feat: implement 80+ features from 10 OSS repos + research papers

Sources compared:
- lacymorrow/lacy (shell UX, terminal context, NL detection)
- EleutherAI/lm-evaluation-harness (eval framework, caching, YAML tasks)
- higgsfield-ai/skills (skill ecosystem, multi-agent manifests, validation CI)
- aaif-goose/goose (recipes, malware check, adversary inspector, OAuth, Telegram)
- bmad-code-org/BMAD-METHOD (scale-adaptive, adversarial review, project context)
- aaronjmars/aeon (self-improve, reflect, coding soul)
- SylphAI-Inc/AdalFlow (prompt optimizer, few-shot selector, textual gradients)
- karpathy/autoresearch (autonomous experiment loop)
- Aider-AI/aider (auto-commit, directive scanner, edit strategies)
- opencode-ai/opencode (event bus, diff sandbox patterns)

Key features added:
- Terminal context capture (delta-based)
- Background preheating + connection warmup
- Real-time input classification indicator
- Smart NL rerouting on shell command failure
- Braille spinner animations with shimmer
- Ghost text suggestions (project-aware)
- Mode toggling (shell/agent/auto) with persistence
- Eval CLI (hawk eval run/list/results/cache-clear)
- YAML task definitions + result caching + reproducibility hashes
- Recipe system (YAML-based guided workflows)
- Extension malware check + adversarial/egress inspector
- Langfuse tracing + OAuth device flow + Telegram gateway
- Tool monitor + custom distributions support
- Scale-adaptive intelligence (patch/minor/major/epic)
- Adversarial review + project context + quick-dev workflow
- Checkpoint preview + course correction + investigation workflow
- Party mode (multi-persona) + brainstorming facilitation
- Self-improvement (cross-session learning) + coding soul
- Prompt auto-optimizer (textual gradients, few-shot selection)
- Autonomous experiment loop (modify/validate/keep/discard)
- Agent intelligence (auto-decomposition, pipeline detection, synthesis)
- Auto-commit + directive scanner + edit strategy selector
- Event bus (pub/sub) + clipboard bridge
- Spec-driven development (/spec command)
- Assumption tracker + quality gates + degradation detector
- Multi-repo context loading
- .hawkhints loader + source roots tracking
- Tool inspector (confidence-based) + tool confirmation router
- Large response handler (pagination)
- Background runner (async subagent delegation)
- Compaction trigger (proactive context management)
- LLMClient interface + Reflector (fixed missing types)

All 56 packages pass, 0 failures.

Author: Patel230

alerts/cooldown.go

@@ -0,0 +1,115 @@
+package alerts
+
+import (
+	"sync"
+	"time"
+)
+
+type Alert struct {
+	ID        string    `json:"id"`
+	Type      string    `json:"type"`
+	Entity    string    `json:"entity"`
+	Message   string    `json:"message"`
+	CreatedAt time.Time `json:"created_at"`
+	Delivered bool      `json:"delivered"`
+}
+
+type CooldownConfig struct {
+	Period        time.Duration `json:"period"`
+	MaxPending    int           `json:"max_pending"`
+	DrainInterval time.Duration `json:"drain_interval"`
+	SendDelay     time.Duration `json:"send_delay"`
+}
+
+func DefaultCooldownConfig() CooldownConfig {
+	return CooldownConfig{
+		Period:        24 * time.Hour,
+		MaxPending:    100,
+		DrainInterval: 5 * time.Minute,
+		SendDelay:     time.Second,
+	}
+}
+
+type AlertQueue struct {
+	mu        sync.Mutex
+	pending   []*Alert
+	cooldowns map[string]time.Time // entity+type -> last sent
+	config    CooldownConfig
+	handler   func(*Alert) error
+	stopCh    chan struct{}
+}
+
+func NewAlertQueue(config CooldownConfig, handler func(*Alert) error) *AlertQueue {
+	return &AlertQueue{
+		pending:   make([]*Alert, 0),
+		cooldowns: make(map[string]time.Time),
+		config:    config,
+		handler:   handler,
+		stopCh:    make(chan struct{}),
+	}
+}
+
+func (q *AlertQueue) Enqueue(alert *Alert) bool {
+	q.mu.Lock()
+	defer q.mu.Unlock()
+
+	key := alert.Entity + ":" + alert.Type
+	if last, ok := q.cooldowns[key]; ok && time.Since(last) < q.config.Period {
+		return false
+	}
+
+	if len(q.pending) >= q.config.MaxPending {
+		return false
+	}
+
+	alert.CreatedAt = time.Now()
+	q.pending = append(q.pending, alert)
+	return true
+}
+
+func (q *AlertQueue) Start() {
+	go q.drainLoop()
+}
+
+func (q *AlertQueue) Stop() {
+	close(q.stopCh)
+}
+
+func (q *AlertQueue) drainLoop() {
+	ticker := time.NewTicker(q.config.DrainInterval)
+	defer ticker.Stop()
+
+	for {
+		select {
+		case <-q.stopCh:
+			return
+		case <-ticker.C:
+			q.drain()
+		}
+	}
+}
+
+func (q *AlertQueue) drain() {
+	q.mu.Lock()
+	batch := q.pending
+	q.pending = make([]*Alert, 0)
+	q.mu.Unlock()
+
+	for _, alert := range batch {
+		if q.handler != nil {
+			if err := q.handler(alert); err == nil {
+				alert.Delivered = true
+				q.mu.Lock()
+				q.cooldowns[alert.Entity+":"+alert.Type] = time.Now()
+				q.mu.Unlock()
+			}
+		}
+		time.Sleep(q.config.SendDelay)
+	}
+}
+
+func (q *AlertQueue) PendingCount() int {
+	q.mu.Lock()
+	defer q.mu.Unlock()
+	return len(q.pending)
+}

