Address gaps identified in code review of the ActivityDetection PR:
Core / Session Manager:
- Add `timestamp` to all `{ state: "exited" }` returns in all 4 agent plugins
(claude-code, aider, codex, opencode) using consistent `exitedAt = new Date()` pattern
- Add 2 new session-manager tests: timestamp propagation when detection timestamp
is newer, and no-downgrade when detection timestamp is older
- Fix `parseJsonlFileTail` lint error: remove useless `= 0` initializer (value was
always overwritten before use; catch block returns early)
Web package — tests:
- Fix 3 `api-routes.test.ts` failures: `sessionsGET()` needs a Request object since
the route reads `request.url` for `?active=true` query param
- Fix `serialize.test.ts` rate-limit test: spy on `console.warn` (what the code uses)
not `console.error`
- Add 5 `ActivityDot` component tests covering all activity states, unknown states,
null activity, and dotOnly mode
Web package — UI correctness:
- Fix `relativeTime()` in SessionDetail to guard against invalid/empty ISO strings
- Fix timer Map leak: add `timersRef.current.clear()` in cleanup effect after forEach
- Add `encodeURIComponent` to sessionId in message fetch URL
Server — race condition fix:
- Guard `activeSessions.delete` in pty.onExit, ws.on("close"), and ws.on("error")
against stale handlers deleting a newly-registered session with the same ID.
Fixes flaky integration test where afterEach's pty.kill() fired asynchronously
after the next test had already set up a new session with the same session ID.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- parseJsonlFileTail now calls stat() then readFile() for files smaller than
maxBytes, falling back to open()/handle.read() only for large files. This
fixes the test infrastructure (which mocks readFile but not open) and also
fixes a scope bug where `offset` was declared inside an inner try block but
referenced outside both try blocks.
- Math.max(0, NaN) returns NaN not 0, so size must default to 0 when stat
returns a mock without a size field: `const { size = 0 } = await stat(...)`.
- Update activity-detection.test.ts: getActivityState() now returns
ActivityDetection objects, so tests use (await ...)?.state comparisons.
- Remove stale lastLogModified test (field was removed from AgentSessionInfo).
- Remove EXITED skip guard from api/sessions/route.ts: exited sessions can
still have open, merge-ready PRs that need enrichment on the dashboard.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Dashboard StatusLine: active sessions count now uses var(--color-status-working)
(blue) instead of neutral text color, matching the design system semantics
- SessionCard: isReadyToMerge now guards against rate-limited state — a card
with stale cached mergeability data won't show green merge-ready styling
- DirectTerminal: add `variant` to useEffect dependency array (was missing,
causing stale cursor/selection colors if variant changed after mount)
- agent-aider: include `timestamp: chatMtime` in all ActivityDetection returns,
matching the pattern used by agent-claude-code (enables accurate lastActivityAt)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Add X dismiss button to GitHub API rate limit banner in Dashboard.tsx
so it can be closed during demos
- Extend rate-limited PR cache TTL from 5min to 60min — GitHub GraphQL
rate limits reset hourly, no point retrying every 5 minutes
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Performance improvements:
- enrichSessionPR() now accepts cacheOnly option and returns boolean
- /api/sessions/[id]: serve from cache immediately, only block on first load
- /api/sessions: skip PR enrichment for EXITED sessions (no longer changing)
- cache: increase default TTL from 60s to 5 minutes
Test fixes (match redesigned SessionCard + AttentionZone):
- "restore session" (header) → "restore"; expanded panel still shows "restore session"
- "merge PR #N" → "Merge PR #N" (capital M)
- "CI status unknown" → "CI unknown"
- "ask to fix CI" / "ask to fix CI" → "ask to fix"
- "terminate session" → "terminate"
- Zone labels: RESPOND/WORKING/DONE → Respond/Working/Done (CSS uppercase is visual only)
- "working" zone no longer collapsed by default; collapse tests now use "done" zone
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
The /api/sessions endpoint returns `{ sessions: [...] }` not a bare array.
fetchZoneCounts was treating the whole response object as an array, so
zone counts were always zero on the orchestrator detail page.
Also delays the initial fetchZoneCounts call by 2s so it doesn't contend
with the session fetch on page load (both hit /api/sessions which is slow
when GitHub enrichment is running).
Also includes: Playwright kill-Chrome-for-Testing tip in CLAUDE.md,
toned-down detail-card shadow in globals.css.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Nav: glass backdrop-blur effect with chevron back link
- Header: detail-card 3D treatment with left-border accent keyed to activity color
- Meta chips: bordered pill style with subtle bg instead of flat text
- Status tag: pill badge for status instead of plain text
- PR card: detail-card 3D treatment, border-color reflects PR state
- PR merged badge: purple pill instead of gray text
- Unresolved count: red pill badge in section header
- Blockers section: renamed "Issues" → "Blockers"
- Terminal section: colored bar indicator instead of plain label
- Orchestrator status strip: total agent count + per-zone colored pills
- globals.css: add .nav-glass and .detail-card classes
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- layout.tsx: add IBM Plex Sans weight 700 (was missing, font-bold falling
back to 600)
- DirectTerminal.tsx: use "IBM Plex Mono" instead of unloaded "JetBrains Mono"
- SessionDetail.tsx: add review zone to OrchestratorStatusStrip (was omitted,
sessions with CI failures were invisible in the strip)
- ActivityDot.tsx: extract shared component, remove duplicate implementations
in SessionCard.tsx and SessionDetail.tsx
- Dashboard.tsx: redesign orchestrator button with 3D glass style matching
card aesthetic (blue-tinted bg, depth shadow, hover lift)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
The darker solid card gradient made muted/secondary text nearly
invisible — #484f58 (text-muted) had only ~2:1 contrast on the
new card bg. Override the color tokens locally within .session-card
to GitHub's established dark-mode legibility values:
--color-text-muted: #484f58 → #656d76 (3.8:1 on card bg)
--color-text-secondary: #7d8590 → #8b949e (6.2:1 on card bg)
--color-text-tertiary: #484f58 → #656d76
Scoped to .session-card so the rest of the UI is unchanged.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Cards now clearly pop against the dark background:
- Solid gradient bg (rgba(28,36,47) → rgba(18,23,31)) instead of
near-invisible rgba(22,27,34,0.8) surface
- Layered box-shadow: contact shadow + diffuse depth + inset top highlight
that simulates light hitting the card's top edge (the "shine")
- Hover: card lifts 2px with deeper shadow
- Merge-ready: green-tinted bg with green ambient glow + stronger lift on hover
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
PRTableRow now shows "—" for size, CI, and review columns when GitHub
API is rate limited, matching the card view which already hides these.
Prevents misleading "+0 -0 XS" size and "needs review" labels from the
default fallback values.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Design:
- Kanban layout: active zones as flex columns (working→pending→review→respond→merge),
Done as full-width grid below
- GitHub dark color palette (main's tokens) with glassmorphic card surfaces
(rgba bg + backdrop-blur) and subtle blue/violet body gradient
- Activity state shown as labeled pill (● active / ● idle etc.) instead of bare dot
- Session card: title on its own row, larger font, inline-flex alert badges (no stretch)
- PR number rendered as plain accent link, not a blue pill badge
- Terminal button has background fill to feel like a button
- Info circle icon replaces alarming warning triangle for rate-limit indicators
- "1 working" → "1 active" in header stats
- PR table constrained to max-w-[900px] and centered
- Orchestrator session no longer uses purple accent
Rate limiting:
- isPRRateLimited() helper; getAttentionLevel() skips PR classification when limited
- Rate-limited banner in Dashboard; suppressed CI/size/review badges in PRStatus
- SessionCard shows subtle "PR data rate limited" indicator; getAlerts() returns []
- serialize.ts: rate-limited enrichment results cached for 5 min (not 60s) to stop
retrying 168 failing API calls every minute
Performance:
- page.tsx: 4s hard timeout on PR enrichment — serves stale data fast instead of
blocking SSR for 75s under rate limiting
- cache.ts: TTLCache.set() accepts optional ttl override for per-entry control
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
When the GitHub plugin hits rate limits, the dashboard now:
- Shows a single amber banner: "GitHub API rate limited — PR data
(CI status, review state, sizes) may be stale. Will retry on
next refresh."
- Hides CI badge, review decision, and size pill on PR cards
(they'd show wrong values: +0 -0 XS, CI failing)
- Shows a subtle "⚠ PR data rate limited" note on affected cards
instead of misleading alert badges
- Skips CI/review/conflict-based attention zone classification
for rate-limited PRs (prevents sessions moving to Review due
to phantom "CI failing" from the fallback value)
- Doesn't cache partial rate-limited data so next refresh retries
live API calls as soon as the rate limit window resets
What still works when rate limited:
- Session ID, title, branch, PR number/link
- Session activity status (working/spawning/etc.)
- Merge button if mergeability was already cached
- Restore/terminate/send actions
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
When GitHub rate limits fire, enrichSessionPR was caching the
bad partial data (0 additions, CI failing) for 60 seconds, causing
the dashboard to show incorrect data for the full TTL window.
