Skip to content

feat(AgentSwarm): add Claude/Codex workflow, workspace persistence, and human review UX#296

Merged
jerry609 merged 2 commits into
jerry609:devfrom
CJBshuosi:feature/AgentSwarm
Mar 8, 2026
Merged

feat(AgentSwarm): add Claude/Codex workflow, workspace persistence, and human review UX#296
jerry609 merged 2 commits into
jerry609:devfrom
CJBshuosi:feature/AgentSwarm

Conversation

@CJBshuosi

Copy link
Copy Markdown
Collaborator
  • 添加 /api/agent-board 路由和 Swarm Commander/Dispatcher 基础架构

  • 将生成的任务文件持久化到已配置的工作区

  • 在工作区中为每个任务生成用户审核文档(reviews/<任务>-user-review.md)

  • 添加代理看板 UI,包含看板、任务详细日志和人工审核操作

  • 要求“全部运行”任务设置工作区,并添加 VS Code 打开操作

  • 实现 Studio 存储和 SSE 任务的更新/插入/同步行为

  • 为路由流程、持久化和超时处理添加单元/功能测试

  • 更新 Studio 布局、PostCSS 配置、后端 URL 助手和锁定文件

Closes #197

…nd human review UX

- 添加 /api/agent-board 路由和 Swarm Commander/Dispatcher 基础架构

- 将生成的任务文件持久化到已配置的工作区

- 在工作区中为每个任务生成用户审核文档(reviews/<任务>-user-review.md)

- 添加代理看板 UI,包含看板、任务详细日志和人工审核操作

- 要求“全部运行”任务设置工作区,并添加 VS Code 打开操作

- 实现 Studio 存储和 SSE 任务的更新/插入/同步行为

- 为路由流程、持久化和超时处理添加单元/功能测试

- 更新 Studio 布局、PostCSS 配置、后端 URL 助手和锁定文件

Closes jerry609#197
@CJBshuosi
CJBshuosi requested a review from jerry609 as a code owner March 7, 2026 13:32
@vercel

vercel Bot commented Mar 7, 2026

Copy link
Copy Markdown

@CJBshuosi is attempting to deploy a commit to the Jerry's projects Team on Vercel.

A member of the Team first needs to authorize it.

@coderabbitai

coderabbitai Bot commented Mar 7, 2026

Copy link
Copy Markdown

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 5958843b-7497-4a23-b0fb-fd442fbcff96

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@gemini-code-assist

Copy link
Copy Markdown

Summary of Changes

Hello, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request introduces a significant new feature: an Agent Swarm system that orchestrates AI agents (Claude and Codex) to automate coding tasks. It provides a robust backend for task decomposition, execution, and review, coupled with a user-friendly Kanban-style UI for monitoring and interacting with these agent-driven workflows. The changes also include critical infrastructure for workspace management, file persistence, and seamless integration with development tools like VS Code, aiming to enhance the efficiency and transparency of AI-assisted code generation.

