agent-orchestrator/packages/core
Harsh Batheja f65e7d95bf fix(lifecycle): reduce GitHub API rate limiting from batch enrichment bypass (#906)
* fix(lifecycle): reduce GitHub API rate limiting from batch enrichment bypass

Three optimizations to prevent API storms in the lifecycle manager poll cycle:

1. **CRITICAL - maybeDispatchMergeConflicts**: Gate the getMergeability()
   fallback to only run when batch enrichment didn't run at all. Previously
   it called getMergeability() (3 REST calls) whenever hasConflicts was
   undefined, even when the batch had already fetched PR data. Now uses
   cachedData.hasConflicts ?? false when the batch ran.

2. **HIGH - maybeDispatchCIFailureDetails**: Use batch enrichment ciChecks
   when available instead of calling getCIChecks() (separate REST call)
   on every poll. The GraphQL batch query now fetches statusCheckRollup
   contexts (individual check names, statuses, URLs) alongside the rollup
   state. Falls back to getCIChecks() only when batch didn't run.

3. **MEDIUM - maybeDispatchReviewBacklog**: Throttle getPendingComments +
   getAutomatedComments API calls to at most once per 2 minutes per session.
   These were called every 30s even when nothing had changed.

Impact: ~8-10 API calls/PR/poll reduced to ~2-4, enabling 3-4x more
concurrent sessions before hitting GitHub's 5,000/hr REST limit.

Also extends PREnrichmentData with ciChecks?: CICheck[] and adds
parseCheckContexts() helper to graphql-batch.ts for parsing CheckRun
and StatusContext nodes from the GraphQL statusCheckRollup.contexts field.

* fix(scm-github): fall back to getCIChecks() when contexts list is truncated

When a PR has >20 CI checks, contexts(first: 20) silently truncates the
list. Setting ciChecks to undefined when pageInfo.hasNextPage is true
ensures maybeDispatchCIFailureDetails falls back to the getCIChecks()
REST call, which returns all checks without truncation.

Also adds pageInfo { hasNextPage } to the contexts GraphQL query so
truncation can be detected.

* fix(lifecycle): prune lastReviewBacklogCheckAt in pollAll cleanup loop

Add the new throttle map to the existing pruning loop that removes stale
entries for sessions no longer in the session list. Previously the map
was only cleared on terminal status transitions, leaving orphaned entries
for sessions removed externally (killed + cleaned up without transition).

* fix(lifecycle): bypass throttle on review transition; fix StatusContext conclusion

Two fixes for automated review findings:

1. Bypass review backlog throttle when a transition reaction just fired for
   humanReactionKey or automatedReactionKey. The transitionReaction branch
   needs to read the current fingerprint via the API to record
   lastPendingReviewDispatchHash. Without bypassing, the throttle prevents
   this write and the next unthrottled poll sees a stale (empty) hash,
   clears the reaction tracker, and fires a duplicate dispatch.

2. Set conclusion on StatusContext nodes in parseCheckContexts() to match
   the REST getCIChecksFromStatusRollup() format (rawState.toUpperCase()).
   The CI failure fingerprint includes c.conclusion ?? '', so inconsistent
   conclusion values between GraphQL and REST paths caused phantom fingerprint
   changes when switching sources, triggering duplicate dispatches.

* fix(scm-github): normalize CheckRun conclusion and map NEUTRAL to skipped

Two consistency fixes in parseCheckContexts() vs the REST path:

1. NEUTRAL conclusion: was mapped to 'passed' (with SUCCESS), but
   mapRawCheckStateToStatus() in the REST path maps NEUTRAL to 'skipped'.
   Changed to treat NEUTRAL the same as SKIPPED.

2. CheckRun conclusion: was stored as the raw GraphQL string (may be
   lowercase). REST getCIChecks/getCIChecksFromStatusRollup always store
   conclusion as rawState.toUpperCase(). Now stores rawConclusion which
   is already uppercased during the status branching logic.

Both fixes prevent phantom fingerprint changes when maybeDispatchCIFailureDetails
switches between GraphQL batch and REST fallback across poll cycles.

* fix(scm-github): map STALE/NOT_REQUIRED/NONE conclusions to skipped

parseCheckContexts() was mapping these conclusions to 'failed' via the
else fallback, while mapRawCheckStateToStatus() in the REST path
explicitly maps all of them to 'skipped'. Added them to the skipped
branch alongside SKIPPED and NEUTRAL to fully mirror the REST mapping.

* fix(scm-github): map QUEUED/WAITING to pending not running

parseCheckContexts() mapped QUEUED and WAITING CheckRun statuses to
'running', but mapRawCheckStateToStatus() in the REST path maps both
to 'pending'. Only IN_PROGRESS maps to 'running' in the REST path.

Fixes fingerprint inconsistency when switching between GraphQL batch
and REST fallback across poll cycles.

* fix(scm-github): map STARTUP_FAILURE to skipped; guard null pageInfo

- STARTUP_FAILURE conclusion now falls through to the "skipped" branch
  (matching mapRawCheckStateToStatus() REST default) instead of the
  explicit failure enumeration catch-all
- Null pageInfo guard prevents TypeError from typeof null === "object"
  JavaScript quirk when accessing hasNextPage on a null pageInfo field
- Tests added for both cases

* fix(scm-github): map COMPLETED+null conclusion to skipped not passed

When a CheckRun has status COMPLETED and conclusion null, the REST path's
mapRawCheckStateToStatus() converts it to "" which maps to "skipped".
The GraphQL path was incorrectly mapping it to "passed" via !rawConclusion.
Fix: only map rawConclusion === "SUCCESS" to "passed"; null falls through
to the else branch → "skipped", matching the REST path exactly.
2026-04-06 22:52:47 -07:00
..
__tests__ fix: added GraphQL batch PRfeat: add GraphQL batch PR enrichment for orchestrator polling enrichment for orchestrator polling (fixes #608) (#637) 2026-03-30 00:31:04 +05:30
src fix(lifecycle): reduce GitHub API rate limiting from batch enrichment bypass (#906) 2026-04-06 22:52:47 -07:00
CHANGELOG.md chore: version packages 2026-03-20 15:47:55 +00:00
README.md update core README 2026-03-31 04:02:14 +05:30
package.json chore: version packages 2026-03-20 15:47:55 +00:00
tsconfig.build.json feat: implement SCM and tracker plugins (github, linear) (#4) 2026-02-14 15:45:51 +05:30
tsconfig.json feat: implement SCM and tracker plugins (github, linear) (#4) 2026-02-14 15:45:51 +05:30
vitest.config.ts ci: add diff coverage workflow enforcing 80% on changed code only 2026-03-31 09:26:36 +05:30

README.md

@composio/ao-core

Core services, types, and configuration for the Agent Orchestrator system.

What's Here

  • src/types.ts — All TypeScript interfaces (Runtime, Agent, Workspace, Tracker, SCM, Notifier, Terminal, Session, events)
  • src/services/ — Core services (SessionManager, LifecycleManager, PluginRegistry)
  • src/config.ts — Configuration loading + Zod schemas
  • src/utils/ — Shared utilities (shell escaping, metadata parsing, etc.)

Key Files

src/types.ts — The Source of Truth

Every interface the system uses is defined here. If you're working on any part of the orchestrator, start by reading this file.

Main interfaces:

  • Runtime — where sessions execute (tmux, docker, k8s)
  • Agent — AI coding tool adapter (claude-code, codex, aider)
  • Workspace — code isolation (worktree, clone)
  • Tracker — issue tracking (GitHub Issues, Linear)
  • SCM — PR/CI/reviews (GitHub, GitLab)
  • Notifier — push notifications (desktop, Slack, webhook)
  • Terminal — human interaction UI (iTerm2, web)
  • Session — running agent instance (state, metadata, handles)
  • OrchestratorEvent — events emitted by lifecycle manager
  • PluginModule — what every plugin exports

src/services/session-manager.ts — Session CRUD

Handles session lifecycle:

  • spawn(config) — create new session (workspace + runtime + agent)
  • list(projectId?) — list all sessions
  • get(sessionId) — get session details
  • kill(sessionId) — terminate session
  • cleanup(projectId?) — kill completed/merged sessions
  • send(sessionId, message) — send message to agent

Data flow in spawn():

  1. Load project config
  2. Validate issue exists via Tracker.getIssue() (if issueId provided, fails-fast if not found)
  3. Reserve session ID
  4. Determine branch name
  5. Create workspace via Workspace.create()
  6. Generate prompt via Tracker.generatePrompt()
  7. Build launch command via Agent.getLaunchCommand()
  8. Create runtime session via Runtime.create()
  9. Run Agent.postLaunchSetup() (optional)
  10. Write metadata file
  11. Return Session object

Note: If issue validation fails (not found, auth error), spawn fails before creating any resources (no workspace, no runtime, no session ID). This prevents spawning sessions with broken issue references.

src/services/lifecycle-manager.ts — State Machine + Reactions

Polls sessions, detects state changes, triggers reactions:

State machine:

spawning → working → pr_open → ci_failed/review_pending/approved → mergeable → merged

Reactions:

  • ci-failed → send fix prompt to agent
  • changes-requested → send review comments to agent
  • approved-and-green → notify human (or auto-merge)
  • agent-stuck → notify human

Polling loop:

  1. For each session: check agent activity state (Agent.getActivityState())
  2. If PR exists: check CI status (SCM.getCISummary()), review state (SCM.getReviewDecision())
  3. Update session status based on state
  4. Trigger reactions if state changed
  5. Emit events

src/services/plugin-registry.ts — Plugin Discovery + Loading

Loads plugins and provides access to them:

  • register(plugin, config?) — register a plugin instance
  • get<T>(slot, name) — get plugin by slot + name
  • list(slot) — list all plugins for a slot
  • loadBuiltins(config?) — load built-in plugins (runtime-tmux, agent-claude-code, etc.)
  • loadFromConfig(config) — load built-ins today; external plugin descriptors are the marketplace extension point

Built-in plugins (loaded by default):

  • runtime-tmux, runtime-process
  • agent-claude-code, agent-codex, agent-aider, agent-opencode
  • workspace-worktree, workspace-clone
  • tracker-github, tracker-linear, tracker-gitlab
  • scm-github, scm-gitlab
  • notifier-desktop, notifier-discord, notifier-slack, notifier-composio, notifier-openclaw, notifier-webhook
  • terminal-iterm2, terminal-web

src/config.ts — Configuration Loading

Loads and validates agent-orchestrator.yaml:

Main config sections:

  • Runtime data paths are auto-derived from the config location under ~/.agent-orchestrator/{hash}-{projectId}/
  • port — web dashboard port (default 3000, set different values for multiple projects)
  • terminalPort — terminal WebSocket port (auto-detected if not set)
  • directTerminalPort — direct terminal WebSocket port (auto-detected if not set)
  • defaults — default plugins (runtime, agent, workspace, notifiers)
  • plugins — installer-managed external plugin descriptors (registry, npm, or local)
  • projects — per-project config (repo, path, branch, symlinks, reactions, agentRules)
  • notifiers — notification channel config (Slack webhooks, etc.)
  • notificationRouting — which notifiers get which priority events
  • reactions — auto-response config (ci-failed, changes-requested, approved-and-green, etc.)

Zod schemas validate all config at load time.

Common Tasks

Adding a Field to Session

  1. Edit src/types.tsSession interface
  2. Edit src/services/session-manager.ts → initialize field in spawn()
  3. Rebuild: pnpm --filter @composio/ao-core build

Adding an Event Type

  1. Edit src/types.tsEventType union
  2. Emit the event: eventEmitter.emit() in relevant service
  3. Add reaction handler (optional): src/services/lifecycle-manager.ts

Adding a Reaction

  1. Edit src/services/lifecycle-manager.ts → add handler function
  2. Wire it up in the polling loop
  3. Add config schema in src/config.ts if new reaction type

Feedback Tools (v1)

@composio/ao-core exports two structured feedback tool contracts:

  • bug_report
  • improvement_suggestion

Both share the same required input fields:

  • title
  • body
  • evidence (array of strings)
  • session
  • source
  • confidence (0..1)

Example:

import { FEEDBACK_TOOL_NAMES, FeedbackReportStore, getFeedbackReportsDir } from "@composio/ao-core";

const reportsDir = getFeedbackReportsDir(configPath, projectPath);
const store = new FeedbackReportStore(reportsDir);

const saved = store.persist(FEEDBACK_TOOL_NAMES.BUG_REPORT, {
  title: "SSO login loop",
  body: "Google SSO redirects back to /login repeatedly.",
  evidence: ["trace_id=abc123", "screenshot: login-loop.png"],
  session: "ao-22",
  source: "agent",
  confidence: 0.84,
});

Storage format:

  • Reports are persisted under ~/.agent-orchestrator/{hash}-{projectId}/feedback-reports
  • Each report is a typed key=value file (report_<timestamp>_<id>.kv) for easy inspection
  • A deterministic dedupe key (sha256, 16 hex chars) is generated from normalized tool+content

Migration notes:

  • No migration needed for existing AO installs
  • The feedback-reports directory is created lazily on first persisted report

Testing

# Run all core tests
pnpm --filter @composio/ao-core test

# Run in watch mode
pnpm --filter @composio/ao-core test -- --watch

# Run specific test
pnpm --filter @composio/ao-core test -- session-manager.test.ts

Tests are in src/__tests__/:

  • session-manager.test.ts — session CRUD, spawn, cleanup
  • lifecycle-manager.test.ts — state machine, reactions
  • plugin-registry.test.ts — plugin loading, resolution
  • tmux.test.ts — tmux utility functions (not a plugin test)
  • prompt-builder.test.ts — prompt generation utilities

Building

# Build core
pnpm --filter @composio/ao-core build

# Typecheck
pnpm --filter @composio/ao-core typecheck

This package is a dependency of all other packages. Build it first if working on the codebase.

Architecture Notes

Why flat metadata files?

  • Debuggability: cat ~/.agent-orchestrator/<hash>-my-app/sessions/app-3 shows full state
  • No database dependency (survives crashes, easy to inspect)
  • Backwards-compatible with bash script orchestrator

Why polling instead of webhooks?

  • Simpler (no webhook setup, no ngrok for local dev)
  • Works offline (CI/review state is fetched, not pushed)
  • Survives orchestrator restarts (no missed events)

Why plugin slots?

  • Swappability: use tmux locally, docker in CI, k8s in prod
  • Testability: mock plugins for tests
  • Extensibility: users can add custom plugins (e.g., company-specific notifier)