feat: Kaneru v0.3.0 — AI venture management system#39
Merged
ApiliumDevTeam merged 73 commits intodevfrom Mar 19, 2026
Merged
Conversation
Begin v0.3.0 development — remote command execution via messaging channels (WhatsApp, Telegram).
Implements the core remote terminal execution service (Milestone 1). Three tools — remote_exec, remote_read_file, remote_ls — with sandbox validation, symlink-safe path containment, HMAC audit trail, and sliding-window rate limiting. 56 tests covering config parsing, path security, command execution, file read, directory listing, and end-to-end plugin registration.
Bridge the gap between agent tools and direct user interaction by adding a /run plugin command with risk-based approval flow. Safe commands auto- execute; risky ones require explicit /run approve <id> before execution. - ConfirmationConfig type + parseConfirmation() in config.ts - ConfirmationManager class with evaluate/approve/deny/listPending - 4 output formatters for messaging channels (exec, approval, pending, help) - /run command wired into plugin registration with requireAuth: true - 35 new tests (groups G-J), 91 total passing
Per-sender session state persists working directory across commands. Output exceeding page size is cached and served via /run more. New subcommands: /run cd, /run pwd, /run more.
formatPagedOutput and formatMorePage were wrapping already-formatted content in additional code fences and command headers, producing broken markdown. Now they pass through the pre-formatted page content and only append the paging footer.
Add /run history, /run !!/!N recall, and /run env for persistent session environment variables. History records executed commands with exit codes; recalled commands re-evaluate risk. Env vars merge into child process env with blocklist protection.
Add LD_PRELOAD and DYLD_INSERT_LIBRARIES to ENV_BLOCKLIST to prevent code injection via dynamic linker env vars. Add 5 tests for untested edge cases: single var lookup, -d without key, split on first =, LD_PRELOAD protection, and unset var message.
Add /run alias for session-scoped command shortcuts with validation, /run status for session diagnostics, and automatic secret redaction using the existing maskSensitiveOutput engine (17 patterns).
Add blockedPatterns config (regex-based deny-list checked after alias expansion), /run clear to reset session state, and /run config to show sanitized active configuration for remote debugging. 38 new tests (254 total).
… clear Limit blocked pattern regex to 200 chars to prevent catastrophic backtracking, remove unnecessary getOrCreate call before clearSession, and add missing tests for null and max-length edge cases.
…locking Per-sender rate limiting isolates abusive senders without affecting others. Expand ENV_BLOCKLIST with 15 security-critical entries (PATH, NODE_OPTIONS, IFS, etc). Unify AuditTrail into a single instance shared by service and confirmation manager. Block background execution operators (nohup, &, disown, setsid). Guard empty allowedPaths in RemoteExecService constructor. Per-sender pending limits prevent one sender from exhausting the queue. Audit expired confirmation requests before deletion. Byte-accurate truncation using Buffer.subarray for multi-byte safety.
…uplicate defaults Add 5 new masking patterns: Stripe, SendGrid, Azure storage, Discord bot tokens, and JWT tokens. Cap blockedPatterns at 50 entries to prevent DoS via config. Escape forward slashes in blocked pattern display. Remove duplicated DEFAULT_MAX_HISTORY_SIZE/ENV_VARS/ALIASES constants in favor of DEFAULT_SESSION.* references. Add PIN config type and parser with assertAllowedKeys validation, scrypt hash format validation, and clamped numeric bounds.
New pin-auth.ts module provides scrypt-based PIN hashing, constant-time verification via crypto.timingSafeEqual, lockout logic with configurable max attempts and cooldown, and auto-lock on inactivity. Session state extended with PinSessionState, reset on clear. SessionManager gains updatePinActivity and getPinState methods.
25 new tests covering: pin-auth.ts unit tests (hashPin format, verifyPin correct/wrong, createPinState defaults, checkPinLock states including disabled/locked/unlocked/auto-lock/lockout/lockout-expired, attemptUnlock success/failure/lockout-trigger), /run PIN integration (locked commands, help bypass, unlock flow, wrong PIN attempts, lockout, post-unlock execution, clear resets PIN state), and PIN config parsing (defaults, valid hash, invalid format, clamping, unknown keys).
