core/agent
8
0
Fork 0
Code Issues 5 Pull requests Projects Releases Packages Wiki Activity Actions
154 commits 2 branches 13 tags 393 MiB
Commit graph

154 commits

This branch
This branch
All branches
Author SHA1 Message Date
Snider
6d28fc439b docs: update known-issues after 9 rounds of Codex review
Some checks failed
CI / test (push) Failing after 2s
Details 
77+ findings across 9 rounds, 73+ fixed. False positive rate
climbing in round 9 — codebase is converging.

Co-Authored-By: Virgil <virgil@lethean.io>
 2026-03-21 17:57:55 +00:00
Snider
92b7b08113 fix: Codex round 9 — verify push target, plan path traversal, mirror branch
Some checks failed
CI / test (push) Failing after 3s
Details 
High: verify rebase push now targets Forge remote, not local origin
High/Security: planPath sanitises ID via filepath.Base to prevent
path traversal in plan read/update/delete
Medium: mirror compares and pushes local default branch, not HEAD

Findings 3-6 verified as false positives/known issues (bridge async
by design, API returns top-level memories not {data:...}, inbox uses
{messages:...} confirmed against live API).

Co-Authored-By: Virgil <virgil@lethean.io>
 2026-03-21 17:57:03 +00:00
Snider
6da52aa60f fix: Codex round 8 — remote success propagation + stale question cleanup
Some checks failed
CI / test (push) Failing after 3s
Details 
Medium: remote dispatch now propagates inner dispatchOut.Success
instead of hardcoding true.

Low: updateStatus clears stale question field when new state
has no question, preventing leftover rejection messages.

Co-Authored-By: Virgil <virgil@lethean.io>
 2026-03-21 17:46:04 +00:00
Snider
d94eed0b54 docs: Codex review pipeline — forge → github polish + LEM training
Some checks failed
CI / test (push) Failing after 3s
Details 
Proven workflow from 7 rounds on core/agent (74 findings, 70+ fixed).
Forge keeps full history, GitHub gets squashed releases. Codex findings
become LEM training data. Charon owns the pipeline.

Co-Authored-By: Virgil <virgil@lethean.io>
 2026-03-21 17:42:28 +00:00
Snider
40d2b0db16 fix: address Codex round 7 — path traversal + dispatch check
Some checks failed
CI / test (push) Failing after 2s
Details 
High/Security: sanitise input.Repo via filepath.Base to prevent
path traversal in workspace prep (../escape from CODE_PATH).

High/Security: sanitise repo.Repo from API response in syncRepos
to prevent path traversal via crafted checkin responses.

Medium: dispatchFixFromQueue now returns error, review_queue checks
success before recording fix_dispatched.

Known issues updated with async bridge provider findings.

Co-Authored-By: Virgil <virgil@lethean.io>
 2026-03-21 17:25:23 +00:00
Snider
013396bf91 docs: record known issues from 7 rounds of Codex review
Some checks failed
CI / test (push) Failing after 3s
Details 
API enhancements, test coverage gaps, conventions, and compile
issues — all acknowledged and tracked for future work.

Co-Authored-By: Virgil <virgil@lethean.io>
 2026-03-21 17:22:17 +00:00
Snider
5b39e13a6e fix: address Codex round 6 findings — 2 high, 3 medium, 1 low
Some checks failed
CI / test (push) Failing after 3s
Details 
High: workspace names use UnixNano to prevent same-second collisions
High: sync only pulls the branch the server reported (was pulling current)

Medium: drainQueue serialised via mutex to prevent concurrent over-dispatch
Medium: remote_status checks JSON-RPC error field before reporting success
Medium: dead agent PIDs without output log marked failed, not completed

Low: detectLanguage uses ordered slice instead of map for deterministic results

Also: URL-encoded agent names in messaging, monitor inbox, and sync endpoints.

