Fix trigger matching and add network policies

- Trigger only matches when nick is at start of message, not mid-text Fixes: "coder: say hi to worker" no longer triggers worker - Network policies per agent: "full" (default), "local" (LAN only), "none" (IRC+Ollama only) Configured via template "network" field, applied as iptables rules per agent IP Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-07 13:45:05 +00:00
parent 6fc6e89917
commit 36af68da90
3 changed files with 91 additions and 3 deletions
--- a/src/agent-manager.ts
+++ b/src/agent-manager.ts
@@ -19,6 +19,9 @@ import {
  createTap,
  deleteTap,
  macFromOctet,
+  applyNetworkPolicy,
+  removeNetworkPolicy,
+  type NetworkPolicy,
 } from "./network.js";
 import * as api from "./firecracker-api.js";

@@ -42,6 +45,7 @@ interface AgentTemplate {
  model: string;
  trigger: string;
  persona: string;
+  network?: NetworkPolicy;
 }

 const AGENTS_FILE = join(CONFIG.baseDir, "agents.json");
@@ -299,6 +303,10 @@ export async function startAgent(
  );
  await api.startInstance(socketPath);

+  // Apply network policy
+  const networkPolicy: NetworkPolicy = template.network ?? "full";
+  applyNetworkPolicy(ip, networkPolicy);
+
  const info: AgentInfo = {
    name,
    nick,
@@ -366,10 +374,11 @@ export async function stopAgent(name: string) {
  // Small delay to let kernel release the tap device
  await new Promise((r) => setTimeout(r, 500));

-  // Cleanup with retry for tap
+  // Cleanup
  try {
    unlinkSync(info.socketPath);
  } catch {}
+  removeNetworkPolicy(info.ip);
  for (let attempt = 0; attempt < 3; attempt++) {
    try {
      deleteTap(info.tapDevice);