[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"similar-BradGroux--veritas-kanban":3,"tool-BradGroux--veritas-kanban":62},[4,18,26,36,46,54],{"id":5,"name":6,"github_repo":7,"description_zh":8,"stars":9,"difficulty_score":10,"last_commit_at":11,"category_tags":12,"status":17},4358,"openclaw","openclaw\u002Fopenclaw","OpenClaw 是一款专为个人打造的本地化 AI 助手,旨在让你在自己的设备上拥有完全可控的智能伙伴。它打破了传统 AI 助手局限于特定网页或应用的束缚,能够直接接入你日常使用的各类通讯渠道,包括微信、WhatsApp、Telegram、Discord、iMessage 等数十种平台。无论你在哪个聊天软件中发送消息,OpenClaw 都能即时响应,甚至支持在 macOS、iOS 和 Android 设备上进行语音交互,并提供实时的画布渲染功能供你操控。\n\n这款工具主要解决了用户对数据隐私、响应速度以及“始终在线”体验的需求。通过将 AI 部署在本地,用户无需依赖云端服务即可享受快速、私密的智能辅助,真正实现了“你的数据,你做主”。其独特的技术亮点在于强大的网关架构,将控制平面与核心助手分离,确保跨平台通信的流畅性与扩展性。\n\nOpenClaw 非常适合希望构建个性化工作流的技术爱好者、开发者,以及注重隐私保护且不愿被单一生态绑定的普通用户。只要具备基础的终端操作能力(支持 macOS、Linux 及 Windows WSL2),即可通过简单的命令行引导完成部署。如果你渴望拥有一个懂你",349277,3,"2026-04-06T06:32:30",[13,14,15,16],"Agent","开发框架","图像","数据工具","ready",{"id":19,"name":20,"github_repo":21,"description_zh":22,"stars":23,"difficulty_score":10,"last_commit_at":24,"category_tags":25,"status":17},3808,"stable-diffusion-webui","AUTOMATIC1111\u002Fstable-diffusion-webui","stable-diffusion-webui 是一个基于 Gradio 构建的网页版操作界面,旨在让用户能够轻松地在本地运行和使用强大的 Stable Diffusion 图像生成模型。它解决了原始模型依赖命令行、操作门槛高且功能分散的痛点,将复杂的 AI 绘图流程整合进一个直观易用的图形化平台。\n\n无论是希望快速上手的普通创作者、需要精细控制画面细节的设计师,还是想要深入探索模型潜力的开发者与研究人员,都能从中获益。其核心亮点在于极高的功能丰富度:不仅支持文生图、图生图、局部重绘(Inpainting)和外绘(Outpainting)等基础模式,还独创了注意力机制调整、提示词矩阵、负向提示词以及“高清修复”等高级功能。此外,它内置了 GFPGAN 和 CodeFormer 等人脸修复工具,支持多种神经网络放大算法,并允许用户通过插件系统无限扩展能力。即使是显存有限的设备,stable-diffusion-webui 也提供了相应的优化选项,让高质量的 AI 艺术创作变得触手可及。",162132,"2026-04-05T11:01:52",[14,15,13],{"id":27,"name":28,"github_repo":29,"description_zh":30,"stars":31,"difficulty_score":32,"last_commit_at":33,"category_tags":34,"status":17},1381,"everything-claude-code","affaan-m\u002Feverything-claude-code","everything-claude-code 是一套专为 AI 编程助手(如 Claude Code、Codex、Cursor 等)打造的高性能优化系统。它不仅仅是一组配置文件,而是一个经过长期实战打磨的完整框架,旨在解决 AI 代理在实际开发中面临的效率低下、记忆丢失、安全隐患及缺乏持续学习能力等核心痛点。\n\n通过引入技能模块化、直觉增强、记忆持久化机制以及内置的安全扫描功能,everything-claude-code 能显著提升 AI 在复杂任务中的表现,帮助开发者构建更稳定、更智能的生产级 AI 代理。其独特的“研究优先”开发理念和针对 Token 消耗的优化策略,使得模型响应更快、成本更低,同时有效防御潜在的攻击向量。\n\n这套工具特别适合软件开发者、AI 研究人员以及希望深度定制 AI 工作流的技术团队使用。无论您是在构建大型代码库,还是需要 AI 协助进行安全审计与自动化测试,everything-claude-code 都能提供强大的底层支持。作为一个曾荣获 Anthropic 黑客大奖的开源项目,它融合了多语言支持与丰富的实战钩子(hooks),让 AI 真正成长为懂上",158594,2,"2026-04-16T23:34:05",[14,13,35],"语言模型",{"id":37,"name":38,"github_repo":39,"description_zh":40,"stars":41,"difficulty_score":42,"last_commit_at":43,"category_tags":44,"status":17},8272,"opencode","anomalyco\u002Fopencode","OpenCode 是一款开源的 AI 编程助手(Coding Agent),旨在像一位智能搭档一样融入您的开发流程。它不仅仅是一个代码补全插件,而是一个能够理解项目上下文、自主规划任务并执行复杂编码操作的智能体。无论是生成全新功能、重构现有代码,还是排查难以定位的 Bug,OpenCode 都能通过自然语言交互高效完成,显著减少开发者在重复性劳动和上下文切换上的时间消耗。\n\n这款工具专为软件开发者、工程师及技术研究人员设计,特别适合希望利用大模型能力来提升编码效率、加速原型开发或处理遗留代码维护的专业人群。其核心亮点在于完全开源的架构,这意味着用户可以审查代码逻辑、自定义行为策略,甚至私有化部署以保障数据安全,彻底打破了传统闭源 AI 助手的“黑盒”限制。\n\n在技术体验上,OpenCode 提供了灵活的终端界面(Terminal UI)和正在测试中的桌面应用程序,支持 macOS、Windows 及 Linux 全平台。它兼容多种包管理工具,安装便捷,并能无缝集成到现有的开发环境中。无论您是追求极致控制权的资深极客,还是渴望提升产出的独立开发者,OpenCode 都提供了一个透明、可信",144296,1,"2026-04-16T14:50:03",[13,45],"插件",{"id":47,"name":48,"github_repo":49,"description_zh":50,"stars":51,"difficulty_score":32,"last_commit_at":52,"category_tags":53,"status":17},2271,"ComfyUI","Comfy-Org\u002FComfyUI","ComfyUI 是一款功能强大且高度模块化的视觉 AI 引擎,专为设计和执行复杂的 Stable Diffusion 图像生成流程而打造。它摒弃了传统的代码编写模式,采用直观的节点式流程图界面,让用户通过连接不同的功能模块即可构建个性化的生成管线。\n\n这一设计巧妙解决了高级 AI 绘图工作流配置复杂、灵活性不足的痛点。用户无需具备编程背景,也能自由组合模型、调整参数并实时预览效果,轻松实现从基础文生图到多步骤高清修复等各类复杂任务。ComfyUI 拥有极佳的兼容性,不仅支持 Windows、macOS 和 Linux 全平台,还广泛适配 NVIDIA、AMD、Intel 及苹果 Silicon 等多种硬件架构,并率先支持 SDXL、Flux、SD3 等前沿模型。\n\n无论是希望深入探索算法潜力的研究人员和开发者,还是追求极致创作自由度的设计师与资深 AI 绘画爱好者,ComfyUI 都能提供强大的支持。其独特的模块化架构允许社区不断扩展新功能,使其成为当前最灵活、生态最丰富的开源扩散模型工具之一,帮助用户将创意高效转化为现实。",108322,"2026-04-10T11:39:34",[14,15,13],{"id":55,"name":56,"github_repo":57,"description_zh":58,"stars":59,"difficulty_score":32,"last_commit_at":60,"category_tags":61,"status":17},6121,"gemini-cli","google-gemini\u002Fgemini-cli","gemini-cli 是一款由谷歌推出的开源 AI 命令行工具,它将强大的 Gemini 大模型能力直接集成到用户的终端环境中。对于习惯在命令行工作的开发者而言,它提供了一条从输入提示词到获取模型响应的最短路径,无需切换窗口即可享受智能辅助。\n\n这款工具主要解决了开发过程中频繁上下文切换的痛点,让用户能在熟悉的终端界面内直接完成代码理解、生成、调试以及自动化运维任务。无论是查询大型代码库、根据草图生成应用,还是执行复杂的 Git 操作,gemini-cli 都能通过自然语言指令高效处理。\n\n它特别适合广大软件工程师、DevOps 人员及技术研究人员使用。其核心亮点包括支持高达 100 万 token 的超长上下文窗口,具备出色的逻辑推理能力;内置 Google 搜索、文件操作及 Shell 命令执行等实用工具;更独特的是,它支持 MCP(模型上下文协议),允许用户灵活扩展自定义集成,连接如图像生成等外部能力。此外,个人谷歌账号即可享受免费的额度支持,且项目基于 Apache 2.0 协议完全开源,是提升终端工作效率的理想助手。",100752,"2026-04-10T01:20:03",[45,13,15,14],{"id":63,"github_repo":64,"name":65,"description_en":66,"description_zh":67,"ai_summary_zh":67,"readme_en":68,"readme_zh":69,"quickstart_zh":70,"use_case_zh":71,"hero_image_url":72,"owner_login":73,"owner_name":74,"owner_avatar_url":75,"owner_bio":76,"owner_company":77,"owner_location":78,"owner_email":79,"owner_twitter":80,"owner_website":81,"owner_url":82,"languages":83,"stars":108,"forks":109,"last_commit_at":110,"license":111,"difficulty_score":32,"env_os":112,"env_gpu":113,"env_ram":114,"env_deps":115,"category_tags":122,"github_topics":123,"view_count":32,"oss_zip_url":79,"oss_zip_packed_at":79,"status":17,"created_at":134,"updated_at":135,"faqs":136,"releases":165},8385,"BradGroux\u002Fveritas-kanban","veritas-kanban","The unfiltered truth about where your project stands. Lightweight orchestration platform built for the agentic AI era.","Veritas Kanban 是一款专为\"AI 智能体时代”打造的轻量级任务管理与编排平台。它不仅仅是一个可视化的看板工具,更致力于揭示项目进度的“未过滤真相”,让开发者能够直观地掌控自主编码智能体的工作状态。\n\n在 AI 辅助开发日益普及的今天,传统项目管理工具往往难以有效追踪和协调多个自主运行的 AI 智能体。Veritas Kanban 解决了这一痛点,通过本地优先(Local-first)的架构,为开发者提供了一个既能手动管理任务,又能无缝对接自动编码智能体的统一工作区。它支持从史诗级需求拆解到具体任务执行的全流程,并内置了智能体间的协作协议、代码审查机制及行为审计功能,确保多智能体协作透明可控。\n\n这款工具主要面向希望将自主编码智能体融入工作流的软件开发者和技术团队。其独特的技术亮点包括对 MCP(模型上下文协议)服务器的深度集成、基于策略引擎的智能体治理体系,以及详细的决策审计追踪能力。无论是想要快速搭建本地开发环境,还是需要复杂的多智能体编排策略,Veritas Kanban 都能帮助你在几分钟内实现从零基础到智能体就绪的转变,让“真理在行动中”得以体现。","\u003Cdiv align=\"center\">\n\n# ⚖️ Veritas Kanban\n\n_Veritas in actis — Truth in action._\n\n**Local-first task management and AI agent orchestration platform.**\n\nBuilt for developers who want a visual Kanban board that works with autonomous coding agents.\n\n[![CI](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Factions\u002Fworkflows\u002Fci.yml\u002Fbadge.svg)](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Factions\u002Fworkflows\u002Fci.yml)\n[![License: MIT](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FLicense-MIT-yellow.svg)](LICENSE)\n[![Version](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002Fversion-4.0.0-blue.svg)](CHANGELOG.md)\n[![TypeScript](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FTypeScript-5.7-blue.svg)](https:\u002F\u002Fwww.typescriptlang.org\u002F)\n[![PRs Welcome](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FPRs-welcome-brightgreen.svg)](CONTRIBUTING.md)\n\n![Veritas Kanban — Board Overview](https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002FBradGroux_veritas-kanban_readme_b8891a098322.gif)\n\n> 🎬 [Watch the full demo video (MP4)](assets\u002Fdemo-overview.mp4)\n\n⭐ **If you find this useful, star the repo — it helps others discover it!