Highlights

  • Agent Swarm Architecture: Introduced a new /api/agent-board route and foundational Swarm Commander/Dispatcher architecture, enabling a Claude-based commander to decompose tasks and dispatch them to Codex workers.
  • Workspace Persistence & Human Review: Implemented persistence of generated task files to a configured workspace and automatic generation of user review documents (reviews/<task>-user-review.md) for each task, facilitating human oversight.
  • Agent Board UI: Added a new Agent Board UI featuring a Kanban-style task board, detailed task logs, and interactive human review operations, providing a visual interface for managing agent workflows.
  • VS Code Integration: Enhanced the 'Run All' task functionality to require a workspace setup and added a direct action to open the workspace in VS Code, streamlining the developer experience.
  • Studio Store Enhancements: Updated the Studio store to manage agent tasks, including SSE-driven updates, insertions, and synchronization behaviors for real-time task status.
  • Comprehensive Testing: Added extensive unit and functional tests covering the new routing, file persistence, and timeout handling logic for the agent swarm components.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Changelog
  • src/paperbot/api/main.py
    • Imported Path and os modules.
    • Updated .env loading logic for deterministic repo-root loading and configurable override behavior.
    • Imported and included the new agent_board router in the FastAPI application.
  • src/paperbot/api/routes/init.py
    • Imported agent_board module.
    • Added agent_board to the __all__ export list.
  • src/paperbot/api/routes/agent_board.py
    • Added new FastAPI router for agent board functionalities, including session management, task planning, execution, and human review.
    • Defined Pydantic models for AgentTask, BoardSession, and various request/response payloads.
    • Implemented Server-Sent Events (SSE) for real-time updates during task planning and execution.
    • Included helper functions for task logging, context pack loading, and task/session lookup.
  • src/paperbot/infrastructure/swarm/init.py
    • Added new __init__.py to export ClaudeCommander, CodexDispatcher, CodexResult, ReviewResult, and WisdomEntry.
  • src/paperbot/infrastructure/swarm/claude_commander.py
    • Added ClaudeCommander class responsible for decomposing context packs into tasks, building prompts for Codex workers, reviewing Codex output, and accumulating wisdom.
    • Implemented logic for handling Claude API calls, including timeouts and fallback mechanisms.
  • src/paperbot/infrastructure/swarm/codex_dispatcher.py
    • Added CodexDispatcher class to send coding tasks to OpenAI's Codex API.
    • Implemented functionality to persist generated files to a specified workspace and create human-readable review documents.
    • Included methods for extracting file paths, content, rationale, and function details from Codex output.
    • Added timeout handling for API dispatches.
  • tests/unit/test_agent_board_route.py
    • Added unit tests for the /api/agent-board routes, covering human review decisions (approve/request changes).
    • Verified that SSE streams correctly emit execution logs during task runs.
    • Confirmed that generated files and user review documents are properly persisted in the workspace.
  • tests/unit/test_codex_dispatcher_persistence.py
    • Added unit tests for the CodexDispatcher's file persistence logic.
    • Ensured correct extraction and saving of files from Codex output, including a fallback for cases without explicit code blocks.
  • tests/unit/test_swarm_timeouts.py
    • Added unit tests to validate timeout handling in CodexDispatcher and ClaudeCommander.
    • Confirmed CodexDispatcher returns failure on timeout and ClaudeCommander auto-approves on review timeout or falls back to roadmap on decompose timeout.
  • web/postcss.config.mjs
    • Updated the @tailwindcss/postcss plugin configuration to specify base: import.meta.dirname.
  • web/src/app/studio/page.tsx
    • Imported useState, ExternalLink, and ChatHistoryPanel.
    • Integrated lastGenCodeResult from the Studio store.
    • Introduced viewMode state for managing the reproduction log's display mode.
    • Added a new 'Open in VS Code' button with logic to open the project directory.
    • Modified the desktop layout to incorporate ChatHistoryPanel and pass viewMode to ReproductionLog.
    • Updated mobile tab content to correctly pass viewMode to ReproductionLog.
  • web/src/components/studio/AgentBoard.tsx
    • Added new React component AgentBoard to display and manage agent tasks in a Kanban-style interface.
    • Implemented task cards, task detail dialogs with logs and file lists, and human review actions.
    • Integrated with SSE for real-time task updates and WorkspaceSetupDialog for directory configuration.
  • web/src/components/studio/ChatHistoryPanel.tsx
    • Added new React component ChatHistoryPanel to display a list of chat threads or agent tasks, filtered by paper ID.
  • web/src/components/studio/ContextPackPanel.tsx
    • Imported useStudioStore, readSSE, backendUrl, and LayoutDashboard.
    • Added onDeployToBoard prop to allow switching to the agent board view.
    • Implemented handleDeployToBoard function to initiate agent board sessions and task planning via SSE.
    • Added a 'Deploy to Agent Board' button.
  • web/src/components/studio/ReproductionLog.tsx
    • Imported AgentBoard and LayoutDashboard.
    • Modified to accept viewMode and onViewModeChange props for controlling its display.
    • Updated internal state management to use the new viewMode props.
    • Added a new 'Agent Board' tab to the navigation.
    • Conditionally renders the AgentBoard component based on the active viewMode.
    • Passed onDeployToBoard callback to ContextPackPanel.
  • web/src/lib/backend-url.ts
    • Added a utility function backendUrl to construct backend API URLs, specifically designed to bypass Next.js rewrite proxy for SSE streaming.
  • web/src/lib/store/studio-store.test.ts
    • Added a new test case to ensure that agent task IDs are correctly preserved when tasks are updated in the Studio store.
  • web/src/lib/store/studio-store.ts
    • Defined new TypeScript interfaces: AgentTaskStatus, AgentTaskLog, HumanReviewEntry, and AgentTask to model agent-related data.
    • Extended the StudioState interface and its implementation with new properties and actions for managing agent tasks and board sessions (agentTasks, boardSessionId, setBoardSessionId, addAgentTask, updateAgentTask, moveAgentTask, clearAgentTasks).
Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature Command Description
Code Review /gemini review Performs a code review for the current pull request in its current state.
Pull Request Summary /gemini summary Provides a summary of the current pull request in its current state.
Comment @gemini-code-assist Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help /gemini help Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

  1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution.

