feat: Unified PAI + IronClaw Dashboard (Phases 0-4)#1
Open
feat: Unified PAI + IronClaw Dashboard (Phases 0-4)#1
Conversation
Captures the Layered Sovereignty architecture (IronClaw-First approach) from multi-session brainstorming. Classifies 11 IronClaw features as KEEP/BRIDGE/PAI-NATIVE and defines 5-phase implementation rollout. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…0-2) Detailed step-by-step plan covering heartbeat triage script, daemon state bridge, Radix Tabs component, PAI Memory/Logs/Settings API routes, bridged dashboard pages with tabs, and SSE circuit breaker fix. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Phase 0 of unified architecture — IronClaw cron invokes heartbeat-triage.sh for lightweight PAI system health checks with escalation to full sessions. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Phase 1 state bridge — dashboard can read heartbeat triage results from daemon-state.json written by heartbeat-triage.sh. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replaces fixed 3s retry with exponential backoff (3s → 6s → 12s... cap 60s) and max 10 retries. Resets on successful connection. Prevents reconnection storm if IronClaw is flapping. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Log level case: API now returns lowercase to match client type union - Daemon-state schema: TS interface matches heartbeat-triage.sh output - macOS compat: replace GNU find -printf with -exec basename - Import style: standardize on bare specifiers (fs, path, os) - Fix misleading JSDoc on lastNLines helper Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Server-side mapper approach: PAI-owned types in types/pai.ts, mapping functions in lib/mappers.ts, new /api/pai/* routes for all 8 IronClaw domains. Pages consume PAI types only. Enables selective IronClaw updates (Requirement danielmiessler#3) by centralizing type translation in one mapper file. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
10-task plan covering types/pai.ts, lib/mappers.ts, 6 new API routes, and 8 page migrations. ~650 new LOC + ~150 changed LOC. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Pure mapping functions that convert IronClaw API types to PAI-owned types. This is the single file that absorbs IronClaw API changes — when IronClaw renames a field, only this file needs to change. Covers all 8 domains: agents, routines, chat, SSE, extensions, memory, logs, settings, plus generic action/gateway types. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace IronClaw type imports (Job, JobSummary, JobStatus, JobDetail, JobEvent) with PAI equivalents (PAIAgent, AgentSummary, AgentStatus, PAIAgentDetail, AgentEvent). Consolidate dual-fetch patterns into single /api/pai/agents endpoints. Rename all snake_case field access to camelCase PAI fields throughout both agents list and detail pages. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Overview page: AgentSummary/PAIRoutineSummary/PAIAgent types, /api/pai/* routes - Ask page: PAIStreamEvent/PAIChatThread types (chat routes stay on IronClaw proxy) - SSE hook: PAIStreamEvent type for event parsing Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Extensions write operations and chat routes intentionally stay on IronClaw proxy until PAI API route counterparts are added in Phase 4. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Classifies IronClaw settings into critical/operational/informational tiers and provides JSONL audit logging for critical changes. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Security visibility and authority model page with: - Security events table (blocks, confirms, alerts) - Settings audit log - Hook health status indicator - Escape hatch override alert banner - Authority model reference table (IronClaw/PAI domains) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
C2: Security-events endpoint now strips session_id before returning events to prevent information disclosure of internal tracing data. I1: classifySetting() prefix matching fixed in both settings-governance.ts and settings/page.tsx — was using `startsWith(p)` which over-matched (e.g. sandbox.policy_extra matched sandbox.policy). Now uses exact match OR dot-delimited sub-key match only. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
curtitoo
changed the title
Backend library (lib/cc-mirror.ts) reads/writes CC-Mirror variant configs with security whitelist — only model tier env vars and timeout multiplier are exposed, auth tokens never leave the server. Two API routes: - GET /api/cc-mirror/variants — list all variants with safe metadata - PUT /api/cc-mirror/variants/:name — update model tiers with validation Inference page shows card per variant (orouter, kimiclaude, miniClaude) with inline edit for fast/standard/smart model tiers and timeout multiplier. Sidebar link was already in place from Phase 4. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Unified dashboard architecture integrating PAI native capabilities alongside the existing IronClaw proxy layer, implementing the "Layered Sovereignty" model where IronClaw serves as the outer security authority and PAI as the inner cognitive authority.
Phase 0-2: Foundation & Bridged Views
/api/pai/memory,/api/pai/logs,/api/pai/settingsPhase 3: Anti-Corruption Layer
types/pai.ts)lib/ironclaw-mapper.ts)Phase 4: Governance & Security Visibility
SECURITY_OVERRIDEactive)session_idfrom API response, fixed prefix matchingArchitecture
/governance), 1 new library (settings-governance.ts)tsc --noEmitclean)Test Plan
next buildcompiles with 0 errors/governancepage loads showing security events, escape hatch status, hook health, reference tablesafety.injection_check_enabledtriggers confirmation dialogMEMORY/SECURITY/settings-audit.jsonlhas new entry~/.claude/SECURITY_OVERRIDEshows red banner on governance pagesession_idexposed in/api/pai/security-eventsresponse🤖 Generated with Claude Code
Co-Authored-By: Claude Opus 4.6 noreply@anthropic.com