Skip to content

Add OpenSpec design proposals for Omnigent-derived features#46

Merged
brettheap merged 9 commits into
mainfrom
claude/agenttower-omnigent-comparison-4yf6hv
Jun 18, 2026
Merged

Add OpenSpec design proposals for Omnigent-derived features#46
brettheap merged 9 commits into
mainfrom
claude/agenttower-omnigent-comparison-4yf6hv

Conversation

@brettheap

@brettheap brettheap commented Jun 18, 2026

Copy link
Copy Markdown
Contributor

Summary

This PR introduces a coordinated family of four OpenSpec design proposals derived from the AgentTower ↔ Omnigent analysis. These are spec-only changes (no implementation code) that formalize architectural decisions and capability requirements for future feature work.

Changes

Research & Analysis Documents

  • docs/related-work-omnigent.md — Comparison of AgentTower (observer/router) vs Omnigent (meta-harness), identifying where they complement rather than compete
  • docs/integration-tiers.md — Research note on AgentTower's connection-strength model, generalizing the Omnigent comparison into a broader architecture

OpenSpec Change Proposals (four independent but coordinated changes)

  1. agent-connection-tiers — Foundation proposal defining a per-agent ladder from tmux floor (Tier 0) through native harness integration (Tier 1) to Omnigent hand-off (Tier 2). Settles two key decisions:

    • AgentTower is the router, not the puppeteer
    • Omnigent is the puppet master for action-level driving/sandboxing
    • Inbound (events) and outbound (delivery) negotiate independently per agent
    • First-class support for both managed launches and pre-instrumented adopted panes
  2. routing-policy-layers — Layered delivery policies (global → per-agent → per-route) with deterministic resolution, router-appropriate policy types (rate caps, require-approval, source/target allow/deny, quiet holds), and full audit trail. Composes with the tier-independent outbound safety gate.

  3. discovery-backends — Pluggable discovery interface abstracting where panes/agents come from (bench containers, host-only tmux, future remote benches) behind one interface. Refactors existing bench-container discovery as the first backend with no behavior change.

  4. app-collaboration — Multi-operator local-only app sessions with observer (read-only) and operator (mutating) roles, consistent shared live view, and server-side co-drive enforcement. Explicitly defers remote/URL sharing as a gated non-goal requiring authenticated transport.

Each proposal includes:

  • proposal.md — Why the change, what changes, and scope
  • design.md — Goals/non-goals, decisions with rationale, and decision details
  • specs/<capability>/spec.md — Formal requirements with scenarios
  • tasks.md — Spec authoring tasks (this change) and implementation hand-off (future features)
  • README.md — One-line summary

Coordination Document

  • openspec/changes/README.md — Dependency graph and recommended build order (A → B → D → C), shared guardrails (no network listener, router-not-puppeteer, no host-absolute paths)

Notable Details

  • All four changes preserve the MVP constitution: no network listener, AgentTower remains a router (not an executor), and no host-absolute paths
  • The tier model is the foundation; routing policies and discovery backends are independent upgrades that compose with it
  • App collaboration is explicitly V2 (local-only); remote sharing is recorded as a gated non-goal
  • Every requirement carries at least one scenario for testability
  • Implementation is sequenced into future features; this change is spec/design only

https://claude.ai/code/session_015SpYMhCsyyGMEyNrxkWGCc

Summary by Sourcery

Introduce a family of OpenSpec design proposals and research notes that define AgentTower’s integration tiers, layered routing policies, pluggable discovery backends, and local multi-operator app collaboration, without shipping any implementation code.

New Features:

  • Define the agent-integration capability spec for a tiered per-agent connection model from tmux floor through native harness integration to Omnigent hand-off, with independent inbound/outbound negotiation and preserved safety invariants.
  • Define the routing-policy capability spec for layered global, per-agent, and per-route delivery policies with router-scoped controls and full auditability.
  • Define the discovery-backends capability spec and interface for pluggable discovery substrates, refactoring existing bench-container discovery into the first backend and paving the way for host-only tmux and future backends.
  • Define the app-collaboration capability spec for local-only multi-operator app sessions with observer/operator roles, shared live view, and server-enforced co-drive semantics.