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request introduces a new 'Agent Board' feature, enabling multi-agent workflows where a Claude Commander orchestrates Codex workers to decompose tasks, generate code, and review results. Key changes include new FastAPI routes (agent_board.py) and dedicated backend modules (ClaudeCommander.py, CodexDispatcher.py) for AI interaction, task management, and file persistence. The frontend is updated with new React components (AgentBoard.tsx, ChatHistoryPanel.tsx) to display tasks in a Kanban-style board, alongside UI modifications in studio/page.tsx, ContextPackPanel.tsx, and ReproductionLog.tsx to integrate these new views and facilitate direct backend API calls. The studio-store.ts is updated to manage the state of these new agent tasks, and comprehensive unit tests are added for the new backend components and frontend store. Review comments highlight critical security vulnerabilities, including an unsanitized workspace_dir parameter in CodexDispatcher allowing arbitrary file writes, and prompt injection risks in ClaudeCommander. Other concerns include the use of an in-memory store for agent sessions leading to data loss, dangerous auto-approval logic in Claude's review process on exceptions, a likely typo in an OpenAI model name, hardcoded timeouts, and suggestions for improved type safety and configurable parameters.

Comment thread src/paperbot/api/routes/agent_board.py Outdated
session_id=session_id,
paper_id=request.paper_id,
context_pack_id=request.context_pack_id,
workspace_dir=request.workspace_dir,

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

security-critical critical

The workspace_dir parameter is accepted from the user without any validation or sanitization. This path is subsequently used as a base directory for file operations, including directory creation (mkdir) and file writing (write_text). An attacker could provide an absolute path to a sensitive system directory (e.g., /etc or /root), allowing them to overwrite arbitrary files on the server with content generated by the AI agents. This is a critical vulnerability that could lead to full system compromise.

Comment thread src/paperbot/api/routes/agent_board.py Outdated
# ---------------------------------------------------------------------------
# In-memory store (replace with DB in production)
# ---------------------------------------------------------------------------
_sessions: Dict[str, "BoardSession"] = {}

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

high

使用内存中的字典 _sessions 来存储代理看板的会话和任务,不适合生产环境。这会导致应用程序重启时数据丢失,并且在使用多个服务器实例时无法扩展。虽然注释中提到了这一点,但至关重要的是,应计划迁移到持久化数据库(例如应用程序其他部分已在使用的数据库),以确保数据完整性和可扩展性。

Comment on lines +239 to +241
except Exception:
log.exception("Claude review failed; auto-approving")
return ReviewResult(approved=True, feedback="Auto-approved (review error)")

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

high

review 方法捕获任何 Exception 并返回一个自动批准的结果。这是危险的,因为如果 Claude 的审查因任何原因(例如,API 错误、格式错误的 JSON 响应等)失败,它可能会批准由 Codex 生成的不正确甚至恶意的代码。审查失败应被视为失败,而不是成功。更安全的做法是返回 approved=False 或重新引发异常由调用者处理。

Suggested change
except Exception:
log.exception("Claude review failed; auto-approving")
return ReviewResult(approved=True, feedback="Auto-approved (review error)")
except Exception:
log.exception("Claude review failed; rejecting")
return ReviewResult(approved=False, feedback="Failed to perform AI review due to an internal error.")

Comment on lines +21 to +25
_CODEX_MODELS = [
"gpt-4.1-mini",
"gpt-4o-mini",
"gpt-4o",
]

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

high

_CODEX_MODELS 列表中包含 "gpt-4.1-mini",这不是一个标准的 OpenAI 模型名称。这很可能是 "gpt-4o-mini" 的拼写错误。如果优先级列表中的第一个模型无效,并且后续模型不可用或逻辑不能优雅地处理此故障,则可能导致所有 API 调用失败。请核实正确的模型名称。

_CODEX_MODELS = [
    "gpt-4o-mini",
    "gpt-4o",
]

Copy link
Copy Markdown
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

codex模型需要商讨后更改

Comment on lines +86 to +95
f"## Objective\n{objective}\n\n"
f"## Task Roadmap\n{json.dumps(roadmap, indent=2)}\n\n"
f"## Key Observations\n{json.dumps(observations[:10], indent=2)}\n\n"
"Decompose into coding tasks. For each task provide:\n"
'- "title": short name\n'
'- "description": what to implement\n'
'- "difficulty": easy/medium/hard\n'
'- "acceptance_criteria": list of verification checks\n'
'- "dependencies": list of task titles this depends on\n\n'
"Return a JSON array of task objects. No markdown fences."