- Skip cache write when majority of API calls failed
- Downgrade console.error → console.warn (this is handled/expected)
The next page refresh will retry live API calls, so data recovers
as soon as the rate limit window resets.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Kanban column order: working→pending→review→respond→merge
(left = in progress, right = ready to ship)
- Columns use flex-1 min-w-[200px] to fill available width
instead of fixed 260px leaving half the page empty
- Alert badges: inline-flex wrapper prevents stretching to full
row width when wrapping
- Terminal button: add bg-subtle fill so it reads as a button
- PR number (#91): remove opaque pill background, now plain
amber text link — clearly a hyperlink
- Merge PR button: pt-0.5 spacer above the action area
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Switch accent from blue (#5b7ef8) to amber/gold (#d18616) throughout
- Replace grid layout with horizontal Kanban columns for active zones
(merge, respond, review, pending, working), Done stays full-width below
- Remove max-w-[1100px] constraint — full viewport width
- Header stats numbers 20px bold (was 12px), orchestrator link is now a
visible bordered button
- AttentionZone gains variant="column" for Kanban mode (compact header
with count pill, vertical card stack)
- Update all hardcoded rgba(91,126,248,...) in SessionCard to amber
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Replace Inter with IBM Plex Sans (technical tool aesthetic, distinctive numerics)
- Replace 4-color big-number stats bar with a single compact inline status line
in the header: "35 sessions · 1 working · 9 PRs" — no decorative colors
- Remove the two-tone "Agent (blue) Orchestrator (white)" title — just "Orchestrator"
- Remove ClientTimestamp (useless) — replaced by orchestrator nav link
- Zone headers: colored dot only (semantic), neutral uppercase label, plain count
— removes the rainbow-colored label text that read as a widget template
- Add subtle radial gradient glow at top of page for depth
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* feat: session title fallback chain — PR title → summary → issue title → branch
Sessions without PRs now always show a meaningful title on the dashboard
instead of just the status text. The fallback chain is:
1. PR title (already worked)
2. Agent summary (now fetched from JSONL via getSessionInfo())
3. Issue title (now fetched via tracker.getIssue())
4. Humanized branch name (e.g., "feat/infer-project-id" → "Infer Project ID")
Key changes:
- Enrich agent summaries by calling getSessionInfo() for sessions
without summaries (local file I/O, not API calls)
- Enrich issue titles via tracker.getIssue() with 5-min TTL cache
- Add humanizeBranch() utility for last-resort branch name display
- Add issueTitle field to DashboardSession type
- Show issue title in expanded detail panel
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: extract humanizeBranch to separate module to avoid client-side timer leaks
Moves humanizeBranch() from serialize.ts to format.ts — a pure utility
module with no side effects. This prevents the client bundle from pulling
in TTLCache instantiations (which create setInterval timers) when
SessionCard.tsx imports the function.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: remove dead re-export of humanizeBranch from serialize.ts
No consumer imports humanizeBranch from serialize — SessionCard imports
directly from format.ts. The re-export was unused surface area.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: add missing first-project fallback in summary enrichment block
Matches the pattern used by all other enrichment blocks in page.tsx
(issue labels, issue titles, PR enrichment) which fall back to the
first configured project when projectId and sessionPrefix both miss.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat: smarter title heuristic — skip prompt excerpts, prefer issue titles
The agent summary fallback from extractSummary() often returns truncated
spawn prompts ("You are working on GitHub issue #42: Add auth...") which
make poor titles. The new heuristic detects these prompt excerpts and
prefers the issue title when available.
Updated fallback chain:
PR title → quality summary → issue title → any summary → humanized branch → status
Changes:
- Add looksLikePromptExcerpt() to detect spawn prompt patterns
- Add getSessionTitle() to encapsulate the smart fallback logic
- Expand humanizeBranch() with more prefix patterns (release, hotfix, etc.)
- SessionCard now uses getSessionTitle() instead of inline ?? chain
- Add 25 unit tests covering all functions and edge cases
- Fix missing issueTitle field in serialize.test.ts fixture
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* refactor: extract shared resolveProject() to eliminate duplication
Moves resolveProject() from route.ts into serialize.ts as a shared
export. Both page.tsx and route.ts now use the same function instead
of duplicating the 3-step project resolution logic (projectId →
sessionPrefix → first project fallback) inline.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat: replace looksLikePromptExcerpt heuristic with summaryIsFallback metadata
Instead of fragile string matching to detect truncated spawn prompts,
the agent plugin now sets summaryIsFallback: true when the summary is
a first-message fallback rather than a real agent-generated summary.
- Add summaryIsFallback to AgentSessionInfo (core/types.ts)
- extractSummary() returns { summary, isFallback } in claude-code plugin
- Add summaryIsFallback to DashboardSession, propagate in serialize.ts
- Replace looksLikePromptExcerpt() with !session.summaryIsFallback
- Fix .js extension in format.ts import (review feedback)
- Add thorough tests for all layers of propagation
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* test: add resolveProject and enrichSessionIssueTitle coverage
- resolveProject: 5 tests covering direct match, prefix fallback,
first-project fallback, empty projects, and priority ordering
- enrichSessionIssueTitle: 7 tests covering enrichment, # prefix
stripping, Linear-style labels, skip conditions, error handling,
and cross-call caching
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* refactor: extract shared enrichSessionsMetadata, fix session detail route
- Extract duplicated enrichment orchestration (issue labels, agent
summaries, issue titles) from page.tsx and route.ts into a single
enrichSessionsMetadata() function in serialize.ts
- Fix /api/sessions/[id] route: was missing agent summary and issue
title enrichment, and had hand-rolled project resolution instead of
using resolveProject() (also missing the first-project fallback)
- Optimize: resolve projects once per session instead of 3x
- Add 8 tests for enrichSessionsMetadata covering full pipeline, skip
conditions, missing plugins, no-tracker config, multiple sessions,
and default agent fallback
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* fix: remove dead getAgent and getTracker exports from services.ts
These helpers became unused when enrichSessionsMetadata was extracted
to serialize.ts with inline registry.get() calls (to avoid coupling
serialize.ts to services.ts and pulling plugin packages into webpack).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
All docs now mention that the dashboard port (default 3000) is
configurable via `port:` in agent-orchestrator.yaml. Fixes incorrect
port 9847 references in SETUP.md, adds multi-project port guidance,
and documents terminal port auto-detection.
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
When port 3000 is occupied, `ao init` now scans upward (3001, 3002, ...)
until a free port is found. Applies to both interactive and --auto modes.
Uses the existing isPortAvailable() from web-dir.ts (now exported).
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
- Guard against empty project name in getProjectName() and icon.tsx
(falls back to config key or "A" initial)
- Extract branch truncation into shared `truncate()` helper in
session detail page
- Addresses bugbot comments from PR #111
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* feat: dynamic browser tab titles and health-aware favicons
Tabs now show contextual titles so multiple dashboard instances are
distinguishable at a glance. Favicons reflect system health (green/
yellow/red) and display the project initial for visual identification.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: address review — dedupe project name, handle merge level, add activity emoji
- Extract getProjectName() to shared lib/project-name.ts (used by
layout, page, icon) — fixes bugbot duplication comment
- computeHealth now treats "merge" attention level as yellow (needs
human action) instead of silently mapping to green — fixes bugbot
merge-ignored comment
- Add activity status emoji to session tab titles (⚡🟢💤❓🚧💀)
that updates live as session state changes
- Special-case orchestrator sessions: "ao-orchestrator | Orchestrator Terminal"
- Extract activityIcon map to shared lib/activity-icons.ts
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: use absolute title to avoid layout template duplication
The layout template `%s | project` was wrapping the page title
`project | Agent Orchestrator`, producing `project | Agent Orchestrator | project`.
Use `title.absolute` to opt out of the template on the root page.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: use "ao | <project>" format for dashboard title
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: dedupe config reads with React.cache() on getProjectName
Wraps getProjectName with React.cache() so layout, page, and icon
share a single loadConfig() call per server render pass instead of
reading the YAML file three times.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* feat: make terminal server ports configurable to fix multi-dashboard EADDRINUSE
When multiple ao dashboards run simultaneously (e.g., ao on port 3000,
integrator on port 3002), both try to start terminal WebSocket servers
on hardcoded ports 3001/3003, causing EADDRINUSE. Add terminalPort and
directTerminalPort to config schema so each instance can use unique ports.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: use optional() instead of default() for terminal port schema
Zod .default() always fills in the value, making config.terminalPort
never undefined and the env var fallback in buildDashboardEnv dead code.
Switch to .optional() so the priority chain works correctly:
config value > TERMINAL_PORT env var > hardcoded default.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: move terminal server defaults from 3001/3003 to 14800/14801
The 3000-3009 range is the most contested in dev tooling (Next.js
auto-increments, BrowserSync, Grafana, Rails, Express all default to
3000+). Port 14800-14899 has zero IANA registrations, zero known dev
tool conflicts, and is safely below OS ephemeral ranges.
Updated all hardcoded fallbacks, .env.local.example, docker-compose
port mappings, and documentation.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat: auto-detect available terminal ports for zero-config multi-dashboard
When no terminal ports are configured (no config, no env vars),
buildDashboardEnv now probes for an available port pair starting at
14800. The second `ao start` automatically gets 14802/14803 (or the
next free pair), eliminating EADDRINUSE without any user configuration.
Port detection scans in steps of 2 to keep the pair consecutive.
Explicit config/env values bypass auto-detection entirely.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: update onboarding test to use new default terminal port (14801)
The onboarding integration test had port 3003 hardcoded for the
WebSocket health check. Updated to read from DIRECT_TERMINAL_PORT
env var with 14801 as the default, matching the new port defaults.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* fix: restore archived sessions that were killed/cleaned up
restore() only searched active metadata files, so sessions that had
been killed (and archived to the archive/ subdirectory) could not be
restored. Now restore() falls back to the archive directory, picks the
latest archived version, and recreates the active metadata file before
proceeding.
- Add readArchivedMetadataRaw() to metadata.ts
- Update restore() to search archive as fallback
- Add 4 unit tests for readArchivedMetadataRaw
- Add 2 integration tests for archive restore in session-manager
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: prevent archive prefix collision for underscore-containing session IDs
readArchivedMetadataRaw used startsWith(sessionId + "_") which would
cause "app" to false-match archive files belonging to "app_v2". Now
verifies the character after the prefix is a digit (start of ISO
timestamp) to disambiguate.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Two bugbot follow-ups from PR #104:
1. Destroy old runtime handle before creating new one in restore().
When an agent crashes, the tmux session survives. Creating a new
tmux session with the same name fails. Now we destroy the old
handle first (best-effort, non-blocking).
2. Wrap git clone in try-catch in workspace-clone restore(). On clone
failure (network error, disk full), clean up the partial directory
so future restore attempts aren't blocked.
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* feat: implement session restore for crashed/exited agents
Add true in-place session restore: same session ID, same worktree, same
metadata — optionally resuming the Claude Code conversation via --resume.
Core changes:
- Add TERMINAL_STATUSES, TERMINAL_ACTIVITIES, NON_RESTORABLE_STATUSES sets
and isTerminalSession/isRestorable helpers to types.ts
- Add SessionNotRestorableError and WorkspaceMissingError error classes
- Add restore() to SessionManager with 9-step flow: find metadata →
validate restorability → check/recreate workspace → get restore or
launch command → create runtime → update metadata
- Add restoredAt field to Session and SessionMetadata
Plugin extensions:
- workspace-worktree: exists() + restore() (git worktree prune + re-add)
- workspace-clone: exists() + restore() (git clone + checkout)
- scm-github: branchExists() via git rev-parse
- agent-claude-code: getRestoreCommand() finds latest JSONL session file
and builds claude --resume command
CLI + Web:
- Add `ao session restore <id>` subcommand
- Web restore API route uses sessionManager.restore() instead of spawn()
- SessionCard uses centralized TERMINAL_STATUSES/TERMINAL_ACTIVITIES
- Web types re-export core constants with sync tests
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: add "merged" to TERMINAL_STATUSES
The old inline isTerminal check included "merged" but when refactored
to use the TERMINAL_STATUSES set, "merged" was omitted. This caused
merged sessions (whose activity is not "exited") to incorrectly show
the "terminal" link and "terminate session" button.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: enrich runtime state before restore check, remove dead branchExists
- Add enrichSessionWithRuntimeState() call before isRestorable() in
restore() so crashed sessions (status "working", agent exited) are
correctly detected as terminal and eligible for restore.
