Skip to content

Commit a9e2494

Browse files
authored
Merge pull request #38 from AgentWorkforce/agent-relay/proactive-runtime-chain-1778505408
feat(proactive-runtime): M1-M2 agent tokens + rotation hardening
2 parents cc5d27c + c3f6d8c commit a9e2494

31 files changed

Lines changed: 2332 additions & 330 deletions

.trajectories/active/traj_1774612574920_f3fdc1c5.json

Lines changed: 75 additions & 39 deletions
Original file line numberDiff line numberDiff line change
@@ -58,6 +58,7 @@
5858
"title": "Planning",
5959
"agentName": "orchestrator",
6060
"startedAt": "2026-03-27T11:56:14.920Z",
61+
"endedAt": "2026-03-27T11:56:18.971Z",
6162
"events": [
6263
{
6364
"ts": 1774612574921,
@@ -69,22 +70,22 @@
6970
"type": "note",
7071
"content": "Approach: 7-step dag workflow — Parsed 7 steps, 3 parallel tracks, 4 dependent steps, DAG validated, no cycles"
7172
}
72-
],
73-
"endedAt": "2026-03-27T11:56:18.971Z"
73+
]
7474
},
7575
{
7676
"id": "ch_e1ab34b7",
7777
"title": "Execution: security-review, developer-review, historian-review",
7878
"agentName": "orchestrator",
7979
"startedAt": "2026-03-27T11:56:18.971Z",
80-
"events": [],
81-
"endedAt": "2026-03-27T11:56:18.975Z"
80+
"endedAt": "2026-03-27T11:56:18.975Z",
81+
"events": []
8282
},
8383
{
8484
"id": "ch_19e59662",
8585
"title": "Execution: developer-review",
8686
"agentName": "developer",
8787
"startedAt": "2026-03-27T11:56:18.975Z",
88+
"endedAt": "2026-03-27T11:56:18.975Z",
8889
"events": [
8990
{
9091
"ts": 1774612578975,
@@ -94,14 +95,14 @@
9495
"agent": "developer"
9596
}
9697
}
97-
],
98-
"endedAt": "2026-03-27T11:56:18.975Z"
98+
]
9999
},
100100
{
101101
"id": "ch_f857cd6f",
102102
"title": "Execution: historian-review",
103103
"agentName": "historian",
104104
"startedAt": "2026-03-27T11:56:18.975Z",
105+
"endedAt": "2026-03-27T11:56:18.975Z",
105106
"events": [
106107
{
107108
"ts": 1774612578975,
@@ -111,14 +112,14 @@
111112
"agent": "historian"
112113
}
113114
}
114-
],
115-
"endedAt": "2026-03-27T11:56:18.975Z"
115+
]
116116
},
117117
{
118118
"id": "ch_c812f4a3",
119119
"title": "Execution: security-review",
120120
"agentName": "security",
121121
"startedAt": "2026-03-27T11:56:18.975Z",
122+
"endedAt": "2026-03-27T12:00:55.962Z",
122123
"events": [
123124
{
124125
"ts": 1774612578975,
@@ -132,7 +133,6 @@
132133
"ts": 1774612816779,
133134
"type": "completion-marker",
134135
"content": "\"security-review\" marker-based completion — Legacy STEP_COMPLETE marker observed (2 signal(s), 6 file change(s); signals=security-review, >0q>4m<u▗ ▗ ▖ ▖ Claude Code v2.1.85; files=modified:.github/workflows/publish.yml, created:.turbo/cache/09b954894e65bada-manifest.json, created:.turbo/cache/09b954894e65bada-meta.json, created:.turbo/cache/09b954894e65bada.tar.zst, created:.turbo/cache/09c8d9a3c485952a-manifest.json, created:.turbo/cache/09c8d9a3c485952a-meta.json)",
135-
"significance": "medium",
136136
"raw": {
137137
"stepName": "security-review",
138138
"completionMode": "marker",
@@ -152,7 +152,8 @@
152152
"created:.turbo/cache/09c8d9a3c485952a-meta.json"
153153
]
154154
}
155-
}
155+
},
156+
"significance": "medium"
156157
},
157158
{
158159
"ts": 1774612816780,
@@ -164,7 +165,6 @@
164165
"ts": 1774612853461,
165166
"type": "completion-marker",
166167
