release: v0.2.4 — conversations, credentials, review, goals#686
Closed
kokevidaurre wants to merge 192 commits intomainfrom
Closed
release: v0.2.4 — conversations, credentials, review, goals#686kokevidaurre wants to merge 192 commits intomainfrom
kokevidaurre wants to merge 192 commits intomainfrom
Conversation
Closes #342 Co-authored-by: Squads Cloud Worker <cloud@agents-squads.com> Co-authored-by: Claude <noreply@anthropic.com>
…351) Prevents shell injection via crafted paths in background and watch execution modes. Applies same escaping used in foreground mode (PR #324). Adds shellEscape() helper that replaces single quotes with '\'' to safely interpolate variables into single-quoted shell strings. Applied to: - Watch mode: projectRoot, worktreeDir, branchName, logFile, pidFile - Background mode: projectRoot, worktreeDir, branchName, logFile, pidFile - Provider background mode: workDir, logFile, pidFile, provider args - execSync worktree calls in foreground and provider modes Closes #340 Co-authored-by: Squads Cloud Worker <cloud@agents-squads.com> Co-authored-by: Claude <noreply@anthropic.com>
v0.6.2 released, 3 security P1 issue-solvers dispatched, 751 tests passing, Q1 goals 2/3 achieved. Co-authored-by: Squads Cloud Worker <cloud@agents-squads.com> Co-authored-by: Claude <noreply@anthropic.com>
…339) Closes #319 Added default .action(() => cmd.outputHelp()) to 7 parent commands (env, kpi, feedback, session, trigger, approval, autonomous) so they exit 0 instead of 1 when invoked without a subcommand. Matches the pattern already used by memory, goal, deploy, and exec commands. Co-Authored-By: engineering/issue-solver <engineering-issue-solver@agents-squads.com> Agent: engineering/issue-solver Squad: engineering Model: claude-opus-4-6 Co-authored-by: Squads Cloud Worker <cloud@agents-squads.com>
…354) Replace scattered console.log calls with the project's writeLine() utility from src/lib/terminal.ts. This provides a single output layer for consistent formatting and future output control. - Convert 238 console.log calls to writeLine across 10 files - Remove 8 debug/placeholder log statements from anthropic.ts - Keep console.log only for JSON.stringify output (--json flags) and raw prompt piping — standard CLI patterns - Reduction: 269 → 31 occurrences (88% decrease) - Zero new TypeScript errors Files: init.ts, deploy.ts, autonomous.ts, trigger.ts, approval.ts, eval.ts, login.ts, cli.ts, anthropic.ts, update.ts Co-authored-by: kokevidaurre <kokevidaurre@users.noreply.github.com> Co-authored-by: Claude <noreply@anthropic.com>
Replace minimal README with comprehensive 331-line version covering: - Quick start with real output examples - Why Squads (4 differentiators) - Provider table (7 LLM providers) - Feature showcase (dashboard, memory, sessions, autonomous, hooks) - Command reference (21 active commands, no removed ones) - Project structure and configuration examples - Development guide and tech stack - Contributing and community links References only current commands (memory write/read instead of learn, env show instead of context, exec list instead of history). 🤖 Generated with [Agents Squads](https://agents-squads.com) Co-authored-by: kokevidaurre <kokevidaurre@users.noreply.github.com> Co-authored-by: Claude <noreply@anthropic.com>
Closes agents-squads/engineering#51 Removed the base64-obfuscated API key from source code and replaced with SQUADS_TELEMETRY_KEY env var. Telemetry send is skipped when key is not set. The exposed key must be rotated server-side separately. Co-Authored-By: engineering/issue-solver <engineering-issue-solver@agents-squads.com> Agent: engineering/issue-solver Squad: engineering Model: claude-opus-4-6 Co-authored-by: Squads Cloud Worker <cloud@agents-squads.com>
Closes #343 The daemon process was silently failing because Commander.js rejected the unregistered --daemon CLI flag. Replace with SQUADS_DAEMON env var to signal daemon mode, redirect child stdout/stderr to log file for diagnosability, and show clear error when daemon fails to start. Co-Authored-By: engineering/issue-solver <engineering-issue-solver@agents-squads.com> Agent: engineering/issue-solver Squad: engineering Model: claude-opus-4-6 Co-authored-by: Squads Cloud Worker <cloud@agents-squads.com>
