Feature/enhancements

.env.example

@@ -9,6 +9,21 @@ OPENCLAW_GATEWAY_URL=http://host.docker.internal:18789
 OPENCLAW_TOKEN=your-gateway-token-here
 TASKBOARD_API_KEY=your-api-key-here
 
+# Agent configuration
+# Auto-detect agents from OpenClaw API at startup (default: true)
+AGENT_AUTO_DETECT=true
+# Manual agent list (overrides auto-detect). Format: agent_id:Display Name
+# AGENTS=main:Jarvis,architect:Architect,security-auditor:Security Auditor,code-reviewer:Code Reviewer
+
+# Public URL for CORS and agent prompts (change if accessing via domain/proxy)
+TASKBOARD_BASE_URL=http://localhost:8080
+
+# Auto-stop agent sessions when a task moves to Done (default: false)
+AUTO_STOP_ON_DONE=false
+
+# Allow access from specific IPs (comma-separated, leave empty for localhost only)
+ALLOWED_IPS=
+
 # =============================================================================
 # PROJECT CONFIGURATION
 # =============================================================================

CHANGELOG.md

@@ -2,6 +2,95 @@
 
 All notable changes to this project will be documented in this file.
 
+## [2.0.0] - 2026-02-14
+
+### Architecture — Backend Refactor
+
+- **Monolith → Package**: Refactored `app.py` (2224 lines) + `app.py.bak` (1976 lines) into modular `app/` package (15 modules, ~2800 lines)
+- **Write-safe database layer**: Global write lock with `BEGIN IMMEDIATE`, WAL journal mode, 30s busy timeout for concurrent reads
+- **Request logging middleware**: Batched 0.5s windows, groups by method:pattern, shows count/avg duration/errors
+- **IP restriction middleware**: Configurable allowed IPs (localhost + Docker networks + env-based)
+- **Dockerfile**: Updated to `uvicorn app.main:app`, copies `app/` directory
+
+### Added — Multi-Project Support
+
+- **Projects CRUD**: `POST /api/projects`, `DELETE /api/projects/{id}` with slug generation and duplicate check
+- **Project switcher**: Dropdown in header to filter tasks by project; "All Projects" shows colored badges on cards
+- **Project manager modal**: Add/remove projects with name, color picker, description
+- **Task assignment**: `project_id` field on tasks (default: 1 = "Default"), project dropdown in task form
+
+### Added — Filtering & UI
+
+- **Filter bar**: Combined priority, agent, and keyword search filters (client-side AND logic)
+- **"Todo" status column**: New column between Backlog and In Progress (6 columns total: Backlog → Todo → In Progress → Review → Done → Blocked)
+- **Markdown export**: "Export MD" button in task modal — exports title, metadata table, description, action items (as checklist), and comments as downloadable `.md`
+- **Auto-save task fields**: Status, priority, agent, project, due date, and description auto-save on change/blur — no more manual save for field updates
+- **Inline action item creation**: "+ Add" button in action items section with type picker (question/blocker/completion) and inline text input
+- **Improved task modal layout**: Larger modal (720×700px), 8-row description textarea, project field moved to first row, form fields split into two rows
+- **Better save feedback**: Longer glow animation (2.5s), green background pulse, white icon with glow filter
+- **Resolved action items**: Green checkmark (#10b981) instead of muted gray
+- **Project switcher moved to filter bar**: Cleaner header with "Projects" button for project manager
+
+### Added — Agent Management
+
+- **Dynamic agent detection**: Three-tier priority: `AGENTS` env var → OpenClaw API auto-detect → hardcoded fallback
+- **Agent metadata from API**: Icons, colors, descriptions fetched from OpenClaw at startup; dynamic CSS injection for agent tags
+- **`AUTO_STOP_ON_DONE`**: Configurable via `.env` (default: `true`). When enabled, sessions are permanently deleted on Done or Stop. Set `false` to use OpenClaw's `archiveAfterMinutes` instead.
+- **Session liveness check**: `GET /api/tasks/{id}/agent-status` — checks if OpenClaw session is alive
+- **Toggle start/stop button**: Replaces old stop-only button; shows ▶ (green) / ■ (red) based on state
+- **Double-spawn guard**: `_spawning_tasks` set prevents concurrent spawns for same task
+- **Follow-up spawning**: `spawn_followup_session()` with last 5 comments as context
+- **@Mention spawning**: `spawn_mentioned_agent()` with cleanup=delete
+
+### Added — Session Management
+
+- **WebSocket RPC**: `_ws_rpc()` for OpenClaw gateway communication (challenge → connect → request → response)
+- **Session endpoints**: `POST /api/sessions/create`, `POST /api/sessions/{key}/stop`, `POST /api/sessions/{key}/delete`, `POST /api/sessions/stop-all`
+- **Session list**: Sorted main-first, then by updatedAt
+
+### Added — Validation & Security
+
+- **Pydantic field validators**: Status/priority validated against `VALID_STATUSES`/`VALID_PRIORITIES`, returns HTTP 422 on invalid values
+- **Model validation**: Comment content size limit, agent name length limit, color pattern validation on projects
+- **Agent guardrails**: Filesystem boundaries, forbidden actions, compliance context, escalation chain, report format template
+
+### Added — Database Schema
+
+- `tasks.working_agent` (TEXT) — currently active agent
+- `tasks.agent_session_key` (TEXT) — OpenClaw session key
+- `tasks.source_file` (TEXT) — source file reference
+- `tasks.source_ref` (TEXT) — source ref
+- `tasks.project_id` (INTEGER, FK → projects) — project assignment
+- `action_items.archived` (INTEGER) — archive support
+- `chat_messages.session_key` (TEXT) — session isolation for chat history
+- `projects` table — multi-project support
+
+### Added — Environment Variables
+
+- `AGENT_AUTO_DETECT` — Auto-detect agents from OpenClaw API (default: `true`)
+- `AGENTS` — Manual agent list, format: `agent_id:Name,...` (overrides auto-detect)
+- `AUTO_STOP_ON_DONE` — Auto-kill sessions on Done (default: `true`)
+- `TASKBOARD_BASE_URL` — Public URL for CORS/agent prompts (default: `http://localhost:8080`)
+- `ALLOWED_IPS` — Additional allowed IPs (comma-separated)
+- `PROJECT_NAME`, `COMPANY_NAME`, `COMPANY_CONTEXT` — Agent prompt context
+- `ALLOWED_PATHS` — Filesystem boundaries for agents
+- `COMPLIANCE_FRAMEWORKS` — Compliance context for security auditor
+
+### Changed
+
+- **Board layout**: Column flex from `1 0 300px` to `1 0 250px`, board height accounts for filter bar
+- **Agent colors**: Removed hardcoded CSS classes, now dynamically injected from `config.agentMeta`
+- **Agent legend**: Dynamically populated from API metadata instead of hardcoded list
+- **Task loading**: Removed server-side agent filter (`?agent=`), all filtering now client-side
+- **Help modal**: Agent list dynamically generated from `config.agentMeta`
+- **Action items**: Added archive/unarchive support (`POST /api/action-items/{id}/archive|unarchive`)
+- **Chat history**: Filtered by `session_key` parameter
+- **Comment posting**: Auto-clears `working_agent` when agent posts; builds 5-comment context for follow-ups
+
+### Fixed
+
+- **Status enforcement**: Backend rejects invalid statuses/priorities with HTTP 422 instead of silently accepting
+
 ## [1.3.0] - 2026-02-03
 
 ### Added

Dockerfile

@@ -7,12 +7,14 @@ COPY requirements.txt .
 RUN pip install --no-cache-dir -r requirements.txt
 
 # Copy app
-COPY app.py .
+COPY app/ app/
 COPY static/ static/
 
 # Data volume for SQLite
 VOLUME /app/data
 
 # Run
 EXPOSE 8080
-CMD ["python", "-m", "uvicorn", "app:app", "--host", "0.0.0.0", "--port", "8080"]
+# Disable uvicorn access logs (we have our own middleware logging)
+# Set log-level to warning to reduce noise, but keep app logs visible
+CMD ["python", "-m", "uvicorn", "app.main:app", "--host", "0.0.0.0", "--port", "8080", "--log-level", "info", "--no-access-log"]

OPENCLAW_SETUP.md

@@ -114,19 +114,23 @@ The task board maps display names to OPENCLAW agent IDs:
 | Code Reviewer | `code-reviewer` |
 | UX Manager | `ux-manager` |
 
-### Customizing Agent IDs
+### Customizing Agents
 
-If your OPENCLAW uses different agent IDs, edit `app.py`:
+Agents are auto-detected from OpenClaw at startup. To override, use the `AGENTS` environment variable:
 
-```python
-AGENT_TO_OPENCLAW_ID = {
-    "OpenClaw": "main",
-    "Architect": "your-architect-id",
-    "Security Auditor": "your-security-id",
-    # ... etc
-}
+```env
+# Format: agent_id:Display Name (comma-separated)
+AGENTS=main:Jarvis,architect:Architect,security-auditor:Security Auditor,code-reviewer:Code Reviewer,ux-manager:UX Manager
+
+# Disable auto-detection (use AGENTS env or fallback defaults)
+AGENT_AUTO_DETECT=false
 ```
 
+Priority order:
+1. `AGENTS` env var (if set, always used)
+2. Auto-detect from OpenClaw API (if `AGENT_AUTO_DETECT=true` and `OPENCLAW_TOKEN` set)
+3. Hardcoded fallback defaults
+
 ---
 
 ## Command Bar Setup (Two-Way Chat)
@@ -180,7 +184,7 @@ COMMUNICATION:
 - Move to Review when done
 ```
 
-You can customize guardrails in `app.py` → `AGENT_GUARDRAILS`.
+You can customize guardrails in `app/openclaw.py` → `get_agent_guardrails()`.
 
 ---