agents-orchestrator/agent-orchestrator
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
21 commits 3 branches 0 tags 54 MiB
Commit graph

21 commits

This branch
This branch
All branches
Author SHA1 Message Date
Hibryda
0324f813e2 fix(security): resolve critical audit findings in marketplace and frontend 
CRITICAL fixes:
- marketplace.rs: Replace fake SHA-256 (SipHash) with real sha2 crate
- marketplace.rs: Reject empty checksums (refuse unsigned plugins)
- marketplace.rs: Add install path traversal protection (reject ../|/|\)
- marketplace.rs: Add HTTPS-only URL validation on download_url
- marketplace.rs: Add curl --proto =https to block file:/gopher: SSRF
- marketplace.rs: Add --max-filesize 50MB download cap
- marketplace.rs: Add --no-same-owner --no-same-permissions to tar extraction
- marketplace.rs: Post-extraction path validation (canonicalize check)

Frontend fixes:
- pro-bridge.ts: Rename Symbol→CodeSymbol (avoid global collision)
- pro-bridge.ts: Tighten trust type to union 'human'|'agent'|'auto'
- PluginMarketplace.svelte: URL sanitization (reject non-https hrefs)

Remaining audit fixes (HIGH/MEDIUM/LOW) being applied by background
agents — will be committed separately when complete.
 2026-03-17 03:50:10 +01:00
Hibryda
285f2404aa refactor(pro): simplify ProjectMemory and CodeIntelligence components 2026-03-17 03:29:14 +01:00
Hibryda
be084c8f17 feat(pro): add Svelte components for commercial phases 
BudgetManager (budget+router), ProjectMemory (persistent memory),
CodeIntelligence (symbols+git+branch policy). Updated pro-bridge.ts
with all new IPC functions.
 2026-03-17 03:27:40 +01:00
Hibryda
191b869b43 feat(pro): implement all 3 commercial phases 
Phase 1 — Cost Intelligence:
- budget.rs: per-project token budgets, soft/hard limits, usage logging
- router.rs: 3 preset profiles (CostSaver/QualityFirst/Balanced)

Phase 2 — Knowledge Base:
- memory.rs: persistent agent memory with FTS5, auto-extraction, TTL
- symbols.rs: regex-based symbol graph (tree-sitter stub)

Phase 3 — Git Integration:
- git_context.rs: branch/commit/modified file context injection
- branch_policy.rs: session-level branch protection

6 modules, 32 cargo tests, 22+ Tauri plugin commands.
 2026-03-17 03:27:40 +01:00
Hibryda
3798bedc4d feat: add pre-dispatch hook for agent task middleware 
Generic extension point in community codebase: PreDispatchHook type
registered in AppState, checked before every agent_query dispatch.
Enables Pro features like budget enforcement and branch policy.
 2026-03-17 03:27:40 +01:00
Hibryda
19771237c9 refactor(pro): simplify PluginMarketplace component (503→310 lines) 2026-03-17 02:22:20 +01:00
Hibryda
5300c09157 feat(pro): add plugin marketplace with catalog, install, and update support 
Marketplace backend (agor-pro/src/marketplace.rs): fetch catalog from
GitHub, download+verify+extract plugins, install/uninstall/update with
SHA-256 checksum verification and path traversal protection. 6 Tauri
plugin commands.

PluginMarketplace.svelte: Browse/Installed tabs, search, plugin cards
with permission badges, one-click install/uninstall/update.

Plugin catalog repo: agents-orchestrator/agor-plugins (3 seed plugins).
Plugin scaffolding: scripts/plugin-init.sh.
7 marketplace vitest tests, 3 Rust tests.
 2026-03-17 02:20:10 +01:00
Hibryda
a98d061b04 feat(pro): add commercial Svelte components 
AnalyticsDashboard (period selector, summary cards, SVG bar chart, model table),
SessionExporter (session/project report generation, clipboard copy),
AccountSwitcher (account list, active indicator, hot-switch).
All use Svelte 5 runes, --ctp-* theme vars, plugin:agor-pro IPC.
 2026-03-17 01:53:22 +01:00
Hibryda
fc6b306a5c docs: update CHANGELOG and TODO for commercial features 2026-03-17 01:52:46 +01:00
Hibryda
03fe2e2237 feat(pro): add analytics, export, and multi-account commercial features 
3 new agor-pro modules: analytics.rs (usage dashboard queries),
export.rs (session/project Markdown report generation),
profiles.rs (multi-account switching via accounts.json).
9 Tauri plugin commands. Frontend IPC bridge (pro-bridge.ts).
168 cargo tests, 14 commercial vitest tests.
 2026-03-17 01:52:46 +01:00
Hibryda
6973c70c5a fix(deps): resolve 15 Dependabot security vulnerabilities 
- undici: updated to fix WebSocket memory exhaustion, CRLF injection,
  HTTP smuggling, and 64-bit length overflow (10 alerts)
- devalue: updated to fix prototype pollution in parse/unflatten (2 alerts)
- serialize-javascript: override to >=7.0.3 fixes RCE via RegExp.flags (1 alert)
- glib 0.18.5: unsound Iterator impls — upstream tauri dependency,
  cannot update without tauri releasing gtk-rs 0.22 support (1 alert, low risk)

