claims that
+  // MUST survive the handoff (a narrative line gets skimmed past; this is what the v0.17.31 incident
+  // taught — the "verify Gail coefficients" intent vanished into prose). Fetched synchronously from
+  // the local hub; best-effort, never blocks the handoff.
+  let verifyGates = [];
+  try {
+    const out = execSync(`curl -s --max-time 2 ${JSON.stringify(relayUrl() + "/verify-gates?project=" + encodeURIComponent(projectName))}`, { encoding: "utf8", timeout: 2500 });
+    verifyGates = JSON.parse(out).gates || [];
+  } catch {}
   const record = {
     id: `${projectName}-${stamp}`,
     project: projectDir, projectName, machine: hostname(),
@@ -234,7 +243,7 @@ export function writeHandoff({ projectDir, sessionId, transcript, trigger, summa
     transcript_path: transcript || "", stamp: Number(stamp) || 0,
     // narrative + a verbatim recent-exchange block so exact in-flight state always survives
     summary: narrative + (tail ? `\n\n---\n## Verbatim recent exchange (exact in-flight state — continue from here)\n${tail}` : ""),
-    gitStatus, subagents, consumed: false,
+    gitStatus, subagents, verifyGates, consumed: false,
   };
   const file = join(HANDOFF_DIR, `${record.id}.json`);
   writeFileSync(file, JSON.stringify(record, null, 2));

package/hooks/sessionstart.mjs

@@ -197,6 +197,19 @@ try {
     process.stderr.write(`[trantor] ${isCompact ? "showing (not claiming, compact)" : "loaded"} pending handoff ${handoff.id}\n`);
     additionalContext += `<trantor-handoff id="${sanitize(handoff.id)}" from="${sanitize(handoff.machine)}" trigger="${sanitize(handoff.trigger)}">\n`;
     additionalContext += `🔄 **You are taking over from a prior session that hit its context limit.** This is a fresh full window. Resume the work below — the prior session's summary, git state, and a pointer to its full transcript (searchable; Foundation/Gaia has it ingested) follow. Continue from "OPEN THREADS & NEXT STEPS"; do not restart from scratch.\n\n`;
+    // Verification gates FIRST — these are structured "must verify before shipping" claims the prior
+    // session couldn't independently prove. They go above the summary on purpose: a safety-critical
+    // check must not be skimmed past (the lesson of the lost "verify Gail coefficients" intent).
+    if (Array.isArray(handoff.verifyGates) && handoff.verifyGates.length) {
+      additionalContext += `## ⚠️ UNVERIFIED — verify before shipping (${handoff.verifyGates.length})\n`;
+      additionalContext += `The prior session flagged these as NOT independently verified. Do NOT commit or ship the related work until each is verified (or explicitly waived WITH the user) — passing the author's own tests is not verification. Resolve via the \`relay_verify_gate\` tool (action "resolve") once checked.\n`;
+      for (const g of handoff.verifyGates) {
+        additionalContext += `- **#${sanitize(String(g.id))}: ${sanitize(g.claim)}**${g.why ? ` — ${sanitize(g.why)}` : ""}`;
+        if (g.howToVerify) additionalContext += `\n    how to verify: ${sanitize(g.howToVerify)}`;
+        additionalContext += `\n`;
+      }
+      additionalContext += `\n`;
+    }
     additionalContext += `## Handoff summary\n${sanitize(handoff.summary)}\n`;
     if (handoff.gitStatus) additionalContext += `\n## Git working-tree at handoff\n\`\`\`\n${sanitize(handoff.gitStatus)}\n\`\`\`\n`;
     // Sub-agent manifest: LIVE-primary, snapshot-as-fallback. The prior session may have had