- Remove dead branchExists from SCM interface and scm-github plugin
(defined but never called anywhere in the codebase).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: allow restore of crashed working sessions
Remove "working" from NON_RESTORABLE_STATUSES. The isTerminalSession()
gate already prevents restoring truly active sessions (activity is not
"exited"). This fix allows crashed agents (status "working", activity
"exited") to be restored, aligning core behavior with the UI which
already shows the restore button for this case.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: distinguish missing branch from missing restore support
Split the compound condition so workspace restore gives an accurate
error message when branch metadata is null ("branch metadata is
missing") vs when the workspace plugin lacks a restore method.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* feat: first-class orchestrator session + file-based system prompt
Make the orchestrator a first-class managed session that flows through
the same SessionManager pipeline as worker sessions, and fix a blocking
bug where long system prompts get truncated by tmux/zsh.
Changes:
- Add OrchestratorSpawnConfig type and spawnOrchestrator() to
SessionManager interface
- Implement spawnOrchestrator() in session-manager.ts: proper
hash-based tmuxName, runtimeHandle, plugin lifecycle — no workspace
creation (uses project.path directly)
- Refactor `ao start` to use SessionManager.spawnOrchestrator()
instead of manual tmux calls + metadata writes (~80 lines removed)
- Refactor `ao stop` to use SessionManager.kill() instead of manual
tmux kill + metadata delete
- Update `ao init` next steps: guide users to `ao start` before
`ao spawn`
- Add systemPromptFile to AgentLaunchConfig for file-based system
prompts (avoids tmux truncation of 2000+ char inline prompts)
- Update agent-claude-code, agent-codex, agent-aider plugins to use
shell command substitution "$(cat '/path')" when systemPromptFile
is set
- Update runtime-tmux create() to use load-buffer/paste-buffer for
launch commands >200 chars
- Add 8 tests for spawnOrchestrator
- Fix SessionManager mock in 8 test files (add spawnOrchestrator)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: use hash-based tmux name in orchestrator attach hint
The tmux attach hint after `ao start` printed the user-facing session
ID (e.g. app-orchestrator) instead of the hash-based tmux session name
(e.g. a3b4c5d6e7f8-app-orchestrator), causing "session not found"
errors. Now captures the runtimeHandle.id from spawnOrchestrator's
return value for the correct tmux target.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
1. No-issue spawn: use session/{sessionId} branch instead of defaultBranch
to avoid git worktree conflicts with the main repo's checked-out branch.
2. Plugin resolution: accept importFn parameter in loadBuiltins/loadFromConfig
so CLI can pass its own import() context for pnpm strict resolution. Added
all plugin packages as CLI workspace dependencies.
3. Ad-hoc issue IDs: gracefully handle IssueNotFoundError by continuing
without tracker context instead of throwing. Non-issue errors (auth,
network) still fail fast.
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
* fix: config discovery, activity detection, and metadata port storage
- findConfigFile() checks AO_CONFIG_PATH env var (resolved to absolute path)
- loadConfig() delegates to findConfigFile() for consistent validation
- Pure Node.js readLastJsonlEntry (no external tail binary), safe for
multi-byte UTF-8 at chunk boundaries
- Added "ready" activity state to agent plugins
- Store dashboardPort, terminalWsPort, directTerminalWsPort in session
metadata so ao stop targets the correct processes
- Zod schema port default aligned with TypeScript interface
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: dashboard config discovery + CLI service layer refactoring
- Config discovery via AO_CONFIG_PATH env var
- Auto port detection with PortManager
- Activity detection with ready state, pure Node.js readLastLine
- 5 CLI services: ConfigService, PortManager, DashboardManager, MetadataService, ProcessManager
- Store all service ports in metadata for ao stop
- Set NEXT_PUBLIC_ env vars for frontend terminal components
- Multi-byte UTF-8 safe readLastJsonlEntry
- Tests for all new services and utils
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: address bugbot review comments (port fallback + systemPrompt)
1. Align port fallback to 3000 everywhere (matching Zod schema default):
- start.ts: config.port ?? 3000
- dashboard.ts: config.port ?? 3000
- types.ts JSDoc: "defaults to 3000"
- orchestrator-prompt.ts: already correct at 3000
2. Add --append-system-prompt to Claude Code plugin's getLaunchCommand
so orchestrator context is actually passed to the Claude agent.
Previously systemPrompt was generated but silently dropped.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: remove dead ConfigService mock from status test
The vi.mock for ConfigService.js referenced a deleted module.
Config mocking is already handled by the @composio/ao-core mock.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: extract shared buildDashboardEnv to eliminate duplication
Dashboard env construction (AO_CONFIG_PATH, PORT, NEXT_PUBLIC_*) was
duplicated between start.ts and dashboard.ts. Extracted into
buildDashboardEnv() in web-dir.ts (already shared by both commands).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* refactor: delegate CLI commands to core SessionManager
Replace direct tmux/metadata manipulation in CLI commands with calls to
core's SessionManager (spawn, list, kill, cleanup, send). This removes
~700 lines of reimplemented session logic and makes the CLI a thin layer
over the core service.
- Add create-session-manager.ts factory (cached PluginRegistry + SM)
- spawn: delegate to sm.spawn() instead of manual worktree/tmux setup
- session ls/kill/cleanup: delegate to sm.list()/kill()/cleanup()
- status: use sm.list() for session discovery and activity from Session
- send: resolve tmux target from session.runtimeHandle
- review-check: use sm.list() for session discovery
- dashboard/start: add --rebuild flag for stale .next cache cleanup
- Update all tests to mock create-session-manager.js
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* test: add regression tests for spawn delegation and dashboard stale cache
- spawn.test.ts: verify spawn delegates to sm.spawn() with correct args,
shows hash-based tmux name in attach hint (regression for flat-naming bug)
- dashboard.test.ts: verify stale .next cache detection patterns match the
actual error (Cannot find module vendor-chunks/xterm@5.3.0.js) and that
rebuildDashboard cleans .next directory
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: ao dashboard --rebuild properly kills and restarts running server
Before: --rebuild deleted .next under the running dev server, leaving it
in a broken state (500s, missing chunks). Couldn't recover without manual
intervention.
Now: --rebuild detects the running dashboard via lsof, kills it, cleans
.next, then starts a fresh dev server on the same port. Works correctly
from any worktree since findWebDir resolves to the same web package.
- Add findRunningDashboardPid/findProcessWebDir/waitForPortFree utilities
- Split cleanNextCache from rebuildDashboard (cache-only vs full rebuild)
- Update tests for new dashboard-rebuild exports
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: address bugbot review comments on PR #88
1. Cleanup dry-run now delegates to sm.cleanup({dryRun: true}) instead
of checking local status fields — ensures dry-run uses same live
checks (PR state, runtime alive) as actual cleanup.
2. Remove module-level mutable config in status.ts — pass config as
parameter to gatherSessionInfo() to avoid stale state bugs.
3. Batch-spawn duplicate detection uses sm.list() instead of broken
findSessionForIssue() which relied on flat tmux naming incompatible
with hash-based architecture.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* chore: remove dead exports getPluginRegistry and rebuildDashboard
Both functions were exported but never imported outside test mocks.
Clean up test mocks and unused imports accordingly.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* fix: deduplicate config/session lookups in send, hoist sm.list() in batch-spawn
1. Send command: merge resolveTmuxTarget() and resolveAgentForSession()
into a single resolveSessionContext() that loads config and calls
sm.get() once instead of twice.
2. Batch-spawn: move sm.list() call before the loop and build a Map for
O(1) duplicate lookups, avoiding repeated metadata reads + runtime
enrichment on every iteration.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* chore: remove unused project parameter from spawnSession
After delegating to sm.spawn(), the ProjectConfig parameter is no
longer referenced — sm.spawn() resolves it internally from the
projectId. Remove the parameter and simplify both callers.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* fix: handle process.kill race, waitForPortFree timeout, dry-run errors
1. Wrap process.kill() in try-catch to handle ESRCH when the target
process exits between detection and kill (race condition).
2. waitForPortFree() now throws on timeout instead of silently
returning, preventing the dashboard from starting on a busy port.
3. Dry-run cleanup now displays errors from PR/issue checks, matching
the non-dry-run branch behavior.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* fix: hoist session manager in cleanup, skip dead sessions in batch-spawn
1. Hoist getSessionManager() before the dry-run if/else in cleanup
since both branches create the same instance.
2. Batch-spawn duplicate detection now excludes dead/killed/exited
sessions so crashed sessions don't block respawning the same issue.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* fix: lsof flags, dry-run error guard, remove unused --regenerate
1. Fix lsof flag from -Fn to -Ffn so findProcessWebDir() actually
gets the file descriptor field needed to match "fcwd" markers.
2. Dry-run cleanup now guards "no sessions" message with both
killed.length === 0 AND errors.length === 0, matching the
non-dry-run branch behavior.
3. Remove unused --regenerate CLI option from ao start (defined
but never referenced in the action body).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* fix: cache registry promise and cap stderr buffer
- Cache the Promise instead of the resolved PluginRegistry to prevent
concurrent callers from racing past the null check and creating
multiple registries before loadFromConfig completes.
- Cap stderrChunks to 100 entries since only early startup errors
(stale build detection) are checked — unbounded growth wastes memory
for long-running dashboard processes.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* fix: decouple activity detection from runtimeHandle
Activity detection reads JSONL files on disk — it only needs
workspacePath, not a runtime handle. Gating on runtimeHandle caused
sessions created by external scripts to always show "unknown".
Two fixes:
1. enrichSessionWithRuntimeState now runs activity detection
independently of runtime handle presence
2. list() and get() construct a fallback handle from session ID
when runtimeHandle is missing in metadata (same pattern
sendMessage already uses)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: don't let fabricated runtime handles override session status
Bugbot correctly identified that constructing a fallback runtimeHandle
for sessions without one causes isAlive() → false → status = "killed",
clobbering meaningful statuses like "pr_open". Track whether the handle
came from metadata and only run liveness checks on real handles.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* refactor: extract ensureHandleAndEnrich to deduplicate list/get
Bugbot flagged the identical fallback handle construction in list() and
get(). Extracted into ensureHandleAndEnrich() so the logic lives in one
place.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* feat: overhaul orchestrator prompt with comprehensive CLI reference
The generated CLAUDE.orchestrator.md now teaches the orchestrator agent
everything it needs out of the box: identity/role, complete CLI reference
for every `ao` command with flags/options, behavioral guidelines (do/don't),
session lifecycle, workflows, and anti-patterns.
