From 71e409190c4237e43af1af939c076f36fa3abc0b Mon Sep 17 00:00:00 2001 From: jaylfc Date: Fri, 12 Jun 2026 16:41:25 +0100 Subject: [PATCH 01/34] docs(status): pause at 92 percent - wake queue: userspace re-land, theme engine plan, messages epic, key-scope fix --- docs/STATUS.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/STATUS.md b/docs/STATUS.md index 9a67b7b6..3f84cf51 100644 --- a/docs/STATUS.md +++ b/docs/STATUS.md @@ -7,7 +7,7 @@ # taOS: Live Status -**Last updated:** 2026-06-12 ~16:30 BST, by @taOS (Mac session). PR TRAIN IN FLIGHT (sequencing matters): +**Last updated:** 2026-06-12 ~16:45 BST, by @taOS (Mac session). PAUSED at 92 percent, resets 18:20 UTC (19:20 BST); resume pair armed (19:23/19:42 BST). QUEUE FOR THE WAKE: (1) execute the userspace re-land plan at docs/superpowers/plans/2026-06-12-userspace-runtime-reland.md (step 1 of the app-build epic; then agent scaffold tool, widget surface, stats capability; acceptance test = agent builds Jay's private install-count widget). (2) Write the implementation plan for the APPROVED theme-package-engine spec (docs/superpowers/specs/2026-06-12-theme-package-engine-design.md): engine + dark-as-package pixel-identical, light theme (Mac traffic-light chrome + floating glass dock island, mockups in .superpowers/brainstorm/4012-*/content), Settings picker; Jay approved the full-engine route; awaiting his spec sign-off (asked, he pivoted to questions, re-confirm). (3) Messages-to-Slack epic: full audit done (in the 15:25 BST subagent result: 15-step prioritized path, verdict incremental not rewrite, #780 root cause found = TaosAssistantWindow renders null without popOut prop); turn into issues/plan. (4) #825 stale key-scope bug: fix properly (master-key fallback on routing-only LiteLLM). (5) Deploy reminder for Jay: taos.my via Coolify (counter live on master 99cf786e, id client shipped). Everything merged: dev == master at 99cf786e; only draft #476 open. nex-agi/nex-n2-pro:free is the Pi taOS agent model, WORKING (after key clear + #816). - #817 (persistent install id in the update ping) MUST land on dev BEFORE #813 promotes, else the taos.my counter counts nothing. #813 head=dev so merging #817 folds in automatically; then #813 promotes the install counter to master. - #816 (taos agent self-heal: opencode-born-before-LiteLLM race + silent-empty-stream guard; found live on the Pi today) -> dev. - #812 (copy/select agent text everywhere, review-fixed) -> dev. From a7a344c36fe8f97162aead7744a5d6282fa4d72d Mon Sep 17 00:00:00 2001 From: jaylfc Date: Fri, 12 Jun 2026 19:49:48 +0100 Subject: [PATCH 02/34] docs(status): wind-down state for the weekly limit; no auto-resume --- .gitignore | 1 + docs/STATUS.md | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index f2cfcbed..918432eb 100644 --- a/.gitignore +++ b/.gitignore @@ -97,3 +97,4 @@ desktop/tsconfig.tsbuildinfo docs/AGENT_HANDOFF.md docs/audit/ .understand-anything/ +docs/agent-jobs/ diff --git a/docs/STATUS.md b/docs/STATUS.md index 3f84cf51..2ad64ad3 100644 --- a/docs/STATUS.md +++ b/docs/STATUS.md @@ -7,7 +7,7 @@ # taOS: Live Status -**Last updated:** 2026-06-12 ~16:45 BST, by @taOS (Mac session). PAUSED at 92 percent, resets 18:20 UTC (19:20 BST); resume pair armed (19:23/19:42 BST). QUEUE FOR THE WAKE: (1) execute the userspace re-land plan at docs/superpowers/plans/2026-06-12-userspace-runtime-reland.md (step 1 of the app-build epic; then agent scaffold tool, widget surface, stats capability; acceptance test = agent builds Jay's private install-count widget). (2) Write the implementation plan for the APPROVED theme-package-engine spec (docs/superpowers/specs/2026-06-12-theme-package-engine-design.md): engine + dark-as-package pixel-identical, light theme (Mac traffic-light chrome + floating glass dock island, mockups in .superpowers/brainstorm/4012-*/content), Settings picker; Jay approved the full-engine route; awaiting his spec sign-off (asked, he pivoted to questions, re-confirm). (3) Messages-to-Slack epic: full audit done (in the 15:25 BST subagent result: 15-step prioritized path, verdict incremental not rewrite, #780 root cause found = TaosAssistantWindow renders null without popOut prop); turn into issues/plan. (4) #825 stale key-scope bug: fix properly (master-key fallback on routing-only LiteLLM). (5) Deploy reminder for Jay: taos.my via Coolify (counter live on master 99cf786e, id client shipped). Everything merged: dev == master at 99cf786e; only draft #476 open. nex-agi/nex-n2-pro:free is the Pi taOS agent model, WORKING (after key clear + #816). +**Last updated:** 2026-06-12 ~19:40 BST, by @taOS (Mac session). FULL WIND-DOWN for the weekly limit (resets Sat 02:00 UTC). ALL session