Enhancements:

  • Add an OpenSpec changes README that documents dependencies, guardrails, and recommended build order across the new coordinated change family.
  • Author task lists for each new capability to sequence spec validation and future implementation work.

Documentation:

  • Add Omnigent-related research notes and an integration-tiers research document that frame AgentTower as a router and Omnigent as a higher-tier puppet master, informing the new OpenSpec changes.

claude added 6 commits June 18, 2026 04:47
Add docs/related-work-omnigent.md comparing AgentTower (non-invasive
tmux observer/router) with Databricks' Omnigent meta-harness (agent
wrapper/runtime), and record the Omnigent-derived feature ideas that fit
AgentTower's model in the mvp-feature-sequence "Later Features" backlog
and architecture.md V2 Scope.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_015SpYMhCsyyGMEyNrxkWGCc
Add docs/integration-tiers.md defining the per-agent connection ladder
(Tier 0 tmux floor -> Tier 1 native harness hooks/MCP/stream-json ->
Tier 2 Omnigent) with independent inbound/outbound axes. Settle the
router-first division of labor: AgentTower stays the router (agents
report in via hooks and an AgentTower-hosted MCP server), Omnigent is
the puppet master for action-level driving. Adoption of pre-instrumented
panes is first-class; both Tier-1 mechanisms bridge via the existing
Unix socket so the no-network-listener invariant holds.

Cross-reference the new model from related-work-omnigent.md (Omnigent =
Tier 2) and add an ordered backlog to mvp-feature-sequence.md.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_015SpYMhCsyyGMEyNrxkWGCc
Revert the two direct doc commits (Omnigent comparison + derived backlog,
and the connection-strength tiers model). The forward-looking scope was
written straight into the canonical docs; it should instead go through an
OpenSpec change proposal under openspec/changes/. Recreated there.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_015SpYMhCsyyGMEyNrxkWGCc
Add OpenSpec change agent-connection-tiers: proposal, design, tasks, and
the agent-integration capability spec delta. Captures the per-agent
connection ladder (Tier 0 tmux floor / Tier 1 native harness hooks+MCP /
Tier 2 Omnigent hand-off), independent inbound/outbound axes, router-first
boundary (AT routes; Omnigent puppet-masters), first-class pre-instrumented
adoption, the no-network-listener invariant, and tier-independent outbound
safety. Spec/design only; no code.

Authored to OpenSpec file conventions by hand (no openspec CLI available in
this environment).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_015SpYMhCsyyGMEyNrxkWGCc
Restore related-work-omnigent.md and integration-tiers.md as reference
material with explicit "research only" banners. They record no committed
scope and modify no canonical spec; adopted scope lives under
openspec/changes/. Removed the stale "recorded in the backlog" claims
(those canonical-doc edits were reverted) and reframed the Omnigent-derived
features as candidate scope feeding a future OpenSpec proposal.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_015SpYMhCsyyGMEyNrxkWGCc
Add three OpenSpec changes derived from the Omnigent analysis, plus a
roadmap tying the family to the existing agent-connection-tiers (A):

- routing-policy-layers (B): layered global->agent->route delivery
  policies; deny-wins/min-wins resolution; decision auditing; FEAT-009
  backward compatibility. Capability: routing-policy.
- discovery-backends (D): pluggable DiscoveryBackend interface; bench
  discovery refactored as backend #1 (no behavior change); identity
  namespacing; per-backend degraded isolation; host-only tmux backend #2.
- app-collaboration (C, V2): multi-operator app sessions with observer
  vs operator roles; shared consistent view; server-side co-drive
  enforcement; cross-session audit; explicit local-only boundary.

E (mobile/remote) recorded as a gated non-goal; F (agent network-egress)
as advisory-only. All four changes pass `openspec validate --strict`.
Spec/design only; no code.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_015SpYMhCsyyGMEyNrxkWGCc
Copilot AI review requested due to automatic review settings June 18, 2026 14:23
@sourcery-ai

sourcery-ai Bot commented Jun 18, 2026

Copy link
Copy Markdown

Reviewer's Guide

Spec-only PR that adds four coordinated OpenSpec design/capability proposals (agent connection tiers, routing policy layers, discovery backends, and local-only app collaboration), plus supporting research notes and a coordination README, to formalize how AgentTower will integrate with Omnigent and future substrates without changing runtime behavior today.