The previous BG_PATTERN only caught trailing & but missed mid-command backgrounding like 'cmd1 & cmd2'. Split into two patterns: BG_KEYWORD for nohup/disown/setsid and BG_AMPERSAND with lookbehind/lookahead to exclude &&, &>, and >& redirects while catching standalone &.
…e limiting for all tools Limit private key regex to 16KB match window to prevent ReDoS when BEGIN marker exists without matching END. Add pruneStaleRateLimitEntries to clean up sender entries with all-expired timestamps when map exceeds 100 entries. Extend readFile and listDirectory with optional senderId parameter for consistent per-sender rate limiting across all three tools.
…pired decision Add PS4 to ENV_BLOCKLIST per RP-1 spec. Change AuditTrail from optional to required constructor parameter in RemoteExecService per RP-3 (injected, not created). Fix expired request audit to use "deny" decision with action: "expired" in context per RP-5 spec. Update all 48 test constructor calls to pass noopAudit, use real AuditTrail for file-based audit tests.
…l files Critical: Add output masking to MCP tool handlers (remote_exec, remote_read_file, remote_ls) to prevent secret leakage through agent tool calls. High: Add audit logging for state-mutating subcommands (cd, env, alias, clear). Switch fire-and-forget void audit calls to await in /run handler. Expand ENV_BLOCKLIST with 12 bash manipulation vars (BASHOPTS, SHELLOPTS, HISTFILE, HISTCONTROL, HISTIGNORE, HISTTIMEFORMAT, BASH_XTRACEFD, BASH_LOADABLES_PATH, MAIL, MAILCHECK, TMPDIR, INPUTRC). Add coproc to background execution blocklist. Extract defaultWorkdir helper to eliminate 12 non-null assertions. Record command history on execution failure with exitCode=-1. Add ReDoS validation for user- supplied blockedPatterns (reject nested quantifiers). Skip misleading PIN unlock audit when PIN not configured. Medium: Sanitize error messages to not leak resolved filesystem paths. Add generic-token-field output masking pattern. Cap global pending requests at 500. Add MAX_ENV_VALUE_LENGTH (4096) and MAX_ALIAS_COMMAND_LENGTH (1024) limits. Update formatClearSuccess to mention PIN auth reset. Add pin uiHint to config schema. Throttle session prune proportionally to TTL. Block !-prefixed commands that are not valid recall syntax. Throw on non-object config input. Low: Add (no output) indicator for empty exec output. Replace spread+filter with for-of loop for pending count. Fix error cast with instanceof guard. Fix cacheOutput fallback workdir. Fix coproc bypass path.
Add 7 tests for gaps found during verification re-scan: coproc background blocking, ReDoS pattern rejection in blockedPatterns, generic-token-field masking, env value and alias command length enforcement, and non-object config rejection. Replace last allowedPaths[0]! assertion in exec-service.ts with ?? fallback.
…lers Fix node.list response type from Record to Array<Record> matching the actual gateway handler response shape. Fix device.pair.list paired array type from PendingDevice to PairedDevice reflecting the structural difference between pending requests and approved devices. Replace Promise.all with Promise.allSettled in debug loadDebug so a single failing request does not prevent other snapshots from updating.
Expose real-time MCP server metrics (tool usage, latency, errors, SSE sessions, Cortex health) through a new portal tab. Includes a ring-buffer metrics collector instrumented in the tool adapter, gateway method for the dashboard, and sensitive param redaction. Also adds remote-exec plugin manifest and enables mcp-server as a bundled plugin so the gateway loads it by default.
Add MCP and Kaneru entries to Tab type, TAB_GROUPS, TAB_PATHS, iconForTab, app state declarations, refreshActiveTab handler, app-render conditionals, and all 4 locale files (en, pt-BR, zh-CN, zh-TW).