crons, monitors, and wake pairs are DELETED by Jay's instruction (no auto-resume; Jay restarts the session after the weekly reset; first action = read docs/AGENT_HANDOFF.md, re-arm everything, then review agent-job PRs with heavy scrutiny). Everything is merged to dev and pushed; only draft #476 open. An interim work queue is prepared locally (not committed) for the in-between stretch; incoming PRs to dev get reviewed with heavy scrutiny on return. Lead-session queue on return: review/merge job PRs, regenerate + execute the userspace re-land (plan file lost with a worktree, recon in this session's transcript; #476 sources are the base), theme-engine plan (docs/superpowers/plans/2026-06-12-theme-package-engine-plan.md), #825 key-scope fix, deeper Messages work (MessageList extraction + virtualization, thread WS live updates, presence). taos.my deploy still pending Jay (counter live on master). - #817 (persistent install id in the update ping) MUST land on dev BEFORE #813 promotes, else the taos.my counter counts nothing. #813 head=dev so merging #817 folds in automatically; then #813 promotes the install counter to master. - #816 (taos agent self-heal: opencode-born-before-LiteLLM race + silent-empty-stream guard; found live on the Pi today) -> dev. - #812 (copy/select agent text everywhere, review-fixed) -> dev. From 0d2fe121410f9182db9057948e61698865580a48 Mon Sep 17 00:00:00 2001 From: jaylfc Date: Sat, 13 Jun 2026 03:36:26 +0100 Subject: [PATCH 03/34] docs(status): freshness sweep 2026-06-13 -- master 99cf786e, 8 open PRs --- docs/STATUS.md | 89 ++++++++------------------------------------------ 1 file changed, 14 insertions(+), 75 deletions(-) diff --git a/docs/STATUS.md b/docs/STATUS.md index 2ad64ad3..fe1cbf24 100644 --- a/docs/STATUS.md +++ b/docs/STATUS.md @@ -1,82 +1,21 @@ - +SINGLE SOURCE OF TRUTH for cross-agent handoff. +Last updated: 2026-06-13, @taOS freshness sweep. Clean state. -# taOS: Live Status +Branch tips: master=99cf786e (PR #813 batch). dev=a7a344c3 (2 docs commits ahead). -**Last updated:** 2026-06-12 ~19:40 BST, by @taOS (Mac session). FULL WIND-DOWN for the weekly limit (resets Sat 02:00 UTC). ALL session crons, monitors, and wake pairs are DELETED by Jay's instruction (no auto-resume; Jay restarts the session after the weekly reset; first action = read docs/AGENT_HANDOFF.md, re-arm everything, then review agent-job PRs with heavy scrutiny). Everything is merged to dev and pushed; only draft #476 open. An interim work queue is prepared locally (not committed) for the in-between stretch; incoming PRs to dev get reviewed with heavy scrutiny on return. Lead-session queue on return: review/merge job PRs, regenerate + execute the userspace re-land (plan file lost with a worktree, recon in this session's transcript; #476 sources are the base), theme-engine plan (docs/superpowers/plans/2026-06-12-theme-package-engine-plan.md), #825 key-scope fix, deeper Messages work (MessageList extraction + virtualization, thread WS live updates, presence). taos.my deploy still pending Jay (counter live on master). -- #817 (persistent install id in the update ping) MUST land on dev BEFORE #813 promotes, else the taos.my counter counts nothing. #813 head=dev so merging #817 folds in automatically; then #813 promotes the install counter to master. -- #816 (taos agent self-heal: opencode-born-before-LiteLLM race + silent-empty-stream guard; found live on the Pi today) -> dev. -- #812 (copy/select agent text everywhere, review-fixed) -> dev. -- Agent manual is being restructured into a compiled category library (docs/agent-manual/ + scripts/build-agent-manual.py + CI guard); separate PR. Strong taOS identity, facts table, weak-model answer templates. Rule (memory): any agent-affecting work needs a manual update/audit. -- taos.my site + forever-id install counter (one row per random install uuid, /api/v1/stats public) pushed to private repo jaylfc/taos-website; Jay deploys via Coolify (compose, /data volume). -- #815 filed: My Apps (private persistent user-app area + manager). Hard rules added: user apps NEVER touch GitHub/external until the user shares to the store; share pipeline gets a secrets+PII safety gate before listing. -- #744 CLOSED (3/3 grants+revocation e2e + earlier 4/4; caught a real taOSmd auth bypass). GitHub Discussions enabled + welcome post (discussions/814) + site Community links. +Open PRs: #826-#832 Messages train (7 PRs, awaiting review). #476 App Runtime v1 DRAFT. -**MORNING WRAP, all on master (tip 25f10402):** -- **#795 CLOSED, port hygiene fully shipped:** rkllama 8080->7833 (#802/#803, promoted via #804) AND LiteLLM host port 4000->7834 (#805, promoted via #806). Container side stays 4000 via the proxy