e2e fixes

.beads/issues.jsonl

@@ -55,6 +55,7 @@
 {"id":"agent-relay-328","title":"Document cross-project messaging syntax for agents","description":"The parser supports cross-project messaging but agents don't know about it.\n\n## Current Syntax (supported but undocumented)\n\n```\n-\u003erelay:project-id:AgentName \u003c\u003c\u003c\nMessage to agent in another project\u003e\u003e\u003e\n\n-\u003erelay:project-id:* \u003c\u003c\u003c\nBroadcast to all agents in that project\u003e\u003e\u003e\n\n-\u003erelay:project-id:lead \u003c\u003c\u003c\nMessage to lead agent of that project\u003e\u003e\u003e\n```\n\n## Files to Update\n\n1. **docs/agent-relay-snippet.md** - Add cross-project section\n2. **CLAUDE.md** - Update the snippet (or it auto-updates)\n3. **.claude/skills/using-agent-relay/SKILL.md** - If exists\n\n## Content to Add\n\n```markdown\n## Cross-Project Messaging (Bridge Mode)\n\nWhen running with `agent-relay bridge`, you can message agents in other projects:\n\n```\n-\u003erelay:frontend:Designer \u003c\u003c\u003c\nPlease update the UI for the new auth flow\u003e\u003e\u003e\n\n-\u003erelay:backend:* \u003c\u003c\u003c\nAPI changes deployed, please pull latest\u003e\u003e\u003e\n\n-\u003erelay:shared-lib:lead \u003c\u003c\u003c\nNeed a new utility function for date formatting\u003e\u003e\u003e\n```\n\nFormat: `-\u003erelay:project-id:agent-name`\n```\n\n## Also Consider\n- How agents discover available projects\n- How to query which agents are in which project\n- Cross-project thread syntax: `[thread:project:topic]`","status":"closed","priority":2,"issue_type":"task","created_at":"2026-01-01T23:17:09.740345+01:00","updated_at":"2026-01-01T23:19:22.409354+01:00","closed_at":"2026-01-01T23:19:22.409354+01:00"}
 {"id":"agent-relay-329","title":"Dashboard: Show connected repos/projects indicator","description":"When multiple repos are connected (bridge mode or multi-repo workspace), the dashboard should visually indicate this.\n\n## Current State\n- Dashboard shows agents but no clear indication of which project/repo they belong to\n- No visual cue that multiple projects are bridged\n\n## Desired UX\n\n### Option A: Project badges on agents\nEach agent shows a small badge/tag with their project:\n```\n[frontend] Designer - active\n[backend] API-Dev - idle  \n[shared] Utils - active\n```\n\n### Option B: Grouped sidebar\nProjects as collapsible sections (already partially exists in ProjectList):\n```\n▼ frontend (3 agents)\n  - Designer\n  - Implementer\n  - Reviewer\n▼ backend (2 agents)\n  - API-Dev\n  - DBAdmin\n```\n\n### Option C: Header indicator\nShow connected projects count in header:\n```\n🔗 3 projects connected | Current: frontend\n```\n\n## Implementation Notes\n- Check ProjectList.tsx - already has project grouping logic\n- May need to enhance Header.tsx for connection indicator\n- Consider color-coding projects for quick identification\n\n## Files\n- src/dashboard/react-components/ProjectList.tsx\n- src/dashboard/react-components/layout/Header.tsx\n- src/dashboard/react-components/AgentList.tsx (for badges)","status":"closed","priority":2,"issue_type":"feature","created_at":"2026-01-01T23:19:14.394353+01:00","updated_at":"2026-01-01T23:22:31.628165+01:00","closed_at":"2026-01-01T23:22:31.628165+01:00"}