auth/device_flow.go

@@ -0,0 +1,150 @@
+package auth
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"net/http"
+	"net/url"
+	"strings"
+	"time"
+)
+
+// DeviceFlowConfig holds OAuth device flow configuration.
+type DeviceFlowConfig struct {
+	ClientID        string
+	DeviceAuthURL   string // e.g. "https://github.com/login/device/code"
+	TokenURL        string // e.g. "https://github.com/login/oauth/access_token"
+	Scopes          []string
+	PollInterval    time.Duration
+	ExpiresIn       time.Duration
+}
+
+// DeviceCodeResponse is the initial response from the device auth endpoint.
+type DeviceCodeResponse struct {
+	DeviceCode      string `json:"device_code"`
+	UserCode        string `json:"user_code"`
+	VerificationURI string `json:"verification_uri"`
+	ExpiresIn       int    `json:"expires_in"`
+	Interval        int    `json:"interval"`
+}
+
+// TokenResponse is the final token from the OAuth flow.
+type TokenResponse struct {
+	AccessToken  string `json:"access_token"`
+	TokenType    string `json:"token_type"`
+	Scope        string `json:"scope"`
+	RefreshToken string `json:"refresh_token,omitempty"`
+	ExpiresIn    int    `json:"expires_in,omitempty"`
+}
+
+// DeviceFlow implements the OAuth 2.0 Device Authorization Grant (RFC 8628).
+type DeviceFlow struct {
+	Config     DeviceFlowConfig
+	HTTPClient *http.Client
+}
+
+// NewDeviceFlow creates a device flow handler.
+func NewDeviceFlow(cfg DeviceFlowConfig) *DeviceFlow {
+	if cfg.PollInterval == 0 {
+		cfg.PollInterval = 5 * time.Second
+	}
+	return &DeviceFlow{
+		Config:     cfg,
+		HTTPClient: &http.Client{Timeout: 10 * time.Second},
+	}
+}
+
+// RequestCode initiates the device flow and returns the user code + verification URL.
+func (df *DeviceFlow) RequestCode(ctx context.Context) (*DeviceCodeResponse, error) {
+	data := url.Values{
+		"client_id": {df.Config.ClientID},
+		"scope":     {strings.Join(df.Config.Scopes, " ")},
+	}
+	req, err := http.NewRequestWithContext(ctx, http.MethodPost, df.Config.DeviceAuthURL, strings.NewReader(data.Encode()))
+	if err != nil {
+		return nil, err
+	}
+	req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
+	req.Header.Set("Accept", "application/json")
+
+	resp, err := df.HTTPClient.Do(req)
+	if err != nil {
+		return nil, err
+	}
+	defer resp.Body.Close()
+
+	if resp.StatusCode != http.StatusOK {
+		return nil, fmt.Errorf("device auth request failed: HTTP %d", resp.StatusCode)
+	}
+
+	var dcr DeviceCodeResponse
+	if err := json.NewDecoder(resp.Body).Decode(&dcr); err != nil {
+		return nil, err
+	}
+	return &dcr, nil
+}
+
+// PollForToken polls the token endpoint until the user authorizes or timeout.
+func (df *DeviceFlow) PollForToken(ctx context.Context, deviceCode string) (*TokenResponse, error) {
+	interval := df.Config.PollInterval
+	deadline := time.Now().Add(df.Config.ExpiresIn)
+	if df.Config.ExpiresIn == 0 {
+		deadline = time.Now().Add(5 * time.Minute)
+	}
+
+	for time.Now().Before(deadline) {
+		select {
+		case <-ctx.Done():
+			return nil, ctx.Err()
+		case <-time.After(interval):
+		}
+
+		token, err := df.exchangeCode(ctx, deviceCode)
+		if err != nil {
+			if strings.Contains(err.Error(), "authorization_pending") || strings.Contains(err.Error(), "slow_down") {
+				if strings.Contains(err.Error(), "slow_down") {
+					interval += 5 * time.Second
+				}
+				continue
+			}
+			return nil, err
+		}
+		return token, nil
+	}
+	return nil, fmt.Errorf("device flow timed out waiting for authorization")
+}
+
+func (df *DeviceFlow) exchangeCode(ctx context.Context, deviceCode string) (*TokenResponse, error) {
+	data := url.Values{
+		"client_id":   {df.Config.ClientID},
+		"device_code": {deviceCode},
+		"grant_type":  {"urn:ietf:params:oauth:grant-type:device_code"},
+	}
+	req, err := http.NewRequestWithContext(ctx, http.MethodPost, df.Config.TokenURL, strings.NewReader(data.Encode()))
+	if err != nil {
+		return nil, err
+	}
+	req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
+	req.Header.Set("Accept", "application/json")
+
+	resp, err := df.HTTPClient.Do(req)
+	if err != nil {
+		return nil, err
+	}
+	defer resp.Body.Close()
+
+	var raw map[string]interface{}
+	if err := json.NewDecoder(resp.Body).Decode(&raw); err != nil {
+		return nil, err
+	}
+
+	if errStr, ok := raw["error"].(string); ok {
+		return nil, fmt.Errorf("%s", errStr)
+	}
+
+	jsonData, _ := json.Marshal(raw)
+	var token TokenResponse
+	json.Unmarshal(jsonData, &token)
+	return &token, nil
+}