- Rewrite generateOrchestratorPrompt() with detailed CLI docs
- Add "Never Do" section (no legacy scripts, no raw tmux, no coding)
- Add session lifecycle ASCII diagram adapted to project config
- Document ao send flags (--no-wait, --timeout, -f) and mechanics
- Update static CLAUDE.orchestrator.md to use ao CLI exclusively
- Add 35 unit tests for orchestrator prompt generation
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* refactor: move orchestrator prompt injection into Agent plugin interface
The orchestrator prompt was being injected by directly writing
CLAUDE.local.md and CLAUDE.orchestrator.md in start.ts — Claude Code-
specific logic that doesn't work for other agents (Codex, Aider, OpenCode).
- Add `injectSystemPrompt()` to the Agent interface in types.ts
- Implement in agent-claude-code: writes CLAUDE.{name}.md + @import
- Implement in agent-codex/opencode: writes AGENTS.md
- Implement in agent-aider: writes .aider.conventions.md
- Remove ensureOrchestratorPrompt/ensureOrchestratorImport from start.ts
- start.ts now calls agent.injectSystemPrompt() (agent-agnostic)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* refactor: pass orchestrator prompt via CLI flags instead of file injection
Replace the file-based injectSystemPrompt() approach with native agent CLI
flags. Each agent plugin now handles systemPrompt in getLaunchCommand():
- Claude Code: --append-system-prompt
- Codex: --system-prompt
- Aider: --system-prompt
- OpenCode: no flag yet (ignored)
This removes the need to write CLAUDE.orchestrator.md / CLAUDE.local.md /
AGENTS.md files, making the implementation truly agent-agnostic. Also removes
the unused --regenerate flag from `ao start`.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* fix: activity detection — fix path encoding, use tail -1 for JSONL
Two tightly coupled infrastructure fixes:
- Fix toClaudeProjectPath(): leading `/` becomes `-` (not stripped),
matching Claude Code's actual project directory naming convention.
- Replace manual 4KB buffer read in readLastJsonlEntry() with
`tail -1` + JSON.parse — handles any file size, any line length,
and eliminates the truncated-line edge case entirely.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat: add "ready" state, return null when unknown, remove dead code
Behavioral changes to activity detection:
- Add "ready" to ActivityState — separates "alive at prompt" from
"idle/stale". Configurable via readyThresholdMs (default 5 min).
- Agent plugins return null when they can't determine activity
(no workspace, no JSONL, no per-session tracking). Session manager
preserves existing activity instead of overwriting with a guess.
- Remove isProcessing() from Agent interface — zero callers in
production code, fully superseded by getActivityState().
- Remove extractLastMessageType() from claude-code — the field it
populated (lastMessageType) was only consumed by the old inline
CLI mapping, which is now replaced by plugin delegation.
- CLI status delegates to agent.getActivityState() (single source
of truth) with metadata fallback when plugin returns null.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* test: comprehensive activity detection coverage
- activity-detection.test.ts: 42+ tests covering path encoding,
getActivityState edge cases (exited/null/fallback), real Claude Code
JSONL types, agent interface spec types, staleness thresholds,
JSONL file selection, and realistic session sequences.
- status.test.ts: plugin delegation tests — verifies CLI uses
agent.getActivityState() as single source of truth, passes
readyThresholdMs from config, falls back to metadata on null/throw.
- Integration tests: updated type expectations for null returns from
codex, opencode, and aider; added "ready" to valid state lists.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: flaky Linear integration test + missing ready label in SessionDetail
Linear API has eventual consistency — updateIssue state changes don't
propagate instantly. Poll with retries instead of asserting immediately.
Also adds "ready" entry to SessionDetail activityLabel map (was missing,
causing fallback to dim/unstyled rendering).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: pure Node.js readLastJsonlEntry, use pollUntilEqual for Linear test
Replace `tail -1` with pure Node.js implementation that reads backwards
from end of file in 4KB chunks. No external binary dependency — works
on any platform.
Fix flaky Linear integration test by using the existing pollUntilEqual
helper instead of an inline retry loop. Linear API has eventual
consistency; pollUntilEqual retries for up to 5s with 500ms intervals.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: use tail -1 for readLastJsonlEntry, add real-data integration test
Replace over-engineered pure Node.js backward-reading implementation with
simple `tail -1` via execFile. The codebase already shells out to tmux,
git, and ps everywhere — tail is no different.
Add integration test that validates toClaudeProjectPath() and
readLastJsonlEntry() against real ~/.claude/projects/ data on disk.
No API key needed — just requires Claude to have been run once.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* fix: terminal servers compatible with hash-based architecture
The terminal WebSocket servers (direct-terminal-ws and terminal-websocket)
used config.dataDir to validate sessions, which no longer exists in the
hash-based architecture. Also fixed node-pty failing to find tmux via
posix_spawnp.
Changes:
- Remove config.dataDir dependency, validate via `tmux has-session` instead
- Add resolveTmuxSession() to map user-facing IDs (ao-15) to hash-prefixed
tmux names (8474d6f29887-ao-15)
- Use explicit tmux path discovery (findTmux) since node-pty's posix_spawnp
doesn't reliably inherit PATH
- Include /opt/homebrew/bin in fallback PATH for macOS ARM
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: add session resolution to ttyd server and use exact tmux matching
- Add findTmux() and resolveTmuxSession() to terminal-websocket.ts
(previously only in direct-terminal-ws.ts), fixing hash-prefixed
session lookup for the ttyd-based terminal server
- Use tmux exact match prefix (=sessionId) in has-session checks
to prevent ao-1 from matching ao-15 via prefix matching
- Add server compatibility tests that verify both servers handle
hash-based architecture correctly (14 tests)
- Include server/ in tsconfig and vitest config for typecheck coverage
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* refactor: extract tmux-utils and add proper unit tests
- Extract findTmux(), resolveTmuxSession(), validateSessionId() into
shared server/tmux-utils.ts — eliminates duplication between
direct-terminal-ws.ts and terminal-websocket.ts
- Add 20 real unit tests with injected mocks that test actual behavior:
- findTmux: candidate priority, fallback to bare name
- resolveTmuxSession: exact match, hash-prefix resolution,
= prefix for preventing tmux prefix matching (ao-1 vs ao-15),
null when no session found, tmux not running
- validateSessionId: path traversal, shell injection, whitespace
- Slim down server-compatibility.test.ts to 10 structural checks
(imports tmux-utils, no loadConfig, no config.dataDir, no existsSync)
Total: 30 tests — all pass on fix branch, 8 fail on main
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* test: add real integration tests for direct-terminal-ws
- Refactor direct-terminal-ws to export createDirectTerminalServer()
factory so tests can control server lifecycle without side effects
- Add 10 integration tests that create real tmux sessions, start the
real server, connect via WebSocket, and verify the full flow:
- Health endpoint returns 200
- Missing session parameter → close 1008
- Path traversal in session ID → close 1008
- Shell injection in session ID → close 1008
- Nonexistent tmux session → close 1008
- Real tmux session → connects and receives terminal output
- Hash-prefixed session resolution works end-to-end
- Can send input and receive echoed output
- Resize messages don't crash the connection
- Unknown HTTP path → 404
- Tests create/destroy tmux sessions in beforeAll/afterAll
- Server runs on random port (port 0) to avoid conflicts
- Total test suite: 40 tests (20 unit + 10 compatibility + 10 integration)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* ci: add web server tests to CI pipeline
The web package was explicitly excluded from CI test runs
(pnpm -r --filter '!@composio/ao-web' test). Add a test-web job
that installs tmux, starts the tmux server, and runs the web
package tests (unit + integration).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: address CI failures and bugbot review comments
- Fix lint: replace require() with ESM import in integration test
- Fix base-path mismatch: ttyd now uses user-facing sessionId for
--base-path/URL and actual tmux name for attach-session
- Fix bare "tmux" in ttyd spawn args: use TMUX constant (full path)
- Scope CI test-web job to server/__tests__/ to avoid pre-existing
failures in src/__tests__/
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* test: comprehensive unit and integration test coverage
Unit tests (77): validateSessionId covers all injection vectors (shell,
path traversal, command substitution, special chars, unicode, control
chars), findTmux covers all candidate paths and error types,
resolveTmuxSession covers exact match, hash-prefix resolution, suffix
matching precision, edge cases (single char, long lists, multiple
hyphens, different tmux paths).
Integration tests (45): health endpoint lifecycle (active count tracks
connections/disconnections), HTTP routing (404s for all non-health
paths), WebSocket validation (11 injection/traversal vectors), terminal
connection (resize, multi-resize, invalid JSON, non-resize JSON),
hash-prefixed resolution (suffix match, command passthrough, session key
tracking, cross-match prevention), terminal I/O (Ctrl-C, Tab, Enter,
empty messages, rapid keystrokes, multi-line), connection lifecycle
(cleanup, rapid connect/disconnect, error recovery), server creation
(independent instances).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: validate 12-char hex prefix in hash-prefixed session resolution
The previous endsWith("-{sessionId}") suffix match was ambiguous:
"hash-my-app-1" would falsely match a lookup for "app-1". Now validates
that the prefix matches the exact format generated by generateConfigHash
(12-char lowercase hex) before comparing the remainder.
Added unit tests for the ambiguity case and invalid prefix formats.
Updated integration test session names to use proper 12-char hex prefixes.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Fixes bugbot issue: "Tests leak directories under home directory without cleanup"
The problem:
- Tests call the real getSessionsDir() which creates ~/.agent-orchestrator/{hash}/
directories based on hashing the tmpDir path
- Each test run uses a new random tmpDir, creating a unique hash
- afterEach only cleaned up tmpDir, leaving orphaned directories in ~/.agent-orchestrator/
- These directories accumulated indefinitely
The fix:
- Added cleanup for hash-based directories in afterEach for all affected tests
- Uses getProjectBaseDir() to calculate the directory path
- Removes the hash-based directory before cleaning tmpDir
- All 61 tests pass (13 CLI + 48 core)
Files fixed:
- packages/cli/__tests__/commands/session.test.ts
- packages/core/src/__tests__/session-manager.test.ts
- packages/core/src/__tests__/lifecycle-manager.test.ts
Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
* feat: implement seamless onboarding with enhanced documentation
- Add comprehensive README.md (18KB) with quick start, core concepts, and FAQ
- Add detailed SETUP.md (16.5KB) with prerequisites, integration guides, and troubleshooting
- Add examples/ directory with 5 ready-to-use config templates:
- simple-github.yaml: Minimal GitHub setup
- linear-team.yaml: Linear integration
- multi-project.yaml: Multiple repos
- auto-merge.yaml: Aggressive automation
- codex-integration.yaml: Using Codex agent
- Add environment detection (git repo, remote, branch, auth status)
- Auto-fill prompts with smart defaults from detected environment
- Add prerequisite validation (git, tmux, gh CLI)
- Show actionable next steps and warnings
- Parse owner/repo from git remote automatically
- Detect LINEAR_API_KEY and SLACK_WEBHOOK_URL in environment
- Prompt for Linear team ID when Linear tracker selected
- Format all files with Prettier for consistency
Reduces onboarding time from 30+ minutes to ~5 minutes:
1. Install CLI: `npm install -g @composio/ao-cli`
2. Run init: `ao init` (auto-detects everything)
3. Spawn agent: `ao spawn my-project ISSUE-123`
Users no longer need to:
- Manually parse git remote URLs
- Look up current branch names
- Remember YAML syntax
- Search for Linear team IDs
- Debug missing prerequisites
- ✅ pnpm build - All packages compile
- ✅ pnpm typecheck - No TypeScript errors
- ✅ pnpm lint - No new linting issues
- ✅ pnpm format - All files formatted
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
* docs: update installation instructions to reflect npm not yet published
Package is not published to npm yet, so users must build from source.