Sequence diagram for local app collaboration (watch vs co-drive)

sequenceDiagram
  actor Operator
  actor Observer
  participant AppClientOperator
  participant AppClientObserver
  participant AgentTowerDaemon

  Operator->>AppClientOperator: start_ui()
  AppClientOperator->>AgentTowerDaemon: app.hello(role=operator)
  AgentTowerDaemon-->>AppClientOperator: session_id_operator

  Observer->>AppClientObserver: start_ui()
  AppClientObserver->>AgentTowerDaemon: app.hello(role=observer)
  AgentTowerDaemon-->>AppClientObserver: session_id_observer

  AppClientOperator->>AgentTowerDaemon: app.send_input(session_id_operator,...)
  AgentTowerDaemon-->>AppClientOperator: delivery_accepted

  AppClientObserver->>AgentTowerDaemon: app.send_input(session_id_observer,...)
  AgentTowerDaemon-->>AppClientObserver: mutation_rejected
Loading

Flow diagram for layered routing/input delivery policies

flowchart LR
  Request["Delivery request"] --> GlobalPolicy["Global policies\n(routing_enabled, kill switch)"]
  GlobalPolicy -->|deny| Blocked["Block delivery\n(policy_blocked)"]
  GlobalPolicy -->|allow| AgentPolicy["Per-agent policies"]
  AgentPolicy -->|deny| Blocked
  AgentPolicy -->|allow| RoutePolicy["Per-route policies"]
  RoutePolicy -->|require-approval / quiet hold| Held["Hold pending\n(policy_held)"]
  RoutePolicy -->|allow within caps| Allowed["Deliver message\n(policy_allowed)"]
Loading

