feat: Sixth Sense distributed agent communication + GCP transpiler fixes#4
Open
feat: Sixth Sense distributed agent communication + GCP transpiler fixes#4
Conversation
Session focused on: - Released v0.4.8 with Gemini 3 Flash Preview - Created demo recording plan (docs/DEMO_RECORDING_PLAN.md) - Environment cleanup (freed 7.5GB) - Verified pristine demo environment Next: Execute demo recording from plan
Add PubNub-based distributed communication so agents can operate across processes, machines, and cloud providers as true peers. - Signal dataclass with 7 kinds (request, response, alert, heartbeat, claim, release, event) and compact JSON serialization (<32KB) - SenseTransport protocol (like LLMClient/Memory) with PubNub impl - SenseMixin adds join_network, broadcast, request/response, claim protocol, and on_signal handler decorator to any Agent - SenseNetwork convenience API for managing multiple agents - MockSenseTransport with hub pattern for testing - 5 new event types for network observability - Cloud monitor demo with 5 agents in separate subprocesses - Progressive tutorial documentation matching existing doc style - 31 new tests (296 total, zero regressions)
Owner
Author
|
@claude please review PR |
Agent Sentinel is a security monitoring demo inspired by the OpenClaw crisis — 3 worker agents (web researcher, scheduler, skill acquirer) do real work while 2 sentinels + 1 commander detect rogue behavior and supply chain attacks over PubNub in real-time. Includes architecture deep-dive docs for Sixth Sense and Agent Sentinel.
Setup guide covers prerequisites, PubNub key setup, installation, running the demo, and understanding output. Dashboard is a Palantir-style real-time signal visualizer that subscribes to PubNub channels and displays agent presence, alerts, quarantine events, and signal flow on a world map.
Owner
Author
|
@claude please review |
Session focused on: - Created Agent Sentinel setup guide (11 sections, Tokyo Night theme) - Created live PubNub dashboard (Palantir-style, real signal visualization) - Added "no mockups" rule to project guidelines - Updated CLAUDE.md docs table
…model
Three bugs fixed in bedsheet generate --target gcp:
1. Duplicate import bug: _extract_imports had an elif that fell through to
a wrong 'from X import X' form when a module was already seen. Rewrote
with a seen-set and always emit 'import X' for stdlib modules.
2. Module-level constants not captured: added _extract_module_constants
which walks function AST for free-variable references, then finds the
matching top-level assignments in the source module via ast.parse +
inspect.getsource. Constants are deduplicated by variable name (last
definition wins) so the self-contained sentinels.py version of
INSTALLED_DIR beats the workers.py version that references DATA_DIR.
3. Hyphenated agent names rejected by ADK pydantic: template now applies
replace('-', '_') to all name= parameters.
Template switched from ParallelAgent to SequentialAgent for the sub-agent
sweep — gemini-3-flash-preview free tier is 5 RPM; parallel bursts past
this; sequential stays within limits.
Adds examples/sentinel-gcp as an end-to-end demo verified working in
the ADK dev UI with a full security assessment completing successfully.
Also adds types-redis to pre-commit mypy dependencies and installs
pre-commit into the project venv to avoid broken system virtualenv.
Tests verify actual extraction behavior, not just string presence in output: - REGISTRY (dict), KNOWN_BAD (set), INSTALL_DIR (os.path), MAX_RETRIES (int) are all correctly extracted from functions that reference them - Functions referencing no module-level names return empty constants - Every extracted constant is valid parseable Python (ast.parse check) - No duplicate constants (keyed by variable name) - The 'from os import os' bug is explicitly regression-tested - No duplicate imports produced for the same module
Critical #1 — claim_incident logic was inverted: - Added optimistic self._claimed_incidents.add(incident_id) before broadcasting - _handle_claim now correctly evicts the holder if a lower-name agent wins - Test rewritten to exercise the production path without pre-seeding - Added second test explicitly verifying the tiebreak eviction Critical #2 — signals() Protocol vs implementation mismatch: - Reverted async def change (would break mypy at call sites) - Added docstring clarifying that implementations must be async generators and callers use 'async for signal in transport.signals()' directly Important — dead code and naming inconsistencies: - Removed unreachable 'if not gcp.project' inside 'if gcp.project' in validate() - Renamed _parallel_sweep -> _sequential_sweep in template - Updated _determine_orchestration docstring: 'parallel' -> 'sequential' - Updated test assertion to match
GeminiClient: full LLM client for Google Gemini via google-genai SDK. Supports chat, streaming, and tool use. Disables thinking when tools are active to avoid INVALID_ARGUMENT from thought_signature on replies. make_llm_client(): factory that selects client from env vars: GEMINI_API_KEY -> GeminiClient (model: GEMINI_MODEL) ANTHROPIC_API_KEY -> AnthropicClient (model: ANTHROPIC_MODEL) Both were referenced in bedsheet/llm/__init__.py but never committed, causing CI to fail with ModuleNotFoundError on collection.
Workers become thin LLM shells that proxy all tool calls through an isolated gateway process over PubNub. The gateway validates, rate-limits, executes, logs to a tamper-proof ledger, and responds. A poisoned agent cannot bypass the gateway because tool implementations only exist inside the gateway process. - New middleware/action_gateway.py: standalone asyncio process with ActionLedger, AnomalyDetector, ToolExecutor, quarantine enforcement - New agents/gateway_client.py: shared gateway_request/gateway_query helpers - Transform web_researcher, scheduler, skill_acquirer to gateway proxies - behavior_sentinel queries gateway ledger via PubNub instead of local file - Dashboard: action-gateway on world map, zoom/pan controls, floating mini-windows toggle for all-agent LLM activity overlay - New docs/sentinel-network-guide.html: comprehensive architecture guide - start.sh and run.py launch gateway as first process
Replace overlapping centered mini-windows with carefully scattered positions around the map edges. Each window connects to its agent dot via a color-coded 90-degree elbow line with animated flowing dashes, bracket tips, and dot markers — war-room style callout visualization.
…oggle - Straight dashed lines from agent dot to exact window edge intersection using ray-rectangle intersection math (rectEdgePoint) - Remove elbow path logic and bracket/anchor system - Fix button double-firing by stopping click propagation - Animated flowing dash overlay on each connector line
The pipe chain (python | tee | sed) meant $! captured sed's PID, not python's. Cleanup killed sed but python kept running (burning API credits). Fix: write python output directly to log files, capture the real python PID, and use a single tail -f for terminal display. Cleanup now kills actual agent processes.
Remove hardcoded Gemini API keys, PubNub publish/subscribe/secret keys from SESSION_HANDOFF.md and agent-sentinel-dashboard.html. Keys should only live in .env files (which are gitignored). Note: keys still exist in git history — rotate all affected credentials and consider using git-filter-repo to purge history.
Owner
Author
|
@claude review |
- draw.io diagram of proposed safer architecture (private channels, structured telemetry, sentinel-as-sidecar, two enforcement planes) - Updated HTML diagram with two orthogonal enforcement planes section - PROJECT_STATUS.md roadmap: capability plane vs existence plane insight
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What is in this PR
Sixth Sense (bedsheet/sense/)
New distributed agent communication module.
GCP Transpiler fixes (bedsheet/deploy/)
Three real bugs fixed in bedsheet generate --target gcp:
Template switched from ParallelAgent to SequentialAgent to avoid rate limit bursts on free-tier Gemini (5 RPM).
Test coverage
New tests/test_source_extractor_constants.py verifies actual extraction behavior:
What is NOT in this PR
Test results
306 passing, 0 failing.