Co-Authored-By: Virgil <virgil@lethean.io>
 2026-03-21 17:10:43 +00:00
Snider
66220021c9 fix: address Codex round 5 findings — 2 high, 5 medium, 4 low
Some checks failed
CI / test (push) Failing after 3s
Details 
High: clean stale BLOCKED.md before spawn (prevents stuck workspaces)
High: agentic_create_pr pushes to Forge URL, not local origin

Medium: watch treats merged/ready-for-review as terminal states
Medium: scan paginates org repos (was limited to first 50)
Medium: agent_conversation URL-encodes agent names (injection fix)

Low: inbox/sync/monitor URL-encode agent names in query strings
Low: pullWiki closes response body on non-200 (connection leak)

Co-Authored-By: Virgil <virgil@lethean.io>
 2026-03-21 16:53:55 +00:00
Snider
e4f94eaaab fix: address Codex round 4 findings
Some checks failed
CI / test (push) Failing after 3s
Details 
High: Codex review now sets working directory (was missing)
Medium: harvest skip-branch check uses defaultBranch() not just "main"
Medium: dry_run reads PROMPT.md from src/ (was reading wrong path)
Low: agent prompt says "current directory" not "parent directory"
Low: queue prompt matches dispatch prompt

Finding 1 (inbox messages vs data) verified as false positive —
API returns {messages:[...]}, confirmed against live endpoint.

Co-Authored-By: Virgil <virgil@lethean.io>
 2026-03-21 16:36:26 +00:00
Snider
67249fa78f fix: address Codex round 3 findings — 5 high, 4 medium, 1 low
Some checks failed
CI / test (push) Failing after 3s
Details 
High: prep creates workspace dir before clone (was missing)
High: auto_pr detects default branch instead of hardcoding main
High: mirror gh pr commands now use --repo for correct targeting
High: syncRepos HTTP client has 15s timeout (was no timeout)
High: sync timestamp only advances when all repos were pulled

Medium: rebaseBranch uses detected default branch
Medium: scan URL-encodes labels to prevent injection
Medium: recall MinConfidence forwarding (acknowledged, API-level)
Medium: recall tags preservation (acknowledged, API-level)

Low: harvest pushBranch uses coreerr.E instead of fmt.Errorf

Shared gitDefaultBranch helper added to agentic/paths.go.

Co-Authored-By: Virgil <virgil@lethean.io>
 2026-03-21 16:22:18 +00:00
Snider
026b31edf7 fix: address Codex round 2 mediums
Some checks failed
CI / test (push) Failing after 3s
Details 
- harvest: message says 'ready-for-review' not 'pushed'
- sync: timestamp advanced after pulls, not before
- sync: accepts main/master/reported branch, not just main
- inbox: checks CORE_BRAIN_KEY env before falling back to file
- inbox: parses 'from' not 'from_agent', 'messages' not 'data'
- queue: strips variant suffix for rate limit lookup (claude:opus → claude)
- review_queue: respects ReviewQueueInput.Reviewer instead of hardcoding coderabbit
- tests: updated to match real API response structure

Co-Authored-By: Virgil <virgil@lethean.io>
 2026-03-21 16:05:59 +00:00
Snider
98ce071b13 fix: address Codex round 2 findings — 3 verified highs
Some checks failed
CI / test (push) Failing after 3s
Details 
High: harvest no longer hardcodes 'main' — detects default branch
via symbolic-ref/rev-parse fallback. Repos with master/other
default branches are now harvested correctly.

High: empty task no longer produces invalid 'agent/' branch name.
Falls back to issue-N or work-timestamp. Branch creation errors
are now surfaced instead of silently ignored.

High: PHP verification no longer returns passed:true when no test
runner exists. Untested PHP repos correctly fail verification.

(brain/direct.go findings 5-6 verified as false positives — API
returns top-level keys, not {data: ...} envelope)

Co-Authored-By: Virgil <virgil@lethean.io>
 2026-03-21 15:59:48 +00:00
Snider
422777580b fix: address Codex review findings — 2 high, 3 medium
Some checks failed
CI / test (push) Failing after 3s
Details 
High: Fix missed-notification bug — track completions by workspace
name instead of count, so harvest status rewrites don't suppress
future notifications. Also tracks blocked/failed terminal states.

High: Safety gate fail-closed — check ALL changed files (not just
added), reject on git diff failure instead of proceeding.

Medium: emitCompletionEvent now passes actual status (completed,
failed, blocked) instead of hardcoding "completed".