 {"id":"agent-relay-330","title":"Add --architect flag to bridge command for cross-project coordinator","description":"When running bridge mode, optionally spawn an architect agent that coordinates across all projects.\n\n## Usage\n```bash\nagent-relay bridge --architect ~/frontend ~/backend\n# or\nagent-relay bridge --architect claude ~/frontend ~/backend\n```\n\n## Behavior\n1. Bridge connects to all project daemons (existing behavior)\n2. Spawns an Architect agent in a tmux session\n3. Architect agent has access to cross-project messaging:\n   - -\u003erelay:project:agent for direct messages\n   - -\u003erelay:*:* for broadcast to all\n   - -\u003erelay:project:lead for project leads\n4. Architect gets injected with context about connected projects\n\n## Implementation\n- Add --architect flag to bridge command\n- Create temp workspace or use first project as base\n- Spawn tmux wrapper with Architect agent\n- Inject system prompt with project list and cross-project syntax\n\n## Agent Definition\nCould use .claude/agents/architect.md if exists, otherwise default prompt:\n- You are the Architect coordinating: [project list]\n- Use cross-project messaging syntax\n- Assign tasks to project leads\n- Resolve dependencies","status":"closed","priority":2,"issue_type":"feature","created_at":"2026-01-01T23:29:07.473839+01:00","updated_at":"2026-01-01T23:35:27.952802+01:00","closed_at":"2026-01-01T23:35:27.952802+01:00"}
+{"id":"agent-relay-350","title":"Global skills via PRPM","description":"Distribute @agent-relay/* skills via PRPM registry for opt-in workspace capabilities.\n\n## Goals\n- Publish skills to registry.prpm.dev\n- Users install globally (not per-project)\n- Zero context bloat until loaded\n\n## Key Tasks\n1. Research prpm --global support\n2. Define ~/.agent-relay/ user skills directory\n3. Publish @agent-relay/workspace-capabilities\n4. Publish @agent-relay/browser-testing\n5. Publish @agent-relay/container-spawning\n6. Create @agent-relay/workspace-pack collection\n7. Cloud workspace pre-installation\n\n## Skills to Publish\n- workspace-capabilities: Browser + container docs\n- browser-testing: Playwright, screenshots, VNC\n- container-spawning: Docker, presets, resource limits\n- linear-integration: Webhooks, API patterns\n- slack-integration: Bot patterns\n\n## Open Questions\n- Does prpm support --global flag?\n- Can daemon read user + project skills?\n- Conditional activation based on capabilities?\n\nSee: docs/tasks/global-skills-system.tasks.md","status":"open","priority":2,"issue_type":"epic","created_at":"2026-01-04T13:30:00Z","updated_at":"2026-01-04T13:30:00Z"}
 {"id":"agent-relay-37i","title":"Message deduplication uses in-memory Set without limits","description":"In tmux-wrapper.ts:65, sentMessageHashes is a Set that grows unbounded. For long-running sessions, this could cause memory issues. Add: (1) Max size with LRU eviction, (2) Time-based expiration, (3) Bloom filter alternative for memory efficiency.","status":"open","priority":2,"issue_type":"task","created_at":"2025-12-20T00:18:47.229988+01:00","updated_at":"2025-12-20T00:18:47.229988+01:00"}
 {"id":"agent-relay-3px","title":"Add playbook system for batch automation","description":"Implement playbook system (like Maestro's Auto Run) for batch-processing task lists through agents. Define workflows in YAML/markdown, execute automatically with context isolation. Enables reproducible multi-step automation.","status":"open","priority":3,"issue_type":"feature","created_at":"2025-12-23T17:04:54.464749+01:00","updated_at":"2025-12-23T17:04:54.464749+01:00"}
 {"id":"agent-relay-3tx","title":"PR-9 Review: Document configurable timeouts","status":"open","priority":3,"issue_type":"task","created_at":"2025-12-22T21:54:15.789418+01:00","updated_at":"2025-12-22T21:54:15.789418+01:00"}
@@ -115,6 +116,8 @@