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

security-medium medium

User-supplied data from the context_pack (such as objective, roadmap, and observations) is directly concatenated into prompts sent to the Anthropic Claude API. This makes the application vulnerable to prompt injection attacks, where a malicious user could manipulate the AI commander's behavior to perform unauthorized actions or leak sensitive information. Since the commander's output is used to generate code for execution, this also increases the risk of indirect code injection.

Copy link
Copy Markdown
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Claude如何指挥codex还需要深入研究,代码注入问题先暂时保留

Comment thread src/paperbot/api/routes/agent_board.py Outdated
id: str
title: str
description: str
status: str = "planning" # planning | in_progress | ai_review | human_review | done

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

status 字段被定义为 str,其可能的值在注释中列出。为了更好的类型安全并防止无效的状态值,建议使用 typing.Literal。这使代码更具自文档性,并允许静态分析工具捕获错误。

Suggested change
status: str = "planning" # planning | in_progress | ai_review | human_review | done
status: Literal["planning", "in_progress", "ai_review", "human_review", "done"] = "planning"

Comment thread src/paperbot/api/routes/agent_board.py Outdated
Comment on lines +62 to +63
created_at: str = ""
updated_at: str = ""

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

created_atupdated_at 字段默认为空字符串 "",这不是一个有效的 ISO 8601 时间戳。虽然代码似乎总是在创建/更新时设置这些字段,但模型定义具有误导性。更好的做法是使用 default_factory 设置一个合适的默认时间戳,或者如果它们确实可以不存在,则将它们设为 Optional[str] = None

Suggested change
created_at: str = ""
updated_at: str = ""
created_at: str = Field(default_factory=lambda: datetime.utcnow().isoformat())
updated_at: str = Field(default_factory=lambda: datetime.utcnow().isoformat())

Comment thread src/paperbot/api/routes/agent_board.py Outdated

commander = _get_commander()
dispatcher = _get_dispatcher()
workspace = Path(session.workspace_dir or "/tmp/paperbot-workspace")

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

回退的工作区路径被硬编码为 /tmp/paperbot-workspace。如果同一台机器上运行多个应用程序实例,或者运行应用程序的用户没有对 /tmp 的写权限,这可能会导致冲突或意外行为。更安全的做法是使用 Python 的 tempfile 模块为每个未指定工作区的会话创建一个唯一的临时目录。此建议也适用于第584行。

def __init__(
self,
api_key: Optional[str] = None,
model: str = "claude-sonnet-4-20250514",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

Claude 模型被硬编码为一个特定的带日期的版本 (claude-sonnet-4-20250514)。这可能会过时,并使更新模型变得困难。最好使用更通用的模型别名,如 claude-3.5-sonnet,或通过环境变量使模型名称可配置。

Suggested change
model: str = "claude-sonnet-4-20250514",
model: str = "claude-3.5-sonnet",

Copy link
Copy Markdown
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

待定

abortRef.current?.abort()
const controller = new AbortController()
abortRef.current = controller
const timeout = setTimeout(() => controller.abort(), 10 * 60 * 1000)

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

“全部运行”操作硬编码了 10 分钟的超时。虽然超时是必要的,但将其硬编码在组件中使其难以更改。最好在文件顶部或配置文件中将其定义为常量,以使其更显眼且易于调整。

Suggested change
const timeout = setTimeout(() => controller.abort(), 10 * 60 * 1000)
const RUN_ALL_TIMEOUT_MS = 10 * 60 * 1000
const timeout = setTimeout(() => controller.abort(), RUN_ALL_TIMEOUT_MS)

@vercel

vercel Bot commented Mar 7, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
paper-bot Ready Ready Preview, Comment Mar 8, 2026 2:44am

@jerry609
jerry609 merged commit 6b782f9 into jerry609:dev Mar 8, 2026
4 checks passed
jerry609 added a commit that referenced this pull request Mar 13, 2026
* fix: validate studio output dirs and add p2c module design docs

:wq

* feat(PaperToContext): M3
#140
Closes #140

* feat(p2c): implement ContextEngineBridge to inject user context into extraction Related to #157

