generated from coulomb/repo-seed
T4 (review→send loop): conservative tick persists structured drafts to state_dir/worker-drafts.json; `warden worker drafts` lists them, `warden worker approve <id> [--body …]` sends the reviewed draft as the reply + marks read + drops it. Escalated plans persist no draft. Live-verified end-to-end. T3 (visibility): `warden worker status` (pending drafts, triage count, last digest, timer state); best-effort notify-send nudge in the tick when drafts are pending. T5: wiki/playbooks/scheduled-worker.md (enable/disable, the approve loop, failure modes, conservative-only posture) + SCOPE note. WARDEN-WP-0021 finished: the conservative worker now runs on a systemd --user timer (enabled, every 15 min), triages new inbox messages into drafts you approve with one command, degrades gracefully, and stops with one command. 249 tests, lint clean. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
61 lines
2.5 KiB
Markdown
61 lines
2.5 KiB
Markdown
# Scheduled coordination worker
|
|
|
|
Date: 2026-06-30 · Workplan: WARDEN-WP-0021 · Code: WARDEN-WP-0020
|
|
|
|
The ops-warden worker triages its State Hub inbox on a schedule and drafts replies you
|
|
approve. **Conservative tier only** — it never auto-sends to other agents and never marks a
|
|
message read on its own (build-stage decision `813899f9`). The four guardrails (fixed
|
|
charter, action allowlist, no-secret invariant, dry-run/audit) hold every run.
|
|
|
|
## Enable / disable
|
|
|
|
```bash
|
|
./scripts/install-worker-timer.sh --enable # install + start (systemd --user, every 15 min)
|
|
systemctl --user disable --now ops-warden-worker.timer # kill switch
|
|
# or, leave the timer but pause every run:
|
|
echo 'WORKER_ENABLED=0' >> ~/.config/warden/worker.env
|
|
```
|
|
No systemd? Cron fallback:
|
|
```
|
|
*/15 * * * * /home/worsch/ops-warden/scripts/worker-tick.sh >> ~/.local/state/warden/worker-tick.log 2>&1
|
|
```
|
|
|
|
## The loop
|
|
|
|
```bash
|
|
warden worker status # pending drafts, last run, timer state
|
|
warden worker drafts # list drafted replies awaiting your OK
|
|
warden worker approve <message_id> # send a draft as your reply + mark read
|
|
warden worker approve <id> --body "…" # edit before sending
|
|
```
|
|
Each tick writes `~/.local/state/warden/worker-digest.md` and posts one progress note; a
|
|
desktop `notify-send` fires when drafts are pending (if a display is present).
|
|
|
|
## Config (`~/.config/warden/worker.env`)
|
|
|
|
| Var | Meaning |
|
|
| --- | --- |
|
|
| `WARDEN_HUB_URL` | State Hub (default `http://127.0.0.1:8000`; railiance01 after cust-wp-0011) |
|
|
| `WORKER_BRAIN` | `llm` (llm-connect) or `rule` (offline fallback) |
|
|
| `WORKER_ENABLED` | `0` pauses every tick without touching the timer |
|
|
| `LLM_CONNECT_URL` | set to skip the per-tick kubectl port-forward to llm-connect |
|
|
|
|
## Failure modes (all graceful)
|
|
|
|
- **State Hub unreachable** → the tick `/state/health`-prechecks and skips cleanly (exit 0).
|
|
- **llm-connect unreachable** → falls back to the deterministic rule brain (dumber, still triages).
|
|
- **Overlapping runs** → `flock` guard; the later run skips.
|
|
- A worker-run hiccup is logged but never fails the unit — the next tick retries.
|
|
|
|
## Posture
|
|
|
|
Conservative is the only scheduled mode. `--full-auto` (auto-send) exists but is **not**
|
|
scheduled — it broadcasts the LLM's occasionally-wrong content unattended, which the
|
|
guardrails can't prevent (they stop *security* harm, not *content* error). Revisit when the
|
|
ecosystem reaches testing.
|
|
|
|
## See also
|
|
|
|
- `WARDEN-WP-0020` (the worker), `scripts/worker-tick.sh`, `scripts/install-worker-timer.sh`
|
|
- build-stage decision `813899f9`
|