- MessageEvent and DashboardEvent Sent/Delivered now carry id and in_reply_to
- broker.send() includes last_insert_rowid in the emitted event
- recent_all() and recv_batch() include id and in_reply_to from the DB
- deliver_reminders_batch() tracks per-row rowids within the transaction
- dashboard message flow: reply rows are indented with a border-left and a
clickable '↳ reply' tag that scroll-jumps + briefly highlights the parent
- per-agent inbox: reply messages get a '↳ reply ·' prefix and indent
Closes#26
- add rate_limited: Arc<AtomicBool> to Bus; set/cleared by emit_status
- write/remove sentinel file hyperhive-rate-limited in state dir so host-side
dashboard can detect it without a live socket call
- api_state returns status=rate_limited when flag is set (cold-load accurate)
- ALIVE_LABELS gains rate_limited entry (⊘ red chip) on per-agent page
- ContainerView gains rate_limited: bool read from sentinel file
- dashboard container row shows ⊘ rate limited badge (red) ahead of needs_login
Closes#24
weston's VNC backend (neatvnc) uses VeNCrypt (security type 19) as
the outer type even with --disable-transport-layer-security, offering
sub-type 1 (None, no TLS, no password) within it.
The old screen.html only handled type 1 (plain None) and type 2 (VNC
auth), causing 'auth failed' against weston.
Add VeNCrypt states to the RFB state machine:
- vencrypt-version: echo back server's major.minor
- vencrypt-subtypes: pick sub-type 1 (None) if available
- vencrypt-accept: check server's acceptance byte
Then falls through to the normal security-result / server-init path.
Reads the most recent turn's context-window token count directly from
each agent's hyperhive-turn-stats.sqlite (same path the host-side
stats_vacuum uses). Adds ctx_tokens: Option<u64> to ContainerView;
populated in build_all via a single best-effort SQL query.
Dashboard app.js renders a 'ctx·Nk' badge colour-coded by harness
watermarks: green <100k (safe), yellow 100-150k (near auto-reset),
red ≥150k (compact territory). Badge only shown when ctx_tokens
is present (agent has run at least one turn).
Closes#17
index.html: add hidden #screen-link anchor (/screen, new tab).
app.js: reveal it in refreshState() when api/state returns gui_enabled=true.
gui_enabled is set by the harness when /etc/hyperhive/gui.json exists
(written by the weston VNC service from issue #50). The link opens the
RFB viewer from issue #51 in a new tab.
Closes#52
Reads /etc/hyperhive/gui.json at startup to get the VNC port written
by the weston-vnc ExecStart script (issue #50). Adds:
- gui_vnc_port: Option<u16> on AppState
- gui_enabled: bool on StateSnapshot (for issue #52 screen link)
- GET /screen: serves a minimal RFB-over-WebSocket viewer (screen.html)
- GET /screen/ws: upgrades to WebSocket and byte-pumps to 127.0.0.1:<vnc_port>
The relay is a pure two-task byte pump (WS→TCP and TCP→WS), transparent
to any RFB variant including VeNCrypt. Returns 404 when gui is not
enabled.
screen.html is a self-contained RFB client: handshake, FramebufferUpdate
(Raw encoding), pointer and keyboard forwarding — enough to display the
desktop and interact with it. noVNC assets (issue #52) replace this.
Closes#51
Reads /etc/hyperhive/gui.json at startup to get the VNC port written
by the weston-vnc ExecStart script (issue #50). Adds:
- gui_vnc_port: Option<u16> on AppState
- gui_enabled: bool on StateSnapshot (for issue #52 screen link)
- GET /screen: serves a minimal RFB-over-WebSocket viewer (screen.html)
- GET /screen/ws: upgrades to WebSocket and byte-pumps to 127.0.0.1:<vnc_port>
The relay is a pure two-task byte pump (WS→TCP and TCP→WS), transparent
to any RFB variant including VeNCrypt. Returns 404 when gui is not
enabled.
screen.html is a self-contained RFB client: handshake, FramebufferUpdate
(Raw encoding), pointer and keyboard forwarding — enough to display the
desktop and interact with it. noVNC assets (issue #52) replace this.
Closes#51
- Replace ${pkgs.coreutils}/bin/hostname with cat /etc/hostname:
hostname binary is in pkgs.inetutils, not pkgs.coreutils; /etc/hostname
is always present in NixOS containers and is simpler.
- Add --disable-transport-layer-security: weston VNC requires TLS certs
by default; since VNC is loopback-only (relayed by the harness WS proxy)
TLS adds no security benefit and cert generation adds complexity.
Removes weston-rdp.nix (hyperhive.westonRdp.enable) and adds
weston-vnc.nix (hyperhive.gui.enable).
The ExecStart wrapper script computes a deterministic VNC port via
FNV-1a hash of the agent name (derived from hostname, same algorithm
as lifecycle::agent_web_port) in the range [15900, 16799], then writes
/etc/hyperhive/gui.json {"vnc_port": N, "auth": "none"} for the
harness WebSocket relay (issue #51), and execs weston with the VNC
backend + pixman renderer.
Type=simple so it can never abort nixos-container update; a
misconfigured weston degrades to a restart loop, not a blocked rebuild.
Closes#50
Add fetch_reminder_stats() helper to query ReminderRollup from broker,
and update api_stats endpoint to include reminder stats in snapshot.
Reminder activity metrics (scheduled, delivered, pending) are now
available to the stats page UI for display.
Add Optional<ReminderStats> field to the per-agent stats page response,
placeholder for future ReminderRollup RPC integration to fetch reminder
activity metrics from the broker.
Surface reminder activity statistics (scheduled, delivered, pending counts)
for each agent over configurable time windows. Needed by the per-agent
stats page to display reminder metrics.
Adds:
- ReminderStats struct and ReminderRollup request/response variants
- Broker::reminder_rollup_for(agent, since_secs) method
- Agent and manager socket handlers for the new RPC
- SocketReply mapping for response conversion
Add Optional<ReminderStats> field to the per-agent stats page response,
placeholder for future ReminderRollup RPC integration to fetch reminder
activity metrics from the broker.
Surface reminder activity statistics (scheduled, delivered, pending counts)
for each agent over configurable time windows. Needed by the per-agent
stats page to display reminder metrics.
Adds:
- ReminderStats struct and ReminderRollup request/response variants
- Broker::reminder_rollup_for(agent, since_secs) method
- Agent and manager socket handlers for the new RPC
- SocketReply mapping for response conversion
- forge nix option moves to hyperhive.forge.enable, defaults true;
hive-c0re imports the forge module so it's on by default.
- drop the agent.nix container-row viewer + /api/agent-config; link
to the agent-configs forge repo instead.
- restructure pending approvals into a card (identity header /
what-changed body / decision actions) with a link to the proposal
commit on the forge.
- diff opens in the side panel with a 3-way base toggle: vs applied
(running) / vs last-approved / vs previous proposal, served by the
new /api/approval-diff/{id}?base= endpoint.
clicking a .md / .markdown path reference now opens a marked-rendered
view in the slide-in panel instead of raw text; other files stay raw
in a <pre>. serves the vendored marked bundle at /static/marked.js and
scopes a .md stylesheet to the panel body.
each turn_stats row already records the model; roll it up per bucket
so the /stats page can show which model ran when. model choice
greatly affects token cost, so the new stacked-bar chart sits right
under the cost chart for eyeball correlation across the window.
Snapshot gains a sorted `models` series list; each Bucket carries a
`model_counts` map.