Updated README.md and SETUP.md to:
- Make 'build from source' the primary installation method
- Add note that npm publishing is coming soon
- Include pnpm as a prerequisite
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
* feat: add ao init --auto --smart for zero-config setup
Implements intelligent config generation with project type detection.
## What's New
### ao init --auto
- Zero prompts - auto-generates config with smart defaults
- Detects: git repo, remote, branch, languages, frameworks, tools
- Generates project-specific agentRules based on detected tech stack
### Project Detection
- Languages: TypeScript, JavaScript, Python, Go, Rust
- Frameworks: React, Next.js, Vue, Express, FastAPI, Django, Flask
- Tools: pnpm workspaces, test frameworks
- Package managers: pnpm, yarn, npm
### Rule Templates
Created templates for:
- base.md - Universal best practices
- typescript.md - TS strict mode, ESM, type imports
- javascript.md - Modern ES6+ patterns
- react.md - Hooks, composition, best practices
- nextjs.md - App Router, Server Components
- python.md - Type hints, PEP 8
- go.md - Error handling, defer patterns
- pnpm-workspaces.md - Monorepo commands
### Example Output
```bash
ao init --auto
# Detects:
# ✓ TypeScript + pnpm workspaces
# ✓ React + Next.js
# ✓ Vitest
# Generates:
agentRules: |
Always run tests before pushing.
Use TypeScript strict mode.
Use ESM modules with .js extensions.
Use React best practices (hooks, composition).
Before pushing: pnpm build && pnpm typecheck && pnpm lint && pnpm test
```
## Benefits
- **5 seconds** instead of 5 minutes
- **Zero config knowledge** required
- **Context-aware rules** tailored to your stack
- **Still customizable** - edit the generated config
## Future: --smart (AI-powered)
Flag added but not yet implemented. Will use Claude Code to:
- Analyze CLAUDE.md, CONTRIBUTING.md
- Read CI/CD config
- Generate custom rules based on project patterns
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
* fix: detect repo default branch instead of current branch
Fixes Bugbot issue: "Current branch wrongly suggested as default base branch"
## Problem
detectEnvironment was using `git branch --show-current` to suggest
defaultBranch in the config. If a user ran `ao init` while on a feature
branch like `feat/my-work`, the wizard would suggest that feature branch
as the default, causing agents to branch from the wrong base.
## Solution
Added detectDefaultBranch() function with 3 fallback methods:
1. git symbolic-ref refs/remotes/origin/HEAD (most reliable)
2. GitHub API via gh CLI (if ownerRepo known)
3. Check common branch names: main, master, next, develop
Now EnvironmentInfo tracks both:
- currentBranch: The checked-out branch (for display only)
- defaultBranch: The repo's base branch (for config)
## Testing
Tested on feat/seamless-onboarding branch:
- Current branch: feat/seamless-onboarding (displayed)
- Default branch: main (correctly detected for config)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
* fix: prevent duplicate framework detection in Python projects
Fixes Bugbot issue: "Duplicate frameworks when multiple Python config files exist"
## Problem
When both requirements.txt and pyproject.toml exist and mention the same
framework (e.g., FastAPI), the detection loop added it to the frameworks
array twice, causing duplicate rules in the generated config.
## Solution
Added addFramework() helper that checks if framework already exists before
adding to the array. Also prevents pytest from being set multiple times as
testFramework.
## Testing
Verified with test repo containing both files with FastAPI:
- Before: Would add 'fastapi' twice
- After: Only adds 'fastapi' once ✓
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
* fix: address Bugbot review comments
- Remove redundant conditional in --smart flag (both branches were identical)
- Include templates directory in npm package files
* fix: add existence check for base.md template file
Add existsSync guard before reading base.md to handle missing templates gracefully, consistent with other template file reads.
* fix: use direct tool invocation instead of which command
Replace 'which' with direct tool invocation (tmux -V, gh --version)
for better portability on minimal Linux systems where 'which' may
not be installed.
* fix: address Bugbot review comments
- Simplify gh auth status check to rely on exit code instead of output string
- Remove async from synchronous functions (detectProjectType, generateRulesFromTemplates)
* feat: add setup script for one-command installation
Add scripts/setup.sh that:
- Installs pnpm if not present
- Installs dependencies
- Builds all packages
- Links CLI globally
Updated README with simplified setup instructions using the script.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
* fix: correct npm link command in setup script
Remove incorrect -g flag from npm link command. The correct syntax is to cd into the package directory and run npm link without flags.
* fix: address Bugbot review comments on init command
- Validate --smart flag requires --auto (prevents silent ignore)
- Fix path validation to check user-specified path (not CWD)
These fixes address medium and low severity issues found by Cursor Bugbot
in PR #66 review.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
* docs: add DirectTerminal troubleshooting and fix setup script
- Add TROUBLESHOOTING.md documenting node-pty posix_spawnp error
- Update setup.sh to rebuild node-pty from source (fixes DirectTerminal)
- Ensures seamless onboarding with working terminal out-of-the-box
Resolves DirectTerminal WebSocket failures from incompatible prebuilt binaries.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
* fix: resolve variable scope issue in init command validation
- Move path variable outside if block to fix TypeScript scope error
- Only validate path existence if projectId is provided
- Use inline tilde expansion instead of missing expandHome import
Fixes build error that prevented setup.sh from completing.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
* fix: automate node-pty rebuild to eliminate terminal issues
- Add postinstall hook to automatically rebuild node-pty after pnpm install
- Create scripts/rebuild-node-pty.js for automatic rebuild with error handling
- Remove manual node-pty rebuild from setup.sh (now automatic)
This ensures DirectTerminal works correctly on every installation without
manual intervention. Fixes posix_spawnp errors from incompatible prebuilt
binaries across different systems and installations.
Resolves issue where users would encounter blank terminals after setup.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
* docs: update TROUBLESHOOTING with automatic node-pty rebuild
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
* docs: add comprehensive README with quick start guide
- 3-line magical setup: clone → setup → init → start
- Architecture overview with plugin slots table
- Usage examples and auto-reaction configuration
- Links to detailed docs (SETUP.md, TROUBLESHOOTING.md, examples/)
- Philosophy: push not pull, amplify judgment
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
* fix: resolve ESLint errors in rebuild-node-pty script
- Add scripts directory configuration to eslint.config.js
- Configure Node.js globals (console, process) for scripts
- Remove unused error variable from catch block
Fixes lint CI failure.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
* fix: warn when auto mode uses placeholder repo value
- Detect when 'owner/repo' placeholder is used in --auto mode
- Show warning: 'Could not detect GitHub repository'
- Update next steps to emphasize editing config when placeholder used
- Prevents silent failures when spawning agents with invalid repo
Addresses Bugbot review comment about silent placeholder values.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
---------
Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
Fixes issue where spawned sessions would send the prompt text but the Enter
keystroke would not be submitted, requiring manual Enter press.
Changes:
- Increase delay after paste-buffer from 300ms to 1000ms in tmux.ts sendKeys()
to ensure tmux processes the paste before receiving Enter keystroke
- Add 100ms delay after Escape key to ensure it's processed before pasting
- Increase spawn wait time from 1s to 2s before sending initial prompt to
allow Claude to fully initialize (permission prompts, startup, etc.)
These longer delays account for:
1. tmux paste buffer processing time
2. Claude permission prompt interactions
3. Agent initialization and readiness
Closes: FIX-SPAWN-PROMPT-SUBMIT
* fix: improve "Ask Agent to Fix" button UX and remove outdated TODO
Replaced browser alerts with proper visual feedback:
- Added loading state ("Sending...") with disabled button during request
- Show success state ("Sent!") in green for 3 seconds
- Show error state ("Failed") in red for 3 seconds
- Prevent multiple clicks while processing
Also removed outdated TODO comment - the API endpoint is already implemented.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
* fix: prevent race condition in concurrent "Ask Agent to Fix" clicks
Changed state tracking from single values to Sets to properly handle
multiple concurrent button clicks:
- `sendingComments: Set<string>` - tracks all in-flight requests
- `sentComments: Set<string>` - tracks successful completions
- `errorComments: Set<string>` - tracks failures
- `timersRef: Map<string, Timeout>` - per-comment cleanup timers
This ensures that:
- Each button correctly shows its own loading/success/error state
- Buttons remain disabled only while their specific request is pending
- Callbacks from different requests don't overwrite each other's state
Fixes the race condition identified by Cursor Bugbot.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
---------
Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
* fix: prevent merged PRs from showing "Merge conflicts" status
GitHub returns `mergeable: null` for merged/closed PRs. The SCM plugin
was misinterpreting this as unknown/problematic status, leading to
false "Merge conflicts" warnings in the dashboard.
Fixed in two layers:
1. SCM plugin: Check PR state first in getMergeability(). Return clean
result immediately for merged/closed PRs without querying mergeable.
2. Dashboard: Skip merge conflict display for non-open PRs in
SessionDetail component.
SessionCard already had protection via early return in getAlerts().
Closes: bug described in task description
Tests: Added tests for merged/closed PR cases, all 54 tests passing
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
* fix: only skip mergeability checks for merged PRs, not closed PRs
Addresses review comment: A closed-but-unmerged PR should still have
its mergeability checked accurately. Only merged PRs should skip the
checks since they're already merged.
Changes:
- SCM plugin: Only return clean status for state === "merged"
- Dashboard: Show conflicts for closed PRs (pr.state !== "merged")
- Tests: Updated to verify closed PRs still get checked
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
---------
Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
The spawn command was creating tmux sessions without calling agent.getEnvironment(),
causing spawned sessions to inherit CLAUDECODE from the parent orchestrator session.
