feat: [ENG-2859] background sub-agent dispatch for brv curate by cuongdo-byterover · Pull Request #753 · campfirein/byterover-cli

cuongdo-byterover · 2026-06-02T03:04:03Z

Summary

Problem: In tool-mode, brv curate is a multi-step session (kickoff → author HTML → continuation → validate, up to 4 attempts) that BLOCKS the user's conversation for ~10-60s per topic. The earlier "instruction-only + permission allowlist" attempt failed in field tests — the main agent kept running curates inline instead of dispatching.
Why it matters: Bootstrap flows (repo scans, onboarding) produce 10-50+ substantive facts. Inline curates compound to minutes of blocked conversation. Background sub-agent dispatch is the only way to keep the user's turn snappy while still saving everything.
What changed: Adds a saved brv-curate sub-agent for Claude Code (.claude/agents/brv-curate.md) and Codex (.codex/agents/brv-curate.toml), each carrying the full session protocol. Skill docs make background dispatch the default. brv connectors install deploys the agent file alongside the skill markdown files.
What did NOT change (scope boundary): Hermes / OpenClaw provider paths (Hermes migration to HTML + --format json is a separate plan). No brv daemon-side or CLI core changes — this PR is templates + connector wiring only. --detach and PostWorkRegistry are untouched.

Type of change

Scope (select all touched areas)

(Also: skill templates under src/server/templates/{skill,agent}/ — no checkbox above matches exactly; closest is "Hub / Connectors" since they ship through SkillConnector.)

Linked issues

Closes ENG-2859
Related: N/A

Root cause (bug fixes only, otherwise write `N/A`)

N/A — this is a feature PR, not a bug fix.

Test plan

Coverage added:
- Unit test
- Integration test
- Manual verification only
Test file(s):
- test/unit/infra/connectors/skill/skill-connector.test.ts (5 new tests, 44 total — all passing)
Key scenario(s) covered:
- install() deploys .claude/agents/brv-curate.md for Claude Code
- install() deploys .codex/agents/brv-curate.toml for Codex
- install() does NOT create an agents/ directory for surfaces without an agentFile config (Cursor as the reference case)
- status() reports not-installed when the skill files are present but the agent file has been removed (partial-install detection)
- uninstall() removes the agent file alongside the skill directory

User-visible changes

brv connectors install for Claude Code now also writes .claude/agents/brv-curate.md.
brv connectors install for Codex now also writes .codex/agents/brv-curate.toml.
brv connectors uninstall removes the agent file in addition to the skill directory.
Claude Code and Codex sessions get a new spawnable sub-agent named brv-curate that runs the full brv curate session detached from the calling conversation.
Skill prose (visible to LLMs reading SKILL.md / curate.md) now tells the calling agent to default to background dispatch for substantive curates.
No new flags on the brv CLI; no config-file changes required.

Evidence

Failing test/log before + passing after — connector unit suite green at 44/44 after the changes (5 new tests cover the new install/status/uninstall paths)
Trace/log snippets — pending live end-to-end run from a fresh Claude Code session
Screenshot/recording — N/A, this is a non-UI change

Checklist

Tests added or updated and passing (verified mocha skill-connector.test.ts — full npm test not run by me; please confirm in CI)
Lint passes — lint-staged + npm run lint:fix ran clean during commit
Type check passes (npx tsc --noEmit clean)
Build succeeds (npm run build) — not run by me; please confirm in CI
Commits follow Conventional Commits format (single commit, feat: [ENG-2859] ...)
Documentation updated (SKILL.md, curate.md)
No breaking changes (additive: new optional agentFile field on SkillConnectorConfig, two new template files, two new skill sections)
Branch is up to date with main (merged main into feat/ENG-2859 — d22c1f54b)

