tmpl/multi-agent-mux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(lib): implement FW-N1~FW-N4 items and pane snapshot guidelines

Browse Source
This commit is contained in:
Godopu
2026-06-21 09:19:46 +00:00
parent 8097df0cbe
commit 5258b5013c
6 changed files with 18 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files
skills/tmux-agent-orchestrate-delegate-job/SKILL.md
+4
View File
@@ -349,6 +349,10 @@ has been verified (2026-06-21, 6-batch refactoring sprint):
5. **Batch grouping** — group 2-3 FW items per batch when they touch different
files (no file overlap). This amortises the dispatch overhead. Items touching
the same file must be in separate batches to avoid conflicts.
6. **Pane Snapshots & Truncation Prevention** — to prevent long agent responses from being scrolled out and truncated due to TUI viewport limitations, enforce the following snapshotting pattern:
- Immediately after dispatching a brief, capture the pre-brief pane buffer via `capture-pane -S -200`.
- During long execution, run a background loop taking incremental snapshots (e.g. every 30 seconds `>> /tmp/pane-snap.txt`).
- Immediately after job termination, capture the entire final pane state to ensure no terminal logs are lost.
## Verification Checklist
skills/tmux-agent-orchestrate-delegate-job/scripts/job_subscriber.py
+1 -1
View File
@@ -85,7 +85,7 @@ class _Watcher:
# --- production auth check: data.auth_token must match if expected ---
expected_token = self.tokens.get(jid)
if not mqtt_common.verify_hmac(payload, expected_token):
logger.warning("drop event for job %s: auth_token mismatch", jid)
logger.warning("drop event for job %s: HMAC verify failed", jid)
return
# Persistent audit log from the *subscriber's* vantage point: every event
# that survives defensive parsing is recorded here, including ones a
skills/tmux-agent-orchestrate-delegate-job/scripts/publish_event.py
+3 -5
View File
@@ -75,11 +75,9 @@ def build_payload(
"detail": detail,
"data": dict(data) if data else {},
}
# Production: carry the per-job auth token so the subscriber can verify the
# publisher. The token is compared in plain text (bearer-token style) by the
# subscriber — NOT an HMAC. See SKILL.md "Auth token" and PLAN 8.2. The
# registry stores the per-job token in `auth_token`; only include it on the
# wire when set so the public broker (no auth) doesn't leak anything.
# Production: carry the per-job HMAC-SHA256 signature in `data.hmac_sig` so
# the subscriber can verify the publisher without exposing the secret token.
# The signature is calculated over the entire payload (with `data.hmac_sig` excluded).
if auth_token:
sign_payload = {k: v for k, v in payload.items() if k != "data"}
sign_payload["data"] = {k: v for k, v in payload.get("data", {}).items() if k != "hmac_sig"}