Expose the agent-mesh coordination layer as Kaneru with a unified product surface: - KaneruFacade: shared entry point for CLI and MCP tools wrapping TeamManager, TaskRouter, ConsensusEngine, DelegationEngine, KnowledgeFusion, and AgentMailbox - CLI: 9 subcommands under `mayros kaneru` (squad create/run/status/ list, delegate, consensus, route, fuse, dashboard) - MCP: 8 tools (kaneru_squad_create, kaneru_consensus, kaneru_route, kaneru_delegate, kaneru_fuse, kaneru_mailbox, etc.) - UI: Kaneru portal tab with squads, Q-learning route table, and stats cards via kaneru.dashboard gateway method - Rename: plugin user-facing name from "Agent Mesh" to "Kaneru" - TaskRouter.getRouteTable() for dashboard Q-table visualization
GitHub Push Protection flagged the test fixture ghp_ token as a real secret. Replaced with an obviously-fake pattern that still validates the masking logic.
Facade: fix route() accessing nonexistent classification field (parse stateKey instead), fix dashboard mapping wrong TeamDashboard fields (teamId/teamName/teamStatus), fix mailboxCheck using wrong query field (agent not recipientId), bound routeTable to top 100 entries, replace Date.now() with randomUUID for consensus IDs. MCP tools: add destroy() lifecycle method for facade cleanup. CLI: guard dynamic import with try/catch for friendly error message. Cortex installer: fix Windows asset name (.zip → .exe.zip). Add 78 tests: kaneru-facade (25), kaneru-tools (36), kaneru-cli (17).
VentureManager: CRUD for ventures as Cortex triples with unique prefix, auto-incrementing mission counter, and fuel limit tracking. Prefix uniqueness enforced on create and update. ChainManager: agent deployment to ventures, escalation hierarchy with cycle detection via DFS, tree-building for chain visualization. DirectiveManager: directive trees (strategic/objective/task levels) with parent validation and venture scoping. All entities use the PlanStore pattern (subject per entity, predicates for fields, delete-then-create for updates). Angle brackets stripped from Cortex RDF notation for reliable subject/predicate matching.
MissionManager: full mission lifecycle (queued→ready→active→review→ complete|abandoned) with state machine validation. Auto-assigns human-readable identifiers from venture prefix+counter (e.g. SEC-1). Atomic claim with optimistic concurrency: write claim triples then re-read to detect concurrent modifications. Stale run adoption for same-agent recovery. Claim release returns mission to ready state. Sub-mission depth tracking (max 10) prevents infinite recursion. Abandon reason stored as triple for observability.
DojoService: searchHub() queries Skill Hub for templates with dojo-template category. installFromHub() downloads template JSON from Hub and installs via the standard installTemplate() flow. Refactored install() to share installTemplate() with Hub downloads. Graceful degradation when Hub is unreachable or skill-hub not available. CLI: mayros kaneru dojo search --query <text> searches Hub marketplace.
…marketplace Dojo Hub integration now resolves HubClient from the skill-hub extension (same client used by mayros hub commands) with hub.apilium.com as default. Removed hardcoded hub.mayros.dev URL and inline HubClient type stubs. searchHub() and installFromHub() delegate to the real HubClient via resolveHubClient() with graceful fallback when skill-hub is unavailable.
MissionCommentService: agents and operators can add comments to missions stored as Cortex triples. Comments ordered by creation time, queryable by mission ID. Supports count() for badge display. Closes gap vs Paperclip's issue_comments table — with the advantage that comments are semantic graph nodes, not flat rows.
ProjectManager: projects group missions with owner, target date, category, and status lifecycle (planning→active→paused→completed→ cancelled). Projects bridge ventures (organization) and missions (work units). Closes gap vs Paperclip's projects table — with semantic graph storage, DAG audit trail, and no relational joins needed.
…sting CostAnalyticsService: advanced fuel analytics computed from event history. Time-series (daily/weekly/monthly), provider+model breakdown, per-agent cost ranking, efficiency metrics (cost per mission, per event), and burn rate forecast with confidence levels. Closes gap vs Paperclip's cost dashboard — no denormalized counters, all computed on-the-fly from semantic event stream.
Facade: 7 new methods (addComment, listComments, projectCreate, projectGet, projectList, projectUpdate, costAnalysis). CLI: 8 new subcommands — comment (add, list), project (create, list, status), fuel analytics, fuel forecast. Total: 18 subcommand groups.