"content": "\"developer-review\" marker-based completion — Legacy STEP_COMPLETE marker observed (4 signal(s), 1 relevant channel post(s), 6 file change(s); signals=developer-review, COMPLETE, >0q>4m<u╭─── Claude Code v2.1.85 ──────────────────────────────────────────────────────╮, COMPLETE; channel=**[developer-review] Output:**\n```\n smaller sub-checks for each claim group.\\n\\n👨‍💻\n DEV [LOW] [sc; files=modified:.github/workflows/publish.yml, created:.turbo/cache/09b954894e65bada-manifest.json, created:.turbo/cache/09b954894e65bada-meta.json, created:.turbo/cache/09b954894e65bada.tar.zst, created:.turbo/cache/09c8d9a3c485952a-manifest.json, created:.turbo/cache/09c8d9a3c485952a-meta.json)",
167-
"significance": "medium",
168168
"raw": {
169169
"stepName": "developer-review",
170170
"completionMode": "marker",
@@ -189,7 +189,8 @@
189189
"created:.turbo/cache/09c8d9a3c485952a-meta.json"
190190
]
191191
}
192-
}
192+
},
193+
"significance": "medium"
193194
},
194195
{
195196
"ts": 1774612853462,
@@ -201,7 +202,6 @@
201202
"ts": 1774612855956,
202203
"type": "completion-marker",
203204
"content": "\"historian-review\" marker-based completion — Legacy STEP_COMPLETE marker observed (3 signal(s), 6 file change(s); signals=historian-review, COMPLETE, >0q>4m<u▗ ▗ ▖ ▖ Claude Code v2.1.85; files=modified:.github/workflows/publish.yml, created:.turbo/cache/09b954894e65bada-manifest.json, created:.turbo/cache/09b954894e65bada-meta.json, created:.turbo/cache/09b954894e65bada.tar.zst, created:.turbo/cache/09c8d9a3c485952a-manifest.json, created:.turbo/cache/09c8d9a3c485952a-meta.json)",
204-
"significance": "medium",
205205
"raw": {
206206
"stepName": "historian-review",
207207
"completionMode": "marker",
@@ -222,53 +222,54 @@
222222
"created:.turbo/cache/09c8d9a3c485952a-meta.json"
223223
]
224224
}
225-
}
225+
},
226+
"significance": "medium"
226227
},
227228
{
228229
"ts": 1774612855957,
229230
"type": "finding",
230231
"content": "\"historian-review\" completed → ✽",
231232
"significance": "medium"
232233
}
233-
],
234-
"endedAt": "2026-03-27T12:00:55.962Z"
234+
]
235235
},
236236
{
237237
"id": "ch_ab406706",
238238
"title": "Convergence: security-review + developer-review + historian-review",
239239
"agentName": "orchestrator",
240240
"startedAt": "2026-03-27T12:00:55.962Z",
241+
"endedAt": "2026-03-27T12:00:55.962Z",
241242
"events": [
242243
{
243244
"ts": 1774612855962,
244245
"type": "reflection",
245246
"content": "security-review + developer-review + historian-review resolved. 3/3 steps completed. All steps completed on first attempt. Unblocking: security-cross-review, developer-cross-review, historian-cross-review.",
246-
"significance": "high",
247247
"raw": {
248248
"confidence": 0.75,
249249
"focalPoints": [
250250
"security-review: completed",
251251
"developer-review: completed",
252252
"historian-review: completed"
253253
]
254-
}
254+
},
255+
"significance": "high"
255256
}
256-
],
257-
"endedAt": "2026-03-27T12:00:55.962Z"
257+
]
258258
},
259259
{
260260
"id": "ch_7f3b4ccf",
261261
"title": "Execution: security-cross-review, developer-cross-review, historian-cross-review",
262262
"agentName": "orchestrator",
263263
"startedAt": "2026-03-27T12:00:55.962Z",
264-
"events": [],
265-
"endedAt": "2026-03-27T12:00:55.963Z"
264+
"endedAt": "2026-03-27T12:00:55.963Z",
