Implement the main orchestration loop that coordinates all components:
- Queue processing with priority sorting (issues by number)
- Integration with ContextMonitor for tracking agent context usage
- Integration with QualityOrchestrator for running quality gates
- Integration with ForcedContinuationService for rejection prompts
- Metrics tracking (processed_count, success_count, rejection_count)
- Graceful start/stop with proper lifecycle management
- Error handling at all levels (spawn, context, quality, continuation)
The OrchestrationLoop flow:
1. Read issue queue (priority sorted by issue number)
2. Mark issue as in progress
3. Spawn agent (stub implementation for Phase 0)
4. Check context usage via ContextMonitor
5. Run quality gates via QualityOrchestrator
6. On approval: mark complete, increment success count
7. On rejection: generate continuation prompt, increment rejection count
99% test coverage for coordinator.py (183 statements, 2 missed).
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add comprehensive test suite for OrchestrationLoop class that integrates:
- Queue processing with priority sorting
- Agent assignment (50% rule)
- Quality gate verification on completion claims
- Rejection handling with forced continuation prompts
- Context monitoring during agent execution
- Lifecycle management (start/stop)
- Error handling for all edge cases
- Metrics tracking (processed, success, rejection counts)
33 new tests covering all acceptance criteria.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Fixed code review findings:
- Removed unused imports (AsyncMock, MagicMock)
- Fixed line length violation in test_forced_continuation.py
All 15 tests still passing after fixes.
Implement comprehensive test suite for four core quality gates:
- BuildGate: Tests mypy type checking enforcement
- LintGate: Tests ruff linting with warnings as failures
- TestGate: Tests pytest execution requiring 100% pass rate
- CoverageGate: Tests coverage enforcement with 85% minimum
All tests follow TDD methodology - written before implementation.
Total: 36 tests covering success, failure, and edge cases.
Related to #147
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Add comprehensive cost optimization test scenarios and validation report.
Test Scenarios Added (10 new tests):
- Low difficulty assigns to MiniMax/GLM (free agents)
- Medium difficulty assigns to GLM when within capacity
- High difficulty assigns to Opus (only capable agent)
- Oversized issues rejected with actionable error
- Boundary conditions at capacity limits
- Aggregate cost optimization across all scenarios
Results:
- All 33 tests passing (23 existing + 10 new)
- 100% coverage of agent_assignment.py (36/36 statements)
- Cost savings validation: 50%+ in aggregate scenarios
- Real-world projection: 70%+ savings with typical workload
Documentation:
- Created cost-optimization-validation.md with detailed analysis
- Documents cost savings for each scenario
- Validates all acceptance criteria from COORD-006
Completes Phase 2 (M4.1-Coordinator) testing requirements.
Fixes#146
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Implements the Coordinator class with main orchestration loop:
- Async loop architecture with configurable poll interval
- process_queue() method gets next ready issue and spawns agent (stub)
- Graceful shutdown handling with stop() method
- Error handling that allows loop to continue after failures
- Logging for all actions (start, stop, processing, errors)
- Integration with QueueManager from #159
- Active agent tracking for future agent management
Configuration settings added:
- COORDINATOR_POLL_INTERVAL (default: 5.0s)
- COORDINATOR_MAX_CONCURRENT_AGENTS (default: 10)
- COORDINATOR_ENABLED (default: true)
Tests: 27 new tests covering all acceptance criteria
Coverage: 92% overall (100% for coordinator.py)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add Capability enum (HIGH, MEDIUM, LOW) for agent difficulty levels
- Add AgentName enum for all 5 agents (opus, sonnet, haiku, glm, minimax)
- Implement AgentProfile data structure with validation
- context_limit: max tokens for context window
- cost_per_mtok: cost per million tokens (0 for self-hosted)
- capabilities: list of difficulty levels the agent handles
- best_for: description of optimal use cases
- Define profiles for all 5 agents with specifications:
- Anthropic models (opus, sonnet, haiku): 200K context, various costs
- Self-hosted models (glm, minimax): 128K context, free
- Implement get_agent_profile() function for profile lookup
- Add comprehensive test suite (37 tests, 100% coverage)
- Profile data structure validation
- All 5 predefined profiles exist and are correct
- Capability enum and AgentName enum tests
- Best_for validation and capability matching
- Consistency checks across profiles
Fixes#144
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Implements ContextMonitor class with real-time token usage tracking:
- COMPACT_THRESHOLD at 0.80 (80% triggers compaction)
- ROTATE_THRESHOLD at 0.95 (95% triggers rotation)
- Poll Claude API for context usage
- Return appropriate ContextAction based on thresholds
- Background monitoring loop (10-second polling)
- Log usage over time
- Error handling and recovery
Added ContextUsage model for tracking agent token consumption.