Chain Visualizer: tree view of agent escalation hierarchy with CSS connecting lines — agents as nodes, escalatesTo as directed edges. Color-coded by status. Renders in Ventures dashboard. Squad Builder: interactive agent card grid for creating squads visually. Toggle agent selection, set name and merge strategy, one-click create. Renders in Kaneru dashboard. Mission Detail: expandable panel with identifier, priority badge, status, claimed agent, description, and chronological comment thread with inline comment input. Gateway: ventures.dashboard now returns chain data for visualization.
Setup Wizard: modal overlay with 4 steps (Venture → Agent → Mission → Launch) that creates a complete venture setup in one click. Inspired by Paperclip's onboarding flow but using Kaneru terminology. Gateway: kaneru.setup method creates venture, deploys agent to chain, and creates first mission atomically. UI: "New Venture" button in Ventures tab header opens the wizard. After creation, ventures dashboard auto-refreshes. Fix: chain.deploy() now stores deployedAt as node reference instead of plain string, with fallback query for legacy data.
CSS variables don't resolve inside the wizard modal overlay. Use hardcoded dark theme colors: #1a1a2e background, #0f0f1a inputs, #e0e0e0 text, #333 borders, #10b981 accent. Matches the portal's dark theme visually.
Replace hardcoded colors with actual Mayros CSS variables: --card, --bg, --accent, --border, --card-foreground, --accent-foreground. All with fallbacks matching the dark theme palette. Fix "New Venture" button to use --accent instead of --color-accent.
…ble-storage Extract TASK_TYPE_KEYWORDS, DOMAIN_EXTENSIONS, and classification functions (detectTaskType, detectComplexity, detectDomain, classifyTask, classifyMission) into shared/task-classification.ts. Both TaskRouter and LearningProfileManager now import from the single source of truth with merged keyword lists. Remove persistResult() from ConsensusEngine — decision persistence is now exclusively handled by DecisionHistory which stores richer context (question, votes, participants, venture/mission linking). Eliminates double-storage at kimeru:consensus: and decision: prefixes.
Canvas Surfaces: 4 A2UI JSONL surface generators — overview (stats + venture grid), missions (kanban with claim/complete buttons), chain (agent hierarchy tree), fuel (burn rate + provider breakdown). All surfaces are valid A2UI v0.8 JSONL, renderable on macOS/iOS/Android native apps AND the web portal. Canvas Embed: simplified A2UI renderer in the web portal using native Lit HTML. Parses surfaceUpdate JSONL and renders Column/Row/Card/Text/ Button/Divider components with Mayros dark theme. Tab bar switches between the 4 surfaces. Gateway: kaneru.canvas method loads venture data from Cortex and generates surfaces on demand. Supports single surface or all-at-once. Neither OpenClaw nor Paperclip has venture-aware canvas — OpenClaw has canvas but single-agent with no org context, Paperclip has no canvas.
Command Bar: Spotlight/Raycast-style overlay activated by Ctrl+K (or Cmd+K on macOS). Shows venture context, active missions, and 6 quick actions. Supports text commands and voice input via Web Speech API. Commands are routed by keyword matching to gateway methods: - fuel/cost → ventures.dashboard fuel summary - missions → ventures.dashboard mission list - squad/agent → kaneru.dashboard stats - General queries → CLI guidance Voice: mic button toggles Web Speech API recognition with red pulse animation. Transcript auto-fills input and submits. Hidden when Speech API unavailable. Better than Claude's Caps Lock modal because it shows venture context, routes to the right agent, and has quick actions for common operations.
Mic button appears next to Send in the chat tab when Web Speech API is available. Click to start recording (button turns red with pulse), click again to stop. Transcribed text appends to the draft message. Reuses startVoiceRecognition/stopVoiceRecognition from the command bar controller — same Speech API integration, consistent UX.
Move mic button from actions row to inside the textarea (bottom-right corner, absolute positioned). Circular 32px button with dark background that turns accent-red with glow shadow when recording. Styled like WhatsApp/Telegram voice input — integrated into the compose field, not a separate action button.
Inspired by Claude Desktop's compose area: single rounded card with textarea on top, toolbar (new session + mic + send) on bottom inside the same box. Border-radius 16px, transparent textarea, SVG mic icon that glows red when recording, pill-shaped Send button with arrow icon. Replaces the flat separated textarea + buttons layout.