device so deployed agents never change; existing installs AUTO-PIN to their old ports on first boot (config litellm_port pin, verified the hole on the live Pi before it shipped); 783x block (7832 qmd, 7833 rkllama, 7834 LiteLLM) + 4000 + 8080 all in RESERVED_PORTS; breakage-log entries for both moves. -- **#744 e2e VERIFIED 4/4 by taOSmd** (msg 383, recorded on the issue): verified-claim project binding + body anti-spoof + signature rejection + global behavior, real tokens, isolated serve. OPEN DECISION FOR JAY: taOSmd wants an admin/revoked-feed token to e2e the grants+revocation layer; options on the bus (msg 387): short-lived scoped read-only feed token (small build) vs supervised joint session. Core contract is verified regardless. -- dev == master. Open PRs: only draft #476. Still waiting: @hermes search keys (task #8, msg 379, no reply yet). +Next queue (ordered): +1. Review + merge Messages train (#826-#832) +2. #825 key-scope fix (LiteLLM routing bug) +3. Userspace re-land (recon plan from transcript first) +4. #737 Phase 3 UI (design session with Jay) +5. #747 CSRF extend verify_csrf -**POST-RESET BATCH (04:20-06:00 BST), all landed on dev:** -- **#795 first half DONE: rkllama default port 8080 -> 7833** (#802 + verification follow-up #803, both merged to dev): installer default, ~10 controller fallbacks, docs, breakage-log entry, `default_rkllama_url()` legacy probe (7833 first, 8080 fallback with update hint, VERIFIED LIVE on the Pi where rkllama still runs on 8080), and the rknpu install verification now probes 7833-then-8080 so fresh installs do not fail their own check (bot-review catch). Second half (LiteLLM off 4000) still open on #795. NOT yet promoted to master: promote #802+#803 together when convenient. -- **#744 e2e tokens DELIVERED to @taOSmd** (integration msg 378): minted via the real consent flow on the Pi (now on master 58de0d0e), bound token verifiably carries project_id, global omits it; file at /home/jay/.taos-744-e2e-tokens.json (600). First mint silently lacked the claim because the Pi was on a pre-#790 bundle: tokens minted on stale code look fine but are claim-less, worth remembering. -- **Jay's 6 idea issues FILED: #796-#801** (bench pause/resume + worker lifecycle; Nothing Phone Ubuntu Touch node; native desktop API parity; tuiui TUI client; message editing + re-trigger; copy/select agent text). -- **Branch cleanup COMPLETE:** repo is down to 9 branches; keepers = master, dev, cla-signatures, design/trust-comms-layer, 2 draft-PR branches (#450/#476), and 3 holding unmerged work for Jay to triage: feat/browser-cdp-driver (3 commits), feat/codebase-indexing (spec), feat/registry-governance (spec), fix/concurrency-idempotency (17 commits, possibly stale). -- **Hourly repo watch live** (playbook item 9, ~/.taos-repo-watch/poll.sh, QUIET-mode). **Resume-pair protocol upgraded to arm-at-start** (both sides; taOSmd mirrored, msg on general); proven on the 03:20 reset. -- Waiting on externals: @hermes search keys (task #8, bus msg 379), @taOSmd #744 e2e verification result. +Recently merged: #818 #817 #816 #812 #811 #809 #808 (all on master 99cf786e). -**OVERNIGHT (after the 00:30 snapshot below):** merged to dev and promoting via #789: #788 (docker shortcut allocated port), #790 (#744 project_id JWT claim + ApproveBody override + grants; taOSmd can now verify with real tokens), #791 (#743 docs drift, closed), #792 (#691 ufw bus port, closed), #793 (#606 model catalog cache, closed), #794 (multi-port allocation probe fix), update breakage log (docs/UPDATE_BREAKAGE_LOG.md + agent-manual pointer), README manifest-failure notice. PI SEARX TEST PASSED: legacy searx (8080) uninstalled, store reinstall landed on pool port 36130 with the /apps/searxng/ launcher URL serving 200, rkllama kept :8080 (Pi runs dev via git bundle because GitHub was unreachable from the Pi; bundle-dev branch). #783 auto-closed by the promotion keyword (HarMaximus has NOT yet confirmed; hourly repo watch will catch his reply). 40 merged branches deleted (~26 done, rest failed on the GitHub outage, retry later). Hourly repo watch cron live (~/.taos-repo-watch/poll.sh, QUIET-mode, re-arm every session, now playbook item 9). Kilo Code Review timed out on EVERY PR tonight (504 "Assistant request timed out"); it is a required check so every merge needed the admin API; decision queued for Jay (make non-required vs drop). GitHub API was badly flaky all night (timeouts from Mac AND Pi); retry loops everywhere. +Blockers: #737 Ph3 needs design session. Userspace plan lost, recon needed. taos.my Coolify pending Jay. -**DONE THIS SESSION (the #783 priority is CLOSED):** -- #786 install fix (rknpu no longer dies when `strings`/binutils