Tests:
- 25 test cases covering all functionality
- 100% coverage for context_monitor.py and models.py
- Mocked API responses for different usage levels
- Background monitoring and threshold detection
- Error handling verification
Quality gates:
- Type checking: PASS (mypy)
- Linting: PASS (ruff)
- Tests: PASS (25/25)
- Coverage: 100% for new files, 95.43% overall
Fixes#155
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Add .dockerignore to exclude node_modules, dist, and build artifacts
- Add pre/post build directory listings to diagnose dist not found issue
- Disable turbo cache temporarily with --force flag
- Add --verbosity=2 for more detailed turbo output
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Docker COPY replaces directory contents, so copying source code
after node_modules was wiping the deps. Reordered to:
1. Copy source code first
2. Copy node_modules second (won't be overwritten)
Fixes API build failure: "dist not found"
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Modules using AuthGuard in their controllers need to import AuthModule
to make AuthService available for dependency injection.
Fixed:
- ActivityModule
- WorkspaceSettingsModule
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Issues fixed:
1. Module not found: Added missing copy of apps/{api,web}/node_modules
which contains pnpm symlinks to the root node_modules
2. Healthcheck syntax: Fixed broken quoting from prettier reformatting
Changed to CMD-SHELL with proper escaping
3. Removed obsolete version: "3.9" from docker-compose.yml
The apps need their own node_modules directories because pnpm uses
symlinks that point from apps/*/node_modules to node_modules/.pnpm/*
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Fixed the mismatch between environment variables:
- docker-compose now passes PORT (what NestJS/Next.js read) instead of API_PORT
- API_PORT/WEB_PORT control host mapping, PORT controls container
Changes:
- docker-compose: Pass PORT=${API_PORT} and PORT=${WEB_PORT} to containers
- docker-compose: Dynamic port mapping on both host and container sides
- docker-compose: Traefik labels use ${API_PORT}/${WEB_PORT} variables
- docker-compose: Healthchecks use PORT env var
- Dockerfiles: Removed hardcoded port values
- Dockerfiles: Healthchecks read PORT at runtime
This allows changing ports via API_PORT/WEB_PORT environment variables
and have all components (app, healthcheck, Traefik) use the correct port.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Added cache mounts for:
- pnpm store: Caches downloaded packages between builds
- TurboRepo: Caches build outputs between builds
This significantly speeds up subsequent builds:
- First build: Full download and compile
- Subsequent builds: Only changed packages are re-downloaded/rebuilt
Requires Docker BuildKit (default in Docker 23+).
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The production stage was failing because it tried to copy the public
directory which doesn't exist in the source. Added mkdir -p to ensure
the directory exists (even if empty) before the production stage
tries to copy it.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
pnpm stores the Prisma client in the content-addressable store at
node_modules/.pnpm/.../.prisma, not at apps/api/node_modules/.prisma.
The production stage was trying to copy from the wrong location.
Additionally, running `pnpm install --prod` in production failed because:
1. The husky prepare script runs but husky is a devDependency
2. The Prisma client postinstall can't run without the prisma CLI
Fixed by copying the full node_modules from the builder stage, which
already has all dependencies properly installed and the Prisma client
generated in the correct pnpm store location.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The Docker builds were failing because they ran `pnpm build` directly
in the app directories without first building workspace dependencies
(@mosaic/shared, @mosaic/ui). CI passed because it runs TurboRepo
from the root which respects the dependency graph.
Changed both Dockerfiles to use `pnpm turbo build --filter=@mosaic/{app}`
which ensures dependencies are built in the correct order:
- Web: @mosaic/config → @mosaic/shared → @mosaic/ui → @mosaic/web
- API: @mosaic/config → @mosaic/shared → prisma:generate → @mosaic/api
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add genericOAuth plugin to auth.config.ts with Authentik provider
- Fix LoginButton to use /auth/signin/authentik (not /auth/callback/)
- Add production URLs to trustedOrigins
- Update .env.example with correct redirect URI documentation
Redirect URI for Authentik: https://api.mosaicstack.dev/auth/callback/authentik
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add input sanitization to prevent LLM prompt injection
(escapes quotes, backslashes, replaces newlines)
- Add MaxLength(500) validation to DTO to prevent DoS
- Add entity validation to filter malicious LLM responses
- Add confidence validation to clamp values to 0.0-1.0
- Make LLM model configurable via INTENT_CLASSIFICATION_MODEL env var
- Add 12 new security tests (total: 72 tests, from 60)
Security fixes identified by code review:
- CVE-mitigated: Prompt injection via unescaped user input
- CVE-mitigated: Unvalidated entity data from LLM response
- CVE-mitigated: Missing input length validation
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Implement REST API endpoints for managing LLM provider instances.
Changes:
- Created DTOs for provider CRUD operations (CreateLlmProviderDto, UpdateLlmProviderDto, LlmProviderResponseDto)
- Implemented LlmProviderAdminController with full CRUD endpoints:
- GET /llm/admin/providers - List all providers
- GET /llm/admin/providers/:id - Get provider details
- POST /llm/admin/providers - Create new provider
- PATCH /llm/admin/providers/:id - Update provider
- DELETE /llm/admin/providers/:id - Delete provider
- POST /llm/admin/providers/:id/test - Test connection
- POST /llm/admin/reload - Reload from database
- Updated llm-manager.service.ts to support OpenAI and Claude providers
- Added comprehensive test suite with 97.95% coverage
- Proper validation, error handling, and type safety
All tests pass. Pre-commit hooks pass.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Implement Anthropic Claude provider for Claude Opus, Sonnet, and Haiku models.
Implementation details:
- Created ClaudeProvider class implementing LlmProviderInterface
- Added @anthropic-ai/sdk npm package integration
- Implemented chat completion with streaming support
- Claude-specific message format (system prompt separate from messages)
- Static model list (Claude API doesn't provide list models endpoint)
- Embeddings throw error as Claude doesn't support native embeddings
- Added OpenTelemetry tracing with @TraceLlmCall decorator
- 100% statement, function, and line coverage (79% branch coverage)
Tests:
- Created comprehensive test suite with 20 tests
- All tests follow TDD pattern (written before implementation)
- Tests cover initialization, health checks, chat, streaming, and error handling
- Mocked Anthropic SDK client for isolated unit testing
Quality checks:
- All tests pass (1131 total tests across project)
- ESLint passes with no errors
- TypeScript type checking passes
- Follows existing code patterns from OpenAI and Ollama providers
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Implement OpenAI provider for GPT-4, GPT-3.5, and other OpenAI models.
Implementation includes:
- OpenAI SDK integration with API key authentication
- Chat completion with streaming support
- Embeddings generation
- Health checks and model listing
- OpenTelemetry tracing
- Comprehensive test suite with 97% coverage
Follows TDD methodology:
- Written tests first (RED phase)
- Implemented minimal code to pass tests (GREEN phase)
- Code passes typecheck, linter, and all quality gates
Test coverage: 97.18% statements, 97.05% lines
All 22 tests passing
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add database-backed quality gate configuration for workspaces with
full CRUD operations and default gate seeding.
Schema:
- Add QualityGate model with workspace relation
- Support for custom commands and regex patterns
- Enable/disable and ordering support
Service:
- CRUD operations for quality gates
- findEnabled: Get ordered, enabled gates
- reorder: Bulk reorder with transaction
- seedDefaults: Seed 4 default gates
- toOrchestratorFormat: Convert to orchestrator interface
Endpoints:
- GET /workspaces/:id/quality-gates - List
- GET /workspaces/:id/quality-gates/:gateId - Get one
- POST /workspaces/:id/quality-gates - Create
- PATCH /workspaces/:id/quality-gates/:gateId - Update
- DELETE /workspaces/:id/quality-gates/:gateId - Delete
- POST /workspaces/:id/quality-gates/reorder
- POST /workspaces/:id/quality-gates/seed-defaults
Default gates: Build, Lint, Test, Coverage (85%)
Tests: 25 passing with 95.16% coverage
Fixes#135
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Implement MCP Phase 1 infrastructure for agent tool integration with
central hub, tool registry, and STDIO transport layers.