* feat(status): show milestones and open PRs from GitHub squads status now queries GitHub API for real operational data: - Milestone progress bars across product repos (cli, console, api) - Open PRs targeting develop with repo and number Replaces vanity-only output with actionable org health metrics. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(status): discover repos dynamically from squad definitions Replace hardcoded PRODUCT_REPOS array with dynamic discovery: - Read `repo` field from each SQUAD.md frontmatter - Deduplicate and pass to fetchOperationalStatus() - GitHub org derived from squad config, not hardcoded - Dynamic column widths based on actual repo names - Show all open PRs (not just develop-targeted) Any user's squads with `repo:` in SQUAD.md will show milestones + PRs. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * docs: rewrite CLAUDE.md as user-facing guide Remove internal references, org names, and dev-specific content. Focus on teaching users how to define squads, run agents, and monitor work. Git-provider agnostic. Engineering standards now live in hq CLAUDE.md (internal only). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: kokevidaurre <kokevidaurre@users.noreply.github.com> Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Closes #24 Converts ~50 static command imports to dynamic import() inside action handlers. Only the invoked command's dependencies (pg, supabase, inquirer, ora) are loaded, saving ~300ms+ on cold start. Changes: - All command handlers use dynamic import() in their .action() callbacks - autoUpdateOnStartup skipped for --help/--version (instant response) - register*Command imports kept static (needed for subcommand structure) - Type-only import for SessionSummaryData (zero runtime cost) Co-Authored-By: engineering/issue-solver <engineering-issue-solver@agents-squads.com> Agent: engineering/issue-solver Squad: engineering Trigger: manual Model: claude-opus-4-6 Co-authored-by: Squads Cloud Worker <cloud@agents-squads.com>
) Closes #297 Show "squads dash" hints at key touchpoints: - After successful foreground/background agent execution - After lead session completion - After parallel agent launch - In squad detail status commands section Co-Authored-By: engineering/issue-solver <engineering-issue-solver@agents-squads.com> Agent: engineering/issue-solver Squad: engineering Trigger: manual Model: claude-opus-4-6 Co-authored-by: Squads Cloud Worker <cloud@agents-squads.com>
Breaks down the 350-line executeWithClaude into 6 focused functions: - buildAgentEnv: consolidates 3x duplicated env construction - logVerboseExecution: DRYs up verbose config logging (was 2x identical) - createAgentWorktree: isolates Node.js worktree creation - buildDetachedShellScript: shared shell script for watch/background - prepareLogFiles: shared log directory setup - executeForeground: foreground spawn + status tracking - executeWatch: watch mode (background + tail) executeWithClaude is now a ~80-line coordinator that delegates to the appropriate mode function. Closes #158 Co-Authored-By: engineering/issue-solver <engineering-issue-solver@agents-squads.com> Agent: engineering/issue-solver Squad: engineering Model: claude-opus-4-6 Co-authored-by: Squads Cloud Worker <cloud@agents-squads.com>
…dless flags Closes #371 Two fixes for Google/Gemini provider execution: 1. Add --yolo flag to Gemini CLI args for headless auto-approval. Without this, Gemini denies all tool calls when running in background because it can't prompt for interactive confirmation. 2. Copy .agents directory into worktree and rewrite prompt paths. Gemini CLI sandboxes file access to its workspace directory. The prompt references agent definitions at the original project root, which Gemini blocks as "Path not in workspace". Now we copy .agents into the worktree and rewrite absolute paths so Gemini can resolve them. Co-Authored-By: engineering/issue-solver <engineering-issue-solver@agents-squads.com> Agent: engineering/issue-solver Squad: engineering Model: claude-opus-4-6 Co-authored-by: Squads Cloud Worker <cloud@agents-squads.com>