missing) PROMOTED to master via **#787 merged (master tip 25f10402)**. -- Pi rkllm VERIFIED (sonnet subagent, PASS): rkllama starts on the Orange Pi (RK3588), `/api/pull` reaches HuggingFace and streams a Qwen2.5-3B rkllm download, model loads + infers on the NPU (3 cores, rkllm-runtime 1.2.3). "All connection attempts failed" did NOT reproduce. So #783's error most likely = rkllama not running (the #786 install-died cause); secondary possibility = HF reachability from his board. rkllama server LEFT RUNNING on the Pi :8080. -- **#783 reply POSTED** to HarMaximus (issue #783, comment 4685905715): explains the `strings` root cause + #786 fix + retry `curl -fsSL https://raw.githubusercontent.com/jaylfc/tinyagentos/master/scripts/install-server.sh | sudo bash`, honest about no Rock 5B + the RK3588 verification, HF-connectivity fallback, welcome. Issue left OPEN pending his retry. -- **A2A channels migrated + old deleted** (Jay's ask): `observability`->`taOS-taOSmd-observability`, `integration`->`taOS-taOSmd-hermes-integration`. taOSmd ran it, caught + fixed a data-loss bug (commit 6c81afb, history was reverse-aliased not physically moved) before deleting; old names now 404, new names keep all history. archive/delete/wipe principle (delete==archive==safe, wipe==only true-delete) relayed + adopted by taOSmd. All 4 of taOSmd's nudge items (msg 349) answered on the bus. Left one stray probe (#357 "probe ignore") on `general` for taOSmd to sweep. +Security queue: #747 #737 #672 #658 #655 #654 #653 #651 #650 #647 -**REMAINING (next session — see GitHub issues + TaskList):** -1. **#788** (docker app Launchpad shortcut records ALLOCATED host port not container port; regression test, 12 pass) is on dev; Kilo is a 504 flake. Include in next dev->master promotion. -2. **Pi searx reinstall:** searxng container is STOPPED + restart-disabled (I freed :8080 for rkllama) so SEARX IS CURRENTLY DOWN ON THE PI. After #788 is on the Pi, fully remove legacy searxng + reinstall via taOS store so it lands on a 30000-40000 pool port AND auto-creates a Launchpad shortcut opening searx in the Browser; verify rkllama still on :8080. (Jay updates the Pi manually; the store-API reinstall is the authorized remediation.) -3. **Kilo 504 (investigated):** kilo-code-bot GitHub App times out (~14.5 min, "Assistant request timed out") on most PRs (#788/#787/#784 failed, #781 passed); it is a REQUIRED check so it forces admin-override merges. Recommend making it NON-REQUIRED in branch protection (Jay/admin) + review keep-vs-drop vs CodeRabbit. TaskList #10. -4. Idea-issue drafts x6 (TaskList #11). #695 reopened (reserve core ports + migrate legacy apps off reserved ports). Web-search keys from hermes (TaskList #8). - -**GOTCHA THIS SESSION:** api.github.com (GraphQL + REST, IP 20.26.156.210) was intermittently timing out for ~1h while git over github.com worked fine; `gh` calls needed retry loops. taOSmd hit the same outage. -**Repo:** github.com/jaylfc/taOS, branches `master` (stable) <- `dev` (integration). **master tip 25f10402 (PR #787, carries #785 Phase 4 + #786 install fix); dev tip df3b28a1.** - -## GOTCHA for the next agent -- **Protected merges:** `gh pr merge` 401s on the OAuth token but `gh api -X PUT repos/jaylfc/taOS/pulls/N/merge -f merge_method=squash` WORKS (use `merge_method=merge` for dev->master promotions; never squash a promotion, never `--delete-branch`). -- CodeRabbit fake passes: a green CodeRabbit check can be a rate-limit notice; check the PR comments, use `@coderabbitai full review`. Kilo often 504s ("Assistant request timed out") = infra flake, not findings. -- `tests/` is NOT an importable package: never `from tests.conftest import X`; expose shared helpers as function-returning fixtures. -- Worker onboarding now REQUIRES pairing (a worker prints a code, admin approves in Cluster, signing key minted) before register/heartbeat. Signing string + headers in tinyagentos/cluster/worker_auth.py; worker side in tinyagentos/worker/pairing.py. VALIDATED in production (#772 passed). -- **Pi Claude session is ARCHIVED and its crons are stopped.