**\n\n[Quickstart](#-quickstart) · [Features](#-feature-highlights) · [Why VK](#-why-veritas-kanban) · [All Features](docs\u002FFEATURES.md) · [Docs](docs\u002F) · [Troubleshooting](docs\u002FTROUBLESHOOTING.md) · [API](#-api-versioning) · [Agent Integration](#-agent-integration) · [MCP Server](#-mcp-server) · [Contributing](CONTRIBUTING.md) · [Changelog](CHANGELOG.md)\n\n\u003C\u002Fdiv>\n\n---\n\nCreated by **Brad Groux** — CEO of [Digital Meld](https:\u002F\u002Fdigitalmeld.io), and host of the [Start Small, Think Big](https:\u002F\u002Fpodcasts.apple.com\u002Fus\u002Fpodcast\u002Fstart-small-think-big-a-podcast-and-newsletter\u002Fid1802232903) podcast · [LinkedIn](https:\u002F\u002Fwww.linkedin.com\u002Fin\u002Fbradgroux\u002F) · [Twitter](https:\u002F\u002Ftwitter.com\u002FBradGroux) · [YouTube](https:\u002F\u002Fwww.youtube.com\u002Fbradgroux)\n\n---\n\n## ⚡ Quickstart\n\nWant to take the easy way out? Ask your agent (like [OpenClaw](https:\u002F\u002Fgithub.com\u002Fopenclaw\u002Fopenclaw)):\n\n```\nClone and set up veritas-kanban locally. Install dependencies with pnpm, copy the .env.example, and start the dev server. Verify it's running at localhost:3000.\n```\n\nWant to do it yourself? Get up and running in under 5 minutes:\n\n```bash\ngit clone https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban.git\ncd veritas-kanban\npnpm install\ncp server\u002F.env.example server\u002F.env # Edit to change VERITAS_ADMIN_KEY\npnpm dev\n```\n\nOpen [http:\u002F\u002Flocalhost:3000](http:\u002F\u002Flocalhost:3000) — that's it. The board auto-seeds with example tasks on first run so you can explore right away.\n\n> **Want a clean slate?** Delete the example tasks: `rm tasks\u002Factive\u002Ftask_example_*.md` and refresh.\n> **Want to re-seed?** Run `pnpm seed` to restore the example tasks (only works when the board is empty).\n\n> **Note:** Never commit `.env` files. Use `.env.example` as a template — it contains safe placeholder values and documentation for every variable.\n\n---\n\n## 📚 Documentation Map\n\n- [MCP Server Guide](docs\u002Fmcp\u002FREADME.md) — 33+ tools, architecture, quickstart, tool catalog, security model, troubleshooting.\n- [API Reference](docs\u002FAPI-REFERENCE.md) — Auth, endpoints, request\u002Fresponse examples, WebSocket, common workflows.\n- [Self-Hosting Guide](docs\u002Fguides\u002FSELF_HOST.md) — production deployment, reverse proxy, auth hardening, Docker, and backups.\n- [Getting Started Guide](docs\u002FGETTING-STARTED.md) — zero ➝ agent-ready in 5 minutes, plus sanity checks and prompt registry tips.\n- [Agent Task Workflow SOP](docs\u002FSOP-agent-task-workflow.md) — lifecycle, API\u002FCLI snippets, prompts.\n- [Squad Chat Protocol](docs\u002FSQUAD-CHAT-PROTOCOL.md) — agent messaging, system events (spawned\u002Fcompleted\u002Ffailed), model attribution, and helper scripts.\n- [Sprint Planning SOP](docs\u002FSOP-sprint-planning.md) — epic → sprint → task breakdown.\n- [Multi-Agent Orchestration](docs\u002FSOP-multi-agent-orchestration.md) — PM + worker handoffs.\n- [Cross-Model Code Review](docs\u002FSOP-cross-model-code-review.md) — enforce Claude ↔ GPT reviews.\n- [Agent Governance SOPs](docs\u002F) — [Policy engine](docs\u002FSOP-agent-policy-engine.md), [drift detection](docs\u002FSOP-behavioral-drift-detection.md), [decision audit](docs\u002FSOP-decision-audit-trail.md), [output evaluation](docs\u002FSOP-output-evaluation.md), [user feedback](docs\u002FSOP-user-feedback.md).\n- [Operational SOPs](docs\u002F) — [Broadcasts](docs\u002FSOP-broadcasts.md), [delegation](docs\u002FSOP-delegation.md), [deliverables](docs\u002FSOP-deliverables.md), [prompt registry](docs\u002FSOP-prompt-registry.md), [squad chat](docs\u002FSOP-squad-chat.md), [system health](docs\u002FSOP-system-health-monitoring.md).\n- [Best Practices](docs\u002FBEST-PRACTICES.md) & [Tips + Tricks](docs\u002FTIPS-AND-TRICKS.md) — patterns, shortcuts, integrations.\n- [Real-World Examples](docs\u002FEXAMPLES-agent-workflows.md) — copy\u002Fpasteable agent recipes.\n- [Troubleshooting](docs\u002FTROUBLESHOOTING.md) — deeper diagnostics when things wobble.\n\n## ⚠️ Agentic AI Safety\n\n> [!CAUTION]\n> **AI agents can write code, execute commands, and modify your system.** While tools like Veritas Kanban make agentic workflows powerful, they can also cause real damage without proper guardrails. Read this before giving any AI agent access to your environment.\n\n### Best Practices for Agentic AI\n\n1. **Run locally first.** Keep your board and agents on your own machine until you fully understand the behavior. Never expose an unauthenticated instance to the internet. **Veritas Kanban does not include rate limiting** — if you deploy publicly, add a reverse proxy (nginx, Caddy, Cloudflare) with rate limiting in front of it.\n\n2. **Never trigger agents from uncontrolled inputs.** Don't let inbound emails, webhooks from third parties, or public form submissions automatically spawn agent work. An attacker who can craft an input can control your agent.\n\n3. **Principle of least privilege.** Give agents the minimum permissions they need. Use the `agent` role (not `admin`) for API keys. Restrict file system access. Don't run agents as root.\n\n4. **Review before merge.** Agents can write code — that doesn't mean the code is correct or safe. Always review agent-generated code before merging to production branches. Use the built-in code review workflow.\n\n5. **Set boundaries on destructive actions.** Agents should not have unsupervised access to `rm`, `git push --force`, database drops, or production deployments. Require human approval for irreversible operations.\n\n6. **Monitor and audit.** Use time tracking and activity logs to understand what agents are doing. Review agent-completed tasks. Check git diffs before pushing.\n\n7. **Rotate credentials regularly.** If an agent has access to API keys, tokens, or secrets, rotate them on a schedule. Don't embed real credentials in task descriptions or prompts.\n\n8. **Isolate environments.** Run agents in containers, VMs, or sandboxed environments when possible. Keep agent workspaces separate from sensitive data.\n\n**The bottom line:** Agentic AI is transformational, but it amplifies both your capabilities and your mistakes. Plan accordingly, start small, and add autonomy gradually as you build confidence in your guardrails.\n\n---\n\n## ✨ Feature Highlights\n\n### 🛡️ Agent Governance (New in v4.0)\n\n**Policy Engine** — Define what agents can and can't do. Configurable tool\u002Faction policies with `allow`, `deny`, and `require-approval` guard rules. Every policy decision is logged. **Decision Audit Trail** — Log agent decisions with confidence scores, supporting evidence, and stated assumptions. Record outcomes afterward to see whether assumptions held. **Behavioral Drift Detection** — Set metric baselines and thresholds; get alerted when an agent's behavior deviates. **User Feedback Loop** — Collect feedback on agent outputs with sentiment tagging and category analytics. **Output Evaluation** — Score agent outputs against weighted criteria profiles (regex, keyword, numeric range, custom expressions).\n\n### 🤖 Agent Orchestration\n\nSpawn autonomous coding agents on tasks. Track them in real-time with the multi-agent dashboard — status indicators, expandable agent cards, model attribution. Squad Chat gives agents a shared communication channel with system lifecycle events (spawned, completed, failed). Assign multiple agents per task, set permission levels (Intern\u002FSpecialist\u002FLead), and let them coordinate.\n\n![Agent orchestration](https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002FBradGroux_veritas-kanban_readme_b8891a098322.gif)\n\n### 📊 Customizable Dashboard (New in v4.0)\n\n**Draggable & Resizable Widget Grid** — Rearrange and resize dashboard widgets via drag-and-drop. Layouts persist across sessions. Add widgets from the library or remove ones you don't need. **Global System Health Bar** — Persistent header status bar with five health levels (stable → alert) across three signal categories: system resources, agent availability, and operation success rate.