package/hub.mjs

@@ -50,11 +50,11 @@ function scanTelemetry() {
 
 // peers: { session: { lastSeen, status, project } } ; tasks: kanban cards
 // projectMeta: { project: { brief, by, updated } } — the "what & why" blurb per project
-let state = { messages: [], peers: {}, seq: 0, tasks: [], taskSeq: 0, projectMeta: {}, lessons: [], cardEvents: [], cardEventsBackfilled: false, aliases: {}, phaseMeta: {} };
+let state = { messages: [], peers: {}, seq: 0, tasks: [], taskSeq: 0, projectMeta: {}, lessons: [], cardEvents: [], cardEventsBackfilled: false, aliases: {}, phaseMeta: {}, verifyGates: [], verifyGateSeq: 0 };
 try {
   if (existsSync(DATA)) {
     const loaded = JSON.parse(readFileSync(DATA, "utf8"));
-    state = { messages: loaded.messages || [], peers: {}, seq: loaded.seq || 0, tasks: loaded.tasks || [], taskSeq: loaded.taskSeq || 0, projectMeta: loaded.projectMeta || {}, lessons: loaded.lessons || [], cardEvents: Array.isArray(loaded.cardEvents) ? loaded.cardEvents : [], cardEventsBackfilled: !!loaded.cardEventsBackfilled, aliases: (loaded.aliases && typeof loaded.aliases === "object") ? loaded.aliases : {}, phaseMeta: (loaded.phaseMeta && typeof loaded.phaseMeta === "object") ? loaded.phaseMeta : {} };
+    state = { messages: loaded.messages || [], peers: {}, seq: loaded.seq || 0, tasks: loaded.tasks || [], taskSeq: loaded.taskSeq || 0, projectMeta: loaded.projectMeta || {}, lessons: loaded.lessons || [], cardEvents: Array.isArray(loaded.cardEvents) ? loaded.cardEvents : [], cardEventsBackfilled: !!loaded.cardEventsBackfilled, aliases: (loaded.aliases && typeof loaded.aliases === "object") ? loaded.aliases : {}, phaseMeta: (loaded.phaseMeta && typeof loaded.phaseMeta === "object") ? loaded.phaseMeta : {}, verifyGates: Array.isArray(loaded.verifyGates) ? loaded.verifyGates : [], verifyGateSeq: loaded.verifyGateSeq || 0 };
     for (const [s, v] of Object.entries(loaded.peers || {})) // migrate old numeric form
       state.peers[s] = typeof v === "number" ? { lastSeen: v, status: "", project: "" } : { lastSeen: v.lastSeen || 0, status: v.status || "", project: v.project || "" };
   }
@@ -487,6 +487,34 @@ const server = http.createServer(async (req, res) => {
       if (state.lessons.length > 500) state.lessons.splice(0, 100);
       dirty = true; return json(res, 200, { ok: true, count: state.lessons.length });
     }
+    // --- verification gates: structured "must verify before shipping" claims that travel with
+    // handoffs and surface PROMINENTLY to whoever takes over (so a safety-critical check can't be
+    // skimmed past in narrative prose — the "verify Gail coefficients" intent that got lost). ---
+    if (req.method === "POST" && P === "/verify-gate") {
+      const b = await body(req); touch(b.by, undefined, b.project);
+      const project = canon(String(b.project || "").slice(0, 80));
+      if (b.resolve) {
+        const g = state.verifyGates.find(x => x.id === Number(b.id) && x.project === project);
+        if (!g) return json(res, 404, { error: "gate not found" });
+        g.status = ["verified", "failed", "waived"].includes(b.status) ? b.status : "verified";
+        g.resolvedBy = b.by || ""; g.resolvedNote = String(b.note || "").slice(0, 300); g.resolvedTs = now();
+        dirty = true; return json(res, 200, { ok: true, gate: g });
+      }
+      const claim = String(b.claim || "").trim().slice(0, 300);
+      if (!claim) return json(res, 400, { error: "claim required" });
+      const dup = state.verifyGates.find(x => x.project === project && x.claim === claim && x.status === "open");
+      if (dup) return json(res, 200, { ok: true, gate: dup, dedup: true });
+      const g = { id: ++state.verifyGateSeq, project, claim, why: String(b.why || "").slice(0, 300),
+        howToVerify: String(b.howToVerify || "").slice(0, 300), status: "open", by: b.by || "", ts: now() };
+      state.verifyGates.push(g); if (state.verifyGates.length > 500) state.verifyGates.splice(0, 100);
+      dirty = true; return json(res, 200, { ok: true, gate: g });
+    }
+    if (req.method === "GET" && P === "/verify-gates") {
+      const project = canon(String(q.project || ""));
+      let gates = state.verifyGates.filter(g => !project || g.project === project);
+      if (q.all !== "1") gates = gates.filter(g => g.status === "open");
+      return json(res, 200, { gates });
+    }
     if (req.method === "GET" && P === "/economics") {   // the brain's books, surfaced: scrooge ledger + quota profile
       const out = { scrooge: null, lifetime: null, profile: null };
       try { out.profile = JSON.parse(readFileSync(join(homedir(), ".agent-bus", "profile.json"), "utf8")).providers || {}; } catch {}