Closes #280 Implements `squads create <name>` that creates: - .agents/squads/<name>/SQUAD.md (from template) - .agents/squads/<name>/lead.md (starter agent) - .agents/memory/<name>/lead/ (memory directory) Supports --description, --goal, --model flags for non-interactive use, and interactive prompts via inquirer when flags are omitted. Includes --force for overwriting and --yes for CI/scripting. Note: organization.yaml is not used — squads are discovered dynamically via filesystem (squad-parser.ts findSquadsDir + listSquads). 11 tests covering directory creation, content, naming, overwrite protection, and squad discoverability. Co-Authored-By: engineering/issue-solver <engineering-issue-solver@agents-squads.com> Agent: engineering/issue-solver Squad: engineering Trigger: manual Model: claude-opus-4-6 Co-authored-by: Squads Cloud Worker <cloud@agents-squads.com>
Closes #366 When --cloud is set, the CLI dispatches agent execution to the platform API instead of running locally. Requires `squads login` session and SQUADS_API_URL environment variable. Flow: - POST /agent-dispatch to create dispatch request - Poll /agent-executions for status updates - Display execution summary on completion Co-Authored-By: engineering/issue-solver <engineering-issue-solver@agents-squads.com> Agent: engineering/issue-solver Squad: engineering Trigger: smart Model: claude-opus-4-6 Co-authored-by: Squads Cloud Worker <cloud@agents-squads.com>
Closes #316 Added 63 tests covering 2 of the 6 lib modules listed in the issue: - setup-checks.ts (48 tests): providers registry, commandExists, isDockerRunning, checkDockerPrereqs, checkGhCli, checkGhPermissions, checkClaudeCli, checkProviderAuth, runPrereqChecks, runAuthChecks, displayCheckResults, attemptFix, waitForService - local.ts (15 tests): getLocalEnvVars, formatLocalStatus, isLangfuseLocal, getLocalStackStatus Co-authored-by: Squads Cloud Worker <cloud@agents-squads.com> Co-authored-by: Claude <noreply@anthropic.com>
…urces (#382) Closes #314. Adds 115 tests across 4 test files achieving 92% statement coverage and 80% branch coverage on the dashboard module: - dashboard-loader.test.ts: 16 tests for findDashboardsDir, listDashboards, loadDashboard, clearDashboardCache, loadAllDashboards, findDashboard - dashboard-renderers.test.ts: 49 tests for formatValue (all formats), getThresholdColor, calculateColumnWidths, and renderView (all view types) - dashboard-sources.test.ts: 31 tests for buildQuery, buildWhereClause, parseDateRange, and postgresSource stub - dashboard-engine.test.ts: 19 tests for executeDashboard, renderDashboard, and showAvailableDashboards with mocked dependencies Co-authored-by: kokevidaurre <kokevidaurre@users.noreply.github.com> Co-authored-by: Claude <noreply@anthropic.com>
…381) Closes #51 Changes: - db.test.ts: Enable 4 previously skipped baseline tests (saveBaseline, getLatestBaseline, getBaselineByName, listBaselines) — stubs are implemented, tests were incorrectly marked as not-yet-implemented - sessions.test.ts: Add 30 new tests covering file-system operations: findAgentsDir, getSessionsDir, getHistoryFilePath, getActiveSessions, getSessionSummary, startSession, stopSession, updateHeartbeat, cleanupStaleSessions — all use temp dirs to avoid test pollution Also expanded detectSquad, detectAIProcessesFast, getLiveSessionSummaryFast Total: 63 → 104 tests passing, 0 skipped Co-authored-by: kokevidaurre <kokevidaurre@users.noreply.github.com> Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: kokevidaurre <kokevidaurre@users.noreply.github.com> Co-authored-by: Claude <noreply@anthropic.com>
Post-execution instructions (branch, commit, PR workflow) now loaded from .agents/config/post-execution.md instead of inline template string in run.ts. Separates prompt content from code. Same pattern as approval-instructions.md. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This reverts commit 9999f92700c02af522e15cae29097a60f249cf15.