… utils C1: Add sanitizeTripleValue() in shared/rdf-utils.ts — strips null bytes, control characters, and RDF-mimicking angle brackets from all user-supplied strings before storing as triple objects. Applied across 13 kaneru modules. C2: Validate hub templates before install — max 20 agents, max 50 directives, agent IDs must be alphanumeric. C3: Document gateway auth model (WebSocket-level device token enforcement). L1: Extract stripBrackets() to shared/rdf-utils.ts — single definition imported by all 13+ kaneru modules, eliminating 13 duplicate functions. L5: Fix fragile component array mutation in canvas-surfaces.ts — build card children upfront instead of backwards array indexing. M6: Remove competitor references from source code comments.
Dead code removed: - Facade: recordMissionOutcome() (redundant), dojoInstallFromHub() (CLI bypasses) - DistributedVentureManager.addAndRegisterPeer() (never called) - knowledge-transfer.ts: local stripBrackets() (now imports from shared) - chain-visualizer.ts: unused TREE_LINE_STYLE constant Lifecycle wiring: - consensusResolve() now auto-records decisions via DecisionHistory - New CLI: mayros kaneru mission complete-with-learning — full post- mission lifecycle (learning profile + knowledge transfer + notification)
Add comprehensive Kaneru section covering: ventures, missions, learning profiles, cost analytics, decision audit, P2P sync, web portal features (canvas, setup wizard, command bar), and 24 MCP tools. Update stats: 12,400+ tests, 55+ extensions, 45+ MCP tools, Windows platform support. Add kaneru extension to ecosystem table.
Source fixes:
- trusted-folders.ts: use path.sep instead of hardcoded "/"
- file-mention.ts: use path.isAbsolute() and path.basename(), regex
matches Windows drive-letter paths
- media-mention.ts: use path.basename() instead of split("/").pop()
- remote-exec/config.ts: use path.join() for auditLogPath default
- vitest.config.ts: strip shebangs from .mjs files for Windows compat
Test fixes:
- Use path.resolve() and path.join() instead of hardcoded Unix paths
- Fix test token values to match regex patterns
- Handle Windows "does not exist" vs Unix path errors
- Use genuinely relative paths for cross-drive compatibility
Result: 12,484 tests pass, 0 failures on Windows. Fixes are backwards-
compatible with macOS and Linux (use node:path APIs, not conditionals).
The installer now always looks for platform-suffixed binaries after extraction (not just on first install). On Windows, renames the old binary to .old before replacing, with fallback to copyFile if the binary is locked. Cleans up leftover suffixed binaries and .old files. Fixes the issue where cortex:install downloaded v0.6.3 but left it as aingle-cortex-windows-x86_64.exe without renaming to aingle-cortex.exe.
Three fixes in postinstall.mjs: 1. Windows asset name: .zip → .exe.zip (matching cortex-update-check.ts) 2. Version check: compares installed vs REQUIRED_VERSION instead of just checking if binary exists. On update, downloads new version if needed. 3. Rename logic: same robust pattern as cortex-update-check.ts — moves old binary to .old, falls back to copyFileSync if locked, cleans up. Also synced cortex-update-check.ts installer with same cleanup logic.
mayros uninstall now includes --cortex option (also triggered by --all): - Stops running Cortex process (taskkill on Windows, pkill on Unix) - Removes Cortex binary (~/.mayros/bin/) - Removes Cortex data (~/.aingle/cortex/) — graph DB, DAG, proofs Always shows a detailed data loss warning listing every category of data that will be permanently deleted: knowledge graph, ventures, missions, learning profiles, decision history, semantic memory, DAG audit trail, fuel events. Warning is shown even with --yes flag. Interactive mode prompts: "I understand the data loss. Proceed?"
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Kaneru transforms Mayros from a personal AI assistant into a full AI venture management platform. Agents learn, coordinate, and improve over time — all stored in Cortex, all DAG-auditable.
Milestone 1: Surface Kaneru
Milestone 2: The Venture Layer
Milestone 3: The Memory Moat
Milestone 4: Beyond Paperclip
Portal UI
Infrastructure
Stats
Test plan