docs: README + TODO split; trim CLAUDE.md; fix async form 415

2026-05-15 16:41:15 +02:00 · 2026-05-15 16:41:15 +02:00 · 970f645461
commit 970f645461
parent 392a448656
6 changed files with 262 additions and 684 deletions
--- a/TODO.md
+++ b/TODO.md
@ -0,0 +1,69 @@
+# TODO
+
+Pick anything from here when relevant. Cross-cutting design notes live in
+[CLAUDE.md](CLAUDE.md); high-level project intro in [README.md](README.md).
+
+## Security
+
+- **Unprivileged containers (userns mapping).** Today the nspawn container
+  runs as a fully privileged root. Goal: `PrivateUsersChown=yes` (or the
+  nixos-container equivalent) so uid 0 inside maps to an unprivileged uid
+  on the host, and a container-root compromise lands the attacker on an
+  ordinary user account, not the host's root. Requires per-agent state
+  dirs to be chown'd to that uid on the host side.
+- **Bash command allow-list.** Replace the blanket `Bash` allow with a
+  pattern allow-list (`Bash(git *)`, `Bash(nix build .*)`, etc.) per
+  claude-code's `--allowedTools` extended grammar. Likely lives in
+  `agent.nix` so each agent can scope its own shell surface.
+
+## Per-agent settings
+
+- **Model override.** Hard-coded to `haiku` in the turn loop right now.
+  Surface as a per-agent override: operator via dashboard, manager via
+  `request_apply_commit` setting an attr on the agent's flake (most natural
+  place since the flake already carries per-agent env/identity).
+
+## UI / UX
+
+- **Operator inbox view.** Drain replies addressed to `operator` and show
+  them on the dashboard. Today they accumulate in sqlite unread; you can
+  only see them by watching the live panel of the agent that sent them.
+- **Per-agent UI substance.** Show last N inbox messages, last turn timing,
+  link back to dashboard.
+- **Static-asset SPA-style web UI.** Move toward: `index.html` is static,
+  CSS/JS is static, all dynamic state is fetched over SSE / JSON endpoints.
+  Currently the index HTML is server-rendered with state-dependent
+  fragments inlined; the live event stream + async forms are already SSE /
+  fetch. Goal is a cleaner split so the UI is one HTML file + JS app +
+  small JSON API.
+- **Background JS refresh on the live panel.** Already there for sends;
+  any remaining places that reload the whole page should switch to fetch +
+  partial updates.
+- **xterm.js terminal** embedded per-agent, attached to a PTY exposed by
+  the harness. Pairs well with the unprivileged-container work — would let
+  the operator drop into the container without `nixos-container root-login`.
+
+## Loop substance
+
+- **Notes / state persistence.** Per-agent `notes.md` for durable scratch
+  memory across turns. Compaction-on-overflow runs a separate short-lived
+  claude session (à la bitburner-agent). The `--continue` session already
+  gives short-term memory, but notes give cross-session durable knowledge
+  that isn't lost on a `/compact` boundary.
+
+## Lifecycle / reliability
+
+- **Bounded broker.** Cap rows per recipient or auto-vacuum delivered
+  messages older than a threshold. sqlite is growing unbounded.
+- **Container crash events.** Watch `container@*.service` via D-Bus, push
+  `HelperEvent::ContainerCrash` to the manager's inbox so the manager can
+  react (restart, escalate, etc.).
+- **`destroy --purge`.** Today `destroy` keeps state by design; add an
+  opt-in flag (CLI + dashboard) to also wipe `/var/lib/hyperhive/agents/<name>/`
+  and `/var/lib/hyperhive/applied/<name>/`.
+
+## Cleanup / docs
+
+- **Debug-only sub-commands.** `hive-ag3nt send/recv` and the analogous
+  `hive-m1nd send/recv/...` exist only for ops debugging. Move them into a
+  hidden `debug` sub-command to declutter `--help`, or drop entirely.