\n\n### 📝 Prompt Template Registry (New in v4.0)\n\nVersion-controlled prompt templates with variable extraction, full version history with rollback, usage tracking, and preview rendering with sample variable injection. Manage your prompt library the same way you manage code.\n\n### ⚡ Workflow Engine\n\nDefine multi-step agent pipelines as version-controlled YAML. Sequential steps, parallel fan-out\u002Ffan-in, loop iteration over collections, gate approvals with human-in-the-loop, and retry routing. Think GitHub Actions — but for AI agents. Live execution view with step-by-step progress. Monitoring dashboard with success rates, active runs, and per-workflow health metrics.\n\n### 📋 Task Intelligence\n\nNot just cards on a board. Tasks have dependency graphs with cycle detection, crash-recovery checkpointing (auto-sanitizes secrets), observational memory with importance scoring, time tracking, and full activity logs. Enforcement gates (review gates, delegation enforcement, auto-telemetry) add production guardrails — all optional, all toggleable.\n\n![Task detail features demo](https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002FBradGroux_veritas-kanban_readme_e9a9a5a7e2fc.gif)\n\n### 🔀 Git-Native Development\n\nIsolated worktrees per task — no branch switching, no conflicts. Built-in code review with unified diff viewer and inline comments. Approval workflows (approve, request changes, reject). Visual merge conflict resolution. Create GitHub PRs directly from the task detail panel. Bidirectional GitHub Issues sync with label mapping.\n\n### 📁 Zero Infrastructure\n\nTasks are markdown files. Settings are JSON. Workflows are YAML. No database, no Docker, no Redis. Clone, `pnpm install`, `pnpm dev` — done. Everything is `grep`-friendly, version-controllable, and human-readable. Back up your entire board with `git push`.\n\n### 🔌 Three Integration Surfaces\n\n- **MCP Server** — 33+ tools across 7 categories via Model Context Protocol (v4.0 adds project management and comment CRUD)\n- **CLI** — `vk begin \u003Cid>` \u002F `vk done \u003Cid> \"summary\"` replaces 6 API calls with 2 commands\n- **REST API** — Full lifecycle management. If it can make HTTP calls, it can drive the board.\n\n> 📋 **Full feature reference with every config option:** [docs\u002FFEATURES.md](docs\u002FFEATURES.md)\n\n\u003Cdetails>\n\u003Csummary>\u003Cstrong>📋 Complete Feature List\u003C\u002Fstrong>\u003C\u002Fsummary>\n\n#### Core Board\n\n- **Drag-and-drop Kanban** — Move tasks across To Do, In Progress, Blocked, Done\n- **Markdown storage** — Human-readable task files with YAML frontmatter\n- **Dark\u002Flight mode** — Toggle between dark and light themes in Settings\n\n#### Code Workflow\n\n- **Git worktrees** — Isolated branches per task, automatic cleanup\n- **Code review** — Unified diff viewer with inline comments\n- **Approval workflow** — Approve, request changes, or reject\n- **Merge conflicts** — Visual conflict resolution UI\n- **GitHub PRs** — Create pull requests directly from task detail\n\n#### AI Agents\n\n- **Agent orchestration** — Spawn autonomous coding agents on tasks\n- **Custom agents** — Add your own agents with any name and command; not limited to built-in types\n- **Platform-agnostic API** — REST endpoints work with any agentic platform\n- **Built-in OpenClaw support** — Native integration with [OpenClaw](https:\u002F\u002Fgithub.com\u002Fopenclaw\u002Fopenclaw)\n- **Squad Chat** — Real-time agent-to-agent communication with WebSocket updates, system lifecycle events, model attribution per message, and configurable display names\n- **@Mention notifications** — @agent-name parsing in comments, thread subscriptions\n- **Broadcast Notifications** — Priority-based persistent notifications with read receipts and agent-specific delivery\n- **Squad Chat Webhook** — Configurable webhooks (generic HTTP or OpenClaw Direct) for external agent integration\n- **Agent registry** — Service discovery with heartbeat tracking, capabilities, and live status\n- **Multi-agent dashboard** — Real-time sidebar with expandable agent cards, status indicators\n- **Multi-agent task assignment** — Assign multiple agents per task with color-coded chips\n- **Permission levels** — Intern \u002F Specialist \u002F Lead tiers with approval workflows\n- **Error learning** — Structured failure analysis with similarity search\n- **Task lifecycle hooks** — 7 built-in hooks, 8 events, custom hooks API\n- **Task Deliverables** — First-class deliverable objects with type\u002Fstatus tracking (code, documentation, data, etc.)\n- **Efficient Polling** — `\u002Fapi\u002Fchanges?since=...` endpoint with ETag support for optimized agent polling\n- **Approval Delegation** — Vacation mode with scoped approval delegation and automatic routing\n- **OpenClaw Integration** — Direct gateway wake for real-time squad chat notifications and agent orchestration\n- **Reverse Proxy Ready** — Deploy behind nginx, Caddy, Traefik, or any reverse proxy with `TRUST_PROXY`\n- **Multiple attempts** — Retry with different agents, preserve history\n- **Running indicator** — Visual feedback when agents are working\n\n#### Workflow Engine\n\n- **YAML workflow definitions** — Define multi-step agent orchestration pipelines as version-controlled YAML files\n- **Visual execution** — Live run view with step-by-step progress, status indicators, and output preview\n- **Sequential & advanced step types** — Agent steps, loop iteration, gate approval, parallel fan-out\u002Ffan-in\n- **Loop steps** — Iterate over collections with configurable completion policies (all_done, any_done, first_success)\n- **Gate steps** — Conditional blocking with human approval, timeout escalation, and expression-based conditions\n- **Parallel steps** — Execute multiple sub-steps concurrently with completion criteria (all, any, N-of-M)\n- **Run state management** — Persistent run state survives server restarts, retry with exponential backoff, resume blocked runs\n- **Tool policies** — Role-based tool restrictions (5 default roles: planner, developer, reviewer, tester, deployer) with custom role CRUD\n- **Session isolation** — Each workflow step runs in a fresh OpenClaw session with configurable context injection\n- **Monitoring dashboard** — Summary cards, live active runs table, recent history, per-workflow health metrics\n- **Real-time updates** — WebSocket-primary with polling fallback; 75% reduction in API calls when connected\n- **Workflow API** — 9 CRUD endpoints for workflow definitions, runs, and control\n- **Enhanced acceptance criteria** — Regex patterns, JSON path equality checks, substring matching for step validation\n- **Security hardening** — ReDoS protection, expression injection prevention, parallel DoS limits, gate approval validation\n- **Progress file tracking** — Shared `progress.md` per run for context passing between steps\n- **Audit logging** — Every workflow change logged to `.veritas-kanban\u002Fworkflows\u002F.audit.jsonl`\n- **RBAC** — Role-based access control for workflow execution, editing, and viewing\n\n#### Enforcement Gates\n\n- **squadChat** — Auto-post task lifecycle events to squad chat\n- **reviewGate** — Require 4x10 review scores before task completion\n- **closingComments** — Require deliverable summary (≥20 chars) before completion\n- **autoTelemetry** — Auto-emit `run.started`\u002F`run.completed` on status changes\n- **autoTimeTracking** — Auto-start\u002Fstop timers on status changes\n- **orchestratorDelegation** — Warn when orchestrator does implementation work instead of delegating\n\n#### Visibility & Automation\n\n- **GitHub Issues sync** — Bidirectional sync between GitHub Issues and your board\n- **Activity page** — Status history with clickable task navigation, color-coded badges, and daily summary\n- **Daily standup summary** — Generate standup reports via API or CLI (`vk summary standup`)\n- **Task Templates** — Create reusable templates with defaults, subtasks, and multi-task blueprints\n- **Documentation freshness** — Steward workflow with freshness headers and automated staleness detection\n- **Cost prediction** — Multi-factor cost estimation for tasks\n\n#### Dashboard\n\n- **Where Time Went** — Time breakdown by project from telemetry data\n- **Activity Clock** — 24-hour donut chart showing agent work patterns\n- **Hourly Activity** — Bar chart with event counts per hour\n- **Wall Time Toggle** — Total agent time + average run duration\n- **Session Metrics** — Session count, success rate, completion tracking\n- **Markdown rendering** — Rich markdown in task descriptions and comments\n- **Timezone-aware metrics** — Server reports local timezone; clients can request metrics in any timezone via `?tz=`\n- **Analytics API** — Timeline visualization and aggregate metrics (parallelism, throughput, lead time)\n\n#### Organization\n\n- **Subtasks** — Break down complex work with progress tracking\n- **Task dependencies** — Bidirectional dependency graph with cycle detection, recursive tree API, and visual badges\n- **Crash-recovery checkpointing** — Save\u002Fresume\u002Fclear agent state with auto-sanitization of secrets\n- **Observational memory** — Per-task observations with importance scoring, full-text search, timeline view\n- **Sprint management** — Full sprint CRUD from CLI and MCP with suggestions engine\n- **Archive** — Searchable archive with one-click restore\n- **Time tracking** — Start\u002Fstop timer or manual entry\n- **Activity log** — Full history of task events\n\n#### Settings & Customization\n\n- **Modular settings** — 8 focused tabs (General, Board, Tasks, Agents, Data, Notifications, Security, Manage)\n- **Security hardened** — XSS prevention, path traversal blocking, prototype pollution protection\n- **WCAG 2.1 AA** — Full accessibility with ARIA labels, keyboard navigation\n- **Error boundaries** — Crash isolation per tab with recovery options\n- **Performance** — Lazy-loaded tabs, memoized components, debounced saves\n- **Import\u002FExport** — Backup and restore all settings with validation\n\n#### Integration\n\n- **CLI** — `vk` command for terminal workflows\n- **MCP Server** — 33+ tools across 7 categories via Model Context Protocol\n- **Notifications** — Teams integration for task updates\n\n\u003C\u002Fdetails>\n\n---\n\n## 🛠️ Tech Stack\n\n| Layer | Technology | Version |\n| ------------------- | ------------------------------------ | -------------------------------- |\n| **Frontend** | React, Vite, Tailwind CSS, Shadcn UI | React 19, Vite 7.3, Tailwind 4.2 |\n| **Backend** | Express, WebSocket | Express 5.2 |\n| **Language** | TypeScript (strict mode) | 5.7 |\n| **Storage** | Markdown files with YAML frontmatter | gray-matter |\n| **Git** | simple-git, worktree management | — |\n| **Testing** | Playwright (E2E), Vitest (unit) | Playwright 1.58, Vitest 4 |\n| **Runtime** | Node.js | 22+ |\n| **Package Manager** | pnpm | 9+ |\n\n---\n\n## 🏆 Why Veritas Kanban?\n\nMost agentic AI tools fall into one of two camps: **orchestration frameworks** that are powerful but invisible (CrewAI, AutoGen, LangGraph) — or **project boards** that look nice but have zero agent awareness (Jira, Linear, Notion).\n\nVeritas Kanban is neither. It's the **visual command center for agentic work** — where you can see what your agents are doing, what they've done, and what they're about to do, with full audit trails and production guardrails.\n\n### What makes VK different\n\n| | Veritas Kanban | CrewAI \u002F AutoGen \u002F LangGraph | Jira \u002F Linear \u002F Plane |\n| ------------------------------- | :---------------------------------: | :--------------------------: | :-------------------: |\n| **Visual task board** | ✅ Drag-and-drop Kanban | ❌ Code-only, no UI | ✅ Board UI |\n| **AI agent orchestration** | ✅ Native, multi-model | ✅ Core purpose | ❌ No agent story |\n| **YAML workflow pipelines** | ✅ Loops, gates, parallel | ⚠️ Code-defined only | ❌ |\n| **Real-time agent dashboard** | ✅ Status, model attribution | ❌ | ❌ |\n| **Agent communication** | ✅ Squad Chat with lifecycle events | ⚠️ Internal only | ❌ |\n| **MCP server** | ✅ 33+ tools | ❌ | ❌ |\n| **CLI** | ✅ Full lifecycle | ❌ | ⚠️ Limited |\n| **Git worktrees + code review** | ✅ Built-in | ❌ | ❌ |\n| **Task persistence** | ✅ Markdown files | ❌ In-memory | ✅ Database |\n| **Enforcement gates** | ✅ 6 configurable gates | ❌ | ❌ |\n| **Time + cost tracking** | ✅ Per-task, per-model | ❌ | ⚠️ Basic |\n| **No database required** | ✅ Files on disk | ✅ | ❌ Requires DB |\n| **Open source** | ✅ MIT | ⚠️ Varies | ⚠️ Varies |\n| **Platform-agnostic** | ✅ Any agent, any model | ⚠️ Framework-locked | N\u002FA |\n\n**The bottom line:** Orchestration frameworks give you agent execution without visibility. Project boards give you visibility without agent execution. Veritas Kanban gives you both — plus the guardrails, telemetry, and audit trails that production agentic work demands.\n\nBuilt and battle-tested with [OpenClaw](https:\u002F\u002Fgithub.com\u002Fopenclaw\u002Fopenclaw). Works with any platform that can make HTTP calls.\n\n---\n\n## 🔄 How It Works\n\n```\n Any AI Agent \u002F CLI \u002F MCP Client\n │\n ▼\n┌──────────────────────────────┐\n│ REST API + WebSocket │\n│ http:\u002F\u002Flocalhost:3001 │\n│ │\n│ ┌───────┐ ┌───────────┐ │\n│ │ Tasks │ │ Workflows │ │\n│ │ API │ │ Engine │ │\n│ └───┬───┘ └─────┬─────┘ │\n│ │ │ │\n│ ▼ ▼ │\n│ Markdown YAML Workflows │\n│ Files + Run State │\n└──────────────────────────────┘\n │\n ▼\n React 19 + Vite Frontend\n http:\u002F\u002Flocalhost:3000\n```\n\nThe board is the source of truth. Agents interact via the REST API — create tasks, start workflows, update status, track time, submit completions. Workflows orchestrate multi-step agent pipelines with loops, gates, and parallel execution. The frontend reflects everything in real time over WebSocket. No vendor lock-in: if it can make HTTP calls, it can drive the board.\n\n---\n\n## 🏗️ Architecture\n\n```\nveritas-kanban\u002F ← pnpm monorepo\n│\n├── web\u002F ← React 19 + Vite frontend\n│ └── src\u002F\n│ ├── components\u002F ← UI components (Shadcn + custom)\n│ ├── hooks\u002F ← React Query hooks, WebSocket\n│ └── lib\u002F ← Utilities, API client\n│\n├── server\u002F ← Express + WebSocket API\n│ └── src\u002F\n│ ├── routes\u002F ← REST endpoints (\u002Fapi\u002Fv1\u002F*)\n│ ├── services\u002F ← Business logic\n│ └── middleware\u002F ← Auth, rate limiting, security\n│\n├── shared\u002F ← TypeScript types & contracts\n│ └── src\u002Ftypes\u002F ← Shared between web & server\n│\n├── cli\u002F ← `vk` CLI tool\n├── mcp\u002F ← MCP server for AI assistants\n├── docs\u002F ← Sprint & audit documentation\n│\n├── tasks\u002F ← Task storage (Markdown files)\n│ ├── active\u002F ← Current tasks (.gitignored)\n│ ├── archive\u002F ← Archived tasks (.gitignored)\n│ └── examples\u002F ← Seed tasks for first-run\n│\n└── .veritas-kanban\u002F ← Runtime config & data\n ├── config.json\n ├── workflows\u002F ← YAML workflow definitions\n ├── workflow-runs\u002F ← Run state & step outputs\n ├── tool-policies\u002F ← Role-based tool restrictions\n ├── worktrees\u002F\n ├── logs\u002F\n └── agent-requests\u002F\n```\n\n**Data flow:** Web ↔ REST API \u002F WebSocket ↔ Server ↔ Markdown\u002FYAML files on disk\n\n---\n\n## 📖 API Versioning\n\nAll API endpoints support versioned paths. The current (and default) version is **v1**.