…eck (#389) * fix(ci): run CI on PRs to develop — quality gate for agent PRs Agents create PRs targeting develop. Without CI on develop PRs, broken code gets merged undetected. This is the #1 quality gap. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(quality): pre-commit hook runs build + tests on source changes Agents were committing broken code (e.g. #384: tests that fail on import). Now any commit touching .ts/.tsx/.js files must pass both `npm run build` and `npm run test` before the commit goes through. This is the #1 quality gate — prevents slop at the source. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(tests): align failing tests with implementation - deploy.test: capture process.stdout.write instead of console.log (deployCommand uses writeLine which writes to stdout) - eval.test: same stdout capture fix for JSON output test - infra.test: use POSTGRES_PORT env var (default 5433) to match docker-compose pattern - local.test: expect port 5432 in DATABASE_URL matching getLocalEnvVars() - setup-checks.test: expect 'warning' (not 'missing') when Docker is not installed, matching checkDockerPrereqs() implementation - Deleted verify-token.test.ts (tested nonexistent verifyToken export) Co-Authored-By: Claude <noreply@anthropic.com> * fix(agents): proper PR workflow — target develop, daemon env, auth check - Post-execution: agents now open PRs targeting `develop` with structured body - Daemon (autonomous.ts): unset CLAUDECODE env to allow nested claude sessions - Auth check: downgrade missing credentials from block to warn (keychain auth) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * refactor(run): extract post-execution prompt to template file Post-execution instructions (branch, commit, PR workflow) now loaded from .agents/config/post-execution.md instead of inline template string. Separates prompt content from code. Same pattern as approval-instructions.md. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: kokevidaurre <kokevidaurre@users.noreply.github.com> Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
- Add missing env-config.ts (imported by run.ts but never committed) - Fix Commander action spread types with @ts-expect-error directives - Add inquirer type declaration for create command Co-authored-by: kokevidaurre <kokevidaurre@users.noreply.github.com> Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
…tines' (#392) Regex only matched '## Routines' exactly, missing Engineering squad's '## Growth Routines' header. Now matches any word before 'Routines'. Co-authored-by: kokevidaurre <kokevidaurre@users.noreply.github.com> Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Multi-agent conversation orchestration for squad runs:
- Lead briefs → scanners discover → workers execute → lead reviews → verifiers check
- Shared transcript between agents for context continuity
- Convergence detection (continuation signals beat convergence signals)
- Cost ceiling ($25 default) and max turns (20 default) safety limits
- --task flag for founder directives (replaces lead briefing)
- Transcript persistence to .agents/conversations/{squad}/
New files:
- src/lib/conversation.ts — types, transcript, agent classification, convergence
- src/lib/workflow.ts — turn execution, orchestration loop, transcript persistence
`squads run <squad>` now runs a full conversation instead of just the lead agent.
`squads run <squad> -a <agent>` still runs individual agents (unchanged).
