- Move lsp-integration.md and secure-console-v3.md to docs/archive-obsolete/
(these features are now in the Nextra SaaS product)
- Update CLAUDE.md with current project state
- Simplify run_organism.py
- Fix test fixtures for shared backend compatibility
- Minor handler and llm_api cleanups
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
OSS restructuring for open-core model:
- Rename package from agentserver/ to xml_pipeline/
- Update all imports (44 Python files, 31 docs/configs)
- Update pyproject.toml for OSS distribution (v0.3.0)
- Move prompt_toolkit from core to optional [console] extra
- Remove auth/server/lsp from core optional deps (-> Nextra)
New console example in examples/console/:
- Self-contained demo with handlers and config
- Uses prompt_toolkit (optional, falls back to input())
- No password auth, no TUI, no LSP — just the basics
- Shows how to use xml-pipeline as a library
Import changes:
- from agentserver.* -> from xml_pipeline.*
- CLI entry points updated: xml_pipeline.cli:main
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Lua proposal covers:
- Sandboxed Lua handlers for SaaS custom logic
- XML <-> Lua table bridging with XSD validation
- Security sandbox (restricted stdlib, resource limits)
- Schema DSL alternative to raw XSD
- Hot reload mechanism
API spec updated with:
- Dedicated /ws/messages endpoint for message log streaming
- Filter by agent/thread/payload type
- Example for reconstructing agent buffers client-side
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Covers authentication (TOTP, WebAuthn, mTLS, OAuth), authorization
(RBAC, resource permissions), transport security, secrets management,
audit logging, prompt injection defense, and rate limiting.
Includes open questions and implementation checklist.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Defines the GUI-agnostic API for monitoring and controlling the organism:
- REST endpoints for queries and control
- WebSocket for real-time push events
- Data models for agents, messages, threads
- Example usage for 3D office GUI
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Documents the trust model for context and prompt management:
- Platform as trusted orchestration layer
- Context buffer: pure message history, keyed by UUID, auto-GC
- Prompt registry: immutable, invisible to agents
- LLM call assembly: platform controls, agents request
- Handler sandbox: what agents can/cannot do
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
When detached, console changes prompt from '>' to '#' and rejects
@messages while still accepting /commands. Simpler than the ring
buffer approach - operator can still check status and re-attach.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Minimal, universal base for all capabilities
- Required listens_to class attribute
- Async handle() with convo_id preservation rule
- make_response() helper for thread continuity
- Explicit name, config, per-instance logger
- Clear documentation and NotImplementedError guard
This is the true substrate the entire organism will build on.