\n\n| Path | Description |\n| --------------- | --------------------------------------- |\n| `\u002Fapi\u002Fv1\u002Ftasks` | Canonical versioned endpoint |\n| `\u002Fapi\u002Ftasks` | Backwards-compatible alias (same as v1) |\n\nEvery response includes an `X-API-Version: v1` header. Clients may optionally request a specific version:\n\n```bash\ncurl -H \"X-API-Version: v1\" http:\u002F\u002Flocalhost:3001\u002Fapi\u002Ftasks\n```\n\n- **Non-breaking changes** (new fields, new endpoints) are added to the current version.\n- **Breaking changes** will introduce a new version (`v2`). The previous version remains available during a deprecation period.\n- The unversioned `\u002Fapi\u002F...` alias always points to the latest stable version.\n\n---\n\n## 💻 CLI\n\n> 📖 **Comprehensive CLI guide:** [docs\u002FCLI-GUIDE.md](docs\u002FCLI-GUIDE.md) — installation, every command, scripting examples, and tips.\n\nManage your entire task lifecycle with two commands.\n\n```bash\n# Install globally\ncd cli && npm link\n```\n\n### Setup & Onboarding\n\n```bash\nvk setup # Guided environment check + sample task\nvk setup --skip-task # Check only, no sample task\nvk setup --json # Machine-readable output\n```\n\nValidates Node version, server health, API auth, and optionally creates a welcome task to get you started.\n\n### Workflow Commands\n\nThe `vk begin` and `vk done` commands replace multi-step API workflows with single commands. Inspired by Boris Cherny's (Claude Code creator) philosophy: _\"automate everything you do twice.\"_\n\n**Before (6 separate curl calls):**\n\n```bash\ncurl -X PATCH http:\u002F\u002Flocalhost:3001\u002Fapi\u002Ftasks\u002F\u003Cid> -H \"Content-Type: application\u002Fjson\" -d '{\"status\":\"in-progress\"}'\ncurl -X POST http:\u002F\u002Flocalhost:3001\u002Fapi\u002Ftasks\u002F\u003Cid>\u002Ftime\u002Fstart\ncurl -X POST http:\u002F\u002Flocalhost:3001\u002Fapi\u002Fagent\u002Fstatus -H \"Content-Type: application\u002Fjson\" -d '{\"status\":\"working\",\"taskId\":\"\u003Cid>\",\"taskTitle\":\"Title\"}'\n# ... work happens ...\ncurl -X POST http:\u002F\u002Flocalhost:3001\u002Fapi\u002Ftasks\u002F\u003Cid>\u002Ftime\u002Fstop\ncurl -X PATCH http:\u002F\u002Flocalhost:3001\u002Fapi\u002Ftasks\u002F\u003Cid> -H \"Content-Type: application\u002Fjson\" -d '{\"status\":\"done\"}'\ncurl -X POST http:\u002F\u002Flocalhost:3001\u002Fapi\u002Ftasks\u002F\u003Cid>\u002Fcomments -H \"Content-Type: application\u002Fjson\" -d '{\"author\":\"agent\",\"text\":\"summary\"}'\n```\n\n**After (2 commands):**\n\n```bash\nvk begin \u003Cid> # → in-progress + timer + agent working\nvk done \u003Cid> \"Added OAuth\" # → timer stop + done + comment + agent idle\n```\n\n| Command | What It Does |\n| ------------------------ | ------------------------------------------------------------ |\n| `vk begin \u003Cid>` | Sets in-progress + starts timer + agent status → working |\n| `vk done \u003Cid> \"summary\"` | Stops timer + sets done + adds comment + agent status → idle |\n| `vk block \u003Cid> \"reason\"` | Sets blocked + adds comment with reason |\n| `vk unblock \u003Cid>` | Sets in-progress + restarts timer |\n\n### Basic Task Management\n\n```bash\nvk list # List all tasks\nvk list --status in-progress # Filter by status\nvk show \u003Cid> # Task details\nvk create \"Title\" --type code # Create task\nvk update \u003Cid> --status review # Update task\n```\n\n### Time Tracking\n\n```bash\nvk time start \u003Cid> # Start time tracker\nvk time stop \u003Cid> # Stop time tracker\nvk time entry \u003Cid> 3600 \"desc\" # Add manual entry (seconds)\nvk time show \u003Cid> # Display time summary\n```\n\n### Comments\n\n```bash\nvk comment \u003Cid> \"Fixed the bug\" # Add comment\nvk comment \u003Cid> \"Done\" --author Veritas # With author\n```\n\n### Agent Status\n\n```bash\nvk agent status # Show current agent status\nvk agent working \u003Cid> # Set to working (auto-fetches title)\nvk agent idle # Set to idle\nvk agent sub-agent 3 # Set sub-agent mode with count\n```\n\n### Project Management\n\n```bash\nvk project list # List all projects\nvk project create \"my-app\" --color \"#7c3aed\" --description \"Main app\"\n```\n\n### GitHub Sync\n\n```bash\nvk github sync # Trigger manual sync\nvk github status # Show sync status\nvk github config # View\u002Fupdate configuration\nvk github mappings # List issue↔task mappings\n```\n\n### Agent Commands\n\n```bash\nvk agents:pending # List pending agent requests\nvk agents:status \u003Cid> # Check if agent running\nvk agents:complete \u003Cid> -s # Mark agent complete\n```\n\n### Utilities\n\n```bash\nvk summary # Project stats\nvk summary standup # Daily standup summary\nvk notify:pending # Check notifications\n```\n\nAll commands support `--json` for scripting and machine consumption.\n\n---\n\n## 🤖 Agent Integration\n\nVeritas Kanban works with any agentic platform that can make HTTP calls. The REST API covers the full task lifecycle — create, update, track time, complete.\n\nBuilt and tested with [OpenClaw](https:\u002F\u002Fgithub.com\u002Fopenclaw\u002Fopenclaw) (formerly Clawdbot\u002FMoltbot), which provides native orchestration via `sessions_spawn`. The built-in agent service targets OpenClaw — PRs welcome for adapters to other platforms.\n\n### How It Works\n\n1. **Start Agent** — Click \"Start Agent\" in the UI on a code task (or hit the API directly)\n2. **Request Created** — Server writes to `.veritas-kanban\u002Fagent-requests\u002F`\n3. **Agent Picks Up** — Your agent reads the request and begins work\n4. **Work Happens** — Agent updates task status, tracks time, commits code\n5. **Completion** — Agent calls the completion endpoint with results\n6. **Task Updates** — Status moves to Review, notifications sent\n\n### Any Platform (REST API)\n\n> 💡 **Using the CLI?** Skip the curl commands — `vk begin \u003Cid>` and `vk done \u003Cid> \"summary\"` handle the full lifecycle in one shot. See the [CLI Guide](docs\u002FCLI-GUIDE.md) for details.\n\n```bash\n# Create a task\ncurl -X POST http:\u002F\u002Flocalhost:3001\u002Fapi\u002Ftasks \\\n -H \"Content-Type: application\u002Fjson\" \\\n -H \"X-API-Key: $YOUR_KEY\" \\\n -d '{\"title\": \"Implement feature X\", \"type\": \"code\", \"status\": \"in-progress\"}'\n\n# Start time tracking\ncurl -X POST http:\u002F\u002Flocalhost:3001\u002Fapi\u002Ftasks\u002F\u003Cid>\u002Ftime\u002Fstart \\\n -H \"X-API-Key: $YOUR_KEY\"\n\n# Mark complete\ncurl -X POST http:\u002F\u002Flocalhost:3001\u002Fapi\u002Fagents\u002F\u003Cid>\u002Fcomplete \\\n -H \"Content-Type: application\u002Fjson\" \\\n -H \"X-API-Key: $YOUR_KEY\" \\\n -d '{\"success\": true, \"summary\": \"What was done\"}'\n```\n\n### GitHub Issues Sync\n\n```bash\n# Trigger a manual sync\ncurl -X POST http:\u002F\u002Flocalhost:3001\u002Fapi\u002Fgithub\u002Fsync \\\n -H \"X-API-Key: $YOUR_KEY\"\n\n# Check sync status\ncurl http:\u002F\u002Flocalhost:3001\u002Fapi\u002Fgithub\u002Fsync\u002Fstatus \\\n -H \"X-API-Key: $YOUR_KEY\"\n```\n\nIssues with the `kanban` label are imported as tasks. Status changes push back (done → close, reopen on todo\u002Fin-progress\u002Fblocked). Labels like `priority:high` and `type:story` map to task fields. Configure in `.veritas-kanban\u002Fintegrations.json`.\n\n### OpenClaw (Native)\n\n```bash\n# Check for pending agent requests\nvk agents:pending\n\n# OpenClaw sub-agents use sessions_spawn to execute work,\n# then call the completion endpoint automatically.\n```\n\n---\n\n## 🔗 MCP Server\n\n33+ tools across 7 categories (tasks, agents, automation, notifications, summaries, sprints, projects) via [Model Context Protocol](https:\u002F\u002Fmodelcontextprotocol.io\u002F).\n\n**→ [Full MCP documentation](docs\u002Fmcp\u002FREADME.md)** — architecture, quickstart, tool catalog with examples, security model, and troubleshooting.\n\n**Quick config** (Claude Desktop \u002F Cursor \u002F OpenClaw):\n\n```json\n{\n \"mcpServers\": {\n \"veritas-kanban\": {\n \"command\": \"node\",\n \"args\": [\"\u002Fpath\u002Fto\u002Fveritas-kanban\u002Fmcp\u002Fdist\u002Findex.js\"],\n \"env\": {\n \"VK_API_URL\": \"http:\u002F\u002Flocalhost:3001\"\n }\n }\n }\n}\n```\n\n**After adding the config, restart OpenClaw:**\n\n```bash\nopenclaw gateway restart\n```\n\nVerify discovery with `openclaw mcp list`. See [Troubleshooting](docs\u002FTROUBLESHOOTING.md#mcp-server-connection-issues) if the server doesn't appear.\n\n**Troubleshooting MCP connection issues:**\n\n- **Always restart OpenClaw after MCP config changes** — MCP servers are discovered at startup\n- **Verify tools are available:** Run `openclaw mcp list` to confirm 26 Veritas Kanban tools appear\n- **When reporting issues, provide:**\n - OpenClaw version (`openclaw --version`)\n - VK version and health (`curl http:\u002F\u002Flocalhost:3001\u002Fapi\u002Fhealth`)\n - MCP logs (`~\u002F.openclaw\u002Flogs\u002Fmcp.log` on macOS\u002FLinux)\n - API accessibility test (`curl -H \"X-API-Key: your-key\" http:\u002F\u002Flocalhost:3001\u002Fapi\u002Ftasks`)\n\nSee [full MCP troubleshooting guide](docs\u002FTROUBLESHOOTING.md#mcp-server-connection-issues) for details.\n\n## 📄 Task Format\n\nTasks are markdown files with YAML frontmatter:\n\n```markdown\n---\nid: 'task_20260126_abc123'\ntitle: 'Implement feature X'\ntype: 'code'\nstatus: 'in-progress'\npriority: 'high'\nproject: 'rubicon'\ngit:\n repo: 'my-project'\n branch: 'feature\u002Ftask_abc123'\n baseBranch: 'main'\n---\n\n## Description\n\nTask details here...\n```\n\n---\n\n## 🧑‍💻 Development\n\n```bash\npnpm dev # Start dev servers (web + API concurrently)\npnpm build # Production build\npnpm typecheck # TypeScript strict check\npnpm lint # ESLint\npnpm test # Unit tests (Vitest)\npnpm test:e2e # E2E tests (Playwright)\n```\n\n---\n\n## 📚 Documentation\n\n| Document | Description |\n| ------------------------------------------ | -------------------------------- |\n| [Features](docs\u002FFEATURES.md) | Complete feature reference |\n| [API Reference](docs\u002FAPI-REFERENCE.md) | Auth, endpoints, WebSocket docs |\n| [CLI Guide](docs\u002FCLI-GUIDE.md) | Comprehensive CLI usage guide |\n| [Self-Hosting Guide](docs\u002Fguides\u002FSELF_HOST.md) | Production deployment, reverse proxy, Docker |\n| [Deployment](docs\u002FDEPLOYMENT.md) | Docker, bare metal, env config |\n| [Troubleshooting](docs\u002FTROUBLESHOOTING.md) | Common issues & solutions |\n| [Contributing](CONTRIBUTING.md) | How to contribute, PR guidelines |\n| [Security Policy](SECURITY.md) | Vulnerability reporting |\n| [Code of Conduct](CODE_OF_CONDUCT.md) | Community guidelines |\n| [Changelog](CHANGELOG.md) | Release history |\n| [Sprint Docs](docs\u002F) | Sprint planning & audit reports |\n\n---\n\n## 📸 Screenshots\n\n\u003Cdetails>\n\u003Csummary>\u003Cstrong>Click to expand screenshots\u003C\u002Fstrong>\u003C\u002Fsummary>\n\n### Board Overview\n\n| | |\n| -------------------------------------------------- | --------------------------------------------------- |\n| ![Main board view](https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002FBradGroux_veritas-kanban_readme_29e1be4f96a5.png) | ![Board with tasks](https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002FBradGroux_veritas-kanban_readme_3388409f4f21.png) |\n| ![Board columns](https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002FBradGroux_veritas-kanban_readme_27115ffc8816.png) | ![Board dark mode](https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002FBradGroux_veritas-kanban_readme_ef20f52d271b.png) |\n\n### Task Management\n\n| | |\n| ----------------------------------------------------------- | ---------------------------------------------------------- |\n| ![New task dialog](https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002FBradGroux_veritas-kanban_readme_7bde8a307beb.png) | ![Task details panel](https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002FBradGroux_veritas-kanban_readme_1ce36826c8de.png) |\n| ![Task details list view](https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002FBradGroux_veritas-kanban_readme_a30c116bbd54.png) | ![Apply task template](https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002FBradGroux_veritas-kanban_readme_03ae8b3650e7.png) |\n\n### Task Extras\n\n| | |\n| -------------------------------------------- | ---------------------------------------------------- |\n| ![Task metrics](https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002FBradGroux_veritas-kanban_readme_8eb2e0cac8e6.png) | ![Task attachments](https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002FBradGroux_veritas-kanban_readme_1607132e15c2.png) |\n| ![Activity log](https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002FBradGroux_veritas-kanban_readme_7c35f8ca85cb.png) | ![Archive](https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002FBradGroux_veritas-kanban_readme_860b1ee9d57f.png) |\n\n### Metrics & Dashboard\n\n| | |\n| -------------------------------------------------- | -------------------------------------------------- |\n| ![Metrics overview](https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002FBradGroux_veritas-kanban_readme_98f5ad207d7e.png) | ![Token usage](https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002FBradGroux_veritas-kanban_readme_3e0c16630051.png) |\n| ![Failed runs](https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002FBradGroux_veritas-kanban_readme_07afd1084e1e.png) | ![Export metrics](https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002FBradGroux_veritas-kanban_readme_73b96c7df386.png) |\n\n### Settings\n\n| | |\n| ------------------------------------------------------ | --------------------------------------------------------------- |\n| ![General settings](https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002FBradGroux_veritas-kanban_readme_724e9fdb687e.png) | ![Board settings](https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002FBradGroux_veritas-kanban_readme_a42cc6caf149.png) |\n| ![Task settings](https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002FBradGroux_veritas-kanban_readme_363a4d0f3b2a.png) | ![Agent settings](https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002FBradGroux_veritas-kanban_readme_14b12fc14a5e.png) |\n| ![Data settings](https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002FBradGroux_veritas-kanban_readme_3e0faf09c89d.png) | ![Notification settings](https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002FBradGroux_veritas-kanban_readme_1cd8c04a5d41.png) |\n| ![Security settings](https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002FBradGroux_veritas-kanban_readme_aa1a8935b84f.png) | ![Manage settings](https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002FBradGroux_veritas-kanban_readme_10fff094959d.png) |\n\n### Menus & Activity\n\n| | |\n| ----------------------------------------------------- | ------------------------------------------------------------- |\n| ![Agent activity](https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002FBradGroux_veritas-kanban_readme_27ec993a4644.png) | ![WebSocket activity](https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002FBradGroux_veritas-kanban_readme_0888349a8cb5.png) |\n| ![Keyboard shortcuts](https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002FBradGroux_veritas-kanban_readme_b4d6cfa3ac3b.png) | ![Security menu](https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002FBradGroux_veritas-kanban_readme_484115d1b19f.png) |\n\n\u003C\u002Fdetails>\n\n---\n\n## 🗺️ Roadmap\n\nSee the [open issues](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues) for what's next. Community contributions welcome!