Co-authored-by: kokevidaurre <kokevidaurre@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* fix(auth): add verifyToken function and passing test suite Closes #384 Adds verifyToken(token, apiUrl) to src/lib/auth.ts: - Calls GET /auth/verify with Bearer token header - Maps snake_case API response to camelCase (display_name→name, subscription_plan→plan) - Returns null on non-ok responses, network errors, and timeouts/aborts - 5-second abort timeout to prevent hanging Creates test/verify-token.test.ts with all 6 specified tests: 1. Returns user data on 200 with snake_case→camelCase mapping 2. Returns null on non-ok response (e.g. 401) 3. Returns null on network error (silent) 4. Returns null on timeout/abort 5. Sends Bearer token in Authorization header 6. Builds correct URL from apiUrl param Co-Authored-By: cli/issue-solver <cli-issue-solver@agents-squads.com> Agent: cli/issue-solver Squad: cli * fix(auth): update verifyToken signature and response to match API spec Revises the initial implementation based on actual API contract: - Parameter order: verifyToken(apiUrl, token) — apiUrl first - Endpoint: /auth/cli/verify (not /auth/verify) - Response shape: { email, tenantId, tenantSlug, tenantName, status } mapping from snake_case { tenant_id, tenant_slug, tenant_name } - Updates test/verify-token.test.ts to use vi.stubGlobal per-test with afterEach cleanup for better test isolation All 6 tests pass. Co-Authored-By: cli/issue-solver <cli-issue-solver@agents-squads.com> Agent: cli/issue-solver Squad: cli --------- Co-authored-by: kokevidaurre <kokevidaurre@users.noreply.github.com>
* test(commands): add unit tests for goal and list commands Adds 21 new tests covering: - goal.test.ts (14 tests): goalSetCommand, goalListCommand, goalCompleteCommand, goalProgressCommand — including edge cases for invalid indexes, non-existent squads, metric annotations - list.test.ts (7 tests): JSON output validation, agent counts, no-project error handling, table and agents view rendering Partial fix for #47 — covers 2 of 19 untested command files. Co-Authored-By: engineering/issue-solver <engineering-issue-solver@agents-squads.com> Agent: engineering/issue-solver Squad: engineering Model: claude-opus-4-6 * test: add unit tests for feedback and progress commands Closes #47 (partial — 2 of 15 untested commands) Added 19 tests covering: - feedback: add, show, parse history, rating validation, learnings - progress: start/complete tasks, display, verbose mode, task IDs Co-Authored-By: engineering/issue-solver <engineering-issue-solver@agents-squads.com> Agent: engineering/issue-solver Squad: engineering Model: claude-opus-4-6 --------- Co-authored-by: kokevidaurre <kokevidaurre@users.noreply.github.com>
…ification - classifyAgent now uses role descriptions from SQUAD.md (primary) with name-based fallback — no more regex substring collisions - Strip **bold** markers from agent names in table parser - Replace regex convergence/continuation signals with phrase matching - "keychain auth" → "OAuth" in run output Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- session.test.ts: 11 tests covering sessionStartCommand, sessionStopCommand, sessionHeartbeatCommand, and detectSquadCommand (start/stop/heartbeat lifecycle, quiet mode, missing .agents dir) - learn.test.ts: 14 tests covering learnCommand, learnShowCommand, and learnSearchCommand (default squad, specific squad, fallback, category inference, tag extraction, search, filters) Part of #47 — adds coverage for 2 more previously untested commands. Co-Authored-By: cli/issue-solver <cli-issue-solver@agents-squads.com> Agent: cli/issue-solver Squad: cli Co-authored-by: kokevidaurre <kokevidaurre@users.noreply.github.com>
Co-Authored-By: Claude <noreply@anthropic.com>
SQUAD.md context.skills were metadata-only — agents never received them. Now: CLI reads context.skills from SQUAD.md, merges with --skills flag, and passes to Claude session. Each squad gets exactly the skills it needs — no more, no less. Example: analytics gets [bq, ganalytics, gworkspace], marketing gets [pdf-builder, gdrive, gworkspace, multi-llm, screen-recorder]. Co-Authored-By: Claude <noreply@anthropic.com>
When agents are invoked with full file paths (e.g. via batch runs), the agentName was written as-is to observability records, breaking analytics queries that group/filter by agent name. Strip path prefix and extension at the entry point of runAgent() so all downstream code (obs, state, logs) receives the short name. Closes #653 Co-authored-by: Jorge Vidaurre <jorge@agents-squads.com>