* activate paper-scope memory read/write path. Raletd to #158

* fix(p2c): address Gemini code review issues from PR. Related to #157

* fix(p2c): address Gemini code review issues. Related to #158

* fix(p2c): sanitize XML tag content to prevent tag-escape prompt injection

* feat(memory): add FTS5 full-text search and sqlite-vec hybrid search. Related to #161

* feat(p2c): persist CodeMemory experiences to SQLite. Related to #162

* address Gemini code review issues from PR #224 and #225

* fix(memory): address Gemini code review issues from #153 epic audit

P0 fixes:
- Replace unbounded daemon threads with ThreadPoolExecutor(max_workers=2)
  for embedding writes; atexit + close() ensure graceful shutdown so
  in-flight embeddings are not lost on process exit
- Restore apprise>=1.9.0 and feedgen>=1.0.0 removed in epic branch,
  which would have broken Epic #179 push/RSS features on merge

P1 fixes:
- _escape_fts: replace double-quote-only escaping with a whitelist regex
  [A-Za-z0-9_+-] so FTS5 operators (*, NEAR, NOT, ^) cannot alter query
  semantics; empty queries now short-circuit to []
- _hybrid_merge: skip items with None/invalid id instead of defaulting
  to id=0, preventing silent score collisions across unrelated records
- ReproExperienceStore: add application-level dedup check + UNIQUE
  constraint (paper_id, pattern_type, content) + IntegrityError fallback
  to prevent duplicate experiences from accumulating across retries

Migration:
- 0022_repro_experience_dedup: adds uq_repro_exp_paper_type_content
  unique constraint to existing repro_code_experience table

Tests: 47 unit tests pass (+3 new tests covering the fixes above)

* fix: harden repro experience isolation and wire persistence into repro pipeline

Add user-scoped isolation for repro_code_experience and enforce dedup semantics with migration 0022_repro_experience_dedup.

Inject ReproExperienceStore through ReproAgent/Orchestrator/CodingAgent/GenerationNode and propagate user_id/pack_id in generation, verification, and debugging persistence paths.

Update /api/gen-code to accept user_id and extend unit tests for user isolation and persistence behavior.

* feat(memory): introduce memory decay mechanism (#163)

Add decay-aware scoring that combines relevance (confidence), recency
(exponential decay with 90-day half-life), and usage frequency to
re-rank search results. New memories default to expires_at = created_at
+ 365 days. search_memories() now auto-touches usage on hits.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat(memory): add cross-track batch search (#164)

Add search_memories_batch() that queries multiple scope_ids in a single
SQL call, eliminating the N+1 loop in build_context_pack(). Engine now
uses this batch method for cross-track memory retrieval.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat(context): implement layered context loading (#165)

Refactor build_context_pack() into 4 layer methods:
- Layer 0: user profile (cached with 5-min TTL, ~200 tokens)
- Layer 1: track context — tasks/milestones (~500 tokens)
- Layer 2: query-relevant + cross-track memories (~1000 tokens)
- Layer 3: paper-scoped memories (on-demand)

Return value adds context_layers metadata while remaining fully
backward-compatible.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor(memory): align decay with OpenClaw patterns

- Use standard ln(2)/halfLifeDays lambda formula (matches OpenClaw
  temporal-decay.ts:toDecayLambda)
- Default half-life lowered to 30 days (was 90, now matches OpenClaw)
- Evergreen memories (global scope, preference kind) are immune to
  recency decay (inspired by OpenClaw isEvergreenMemoryPath)
- Add _to_decay_lambda() and _is_evergreen_memory() helpers
- Expand tests for lambda math, half-life precision, and evergreen logic

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix(context): isolate layer0 cache and touch batch hits (#236)

* feat(memory): upgrade batch retrieval with hybrid and MMR options (#237)

* feat(context): add embedding fallback chain and token guard config (#238)

* fix(memory): bound batch hybrid candidates by scope_ids

* docs: update README with macOS python3 tips

* docs: update README with more badges

* docs: update README with deleting extra badges

* feat(search): add offline retrieval benchmark harness

Add a deterministic retrieval benchmark fixture, scorer, CLI, docs, and CI smoke gate for PaperSearchService.\n\nCloses #284\nRefs #283

* feat(context): add offline context-engine benchmark

Add deterministic fixtures, scoring, CLI, and smoke coverage for layered assembly, token guard, and advisory routing in ContextEngine.\n\nCloses #286\nRefs #283