File-Level Changes

Change Details Files
Introduce the agent connection-strength tier model and agent-integration capability spec, formalizing per-agent tiers, roles, safety invariants, and phased implementation tasks.
  • Add research note on AgentTower integration tiers that generalizes Omnigent as Tier 2 and settles router-vs-puppeteer responsibilities.
  • Define the agent-connection-tiers OpenSpec change with design decisions for tier ladder, inbound/outbound axis independence, adoption of pre-instrumented panes, and no-network-listener constraint.
  • Add agent-integration capability spec with concrete requirements and scenarios for per-agent ladder, integration modes, MCP server directionality, adoption behavior, safety gate, and auditability.
  • Add tasks document sequencing spec validation and future implementation phases for hooks-based inbound, MCP server, structured outbound delivery, and Omnigent hand-off.
docs/integration-tiers.md
openspec/changes/agent-connection-tiers/design.md
openspec/changes/agent-connection-tiers/specs/agent-integration/spec.md
openspec/changes/agent-connection-tiers/proposal.md
openspec/changes/agent-connection-tiers/tasks.md
Define layered routing/input-delivery policy model and routing-policy capability, including deterministic resolution, router-scoped policy types, auditing, and tasks.
  • Introduce routing-policy-layers design describing global/per-agent/per-route policy layers, deny/min precedence rules, router-appropriate policy types, and backward compatibility with existing permission flags.
  • Specify routing-policy capability with requirements and scenarios for layered resolution, rate caps, require-approval, source-based allow/deny, quiet holds, and decision auditing that preserves existing behavior when no policies are configured.
  • Add proposal outlining motivation from current coarse controls, Omnigent-style stacked policies adapted to routing-only scope, and impact on CLI/app surfaces.
  • Add tasks doc for spec validation and future implementation of policies table, evaluation in delivery path, audit events, CLI and app surfaces, and mapping current permissions into base layer.
openspec/changes/routing-policy-layers/design.md
openspec/changes/routing-policy-layers/specs/routing-policy/spec.md
openspec/changes/routing-policy-layers/proposal.md
openspec/changes/routing-policy-layers/tasks.md
Introduce pluggable discovery-backends capability and design, extracting discovery into an interface with namespaced identities, per-backend degradation, and implementation plan.
  • Add discovery-backends design describing DiscoveryBackend interface, identity namespacing, per-backend degraded isolation, and planned bench and host-tmux backends.
  • Define discovery-backends capability spec with requirements and scenarios for consuming panes via the backend interface, bench discovery as a backend, namespaced identities, per-backend failure isolation, and enable/disable configuration.
  • Add proposal explaining motivation to decouple registry/event/routing from Docker-only discovery and to support multiple substrates behind one interface.
  • Add tasks doc for spec validation and future implementation work to define the interface, refactor bench discovery, add backend registry/config, implement namespacing and degraded-state handling, and add a host-only tmux backend.
openspec/changes/discovery-backends/design.md
openspec/changes/discovery-backends/specs/discovery-backends/spec.md
openspec/changes/discovery-backends/proposal.md
openspec/changes/discovery-backends/tasks.md
Define local-only multi-operator app collaboration capability and design, layering roles over existing app.* backend without introducing network listeners, plus implementation tasks.
  • Add app-collaboration design that introduces observer/operator roles on app sessions, consistent shared view semantics, server-enforced co-drive, cross-session audit, and an explicit local-only boundary.
  • Specify app-collaboration capability with requirements and scenarios for session roles, shared event/registry view, server-side enforcement of mutations, mutation audit tagging by session id, and confirmation of no remote sharing surface.
  • Add proposal motivated by Omnigent-style collaboration, scoping this to V2 local watch/co-drive and deferring remote/URL/mobile sharing as a gated future change.
  • Add tasks doc for spec validation and later implementation to extend FEAT-011 sessions with roles, enforce permissions, record session IDs on mutations, and compose with routing policies.
openspec/changes/app-collaboration/design.md
openspec/changes/app-collaboration/specs/app-collaboration/spec.md
openspec/changes/app-collaboration/proposal.md
openspec/changes/app-collaboration/tasks.md
Add research and coordination docs that contextualize Omnigent vs AgentTower and describe how the four OpenSpec changes relate and must respect shared guardrails.
  • Introduce related-work research note comparing AgentTower with Databricks Omnigent, clarifying complementary roles (router vs meta-harness) and enumerating Omnigent-derived candidate features that informed the proposals.
  • Add integration-tiers research note explaining the connection-strength ladder and how Omnigent fits as Tier 2, emphasizing tmux as universal floor and constraints like no network listener.
  • Create openspec changes README that documents dependency graph and recommended build order for the four proposals, shared constitutional guardrails (no listener, router-not-puppeteer, no host-absolute paths), and disposition of deferred candidates.
  • Add minimal per-change README and .openspec.yaml metadata files for the new OpenSpec change directories to integrate with the OpenSpec tooling flow.
docs/related-work-omnigent.md
docs/integration-tiers.md
openspec/changes/README.md
openspec/changes/app-collaboration/README.md
openspec/changes/discovery-backends/README.md
openspec/changes/routing-policy-layers/README.md
openspec/changes/app-collaboration/.openspec.yaml
openspec/changes/discovery-backends/.openspec.yaml
openspec/changes/routing-policy-layers/.openspec.yaml

Tips and commands

Interacting with Sourcery

  • Trigger a new review: Comment @sourcery-ai review on the pull request.
  • Continue discussions: Reply directly to Sourcery's review comments.
  • Generate a GitHub issue from a review comment: Ask Sourcery to create an
    issue from a review comment by replying to it. You can also reply to a
    review comment with @sourcery-ai issue to create an issue from it.
  • Generate a pull request title: Write @sourcery-ai anywhere in the pull
    request title to generate a title at any time. You can also comment
    @sourcery-ai title on the pull request to (re-)generate the title at any time.
  • Generate a pull request summary: Write @sourcery-ai summary anywhere in
    the pull request body to generate a PR summary at any time exactly where you
    want it. You can also comment @sourcery-ai summary on the pull request to
    (re-)generate the summary at any time.
  • Generate reviewer's guide: Comment @sourcery-ai guide on the pull
    request to (re-)generate the reviewer's guide at any time.
  • Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
    pull request to resolve all Sourcery comments. Useful if you've already
    addressed all the comments and don't want to see them anymore.
  • Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
    request to dismiss all existing Sourcery reviews. Especially useful if you
    want to start fresh with a new review - don't forget to comment
    @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

  • Enable or disable review features such as the Sourcery-generated pull request
    summary, the reviewer's guide, and others.
  • Change the review language.
  • Add, remove or edit custom review instructions.
  • Adjust other review settings.