265+
"events": []
266266
},
267267
{
268268
"id": "ch_22e5176f",
269269
"title": "Execution: security-cross-review",
270270
"agentName": "security-xr",
271271
"startedAt": "2026-03-27T12:00:55.963Z",
272+
"endedAt": "2026-03-27T12:00:55.963Z",
272273
"events": [
273274
{
274275
"ts": 1774612855963,
@@ -278,14 +279,14 @@
278279
"agent": "security-xr"
279280
}
280281
}
281-
],
282-
"endedAt": "2026-03-27T12:00:55.963Z"
282+
]
283283
},
284284
{
285285
"id": "ch_abb60298",
286286
"title": "Execution: developer-cross-review",
287287
"agentName": "developer-xr",
288288
"startedAt": "2026-03-27T12:00:55.963Z",
289+
"endedAt": "2026-03-27T12:00:55.963Z",
289290
"events": [
290291
{
291292
"ts": 1774612855963,
@@ -295,14 +296,14 @@
295296
"agent": "developer-xr"
296297
}
297298
}
298-
],
299-
"endedAt": "2026-03-27T12:00:55.963Z"
299+
]
300300
},
301301
{
302302
"id": "ch_dc4edad8",
303303
"title": "Execution: historian-cross-review",
304304
"agentName": "historian-xr",
305305
"startedAt": "2026-03-27T12:00:55.963Z",
306+
"endedAt": "2026-03-27T12:03:30.529Z",
306307
"events": [
307308
{
308309
"ts": 1774612855963,
@@ -316,7 +317,6 @@
316317
"ts": 1774612975429,
317318
"type": "completion-marker",
318319
"content": "\"historian-cross-review\" marker-based completion — Legacy STEP_COMPLETE marker observed (1 signal(s), 3 file change(s); signals=historian-cross-review; files=modified:.github/workflows/publish.yml, modified:.gitignore, deleted:packages/sdk/tsconfig.tsbuildinfo)",
319-
"significance": "medium",
320320
"raw": {
321321
"stepName": "historian-cross-review",
322322
"completionMode": "marker",
@@ -332,7 +332,8 @@
332332
"deleted:packages/sdk/tsconfig.tsbuildinfo"
333333
]
334334
}
335-
}
335+
},
336+
"significance": "medium"
336337
},
337338
{
338339
"ts": 1774612975430,
@@ -344,7 +345,6 @@
344345
"ts": 1774613003114,
345346
"type": "completion-marker",
346347
"content": "\"security-cross-review\" marker-based completion — Legacy STEP_COMPLETE marker observed (2 signal(s), 3 file change(s); signals=security-cross-review, COMPLETE; files=modified:.github/workflows/publish.yml, modified:.gitignore, deleted:packages/sdk/tsconfig.tsbuildinfo)",
347-
"significance": "medium",
348348
"raw": {
349349
"stepName": "security-cross-review",
350350
"completionMode": "marker",
@@ -361,7 +361,8 @@
361361
"deleted:packages/sdk/tsconfig.tsbuildinfo"
362362
]
363363
}
364-
}
364+
},
365+
"significance": "medium"
365366
},
366367
{
367368
"ts": 1774613003114,
@@ -373,7 +374,6 @@
373374
"ts": 1774613010526,
374375
"type": "completion-marker",
375376
"content": "\"developer-cross-review\" marker-based completion — Legacy STEP_COMPLETE marker observed (4 signal(s), 1 relevant channel post(s), 3 file change(s); signals=COMPLETE, ## Developer Cross-Review of Phase 1 Findings, developer-cross-review, >0q>4m<u▗ ▗ ▖ ▖ Claude Code v2.1.85; channel=## Developer Cross-Review of Phase 1 Findings\n\n### Confirmations\n\n✅ CONFIRM [scripts/relay/agentdeny-hook.sh:20] — Agree with all three reviewers. Security (HIG; files=modified:.github/workflows/publish.yml, modified:.gitignore, deleted:packages/sdk/tsconfig.tsbuildinfo)",
376-
"significance": "medium",
377377
"raw": {
378378
"stepName": "developer-cross-review",
379379
"completionMode": "marker",