* feat(memory): add scope isolation acceptance bench

Add an offline scope-isolation benchmark for memory retrieval paths, extend the metric collector with cross-user and cross-scope leak rates, and wire the new check into CI.\n\nCloses #285\nRefs #283

* feat(memory): add offline injection robustness detector

Add a deterministic prompt-injection pattern detector, labeled offline fixtures, an acceptance benchmark, and CI coverage for Injection Robustness L1.\n\nCloses #287\nRefs #283

* feat(memory): add offline performance benchmark harness

Add a deterministic synthetic benchmark for memory search latency baselines across 10k/100k/1M scales, plus docs and smokeable unit coverage.\n\nCloses #288\nRefs #283

* feat: add ROI benchmark for repro memory

Closes #289

Refs #283

* docs: add MemoryBench epic completion report

Refs #283

* docs: add runtime memory benchmark report

Refs #283

* Docs: update README with our new name (#290)

* docs: update README with macOS python3 tips

* docs: update README with more badges

* docs: update README with deleting extra badges

* docs: update README with new god name

---------

Co-authored-by: 林杰 <linjie@linjiedeMacBook-Air.local>
Co-authored-by: 林杰 <linjie@v8d1ef64c.dip.tu-dresden.de>
Co-authored-by: 林杰 <linjie@v8d1ef43e.dip.tu-dresden.de>
Co-authored-by: 林杰 <linjie@v8d1ef6c5.dip.tu-dresden.de>

* Fix: show friendly error when backend is unreachable (#291)

* docs: update README with macOS python3 tips

* docs: update README with more badges

* docs: update README with deleting extra badges

* docs: update README with new god name

---------

Co-authored-by: 林杰 <linjie@linjiedeMacBook-Air.local>
Co-authored-by: 林杰 <linjie@v8d1ef64c.dip.tu-dresden.de>
Co-authored-by: 林杰 <linjie@v8d1ef43e.dip.tu-dresden.de>
Co-authored-by: 林杰 <linjie@v8d1ef6c5.dip.tu-dresden.de>

* feat: improve memory ROI and effectiveness benchmarks

* fix: avoid importing missing data template in main

* fix: stabilize live memory roi benchmark

* feat: expand multi-session memory effectiveness benchmark

* feat: implement MemoryBench evaluation suite with 4 bench suites

Add comprehensive memory module evaluation aligned with LongMemEval
(ICLR 2025), LoCoMo (ACL 2024), Mem0, and Letta benchmarks.

- Retrieval Bench v2: IR metrics (Recall@5=0.873, MRR@10=0.731, nDCG@10=0.747)
  with 40 annotated queries across 5 question types and 5 memory dimensions
- Scope Isolation + CRUD: zero-leak verification across user x scope matrix,
  Mem0-aligned CRUD lifecycle (add/update/delete/dedup)
- Context Extraction: L0-L3 layer completeness, precision, token budget guard,
  TrackRouter accuracy (100%), graceful degradation
- Injection Robustness L1: offline pattern detection (0% pollution, 0% FP)
- Fixture dataset: 45 memories (2 users), 12 injection patterns
- Testing documentation with methodology, validity analysis, and results

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* docs: add MemoryBench quantitative results to README

Add evaluation results section with metrics from 4 bench suites:
- Retrieval quality (Recall@5=0.873, MRR@10=0.731, nDCG@10=0.747)
- Scope isolation + CRUD lifecycle (zero leaks, all CRUD pass)
- Context extraction (100% precision, 100% router accuracy)
- Injection robustness (0% pollution, 0% false positive)

Includes LoCoMo question-type breakdown and run instructions.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat(AgentSwarm): add Claude/Codex workflow, workspace persistence, and human review UX (#296)

* feat(AgentSwarm): add Claude/Codex workflow, workspace persistence, and human review UX

- 添加 /api/agent-board 路由和 Swarm Commander/Dispatcher 基础架构

- 将生成的任务文件持久化到已配置的工作区

- 在工作区中为每个任务生成用户审核文档(reviews/<任务>-user-review.md)

- 添加代理看板 UI,包含看板、任务详细日志和人工审核操作

- 要求“全部运行”任务设置工作区,并添加 VS Code 打开操作

- 实现 Studio 存储和 SSE 任务的更新/插入/同步行为

- 为路由流程、持久化和超时处理添加单元/功能测试

- 更新 Studio 布局、PostCSS 配置、后端 URL 助手和锁定文件

Closes #197

* (fix)修改AI review问题

* refactor: share research fetch helpers (#295)