Components:
- McpHubService: Central registry for MCP server lifecycle
- StdioTransport: STDIO process communication with JSON-RPC 2.0
- ToolRegistryService: Tool catalog management
- McpController: REST API for MCP management
Endpoints:
- GET/POST /mcp/servers - List/register servers
- POST /mcp/servers/:id/start|stop - Lifecycle control
- DELETE /mcp/servers/:id - Unregister
- GET /mcp/tools - List tools
- POST /mcp/tools/:name/invoke - Invoke tool
Features:
- Full JSON-RPC 2.0 protocol support
- Process lifecycle management
- Buffered message parsing
- Type-safe with no explicit any types
- Proper cleanup on shutdown
Tests: 85 passing with 90.9% coverage
Fixes#132
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Implement Personality system backend with database schema, service,
controller, and comprehensive tests. Personalities define assistant
behavior with system prompts and LLM configuration.
Changes:
- Update Personality model in schema.prisma with LLM provider relation
- Create PersonalitiesService with CRUD and default management
- Create PersonalitiesController with REST endpoints
- Add DTOs with validation (create/update)
- Add entity for type safety
- Remove unused PromptFormatterService
- Achieve 26 tests with full coverage
Endpoints:
- GET /personality - List all
- GET /personality/default - Get default
- GET /personality/by-name/:name - Get by name
- GET /personality/:id - Get one
- POST /personality - Create
- PATCH /personality/:id - Update
- DELETE /personality/:id - Delete
- POST /personality/:id/set-default - Set default
Fixes#130
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Refactor LlmService to delegate to LlmManagerService instead of using
Ollama directly. This enables multiple provider support and user-specific
provider configuration.
Changes:
- Remove direct Ollama client from LlmService
- Delegate all LLM operations to provider via LlmManagerService
- Update health status to use provider-agnostic interface
- Add PrismaModule to LlmModule for manager service
- Maintain backward compatibility with existing API
- Achieve 89.74% test coverage
Fixes#127
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Implemented centralized service for managing multiple LLM provider instances.
Architecture:
- LlmManagerService manages provider lifecycle and selection
- Loads provider instances from Prisma database on startup
- Maintains in-memory registry of active providers
- Factory pattern for provider instantiation
Core Features:
- Database integration via PrismaService
- Provider initialization on module startup (OnModuleInit)
- Get provider by ID
- Get all active providers
- Get system default provider
- Get user-specific provider with fallback to system default
- Health check all registered providers
- Dynamic registration/unregistration (hot reload)
- Reload from database without restart
Provider Selection Logic:
- User-level providers: userId matches, is enabled
- System-level providers: userId is NULL, is enabled
- Fallback: system default if no user provider found
- Graceful error handling with detailed logging
Integration:
- Added to LlmModule providers and exports
- Uses PrismaService for database queries
- Factory creates OllamaProvider from config
- Extensible for future providers (Claude, OpenAI)
Testing:
- 31 comprehensive unit tests
- 93.05% code coverage (exceeds 85% requirement)
- All error scenarios covered
- Proper mocking of dependencies
Quality Gates:
- ✅ All 31 tests passing
- ✅ 93.05% coverage
- ✅ Linting clean
- ✅ Type checking passed
- ✅ Code review approved
Fixes#126
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Implemented first concrete LLM provider following the provider interface pattern.
Implementation:
- OllamaProvider class implementing LlmProviderInterface
- All required methods: initialize(), checkHealth(), listModels(), chat(), chatStream(), embed(), getConfig()
- OllamaProviderConfig extending LlmProviderConfig
- Proper error handling with NestJS Logger
- Configuration immutability protection
Features:
- System prompt injection support
- Temperature and max tokens configuration
- Embedding with truncation control (defaults to enabled)
- Streaming and non-streaming chat completions
- Health check with model listing
Testing:
- 21 comprehensive test cases (TDD approach)
- 100% statement, function, and line coverage
- 86.36% branch coverage (exceeds 85% requirement)
- All error scenarios tested
- Mock-based unit tests
Code Review Fixes:
- Fixed truncate logic to match original LlmService behavior (defaults to true)
- Added test for system prompt deduplication
- Increased branch coverage from 77% to 86%
Quality Gates:
- ✅ All 21 tests passing
- ✅ Linting clean
- ✅ Type checking passed
- ✅ Code review approved
Fixes#123
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
