agent/CODEX.md

# CODEX.md

Instructions for OpenAI Codex when working in the Core ecosystem.

## MCP Tools Available

You have access to core-agent MCP tools. Use them:

- `brain_recall` — Search OpenBrain for context about any package, pattern, or decision
- `brain_remember` — Store what you learn for other agents (Claude, Gemini, future LEM)
- `agentic_dispatch` — Dispatch tasks to other agents
- `agentic_status` — Check agent workspace status

**ALWAYS `brain_remember` significant findings** — your deep analysis of package internals, error patterns, security observations. This builds the shared knowledge base.

## Core Ecosystem Conventions

### Go Packages (forge.lthn.ai/core/*)

- **Error handling**: `coreerr.E("pkg.Method", "what failed", err)` from `go-log`. NEVER `fmt.Errorf` or `errors.New`.
  - Import as: `coreerr "forge.lthn.ai/core/go-log"`
  - Always 3 args: operation, message, cause (use `nil` if no cause)
  - `coreerr.E` returns `*log.Err` which implements `error` and `Unwrap()`

- **File I/O**: `coreio.Local.Read/Write/Delete/EnsureDir` from `go-io`. NEVER `os.ReadFile/WriteFile/MkdirAll`.
  - Import as: `coreio "forge.lthn.ai/core/go-io"`
  - Security: go-io validates paths, prevents traversal

- **Process management**: `go-process` for spawning external commands. Supports Timeout, GracePeriod, KillGroup.

- **UK English**: colour, organisation, centre, initialise (never American spellings)

- **Test naming**: `TestFoo_Good` (happy path), `TestFoo_Bad` (expected errors), `TestFoo_Ugly` (panics/edge cases)

- **Commits**: `type(scope): description` with `Co-Authored-By: Virgil <virgil@lethean.io>`

### PHP Packages (CorePHP)

- **Actions pattern**: Single-purpose classes with `use Action` trait, static `::run()` helper
- **Tenant isolation**: `BelongsToWorkspace` trait on ALL models with tenant data
- **Strict types**: `declare(strict_types=1)` in every file
- **Testing**: Pest syntax, not PHPUnit

## Review Focus Areas

When reviewing code, prioritise:

1. **Security**: Path traversal, injection, hardcoded secrets, unsafe input
2. **Error handling**: coreerr.E() convention compliance
3. **File I/O**: go-io usage, no raw os.* calls
4. **Tenant isolation**: BelongsToWorkspace on all tenant models (PHP)
5. **Test coverage**: Are critical paths tested?

## Training Data

Your reviews generate training data for LEM (our fine-tuned model). Be thorough and structured in your findings — every observation helps improve the next generation of reviews.
feat(agent): v0.2.0 — HTTP daemon, remote dispatch, review queue, verify+merge Major additions: - core-agent serve: persistent HTTP daemon with PID file, health check, registry - agentic_dispatch_remote: dispatch tasks to remote agents (Charon) over MCP HTTP - agentic_status_remote: check remote agent workspace status - agentic_mirror: sync Forge repos to GitHub mirrors with file count limits - agentic_review_queue: CodeRabbit/Codex review queue with rate-limit awareness - verify.go: auto-verify (run tests) + auto-merge + retry with rebase + needs-review label - monitor sync: checkin API integration for cross-agent repo sync - PostToolUse inbox notification hook (check-notify.sh) Dispatch improvements: - --dangerously-skip-permissions (CLI flag changed) - proc.CloseStdin() after spawn (Claude CLI stdin pipe fix) - GOWORK=off in agent env and verify - Exit code / BLOCKED.md / failure detection - Monitor poke for instant notifications New agent types: - coderabbit: CodeRabbit CLI review (--plain --base) - codex:review: OpenAI Codex review mode Integrations: - CODEX.md: OpenAI Codex conventions file - Gemini extension: points at core-agent MCP (not Node server) - Codex config: core-agent MCP server added - GitHub webhook handler + CodeRabbit KPI tables (PHP) - Forgejo provider for uptelligence webhooks - Agent checkin endpoint for repo sync Co-Authored-By: Virgil <virgil@lethean.io> 2026-03-17 17:45:04 +00:00			`# CODEX.md`

			`Instructions for OpenAI Codex when working in the Core ecosystem.`

			`## MCP Tools Available`

			`You have access to core-agent MCP tools. Use them:`

			- `brain_recall` — Search OpenBrain for context about any package, pattern, or decision
			- `brain_remember` — Store what you learn for other agents (Claude, Gemini, future LEM)
			- `agentic_dispatch` — Dispatch tasks to other agents
			- `agentic_status` — Check agent workspace status

			ALWAYS `brain_remember` significant findings — your deep analysis of package internals, error patterns, security observations. This builds the shared knowledge base.

			`## Core Ecosystem Conventions`

			`### Go Packages (forge.lthn.ai/core/*)`

			- Error handling: `coreerr.E("pkg.Method", "what failed", err)` from `go-log`. NEVER `fmt.Errorf` or `errors.New`.
			- Import as: `coreerr "forge.lthn.ai/core/go-log"`
			- Always 3 args: operation, message, cause (use `nil` if no cause)
			- `coreerr.E` returns `*log.Err` which implements `error` and `Unwrap()`

			- File I/O: `coreio.Local.Read/Write/Delete/EnsureDir` from `go-io`. NEVER `os.ReadFile/WriteFile/MkdirAll`.
			- Import as: `coreio "forge.lthn.ai/core/go-io"`
			`- Security: go-io validates paths, prevents traversal`

			- Process management: `go-process` for spawning external commands. Supports Timeout, GracePeriod, KillGroup.

			`- UK English: colour, organisation, centre, initialise (never American spellings)`

			- Test naming: `TestFoo_Good` (happy path), `TestFoo_Bad` (expected errors), `TestFoo_Ugly` (panics/edge cases)

			- Commits: `type(scope): description` with `Co-Authored-By: Virgil <virgil@lethean.io>`

			`### PHP Packages (CorePHP)`

			- Actions pattern: Single-purpose classes with `use Action` trait, static `::run()` helper
			- Tenant isolation: `BelongsToWorkspace` trait on ALL models with tenant data
			- Strict types: `declare(strict_types=1)` in every file
			`- Testing: Pest syntax, not PHPUnit`

			`## Review Focus Areas`

			`When reviewing code, prioritise:`

			`1. Security: Path traversal, injection, hardcoded secrets, unsafe input`
			`2. Error handling: coreerr.E() convention compliance`
			`3. File I/O: go-io usage, no raw os.* calls`
			`4. Tenant isolation: BelongsToWorkspace on all tenant models (PHP)`
			`5. Test coverage: Are critical paths tested?`

			`## Training Data`

			`Your reviews generate training data for LEM (our fine-tuned model). Be thorough and structured in your findings — every observation helps improve the next generation of reviews.`