SSE Connected
--:--:--
Admin Dashboard — Blueprint v0.1

Situation Room

Active Tasks
4
↑ 2 since last session
Awaiting Approval
2
Oldest: 14 min ago
Completed Today
7
3 merged to Main
QA Rejects
3
1 near Lock threshold
Lock Events
0
Clean session
Task Matrix
4 active · updated 2m ago
Task Status Risk QA Rejects Actions
T-2026-044
Rhylm watchOS breathing engine refactor
feature/watch-breath-v2
 ● In Review Medium
2/3
T-2026-043
Backtrack macOS menu bar UI polish
feature/macos-menubar
 ⏸ Awaiting Admin High
0/3
T-2026-042
Norkta Core Data migration v2
feature/core-data-v2
 ⏸ Awaiting Admin High
1/3
T-2026-041
Marktap markdown renderer perf fix
feature/renderer-opt
 ● In Review Low
0/3
Agent Heartbeat
30min timeout
Coordinator
Gemini 3.1 Pro
Last write: 2m ago
2m / 30mHealthy
Executor
Codex 5.3
Last write: 4m ago
4m / 30mHealthy
Reviewer
Reviewer Provider (claude/gemini/deepseek)
Last write: 18m ago
18m / 30mMonitor
Admin
Kircérta (Human)
Last seen: Online
Active sessionOnline
CI / CD Pipeline Status
XCode Cloud · Codex Review · Webhook: Active
XCode Cloud — feature/macos-menubar
Build passed · 47 tests · 0 warnings · T-2026-043
14m ago
Codex 5.3 Code Review — feature/watch-breath-v2
Running… static analysis in progress · T-2026-044
Running
XCode Cloud — feature/core-data-v2
Build passed · 31 tests · 2 warnings (non-critical) · T-2026-042
31m ago
XCode Cloud — feature/renderer-opt
Lint error: unused import in MarkdownRenderer.swift · Line 42 · T-2026-041
8m ago
Approval Queue
2 items pending your decision

Approval Queue

Pending Admin Decisions
HIGH RISK — requires manual review
T-2026-043 · Backtrack macOS menu bar UI polish → Main
Coordinator · 14m ago · feature/macos-menubar → main · High Risk
PR #38
Coordinator Summary
Feature/macos-menubar contains a complete reconstruction of the macOS menu bar, adding system-level permission application (NSStatusItem). XCode Cloud build passed, 47 tests are all green. Reviewer has confirmed that there are no logical flaws and recommends approving the merge.
Reviewer Verdict — Reviewer Provider (claude/gemini/deepseek)
The structure is reasonable, and NSStatusItem calls comply with Apple specifications. Permission declarations are correctly configured in Info.plist. No security risks, no logical loopholes.Admin approval is recommended.
Diff Preview
MenuBarController.swift · +47 / -12 lines
+let statusItem = NSStatusBar.system.statusItem(withLength: NSStatusItem.variableLength)
+statusItem.button?.image = NSImage(systemSymbolName: "waveform", accessibilityDescription: nil)
// ... +43 more lines
-// Legacy AppDelegate-based menu bar setup removed
⏱ Waiting 14m
T-2026-042 · Norkta Core Data migration v2 → Main
Coordinator · 31m ago · feature/core-data-v2 → main · High Risk
PR #37
Coordinator Summary
Core Data schema migration, new v2 lightweight migration path. 1 QA reject (Fixed: migration policy statement missing). 2 warnings are deprecation notices, non-blocking. Data integrity test passed.
Reviewer Verdict — Reviewer Provider (claude/gemini/deepseek)
The migration policy is now correctly declared and the rollback path is verified to be valid. Deprecation warnings have been logged and are recommended for subsequent sprints. There are no exceptions in the data persistence logic.Approvable, but it is recommended to pay attention to deprecation warnings.
⏱ Waiting 31m
Audit Log
Complete agent action history

Audit Log

Event Stream — GitHub SSOT
Live · 24 events today
14:32:07
COORD
PR #38 submitted for Admin approval
T-2026-043 · feature/macos-menubar → main · HIGH RISK
14:31:50
REV
Verdict: APPROVED — No issues found
T-2026-043 · NSStatusItem usage verified correct
14:28:14
EXEC
Task complete — Work log submitted
T-2026-043 · 47 lines added, 12 removed · feature/macos-menubar
14:22:03
REV
Direct fix applied — Lint/Typo (auto-approve scope)
T-2026-041 · unused import removed · diff: 1 line · feature/renderer-opt
14:18:55
REV
Verdict: REJECTED (2/3) — Logic issue detected
T-2026-044 · breathing interval timer not accounting for background suspension · Executor notified
14:15:40
SYS
Hallucination Lock Warning — threshold approaching
T-2026-044 · reject_count = 2 · next rejection triggers Admin escalation
14:01:22
COORD
SSOT heartbeat write — all tasks nominal
4 active tasks · GitHub SSOT synced · Cloudflare Tunnel healthy
13:58:11
ADM
Plan approved — T-2026-044 execution authorized
Coordinator plan v1 · Breathing engine refactor scoped to watchOS target
Architecture Blueprint
Technical implementation guide

Architecture Blueprint

System Stack
🌐
Admin Dashboard
HTML/CSS/JS · No framework · Static-deployable to personal homepage
Polling / SSE consumer · REST calls to FastAPI
Browser
SSE + REST (localhost:8000)
FastAPI Backend
Python 3.12 · uvicorn · asyncio · runs locally on Mac Studio M4 Max
github_client · task_engine · webhook_receiver · sse_broadcaster
localhost
Cloudflare Tunnel (cloudflared)
Cloudflare Tunnel
cloudflared daemon · Zero-config · No port forwarding · Free tier
Exposes /webhook endpoint to public HTTPS for GitHub + XCode Cloud
Public HTTPS
GitHub Webhooks · XCode Cloud Webhooks
🗄
GitHub SSOT Repo
Single source of truth · Structured JSON per task · No external DB
PyGithub reads/writes · Coordinator is sole write authority for task files
Remote
// MODULE 01
github_client.py
core/github_client.py
Unified GitHub SSOT read and write layer. All modules communicate with Repo through this interface, and direct calls to PyGithub are not allowed. Encapsulates CRUD, branch status query, and PR operations of task files.
PyGithub python-dotenv
// MODULE 02
task_engine.py
core/task_engine.py
Parse the JSON task file and calculate the risk_level classification, reject_count and Lock thresholds, heartbeat survival status, and AWAITING_APPROVAL queue. The core computation layer for system state.
pydantic github_client
// MODULE 03
webhook_receiver.py
api/webhook_receiver.py
Receives webhook POSTs from GitHub and XCode Cloud, verifies signatures, triggers task_engine to update internal state cache, and notifies sse_broadcaster to broadcast changes.
FastAPI hmac task_engine
// MODULE 04
sse_broadcaster.py
api/sse_broadcaster.py
Maintain SSE connection pool for all Dashboard clients. When the status of any task changes, JSON events are broadcast to all connected browsers in real time without manual refresh.
FastAPI SSE asyncio
// MODULE 05
heartbeat_monitor.py
core/heartbeat_monitor.py
The background asyncio task checks the GitHub SSOT last write time of each Agent every minute. If there is no writing for more than 30 minutes, an alarm will be triggered, Telegram notification will be pushed and written to the audit log.
asyncio python-telegram-bot
// MODULE 06
approval_router.py
api/approval_router.py
Handle Admin's approval/deny actions. Receive REST calls from Dashboard, verify Admin identity (JWT), write decisions back to GitHub SSOT, and trigger Coordinator's next action.
FastAPI PyJWT github_client
API Endpoints
FastAPI · localhost:8000
GET
/api/tasks
Return the status list of all active tasks (pulled from SSOT in real time)
task_engine
GET
/api/tasks/{task_id}
Returns the complete JSON of a single task, including diff_snapshot and verdict
task_engine
POST
/api/tasks/{task_id}/approve
Admin approves the operation, writes back to SSOT, and triggers Coordinator notification
approval_router
POST
/api/tasks/{task_id}/reject
Admin rejects the operation with reason and writes back to SSOT
approval_router
POST
/webhooks/github
Receive GitHub webhook, verify HMAC-SHA256 signature, update status
webhook_receiver
POST
/webhooks/xcode
Receive XCode Cloud CI results, parse build status, and write audit log
webhook_receiver
SSE
/api/events
Server-Sent Events stream, Dashboard subscribes to this endpoint to achieve real-time updates
sse_broadcaster
GET
/api/health
System health check, return each Agent heartbeat status and CF Tunnel connection status
heartbeat_monitor
{} SSOT Task JSON Schema
GitHub Repo: /tasks/{task_id}.json
{
  "task_id": "T-2026-044",
  "title": "Rhylm watchOS breathing engine refactor",
  "status": "in_review", // pending | in_review | awaiting_approval | approved | rejected | locked
  "risk_level": "medium", // low | medium | high
  "approval_required_by": "coordinator", // auto | coordinator | admin
  "branch": "feature/watch-breath-v2",
  "created_at": "2026-02-26T13:58:11Z",
  "last_heartbeat": "2026-02-26T14:32:00Z",
  "reject_count": 2, // Lock triggers at 3
  "coordinator_plan": {
    "subtasks": ["Refactor timer logic", "Add background suspension handler"],
    "estimated_lines": 120
  },
  "executor_log": [
    { "timestamp": "...", "action": "task_complete", "diff_lines": 94 }
  ],
  "reviewer_verdict": {
    "timestamp": "2026-02-26T14:18:55Z",
    "decision": "rejected",
    "comments": "Timer not accounting for WKApplication background suspension"
  },
  "diff_snapshot": "<base64 or GitHub compare URL>",
  "ci_status": {
    "xcode_cloud": "running",
    "codex_review": "running",
    "last_updated": "2026-02-26T14:22:00Z"
  }
}
Deployment — Mac Studio Setup
# 1. Install dependencies
pip install fastapi uvicorn PyGithub pydantic python-dotenv python-telegram-bot PyJWT

# 2. Configure .env
GITHUB_TOKEN=ghp_xxxxxxxxxxxx
GITHUB_SSOT_REPO=kircerta/agentic-ssot
TELEGRAM_BOT_TOKEN=xxxxxxxxx
TELEGRAM_ADMIN_CHAT_ID=xxxxxxxxx
WEBHOOK_SECRET=your_github_webhook_secret
JWT_SECRET=your_admin_jwt_secret

# 3. Start FastAPI backend
uvicorn main:app --host 0.0.0.0 --port 8000 --reload

# 4. Start Cloudflare Tunnel (expose /webhooks/* only)
cloudflared tunnel --url http://localhost:8000

# 5. Register tunnel URL in GitHub Repo Settings → Webhooks
https://<tunnel-id>.trycloudflare.com/webhooks/github

# 6. Open Dashboard (can be hosted statically on personal homepage)
open http://localhost:8000/dashboard