Phase 2 Quick Start
このコンテンツはまだ日本語訳がありません。
CoderClaw Phase 2 Quick Start
Section titled “CoderClaw Phase 2 Quick Start”Get started with CoderClaw’s distributed runtime, security, and team collaboration features.
Prerequisites: CoderClaw installed and running. See Getting Started if you haven’t set up the basic gateway yet.
What is Phase 2?
Section titled “What is Phase 2?”CoderClaw Phase 2 extends CoderClaw’s multi-channel gateway with:
- 🔄 Transport Abstraction: Execute tasks locally or remotely with protocol-agnostic runtime
- 📊 Task Lifecycle Management: Formal state machine with persistence and audit trails
- 🔐 Security Model: RBAC, device trust levels, and comprehensive audit logging
- 🎯 Team Collaboration: Multi-session isolation and shared agent registries
Full documentation: Phase 2 Architecture
Quick Start: Local Development
Section titled “Quick Start: Local Development”1. Enable Phase 2 Runtime (Optional)
Section titled “1. Enable Phase 2 Runtime (Optional)”Phase 2 features are backward compatible. Your existing setup continues to work. To opt-in to Phase 2 features:
# Create Phase 2 runtime configmkdir -p ~/.coderclaw/.coderClawcat > ~/.coderclaw/.coderClaw/runtime.yaml <<EOFmode: local-onlytransport: type: local enabled: truesecurity: enforceTrust: false # Permissive for local dev requireAuth: falsedeployment: mode: local-only maxConcurrentTasks: 10EOF2. Try a Simple Task
Section titled “2. Try a Simple Task”import { CoderClawRuntime, LocalTransportAdapter } from "coderclaw/transport";
// Create runtime with local adapterconst adapter = new LocalTransportAdapter(context);const runtime = new CoderClawRuntime(adapter, "local-only");
// Submit a taskconst task = await runtime.submitTask({ description: "Analyze project architecture", input: "Review the current codebase structure", agentId: "architecture-advisor",});
console.log(`Task submitted: ${task.id}`);
// Stream updatesfor await (const update of runtime.streamTaskUpdates(task.id)) { console.log(`Status: ${update.status}, Progress: ${update.progress}%`);}3. Explore Task Lifecycle
Section titled “3. Explore Task Lifecycle”// Get task stateconst taskState = await runtime.getTaskState(task.id);console.log(`Current status: ${taskState.status}`);
// List all agentsconst agents = await runtime.listAgents();console.log(`Available agents:`, agents);
// List all skillsconst skills = await runtime.listSkills();console.log(`Available skills:`, skills);Quick Start: Team Environment
Section titled “Quick Start: Team Environment”1. Configure Security
Section titled “1. Configure Security”# Create security configcat > ~/.coderclaw/.coderClaw/security.yaml <<EOFidentity: providers: - github - local
deviceTrust: minimumLevel: verified autoTrustLocal: true
roles: team-developer: inherits: developer additionalPermissions: - config:read
enforceTrust: trueminimumTrustLevel: verifiedallowedRoles: - developer - team-developer - adminEOF2. Configure Runtime for Remote Access
Section titled “2. Configure Runtime for Remote Access”cat > ~/.coderclaw/.coderClaw/runtime.yaml <<EOFmode: remote-enabledtransport: type: local # Use HTTP adapter for true remote (future) enabled: truesecurity: enforceTrust: true requireAuth: true defaultRoles: [developer]deployment: mode: remote-enabled allowRemoteSessions: true maxConcurrentTasks: 50EOF3. Set Up Agent Policies
Section titled “3. Set Up Agent Policies”# Create repo-level security policycat > .coderClaw/security.yaml <<EOFenforceTrust: trueminimumTrustLevel: verifiedallowedRoles: - developer - admin
agentPolicies: - agentId: code-modifier allowedRoles: [developer, admin] requireDeviceTrust: verified
- agentId: code-reviewer allowedRoles: [developer, admin, readonly] requireDeviceTrust: verified
skillPolicies: - skillId: shell-exec dangerous: true requiredPermissions: [skill:execute] allowedRoles: [developer, admin]
- skillId: file-write requiredPermissions: [skill:execute] allowedRoles: [developer, admin]EOFExamples & Tutorials
Section titled “Examples & Tutorials”Example 1: Task Submission with Progress Tracking
Section titled “Example 1: Task Submission with Progress Tracking”import { DistributedTaskEngine, MemoryTaskStorage } from "coderclaw/transport";
const taskEngine = new DistributedTaskEngine(new MemoryTaskStorage());
// Create taskconst task = await taskEngine.createTask({ description: "Implement user authentication", input: "Add JWT-based auth to the API", agentId: "code-creator",});
// Update status through state machineawait taskEngine.updateTaskStatus(task.id, "planning");await taskEngine.updateTaskStatus(task.id, "running");
// Track progressawait taskEngine.updateTaskProgress(task.id, 25);await taskEngine.updateTaskProgress(task.id, 50);await taskEngine.updateTaskProgress(task.id, 75);await taskEngine.updateTaskProgress(task.id, 100);
// Complete taskawait taskEngine.setTaskOutput(task.id, "Authentication implemented successfully");await taskEngine.updateTaskStatus(task.id, "completed");Example 2: Security Checks
Section titled “Example 2: Security Checks”import { SecurityService, MemorySecurityStorage } from "coderclaw/security";
const securityService = new SecurityService(new MemorySecurityStorage());
// Create session with roleconst session = await securityService.createSession("user-123", "device-456", ["developer"]);
// Check permissionsconst canSubmit = await securityService.checkPermission( { sessionId: session.sessionId, userId: "user-123" }, "task:submit",);
if (canSubmit.allowed) { // Submit task console.log("Permission granted");} else { console.log(`Permission denied: ${canSubmit.reason}`);}
// Audit the actionawait securityService.audit({ action: "task.submit", userId: "user-123", sessionId: session.sessionId, resourceType: "task", resourceId: "task-789", result: "allowed",});Example 3: Multi-Task Workflow
Section titled “Example 3: Multi-Task Workflow”// Create parent taskconst parentTask = await taskEngine.createTask({ description: "Feature development", input: "Build new dashboard feature", agentId: "architecture-advisor",});
// Create child tasksconst designTask = await taskEngine.createTask({ description: "Design API", input: "Design RESTful API for dashboard", agentId: "architecture-advisor", parentTaskId: parentTask.id,});
const implementTask = await taskEngine.createTask({ description: "Implement code", input: "Implement dashboard backend", agentId: "code-creator", parentTaskId: parentTask.id,});
const testTask = await taskEngine.createTask({ description: "Write tests", input: "Create test suite for dashboard", agentId: "test-generator", parentTaskId: parentTask.id,});
// Execute workflow...Running the Examples
Section titled “Running the Examples”CoderClaw includes working examples in examples/phase2/:
# Basic task submissionnpx tsx examples/phase2/basic-task-submission.ts
# Full task lifecycle demonpx tsx examples/phase2/task-lifecycle.ts
# Security and RBAC demonpx tsx examples/phase2/security-rbac.tsConfiguration Reference
Section titled “Configuration Reference”Runtime Configuration (~/.coderclaw/.coderClaw/runtime.yaml)
Section titled “Runtime Configuration (~/.coderclaw/.coderClaw/runtime.yaml)”# Deployment mode: local-only | remote-enabled | distributed-clustermode: local-only
transport: type: local # local | http | websocket | grpc enabled: true
security: enforceTrust: false # Enable device trust enforcement requireAuth: false # Require authentication defaultRoles: [developer]
deployment: mode: local-only allowRemoteSessions: false maxConcurrentTasks: 10Security Configuration (~/.coderclaw/.coderClaw/security.yaml)
Section titled “Security Configuration (~/.coderclaw/.coderClaw/security.yaml)”identity: providers: - oidc - github - google - local
deviceTrust: minimumLevel: verified # trusted | verified | untrusted autoTrustLocal: true
roles: custom-role: inherits: developer additionalPermissions: - config:writeProject Security (.coderClaw/security.yaml)
Section titled “Project Security (.coderClaw/security.yaml)”enforceTrust: trueminimumTrustLevel: verifiedallowedRoles: - developer - admin
agentPolicies: - agentId: code-creator allowedRoles: [developer, admin] requireDeviceTrust: verified
skillPolicies: - skillId: dangerous-skill dangerous: true requiredPermissions: [skill:execute] allowedRoles: [admin]Built-in Roles
Section titled “Built-in Roles”CoderClaw includes these built-in roles:
| Role | Permissions | Use Case |
|---|---|---|
admin | All permissions (admin:all) | System administrators |
developer | Task submit/read/cancel, agent invoke, skill execute | Development team |
readonly | Task read, config read | Read-only access for stakeholders |
ci | Task submit/read, agent invoke | CI/CD pipelines |
Permissions Reference
Section titled “Permissions Reference”Available permissions:
task:submit- Submit new taskstask:read- View task status and detailstask:cancel- Cancel running tasksagent:invoke- Invoke agents directlyskill:execute- Execute skillsconfig:read- Read configurationconfig:write- Modify configurationadmin:all- Full system access (includes all above)
Next Steps
Section titled “Next Steps”Troubleshooting
Section titled “Troubleshooting”Task submission fails with permission error
Section titled “Task submission fails with permission error”Check your security configuration:
# Verify runtime configcat ~/.coderclaw/.coderClaw/runtime.yaml
# Check if authentication is required# If security.requireAuth: true, you need a valid sessionCannot execute task remotely
Section titled “Cannot execute task remotely”Ensure your runtime is in remote-enabled mode:
# In ~/.coderclaw/.coderClaw/runtime.yamlmode: remote-enableddeployment: allowRemoteSessions: trueSecurity policy blocks legitimate access
Section titled “Security policy blocks legitimate access”Review the security policy:
# Check project-level policycat .coderClaw/security.yaml
# Verify user roles and device trust level