Risks and mitigations

Risk: Bypassing Claude Code's permission prompts via permissionMode: bypassPermissions in the saved agent could over-permit if the tools allowlist drifts.
- Mitigation: The allowlist is narrow (Bash, Read, Write, Edit, Grep, Glob) and the agent's hard-constraints forbid brv review approve|reject (HITL stays human-driven), nested sub-agents, --detach, and writes outside /tmp/. Any future widening of tools requires a deliberate change to the template.
Risk: Codex's sandbox_mode = "workspace-write" is broader than a tools allowlist — the worker can write anywhere in the workspace.
- Mitigation: The agent body still pins the envelope to /tmp/brv-curate-envelope-<sessionId>.json and forbids writes elsewhere via the hard-constraints list. Codex doesn't expose a finer-grained capability gate today.
Risk: Installer silently creates .claude/agents/ or .codex/agents/ directories in user repos.
- Mitigation: Only happens when the user explicitly runs brv connectors install <Claude Code|Codex>. uninstall cleans the file (not the directory — left intact for the user's other agents).
Risk: The live end-to-end (fresh Claude Code session, no main-agent inline rescue) has NOT been re-verified after the saved-agent restructure.
- Mitigation: Deer-flow test environment is set up at /Users/cuong/workspaces/deer-flow/.claude/agents/brv-curate.md. Manual smoke is the one open DoD item on ENG-2859 — do not merge before that passes.
Risk: Skill prose tells the LLM to dispatch by default; LLMs may still occasionally run curates inline.
- Mitigation: SKILL.md's decision table is the in-context guide (always loaded); curate.md's ## Background Execution reinforces with the explicit five-exception list. If field tests show continued non-compliance, the next step is making it a hard rule rather than a default.

Adds a saved `brv-curate` sub-agent that runs `brv curate` sessions detached from the calling conversation, so substantive curates (10-60s each) stop blocking the user's prompt. Two surface-specific definitions ship under src/server/templates/agent/: brv-curate.md — Claude Code: permissionMode: bypassPermissions, tools: Bash/Read/Write/Edit/Grep/Glob, background: true, model: inherit brv-curate.toml — Codex: sandbox_mode = "workspace-write", developer_instructions carrying the full body Both carry the same operational protocol — per-fact session loop, /tmp envelope file via --response-file, path-exists merge, retry cap, return shape. The /tmp pin is load-bearing: background sub-agents have permission prompts auto-denied (Claude) or are sandbox-gated (Codex), and only the writable sandbox area (/tmp) is pre-authorized. Skill docs updated to make dispatch the DEFAULT for substantive curates (not opt-in): curate.md `## Background Execution` — dispatch shape per surface + saved-agent file walkthroughs + deployment table SKILL.md `## Curate Dispatch` — decision table (1 / 2-5 / 6+ facts) right after the Iron Law, so the calling agent routes correctly without opening curate.md first SkillConnector deploys the sub-agent file automatically on `brv connectors install`: Claude Code → .claude/agents/brv-curate.md Codex → .codex/agents/brv-curate.toml Other surfaces (Cursor, Windsurf, etc.) leave the agents dir untouched. Mechanism: optional `agentFile: {source, target}` on SkillConnectorConfig, set only on Claude Code and Codex. status() reports incomplete when the agent file is missing; uninstall() removes the agent file before the skill directory. 5 new unit tests cover deploy / no-op / partial-install / uninstall cleanup (44/44 green).

github-actions · 2026-06-02T03:04:36Z

Claude finished @cuongdo-byterover's task in 4m 1s —— View job

PR Review: feat: [ENG-2859] background sub-agent dispatch for `brv curate`

Overall score: 4 / 5 — Solid, well-scoped, well-tested. Two prose inconsistencies in the worker definitions are worth a quick pass before the live smoke item lands, but the connector code itself is clean and the test additions land in the right places.

What works

Scope is right. Templates + connector wiring only; no daemon, CLI, or --detach changes. The "what did NOT change" boundary in the PR body is accurate.
Connector contract is consistent. agentFile is an optional config field, install / status / uninstall each treat agent-file presence as part of the install marker (so partial installs surface as "not installed" and re-install repairs). Test at test/unit/infra/connectors/skill/skill-connector.test.ts:551 exercises exactly this case.
Cursor negative test (line 462) is the right shape: confirms the absence of agentFile produces no .cursor/agents/ directory side-effect.
Build-out is automatic. package.json:209 already runs shx cp -r src/server/templates dist/server/templates, so the new templates/agent/* files ship in the npm package without a manifest change.
Dispatch-vs-inline decision table in SKILL.md is concrete (1, 2–5, 6+, trivial) — that's the kind of guidance an LLM actually follows.

Issues to address

#	Severity	File	Concern
1	medium	`templates/agent/brv-curate.md:68,144`	"Auto-denied silently outside `/tmp/`" contradicts `permissionMode: bypassPermissions` (per `curate.md:110` the mode "skips the prompts entirely"). Rationale for pinning `/tmp/` should be sandbox portability + hygiene, not auto-deny.
2	medium	`templates/agent/brv-curate.toml:11-17`	Codex `workspace-write` permits writes to `cwd` + `$TMPDIR`. On macOS `$TMPDIR` is `/var/folders/...`, not `/tmp` — pinning the envelope to `/tmp/` may sandbox-fail. This is one of the open "live smoke" DoD items.
3	low	`test/.../skill-connector.test.ts:46`	The existing test enumerates every `templates/skill/*.md`. Add a sibling that asserts every `agentFile.source` referenced in `SKILL_CONNECTOR_CONFIGS` actually exists in `templates/agent/`, so a future template rename can't silently break install.
4	nit	`skill-connector.ts:127-142`	Partial-install failure message is generic. A two-line note on "skill files written, agent file failed" would speed user diagnosis. The repair path already works.
5	nit	`skill-connector-config.ts:15-18`	`target` carries a path-with-filename while `source` carries a filename. Splitting into `targetDir` + reusing `source` removes the "keep the basenames in sync" invariant. Pure ergonomics.
6	nit	`templates/skill/curate.md:144-154`	Permission-rule recommendations don't clarify they're for the non-saved-agent fallback path; with `bypassPermissions` they're dead config. A one-line callout would prevent users from thinking the allow-list alone unlocks background dispatch.

Security & correctness check

No new attack surface in the connector. agentFile.target is read from a const config, not from user input — no path-traversal risk.
Overwrite-by-default for the agent file matches the existing skill-file pattern. Users with a hand-tuned brv-curate.md/.toml will lose their changes on re-install. That's consistent with how skill files behave; documented behavior of the connector is "managed files."
HITL stays human-driven. Both agent bodies explicitly forbid brv review approve|reject in the hard-constraints lists. ✅
No nested sub-agent spawning. Forbidden in the hard-constraints. ✅
--detach forbidden in the worker. ✅ — correct, since the worker is already detached and double-detach orphans.

Verification status

✅ Connector unit suite changes are well-scoped (5 new tests, partial-install + lifecycle covered).
⚠️ Did not run npm test / npm run build here. PR body flags both as "please confirm in CI."
⚠️ Live end-to-end on a fresh Claude Code (and macOS Codex) session is the one open DoD item per ENG-2859. Concerns Feat/init #1 and Feat/refactor structure #2 above are most likely to surface there.

Todos

cuongdo-byterover · 2026-06-02T03:23:48Z

Review triage — applied in `560ed8371`

Thanks for the careful pass. Triage:

#	Status	Note
1	✅ Fixed	Reworded the auto-deny rationale in both worker templates (and the TOML top-of-file comment). See thread.
2	✅ Fixed	`${TMPDIR:-/tmp}` resolution in both worker prompts; subsequent steps reference `$ENVELOPE`. Live macOS-Codex smoke is still on the DoD list, but expected to pass now. See thread.
3	✅ Fixed	Added a sibling test that enumerates every `agentFile.source` in `SKILL_CONNECTOR_CONFIGS` and asserts the template file exists under `src/server/templates/agent/`. 46/46 green.
4	⏭️ Skipped	The partial-install repair path (re-install overwrites) already works correctly. Distinguishing 'skill files OK, agent file failed' in the user-facing message would complicate the install flow for a nit-level diagnosis improvement. Holding off until we see it cause real user friction.
5	⏭️ Skipped	Leaving `{source, target}` — the full-path `target` preserves the ability to rename the file at the destination if a future surface needs a non-matching name. `{source, targetDir}` would drop that. See thread.
6	✅ Fixed	Added an explicit scope callout in `curate.md` § Permission prerequisites — the allow-list rules are for the foreground / non-saved-agent path; `bypassPermissions` / `workspace-write` make them inert for dispatched curates. See thread.

Diff: 4 files, +67/-33. Type-check clean, 46/46 connector tests passing locally.

Open DoD item from the original ticket (live end-to-end Claude Code session) is still pending; macOS-Codex smoke joins it now.

…rationale PR #753 review surfaced two prose drifts and a missing coverage test on the saved sub-agent templates. This commit addresses comments #1, #2, #3, #6; comments #4 and #5 are nits and left as-is (rationale in PR replies). #1 — `brv-curate.md` (Claude) claimed writes outside `/tmp/` are "auto-denied silently". That framing is from a prior iteration before we landed `permissionMode: bypassPermissions`. The real reason to pin the envelope to the temp directory is portability + hygiene, not auto-deny. Reworded the step-3 body and the matching hard-constraint bullets. #2 — Claude worker now resolves `$TMP="${TMPDIR:-/tmp}"` with Bash once, then uses `$ENVELOPE` as the literal path passed to Write and `--response-file`. Works on Linux (where $TMPDIR is unset, falls to /tmp), Claude Code (same), and macOS (where $TMPDIR is /var/folders/...). #3 — Added a sibling test in `managed skill files` that enumerates every `agentFile.source` referenced by `SKILL_CONNECTOR_CONFIGS` and asserts the file exists under `src/server/templates/agent/`. Prevents a future template rename from silently breaking install. 46/46 green. #6 — `curate.md` Permission prerequisites section now explicitly states the allow-list rules apply to the foreground / non-saved-agent path. Under `bypassPermissions` / `workspace-write` they are inert for dispatched curates; the callout prevents users from thinking the allow-list alone unlocks background dispatch. Note: the Codex `brv-curate.toml` is intentionally left at its prior state — the TMPDIR resolution and nickname_candidates that originally shipped on this branch were reverted per direct user direction. The trade-offs (no Codex panel label, /tmp pinning may bite on macOS workspace-write) are tracked as follow-ups.

github-actions · 2026-06-02T04:00:25Z

Claude finished @cuongdo-byterover's task in 2m 32s —— View job

PR Re-Review (fixup commit `3610cc5`) — Overall score: 4 / 5

Round-1 fixes landed cleanly on the Claude worker, the skill prose, and the test suite. One issue: the round-1 reply to inline comment #2 says "Same fix in brv-curate.toml", but the fixup commit's message ("Codex brv-curate.toml is intentionally left at its prior state — TMPDIR resolution … reverted per direct user direction") and the file contents both show the .toml was not updated. That leaves round-1 #1 and #2 still open on the Codex worker — and round-1 #2 is the one the PR risk section flagged as a live macOS-Codex smoke item.

What landed correctly

brv-curate.md (Claude) — TMPDIR resolution via TMP="${TMPDIR:-/tmp}" + $ENVELOPE propagation through all continuation steps and hard-constraints. Reworded sandbox rationale to portability + hygiene (matches the PR thread). ✅
curate.md § Permission prerequisites — explicit scope callout at line 142 distinguishes foreground/non-saved-agent path from the dispatched (bypassPermissions / workspace-write) path. Exactly the wording asked for. ✅
Test suite — new agentFile.source-vs-template-file enumeration test (lines 54–73) catches future rename drift; mirrors the existing SKILL_FILE_NAMES check. .greaterThan(0) guard is a nice safety. ✅

Still open after `3610cc5`

#	Severity	File / lines	Concern
A	medium	`brv-curate.toml:11–17, 89–93, 95–97, 110–115, 141–146, 184–185`	Round-1 #1 + #2 not applied here. Hardcoded `/tmp/…` envelope path + stale "silently fail" / "auto-deny analog" framing. On macOS Codex, `workspace-write` whitelists `cwd + $TMPDIR` and `$TMPDIR` is `/var/folders/.../T`, not `/tmp` — the most likely failure mode for the open macOS-Codex DoD smoke. Same `TMP="${TMPDIR:-/tmp}"` + `$ENVELOPE` pattern works inside a TOML triple-quoted block with no extra escaping. (See inline.)
B	low / docs	PR thread vs commit message	Round-1 reply to comment #2 says "Same fix in `brv-curate.toml`"; the commit message says it was intentionally left out. Worth amending the reply or the commit story so the next reviewer doesn't have to reconcile them.

Security & correctness

Connector surface unchanged in this commit — agentFile.target still const-config, no new attack surface.
HITL + no-nested-subagents + no---detach constraints intact in .md. (Identical constraints in .toml use the same stale framing as round-1 but still functionally correct.)
Test additions are self-contained, no production-code touch in this commit besides the template prose.

Verification

✅ Static review of the four changed files.
⚠️ Did not run npm test / npm run typecheck / npm run build here (no install permission). PR author reports 46/46 connector tests green and typecheck clean locally.
⚠️ Live macOS-Codex smoke is unchanged from round-1 — the .toml revert in this commit makes that smoke more likely to surface the /tmp ↔ $TMPDIR gap, not less. Either land the same TMPDIR fix on the .toml or run the smoke before merge so the failure mode is observed rather than guessed at.

Todos

Pull diff vs origin/main and the fixup commit alone
Verify TMPDIR resolution fix in both worker templates
Verify reworded sandbox rationale in brv-curate.md / brv-curate.toml
Verify scope callout in curate.md § Permission prerequisites
Verify new test enumerating agentFile.source files
Run typecheck + connector test suite — skipped (install requires approval); relying on author's locally-clean report
Post inline issues + final summary
· Branch: feat/ENG-2859

cuongdo-byterover added 2 commits June 2, 2026 09:57

Merge branch 'main' into feat/ENG-2859

d22c1f5

cuongdo-byterover requested review from bao-byterover and leehpham as code owners June 2, 2026 03:04