Co-authored-by: 林杰 <linjie@v8d1ef6c5.dip.tu-dresden.de>

* feat: add research/yearCombobox. Realted to #297

* refactor(research): dedupe fetch helpers across Research pages; fix Radix popover import; add @radix-ui/react-popover dep

* fix(web): move @radix-ui/react-popover to dependencies

* fix(research): keep track list order stable across activation

* refactor(research): share stable track merge helper

* fix(research): make paper feedback togglable

* feat(research): hide 'Open Discovery Workspace' behind feature flag

* feat(research): gate track memory button behind feature flag (#333)

* feat(research): gate track memory button behind feature flag

* fix(research): avoid reactivating already active track

* ci(vercel): add auto deploy workflow for dev branch

* feat: calm dashboard workspace (#334)

* feat: harden search and connector infrastructure (#339)

* refactor(infra): unify async request layer for connectors

Implements issue #262 by moving Arxiv/OpenAlex/PapersCool connectors onto the shared async transport with retry support, updating async call sites, and adding focused tests.

* perf(infra): batch OpenAlex ID lookups

Implements issue #267 by replacing per-ID OpenAlex work fetches with batched filter queries and adds focused coverage for the batched path.

* refactor(infra): unify Semantic Scholar client stack

Implements issue #266 by routing both the shared mixin and the scholar-tracking agent through the same SemanticScholarClient surface, removing the duplicated legacy API client path, and adding focused unification tests.

* feat(infra): harden SSE transport handling

Implements issue #263 by moving heartbeat, timeout, cancellation cleanup, and X-Accel-Buffering handling into the shared SSE wrapper and switching the streaming routes onto the common response helper with regression coverage.

* fix(infra): bound ARQ jobs and reuse event log

Implements issue #268 by adding timeout/max_tries metadata to worker functions, reusing the SqlAlchemyEventLog singleton inside the worker module, and covering both behaviors with focused tests.

* feat(search): add three-tier paper deduplicator (DOI/arxiv_id/rapidfuzz)

Replaces the identity-key-only dedup in PaperSearchService._fuse_with_rrf()
with a dedicated PaperDeduplicator that matches across DOI, arxiv_id (version-
stripped), and fuzzy title similarity via rapidfuzz. Merged papers accumulate
the best metadata (highest citations, longest abstract, union of identities).

Closes #317

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix(search): prevent conflicting identity dedup merges

Refs #317

* fix(embeddings): add CJK character support to hash embedding tokenizer

Extends HashEmbeddingProvider regex to include CJK Unified Ideographs
(U+4E00–U+9FFF) and Extension A (U+3400–U+4DBF), enabling proper
embedding of Chinese text.

Closes #276

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix(embeddings): extend hash tokenizer beyond Han-only CJK

Refs #276

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>

* fix(research): restore feedback track ux on current dev (#341)

* refactor(research): dedupe fetch helpers across Research pages; fix Radix popover import; add @radix-ui/react-popover dep

* fix(web): preserve item order in research tracks selection

Closes #304

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor(web): remove unused components

Closes #305

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix(web): keep active research track visible

Refs #304

* fix(research): align paper feedback toggles with persisted state

Refs #324

* fix(web): add missing @radix-ui/react-popover dependency

Research page crashed with "Module not found: Can't resolve
'@radix-ui/react-popover'" because SearchBox.tsx imports popover.tsx
which depends on this package.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix(research): restore feedback track ux on current dev

---------

Co-authored-by: 林杰 <linjie@v8d1ef6a5.dip.tu-dresden.de>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>

* fix(web): resolve DeepCode Studio page issues

* fix(repro): improve memory and workflow correctness

* feat: add intelligence radar backend

* fix(api): block cross-user intelligence feed access

* fix(intelligence): avoid thread-unsafe refresh races

* refactor: enforce alembic-only store initialization

* fix(db): bootstrap sqlite schemas for lazy stores

* fix(stores): align ports with store interfaces

* fix(stores): align remaining port contracts

* fix(api): harden request boundaries and settings handling

* fix(api): stop trusting spoofable forwarded hosts

* fix(api): gate studio code execution by default

* fix(api): stream request-size checks safely

* feat(export): add Obsidian filesystem exporter

* feat(cli): add Obsidian export command

* feat(obsidian): finish configurable vault export workflow (#348)