Getting Help

@sourcery-ai sourcery-ai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey - I've left some high level feedback:

  • There’s a fair bit of duplicated narrative between docs/integration-tiers.md and openspec/changes/agent-connection-tiers/design.md; consider trimming the research note to just the extra comparative context and explicitly pointing readers at the design/spec for any authoritative description of tiers and roles to avoid future drift.
  • In the discovery-backends proposal/spec, it would help to be more explicit about the identity-key migration strategy for existing bench-only deployments (e.g., how and when existing rows get a bench: prefix) so downstream schema changes have a clear, non-hand-wavy plan to follow.
Prompt for AI Agents
Please address the comments from this code review:

## Overall Comments
- There’s a fair bit of duplicated narrative between `docs/integration-tiers.md` and `openspec/changes/agent-connection-tiers/design.md`; consider trimming the research note to just the extra comparative context and explicitly pointing readers at the design/spec for any authoritative description of tiers and roles to avoid future drift.
- In the `discovery-backends` proposal/spec, it would help to be more explicit about the identity-key migration strategy for existing bench-only deployments (e.g., how and when existing rows get a `bench:` prefix) so downstream schema changes have a clear, non-hand-wavy plan to follow.

Sourcery is free for open source - if you like our reviews please consider sharing them ✨
Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.

- integration-tiers.md: trim duplicated tier/role narrative now owned by
  the agent-connection-tiers OpenSpec change; keep only orientation +
  pointers + the extra comparative context, with the design/spec marked
  authoritative (avoids future drift).
- discovery-backends: make the identity-key migration concrete — a
  one-time, idempotent, history-preserving stamp of existing rows to
  backend_id='bench' tied to the schema bump, plus a transition read-time
  shim for legacy keys. Add a backward-compat scenario and a migration task.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_015SpYMhCsyyGMEyNrxkWGCc

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds a spec-only OpenSpec “change family” derived from the AgentTower ↔ Omnigent analysis, formalizing several future capability directions (tiered agent integration, layered routing/input-delivery policy, pluggable discovery substrates, and local-only multi-operator app collaboration) without shipping implementation code.

Changes:

  • Add four coordinated OpenSpec change proposals (proposal/design/spec/tasks/README) for: agent connection tiers, routing-policy layers, discovery backends, and app collaboration.
  • Add an openspec/changes/README.md roadmap documenting dependencies/build order and shared guardrails.
  • Add two research notes under docs/ to capture the Omnigent comparison and generalize the integration-tier model.

Reviewed changes

Copilot reviewed 25 out of 25 changed files in this pull request and generated 4 comments.

