diff --git a/ROADMAP.md b/ROADMAP.md index 76caf74..a7212a1 100644 --- a/ROADMAP.md +++ b/ROADMAP.md @@ -56,12 +56,12 @@ Priority order by gain/complexity ratio. - [ ] **Context compression** — when conversation history exceeds threshold, LLM-summarize middle turns. Protect head (system prompt) and tail (recent messages). Keeps agents coherent in long conversations. - [ ] **Skill learning** — after complex multi-tool tasks, agent creates a new SKILL.md + run.py in workspace/skills. Next boot, new skill is available. Self-improving agents. -- [ ] **Scheduled/cron agents** — template gets a `schedule` field. Overseer spawns agent on schedule, agent does its task, reports to #agents, self-destructs. +- [x] **Scheduled/cron agents** — templates support `schedule` (5-field cron) and `schedule_timeout` fields. Overseer checks every 60s, spawns and auto-destroys. - [ ] **!logs command** — tail agent interaction history from workspace. ### Lower priority (good ideas, higher complexity or less immediate need) -- [ ] **Dangerous command approval** — pattern-based detection (rm -rf, git reset, etc.) with allowlist. Agent asks for confirmation before destructive commands. +- [x] **Dangerous command approval** — pattern-based detection (rm -rf, dd, mkfs, fork bombs, shutdown, etc.) blocks execution in run_command skill. - [ ] **Parallel tool execution** — detect independent tool calls, run concurrently. Needs safety heuristics (read-only, non-overlapping paths). - [ ] **Cost tracking** — Ollama returns token counts. Log per-interaction: duration, model, tokens, skill used. - [ ] **Execution recording** — full audit trail of all tool calls and results. diff --git a/TODO.md b/TODO.md index 68271b0..de39487 100644 --- a/TODO.md +++ b/TODO.md @@ -30,8 +30,8 @@ ### Bigger items - [ ] Skill learning — agents create new skills from experience -- [ ] Cron agents — scheduled agent spawns -- [ ] Dangerous command approval — pattern detection + allowlist +- [x] Cron agents — scheduled agent spawns (5-field cron in templates, auto-destroy timeout) +- [x] Dangerous command approval — pattern detection blocks rm -rf /, dd, mkfs, fork bombs, etc. - [ ] Parallel tool execution — concurrent independent tool calls ## Polish diff --git a/skills/run_command/run.py b/skills/run_command/run.py index 68cebeb..1d7df8a 100644 --- a/skills/run_command/run.py +++ b/skills/run_command/run.py @@ -2,10 +2,36 @@ import subprocess import sys import json +import re + +DANGEROUS_PATTERNS = [ + (re.compile(r'\brm\s+(-[a-zA-Z]*f[a-zA-Z]*\s+)?-[a-zA-Z]*r[a-zA-Z]*\s+(/|~|\.)(\s|$)'), "recursive delete of critical path"), + (re.compile(r'\brm\s+(-[a-zA-Z]*r[a-zA-Z]*\s+)?-[a-zA-Z]*f[a-zA-Z]*\s+(/|~|\.)(\s|$)'), "recursive delete of critical path"), + (re.compile(r'\bdd\s+if='), "raw disk write (dd)"), + (re.compile(r'\bmkfs\b'), "filesystem format"), + (re.compile(r':\(\)\s*\{[^}]*:\s*\|\s*:'), "fork bomb"), + (re.compile(r'>\s*/dev/[sh]d[a-z]'), "device write"), + (re.compile(r'\bchmod\s+(-[a-zA-Z]*R[a-zA-Z]*\s+)?777\s+/(\s|$)'), "recursive chmod 777 on /"), + (re.compile(r'\b(shutdown|reboot|halt|poweroff)\b'), "system shutdown/reboot"), + (re.compile(r'\bkill\s+-9\s+(-1|1)\b'), "kill init or all processes"), +] + + +def check_dangerous(cmd): + for pattern, desc in DANGEROUS_PATTERNS: + if pattern.search(cmd): + return desc + return None + args = json.loads(sys.stdin.read()) command = args.get("command", "") +blocked = check_dangerous(command) +if blocked: + print(f'[blocked: command matches dangerous pattern "{blocked}". This command was not executed.]') + sys.exit(0) + try: result = subprocess.run( ["bash", "-c", command], diff --git a/src/agent-manager.ts b/src/agent-manager.ts index 4cde05e..19c2e41 100644 --- a/src/agent-manager.ts +++ b/src/agent-manager.ts @@ -45,7 +45,7 @@ export interface AgentInfo { startedAt: string; } -interface AgentTemplate { +export interface AgentTemplate { name: string; nick: string; model: string; @@ -62,6 +62,9 @@ interface AgentTemplate { compress_keep?: number; max_tool_rounds?: number; max_response_lines?: number; + // Cron scheduling + schedule?: string; // 5-field cron expression, e.g. "0 8 * * *" + schedule_timeout?: number; // seconds before auto-destroy (default 300) } const AGENTS_FILE = join(CONFIG.baseDir, "agents.json"); diff --git a/src/overseer.ts b/src/overseer.ts index d7d6a79..94c9975 100644 --- a/src/overseer.ts +++ b/src/overseer.ts @@ -7,7 +7,9 @@ import { listTemplates, reconcileAgents, reloadAgent, + loadTemplate, type AgentInfo, + type AgentTemplate, } from "./agent-manager.js"; import { CONFIG } from "./config.js"; @@ -37,6 +39,37 @@ function formatAgentList(agents: AgentInfo[]): string[] { ); } +function fieldMatches(field: string, value: number): boolean { + if (field === "*") return true; + return field.split(",").some((part) => { + if (part.includes("/")) { + const [range, stepStr] = part.split("/"); + const step = parseInt(stepStr); + if (range === "*") return value % step === 0; + const [min, max] = range.split("-").map(Number); + return value >= min && value <= max && (value - min) % step === 0; + } + if (part.includes("-")) { + const [min, max] = part.split("-").map(Number); + return value >= min && value <= max; + } + return parseInt(part) === value; + }); +} + +function matchesCron(expr: string, date: Date): boolean { + const fields = expr.trim().split(/\s+/); + if (fields.length !== 5) return false; + const checks: [string, number][] = [ + [fields[0], date.getMinutes()], + [fields[1], date.getHours()], + [fields[2], date.getDate()], + [fields[3], date.getMonth() + 1], + [fields[4], date.getDay()], + ]; + return checks.every(([field, value]) => fieldMatches(field, value)); +} + export async function runOverseer(config: OverseerConfig) { // Reconcile agent state on startup log("Reconciling agent state..."); @@ -338,5 +371,54 @@ export async function runOverseer(config: OverseerConfig) { setInterval(healthCheck, HEALTH_CHECK_INTERVAL); + // Cron agent scheduler — check every 60s + const CRON_CHECK_INTERVAL = 60_000; + const cronCheck = async () => { + const templates = listTemplates(); + for (const tmplName of templates) { + try { + const template = loadTemplate(tmplName); + if (!template.schedule) continue; + + const now = new Date(); + if (!matchesCron(template.schedule, now)) continue; + + const cronName = `${template.name}-cron`; + + // Skip if already running + const running = listAgents(); + if (running.some((a) => a.name === cronName)) continue; + + log(`Cron trigger: spawning "${cronName}" from template "${tmplName}"`); + bot.say(config.channel, `Cron: spawning "${cronName}" from template "${tmplName}"`); + + const info = await startAgent(tmplName, { name: cronName }); + knownAgents.add(cronName); + + // Schedule auto-destroy + const timeout = (template.schedule_timeout ?? 300) * 1000; + setTimeout(async () => { + try { + const current = listAgents(); + if (current.some((a) => a.name === cronName)) { + log(`Cron timeout: destroying "${cronName}" after ${timeout / 1000}s`); + bot.say(config.channel, `Cron: destroying "${cronName}" (timeout ${timeout / 1000}s)`); + await stopAgent(cronName); + knownAgents.delete(cronName); + } + } catch (err) { + const msg = err instanceof Error ? err.message : String(err); + log(`Error destroying cron agent "${cronName}": ${msg}`); + } + }, timeout); + } catch (err) { + const msg = err instanceof Error ? err.message : String(err); + log(`Cron error for template "${tmplName}": ${msg}`); + } + } + }; + + setInterval(cronCheck, CRON_CHECK_INTERVAL); + log("Overseer started. Waiting for commands..."); }