Medium/AX: Harvest no longer auto-pushes to source repos. Sets
status to ready-for-review only — pushing happens during explicit
review, not silently in the background.

Co-Authored-By: Virgil <virgil@lethean.io>
 2026-03-21 15:31:29 +00:00
Snider
726a384873 test(agentic): add unit tests for paths, status, queue, plans
Some checks failed
CI / test (push) Failing after 3s
Details 
Coverage: 4.2% → 9.2%. Tests for extractPRNumber, workspace
status scanning, queue management, and plan file operations.
Remaining coverage requires integration tests (git/forge/process).

Co-Authored-By: Virgil <virgil@lethean.io>
 2026-03-21 15:06:19 +00:00
Snider
267550b288 ci: add GitHub Actions workflow with Codecov
Some checks failed
CI / test (push) Failing after 2s
Details 
Runs tests for brain, monitor, and agentic packages on push to main.

Co-Authored-By: Virgil <virgil@lethean.io>
 2026-03-21 13:53:57 +00:00
Snider
8eb2430486 test(monitor): add unit tests for completions, inbox, lifecycle 
Coverage: 23.2% → 86.5%
Tests for checkCompletions, checkInbox, monitor loop,
Poke, New, Start/Shutdown. Uses httptest for API mocking.

Co-Authored-By: Virgil <virgil@lethean.io>
 2026-03-21 13:49:23 +00:00
Snider
0a77b058b6 test(brain): add unit tests for recall, remember, messaging 
Coverage: 5.3% → 92.8%. Tests cover DirectSubsystem (apiCall, remember,
recall, forget via httptest), messaging (sendMessage, inbox, conversation,
parseMessages, toInt), BrainProvider (gin handlers, routes, describe,
status), Subsystem bridge-backed handlers, and RegisterTools.

Also fixes build error in dispatch.go (removed KillGroup, Timeout,
GracePeriod fields no longer in process.RunOptions).

Co-Authored-By: Virgil <virgil@lethean.io>
 2026-03-21 13:46:33 +00:00
Snider
4d0bd3ad38 test(monitor): add harvest and channel notification tests 
15 tests covering:
- Branch detection, unpushed commit counting, file counting
- Safety checks: binary rejection, large file rejection
- Workspace harvesting: happy path, skip running, skip main, reject binary
- Channel event emission via mock notifier
- Status file updates

Co-Authored-By: Virgil <virgil@lethean.io>
 2026-03-21 13:21:23 +00:00
Snider
2f10c7d368 feat(agent): wire channel notifications into monitor 
- Monitor pushes agent.complete, inbox.message, harvest.complete
  events via ChannelSend instead of temp files
- Remove /tmp/claude-inbox-notify file write (channels replace it)
- Update mcp.New() to use Options{} struct
- Wire mcpSvc as ChannelNotifier after creation

Co-Authored-By: Virgil <virgil@lethean.io>
 2026-03-21 12:56:24 +00:00
Snider
21f234aa7c refactor: flatten go/ subdir, migrate to dappco.re/go/agent, restore process service 
- Module path: dappco.re/go/agent
- Core import: dappco.re/go/core v0.4.7
- Process service re-enabled with new Core API
- Plugin bumped to v0.11.0
- Directory flattened from go/ to root

Co-Authored-By: Virgil <virgil@lethean.io>
 2026-03-21 11:10:44 +00:00
Snider
be1130f470 agent updates 2026-03-21 11:10:44 +00:00
Claude
2e3f56c4a7
feat(skills): add repo-sweep skill for multi-repo agent dispatch 
Orchestrates dispatching agents across multiple repos with:
- Repo selection (all, by org, by language, explicit list)
- Configurable persona + template + task per sweep
- Concurrency-aware dispatch with queue monitoring
- Finding triage: actionable → Forge issue, informational → OpenBrain, noise → ignore
- Summary report with per-repo findings

5 default profiles: quality, security, conventions, tests, docs.
Uses testing/reality-checker persona for quality sweeps.