Show a summary per file
File Description
openspec/changes/README.md Roadmap for the coordinated change family, dependencies, and shared guardrails.
openspec/changes/agent-connection-tiers/tasks.md Task breakdown for spec acceptance + future phased implementation.
openspec/changes/agent-connection-tiers/specs/agent-integration/spec.md Capability requirements for tiered per-agent integration with independent inbound/outbound negotiation.
openspec/changes/agent-connection-tiers/proposal.md Motivation/scope/impact statement for the tier model.
openspec/changes/agent-connection-tiers/design.md Design decisions and rationale for the tier ladder and router-first boundary.
openspec/changes/routing-policy-layers/.openspec.yaml Per-change OpenSpec metadata.
openspec/changes/routing-policy-layers/tasks.md Task breakdown for layered delivery policy spec + future implementation.
openspec/changes/routing-policy-layers/specs/routing-policy/spec.md Capability requirements for layered, auditable, router-scoped delivery policies.
openspec/changes/routing-policy-layers/README.md One-line change summary.
openspec/changes/routing-policy-layers/proposal.md Motivation/scope/impact statement for policy layering.
openspec/changes/routing-policy-layers/design.md Design decisions for precedence/merge rules, policy types, auditing, and backward-compat mapping.
openspec/changes/discovery-backends/.openspec.yaml Per-change OpenSpec metadata.
openspec/changes/discovery-backends/tasks.md Task breakdown for discovery backend abstraction + future implementation.
openspec/changes/discovery-backends/specs/discovery-backends/spec.md Capability requirements for pluggable discovery substrates and degraded isolation.
openspec/changes/discovery-backends/README.md One-line change summary.
openspec/changes/discovery-backends/proposal.md Motivation/scope/impact statement for backend-pluggable discovery.
openspec/changes/discovery-backends/design.md Design decisions for the backend interface and identity namespacing.
openspec/changes/app-collaboration/.openspec.yaml Per-change OpenSpec metadata.
openspec/changes/app-collaboration/tasks.md Task breakdown for multi-operator collaboration spec + future implementation.
openspec/changes/app-collaboration/specs/app-collaboration/spec.md Capability requirements for observer/operator roles and local-only co-drive enforcement.
openspec/changes/app-collaboration/README.md One-line change summary.
openspec/changes/app-collaboration/proposal.md Motivation/scope/impact statement for app collaboration.
openspec/changes/app-collaboration/design.md Design decisions for roles, shared view consistency, and server-side enforcement.
docs/related-work-omnigent.md Research note comparing AgentTower vs Omnigent and extracting candidate ideas.
docs/integration-tiers.md Research note generalizing the tier model beyond the Omnigent comparison.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread openspec/changes/routing-policy-layers/design.md Outdated
Comment thread openspec/changes/routing-policy-layers/design.md Outdated
Comment thread openspec/changes/routing-policy-layers/design.md Outdated
Comment thread openspec/changes/README.md Outdated
- routing-policy-layers/design.md: resolve the contradictory resolution
  semantics — state the model is restrictive-only (deny-wins for
  allow/deny, min-wins for caps; global deny absolute), dropping the
  "most-specific-wins" wording that implied a specific allow could broaden.
- routing-policy-layers/design.md: correct FEAT-009 queue terminology —
  require-approval maps onto the `blocked` state released via
  `queue approve`; there is no `approved` state.
- routing-policy-layers/design.md: fix the `architecture.md` inline
  reference that had wrapped to `architecture. md`.
- agent-connection-tiers: add the missing .openspec.yaml + README.md for
  consistency with the other three changes in the family.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_015SpYMhCsyyGMEyNrxkWGCc
Copilot AI review requested due to automatic review settings June 18, 2026 14:29

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 1b79ffebb3

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread openspec/changes/routing-policy-layers/design.md Outdated
Comment thread openspec/changes/README.md Outdated
Comment thread openspec/changes/README.md Outdated
Comment thread openspec/changes/discovery-backends/proposal.md Outdated
Comment thread openspec/changes/routing-policy-layers/design.md Outdated
Comment thread openspec/changes/routing-policy-layers/design.md Outdated
Comment thread openspec/changes/app-collaboration/specs/app-collaboration/spec.md Outdated

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 27 out of 27 changed files in this pull request and generated 4 comments.

Comment thread openspec/changes/app-collaboration/specs/app-collaboration/spec.md Outdated
Comment thread openspec/changes/routing-policy-layers/specs/routing-policy/spec.md Outdated
Comment thread openspec/changes/routing-policy-layers/specs/routing-policy/spec.md Outdated
Comment thread openspec/changes/agent-connection-tiers/proposal.md Outdated
routing-policy-layers:
- reword Layered policy resolution to most-restrictive-wins across all
  layers (deny-wins/min-wins); scope order is attribution-only, not outcome
- name audit event tokens policy_allowed/policy_blocked/policy_held and
  scope policy audit to decisions where a user-defined policy participates,
  so the no-policy default path stays byte-identical (no extra events.jsonl)

app-collaboration:
- add default-observer + explicit server-side operator promotion (no client
  self-select; pre-role clients treated as observer); clarify it is a
  coordination control under same-host-UID, not a privilege boundary
- name the rejection error: FEAT-011 permission_denied with
  details.reason="observer_read_only" (no new code)

discovery-backends:
- drop Omnigent from the opening scope statement (Omnigent is the Tier-2
  hand-off in agent-connection-tiers, not a discovery backend)

agent-connection-tiers:
- rephrase the tooling note generically (no environment-specific detail)

openspec/changes/README.md:
- add owning bench per change (py-bench) per AGENTS.md Single-Bench
  Ownership; note app-collaboration's Flutter UI is a separate
  flutter-bench follow-up

All four changes pass `openspec validate --strict`.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_015SpYMhCsyyGMEyNrxkWGCc
@sonarqubecloud

Copy link
Copy Markdown

@brettheap brettheap merged commit 21de4f8 into main Jun 18, 2026
3 checks passed
@brettheap brettheap deleted the claude/agenttower-omnigent-comparison-4yf6hv branch June 18, 2026 14:38

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 55da825240

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment on lines +85 to +87
- **Backend #2 (host-only tmux):** enumerate the host user's tmux sockets
directly (no `docker exec`). Proves the interface and delivers the
long-deferred host-only discovery item.

