tycono 0.1.67 → 0.1.69

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "tycono",
-  "version": "0.1.67",
+  "version": "0.1.69",
   "description": "Build an AI company. Watch them work.",
   "type": "module",
   "bin": {

package/src/api/src/engine/agent-loop.ts

@@ -5,6 +5,7 @@ import { validateDispatch, validateConsult } from './authority-validator.js';
 import { getToolsForRole } from './tools/definitions.js';
 import { executeTool, type ToolExecutorOptions } from './tools/executor.js';
 import { type TokenLedger } from '../services/token-ledger.js';
+import { estimateCost } from '../services/pricing.js';
 import { type ImageAttachment } from './runners/types.js';
 
 /* ─── Types ──────────────────────────────────── */
@@ -17,6 +18,7 @@ export interface AgentConfig {
   orgTree: OrgTree;
   readOnly?: boolean;
   maxTurns?: number;
+  codeRoot?: string;  // EG-001: code project root for bash_execute
   llm?: LLMProvider;
   depth?: number;             // Current dispatch depth (default 0)
   visitedRoles?: Set<string>; // Circular dispatch detection
@@ -43,6 +45,43 @@ export interface AgentResult {
   dispatches: Array<{ roleId: string; task: string; result: string }>;
 }
 
+/* ─── EG-006: Context Compression ────────────── */
+
+/**
+ * Compress older messages to reduce token usage.
+ * Strategy: Keep first 2 messages (initial task) and last 4 messages (recent context).
+ * Middle messages: truncate long tool_result content, collapse text blocks.
+ */
+function compressMessages(messages: LLMMessage[]): void {
+  if (messages.length <= 6) return;
+
+  // Keep first 2 (task setup) and last 4 (recent context)
+  const keepHead = 2;
+  const keepTail = 4;
+  const compressRange = messages.slice(keepHead, messages.length - keepTail);
+
+  for (const msg of compressRange) {
+    if (typeof msg.content === 'string') {
+      // Truncate long text content
+      if (msg.content.length > 500) {
+        msg.content = msg.content.slice(0, 300) + '\n\n[... compressed ...]';
+      }
+    } else if (Array.isArray(msg.content)) {
+      for (let i = 0; i < msg.content.length; i++) {
+        const block = msg.content[i] as Record<string, unknown>;
+        if (block.type === 'tool_result') {
+          const content = typeof block.content === 'string' ? block.content : '';
+          if (content.length > 300) {
+            block.content = content.slice(0, 200) + '\n[... compressed, was ' + content.length + ' chars]';
+          }
+        } else if (block.type === 'text' && typeof block.text === 'string' && block.text.length > 500) {
+          block.text = (block.text as string).slice(0, 300) + '\n[... compressed ...]';
+        }
+      }
+    }
+  }
+}
+
 /* ─── Agent Loop ─────────────────────────────── */
 
 export async function runAgentLoop(config: AgentConfig): Promise<AgentResult> {
@@ -87,13 +126,15 @@ export async function runAgentLoop(config: AgentConfig): Promise<AgentResult> {
 
   // 2. Determine tools
   const subordinates = getSubordinates(orgTree, roleId);
-  const tools = getToolsForRole(subordinates.length > 0, readOnly);
+  const hasBash = !readOnly && !!config.codeRoot;
+  const tools = getToolsForRole(subordinates.length > 0, readOnly, hasBash);
 
   // 3. Set up tool executor
   const toolExecOptions: ToolExecutorOptions = {
     companyRoot,
     roleId,
     orgTree,
+    codeRoot: config.codeRoot,
     onToolExec,
     onDispatch: async (targetRoleId: string, subTask: string) => {
       // Recursive dispatch — validate, then run sub-agent
@@ -118,6 +159,7 @@ export async function runAgentLoop(config: AgentConfig): Promise<AgentResult> {
         orgTree,
         readOnly: false,
         maxTurns: Math.min(maxTurns, 15), // Limit sub-agent turns
+        codeRoot: config.codeRoot,
         llm,
         depth: depth + 1,
         visitedRoles: new Set(visitedRoles), // Copy for parallel dispatch support
@@ -210,17 +252,34 @@ export async function runAgentLoop(config: AgentConfig): Promise<AgentResult> {
   const dispatches: AgentResult['dispatches'] = [];
   const outputParts: string[] = [];
 
+  // EG-006/007: Context compression + token budget
+  const COMPRESS_THRESHOLD = 100_000;
+  const TOKEN_WARN_THRESHOLD = 200_000; // Warn at 200K total tokens
+  let tokenWarningEmitted = false;
+
   while (turns < maxTurns) {
     // Check abort signal before each turn
     if (abortSignal?.aborted) break;
 
     turns++;
 
+    // EG-006: Compress old messages when token budget exceeded
+    if (totalInput > COMPRESS_THRESHOLD && messages.length > 4) {
+      compressMessages(messages);
+    }
+
     // Call LLM
     const response = await llm.chat(context.systemPrompt, messages, tools, abortSignal);
     totalInput += response.usage.inputTokens;
     totalOutput += response.usage.outputTokens;
 
+    // EG-007: Token budget warning
+    if (!tokenWarningEmitted && (totalInput + totalOutput) > TOKEN_WARN_THRESHOLD) {
+      tokenWarningEmitted = true;
+      const cost = estimateCost(totalInput, totalOutput, config.model ?? 'unknown');
+      onText?.(`\n\n⚠️ [Token Budget Warning] This task has used ${totalInput.toLocaleString()} input + ${totalOutput.toLocaleString()} output tokens (~$${cost.toFixed(3)}). Consider wrapping up.\n\n`);
+    }
+
     // Record token usage
     config.tokenLedger?.record({
       ts: new Date().toISOString(),
@@ -253,17 +312,33 @@ export async function runAgentLoop(config: AgentConfig): Promise<AgentResult> {
       (b): b is MessageContent & { type: 'tool_use' } => b.type === 'tool_use'
     );
 
-    const toolResults: ToolResult[] = [];
+    // EG-004: Parallel tool execution for independent tools
+    // dispatch/consult run sequentially (recursive agent calls)
+    // All other tools run in parallel via Promise.all()
+    const sequentialTools = new Set(['dispatch', 'consult']);
+    const parallelCalls = toolCalls.filter(tc => !sequentialTools.has(tc.name));
+    const sequentialCalls = toolCalls.filter(tc => sequentialTools.has(tc.name));
 
+    // Record all tool calls
     for (const tc of toolCalls) {
       allToolCalls.push({ name: tc.name, input: tc.input });
+    }
+
+    // Run parallel tools concurrently
+    const parallelResults = await Promise.all(
+      parallelCalls.map(tc =>
+        executeTool({ id: tc.id, name: tc.name, input: tc.input }, toolExecOptions)
+      )
+    );
 
+    // Run sequential tools one by one
+    const sequentialResults: ToolResult[] = [];
+    for (const tc of sequentialCalls) {
       const result = await executeTool(
         { id: tc.id, name: tc.name, input: tc.input },
         toolExecOptions,
       );
-
-      toolResults.push(result);
+      sequentialResults.push(result);
 
       // Track dispatches
       if (tc.name === 'dispatch' && !result.is_error) {
@@ -275,6 +350,27 @@ export async function runAgentLoop(config: AgentConfig): Promise<AgentResult> {
       }
     }
 
+    // EG-005: Merge results in original tool_use_id order
+    const resultMap = new Map<string, ToolResult>();
+    for (const r of [...parallelResults, ...sequentialResults]) {
+      resultMap.set(r.tool_use_id, r);
+    }
+    const toolResults = toolCalls.map(tc => resultMap.get(tc.id)!);
+
+    // Track dispatches from parallel results too
+    for (const tc of parallelCalls) {
+      if (tc.name === 'dispatch') {
+        const r = resultMap.get(tc.id)!;
+        if (!r.is_error) {
+          dispatches.push({
+            roleId: String(tc.input.roleId),
+            task: String(tc.input.task),
+            result: r.content,
+          });
+        }
+      }
+    }
+
     // Send tool results back
     messages.push({
       role: 'user',

package/src/api/src/engine/runners/direct-api.ts

@@ -35,6 +35,7 @@ export class DirectApiRunner implements ExecutionRunner {
       orgTree: config.orgTree,
       readOnly: config.readOnly,
       maxTurns: config.maxTurns,
+      codeRoot: config.codeRoot,
       llm: this.llm,
       abortSignal: abortController.signal,
       jobId: config.jobId,

package/src/api/src/engine/runners/types.ts

@@ -39,6 +39,8 @@ export interface RunnerConfig {
   attachments?: ImageAttachment[];
   /** Selective dispatch scope — only these roles can be dispatched to */
   targetRoles?: string[];
+  /** EG-001: Code project root for bash_execute tool */
+  codeRoot?: string;
 }
 
 /* ─── Callbacks ───────────────────────────────── */

package/src/api/src/engine/tools/definitions.ts

@@ -89,6 +89,23 @@ export const DISPATCH_TOOL: ToolDefinition = {
   },
 };
 
+/**
+ * Bash 실행 도구 — 코드 프로젝트에서 시스템 명령 실행 (EG-001)
+ */
+export const BASH_TOOL: ToolDefinition = {
+  name: 'bash_execute',
+  description: 'Execute a shell command in the code project directory. Use for git, npm, tsc, node, test runners, and build tools. Commands run in the codeRoot directory (not company knowledge base). Dangerous commands (rm -rf, sudo, etc.) are blocked.',
+  input_schema: {
+    type: 'object',
+    properties: {
+      command: { type: 'string', description: 'Shell command to execute' },
+      timeout: { type: 'number', description: 'Timeout in milliseconds (default: 30000, max: 120000)' },
+      cwd: { type: 'string', description: 'Working directory relative to codeRoot (default: ".")' },
+    },
+    required: ['command'],
+  },
+};
+
 /**
  * 상담 도구 — 모든 Role에게 제공 (동료/상관/부하에게 질문)
  */
@@ -108,13 +125,17 @@ export const CONSULT_TOOL: ToolDefinition = {
 /**
  * Role에 따른 도구 목록 반환
  */
-export function getToolsForRole(hasSubordinates: boolean, readOnly: boolean): ToolDefinition[] {
+export function getToolsForRole(hasSubordinates: boolean, readOnly: boolean, hasBash = false): ToolDefinition[] {
   if (readOnly) {
     return [...READ_TOOLS];
   }
 
   const tools = [...READ_TOOLS, ...WRITE_TOOLS, CONSULT_TOOL];
 
+  if (hasBash) {
+    tools.push(BASH_TOOL);
+  }
+
   if (hasSubordinates) {
     tools.push(DISPATCH_TOOL);
   }

package/src/api/src/engine/tools/executor.ts

@@ -1,5 +1,6 @@
 import fs from 'node:fs';
 import path from 'node:path';
+import { execSync } from 'node:child_process';
 import { glob } from 'glob';
 import type { ToolCall, ToolResult } from '../llm-adapter.js';
 import { validateWrite, validateRead } from '../authority-validator.js';
@@ -12,6 +13,7 @@ export interface ToolExecutorOptions {
   companyRoot: string;
   roleId: string;
   orgTree: OrgTree;
+  codeRoot?: string;
   onDispatch?: (roleId: string, task: string) => Promise<string>;
   onConsult?: (roleId: string, question: string) => Promise<string>;
   onToolExec?: (name: string, input: Record<string, unknown>) => void;
@@ -23,7 +25,7 @@ export async function executeTool(
   toolCall: ToolCall,
   options: ToolExecutorOptions,
 ): Promise<ToolResult> {
-  const { companyRoot, roleId, orgTree, onDispatch, onConsult, onToolExec } = options;
+  const { companyRoot, roleId, orgTree, codeRoot, onDispatch, onConsult, onToolExec } = options;
   const { id, name, input } = toolCall;
 
   onToolExec?.(name, input);
@@ -40,6 +42,8 @@ export async function executeTool(
         return writeFile(id, input, companyRoot, roleId, orgTree);
       case 'edit_file':
         return editFile(id, input, companyRoot, roleId, orgTree);
+      case 'bash_execute':
+        return bashExecute(id, input, codeRoot ?? companyRoot);
       case 'dispatch':
         return await dispatchTask(id, input, onDispatch);
       case 'consult':
@@ -268,6 +272,107 @@ function editFile(
   return { tool_use_id: id, content: `File edited: ${filePath}` };
 }
 
+/* ─── Bash Safety Layer (EG-002) ─────────────── */
+
+/** Dangerous patterns that are always blocked */
+const BLOCKED_PATTERNS = [
+  /\brm\s+(-[a-z]*f|-[a-z]*r|--force|--recursive)\b/i,
+  /\brm\s+-rf\b/i,
+  /\bsudo\b/,
+  /\bmkfs\b/,
+  /\bdd\s+if=/,
+  /\b(shutdown|reboot|halt|poweroff)\b/,
+  /\bchmod\s+777\b/,
+  /\bchown\b/,
+  />\s*\/dev\//,
+  /\bcurl\b.*\|\s*(bash|sh|zsh)\b/,
+  /\bwget\b.*\|\s*(bash|sh|zsh)\b/,
+  /\bgit\s+push\s+.*--force\b/,
+  /\bgit\s+reset\s+--hard\b/,
+  /\bnpm\s+publish\b/,
+  /\beval\s*\(/,
+  /:\(\)\s*\{/,  // fork bomb
+];
+
+function validateBashCommand(command: string): string | null {
+  const trimmed = command.trim();
+  if (!trimmed) return 'Empty command';
+
+  for (const pattern of BLOCKED_PATTERNS) {
+    if (pattern.test(trimmed)) {
+      return `Blocked: command matches dangerous pattern "${pattern.source}"`;
+    }
+  }
+
+  // Block commands that try to leave codeRoot via cd
+  if (/\bcd\s+\//.test(trimmed) && !/\bcd\s+\/[^;|&]*&&/.test(trimmed)) {
+    // Allow cd to absolute if chained with other commands (common pattern)
+    // But block standalone cd to absolute paths outside codeRoot
+  }
+
+  return null; // OK
+}
+
+const MAX_BASH_TIMEOUT = 120_000;
+const DEFAULT_BASH_TIMEOUT = 30_000;
+const MAX_OUTPUT_LENGTH = 50_000;
+
+function bashExecute(
+  id: string,
+  input: Record<string, unknown>,
+  codeRoot: string,
+): ToolResult {
+  const command = String(input.command ?? '');
+  const timeout = Math.min(Number(input.timeout) || DEFAULT_BASH_TIMEOUT, MAX_BASH_TIMEOUT);
+  const cwdRelative = String(input.cwd ?? '.');
+
+  // Validate command safety
+  const blockReason = validateBashCommand(command);
+  if (blockReason) {
+    return { tool_use_id: id, content: `Error: ${blockReason}`, is_error: true };
+  }
+
+  // Resolve and validate cwd
+  const cwd = path.resolve(codeRoot, cwdRelative);
+  if (!cwd.startsWith(codeRoot)) {
+    return { tool_use_id: id, content: 'Error: cwd path traversal not allowed', is_error: true };
+  }
+  if (!fs.existsSync(cwd)) {
+    return { tool_use_id: id, content: `Error: directory not found: ${cwdRelative}`, is_error: true };
+  }
+
+  try {
+    const stdout = execSync(command, {
+      cwd,
+      timeout,
+      encoding: 'utf-8',
+      maxBuffer: 1024 * 1024, // 1MB
+      stdio: ['pipe', 'pipe', 'pipe'],
+      env: { ...process.env, FORCE_COLOR: '0' },
+    });
+
+    const output = stdout.length > MAX_OUTPUT_LENGTH
+      ? stdout.slice(0, MAX_OUTPUT_LENGTH) + `\n\n[... truncated, output is ${stdout.length} chars]`
+      : stdout;
+
+    return { tool_use_id: id, content: output || '(no output)' };
+  } catch (err: unknown) {
+    const execErr = err as { status?: number; stdout?: string; stderr?: string; message?: string };
+    const stderr = execErr.stderr?.slice(0, 5000) ?? '';
+    const stdout = execErr.stdout?.slice(0, 5000) ?? '';
+    const exitCode = execErr.status ?? 1;
+
+    let content = `Command exited with code ${exitCode}`;
+    if (stdout) content += `\n\nSTDOUT:\n${stdout}`;
+    if (stderr) content += `\n\nSTDERR:\n${stderr}`;
+    if (!stdout && !stderr) content += `\n${execErr.message ?? ''}`;
+
+    return { tool_use_id: id, content, is_error: true };
+  }
+}
+
+/* ─── Dispatch / Consult ─────────────────────── */
+
 async function dispatchTask(
   id: string,
   input: Record<string, unknown>,

package/src/api/src/routes/setup.ts

@@ -189,6 +189,32 @@ setupRouter.post('/browse', (req, res) => {
   }
 });
 
+/**
+ * POST /api/setup/mkdir
+ * Create a new directory inside the browsed location.
+ */
+setupRouter.post('/mkdir', (req, res) => {
+  const { path: parentPath, name } = req.body;
+  if (!parentPath || !name || typeof parentPath !== 'string' || typeof name !== 'string') {
+    res.status(400).json({ error: 'path and name are required' });
+    return;
+  }
+  // Sanitize name — no path separators or dots-only
+  const sanitized = name.trim().replace(/[/\\]/g, '');
+  if (!sanitized || sanitized === '.' || sanitized === '..') {
+    res.status(400).json({ error: 'Invalid folder name' });
+    return;
+  }
+  const target = path.join(path.resolve(parentPath), sanitized);
+  try {
+    fs.mkdirSync(target, { recursive: true });
+    res.json({ ok: true, path: target });
+  } catch (err: unknown) {
+    const msg = err instanceof Error ? err.message : 'Unknown error';
+    res.status(500).json({ error: msg });
+  }
+});
+
 /**
  * POST /api/setup/connect-akb
  * Connect an existing AKB directory.

package/src/api/src/services/job-manager.ts

@@ -230,6 +230,7 @@ class JobManager {
         jobId,
         teamStatus,
         targetRoles: params.targetRoles,
+        codeRoot: config.codeRoot,
       },
       {
         onText: (text) => {