Resolves all npm vulnerabilities (0 remaining). 1 Rust advisory remains
(glib, pinned by tauri gtk-rs dependency chain).
 2026-03-17 01:33:32 +01:00
Hibryda
ec2fee256e chore: remove old bterminal-core and bterminal-relay directories 
These were renamed to agor-core and agor-relay in the rebrand commit.
Also removes the old bterminal.test.ts (renamed to agor.test.ts).
 2026-03-17 01:12:35 +01:00
Hibryda
421c38cd8c docs: update all documentation for agor rebrand and dual-repo structure 2026-03-17 01:12:25 +01:00
Hibryda
5fadd1c022 feat: add agor-pro commercial plugin crate and dual-repo infrastructure 
agor-pro Tauri 2.x plugin (feature-gated via --features pro),
commercial Tauri config overlay, asymmetric test setup,
CI workflows (leak-check, commercial-build, PAT health),
pre-push hook, Makefile, CONTRIBUTING/MAINTENANCE/LICENSE-COMMERCIAL.
 2026-03-17 01:12:25 +01:00
Hibryda
a63e6711ac refactor!: rebrand bterminal to agor (agents-orchestrator) 
Rename Cargo crates (bterminal-core→agor-core, bterminal-relay→agor-relay),
env vars (BTERMINAL_*→AGOR_*), config paths (~/.config/agor), CSS custom
properties, plugin API object, package names, and all documentation.

BREAKING CHANGE: config/data paths changed from bterminal to agor.
 2026-03-17 01:12:25 +01:00
Hibryda
ef3548a569 chore: gitignore tar.gz archives and update CHANGELOG for repo flattening 2026-03-16 05:23:53 +01:00
Hibryda
356660f17d docs: reconcile hib_changes onto flat structure 
Bring over comprehensive documentation, CLI tools, and project
scaffolding from the archived v2/ branch onto the rebuilt flat
main. All v2/ path references updated to match flat layout.

- docs/: architecture, decisions, phases, progress, findings, etc.
- docker/tempo: telemetry stack (Grafana + Tempo)
- CLAUDE.md, .claude/CLAUDE.md: comprehensive project guides
- CHANGELOG.md, TODO.md, README.md: project meta
- consult, ctx: CLI tools
- .gitignore: merged entries from both branches
 2026-03-16 03:34:04 +01:00
DexterFromLab
37b2b82ae5 feat: add Clear All button to CommsTab — purge all messages from DB 
Adds trash icon button in Messages header that clears all communications
for the active group: DMs, channel messages, activity feed, seen tracking,
and dead letters. Shows Tauri warning dialog with confirmation before delete.

- Rust: clear_all_communications() in btmsg.rs (4 DELETE queries)
- Tauri command: btmsg_clear_all_comms
- Bridge: clearAllComms(groupId)
- UI: trash button with hover-red styling, resets all local state after clear
 2026-03-15 17:24:40 +01:00
DexterFromLab
6504a79bfe chore: add launch.sh for .desktop entry 
Runs `tauri dev` so Vite dev server starts before the WebView binary.
Builds sidecar runners on first launch if missing.
 2026-03-15 17:13:22 +01:00
DexterFromLab
a3595f0277 fix: agent status indicators persist after stop — sync btmsg + optimistic UI 
Green borders in GroupAgentsPanel and health dots stayed active after
stopping agents because btmsg DB status was never set to 'stopped'.

- Add terminal state guard in agent store (done/error cannot revert to active)
- Optimistic updateAgentStatus('done') on all stop paths (AgentPane, StatusBar Stop All, AgentSession onAgentStop)
- Sync btmsg agent status to 'stopped' in agent-dispatcher on every terminal transition (agent_stopped, agent_error, cost done/error, sidecar crash)
- Sync btmsg optimistically in UI stop handlers for immediate card border update
- Add Stop All button to StatusBar with wake scheduler kill
 2026-03-15 16:59:20 +01:00
DexterFromLab
3672e92b7e feat: Agent Orchestrator — multi-project agent dashboard 
Tauri + Svelte 5 + Rust application for orchestrating multiple AI coding agents.
Includes Claude, Aider, Codex, and Ollama provider support, multi-agent
communication (btmsg/bttask), session anchors, plugin sandbox, FTS5 search,
Landlock sandboxing, and 507 vitest + 110 cargo tests.
 2026-03-15 15:45:27 +01:00