** Freshness rides ONLY on the active agent's session cron (re-arm on a new session); there is no Pi-side durable backstop. The Pi controller + A2A bus are services and keep running. - -## Recently landed -- **#737 cluster-worker pairing auth:** Phase 1 backend (#762) + Phase 2 worker scripts/agent signing (#770) DONE and on master (#767, #775). E2E VALIDATED in production (#772 closed: real Pi controller + Fedora worker, full announce->confirm->claim->signed register/heartbeat, unsigned->401). Phases 3 (UI pending-workers + enter-code dialog) and 4 (fleet migration UX) remain. -- **Beta incident fixes on master:** #763 (knowledge user_id migration self-heals bricked installs + exit-on-startup-failure), #754 (installer sudo gap), #768 (installer re-run ownership / priv-esc), #752 (perf), #758 (controller-rescue runbook), #757 (prefetch placeholder). -- Pi controller is UPDATED to master 66688348 (done for the #772 test) and has the pairing backend live. - -## Immediate next actions -1. **#737 Phase 3** (UI pending-workers list + enter-code dialog): frontend-design pass, HELD for a design session with Jay (Apple-grade bar), ties into #760/#761 badges. -2. **#737 Phase 4** (fleet migration UX): existing workers re-pair once with a clear prompt, not silent 401s. -3. **#774 project/shelf registry:** design DONE + spec at docs/superpowers/specs/2026-06-11-project-shelf-registry-design.md (local, gitignored). taOSmd integration thread OPEN (integration channel msg 322): 3 contract questions (shelf create/archive shape; empty-shelf archive reversibility for link; carve-out re-key vs re-ingest). Implementation plan gated on their answers. -4. **#776 add-machine over SSH (#737 Phase 3.5):** design DONE + spec at docs/superpowers/specs/2026-06-11-add-machine-ssh-design.md (local). One-click Cluster "Add machine": paramiko SSH (not sshpass), controller auto-installs + auto-pairs (injects TAOS_PAIRING_CODE, confirms itself), key-exchange for durable mgmt, key-based auth v1 (Linux/macOS only; Windows = separate native app). Ready for an implementation plan; sequence the build behind Phase 3 UI (both Cluster-app frontend). -5. **#744** external coding-agent onboarding: taosmd side merged (their PR #151); our 7 build tasks queued. - -## Open issues filed this stretch -#757 (fixed #771), #759 (fixed #764), #760 host badges everywhere (UI), #761 per-device emoji identity (brainstorm first), #772 fresh-install/pairing smoke (Pi+Fedora, PASSED+closed), #774 project/shelf registry (design done), #776 add-machine over SSH (design done), #777 install identity + version registration (per-bug context now, opt-in central reg later), #778 anonymous active-install count via the update check (aggregate only, no PII), #779 Projects-app code knowledge-graph plugin view for coding projects. - -## Cross-project (taosmd / A2A) -- #744 taosmd side MERGED (their PR #151): grant matching on (canonical_id, project_id) + verified-claim project binding; the `agent` field on data endpoints is a TARGET SHELF, not the caller. Our 7 #744 build tasks queued. -- Progress channels live: `taos-progress`, `taosmd-progress`. Freshness crons: taOS session :08/:38 (re-armed 2026-06-11, was dark), Pi durable backstop NOT installed (decision pending Jay). - -## Blocked / waiting on human (Jay) -- `#15` exo fork deletion: needs `gh auth refresh -s delete_repo`. -- `TAOSMD_REGISTRY_URL` cutover: gated on the consent UI shipping. -- #751 beads buy-vs-build greenlight; #761 emoji brainstorm; #774 -> taOSmd thread. -- Whether to install a durable Pi-side freshness cron as a backstop to the session cron. - -## Where to look -1. GitHub issues = task list. 2. This file = snapshot. 3. docs/AGENT_HANDOFF.md = rules + bootstrap. 4. A2A bus :7900. 5. @taOS Pi memory (Claude Code only). +GOTCHA: gh pr merge 401s -- use gh api PUT instead. Never --delete-branch on dev->master PR. Jay updates Pi manually. From c00326c99670b1499ffabb9a8274bd98dd275792 Mon Sep 17 00:00:00 2001 From: jaylfc Date: Sat, 13 Jun 2026 04:07:49 +0100 Subject: [PATCH 04/34] docs(status): fix stale dev tip (a7a344c3 -> 0d2fe121) --- docs/STATUS.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/STATUS.md b/docs/STATUS.md index fe1cbf24..99cbc4cd 100644 --- a/docs/STATUS.md +++ b/docs/STATUS.md @@ -1,7 +1,7 @@ SINGLE SOURCE OF TRUTH for cross-agent handoff. -Last updated: 2026-06-13, @taOS freshness sweep. Clean state. +Last updated: 2026-06-13, @taOS freshness sweep. -Branch tips: master=99cf786e (PR #813 batch). dev=a7a344c3 (2 docs commits ahead). +Branch tips: master=99cf786e (PR #813 batch). dev=0d2fe121 (3 docs commits ahead). Open PRs: #826-#832 Messages train (7 PRs, awaiting review). #476 App Runtime v1 DRAFT. From f3243dbfb8c179715df17bb76f3e9c89f8cf523d Mon Sep 17 00:00:00 2001 From: jaylfc Date: Sat, 13 Jun 2026 04:38:53 +0100 Subject: [PATCH 05/34] docs(status): freshness sweep 2026-06-13 -- fix dev tip 0d2fe121 -> c00326c9 --- docs/STATUS.