Co-Authored-By: Charon <charon@lethean.io>
 2026-03-18 15:21:11 +00:00
Snider
dc7c89fdae refactor: remove pkg/prompts — consolidated into pkg/lib 
Co-Authored-By: Virgil <virgil@lethean.io>
 2026-03-18 14:09:17 +00:00
Snider
53482cb0c8 feat: workspace templates via Extract — Gosod pattern for agent dispatch 
- Move pkg/prompts/lib → pkg/lib (prompt, task, flow, persona, workspace)
- New lib.go: unified package with ExtractWorkspace() using text/template
- Workspace templates: default, security, review — .tmpl files with data injection
- prep.go: uses lib.ExtractWorkspace() + detect helpers for language/build/test
- prompts.go: thin re-export wrapper for backwards compat

Co-Authored-By: Virgil <virgil@lethean.io>
 2026-03-18 14:03:06 +00:00
Snider
85bdf26aa0 feat: add orchestration skills + local dispatch scripts 
- orchestrate skill: full plan→dispatch→review→fix→verify pipeline
- prompts skill: browse/read personas, tasks, flows, templates
- review-pipeline skill: multi-stage security→fix→simplify→architecture→verify
- local-dispatch.sh: dispatch agents without MCP (clone, run CLI, capture)
- workspace-status.sh: check all workspace statuses
- main.go: fix ServiceFor removal (use c.Service() + type assert)

Co-Authored-By: Virgil <virgil@lethean.io>
 2026-03-18 12:18:40 +00:00
Snider
e7b47bf1a0 feat: TaskBundle — task file + directory of additionals 
Pattern: task name maps to file + bundle directory
  task/code/review.md      ← the task definition
  task/code/review/        ← additional context files
    conventions.md         ← checklist
    severity.md            ← rating guide
    plan.yaml              ← structured phases

TaskBundle("code/review") returns (main, bundle, err)
where bundle is map[filename]content of everything in review/.

Agent name maps to lib path:
  core:agent-task-code-review → lib/task/code/review + review/

Converted code/ tasks from YAML plans to markdown task prompts
with optional bundles. Simplifier gets patterns.md bundle.

Co-Authored-By: Virgil <virgil@lethean.io>
 2026-03-17 22:48:56 +00:00
Snider
aed8226edd refactor: singular naming + task/code/ namespace 
Plurals → singular:
  prompts/ → prompt/
  tasks/ → task/
  flows/ → flow/
  personas/ → persona/

Nested task namespace:
  task/code/review.yaml
  task/code/refactor.yaml
  task/code/dead-code.yaml
  task/code/test-gaps.yaml

Mirrors agent naming: core:agent-task-code-review → task/code/review

API: prompts.Task("code/review"), prompts.Persona("secops/developer")

Co-Authored-By: Virgil <virgil@lethean.io>
 2026-03-17 22:35:39 +00:00
Snider
fe98fccdeb feat: add build flow specs for 9 languages/tools 
flows/git.md — commit workflow
flows/go.md — build, vet, test, tidy
flows/php.md — pint, phpstan, pest, audit
flows/ts.md — tsc, eslint, test, build
flows/cpp.md — cmake configure, build, test
flows/py.md — venv, ruff, pytest
flows/docker.md — build, smoke test, compose
flows/npm.md — lint, test, build, publish
flows/release.md — tag, push, artefacts, downstream deps

Each flow is a reminder of the standard build sequence for that stack.

Co-Authored-By: Virgil <virgil@lethean.io>
 2026-03-17 22:31:41 +00:00
Snider
433deb1c30 refactor: split templates/ into prompts/, tasks/, flows/ 
Three distinct concepts in lib/:
  prompts/  — System prompts (PROMPT.md, HOW to work)
  tasks/    — Structured task plans (PLAN.md, WHAT to do)
  flows/    — Multi-phase workflows (orchestration)
  personas/ — Domain/role system prompts (WHO you are)

API updated:
  prompts.Prompt("coding")     — system prompt
  prompts.Task("bug-fix")      — task plan
  prompts.Flow("prod-push-polish") — workflow
  prompts.Template()           — backwards compat (searches both)

templates/ dir reserved for future output templates
(CodeRabbit report formatting, CLI output parsing, etc.)

