Three-layer sandboxing:
1. --append-system-prompt with SANDBOX boundary instructions
2. PROMPT.md templates include SANDBOX BOUNDARY (HARD LIMIT) section
3. Agent starts in src/ with only cloned repo visible
Agents are instructed to reject absolute paths, cd .., and any
file operations outside the repository. Violations cause work rejection.
Co-Authored-By: Virgil <virgil@lethean.io>
spawnAgent() now writes completion events to events.jsonl.
Plugin hooks check for completions on:
- SessionStart: report agents that finished since last session
- Notification(idle_prompt): check when Claude is idle
Event format: {"type":"agent_completed","agent":"...","workspace":"...","timestamp":"..."}
Co-Authored-By: Virgil <virgil@lethean.io>
Replace raw exec.Command with go-process.StartWithOptions for all agent
spawning (dispatch, queue, resume). Uses pipes for output capture instead
of file descriptor redirect — fixes Claude Code's empty log issue.
Shared spawnAgent() helper eliminates duplication across 3 files.
Co-Authored-By: Virgil <virgil@lethean.io>
New: agent_send, agent_inbox, agent_conversation MCP tools.
API: /v1/messages/send, /v1/messages/inbox, /v1/messages/conversation/{agent}
Model: AgentMessage with inbox, unread, conversation scopes.
Separate channel from semantic brain search. Messages are chronological,
not vector-searched. Agents can now have direct conversations.
Co-Authored-By: Virgil <virgil@lethean.io>
Brain and agentic subsystems now live in core/agent/pkg/ instead of
core/mcp/pkg/mcp/. core-agent binary uses core/cli for proper command
framework. Usage: core-agent mcp
One repo, one clone, everything works.
Co-Authored-By: Virgil <virgil@lethean.io>