 {"id":"agent-relay-451","title":"Fix empty continuity handoff files - parse SESSION_END content","status":"closed","priority":2,"issue_type":"bug","created_at":"2026-01-03T14:27:49.747598+01:00","updated_at":"2026-01-03T14:33:27.122823+01:00","closed_at":"2026-01-03T14:33:21.048043+01:00"}
 {"id":"agent-relay-452","title":"Trajectories should populate agents array with agent who started it","description":"When trail start is called, the trajectory's agents array is empty. It should automatically associate the agent who started the trajectory.","status":"completed","priority":2,"issue_type":"bug","created_at":"2026-01-03T14:28:39.57+01:00","updated_at":"2026-01-03T15:56:25.663159+01:00"}
 {"id":"agent-relay-453","title":"BUG: Spawn command fails silently when CLI not specified","description":"Users can send `-\u003erelay:spawn WorkerName` without a CLI type, but the parser silently ignores it because it requires both name AND cli. \n\nParse code at pty-wrapper.ts:931 checks `parts.length \u003e= 2` which fails for commands like:\n- `-\u003erelay:spawn Investigator`\n\nShould either:\n1. Make CLI optional with sensible default (claude)\n2. Provide error feedback when CLI is missing\n\nThis blocks relay spawn/release functionality entirely.","status":"closed","priority":0,"issue_type":"bug","assignee":"Backend","created_at":"2026-01-03T16:43:37.927258+01:00","updated_at":"2026-01-03T16:50:11.02666+01:00","closed_at":"2026-01-03T16:50:11.02666+01:00"}
+{"id":"agent-relay-454","title":"OpenCode headless mode integration","description":"Integrate OpenCode's headless mode (opencode run) with Agent Relay. Options: 1) Create MCP server adapter for agent-relay that OpenCode can use, 2) Document OpenCode config to work with relay. See: https://github.com/anomalyco/opencode/issues/953","status":"open","priority":3,"issue_type":"feature","created_at":"2026-01-04T01:01:55.715466+01:00","updated_at":"2026-01-04T01:01:55.715466+01:00"}
+{"id":"agent-relay-455","title":"Create shared types package between backend and frontend","status":"open","priority":2,"issue_type":"task","created_at":"2026-01-04T21:03:08.485997+01:00","updated_at":"2026-01-04T21:03:08.485997+01:00"}
 {"id":"agent-relay-47z","title":"Express 5 may have breaking changes from Express 4 patterns","description":"package.json uses [email protected] which is a major version with breaking changes from Express 4. Verify: (1) Error handling middleware patterns, (2) Router behavior, (3) Body parsing (express.json vs body-parser).","status":"open","priority":2,"issue_type":"task","created_at":"2025-12-20T00:18:49.269841+01:00","updated_at":"2025-12-20T00:18:49.269841+01:00"}
 {"id":"agent-relay-4e0","title":"Fix message truncation - messages cut off at source","description":"Root cause found: parser.ts:40 inline regex only captures single line. Multi-line messages are split by parsePassThrough() at line 206. Fix options: (1) Allow continuation lines in inline format, (2) Use block format for multi-line, (3) Add heuristic to join lines until next @relay pattern.","status":"closed","priority":2,"issue_type":"bug","assignee":"MistyShelter","created_at":"2025-12-19T23:40:35.082717+01:00","updated_at":"2025-12-20T00:03:54.806087+01:00","closed_at":"2025-12-20T00:03:54.806087+01:00"}
 {"id":"agent-relay-4ft","title":"Merge project info into status command","status":"closed","priority":2,"issue_type":"task","assignee":"Pruner","created_at":"2025-12-19T21:59:52.685495+01:00","updated_at":"2025-12-19T22:06:44.276187+01:00","closed_at":"2025-12-19T22:06:44.276187+01:00"}