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/STATUS.md b/docs/STATUS.md index 99cbc4cd..49aaf665 100644 --- a/docs/STATUS.md +++ b/docs/STATUS.md @@ -1,7 +1,7 @@ SINGLE SOURCE OF TRUTH for cross-agent handoff. Last updated: 2026-06-13, @taOS freshness sweep. -Branch tips: master=99cf786e (PR #813 batch). dev=0d2fe121 (3 docs commits ahead). +Branch tips: master=99cf786e (PR #813 batch). dev=c00326c9 (4 docs commits ahead). Open PRs: #826-#832 Messages train (7 PRs, awaiting review). #476 App Runtime v1 DRAFT. From 5ebb6995e1e3b7d5c3df354e53c380593faa4b4b Mon Sep 17 00:00:00 2001 From: jaylfc Date: Sat, 13 Jun 2026 05:03:56 +0100 Subject: [PATCH 06/34] docs(status): freshness sweep 2026-06-13 -- fix dev tip c00326c9 -> f3243dbf --- docs/STATUS.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/STATUS.md b/docs/STATUS.md index 49aaf665..0b06912f 100644 --- a/docs/STATUS.md +++ b/docs/STATUS.md @@ -1,7 +1,7 @@ SINGLE SOURCE OF TRUTH for cross-agent handoff. -Last updated: 2026-06-13, @taOS freshness sweep. +Last updated: 2026-06-13, @taOS freshness sweep (cycle 2). -Branch tips: master=99cf786e (PR #813 batch). dev=c00326c9 (4 docs commits ahead). +Branch tips: master=99cf786e (PR #813 batch). dev=f3243dbf (5 STATUS.md sweep commits ahead of master). Open PRs: #826-#832 Messages train (7 PRs, awaiting review). #476 App Runtime v1 DRAFT. From f215668aeea522b889f9476b35b1ae4f7d47f2a9 Mon Sep 17 00:00:00 2001 From: jaylfc Date: Sat, 13 Jun 2026 09:05:18 +0100 Subject: [PATCH 07/34] docs(status): freshness sweep cycle 3 -- fix dev tip f3243dbf -> 5ebb6995 --- docs/STATUS.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/STATUS.md b/docs/STATUS.md index 0b06912f..23db82ca 100644 --- a/docs/STATUS.md +++ b/docs/STATUS.md @@ -1,7 +1,7 @@ SINGLE SOURCE OF TRUTH for cross-agent handoff. -Last updated: 2026-06-13, @taOS freshness sweep (cycle 2). +Last updated: 2026-06-13, @taOS freshness sweep (cycle 3). -Branch tips: master=99cf786e (PR #813 batch). dev=f3243dbf (5 STATUS.md sweep commits ahead of master). +Branch tips: master=99cf786e (PR #813 batch). dev=5ebb6995 (6 docs commits ahead of master, pre-sweep). Open PRs: #826-#832 Messages train (7 PRs, awaiting review). #476 App Runtime v1 DRAFT. From 26c1794f4aab9e0167a446064c42c34381bed864 Mon Sep 17 00:00:00 2001 From: jaylfc Date: Sat, 13 Jun 2026 11:03:32 +0100 Subject: [PATCH 08/34] docs(status): freshness sweep cycle 4 -- fix dev tip 5ebb6995 -> f215668a --- docs/STATUS.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/STATUS.md b/docs/STATUS.md index 23db82ca..6a399d5c 100644 --- a/docs/STATUS.md +++ b/docs/STATUS.md @@ -1,7 +1,7 @@ SINGLE SOURCE OF TRUTH for cross-agent handoff. -Last updated: 2026-06-13, @taOS freshness sweep (cycle 3). +Last updated: 2026-06-13, @taOS freshness sweep (cycle 4). -Branch tips: master=99cf786e (PR #813 batch). dev=5ebb6995 (6 docs commits ahead of master, pre-sweep). +Branch tips: master=99cf786e (PR #813 batch). dev=f215668a (7 docs commits ahead of master). Open PRs: #826-#832 Messages train (7 PRs, awaiting review). #476 App Runtime v1 DRAFT. From 19295d009811dc97b55d22dafc41746ea1f5f71f Mon Sep 17 00:00:00 2001 From: jaylfc Date: Sat, 13 Jun 2026 11:08:00 +0100 Subject: [PATCH 09/34] chore: stop tracking docs/AGENT_HANDOFF.md (already in .gitignore) It was committed before being added to .gitignore, so it stayed tracked. The file holds local-only coordination notes; keep it out of the repo. --- docs/AGENT_HANDOFF.md | 95 ------------------------------------------- 1 file changed, 95 deletions(-) delete mode 100644 docs/AGENT_HANDOFF.md diff --git a/docs/AGENT_HANDOFF.md b/docs/AGENT_HANDOFF.md deleted file mode 100644 index 4ef63e0e..00000000 --- a/docs/AGENT_HANDOFF.md +++ /dev/null @@ -1,95 +0,0 @@ -# Agent Handoff Playbook - -**Why this exists.** Work on taOS runs across rate-limit-prone agents on different platforms (Claude Code, Cursor, Codex, web, etc.). When one hits a limit, another picks up. The failure mode to prevent: an incoming agent acting on **stale knowledge**: re-doing finished work, missing in-flight tasks, or clobbering a branch. This playbook + `STATUS.md` + GitHub issues make the project's state **durable and platform-independent** so a handoff never loses work. - -The golden rule: **durable state lives in three committed/hosted places, not in any one agent's memory**: (1) GitHub issues, (2) `docs/STATUS.md`, (3) the A2A bus. If it isn't in one of those, the next agent can't see it. - ---- - -## Bootstrap (paste this into a fresh agent, or just tell it "read docs/AGENT_HANDOFF.md") - -> You are taking over @taOS work on the taOS repo (`~/Development/tinyagentos`, GitHub `jaylfc/taOS`). Another agent was driving and may have hit a rate limit. Orient yourself from the durable state before doing anything; do not trust assumptions: -> -> 1. Read `docs/STATUS.md`: current branch tips, open PRs, in-flight work, blockers. -> 2. Read the rest of this file (`docs/AGENT_HANDOFF.md`): rules, identity, hop protocol. Follow it exactly. -> 3. `git fetch origin && git log