…tart them Old prompt: "TIME LIMIT: 15 minutes. If blocked, move on." New prompt: "COMPLETE YOUR GOALS. Don't just scan and report — finish the work. Create the deliverable. File issues with full context." Agents were choosing to stop early because the prompt told them to be conservative. Now they're told to finish what they started. Co-Authored-By: Claude <noreply@anthropic.com>
Moved behavioral directives from TypeScript to markdown: - COO evaluation protocol → .agents/config/coo-evaluation.md - Lead mode protocol → .agents/config/lead-mode.md - Agent prompt → simplified to identity + context layers only - Role protocols → SYSTEM.md section 9 - Publishing guardrails → SYSTEM.md section 12 - Completion standards → SYSTEM.md section 11 - Output standards enriched → SYSTEM.md section 10 Code standard: NEVER mix prompts and code. TypeScript assembles context layers and passes them. All behavioral instructions live in markdown files that can be edited without rebuilding. Co-Authored-By: Claude <noreply@anthropic.com>
workflow.ts: role instructions (lead, scanner, worker, verifier) and output format standards → .agents/config/conversation-roles.md execution-engine.ts: verification protocol → .agents/config/verification.md cognition.ts: belief classification + reflection → .agents/config/cognition-prompts.md context.ts: autonomous execution prompt → simplified to identity only Code standard enforced: TypeScript assembles context, markdown contains all behavioral instructions. Zero hardcoded prompts remain. Co-Authored-By: Claude <noreply@anthropic.com>
runAgent was swallowing errors — caught, logged, but never re-thrown. The org cycle's catch block never fired, so quota detection didn't trigger and the cycle didn't wait/resume. Now: agent failures propagate to callers. Org cycle catches them, detects quota (2 consecutive fast failures), waits 60 min, resumes. Co-Authored-By: Claude <noreply@anthropic.com>
…ch error (#681) When existsSync returns true but readFileSync mock returns undefined (in tests), rolesContent.match() throws TypeError. Using nullish coalescing ensures rolesContent is always a string regardless of mock behavior. Co-authored-by: agents-squads[bot] <266303152+agents-squads[bot]@users.noreply.github.com>
…664) (#678) Adds --settings <guardrail.json> to claudeArgs when executing foreground agents, so spawned sessions inherit PreToolUse hooks that block destructive commands (rm -rf /, git push --force, git reset --hard, git clean -f). Resolution order: project .claude/guardrail.json → bundled templates/guardrail.json. Co-authored-by: Jorge Vidaurre <jorge@agents-squads.com> Co-authored-by: Claude <noreply@anthropic.com> Co-authored-by: agents-squads[bot] <266303152+agents-squads[bot]@users.noreply.github.com>
- Replace static 'Getting started' with dynamic 'What's next' section showing the first command to run based on selected use case - Add opt-in email prompt at end of init (Enter to skip) - Store email locally in ~/.squads/config.json for founder outreach - Send SHA-256 hashed email as cli.email_captured telemetry event - Gracefully wrapped — email capture never blocks init on failure Closes #673 Closes #674 Co-authored-by: Jorge Vidaurre <jorge@agents-squads.com> Co-authored-by: agents-squads[bot] <266303152+agents-squads[bot]@users.noreply.github.com>
- Add test/commands/services.test.ts with 14 tests covering: services up (Docker unavailable, compose missing) services down (no compose file graceful exit) services status (no containers, Tier 2 containers, JSON mode) command structure validation (subcommands, flags) - Add docs/tier2.md: what Tier 2 is, prerequisites, usage with expected output examples, fallback behavior, and tier detection API reference Closes #667 Co-authored-by: Jorge Vidaurre <jorge@agents-squads.com> Co-authored-by: agents-squads[bot] <266303152+agents-squads[bot]@users.noreply.github.com>