This caused Claude to refuse to start with "cannot launch inside another Claude Code
session" error.
Now properly calls agent.getEnvironment() and merges those env vars (including
CLAUDECODE="") into the tmux session creation.
Fixes sessions ao-22 through ao-25 which were spawned but never had Claude running.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
* feat: wire up live activity detection for agent sessions
Previously, all sessions showed as "idle" on the dashboard because
activity detection was never called. The Agent plugin interface has
detectActivity(terminalOutput) and Runtime has getOutput(), but the
session manager's list() and get() methods never invoked them.
Changes:
- Updated list() to call runtime.getOutput() and agent.detectActivity()
after checking if runtime is alive
- Updated get() with the same activity detection logic
- Captures last 30 lines of terminal output for classification
- Falls back to "idle" if output capture fails (graceful degradation)
- Agent plugins classify output into: active, idle, waiting_input,
blocked, or exited
Testing:
- Added test for activity detection in list() with mocked output
- Added test for activity detection in get() with mocked output
- Added test for graceful fallback when getOutput() fails
- Fixed detectActivity mock (sync not async)
- All 24 tests pass
The dashboard now accurately shows whether agents are actively working,
idle at prompt, waiting for user input, blocked, or exited.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
* refactor: extract enrichSessionWithRuntimeState helper
Addresses review comment about duplicated activity detection logic
between list() and get() methods.
Changes:
- Extract activity detection into enrichSessionWithRuntimeState helper
- Both list() and get() now call this shared helper
- Eliminates duplication and makes future changes easier
- All tests still pass (24/24)
Benefits:
- Single source of truth for runtime state enrichment
- Future changes (caching, param tweaks) only need one update
- More maintainable and less error-prone
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
* refactor: replace terminal parsing with agent-native activity detection
Replaces hacky terminal output parsing (detectActivity) with deterministic
agent-native state tracking (getActivityState). Each agent now uses its own
internal mechanisms (JSONL files, SQLite, etc.) for reliable activity detection.
## Changes
### Core (`packages/core/src/types.ts`)
- Add `getActivityState(session)` method to Agent interface
- Deprecate `detectActivity(terminalOutput)` with @deprecated tag
### Session Manager (`packages/core/src/session-manager.ts`)
- Update `enrichSessionWithRuntimeState()` to call `agent.getActivityState()`
- Remove terminal output capture and parsing
- Cleaner, more maintainable code
### Claude Code Plugin (`packages/plugins/agent-claude-code/`)
- Implement `getActivityState()` using existing JSONL infrastructure
- Read last JSONL entry and classify by event type:
- user/tool_use → active
- assistant/system → idle
- permission_request → waiting_input
- error → blocked
- stale (>30s) → idle
- Export `toClaudeProjectPath()` for testing
- Add unit tests for path encoding
### Other Agent Plugins (Codex, Aider, OpenCode)
- Add stub `getActivityState()` implementations
- Fall back to process running check
- TODO comments for full implementation using:
- Codex: JSONL rollout files
- Aider: Chat history mtime
- OpenCode: SQLite database
### Tests (`packages/core/src/__tests__/session-manager.test.ts`)
- Update tests to expect `getActivityState()` calls
- Remove tests for deprecated terminal parsing
- All 24 tests pass ✅
## Benefits
✅ **Deterministic** - File-based, not terminal text parsing
✅ **Fast** - Single file read, no regex
✅ **Reliable** - Agent-provided state
✅ **Testable** - Mock files easily
✅ **Maintainable** - Pin versions, test format changes
## Migration Path
- `detectActivity()` is deprecated but not removed (backwards compat)
- Claude Code uses new method immediately
- Other agents use fallback until fully implemented
- Future PR will remove deprecated method
## Research
Agent-native mechanisms documented in:
- OpenAI Codex: JSONL rollout files at ~/.codex/sessions/
- Aider: Chat history at .aider.chat.history.md
- OpenCode: SQLite at ~/.local/share/opencode/opencode.db
See /tmp/activity-detection-redesign.md for full design.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
* feat: implement native activity detection for all agent plugins
Implements full getActivityState() for Codex, Aider, and OpenCode:
- **Codex**: Checks JSONL rollout files at ~/.codex/sessions/YYYY/MM/DD/rollout-*.jsonl
Maps event types (user_message, tool_use, approval_request, error) to activity states
- **Aider**: Checks chat history file mtime at .aider.chat.history.md and recent git commits
Detects activity based on file modification and auto-commit behavior
- **OpenCode**: Checks SQLite database mtime at ~/.local/share/opencode/opencode.db
Considers active if database was modified within 30 seconds
All implementations follow the deterministic approach established for Claude Code,
avoiding hacky terminal output parsing in favor of agent-native mechanisms.
Also fixes test mocks to include new getActivityState() method.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
* fix: address bugbot review comments for activity detection
Fixes three issues identified by Cursor Bugbot:
1. **Claude Code returns "exited" when runtime is alive** (Medium)
- Added process-alive check at start of getActivityState()
- Changed fallback returns from "exited" to "active" when process is running
- Now matches pattern used by other agents (Codex, Aider, OpenCode)
2. **Claude Code missing process-alive check** (Medium)
- Added isProcessRunning() check before file-based detection
- Prevents reporting stale file-based activity when process has exited
- Ensures "exited" is only returned when process is actually dead
3. **Codex reads entire JSONL file into memory** (Medium)
- Replaced readFile() with seeked file handle read
- Now reads only last 4KB (TAIL_READ_BYTES) instead of entire file
- Matches efficient approach used by Claude Code plugin
- Prevents memory/latency issues on long-running sessions
All tests passing (85 for Claude Code, 28 for Codex).
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
* fix: address three additional bugbot review comments
Fixes three issues identified in the second Cursor Bugbot scan:
1. **Catch block doesn't set activity to idle** (Low)
- Added explicit `session.activity = "idle"` in catch block
- Previously relied on implicit default from metadataToSession
- Now explicitly documents and enforces the fallback behavior
2. **Codex rollout file matching uses wrong session ID** (Medium)
- Removed session ID filtering from findLatestRolloutFile()
- Codex uses internal UUIDs unrelated to orchestrator session IDs
- Now finds most recent rollout file across all dates
- Fixes non-functional activity detection for Codex
3. **Duplicate readLastJsonlEntry across packages** (Low)
- Extracted shared JSONL tail-reading logic to @composio/ao-core/utils
- Removed duplicate implementations from agent-claude-code and agent-codex
- Both plugins now import readLastJsonlEntry and TAIL_READ_BYTES from core
- Net reduction of 21 lines while improving maintainability
All 240 tests passing (127 core + 85 Claude Code + 28 Codex).
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
* fix: remove unused TAIL_READ_BYTES import from claude-code plugin
* fix: address third round of bugbot comments - document agent limitations
Fixes three issues from the latest Cursor Bugbot scan:
1. **Codex reads global state not per-session** (High Severity)
- Removed file-based activity detection from Codex plugin
- Codex stores rollout files globally without workspace scoping
- When multiple sessions run, cannot reliably match files to sessions
- Now falls back to process-running check only (conservative)
- Documented limitation with TODO for when Codex adds per-workspace support
2. **OpenCode uses global shared database** (Medium Severity)
- Removed database mtime checking from OpenCode plugin
- OpenCode uses single global SQLite database for all sessions
- Multiple sessions cause activity state bleed
- Now falls back to process-running check only (conservative)
- Documented limitation with TODO for when OpenCode adds per-workspace support
3. **Unused TAIL_READ_BYTES export** (Low Severity)
- Removed TAIL_READ_BYTES from core package exports
- Only used internally by readLastJsonlEntry in utils.ts
- Reduces unnecessary public API surface
Net reduction: 108 lines of code that couldn't work correctly with multiple sessions.
All tests passing (28 Codex + 27 OpenCode).
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
* test: rewrite agent integration tests to use getActivityState() instead of detectActivity()
Integration tests were using the deprecated detectActivity() method, which
meant they weren't actually testing the new getActivityState() functionality
that session-manager uses in production.
Changes:
- All agent integration tests now call getActivityState() instead of detectActivity()
- Tests verify getActivityState() returns valid states while running
- Tests verify getActivityState() returns "exited" after process terminates
- Grouped multiple assertions per test run for efficiency
- Updated comments to reflect new behavior (Codex/OpenCode conservative fallback)
- Allow getSessionInfo() to return null for path encoding mismatches
All integration tests pass:
- agent-claude-code: 6 passed (full JSONL-based activity detection)
- agent-codex: 5 passed (conservative fallback)
- agent-opencode: 5 passed (conservative fallback)
- agent-aider: updated but not tested (aider binary not available in CI)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
* fix: remove unused imports from integration tests
Fixed ESLint errors:
- Removed unused 'capturePane' imports from all agent integration tests
- Removed unused 'err' variable from catch block
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
* fix: return active instead of idle when JSONL entry is null
When readLastJsonlEntry returns null (empty file or read error), getActivityState
now returns "active" instead of "idle" as a conservative fallback. This makes it
consistent with:
- Other fallback cases in the same function (no workspace path, no session file)
- Other agent plugins (Codex, OpenCode, Aider) which return "active" on detection failure
- The stated intent in PR discussion to assume active when process is running
Fixes bugbot comment: https://github.com/ComposioHQ/agent-orchestrator/pull/45#discussion_r2810110669
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
* fix: make TAIL_READ_BYTES internal constant instead of exported
TAIL_READ_BYTES is only used internally within readLastJsonlEntry()
and is not exported from the package's index.ts. Removed the export
keyword to make it clear it's an internal implementation detail.
Addresses bugbot comment about unused export.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
---------
Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
* feat: implement ao start command for unified orchestrator startup
Adds `ao start` and `ao stop` commands to unify orchestrator and
dashboard startup. Key features:
- Generates CLAUDE.orchestrator.md with project-specific context
- Auto-imports orchestrator prompt via CLAUDE.local.md
- Creates orchestrator tmux session with agent
- Starts Next.js dashboard server
- Supports --no-dashboard, --no-orchestrator, --regenerate flags
- Idempotent operation (safe to run multiple times)
- Computes orchestrator ID from config (not session search)
- Dashboard button always visible for orchestrator terminal
Components:
- packages/core/src/orchestrator-prompt.ts: Prompt generator
- packages/cli/src/commands/start.ts: Start/stop commands
- Modified exports and dashboard UI for orchestrator support
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
* feat: add automatic metadata updates via Claude Code hooks
CRITICAL: This makes the dashboard work by auto-updating metadata when
agents run git/gh commands. Without this, PRs created by agents never
appear on the dashboard.