origin/master..origin/dev --oneline`: what is on dev not yet promoted. -> 4. `gh issue list --state open --limit 40` (canonical task list) and `gh pr list --state open`. -> 5. A2A bus, live coordination: tail `taos-progress`, `general`, `observability`, `integration` (Pi is `jay@192.168.6.123`, key auth, bus on :7900). -> 6. (Claude Code only) read `~/.claude/projects/-*-tinyagentos/memory/MEMORY.md`. -> -> Then take the top unblocked GitHub issue or continue what STATUS.md flags as in flight. You ARE @taOS on the bus: post as `@taOS`, and drop a status line in `taos-progress` when you start, finish, or learn something. Follow the Identity rules below to the letter. - ---- - -## On arrival: orient before you act (5 steps, ~2 min) - -Run these before touching anything: - -1. **Read `docs/STATUS.md`** (repo root → docs/). Current branch tips, open PRs, in-flight work, blockers. -2. **`git fetch origin && git log origin/master..origin/dev --oneline`**: what's on dev not yet promoted. -3. **`gh issue list --state open --limit 40`**: the canonical task list. `gh pr list --state open`: what's mid-review. -4. **A2A bus tail** (live coordination): `curl -s "http://:7900/a2a/messages?thread=general&limit=15"` (also observability, integration). The Pi IP is in your private notes, not committed here. -5. **(Claude Code only) `~/.claude/.../memory/MEMORY.md`**: durable context index. Other platforms: skip; everything you need is in 1-4. - -Only after those: pick the top unblocked GitHub issue, or continue what `STATUS.md` says is in flight. - ---- - -## Identity & non-negotiable rules - -- **You are @taOS on the A2A bus.** Adopt that handle for every post (`"from": "@taOS"`). You speak as the taOS controller agent, coordinating with @taOSmd (memory/bench) and @hermes (framework agent). -- **Git identity:** `user.name=jaylfc`, `user.email=jaylfc25@gmail.com`. ALL activity appears as jaylfc. -- **No AI attribution** anywhere: commits, PR bodies, issue comments, A2A. No "Co-Authored-By: Claude", no "Generated with...". Public repos and the bus must read as fully human-authored. -- **Voice (anything posted publicly as Jay: commits, PRs, issues, A2A, docs, web copy): NO em dashes, ever.** Use commas, colons, parentheses, or two sentences instead. Strip the usual AI tells (no "it's not just X, it's Y", no "delve", no breathless hedging). For user-facing prose (release notes, web copy, replies), run it through the `content-humanizer` skill before posting. Keep internal terse-but-human. -- **Design:** any taOS or taOSmd dashboard / inspector / web UI work uses the `frontend-design` (impeccable) skill, kept offline / no-CDN friendly. -- **No secrets in git:** no IPs, tokens, credentials, Tailscale IPs, env-specific config. The Pi IP and bus URL stay out of committed files (they live in your private notes / this is why the bootstrap names them in chat, not in tracked code). -- **Branch policy:** small fixes go straight to `dev`. Features/refactors/redesigns get a branch + PR to `dev`. `master` is **protected**: promote only via a `dev`->`master` PR (squash). Protected-master merge needs a `ghp_` PAT or the GitHub UI button (the gh OAuth token 401s on that endpoint). **NEVER `--delete-branch` on a dev->master PR** (deleting `dev` auto-closes every open PR that targets it). -- **Verify before claiming done:** run the tests/commands, paste real output. Evidence before assertions. - ---- - -## When YOU get rate-limited: hand off cleanly (do this the moment you see the limit warning, if you still can) - -1. **Commit or stash WIP** on a branch (never leave uncommitted work that only your session knows about). Push it. -2. **Update `docs/STATUS.md`**: move your task to "In flight" with the branch name + exactly where you stopped + the next concrete step. -3. **Post one A2A note** as your handle: what you finished, what's mid-flight, the branch, the next step. -4. **(Claude Code) update memory** if a durable fact changed. - -If the limit hits before you can do this, the incoming agent recovers from: last pushed commit + open PR + `STATUS.md` + issues. That's why you push early and often. - ---- - -## The freshness cron (keeps the durable layer honest) - -An hourly sweep (session-scoped on the active agent; the Pi's :00/:30 cron is the durable backstop) re-checks README / docs / memory / `STATUS.md` against merged commits and fixes trivial drift, opens PRs for bigger rewrites. If you are the active driver, keep it armed. Its job is to ensure steps 1-5 above never read stale. - ---- - -## Task hygiene: so nothing is lost - -- **Every feature idea, bug, or TODO → a GitHub issue immediately.