bus/bus.go

@@ -0,0 +1,65 @@
+package bus
+
+import "context"
+
+// Producer publishes messages to a topic/stream.
+type Producer interface {
+	Publish(ctx context.Context, data []byte) error
+	Close() error
+}
+
+// Consumer receives messages from a topic/stream.
+type Consumer interface {
+	Listen(ctx context.Context, handler func(ctx context.Context, data []byte) error) error
+	Close() error
+}
+
+// ChannelProducer is an in-process Producer backed by a Go channel.
+type ChannelProducer struct {
+	ch chan<- []byte
+}
+
+func NewChannelBus(bufSize int) (*ChannelProducer, *ChannelConsumer) {
+	if bufSize <= 0 {
+		bufSize = 256
+	}
+	ch := make(chan []byte, bufSize)
+	return &ChannelProducer{ch: ch}, &ChannelConsumer{ch: ch}
+}
+
+func (p *ChannelProducer) Publish(_ context.Context, data []byte) error {
+	cp := make([]byte, len(data))
+	copy(cp, data)
+	p.ch <- cp
+	return nil
+}
+
+func (p *ChannelProducer) Close() error {
+	close(p.ch)
+	return nil
+}
+
+// ChannelConsumer is an in-process Consumer backed by a Go channel.
+type ChannelConsumer struct {
+	ch <-chan []byte
+}
+
+func (c *ChannelConsumer) Listen(ctx context.Context, handler func(ctx context.Context, data []byte) error) error {
+	for {
+		select {
+		case <-ctx.Done():
+			return ctx.Err()
+		case msg, ok := <-c.ch:
+			if !ok {
+				return nil
+			}
+			if err := handler(ctx, msg); err != nil {
+				continue
+			}
+		}
+	}
+}
+
+func (c *ChannelConsumer) Close() error {
+	return nil
+}