Changes:
- packages/core/src/claude-hooks.ts: Setup Claude hooks (settings.json + metadata-updater.sh)
- ao start: Automatically configures Claude hooks in project directory
- ao spawn: Sets AO_SESSION and AO_DATA_DIR env vars for hook script
- metadata-updater.sh: Detects gh pr create, git checkout -b, gh pr merge
How it works:
1. PostToolUse hook fires after every Bash command
2. metadata-updater.sh receives JSON with command and output
3. Pattern matches git/gh commands and updates flat metadata files
4. Dashboard reads metadata files to show PR/branch/status
The .claude directory is symlinked from main repo to worktrees so all
sessions share the same hook config.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
* refactor: move hook setup to Agent plugin interface
ARCHITECTURE: Hooks setup must go through the Agent plugin interface,
not be hardcoded for Claude Code. This allows other agents (Codex,
Aider, OpenCode) to implement their own metadata update mechanisms.
Changes:
- Added Agent.setupWorkspaceHooks() method to types.ts
- Added WorkspaceHooksConfig interface
- Implemented setupWorkspaceHooks() in Claude Code plugin
- ao start: calls agent.setupWorkspaceHooks() instead of direct setup
- ao spawn: calls agent.setupWorkspaceHooks() for new worktrees
- Uses $CLAUDE_PROJECT_DIR variable for hook path (works with symlinked .claude)
Each agent plugin now implements its own hook mechanism:
- Claude Code: .claude/settings.json with PostToolUse hook
- Future: Codex, Aider, OpenCode with their own config formats
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
* fix: address Cursor Bugbot review comments
Fixes 3 issues identified by Cursor Bugbot:
1. HIGH: ao start is now truly idempotent - if orchestrator session exists,
it skips creating the session but still proceeds with dashboard startup
and hook configuration. This allows `ao start` to recover from dashboard
crashes without failing.
2. MEDIUM: Dashboard orchestrator button now finds the actual running
orchestrator session instead of always using the first project. Fallback
to first project ID if no orchestrator is running.
3. LOW: Deduplicated findWebDir() function by moving it to shared utility
lib/web-dir.ts. Now used by both dashboard.ts and start.ts.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
* fix: resolve ESLint errors
Fixes 4 ESLint errors identified in CI:
- Added { cause: err } to Error constructors (preserve-caught-error rule)
- Prefixed unused parameter 'config' with underscore in setupWorkspaceHooks
- Prefixed unused variable 'projectId' with underscore in stop command
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
* fix: address bugbot review comments - markdown escaping and unused module
- Fix markdown code fence escaping in orchestrator-prompt.ts (change
`\\\`` to `\`` for proper markdown rendering)
- Remove unused claude-hooks.ts module (functionality moved to plugin)
- Clean up exports from core/src/index.ts
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
* fix: address remaining bugbot issues - metadata path, duplication, summary
HIGH severity - Fix metadata path mismatch for worker sessions:
- Add AO_PROJECT_ID environment variable in spawn.ts
- Update metadata-updater hook script to construct correct path:
* Worker sessions: $AO_DATA_DIR/${AO_PROJECT_ID}-sessions/$AO_SESSION
* Orchestrator: $AO_DATA_DIR/$AO_SESSION (no project ID)
- Fixes silent hook failures where PRs/branches never appeared on dashboard
LOW severity - Remove code duplication in hook setup:
- Extract setupHookInWorkspace() helper function (90 lines)
- Refactor setupWorkspaceHooks() to use helper (from 80 lines to 4)
- Refactor postLaunchSetup() to use helper (from 82 lines to 6)
- Eliminates risk of methods drifting out of sync
LOW severity - Fix misleading summary output:
- Change "Orchestrator started" to "Startup complete" when components skipped
- Only show dashboard URL when --no-dashboard NOT used
- Only show session info when --no-orchestrator NOT used
- Show "already running" status when orchestrator exists
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
* fix: address new bugbot issues - hook quoting, orchestrator link, pkill scope
HIGH severity - Fix Claude hook command quoting:
- Remove embedded double quotes from $CLAUDE_PROJECT_DIR path
- Change from '"$CLAUDE_PROJECT_DIR"/.claude/...' to '$CLAUDE_PROJECT_DIR/.claude/...'
- Prevents hook execution failures if runner treats command as literal path
MEDIUM severity - Fix orchestrator link pointing to nowhere:
- Only show "orchestrator terminal" link when session actually exists
- Remove fallback to computed/hardcoded "ao-orchestrator" ID
- Prevents 404s when user clicks link before starting orchestrator
MEDIUM severity - Fix stop command killing unrelated processes:
- Replace broad `pkill -f "next dev -p ${port}"` with targeted approach
- Use `lsof -ti :${port}` to find exact PID listening on port
- Only kill the specific process, not any process mentioning "next dev"
- Prevents accidentally killing unrelated Next.js dev servers
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
* fix: orchestrator metadata path and multi-pid dashboard stop
HIGH severity - Fix orchestrator AO_PROJECT_ID pollution:
- Orchestrator intentionally omits AO_PROJECT_ID (uses flat metadata path)
- agent.getEnvironment() adds AO_PROJECT_ID=project.name
- Object.assign() merged this in, breaking metadata hook path lookup
- Fix: delete environment.AO_PROJECT_ID after merge
- Ensures orchestrator metadata updates work correctly
MEDIUM severity - Fix stopDashboard with multiple PIDs:
- lsof -ti :PORT returns multiple PIDs (one per line) for parent+children
- Passing entire multi-line string to kill fails (can't parse newlines)
- Fix: split stdout by newlines, filter empty, pass PIDs as separate args
- Now correctly stops dashboard even when multiple Node processes exist
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
* fix: remove AO_PROJECT_ID from agent plugins to fix metadata path mismatch
The agent.getEnvironment() method was setting AO_PROJECT_ID to
config.projectConfig.name, but different callers have different metadata
path schemes:
- spawn.ts writes to project-specific directories (dataDir/{projectId}-sessions/)
- start.ts writes to flat directories for orchestrator (dataDir/)
- session-manager writes to flat directories (dataDir/)
Setting AO_PROJECT_ID in getEnvironment() caused the metadata updater hook
to look for files in the wrong location for orchestrator and session-manager
flows, breaking automatic metadata updates.
Fix: Remove AO_PROJECT_ID from all agent plugins' getEnvironment() methods
and make it the caller's responsibility to set when using project-specific
directories. Only spawn.ts sets it now.
Changes:
- Remove AO_PROJECT_ID assignment from getEnvironment() in all 4 agent plugins
(claude-code, aider, codex, opencode)
- Update corresponding tests to expect AO_PROJECT_ID to be undefined
- Remove delete environment.AO_PROJECT_ID statement from start.ts (no longer needed)
- Add comments explaining the metadata path scheme contract
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
* fix: only run orchestrator setup when actually starting orchestrator
The orchestrator-specific setup steps (generating CLAUDE.orchestrator.md,
configuring CLAUDE.local.md, and setting up agent hooks) were executing
unconditionally, even when --no-orchestrator was passed. This caused
`ao start --no-dashboard` to fail if hook setup had errors, because the
hook setup was fatal and blocked the dashboard from starting.
Fix: Move all orchestrator setup steps inside the `if (opts?.orchestrator !== false)`
guard, and specifically inside the `else` branch (when session doesn't already exist).
Now these steps only run when we're actually creating a new orchestrator session.
This allows:
- `ao start --no-orchestrator` to start only the dashboard
- Skipping setup when orchestrator session already exists
- Setup to be non-blocking for dashboard-only mode
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
* fix: eliminate redundant getAgent call by hoisting agent declaration
The agent instance was being created twice in the orchestrator setup block:
- Once at line 237 inside the hook setup try block
- Again at line 253 for getting the launch command
This creates duplicate agent instances unnecessarily. Fixed by declaring
the agent variable before the hook setup try block, allowing it to be
reused for both hook setup and launch command generation.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
* fix: address resource leaks and undefined env variable
Fixed 4 Bugbot issues:
1. HIGH: Undefined $CLAUDE_PROJECT_DIR in hook script path
- Changed setupWorkspaceHooks to use absolute path instead of undefined
env variable
- Matches approach used in postLaunchSetup for consistency
2. HIGH: Orchestrator session leaks when metadata write fails
- Added try-catch around tmux session launch and metadata write
- Kills tmux session if metadata write or agent launch fails
- Prevents orphaned sessions from consuming resources
3. MEDIUM: Dashboard process leaks when orchestrator setup fails
- Wrapped orchestrator setup in try-catch block
- Kills dashboard child process if orchestrator setup fails
- Prevents orphaned Next.js server from blocking future starts
4. LOW: Inconsistent indentation (fixed as side effect of restructuring)
- Refactored error handling simplified indentation structure
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
---------
Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
* feat: validate tracker issues on spawn with fail-fast behavior
Implement issue validation in spawn flow to fail fast when issues don't exist,
preventing creation of sessions with broken issue references.
**Key Changes:**
- Add isIssueNotFoundError() helper to detect "not found" errors
- Validate issues BEFORE creating resources (workspace, runtime, session ID)
- Fail fast with clear error messages when issues don't exist
- Categorize batch spawn failures (not_found, auth_failed, other)
- Add comprehensive tests (4 new test cases, all 25 tests pass)
- Update documentation with new spawn flow
**Behavior:**
- Issue exists → spawn proceeds, reports success
- Issue not found → fail with "does not exist in tracker" message
- Auth/network error → fail with error details
- No issue provided → spawn ad-hoc session without issue tracking
**Benefits:**
- No wasted resources on invalid issues
- Clear, actionable error messages for orchestrators
- Maintains backwards compatibility (ad-hoc sessions still work)
- Separation of concerns (spawn validates, orchestrator creates issues)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
* fix: address bugbot review comments - improve error detection and add CLI validation
**Issue 1: CLI validation was missing**
- CLI's spawnSession bypassed core session manager validation
- Added tracker plugin support to CLI (getTracker function)
- Validate issues in CLI before creating worktrees/tmux sessions
- Error categorization now matches actual tracker errors, not git/tmux errors
**Issue 2: Overly broad "not found" matching**
- Previous: matched any "not found" (including "API key not found", "Team not found")
- Fixed: Check for issue-specific patterns AND exclude infrastructure errors
- Now matches: "issue" + "not found", "no issue found", "could not find issue"
- Excludes: "api key", "team", "configuration", "workspace", "organization", "endpoint"
**Changes:**
- packages/core/src/types.ts: More specific isIssueNotFoundError logic
- packages/cli/src/commands/spawn.ts: Add validation before workspace creation
- packages/cli/src/lib/plugins.ts: Add tracker plugin support + getTracker
- packages/cli/package.json: Add tracker plugin dependencies
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
* fix: resolve CI lint and test failures
**Lint fixes:**
- Combine duplicate imports in session-manager.ts and spawn.ts
- Add error cause preservation in CLI error throws
**Test fixes:**
- Mock getIssue response in plugin-integration test for spawn validation
- Test now provides proper GitHub issue response for validation to pass
**Changes:**
- packages/core/src/session-manager.ts: Combine imports using inline type syntax
- packages/cli/src/commands/spawn.ts: Merge duplicate plugin imports, add error cause
- packages/core/src/__tests__/plugin-integration.test.ts: Add mockGh for issue validation
All lint checks pass (0 errors, 11 warnings - existing)
All tests pass (128 tests)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
* fix: address bugbot review comments - error categorization and CLI test mocking
- Fix case-sensitive auth check in batch-spawn (now catches 'Authentication' errors)
- Fix workspace exclusion in isIssueNotFoundError to not shadow valid issue errors
- Add missing tracker mock to CLI tests (fixes all 5 test failures)
* fix: address remaining bugbot comments - remove duplication and redundancy
- Remove redundant sessionId reassignment after reservation loop
- Remove duplicate suggestion message in CLI error handler
- Remove duplicate issue validation from CLI to avoid DRY violation
(validation remains in core SessionManager.spawn for programmatic use)
* fix: restore sessionId assignment needed for TypeScript flow analysis
The assignment after the loop is not logically redundant but is required
for TypeScript's definite assignment analysis. Without it, TS cannot
guarantee sessionId is assigned after the loop.