* test+docs: add services command tests and Tier 2 documentation - Add test/commands/services.test.ts with 14 tests covering: services up (Docker unavailable, compose missing) services down (no compose file graceful exit) services status (no containers, Tier 2 containers, JSON mode) command structure validation (subcommands, flags) - Add docs/tier2.md: what Tier 2 is, prerequisites, usage with expected output examples, fallback behavior, and tier detection API reference Closes #667 * feat: squads goals — dashboard of all squad goals at a glance Shows: active/achieved/blocked count per squad, top goal with status. Detail view: squads goals --squad <name> shows all sections. JSON output: squads goals --json for programmatic access. 53 active | 19 achieved | 3 blocked across 14 squads. Co-Authored-By: Claude <noreply@anthropic.com> --------- Co-authored-by: Jorge Vidaurre <jorge@agents-squads.com> Co-authored-by: Claude <noreply@anthropic.com>
Main had one squash commit (v0.2.2 release) not merged back to develop. Resolved 12 conflicts by keeping develop versions (182 commits ahead). Build verified. Co-Authored-By: Claude <noreply@anthropic.com>
`squads run --org` now uses `runConversation()` per squad instead of `runAgent()` with just the lead. Each squad gets the full conversation cycle: lead briefs → scanners discover → workers execute → lead reviews → verifiers check → converge or loop. This fixes the core issue: leads running alone couldn't verify their own work, spawn workers, or get scanner input. The conversation protocol already exists and works — org mode was just bypassing it. Defaults: 12 turns max, $10 cost ceiling per squad. Report now shows: convergence status, turn count, cost per squad. Co-Authored-By: Claude <noreply@anthropic.com>
New command: `squads credentials create|create-all|rotate|list|revoke`
- Creates per-squad GCP service accounts with least-privilege IAM roles
- Keys stored at ~/.squads/secrets/{squad}-sa-key.json
- Execution engine auto-injects GOOGLE_APPLICATION_CREDENTIALS into agent sessions
- 10 squads mapped: analytics, customer, data, engineering, finance,
growth, intelligence, marketing, operations, product
Solves: agents blocked on BQ, Sheets, Search Console, Cloud SQL access
because all credentials were founder-personal. Now each squad has its
own service account with only the permissions it needs.
Usage:
squads credentials create-all # provision all squads
squads credentials list # show status
squads credentials rotate <squad> # rotate key
squads credentials revoke <squad> # delete SA
Co-Authored-By: Claude <noreply@anthropic.com>
Let squads work until convergence. The conversation system already has defaults (20 turns, $25 ceiling) which are sufficient. No artificial limits on org mode — evaluate after real runs, then adjust. Co-Authored-By: Claude <noreply@anthropic.com>
execSync with stdio 'inherit' returns null, causing .trim() to crash. Use pipe for stdout while inheriting stderr so output is captured. Co-Authored-By: Claude <noreply@anthropic.com>
One command replaces the manual cycle review process: - Overview: all squads with last run, cost, goals, status, summary - Needs Attention: deadlines (<14d), blocked goals, agent blockers - Goal changes from execution JSONL - Detail view: `squads review --squad <name>` with goals, runs, state, blockers Pulls from: obs JSONL, goals.md, state.md — no external API needed. Co-Authored-By: Claude <noreply@anthropic.com>
- Cost efficiency metric: $/goal-change in header - Founder Action section: only items needing human input (separated from agent blockers) - Goal changes: deduplicated, grouped by type (achieved/blocked/started/removed), noise filtered - Relative timestamps (2d ago vs raw dates) - Top action per squad from state.md - Default --since 7d (was 48h) - Stale/empty blockers filtered out Co-Authored-By: Claude <noreply@anthropic.com>
Extracts URLs and GitHub issue references (repo#N) from blocker text and displays them as clickable links below each item. Founder can cmd+click to go directly to the issue or GCP console. Co-Authored-By: Claude <noreply@anthropic.com>
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request introduces several new commands, including goals, credentials, and review, while enhancing the run command with goal-aware skipping and improved quota management. It externalizes many agent prompts and protocols into markdown files, adds GCP service account management, and implements a guardrail system to block destructive shell commands. Review feedback identifies a high-severity command injection risk in the credentials management logic and critical runtime errors caused by using require in ESM modules. Additionally, it is recommended to make the founder identity configurable rather than hardcoded in the review dashboard.