Co-Authored-By: Virgil <virgil@lethean.io>
 2026-03-17 22:26:46 +00:00
Snider
f1e1c08aff refactor: restructure personas into semantic task-based domains 
Domain renames:
  engineering/ → code/ (write/review code)
  paid-media/ → ads/ (advertising)
  project-management/ → plan/ (planning, coordination)
  spatial-computing/ → spatial/ (XR, Metal)

New domains:
  secops/ — security operations (from engineering/security-*)
  blockchain/ — chain, consensus, crypto (from specialized/)

Dissolved:
  specialized/ → split into blockchain/, code/, support/, smm/, testing/
  strategy/ → merged into plan/ (playbooks, runbooks, coordination)
  examples/ → removed (reference only, not functional)

secops/ names cleaned: security-developer → developer, security-senior → senior, etc.

13 domains, 111 personas. Path = context, file = lens.
  secops/developer — code-level security
  secops/architect — threat modelling
  secops/devops — infrastructure security
  code/backend-architect — system design
  smm/tiktok-strategist — TikTok content

Co-Authored-By: Virgil <virgil@lethean.io>
 2026-03-17 22:19:50 +00:00
Snider
a1c2ed2376 refactor: move prompt templates from Go strings to embedded markdown 
Extract 4 hardcoded templates from prep.go raw strings into
pkg/prompts/lib/templates/ as markdown files:
- coding.md — main coding template with closeout sequence
- conventions.md — convention audit (report only)
- security.md — security review
- verify.md — PR verification
- default.md — fallback

prep.go now calls prompts.Template("coding") instead of
maintaining 120 lines of raw Go string literals.

Backticks now work properly in templates — no more
concatenation hacks for inline code formatting.

Co-Authored-By: Virgil <virgil@lethean.io>
 2026-03-17 22:14:39 +00:00
Snider
9f4afb9a15 feat: rewrite CLAUDE.md, add tests for agentic + prompts packages 
CLAUDE.md:
- Complete rewrite reflecting current architecture (30 files, 6.5K lines)
- Documents all 33 MCP tools, 7 agent types, dispatch flow
- Removes all references to deleted packages

Tests:
- pkg/agentic: 20 tests covering paths, extractPRNumber, truncate,
  countFindings, parseRetryAfter, resolveHost, baseAgent, validPlanStatus,
  generatePlanID, extractJSONField
- pkg/prompts: 7 tests covering Template, Persona, ListTemplates,
  ListPersonas, prefix duplication check

Fix: rename support/support-responder → support/responder (caught by test)

Co-Authored-By: Virgil <virgil@lethean.io>
 2026-03-17 22:09:29 +00:00
Snider
73fa4ba6c9 feat: expand personas with cross-domain functional roles 
New domain: devops/ (3 personas — security-developer, senior, junior)

Cross-cutting security-developer role now in 7 domains:
  engineering/ — Go/PHP code security, nil pointers, injection
  devops/ — Ansible, Docker, Traefik, CI/CD security
  smm/ — OAuth tokens, platform API keys, account security
  support/ — customer incident investigation, data exposure
  testing/ — security test writing, fuzzing, auth bypass tests
  design/ — XSS, CSRF, CSP, clickjacking, template escaping
  product/ — feature security review, threat models, privacy

Same role name, different domain knowledge. Path = context, file = lens.
16 domains, 116 personas.

Co-Authored-By: Virgil <virgil@lethean.io>
 2026-03-17 21:42:24 +00:00
Snider
1716122b72 feat: restructure personas — domain as context, role as lens 
- marketing/ → smm/ (social media marketing)
- Add smm/security-developer (OAuth, API keys, account security)
- Add smm/security-secops (account compromise, brand hijacking, incidents)

Pattern: same role name in different domains produces domain-specific expertise.
  engineering/security-developer → reviews Go/PHP code
  smm/security-developer → reviews social media API integrations

14 domains, 95 personas. Path has semantic meaning.