package/mcp.mjs

@@ -105,6 +105,32 @@ server.tool("relay_lesson", "Record a LESSON learned from a failure so future cr
     return { content: [{ type: "text", text: r.dedup ? "lesson already recorded" : `lesson recorded (${r.count} total)` }] };
   });
 
+server.tool("relay_verify_gate", "Record a VERIFICATION GATE — a claim that MUST be independently verified before the related work ships (e.g. 'Gail breast coefficients match the published BCRAT model'). Unlike a note buried in a handoff narrative, a gate is STRUCTURED: it travels with handoffs and is shown PROMINENTLY to whoever takes over, so a safety-critical 'verify before commit' can't be skimmed past. action 'add' when you produce code whose correctness you have NOT independently proven (especially formulas/coefficients/security/data-shape); 'resolve' once you've verified it (or waived with the user); 'list' to see open gates. Defaults to THIS project.",
+  { action: z.enum(["add", "resolve", "list"]).describe("add a gate · resolve one · list open gates"),
+    claim: z.string().optional().describe("what must be verified (required for add) — a specific, checkable claim"),
+    why: z.string().optional().describe("why it matters / the risk if it ships unverified"),
+    howToVerify: z.string().optional().describe("the concrete check that would verify it (source to cross-check, command to run)"),
+    id: z.number().optional().describe("gate id to resolve"),
+    status: z.string().optional().describe("resolve status: 'verified' (default) | 'failed' | 'waived'"),
+    note: z.string().optional().describe("resolution note (what you checked / why waived)"),
+    project: z.string().optional().describe("target project (default: this session's project)") },
+  async ({ action, claim, why, howToVerify, id, status, note, project }) => {
+    const proj = project || PROJECT;
+    if (action === "list") {
+      const { gates } = await api("GET", `/verify-gates?project=${encodeURIComponent(proj)}`);
+      if (!gates || !gates.length) return { content: [{ type: "text", text: `${proj}: no open verification gates` }] };
+      return { content: [{ type: "text", text: gates.map(g => `#${g.id} ⚠️ ${g.claim}${g.why ? ` — ${g.why}` : ""}`).join("\n") }] };
+    }
+    if (action === "resolve") {
+      if (!id) return { content: [{ type: "text", text: "id required to resolve a gate" }] };
+      const r = await api("POST", "/verify-gate", { resolve: true, id, status: status || "verified", note, project: proj, by: SESSION });
+      return { content: [{ type: "text", text: r.error ? `error: ${r.error}` : `gate #${id} resolved (${r.gate?.status || status || "verified"})` }] };
+    }
+    if (!claim) return { content: [{ type: "text", text: "claim required to add a gate" }] };
+    const r = await api("POST", "/verify-gate", { claim, why, howToVerify, project: proj, by: SESSION });
+    return { content: [{ type: "text", text: r.dedup ? `gate already open (#${r.gate.id})` : `🔒 verification gate #${r.gate.id} recorded — surfaces on every handoff until you resolve it` }] };
+  });
+
 server.tool("relay_board", "Show a project's Kanban board (all cards + their status + assignee). Defaults to THIS project; pass `project` to read a crew board you orchestrate from elsewhere.",
   { project: z.string().optional().describe("board to show (default: this session's project)") },
   async ({ project }) => {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "trantor",
-  "version": "0.17.31",
+  "version": "0.17.32",
   "type": "module",
   "bin": {
     "trantor": "bin/cli.mjs"