Comment on lines
+260
to
+263
| async function revokeCredential(squad: string): Promise<void> { | ||
| const project = getProject(); | ||
| const email = saEmail(squad, project); | ||
| const key = keyPath(squad); |
There was a problem hiding this comment.
The squad parameter is used to construct shell commands without validation or sanitization. This poses a command injection risk if a malicious string is provided (e.g., $(bad_cmd)). While createCredential validates the input against SQUAD_PERMISSIONS, revokeCredential and rotateCredential do not. Consider adding a regex validation (e.g., ^[a-z0-9-]+$) at the start of these functions to ensure the input is safe.
| .join('\n'); | ||
|
|
||
| // Load classification prompt from markdown | ||
| const { findProjectRoot } = require('./squad-parser.js'); |
There was a problem hiding this comment.
Using require in an ESM module will result in a ReferenceError at runtime in most Node.js environments. Since this function is asynchronous, use dynamic import() instead.
Suggested change
| const { findProjectRoot } = require('./squad-parser.js'); | |
| const { findProjectRoot } = await import('./squad-parser.js'); |
| const prompt = `You are the cognition engine for an AI-native company called Agents Squads. | ||
| Your job is to reflect on the current state of the business and produce actionable insights. | ||
| // Load reflection prompt from markdown | ||
| const { findProjectRoot: findRoot } = require('./squad-parser.js'); |
There was a problem hiding this comment.
Using require in an ESM module will result in a ReferenceError at runtime. Since this function is asynchronous, use dynamic import() instead.
Suggested change
| const { findProjectRoot: findRoot } = require('./squad-parser.js'); | |
| const { findProjectRoot: findRoot } = await import('./squad-parser.js'); |
| const entry = link ? `${text.slice(0, 65)}\n ${colors.dim}${link}${RESET}` : text.slice(0, 80); | ||
|
|
||
| // Founder blockers: mention founder, kokevidaurre, needs:human, "enable", "login", "auth" | ||
| const isFounder = /founder|kokevidaurre|needs:human|needs founder|assigned to founder|enable at|auth login|bank cartola|CPA/i.test(text); |
There was a problem hiding this comment.
Hardcoding a specific username (kokevidaurre) in the codebase makes the tool less portable and harder to maintain for other users. Consider making the founder identity configurable via a settings file or environment variable.
…import Co-Authored-By: Claude <noreply@anthropic.com>
Co-Authored-By: Claude <noreply@anthropic.com>
Contributor
Author
|
Closing: Gemini flagged issues that need fixing before release.
CLI squad: fix these findings, then create a fresh develop→main PR for v0.2.4 release. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Major release: squads now run as full team conversations, with per-squad credentials and a founder review dashboard.
New Commands
squads review— post-cycle evaluation dashboard (goals, costs, blockers, founder actions with links)squads credentials create|rotate|list|revoke— per-squad GCP service account managementsquads goals— goals dashboard across all squadsArchitecture Changes
squads run --orgnow runs full squad conversations (lead→scan→work→verify) instead of solo leadsGOOGLE_APPLICATION_CREDENTIALSper squadImprovements
Bug Fixes
Test plan
npm run buildpassessquads reviewshows dashboardsquads goalsshows goalssquads credentials listshows 10 squadssquads tiershows Tier 1🤖 Generated with Claude Code