Co-Authored-By: Virgil <virgil@lethean.io>
 2026-03-17 21:39:16 +00:00
Snider
d9cd7f94b1 feat: split security persona into functional roles 
engineering/security-* family:
- security-senior: full-stack security (was security-engineer)
- security-developer: code-level review, OWASP, fixes code
- security-devops: Docker, Traefik, Ansible, CI/CD, TLS
- security-secops: incident response, monitoring, forensics
- security-architect: threat modelling, STRIDE, trust boundaries
- security-junior: checklist-based scanning, batch convention checks

Each persona is a system prompt attached via dispatch:
  agentic_dispatch persona=engineering/security-developer

Folder = domain, filename = function, template = task type.

Co-Authored-By: Virgil <virgil@lethean.io>
 2026-03-17 21:27:43 +00:00
Snider
977feb0881 refactor: strip redundant folder prefix from persona filenames 
engineering/engineering-security-engineer.md → engineering/security-engineer.md
testing/testing-api-tester.md → testing/api-tester.md
etc. across all 68 persona files.

Path is now: prompts.Persona("engineering/security-engineer")
Folder provides the namespace, filename provides the role.

Co-Authored-By: Virgil <virgil@lethean.io>
 2026-03-17 21:21:33 +00:00
Snider
1e351f36ec feat: embed prompts into pkg/prompts via go:embed 
- Move prompts/ → pkg/prompts/lib/ (112 templates + personas)
- pkg/prompts provides Template(), Persona(), ListTemplates(), ListPersonas()
- prep.go uses embedded prompts instead of filesystem reads
- No external file dependency — prompts compiled into binary
- Remove old prompts/ directory

Co-Authored-By: Virgil <virgil@lethean.io>
 2026-03-17 20:49:10 +00:00
Snider
1b4b0bf381 feat: add core:agent-task-code-review and core:agent-task-code-simplifier 
Plugin agents for the closeout sequence:
- agent-task-code-review: conventions, security, nil pointers, confidence scoring
- agent-task-code-simplifier: consolidate, deduplicate, flatten, no behaviour change

Namespace: agent-task-code-* (SASE boundary pattern)

Co-Authored-By: Virgil <virgil@lethean.io>
 2026-03-17 20:43:33 +00:00
Snider
81be4717fe feat: add mandatory closeout sequence to coding template 
Dispatched agents must now run a 4-pass polish cycle before committing:
1. Self-review (conventions, nil pointers, hardcoded paths)
2. Build + test (fix failures, add tests for critical paths)
3. Simplify (consolidate, deduplicate, reduce complexity)
4. Final check (build clean → commit)

This captures the review→fix→simplify→re-review flow that produces
polished code. Goal: CodeRabbit finds zero issues on agent output.

Co-Authored-By: Virgil <virgil@lethean.io>
 2026-03-17 20:03:52 +00:00
Snider
8c1625873c refactor: simplify internals — consolidate, deduplicate, fix bugs 
Simplifier pass (-38 lines):
- Consolidate status update branches in spawnAgent (3 → 1 write)
- Remove 6 duplicate defer resp.Body.Close() calls
- Fix nil err reference in non-200 error paths (scan.go, pr.go)
- Remove redundant plansDir() and workspaceRoot() wrappers
- Simplify countRunningByAgent to use baseAgent() helper
- Extract markMerged in verify.go to remove duplication
- Clean imports and remove dead code

Co-Authored-By: Virgil <virgil@lethean.io>
 2026-03-17 19:35:15 +00:00
Snider
e66ea0512b fix: address re-review findings — nil pointer, races, curl, clone error 
Important:
- Fix nil pointer dereference on resp.StatusCode when err!=nil (8 sites)
- Replace curl shell-out with net/http in monitor inbox check
- Handle clone failure in prep.go (was silently swallowed)
- Use GitHubOrg() instead of hardcoded "dAppCore"

Medium:
- Fix JSONL append race (read+write → os.OpenFile O_APPEND)
- Remove dead google/mcp/ directory

Co-Authored-By: Virgil <virgil@lethean.io>
 2026-03-17 19:27:44 +00:00
Snider
6d04c893b7 fix: address all code review findings (medium + low) 
- os.ReadFile/WriteFile → coreio.Local in monitor and remote packages
- Deduplicate agentName() → shared agentic.AgentName()
- Deduplicate workspaceRoot() → shared agentic.WorkspaceRoot()
- fileExists uses IsFile() instead of reading whole file
- Fix SPDX-Licence → SPDX-License typo
- Remove time.Now import hack
- Fix hardcoded PR #1 in review queue