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Define persistence for host-only panes

For the host-only tmux backend, there is no container to satisfy the current registry contract: I checked the shipped schema, and panes/agents require container fields such as container_id, container_name, and container_user while app/dashboard reads also join through containers. Because this design makes host-only tmux a reference backend but says the data model changes only for identity namespacing, an implementer either has to invent synthetic container rows that change observable container/app surfaces or cannot persist host panes at all; please define the target/container sentinel or schema transition before making this an acceptance requirement.

Useful? React with 👍 / 👎.

Comment on lines +56 to +62
1. **At upgrade (one-time, in the schema migration that adds `backend_id`):**
every existing `agents` / `panes` / `log_offsets` row is stamped
`backend_id = 'bench'` in a single transaction, because pre-namespacing
discovery could only have come from the bench-container substrate. The
migration is **idempotent** (guarded by the schema version) and **history-
preserving** (it rewrites the key column in place; it does not delete or
re-create rows, so events, offsets, and queue references stay attached).

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Stamp log attachments during backend migration

This migration plan stamps agents, panes, and log_offsets, but it leaves out log_attachments, which also stores the same pane composite key and is used for active attachment lookups and stale-attachment reconciliation. When backend_id becomes part of pane identity, existing FEAT-007 attachment rows would remain unnamespaced, so the promised history-preserving upgrade can lose or misassociate active attachments even though offsets and queue references survive.

Useful? React with 👍 / 👎.

Comment on lines +51 to +53
- **require-approval** — hold delivery until an operator approves. This maps onto
the existing FEAT-009 queue model: the message sits in the `blocked` state and
is released to `queued`/`delivered` via `agenttower queue approve` (FEAT-009's

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Extend queue block reasons for policy holds

When require-approval, rate caps, or quiet holds put a delivery into the FEAT-009 blocked queue path, the shipped message_queue.block_reason CHECK still only accepts the FEAT-009 reasons (sender_role_not_permitted, target failures, kill_switch_off, operator_delayed). Since the handoff only calls out adding a policies table/evaluator, the first policy-held row would either violate the schema or be mislabeled as an unrelated block reason; add the queue-row/audit reason extension to this design.

Useful? React with 👍 / 👎.

Comment on lines +68 to +72
When a user-defined policy participates in a decision, AgentTower emits one
`events.jsonl` record — `policy_allowed` / `policy_blocked` / `policy_held` —
carrying the deciding layer, the matched rule id, and the target/route. This
mirrors FEAT-010's `route_matched` / `route_skipped` auditability so the full
delivery chain stays inspectable via `agenttower events`.

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Make policy events queryable by agenttower events

This promises policy decisions stay inspectable via agenttower events, but the current CLI/socket events filters are closed to the FEAT-008 event types and events.list reads the SQLite events table, while this design only mentions emitting JSONL policy rows. In an implementation that follows these tasks, agenttower events --type policy_blocked will be rejected or return nothing even though policy_blocked was appended to JSONL; add the event-surface/schema work needed to expose these new audit types.

Useful? React with 👍 / 👎.

Comment on lines +36 to +39
AgentTower SHALL support delivery policy types that a router can enforce:
per-target rate caps, require-approval holds, allow/deny by source role and
capability, and target-busy / quiet holds. Policies SHALL NOT attempt to govern
an agent's own shell, file, or network actions.

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Define route-origin policy source semantics

For direct sends, “source role + capability” can mean the sending agent, but FEAT-010 route deliveries also have the event source, the arbitrated master/sender, and the route_id. Without specifying which identity a source allow/deny evaluates for route-origin queue rows, a policy like “deny shell sources” can either block based on the slave that emitted the event or allow based on the master chosen to deliver it, producing inconsistent enforcement across direct and route deliveries.

Useful? React with 👍 / 👎.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants