refactor(security,concurrency): resolve structural issues, enforce Claude permission skip, update docs

.agents/skills/multi-agent-mux-delegate-job/multi-agent-mux-delegate-job

@@ -164,12 +164,10 @@ run_agent() {
   # The user attaches with `tmux attach -t <session>` and types follow-up
   # prompts themselves. We pre-load the first prompt via stdin and `read`
   # keeps the pane open after the agent exits so the user can review.
-  case "$AGENT" in
-    claude-code) bin="claude";;
-    codex)       bin="codex";;
-    human)       echo "[human agent] complete the task, then run publish_event.py --event completed"; return;;
-    *)           bin="$AGENT";;
-  esac
+  if [ "$AGENT" = "human" ]; then
+    echo "[human agent] complete the task, then run publish_event.py --event completed"
+    return
+  fi
 
   if [[ "$DRY_RUN" == "1" ]]; then
     echo "[dry-run] would launch agent '$AGENT' in a fresh tmux session with instructions:"
@@ -182,21 +180,17 @@ run_agent() {
     echo "       Install with: brew install tmux   (or your package manager)" >&2
     return 1
   fi
-  if ! command -v "$bin" >/dev/null 2>&1; then
-    echo "ERROR: agent binary '$bin' not found in PATH." >&2
-    return 1
+
+  local _tmux="tmux"
+  if [ -n "${TMUX_SERVER_NAME:-}" ]; then
+    _tmux="tmux -L $TMUX_SERVER_NAME"
   fi
 
   local sess="${AGENT_SESSION#tmux:}"
-  # Detect a stale session with the same name (e.g. the user is still attached
-  # from an earlier run, or a previous wrapper died without cleanup). tmux
-  # new-session on an existing name fails silently; check first and fail loud.
-  if tmux has-session -t "$sess" 2>/dev/null; then
-    local attached
-    attached=$(tmux list-clients -t "$sess" 2>/dev/null | wc -l | tr -d ' ')
-    echo "ERROR: tmux session '$sess' already exists (clients attached: $attached)." >&2
-    echo "       Pick a unique --agent-session (e.g. tmux:demo, tmux:claude-a) or" >&2
-    echo "       kill the stale one first:  tmux kill-session -t $sess" >&2
+  
+  if ! $_tmux has-session -t "$sess" 2>/dev/null; then
+    echo "ERROR: 에이전트 세션 '$sess'이 존재하지 않습니다. 작업을 위임하기 전에 먼저 에이전트 세션을 기동해 주세요." >&2
+    echo "       팁: 'multi-agent-mux-resume' 또는 'multi-agent-mux-create'를 통해 에이전트를 먼저 생성할 수 있습니다." >&2
     return 1
   fi
 
@@ -206,9 +200,13 @@ run_agent() {
     trap 'rc=$?; if [ $rc -ne 0 ]; then "$PY" "$pub_script" --job "$job_id" --event error --detail "agent bootstrap failed (exit $rc)"; fi' EXIT
   fi
 
-  tmux new-session -d -s "$sess" -c "$WORKDIR" \
-    "printf '%s' \"$instructions\" | $bin --dangerously-skip-permissions; echo; echo '--- agent exited (job $job_id); press enter to close ---'; read"
-  echo "agent launched in tmux session: $sess (attach with: tmux attach -t $sess)"
+  echo "살아있는 에이전트 세션 '$sess'에 작업을 위임합니다..."
+  $_tmux set-buffer -b "job_buf_$job_id" "$instructions"
+  $_tmux paste-buffer -b "job_buf_$job_id" -t "$sess"
+  $_tmux send-keys -t "$sess" C-m
+  $_tmux delete-buffer -b "job_buf_$job_id"
+  
+  echo "작업이 세션 '$sess'에 전송되었습니다. (연결하려면: $_tmux attach -t $sess)"
   trap - EXIT
 }
 

.agents/skills/multi-agent-mux-delegate-job/scripts/mqtt_common.py

@@ -328,24 +328,24 @@ def update_job_status(job_id: str, registry_dir: str = DEFAULT_REGISTRY_DIR, **f
 
     This is the single chokepoint for status writes (both ``registry.update_status``
     and ``publish_event.py``'s status sync route through here), so it also mirrors
-    any ``status`` change into the persistent audit log — best-effort, after the
-    registry lock is released so a slow/failed log write never blocks the record."""
+    any ``status`` change into the persistent audit log. We perform the log mirror
+    under the lock to guarantee sequential consistency in audit history."""
     with registry_lock(registry_dir):
         record = load_job(job_id, registry_dir)
         old_status = record.get("status")
         record.update(fields)
         record["updated_at"] = _utcnow()
         _atomic_write_record(job_id, registry_dir, record)
-    if "status" in fields:
-        new_status = record.get("status")
-        update_logged_status(job_id, new_status, updated_at=record["updated_at"])
-        if old_status != new_status:
-            append_event(job_id, {
-                "event": "status_changed",
-                "from": old_status,
-                "to": new_status,
-                "timestamp": record["updated_at"],
-            })
+        if "status" in fields:
+            new_status = record.get("status")
+            update_logged_status(job_id, new_status, updated_at=record["updated_at"])
+            if old_status != new_status:
+                append_event(job_id, {
+                    "event": "status_changed",
+                    "from": old_status,
+                    "to": new_status,
+                    "timestamp": record["updated_at"],
+                })
     return record
 
 
@@ -410,6 +410,21 @@ def _file_lock(fh):
         fcntl.flock(fh.fileno(), fcntl.LOCK_UN)
 
 
+def _redact_dict(d: Any) -> Any:
+    """Recursively mask sensitive values (passwords, secrets, tokens) inside logs."""
+    if isinstance(d, dict):
+        redacted = {}
+        for k, v in d.items():
+            if any(s in k.lower() for s in ("password", "token", "secret", "auth_token", "key")):
+                redacted[k] = "[REDACTED]"
+            else:
+                redacted[k] = _redact_dict(v)
+        return redacted
+    elif isinstance(d, list):
+        return [_redact_dict(item) for item in d]
+    return d
+
+
 def append_event(job_id: str, event_dict: Dict[str, Any], logs_dir: Optional[str] = None) -> None:
     """Append one event as a JSON line to ``<logs>/<job_id>/events.ndjson``.
 
@@ -418,7 +433,7 @@ def append_event(job_id: str, event_dict: Dict[str, Any], logs_dir: Optional[str
     try:
         path = job_log_path(job_id, EVENTS_FILENAME, logs_dir)
         path.parent.mkdir(parents=True, exist_ok=True)
-        record = dict(event_dict)
+        record = _redact_dict(dict(event_dict))
         record.setdefault("logged_at", _utcnow_precise())
         line = json.dumps(record, ensure_ascii=False) + "\n"
         with open(path, "a", encoding="utf-8") as fh:
@@ -453,8 +468,9 @@ def init_job_log(job_id: str, meta: Dict[str, Any], logs_dir: Optional[str] = No
     try:
         d = job_log_dir(job_id, logs_dir)
         d.mkdir(parents=True, exist_ok=True)
+        meta_redacted = _redact_dict(meta)
         with open(d / META_FILENAME, "w", encoding="utf-8") as fh:
-            json.dump(meta, fh, ensure_ascii=False, indent=2)
+            json.dump(meta_redacted, fh, ensure_ascii=False, indent=2)
             fh.write("\n")
         status = meta.get("status", "pending")
         update_logged_status(