Co-Authored-By: Virgil <virgil@lethean.io>
 2026-03-17 19:19:04 +00:00
Snider
4832827da7 fix: address code review findings (critical + high) 
Critical:
- Fix token leaked in URL query string (getLabelID) — now uses Authorization header
- Fix unchecked type assertion panic in parseMessages — safe toInt() helper

High:
- Remove dead canDispatch() function
- Remove time.Now import hack from mirror.go
- Remove invalid --no-force git flag from mirror.go
- Tidy go.mod (remove unused deps from deleted packages)

Co-Authored-By: Virgil <virgil@lethean.io>
 2026-03-17 19:12:06 +00:00
Snider
7248928545 refactor: remove 28K lines of dead/legacy code 
Removed:
- pkg/loop/ — superseded by Claude native tool use
- pkg/lifecycle/ — 14K lines, old PHP API polling client
- pkg/jobrunner/ — old CodeRabbit orchestration (rebuilt in verify.go)
- pkg/orchestrator/ — old AgentCI config (replaced by agents.yaml)
- pkg/workspace/ — empty stub
- pkg/plugin/ — empty stub
- cmd/agent/ — old fleet management CLI
- cmd/dispatch/ — old polling dispatcher
- cmd/workspace/ — unused CLI
- cmd/tasks/ — unused CLI
- cmd/taskgit/ — unused CLI

120 files deleted, 28,780 lines removed.
Remaining: 31 Go files, 6,666 lines — cmd/core-agent + pkg/agentic + pkg/brain + pkg/monitor.

All functionality preserved in the new MCP-native architecture.

Co-Authored-By: Virgil <virgil@lethean.io>
 2026-03-17 19:06:03 +00:00
Snider
742ca0799f fix: remove all hardcoded machine paths from Go code 
- orchestrator: queue dir uses CoreRoot()/queue
- cmd/agent: queue dir resolved by config, not hardcoded
- cmd/workspace: specs path uses ~/Code/specs (no host-uk)
- Zero remaining /home/claude or host-uk references in Go

Co-Authored-By: Virgil <virgil@lethean.io>
 2026-03-17 19:00:47 +00:00
Snider
327d78d08f fix: config search uses CoreRoot() — ~/Code/.core/agents.yaml 
Config now found at:
1. ~/Code/.core/agents.yaml (shared, portable)
2. ~/Code/core/agent/config/agents.yaml (repo fallback)

Both Cladius and Charon find the same config.

Co-Authored-By: Virgil <virgil@lethean.io>
 2026-03-17 18:57:02 +00:00
Snider
8c76f496ed fix: bump marketplace.json to v0.10.0, fix hooks.json structure, remove invalid hooks from plugin.json 
Co-Authored-By: Virgil <virgil@lethean.io>
 2026-03-17 18:47:36 +00:00
Snider
7a75a3969d chore: bump plugin to v0.10.0 
- Plugin now provides MCP server via mcp.json (local core-agent stdio)
- No manual .mcp.json needed — plugin auto-registers
- Portable paths (CORE_WORKSPACE env var, no hardcoded machine paths)

Co-Authored-By: Virgil <virgil@lethean.io>
 2026-03-17 18:41:28 +00:00
Snider
462d5123f9 fix: plugin provides local core-agent MCP (not remote mcp.lthn.sh) 
Plugin's mcp.json now uses local "core-agent mcp" via stdio instead of
remote HTTPS. This means installing the plugin auto-registers the MCP
server — no manual .mcp.json needed.

Co-Authored-By: Virgil <virgil@lethean.io>
 2026-03-17 18:38:18 +00:00
Snider
06b72136b6 chore: add .mcp.json for Claude Code MCP integration 
Uses just "core-agent" (no absolute paths) — works on any machine
where core-agent is on PATH.

Co-Authored-By: Virgil <virgil@lethean.io>
 2026-03-17 18:35:29 +00:00