* refactor(web): move workflow workbench out of dashboard

* ci(vercel): use --preview flag for dev deploy

* fix(ci): remove invalid Vercel preview flag

* fix(ci): keep Vercel secrets free of inline comments

* refactor: share candidate search boundary and simplify dashboard

* refactor(api): split paperscool search curate and ingest

* refactor(web): flatten dashboard brief snapshot

* refactor(web): reduce dashboard brief visual noise

* refactor(web): feature top dashboard signals

* fix(obsidian): harden export follow-ups

* fix(obsidian): tighten review follow-ups

* feat(web): add Obsidian handoff to Research workspace (#352)

* feat(web): add Obsidian handoff to Research workspace

* fix(web): address obsidian workspace review feedback

* feat: ship track-centric research context stack (#356)

* feat(api): add track context read model service

* feat(api): expose consolidated track context endpoint

* refactor(web): migrate research page to track context endpoint

* refactor(memory): wrap track-scoped memory access

* chore: document track-centric research model and stabilize tests

* docs: refresh readme screenshots

* fix(deps): align package manifests with runtime imports

* docs: refresh email push screenshot

* feat(research): close citation graph and obsidian export gaps (#360)

* feat(obsidian): add bidirectional vault sync

* fix(paper): improve saved papers table layout

* feat(openclaw): add paperbot plugin bridge

* fix(obsidian): address sync review feedback

* feat(web): flatten dashboard action bands

* refactor(web): condense dashboard next-up panel

* refactor(web): simplify dashboard around recommendations

* refactor(web): simplify dashboard surface and workflow copy

* feat(web): add dashboard queue actions

* fix(web): harden dashboard queue links and brief parsing

* fix(paper): unify unsave with feedback API

* fix(paper): scope saved papers per track

* fix: unblock dashboard build and e2e

* ci: add vercel pr preview automation

* fix: repair vercel preview workflow setup

* fix: run vercel build from repo root

* fix: skip preview smoke without bypass secret

* feat(auth): add multi-user authentication foundation. Related to #151

- Add User domain model and SQLAlchemy UserModel with soft-delete support
- Add SqlAlchemyUserStore with email/GitHub user CRUD, password auth, reset tokens
- Add JWT signing/verification (python-jose), bcrypt password hashing
- Add FastAPI auth dependencies: get_user_id (optional fallback) and get_current_user (strict)
- Add /api/auth routes: register, login, github/exchange, me, forgot/reset-password
- Add Alembic migrations for users and password_reset_tokens tables
- Add AUTH_OPTIONAL env var for gradual migration from legacy 'default' user
- Fix account lifecycle bugs: reactivate on OAuth re-login, reject inactive on password login
- Add auth API tests

* fix(auth): address code review feedback on PR #365

* feat(document): add explicit evidence indexing pipeline

* docs(benchmark): define document evidence eval contract

* feat(benchmark): add document evidence eval scaffold

* fix(api): restore py39 auth compatibility after dev rebase

* chore(logging): surface cleanup and FTS5 failures

* fix(paper): refine saved filters and cleanup code

* fix(paper): refine paper context cleanup and year filter

* feat(eval): support dedicated embedding benchmark providers

* feat(settings): add embedding endpoint configuration

* refactor(settings): align embedding endpoint ux with cc-switch

* refactor(settings): simplify embedding endpoint panel

* refactor(settings): tighten embedding layout on wide screens

* feat(studio): refine paper gallery icon animation and context
  workspace layout

* ci: disable native vercel git deploys

* docs: restore master demo gallery assets

* fix: unblock ci for merge-dev-into-master

* fix: address codeql alerts

* fix: harden agent board workspace path validation

---------

Co-authored-by: boyu <oor2020@163.com>
Co-authored-by: WenjingWang <jingnvx@outlook.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: 林杰 <linjie@linjiedeMacBook-Air.local>
Co-authored-by: 林杰 <linjie@v8d1ef64c.dip.tu-dresden.de>
Co-authored-by: Linjie-top <linjie666z@gmail.com>
Co-authored-by: 林杰 <linjie@v8d1ef43e.dip.tu-dresden.de>
Co-authored-by: 林杰 <linjie@v8d1ef6c5.dip.tu-dresden.de>
Co-authored-by: 林杰 <linjie@v8d1ef6a5.dip.tu-dresden.de>
Co-authored-by: 林杰 <linjie@v8d1ef4ea.dip.tu-dresden.de>
Co-authored-by: 林杰 <linjie@v8d1ef41f.dip.tu-dresden.de>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants