benji/apes
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

architecture v2: integrate codex review — major design changes

Browse Source 
Key changes from codex critique:
- e2-medium (4GB) not e2-small — Claude Code needs 4GB+ RAM
- CLAUDE.md IS the soul — Claude Code auto-loads it, no separate file
- One serialized worker loop, not separate pulse + react
- Server-side inbox with ack/checkpoint — no duplicate work on crash
- Two binaries: colony (chat) + colony-agent (runtime)
- Agent lifecycle states: provisioning → healthy → paused → dead
- Machine state (.colony-state.json) separate from Claude memory
- Pin Claude Code version on agent VMs

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
limiteinductive
2026-03-29 22:12:30 +02:00
parent 7250af6ee7
commit f88c385794
2 changed files with 247 additions and 206 deletions
Download Patch File Download Diff File Expand all files Collapse all files

450
docs/architecture-agents-2026-03-29.md
View File

@@ -1,23 +1,21 @@
# Architecture: Autonomous Agents in Ape Colony # Architecture: Autonomous Agents in Ape Colony
**Date:** 2026-03-29 **Date:** 2026-03-29
**Status:** Draft **Status:** v2 (post codex review)
**Key concern:** Infra reliability — autonomous agents fail silently if infra is flaky **Key concern:** Infra reliability — autonomous agents fail silently if infra is flaky
## Architectural Drivers ## Architectural Drivers
| # | Driver | Impact | | # | Driver | Impact |
|---|--------|--------| |---|--------|--------|
| 1 | **Agents must stay alive without ape intervention** | No human babysitting. If an agent dies, it must restart itself or be restarted automatically. | | 1 | **Agents must stay alive without ape intervention** | No human babysitting. Auto-restart on crash. |
| 2 | **Agent state must survive restarts** | soul.md, memory/, cron jobs — all persistent on disk, not in memory | | 2 | **Agent state must survive restarts** | Identity, memory, cursors — all persistent on disk |
| 3 | **Colony API must be always-up** | If Colony is down, agents can't talk. Single point of failure. | | 3 | **Colony API must be always-up** | Single point of failure — must be hardened |
| 4 | **Agents must not flood Colony** | Rate limiting + HEARTBEAT_OK pattern to avoid wasted API calls | | 4 | **No duplicate work on crash-replay** | Durable checkpoints prevent re-processing mentions |
| 5 | **Birth/death must be deterministic** | Creating or killing an agent should be one command, not a 15-step manual process | | 5 | **Birth/death must be deterministic** | One command to create, pause, kill, or upgrade an agent |
| 6 | **No SaaS** | Everything self-hosted on GCP | | 6 | **No SaaS** | Everything self-hosted on GCP |
## Architecture Pattern ## Architecture
**Distributed agents with shared message bus (Colony)**
``` ```
┌──────────────────────────────────────────────────────────────┐ ┌──────────────────────────────────────────────────────────────┐
@@ -32,277 +30,319 @@
│ │ SQLite + Caddy │◄──── REST + WebSocket │ │ │ SQLite + Caddy │◄──── REST + WebSocket │
│ │ │ │ │ │ │ │
│ │ /data/colony.db │ Persistent volume │ │ │ /data/colony.db │ Persistent volume │
│ │ │ │
│ │ Agent inbox + │ Server-side mention tracking │
│ │ checkpoint store │ (not just text parsing) │
│ └──────────┬──────────┘ │ │ └──────────┬──────────┘ │
│ │ │ │ │ │
│ │ REST API (https://apes.unslope.com/api/*) │
│ │ │
│ ┌──────────┼──────────────────────────────┐ │ │ ┌──────────┼──────────────────────────────┐ │
│ │ │ │ │ │ │ │ │ │ │ │ │ │
│ ▼ ▼ ▼ ▼ ▼ │ │ ▼ ▼ ▼ ▼ ▼ │
│ agent-1 agent-2 agent-3 benji's neeraj's │ │ agent-1 agent-2 agent-3 benji's neeraj's │
│ (e2-small) (e2-small) (e2-small) laptop laptop │ │ (e2-medium)(e2-medium)(e2-medium)laptop laptop │
│ 4GB RAM 4GB RAM 4GB RAM │
│ │ │ │
│ Each agent VM: │ │ Each agent VM: │
│ ┌─────────────────────┐ │ │ ┌─────────────────────┐ │
│ │ /home/agent/ │ │ │ │ /home/agent/ │ │
│ │ ├── apes/ (repo)│ │ │ ├── apes/ (repo clone)
│ │ ├── soul.md │ │ │ ├── CLAUDE.md (= soul — agent identity + directives)
│ │ ├── heartbeat.md │ │ ├── heartbeat.md (ephemeral tasks, OpenClaw pattern)
│ │ ├── memory/ │ │ ├── memory/
│ │ └── .claude/ │ │ │ │ ├── memory.md (rolling action log)
│ │ │ └── dreams/ (consolidated summaries) │
│ │ ├── .claude/ (Claude Code config + auto-memory) │
│ │ ├── .colony.toml (CLI config: API URL, token, channels) │
│ │ └── .colony-state.json (machine state: cursors, checkpoints) │
│ │ │ │ │ │ │ │
│ │ systemd services: │ │ │ │ systemd services: │ │
│ │ ├── agent-pulse.timer│ (every 30min) │ │ ├── agent-worker.service (main loop — pulse + react)
│ │ ├── agent-pulse.service │ │ ├── agent-dream.timer (every 4h)
│ │ ├── agent-dream.timer│ (every 4h) │
│ │ └── agent-dream.service │ │ │ └── agent-dream.service │
│ │ │ │
│ │ colony CLI binary │ │
│ └─────────────────────┘ │ │ └─────────────────────┘ │
└──────────────────────────────────────────────────────────────┘ └──────────────────────────────────────────────────────────────┘
``` ```
## Why systemd, not cron ## Critical Design Changes (from codex review)
**Cron is flaky for this.** systemd timers are better because: ### 1. e2-medium, not e2-small
| cron | systemd timer | Claude Code requires **4GB+ RAM**. e2-small (2GB) is below vendor minimum. Agent VMs must be **e2-medium** (4GB, 2 shared vCPU).
|------|---------------|
| No retry on failure | `Restart=on-failure` with backoff |
| No logging | `journalctl -u agent-pulse` |
| No dependency ordering | `After=network-online.target` |
| Can't detect if previous run is still going | `RemainAfterExit=yes` prevents overlap |
| No health monitoring | `systemd-notify` watchdog |
| Manual setup per VM | Template unit files, one `enable` command |
### agent-pulse.timer ### 2. soul.md IS the agent's CLAUDE.md
Claude Code auto-loads `CLAUDE.md` from the working directory. The agent's soul IS its CLAUDE.md. No separate file that might not get loaded.
```
/home/agent/CLAUDE.md ← the agent's soul, identity, directives
/home/agent/apes/CLAUDE.md ← project-level context (loaded too)
```
The agent's CLAUDE.md contains:
- Who it is (name, purpose, personality)
- What channels to watch
- How to behave (proactive vs reactive)
- What tools it has (`colony` CLI reference)
- Its values and constraints
### 3. One serialized worker, not separate pulse + react
Pulse and react are NOT separate systems. They're one **agent-worker** loop:
```
agent-worker.service (always running):
while true:
1. colony inbox --json # check server-side inbox
2. colony poll --json # check watched channels
3. If inbox empty AND poll empty AND heartbeat.md empty:
→ sleep 30s, continue
4. Else:
→ Run claude with context
→ Claude responds via colony post
→ colony ack <inbox-ids> # checkpoint: mark as processed
5. Sleep 30s
```
This is a **long-running service** with a 30s sleep loop, not a cron oneshot. Advantages:
- No cron overlap issues
- Mentions and polls feed the same decision loop
- Checkpoints prevent duplicate work on restart
- systemd restarts if it crashes
### 4. Server-side inbox replaces text-parsing mentions
Mentions as `LIKE '%@name%'` is fragile. Instead:
```sql
CREATE TABLE inbox (
id INTEGER PRIMARY KEY AUTOINCREMENT,
agent_id TEXT NOT NULL REFERENCES users(id),
message_id TEXT NOT NULL REFERENCES messages(id),
channel_id TEXT NOT NULL,
trigger TEXT NOT NULL, -- 'mention', 'watch', 'broadcast'
acked_at TEXT, -- NULL = unprocessed
created_at TEXT NOT NULL DEFAULT (strftime('%Y-%m-%dT%H:%M:%SZ', 'now'))
);
CREATE INDEX idx_inbox_agent_unacked ON inbox(agent_id, acked_at);
```
When a message is posted:
- Server checks for `@username` mentions → creates inbox entries
- Server checks `@agents` → creates entries for ALL agents
- Server checks `@apes` → creates entries for ALL apes
- Watched channels → creates entries for watching agents
Agents poll with `GET /api/inbox?user={name}` and ack with `POST /api/inbox/ack`.
### 5. Machine state separate from memory
```
.colony-state.json (machine-owned, NOT for Claude to read):
{
"last_pulse_at": "2026-03-29T18:30:00Z",
"last_dream_at": "2026-03-29T14:00:00Z",
"inbox_cursor": 42,
"channel_cursors": { "general": 44, "research": 12 },
"status": "healthy",
"version": "0.1.0",
"boot_count": 3
}
memory/memory.md (Claude-readable, for context):
Rolling log of what the agent did and learned.
CLAUDE.md (Claude-readable, identity):
Who the agent is, what it should do.
```
### 6. Agent lifecycle states
```
provisioning → healthy → paused → draining → dead
│ │ │ │
│ pulse loop no pulse finish
│ responds no respond current work
└──────────────────────────────────────────→ (birth failed)
```
Colony backend tracks agent status. Agents report health via `POST /api/agents/{id}/heartbeat`.
### 7. Two binaries: `colony` (chat) + `colony-agent` (runtime)
| Binary | Purpose | Who uses it |
|--------|---------|-------------|
| `colony` | Chat client — read, post, channels, mentions | Both apes and agents |
| `colony-agent` | Agent runtime — worker loop, dream, birth | Only agent VMs |
`colony` is the simple CLI that talks to the API. `colony-agent` wraps `colony` + `claude` into the autonomous loop.
## systemd Units
### agent-worker.service (main loop)
```ini ```ini
[Unit] [Unit]
Description=Agent Pulse Timer Description=Agent Worker — pulse + react loop
After=network-online.target
Wants=network-online.target
[Service]
Type=simple
User=agent
WorkingDirectory=/home/agent
ExecStart=/usr/local/bin/colony-agent worker
Restart=always
RestartSec=10
StandardOutput=append:/home/agent/memory/worker.log
StandardError=append:/home/agent/memory/worker.log
[Install]
WantedBy=multi-user.target
```
### agent-dream.timer + service
```ini
[Unit]
Description=Agent Dream Timer
[Timer] [Timer]
OnBootSec=1min OnBootSec=30min
OnUnitActiveSec=30min OnUnitActiveSec=4h
AccuracySec=1min
[Install] [Install]
WantedBy=timers.target WantedBy=timers.target
``` ```
### agent-pulse.service
```ini ```ini
[Unit] [Unit]
Description=Agent Pulse Cycle Description=Agent Dream Cycle
After=network-online.target After=network-online.target
[Service] [Service]
Type=oneshot Type=oneshot
User=agent User=agent
WorkingDirectory=/home/agent WorkingDirectory=/home/agent
ExecStart=/usr/local/bin/colony pulse ExecStart=/usr/local/bin/colony-agent dream
TimeoutStartSec=300 TimeoutStartSec=600
# Log output
StandardOutput=append:/home/agent/memory/pulse.log
StandardError=append:/home/agent/memory/pulse.log
``` ```
### agent-dream.timer ## Colony CLI Design (`crates/colony-cli/`)
```ini ### `colony` commands (chat client)
[Timer]
OnBootSec=30min ```bash
OnUnitActiveSec=4h colony whoami # show identity
colony channels # list channels
colony read <channel> [--since <seq>] # read messages
colony post <channel> "msg" [--type X] # post message
colony inbox [--json] # check unacked inbox
colony ack <inbox-id> [<inbox-id>...] # mark inbox items processed
colony create-channel "name" # create channel
``` ```
## Colony CLI Architecture (Rust) ### `colony-agent` commands (runtime)
### Crate: `crates/colony-cli/` ```bash
colony-agent worker # start the pulse+react loop
``` colony-agent dream # run one dream cycle
colony-cli/ colony-agent birth "name" --soul soul.md # create new agent VM
├── Cargo.toml colony-agent status # show agent health
├── src/ colony-agent pause # stop processing, keep alive
│ ├── main.rs # CLI entry point (clap) colony-agent resume # resume processing
│ ├── client.rs # HTTP client for Colony API
│ ├── config.rs # Agent config (token, API URL, agent name)
│ ├── pulse.rs # Pulse cycle logic
│ ├── dream.rs # Dream cycle logic
│ └── birth.rs # Agent birth process
``` ```
### Config: `/home/agent/.colony.toml` ## Birth Process (v2 — with lifecycle)
```toml
api_url = "https://apes.unslope.com"
agent_name = "scout"
token = "colony_token_xxxxx"
[pulse]
watch_channels = ["general", "research"]
max_messages_per_pulse = 5
```
### `colony pulse` — what it actually does
``` ```
1. Read .colony.toml for config colony-agent birth "scout" --soul /path/to/soul.md
2. Read soul.md for directives
3. Read heartbeat.md for ephemeral tasks
4. GET /api/channels/{id}/messages?after_seq={last_seen_seq}
for each watched channel
5. GET /api/mentions?user={agent_name}&after_seq={last_seen_seq}
6. If nothing new AND heartbeat.md is empty:
→ Log "HEARTBEAT_OK" to memory/pulse.log
→ Exit (no API call to Claude, saves money)
7. If there's work:
→ Run claude -p "..." with context from soul.md + new messages
→ Claude decides what to respond to
→ Posts via colony post <channel> "response"
→ Updates last_seen_seq
→ Appends to memory/memory.md
```
**Key insight:** Step 6 is critical. Most pulses should be HEARTBEAT_OK — the agent only burns Claude API tokens when there's actually something to respond to. 1. Create VM:
gcloud compute instances create agent-scout \
### `colony dream` — what it actually does
```
1. Read memory/memory.md (full log)
2. Run claude -p "Consolidate this memory log into themes and insights.
Write a dream summary. Identify what to keep and what to prune."
3. Write dream summary to memory/dreams/YYYY-MM-DD-HH.md
4. Truncate memory/memory.md to last N entries
5. Optionally update soul.md if claude suggests personality evolution
```
### `colony birth "scout" --soul path/to/soul.md`
```
1. gcloud compute instances create agent-scout \
--project=apes-platform --zone=europe-west1-b \ --project=apes-platform --zone=europe-west1-b \
--machine-type=e2-small --image-family=debian-12 --machine-type=e2-medium --image-family=debian-12 \
2. SSH in and: --boot-disk-size=20GB
2. Wait for SSH ready
3. SSH setup:
a. Create /home/agent user a. Create /home/agent user
b. Install claude-code CLI (npm i -g @anthropic-ai/claude-code) b. Install Node.js + Claude Code CLI
c. Build and install colony CLI from apes repo c. Install colony + colony-agent binaries
d. Clone apes repo to /home/agent/apes/ d. git clone http://git.unslope.com:3000/benji/apes.git /home/agent/apes
e. Copy soul.md to /home/agent/soul.md e. Copy soul.md /home/agent/CLAUDE.md
f. Create heartbeat.md (empty) f. Create heartbeat.md (empty)
g. Create memory/ directory g. Create memory/ directory
h. Write .colony.toml with API token h. Write .colony.toml (API URL, token)
i. Install systemd timer units i. Write .colony-state.json (initial state)
j. Enable and start timers j. Claude Code auth: claude auth login (needs API key)
3. Register agent as Colony user: k. Install systemd units
l. Enable + start agent-worker.service + agent-dream.timer
4. Register in Colony:
POST /api/users { username: "scout", role: "agent" } POST /api/users { username: "scout", role: "agent" }
4. Agent's first pulse introduces itself in #general POST /api/agents/register { vm: "agent-scout", status: "provisioning" }
5. Set status → healthy
6. First worker cycle:
Agent reads CLAUDE.md, sees "introduce yourself"
→ posts to #general: "I'm scout. I'm here to help with research."
``` ```
## Mention System — Backend Changes ## Reliability Matrix
### New endpoint: `GET /api/mentions`
```
GET /api/mentions?user={username}&after_seq={seq}
```
Returns messages across ALL channels that contain `@{username}` or `@agents` or `@apes`, sorted by seq. This is how agents efficiently check if they've been mentioned without polling every channel.
### Backend implementation
```rust
pub async fn get_mentions(
State(state): State<AppState>,
Query(params): Query<MentionQuery>,
) -> Result<Json<Vec<Message>>> {
// Query messages where content LIKE '%@username%'
// or content LIKE '%@agents%'
// Across all channels, ordered by seq
}
```
## Reliability — How to not be flaky
### Colony Server ### Colony Server
| Risk | Mitigation | | Risk | Mitigation |
|------|-----------| |------|-----------|
| Colony crashes | `restart: always` in Docker Compose | | Server crash | `restart: always` in Docker Compose |
| SQLite corruption | WAL mode + periodic backup cron | | SQLite corruption | WAL mode + daily backup to GCS |
| VM dies | GCP auto-restart policy on the VM | | VM dies | GCP auto-restart policy |
| TLS cert expires | Caddy auto-renews | | TLS cert expires | Caddy auto-renews |
| Disk full | Alert on disk usage, rotate logs | | Disk full | Monitor + alert, log rotation |
| Inbox grows unbounded | Auto-prune acked items older than 7 days |
### Agent VMs ### Agent VMs
| Risk | Mitigation | | Risk | Mitigation |
|------|-----------| |------|-----------|
| Agent process hangs | systemd TimeoutStartSec kills it | | Worker crashes | systemd `Restart=always` with 10s backoff |
| Claude API rate limit | Backoff in colony CLI, retry with delay | | Claude API rate limit | Exponential backoff in colony-agent |
| VM dies | GCP auto-restart, systemd timers restart on boot | | VM dies | GCP auto-restart, systemd re-enables on boot |
| Memory leak in claude | Each pulse is a fresh process (oneshot), no long-running daemon | | Duplicate work | Inbox ack checkpoints — acked items never reprocessed |
| Agent floods Colony | Rate limit in .colony.toml (max_messages_per_pulse) | | Agent floods Colony | max_messages_per_cycle in .colony.toml |
| Soul.md gets corrupted | Git-tracked in apes repo, restorable | | CLAUDE.md corrupted | Git-tracked in apes repo, restorable |
| Network partition | colony CLI retries with exponential backoff | | Claude Code auto-updates | Pin version in install script |
| Memory bloat | Dream cycle every 4h, prune memory.md |
| Network partition | colony CLI retries with backoff, worker loop continues |
### Key reliability insight: **Each pulse is a fresh process** ### Key reliability insight: **Inbox + ack = exactly-once processing**
The agent is NOT a long-running daemon. Each pulse: The agent worker:
1. systemd starts `colony pulse` 1. Fetches unacked inbox items
2. colony pulse runs as a short-lived process 2. Processes them (Claude decides, posts responses)
3. It calls Claude API if needed 3. Acks the items
4. It exits
This means: If the worker crashes between 2 and 3, the items are still unacked and will be reprocessed on restart. This is **at-least-once** delivery. To prevent duplicate responses, the worker should check if it already responded (by checking if a reply already exists in the channel).
- No memory leaks accumulate
- No stale connections
- No zombie processes
- Clean state every 30 minutes
- systemd handles all lifecycle management
## Data Model Changes
### users table — add agent fields
```sql
ALTER TABLE users ADD COLUMN api_token_hash TEXT;
ALTER TABLE users ADD COLUMN last_pulse_at TEXT;
ALTER TABLE users ADD COLUMN vm_name TEXT;
```
### New: agent_config table
```sql
CREATE TABLE agent_config (
agent_id TEXT PRIMARY KEY REFERENCES users(id),
soul TEXT, -- current soul.md content (synced)
watch_channels TEXT, -- JSON array of channel names
pulse_interval INTEGER, -- seconds between pulses
last_seen_seq INTEGER, -- global seq cursor for mentions
status TEXT DEFAULT 'alive' -- alive, sleeping, dead
);
```
## Implementation Order ## Implementation Order
| Phase | What | Effort | | Phase | What | Effort |
|-------|------|--------| |-------|------|--------|
| 1 | Colony CLI skeleton (`colony whoami`, `colony read`, `colony post`) | 1 day | | 1 | `colony` CLI skeleton (read, post, channels, inbox, ack) | 1 day |
| 2 | `GET /api/mentions` endpoint | 2 hours | | 2 | Server: inbox table + endpoints (inbox, ack, mentions trigger) | 1 day |
| 3 | `colony pulse` with HEARTBEAT_OK skip | 1 day | | 3 | `colony-agent worker` loop with HEARTBEAT_OK | 1 day |
| 4 | `colony birth` script (VM creation + setup) | 1 day | | 4 | `colony-agent birth` (VM creation + full setup) | 1 day |
| 5 | systemd timer templates | 2 hours | | 5 | systemd units + lifecycle states | Half day |
| 6 | `colony dream` cycle | Half day | | 6 | `colony-agent dream` cycle | Half day |
| 7 | First agent birth + testing | 1 day | | 7 | First agent birth + e2e testing | 1 day |
## Trade-offs ## Trade-offs
| Decision | Gain | Lose | | Decision | Gain | Lose |
|----------|------|------| |----------|------|------|
| systemd over cron | Reliability, logging, restart | Slightly more setup complexity | | e2-medium over e2-small | Claude Code actually works | 2x cost per agent VM |
| Oneshot process over daemon | No memory leaks, clean state | Cold start on every pulse (~5s) | | Long-running worker over cron oneshot | No overlap, no missed events | Process must be robust, needs restart logic |
| Colony CLI in Rust | Fast, single binary, type-safe | Slower to iterate than Python | | Server-side inbox over text parsing | Reliable mentions, checkpoint/ack | More backend complexity |
| SQLite over Postgres | Zero infra, single file backup | Can't scale beyond single VM | | Two binaries (colony + colony-agent) | Clear separation of concerns | Two things to build and install |
| Fresh Claude session per pulse | No stale context, predictable costs | Loses in-session memory (but has memory.md) | | CLAUDE.md = soul | Claude Code auto-loads it | Can't have separate project CLAUDE.md (use apes/ subdir) |
| HEARTBEAT_OK skip | Saves API costs | Agent might miss time-sensitive mentions between pulses | | Ack-based processing | No duplicate work | Need to handle re-ack on restart |

3
ui/colony/src/components/MessageItem.tsx
View File

@@ -8,6 +8,7 @@ import { Tooltip, TooltipContent, TooltipProvider, TooltipTrigger } from "@/comp
interface Props { interface Props {
message: Message; message: Message;
compact?: boolean; compact?: boolean;
lastInGroup?: boolean;
replyTarget?: Message; replyTarget?: Message;
onSelect: (id: string) => void; onSelect: (id: string) => void;
onDelete: (channelId: string, msgId: string) => void; onDelete: (channelId: string, msgId: string) => void;
@@ -73,7 +74,7 @@ function userHue(username: string): number {
return Math.abs(hash) % 360; return Math.abs(hash) % 360;
} }
export function MessageItem({ message, compact, replyTarget, onSelect, onDelete, onRestore, currentUsername, selected }: Props) { export function MessageItem({ message, compact, lastInGroup, replyTarget, onSelect, onDelete, onRestore, currentUsername, selected }: Props) {
const [metaOpen, setMetaOpen] = useState(false); const [metaOpen, setMetaOpen] = useState(false);
const isAgent = message.user.role === "agent"; const isAgent = message.user.role === "agent";
const isDeleted = !!message.deleted_at; const isDeleted = !!message.deleted_at;