.claude/rules/migrations.md

@@ -0,0 +1,74 @@
+---
+paths:
+  - "src/cloud/db/**/*.ts"
+  - "src/cloud/db/migrations/**/*.sql"
+  - "drizzle.config.ts"
+---
+
+# Database Migration Conventions
+
+## Drizzle ORM Migration Workflow
+
+This project uses Drizzle ORM with PostgreSQL. Migrations run automatically on server startup via `runMigrations()`.
+
+## When Schema Changes
+
+After modifying `src/cloud/db/schema.ts`:
+
+1. **Generate migration**: `npm run db:generate`
+2. **Review the generated SQL** in `src/cloud/db/migrations/`
+3. **Verify it's incremental** - should only contain ALTER/CREATE statements for changes, NOT recreate entire schema
+4. **Test locally**: Restart server or run `npm run db:migrate`
+
+## Common Issues
+
+### Full Schema Recreation Instead of Incremental
+
+If `db:generate` creates a migration that recreates all tables:
+
+1. **Delete the bad migration file** from `migrations/`
+2. **Remove its entry** from `migrations/meta/_journal.json`
+3. **Delete any corrupt snapshot** in `migrations/meta/`
+4. **Create incremental migration manually** using `ALTER TABLE ... ADD COLUMN IF NOT EXISTS`
+
+### Migration Not Applied
+
+If schema has columns that aren't in the database:
+
+1. Check if migration file exists in `migrations/`
+2. Check if entry exists in `migrations/meta/_journal.json`
+3. Verify migration ran: check `__drizzle_migrations` table in database
+
+## Writing Safe Migrations
+
+```sql
+-- Use IF NOT EXISTS for idempotent migrations
+ALTER TABLE users ADD COLUMN IF NOT EXISTS new_column VARCHAR(255);
+--> statement-breakpoint
+CREATE INDEX IF NOT EXISTS idx_users_new_column ON users(new_column);
+```
+
+## Commands Reference
+
+```bash
+npm run db:generate   # Generate migration from schema diff
+npm run db:migrate    # Run pending migrations
+npm run db:push       # Push schema directly (dev only, can lose data)
+npm run db:studio     # Open Drizzle Studio GUI
+```
+
+## Production Safety
+
+- Always use `IF NOT EXISTS` / `IF EXISTS` for idempotent migrations
+- Never use `db:push` in production - it can drop columns
+- Test migrations on a copy of production data before deploying
+- Migrations run on server startup - ensure they're fast and safe
+
+## Migration File Naming
+
+Files are named `NNNN_description.sql` where NNNN is sequential:
+- `0001_initial.sql`
+- `0002_add_feature.sql`
+- `0003_nango_user_columns.sql`
+
+The `_journal.json` tracks which migrations have been applied.

.env.example

@@ -22,6 +22,40 @@
 # Dashboard port (default: 3888)
 # AGENT_RELAY_DASHBOARD_PORT=3888
 
+# =============================================================================
+# Cloud Mode Configuration
+# =============================================================================
+
+# Force cloud mode in dashboard - prevents silent fallback to local mode
+# Set to "true" when testing cloud features locally
+# NEXT_PUBLIC_FORCE_CLOUD_MODE=true
+
+# =============================================================================
+# Security / Vault Configuration
+# =============================================================================
+
+# Vault master key for encrypting stored credentials (REQUIRED for cloud mode)
+# Generate with: openssl rand -base64 32
+# VAULT_MASTER_KEY=your-32-byte-base64-encoded-key
+
+# =============================================================================
+# Compute Provider Configuration (for workspace provisioning)
+# =============================================================================
+
+# Compute provider: docker (default), fly, railway
+# COMPUTE_PROVIDER=docker
+
+# --- Fly.io Configuration ---
+# Get API token: fly tokens create deploy -x 999999h -n "agent-relay-provisioner"
+# FLY_API_TOKEN=your-fly-api-token
+# FLY_ORG=personal
+# FLY_REGION=sjc
+# FLY_WORKSPACE_DOMAIN=workspaces.yourdomain.com  # optional custom domain
+
+# --- Railway Configuration ---
+# Get API token from Railway dashboard
+# RAILWAY_API_TOKEN=your-railway-api-token
+
 # =============================================================================
 # Examples
 # =============================================================================
@@ -36,3 +70,9 @@
 # Use PostgreSQL (future):
 # AGENT_RELAY_STORAGE_TYPE=postgres
 # AGENT_RELAY_STORAGE_URL=postgres://localhost:5432/agent_relay
+
+# Production Fly.io setup:
+# COMPUTE_PROVIDER=fly
+# FLY_API_TOKEN=fo1_xxxxx
+# FLY_ORG=your-org
+# FLY_REGION=sjc