* fix: remove unused tracker plugin code from CLI
- Remove getTracker function (no longer used after removing CLI validation)
- Remove tracker plugin imports and dependencies
- Remove mockGetTracker from tests
- Reduces bundle size and dependency coupling
* chore: update pnpm lockfile after removing tracker dependencies
* fix: remove console output from core library
Core library should not have console.log/console.warn calls as it's
used by CLI, web dashboard, and tests. Console output couples the
library to a specific output mechanism and produces noise in non-CLI
contexts. Callers can handle output presentation as needed.
* fix: remove unused catch parameter to fix lint error
* fix: remove redundant success messages in CLI spawn command
spawnSession already outputs spinner.succeed/fail with details, so
additional success/failure messages in command handlers are redundant.
Keep batch-spawn error categorization for summary purposes.
* fix: remove unused catch parameter
* fix: simplify batch-spawn error reporting
Remove misleading error categorization from batch-spawn. Since spawn no
longer categorizes errors as "not_found" or "auth_failed", the batch-spawn
summary section was filtering on error types that were never set.
Simplified to just list all failed issues with their error messages.
Also fixed single spawn error handling to log the error message before
exiting.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
* fix: remove dead code from isIssueNotFoundError
The exclusion guard for infrastructure errors (lines 863-876) was
completely redundant. Every return pattern already requires "issue" to
be present in the message, so a message without "issue" would naturally
return false from the main return statement. The guard added no value
and created confusion for maintainers.
Simplified by removing the redundant guard entirely.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
---------
Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
* feat: implement DirectTerminal with XDA clipboard support
Fixes clipboard functionality in web terminal without requiring iTerm2 attachment.
## Problem
Browser clipboard (Cmd+C/Ctrl+C) only worked when an iTerm2 client was attached
to the tmux session. Users had to keep iTerm2 tabs open in the background for
clipboard to work in the web dashboard.
## Root Cause
- tmux uses XDA (Extended Device Attributes) queries to detect terminal capabilities
- xterm.js doesn't implement XDA (marked as TODO in their codebase)
- Without XDA response, tmux doesn't enable clipboard support (TTYC_MS)
- iTerm2 responds to XDA, enabling clipboard for the entire session
## Solution
Implemented DirectTerminal component with custom XDA handler:
- Registers CSI > q handler using xterm.js parser API
- Responds with XTerm identification: DCS > | XTerm(370) ST
- tmux detects "XTerm(" and enables clipboard capability
- OSC 52 sequences flow: tmux → WebSocket → xterm.js → navigator.clipboard
## Changes
- Add DirectTerminal component with XDA handler
- Add direct-terminal-ws WebSocket server using node-pty
- Replace Terminal with DirectTerminal in SessionDetail
- Add comprehensive test page at /dev/terminal-test documenting:
- Root cause analysis
- Implementation details
- Node version requirements (requires Node 20.x due to node-pty)
- Debugging journey and lessons learned
- Fix ttyd port recycling to prevent EADDRINUSE errors
## Testing
Visit http://localhost:3000/dev/terminal-test for side-by-side comparison
and complete documentation.
Investigation time: 12+ hours (Feb 15-16, 2026)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
* fix: lint and typecheck errors
- Remove unused expectedWidth variable in DirectTerminal
- Add test files to eslint ignores
* fix: wrap useSearchParams in Suspense boundary
- Add Suspense wrapper to /dev/terminal-test page
- Add Suspense wrapper to /test-direct page
- Fixes Next.js build prerender error
* fix: address Bugbot review comments
- Fix useEffect cleanup memory leak in DirectTerminal
- Remove accidentally committed build artifacts
- Remove test scripts from repository root
- Add build/ to .gitignore
* fix: address additional Bugbot comments
- Re-enable mouse mode in ttyd terminal (was temporarily disabled)
- Fix hardcoded macOS paths in direct-terminal-ws
- Use 'tmux' from PATH instead of hardcoded /opt/homebrew/bin/tmux
- Use os.userInfo() for username fallback instead of 'equinox'
- Use process.env.PATH for cross-platform compatibility
Note: Bugbot comment about XDA response is incorrect - terminal.write()
is the correct API for responding to XDA queries. The implementation works
as confirmed by user testing.
* perf: fix slow terminal scrolling
- Remove status and error from useEffect dependencies (was recreating terminal on every state change)
- Add scroll performance settings: scrollSensitivity, fastScrollModifier
- Terminal now only recreates when sessionId changes
* fix: pass startFullscreen prop to DirectTerminal in SessionDetail
The fullscreen query parameter was being read from URL but not passed
through to the DirectTerminal component. This caused the fullscreen=true
query param to be ignored when viewing session detail pages.
Fixes:
- Pass startFullscreen prop from SessionDetail to DirectTerminal
- Enables ?fullscreen=true to work on session detail pages
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
* fix: enable mouse mode for DirectTerminal scrolling
DirectTerminal was not scrollable because tmux mouse mode was not enabled
for the sessions. The ttyd implementation already had this, but the
DirectTerminal WebSocket server was missing it.
Changes:
- Add spawn import from node:child_process
- Enable tmux mouse mode on session connection
- Hide tmux status bar for cleaner appearance
This makes DirectTerminal scrolling work the same as ttyd terminals.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
* fix: reduce scroll speed in DirectTerminal for smoother experience
Reduced scroll sensitivity from 3 to 1 lines per wheel tick for more
natural scrolling behavior. Also reduced fast scroll (with Alt) from 5 to 3.
Changes:
- scrollSensitivity: 3 → 1 (normal scroll speed)
- fastScrollSensitivity: 5 → 3 (Alt+scroll speed)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
* feat: auto-select two different sessions for terminal test page
When no query params are provided, the test page now automatically fetches
available sessions and picks two different ones for side-by-side comparison.
This avoids port conflicts between ttyd and DirectTerminal by default.
Changes:
- Fetch sessions from /api/sessions on mount
- Use first two available sessions as defaults (or fall back to hardcoded)
- Query params still work for manual override
- Warning only shows when sessions are actually the same
Examples:
- /dev/terminal-test (auto-picks two sessions)
- /dev/terminal-test?old_session=X&new_session=Y (manual override)
- /dev/terminal-test?session=X (uses same session for both)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
* fix: filter out terminated sessions in terminal test auto-selection
The auto-selection was picking terminated/exited sessions, causing
WebSocket connection failures when trying to attach to non-existent
tmux sessions (PTY exit code 1).
Now filters to only use sessions with activity !== "exited" for
auto-selection, ensuring terminals can actually connect.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
* feat: add server-side active session filtering to API
Instead of filtering terminated sessions on the client, added proper
API support with ?active=true query parameter to filter server-side.
Changes:
- GET /api/sessions?active=true - Returns only non-exited sessions
- Updated terminal test page to use new API parameter
- Properly maintains session/dashboard alignment during filtering
- Removed client-side filtering logic
This is cleaner, more efficient, and follows proper API design patterns.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
* refactor: replace magic strings with ACTIVITY_STATE constants
Added ACTIVITY_STATE constants to @composio/ao-core types and replaced
all hardcoded "exited", "waiting_input", "blocked" strings with proper
constants throughout the codebase.
Changes:
- Added ACTIVITY_STATE constant object to core/types.ts
- Replaced magic strings in API route (/api/sessions)
- Replaced magic strings in lib/types.ts (getAttentionLevel)
- Properly typed constants with satisfies Record<string, ActivityState>
This prevents typos, improves IDE autocomplete, and makes refactoring
easier by having a single source of truth for activity state values.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
* fix: move WebSocket servers outside src/ to fix webpack build error
Moved terminal-websocket.ts and direct-terminal-ws.ts from src/server/
to server/ (outside src/) to prevent Next.js webpack from trying to
bundle them with client code.
These are standalone Node.js WebSocket servers (not Next.js API routes)
that should not be part of the Next.js build. Webpack was failing when
encountering node:child_process imports.
Changes:
- Moved src/server/*.ts to server/*.ts
- Updated package.json scripts to point to new location
Fixes: Module build failed: UnhandledSchemeError with node:child_process
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
* fix: update server file path in terminal test page docs
Updated documentation to reflect new server file location after moving
files from src/server/ to server/.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
* fix: import from @composio/ao-core/types to avoid bundling server code
The main @composio/ao-core export includes tmux utilities that use
node:child_process, which webpack cannot bundle for the client.
The package already exports a /types entry point that only includes
types and constants (no server utilities).
Changes:
- Import from @composio/ao-core/types instead of @composio/ao-core
- This prevents webpack from trying to bundle tmux.js in client code
Fixes webpack error: UnhandledSchemeError with node:child_process
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
* fix: combine duplicate imports to resolve lint errors
* fix: update .env.local.example to match code defaults (port 3003)
Addresses bugbot comment: Documentation showed port 3002 but both
server (direct-terminal-ws.ts) and client (DirectTerminal.tsx) default
to 3003. This mismatch could cause connection failures if developers
set only DIRECT_TERMINAL_PORT without NEXT_PUBLIC_DIRECT_TERMINAL_PORT.
Updated documentation to reflect actual code defaults.
---------
Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>