** Ideas in chat or memory evaporate across a handoff; issues don't. Label them (`feature`, `bug`, `security`, `docs`, `infra`). -- **One issue = one pickup-able unit** with enough context that a cold agent can start it. -- `STATUS.md` links to issues; it does not duplicate them. - ---- - -## A2A channels (use them; they feed the project memory) - -The taosmd-hosted bus ingests messages into the project memory store, so posting there is also how progress becomes durable, searchable context. - -- **`taos-progress`** (post here often): @taOS status updates, lessons learned, decisions, "starting X / finished Y / gotcha Z". One line when you start a task, one when you finish, one for anything non-obvious you learned. This is the running log that survives handoffs and lands in memory. -- **`general`**: cross-agent coordination and @mentions with @taOSmd / @hermes. -- **`observability`**: memory/bench/observability contract talk with @taOSmd. -- **`integration`**: cross-repo integration design. -- @taOSmd keeps its own **`taosmd-progress`** channel for the same purpose on its side. - -## The durable stores at a glance - -| Store | Scope | Visible to | Use for | -|-------|-------|-----------|---------| -| GitHub issues | canonical task list | every platform | backlog, features, bugs, audit findings | -| `docs/STATUS.md` | current snapshot | every platform (in repo) | "where are we right now" | -| `docs/AGENT_HANDOFF.md` | the rules + protocol | every platform (in repo) | onboarding, identity, hop protocol | -| A2A `taos-progress` | running progress log | bus agents + project memory | status, lessons, decisions (feeds memory) | -| A2A bus (:7900) | live coordination | the bus agents | real-time @mentions, decisions | -| @taOS Pi memory | durable context | Claude Code only | per-session continuity for CC | From 46b3549c3af7e31fe163ed809b9be738b78eb9e6 Mon Sep 17 00:00:00 2001 From: jaylfc Date: Sat, 13 Jun 2026 11:13:16 +0100 Subject: [PATCH 10/34] feat(messages): full markdown rendering in chat (#826) * feat(messages): render full markdown in message content * fix(messages): address review on full markdown PR - Disallow markdown images in chat messages (privacy/SSRF leak). - Map GFM table/thead/tbody/th/td to a chat-safe, overflow-x wrapper with compact cell styling consistent with HelpPanel. - Collapse h5 and h6 to the same compact paragraph style as h1-h4. * fix(messages): wrap markdown pre blocks in an overflow-x container The renderContent fence-splitter handles properly closed triple-backtick fences, but an unclosed or otherwise malformed fence can still produce a default 
 through react-markdown. Add a pre component mapping
with overflow-x-auto and a constrained max width so the chat bubble
never grows past the message width.
---
 desktop/src/apps/MessagesApp.tsx | 69 +++++++++++++++++++++++++-------
 1 file changed, 54 insertions(+), 15 deletions(-)

diff --git a/desktop/src/apps/MessagesApp.tsx b/desktop/src/apps/MessagesApp.tsx
index 837c6870..63f3d20a 100644
--- a/desktop/src/apps/MessagesApp.tsx
+++ b/desktop/src/apps/MessagesApp.tsx
@@ -68,6 +68,8 @@ import { displayAuthor } from "./chat/format-author";
 import { useProcessStore } from "@/stores/process-store";
 import { getApp } from "@/registry/app-registry";
 import { CodeBlock } from "@/components/CodeBlock";
+import ReactMarkdown from "react-markdown";
+import remarkGfm from "remark-gfm";
 
 /* ------------------------------------------------------------------ */
 /*  Types                                                              */
@@ -236,21 +238,58 @@ function renderContent(text: string) {
 }
 
 function renderInline(text: string, keyPrefix: string) {
-  // basic markdown: bold, italic, inline code
-  const parts: (string | React.ReactElement)[] = [];
-  const regex = /(\*\*(.+?)\*\*|\*(.+?)\*|`(.+?)`)/g;
-  let last = 0;
-  let match: RegExpExecArray | null;
-  let key = 0;
-  while ((match = regex.exec(text)) !== null) {
-    if (match.index > last) parts.push(text.slice(last, match.index));
-    if (match[2]) parts.push({match[2]});
-    else if (match[3]) parts.push({match[3]});
-    else if (match[4]) parts.push({match[4]});
-    last = match.index + match[0].length;
-  }
-  if (last < text.length) parts.push(text.slice(last));
-  return parts;
+  return [
+    

+       
,
+          a: ({ node, ...props }) => (
+            
+          ),
+          code: ({ node, className, children, ...props }) => {
+            const isBlock = typeof className === "string" && /language-/.test(className);
+            if (isBlock) {
+              return {children};
+            }
+            return (
+              
+                {children}
+              
+            );
+          },
+          ul: ({ node, ...props }) =>