.github/workflows/cli-oauth-test.yml

@@ -0,0 +1,117 @@
+name: CLI OAuth Flow Tests
+
+on:
+  push:
+    paths:
+      - 'src/cloud/api/onboarding.ts'
+      - 'scripts/test-cli-auth/**'
+      - '.github/workflows/cli-oauth-test.yml'
+  pull_request:
+    paths:
+      - 'src/cloud/api/onboarding.ts'
+      - 'scripts/test-cli-auth/**'
+  # Allow manual trigger
+  workflow_dispatch:
+  # Run weekly to catch provider CLI changes
+  schedule:
+    - cron: '0 0 * * 0' # Every Sunday at midnight
+
+jobs:
+  unit-tests:
+    name: Unit Tests
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+          cache: 'npm'
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Run onboarding unit tests
+        run: npx vitest run src/cloud/api/onboarding.test.ts
+
+  real-cli-tests:
+    name: Real CLI Integration Tests
+    runs-on: ubuntu-latest
+    needs: unit-tests
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Build test container with real CLIs
+        run: |
+          docker build -f scripts/test-cli-auth/Dockerfile.real \
+            -t cli-oauth-test-real .
+
+      - name: Run CLI OAuth tests against real CLIs
+        id: test
+        run: |
+          mkdir -p test-results
+          docker run --rm \
+            -v ${{ github.workspace }}/test-results:/tmp \
+            cli-oauth-test-real
+
+      - name: Upload test results
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: cli-oauth-test-results
+          path: test-results/cli-oauth-test-results.json
+          if-no-files-found: ignore
+
+      - name: Parse and display results
+        if: always()
+        run: |
+          if [ -f test-results/cli-oauth-test-results.json ]; then
+            echo "### CLI OAuth Test Results" >> $GITHUB_STEP_SUMMARY
+            echo "" >> $GITHUB_STEP_SUMMARY
+            echo "| Provider | Status | URL Found | Duration |" >> $GITHUB_STEP_SUMMARY
+            echo "|----------|--------|-----------|----------|" >> $GITHUB_STEP_SUMMARY
+
+            cat test-results/cli-oauth-test-results.json | \
+              jq -r '.results[] | "| \(.provider) | \(if .passed then "✅" else "❌" end) | \(if .urlExtracted then "Yes" else "No" end) | \(.duration)ms |"' \
+              >> $GITHUB_STEP_SUMMARY
+
+            echo "" >> $GITHUB_STEP_SUMMARY
+            echo "**Summary:** $(cat test-results/cli-oauth-test-results.json | jq -r '.summary | "\(.passed)/\(.total) passed"')" >> $GITHUB_STEP_SUMMARY
+          fi
+
+  notify-on-failure:
+    name: Notify on Failure
+    runs-on: ubuntu-latest
+    needs: [unit-tests, real-cli-tests]
+    if: failure() && github.event_name == 'schedule'
+    steps:
+      - name: Create issue for CI failure
+        uses: actions/github-script@v7
+        with:
+          script: |
+            const title = `CLI OAuth Tests Failed - ${new Date().toISOString().split('T')[0]}`;
+            const body = `
+            ## CLI OAuth Integration Tests Failed
+
+            The scheduled CLI OAuth tests have failed. This may indicate:
+            - A provider has updated their CLI and changed the OAuth flow
+            - Prompt patterns need to be updated
+            - URL extraction patterns need adjustment
+
+            ### Action Required
+            1. Check the [workflow run](${context.serverUrl}/${context.repo.owner}/${context.repo.repo}/actions/runs/${context.runId})
+            2. Update \`CLI_AUTH_CONFIG\` in \`src/cloud/api/onboarding.ts\` if needed
+            3. Update mock CLI behavior in \`scripts/test-cli-auth/mock-cli.sh\`
+            4. Re-run tests to verify fixes
+
+            /cc @${context.actor}
+            `;
+
+            await github.rest.issues.create({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              title: title,
+              body: body,
+              labels: ['bug', 'cli-oauth', 'automated']
+            });

.github/workflows/docker.yml

@@ -1,6 +1,9 @@
 name: Docker
 
 on:
+  push:
+    branches:
+      - main
   release:
     types: [published]
   workflow_dispatch:
@@ -27,9 +30,9 @@ jobs:
           - image: agent-relay
             dockerfile: Dockerfile
             context: .
-          - image: agent-relay-workspace
+          - image: relay-workspace
             dockerfile: deploy/workspace/Dockerfile
-            context: deploy/workspace
+            context: .
 
     steps:
       - name: Checkout repository

.gitignore

@@ -29,13 +29,16 @@ pnpm-debug.log*
 
 # Local test artifacts
 .agent-relay-test-*/
+.tmp/
+.tmp-*/
 
 # Coverage output
 coverage/
 .npm-cache
-.tmp-supervisor-tests
-.tmp-agent-relay-data
 
 .next
 
 src/dashboard/out
+
+.env.local
+.env