@@ -395,39 +395,39 @@
395395
"deleted:packages/sdk/tsconfig.tsbuildinfo"
396396
]
397397
}
398-
}
398+
},
399+
"significance": "medium"
399400
},
400401
{
401402
"ts": 1774613010526,
402403
"type": "finding",
403404
"content": "\"developer-cross-review\" completed → 2",
404405
"significance": "medium"
405406
}
406-
],
407-
"endedAt": "2026-03-27T12:03:30.529Z"
407+
]
408408
},
409409
{
410410
"id": "ch_1a2cfb74",
411411
"title": "Convergence: security-cross-review + developer-cross-review + historian-cross-review",
412412
"agentName": "orchestrator",
413413
"startedAt": "2026-03-27T12:03:30.529Z",
414+
"endedAt": "2026-03-27T12:03:30.530Z",
414415
"events": [
415416
{
416417
"ts": 1774613010529,
417418
"type": "reflection",
418419
"content": "security-cross-review + developer-cross-review + historian-cross-review resolved. 3/3 steps completed. All steps completed on first attempt. Unblocking: merge-findings.",
419-
"significance": "high",
420420
"raw": {
421421
"confidence": 0.75,
422422
"focalPoints": [
423423
"security-cross-review: completed",
424424
"developer-cross-review: completed",
425425
"historian-cross-review: completed"
426426
]
427-
}
427+
},
428+
"significance": "high"
428429
}
429-
],
430-
"endedAt": "2026-03-27T12:03:30.530Z"
430+
]
431431
},
432432
{
433433
"id": "ch_8f8cc23a",
@@ -442,8 +442,44 @@
442442
"raw": {
443443
"agent": "synthesizer"
444444
}
445+
},
446+
{
447+
"ts": 1778524520195,
448+
"type": "decision",
449+
"content": "Use the existing workspace->agent->refresh server flow and add SDK-level rotating agent sessions instead of inventing a second agent-token endpoint: Use the existing workspace->agent->refresh server flow and add SDK-level rotating agent sessions instead of inventing a second agent-token endpoint",
450+
"raw": {
451+
"question": "Use the existing workspace->agent->refresh server flow and add SDK-level rotating agent sessions instead of inventing a second agent-token endpoint",
452+
"chosen": "Use the existing workspace->agent->refresh server flow and add SDK-level rotating agent sessions instead of inventing a second agent-token endpoint",
453+
"alternatives": [],
454+
"reasoning": "The relayauth server already enforces 1h agent access TTLs, refresh rotation, and workspace-token lineage revocation; M1 mainly needs a stable public contract and transparent client-side renewal for the gateway."
455+
},
456+
"significance": "high"
457+
},
458+
{
459+
"ts": 1778524787254,
460+
"type": "reflection",
461+
"content": "M1 agent-token server semantics were already present; this pass hardened the public contract with exported request types, a rotating SDK session helper, explicit path-token stub coverage, and synced package build artifacts.",
462+
"raw": {
463+
"focalPoints": [
464+
"agent-tokens",
465+
"sdk-contracts",
466+
"path-stub"
467+
],
468+
"adjustments": "Kept the existing /workspace -> /agent -> /refresh lineage instead of adding a second rotation protocol.",
469+
"confidence": 0.9
470+
},
471+
"significance": "high",
472+
"tags": [
473+
"focal:agent-tokens",
474+
"focal:sdk-contracts",
475+
"focal:path-stub",
476+
"confidence:0.9"
477+
]
445478
}
446479
]
447480
}
448-
]
481+
],
482+
"commits": [],
483+
"filesChanged": [],
484+
"tags": []
449485
}

0 commit comments

Comments
 (0)