\n\n### Shipped in v4.0.0\n\n- ~~[#178](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F178) — Agent Policy & Guard Engine~~ — Configurable tool\u002Faction policies with allow\u002Fdeny\u002Frequire-approval guard rules\n- ~~[#179](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F179) — Decision Audit Trail with Assumption Tracking~~ — Log decisions with confidence scores, evidence, and outcome tracking\n- ~~[#180](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F180) — Agent Output Evaluation & Scoring Framework~~ — Weighted criteria profiles with composite scoring\n- ~~[#181](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F181) — Behavioral Drift Detection & Alerting~~ — Metric baselines with configurable alert thresholds\n- ~~[#182](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F182) — User Feedback Loop with Sentiment Analytics~~ — Feedback collection with sentiment tagging and aggregate analytics\n- ~~[#183](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F183) — Draggable & Resizable Dashboard Widget Grid~~ — Drag-and-drop layout with persistence\n- ~~[#184](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F184) — Prompt Template Registry with Version Control~~ — Versioned templates with rollback and usage tracking\n- ~~[#185](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F185) — Global System Health Status Bar~~ — Five health levels across system, agents, and operations signals\n- ~~[#186](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F186) — Upgrade to shadcn\u002Fui CLI v4.0~~ — All components updated with Tailwind v4 integration\n\n### Backlog\n\n- [WCAG 2.1 AA accessibility](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F1) — Full keyboard navigation, screen reader support, color contrast\n- [Example video](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F68) — Hosted walkthrough video on YouTube or Vimeo\n\n### Shipped in v3.3.x\n\n- ~~[Task Dependencies Graph](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F122)~~ — Bidirectional dependency model with cycle detection, recursive tree API, visual badges\n- ~~[Crash-Recovery Checkpointing](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F123)~~ — Save\u002Fresume\u002Fclear agent state with auto-sanitization of secrets, 1MB limit, 24h expiry\n- ~~[Observational Memory](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F124)~~ — Per-task observations with importance scoring (1-10), full-text search, timeline view\n- ~~[Agent Filter](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F125)~~ — Query tasks by agent name with `?agent=name` parameter\n- ~~[Sprint Management CLI + MCP](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F161)~~ — Full sprint CRUD from command line and MCP (list, create, update, delete, close, suggestions)\n- ~~[Task↔Agent State Sync](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F155)~~ — Bi-directional sync engine keeping task state consistent with agent execution\n- ~~Orchestrator Delegation Enforcement~~ — Full enforcement gate with delegation violation reporting\n- ~~Express 5 + Vite 7 + Tailwind 4 + Zod 4 migration~~ — Major dependency upgrades\n- ~~[SSRF Webhook Protection](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F165)~~ — Server-side request forgery safeguards\n- ~~[WebSocket Broadcast Batching](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F167)~~ — Prevents event loop blocking under high-frequency updates\n\n### Shipped in v3.2.0\n\n- ~~[Markdown Editor](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fpull\u002F118)~~ — Rich editing toolbar, live preview, keyboard shortcuts (Ctrl+B\u002FI\u002FK) for task descriptions and comments\n- ~~[Shared Resources Registry](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fpull\u002F119)~~ — Reusable resources (prompts, guidelines, templates) mountable across projects\n- ~~[Documentation Freshness](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fpull\u002F120)~~ — Staleness tracking with freshness scores, alerts, and auto-review task creation\n- ~~[Docker Auth Persistence](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F116)~~ — Fixed auth state wiped on container rebuild; added automatic migration\n\n### Shipped in v2.1.2\n\n- ~~[Docker Path Resolution](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F102)~~ — Fixed WORKDIR resolution for `.veritas-kanban` directory in containerized deployments\n\n### Shipped in v2.1.1\n\n- ~~[Reverse Proxy Support](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F100)~~ — Added `TRUST_PROXY` environment variable for nginx, Caddy, Traefik, and other reverse proxies\n- ~~[Prompts Registry](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F101)~~ — Centralized prompt templates with versioning and agent-specific customization\n\n### Shipped in v2.0.0\n\n- ~~[Dashboard widget toggles](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F92)~~ · ~~[Multi-agent dashboard](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F28)~~ · ~~[Multi-agent task assignment](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F29)~~ · ~~[@Mention notifications](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F30)~~ · ~~[Agent permission levels](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F31)~~ · ~~[Agent self-reporting](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F52)~~ · ~~[CLI usage reporting](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F50)~~ · ~~[Markdown rendering](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F63)~~ · ~~[Cost prediction](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F54)~~ · ~~[Error learning](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F91)~~ · ~~[Task lifecycle hooks](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F72)~~ · ~~[Documentation freshness](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F74)~~ · ~~[Where Time Went](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F57)~~ · ~~[Activity Clock](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F58)~~ · ~~[Hourly Activity](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F59)~~ · ~~[Wall Time Toggle](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F60)~~ · ~~[Session Metrics](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F61)~~ · ~~[Production binding](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F55)~~\n\n### Shipped in v1.6.0\n\n- ~~[Model Usage schema & API](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F47)~~ · ~~[Global usage aggregation](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F48)~~ · ~~[Dashboard Model Usage](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F49)~~ · ~~[Standup with cost](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F51)~~ · ~~[Per-model cost tables](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F53)~~ · ~~[Dashboard filter bar](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F56)~~ · ~~[Health endpoints](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F82)~~\n\n### Shipped in v1.1.0–v1.3.0\n\n- ~~[API response envelope](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F2)~~ · ~~[Circuit breaker](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F3)~~ · ~~[Load testing (k6)](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F4)~~ · ~~[Prometheus\u002FOTel](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F5)~~ · ~~[Storage abstraction](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F6)~~ · ~~[GitHub Issues sync](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F21)~~ · ~~[Activity feed](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F33)~~ · ~~[Daily standup](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F34)~~\n\n---\n\n## 💬 Support\n\nAll support and feature requests go through GitHub:\n\n- **🐛 Bug reports** — [Open an issue](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002Fnew?template=bug_report.md)\n- **💡 Feature requests** — [Open an issue](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002Fnew?template=feature_request.md)\n- **❓ Questions & discussion** — [GitHub Discussions](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fdiscussions)\n\n> **Note:** Support is not provided via email or social media. GitHub is the single source of truth for all project communication.\n\n---\n\n## 🙏 Acknowledgments\n\nSpecial thanks to [Peter Steinberger](https:\u002F\u002Fgithub.com\u002Fsteipete) and [OpenClaw](https:\u002F\u002Fgithub.com\u002Fopenclaw\u002Fopenclaw) (formerly Clawdbot\u002FMoltbot) — the platform that inspired this project and made autonomous agent orchestration feel like magic.\n\n---\n\n## 📜 License\n\n[MIT](LICENSE) © 2026 [Digital Meld](https:\u002F\u002Fdigitalmeld.io)\n\n---\n\n\u003Cdiv align=\"center\">\n\nMade in Texas with 💜\n\nOriginally built for [OpenClaw](https:\u002F\u002Fgithub.com\u002Fopenclaw\u002Fopenclaw). Works with any agentic platform.\n\n\u003C\u002Fdiv>\n","\u003Cdiv align=\"center\">\n\n# ⚖️ Veritas 看板\n\n_Veritas in actis — 行动中的真理。_\n\n**本地优先的任务管理和 AI 代理编排平台。**\n\n专为希望使用与自主编码代理协同工作的可视化看板的开发者打造。\n\n[![CI](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Factions\u002Fworkflows\u002Fci.yml\u002Fbadge.svg)](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Factions\u002Fworkflows\u002Fci.yml)\n[![License: MIT](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FLicense-MIT-yellow.svg)](LICENSE)\n[![Version](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002Fversion-4.0.0-blue.svg)](CHANGELOG.md)\n[![TypeScript](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FTypeScript-5.7-blue.svg)](https:\u002F\u002Fwww.typescriptlang.org\u002F)\n[![PRs Welcome](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FPRs-welcome-brightgreen.svg)](CONTRIBUTING.md)\n\n![Veritas 看板 — 板面概览](https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002FBradGroux_veritas-kanban_readme_b8891a098322.gif)\n\n> 🎬 [观看完整演示视频 (MP4)](assets\u002Fdemo-overview.mp4)\n\n⭐ **如果您觉得有用,请给这个仓库点个赞——这有助于让更多人发现它!**\n\n[快速入门](#-quickstart) · [功能亮点](#-feature-highlights) · [为什么选择 VK](#-why-veritas-kanban) · [全部功能](docs\u002FFEATURES.md) · [文档](docs\u002F) · [故障排除](docs\u002FTROUBLESHOOTING.md) · [API](#-api-versioning) · [代理集成](#-agent-integration) · [MCP 服务器](#-mcp-server) · [贡献指南](CONTRIBUTING.md) · [变更日志](CHANGELOG.md)\n\n\u003C\u002Fdiv>\n\n---\n\n由 **Brad Groux** 创作 — [Digital Meld](https:\u002F\u002Fdigitalmeld.io) 的 CEO,以及 [Start Small, Think Big](https:\u002F\u002Fpodcasts.apple.com\u002Fus\u002Fpodcast\u002Fstart-small-think-big-a-podcast-and-newsletter\u002Fid1802232903) 播客的主持人 · [LinkedIn](https:\u002F\u002Fwww.linkedin.com\u002Fin\u002Fbradgroux\u002F) · [Twitter](https:\u002F\u002Ftwitter.com\u002FBradGroux) · [YouTube](https:\u002F\u002Fwww.youtube.com\u002Fbradgroux)\n\n---\n\n## ⚡ 快速入门\n\n想走捷径吗?只需让您的代理(比如 [OpenClaw](https:\u002F\u002Fgithub.com\u002Fopenclaw\u002Fopenclaw))执行以下指令:\n\n```\n在本地克隆并设置 Veritas 看板。使用 pnpm 安装依赖项,复制 .env.example 文件,并启动开发服务器。确认它正在 localhost:3000 上运行。\n```\n\n想自己动手吗?不到 5 分钟即可上手:\n\n```bash\ngit clone https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban.git\ncd veritas-kanban\npnpm install\ncp server\u002F.env.example server\u002F.env # 编辑以更改 VERITAS_ADMIN_KEY\npnpm dev\n```\n\n打开 [http:\u002F\u002Flocalhost:3000](http:\u002F\u002Flocalhost:3000) — 就完成了。首次运行时,看板会自动填充示例任务,方便您立即开始探索。\n\n> **想要一个干净的起点?** 删除示例任务:`rm tasks\u002Factive\u002Ftask_example_*.md` 并刷新页面。\n> **想重新填充示例任务?** 运行 `pnpm seed` 即可恢复示例任务(仅在看板为空时有效)。\n\n> **注意:** 绝不要提交 `.env` 文件。请使用 `.env.example` 作为模板——它包含安全的占位符值和每个变量的说明。\n\n---\n\n## 📚 文档地图\n\n- [MCP 服务器指南](docs\u002Fmcp\u002FREADME.md) — 包含 33+ 工具、架构、快速入门、工具目录、安全模型和故障排除方法。\n- [API 参考](docs\u002FAPI-REFERENCE.md) — 认证、端点、请求\u002F响应示例、WebSocket 以及常见工作流程。\n- [自托管指南](docs\u002Fguides\u002FSELF_HOST.md) — 生产环境部署、反向代理、认证加固、Docker 和备份。\n- [入门指南](docs\u002FGETTING-STARTED.md) — 从零到具备代理能力只需 5 分钟,附带健康检查和提示注册表技巧。\n- [代理任务工作流标准操作程序](docs\u002FSOP-agent-task-workflow.md) — 生命周期、API\u002FCLI 片段和提示。\n- [小队聊天协议](docs\u002FSQUAD-CHAT-PROTOCOL.md) — 代理消息传递、系统事件(生成\u002F完成\u002F失败)、模型归属以及辅助脚本。\n- [冲刺计划标准操作程序](docs\u002FSOP-sprint-planning.md) — 巨型项目 → 冲刺 → 任务分解。\n- [多代理编排](docs\u002FSOP-multi-agent-orchestration.md) — 项目经理与工作者之间的交接。\n- [跨模型代码审查](docs\u002FSOP-cross-model-code-review.md) — 强制执行 Claude ↔ GPT 互审。\n- [代理治理标准操作程序](docs\u002F) — [策略引擎](docs\u002FSOP-agent-policy-engine.md)、[行为漂移检测](docs\u002FSOP-behavioral-drift-detection.md)、[决策审计](docs\u002FSOP-decision-audit-trail.md)、[输出评估](docs\u002FSOP-output-evaluation.md)、[用户反馈](docs\u002FSOP-user-feedback.md)。\n- [运营标准操作程序](docs\u002F) — [广播](docs\u002FSOP-broadcasts.md)、[授权](docs\u002FSOP-delegation.md)、[交付成果](docs\u002FSOP-deliverables.md)、[提示注册表](docs\u002FSOP-prompt-registry.md)、[小队聊天](docs\u002FSOP-squad-chat.md)、[系统健康监测](docs\u002FSOP-system-health-monitoring.md)。\n- [最佳实践](docs\u002FBEST-PRACTICES.md) 和 [技巧与窍门](docs\u002FTIPS-AND-TRICKS.md) — 模式、快捷方式和集成。\n- [实际案例](docs\u002FEXAMPLES-agent-workflows.md) — 可直接复制粘贴的代理工作流程。\n- [故障排除](docs\u002FTROUBLESHOOTING.md) — 当出现问题时提供更深入的诊断信息。\n\n## ⚠️ 代理式 AI 安全\n\n> [!CAUTION]\n> **AI 代理可以编写代码、执行命令并修改您的系统。** 虽然像 Veritas 看板这样的工具使代理式工作流功能强大,但如果没有适当的保护措施,也可能造成严重损害。在授予任何 AI 代理对您环境的访问权限之前,请务必阅读本文。\n\n### 代理式 AI 最佳实践\n\n1. **先在本地运行。** 在完全理解其行为之前,将您的看板和代理保留在自己的机器上。切勿将未经身份验证的实例暴露于互联网。**Veritas 看板不包含速率限制** — 如果您公开部署,请在其前面添加带有速率限制的反向代理(Nginx、Caddy 或 Cloudflare)。\n\n2. **切勿从不受控的输入触发代理。** 不要让传入的电子邮件、来自第三方的 Webhook 或公共表单提交自动触发代理工作。能够构造输入的攻击者可以控制您的代理。\n\n3. **最小权限原则。** 仅授予代理所需的最低权限。API 密钥应使用 `agent` 角色(而非 `admin`)。限制文件系统的访问权限。不要以 root 用户身份运行代理。\n\n4. **合并前审核。** 代理可以编写代码——但这并不意味着代码是正确或安全的。在将其合并到生产分支之前,务必审核代理生成的代码。使用内置的代码审查工作流。\n\n5. **对破坏性操作设定界限。** 代理不应拥有对 `rm`、`git push --force`、数据库删除或生产部署的无监督访问权限。对于不可逆的操作,必须获得人工批准。\n\n6. **监控与审计。** 使用时间跟踪和活动日志来了解代理在做什么。审查代理已完成的任务。在推送之前检查 Git 差异。\n\n7. **定期轮换凭据。** 如果代理有权访问 API 密钥、令牌或机密,请按计划进行轮换。切勿在任务描述或提示中嵌入真实凭据。\n\n8. **隔离环境。** 尽可能在容器、虚拟机或沙盒环境中运行代理。将代理的工作空间与敏感数据分开。\n\n**总结:** 代理式 AI 具有变革性,但它会同时放大您的能力和错误。请相应地规划,从小处着手,并在建立对保护措施的信心后逐步增加自主性。\n\n---\n\n## ✨ 功能亮点\n\n### 🛡️ 代理治理(v4.0 新功能)\n\n**策略引擎** — 定义代理可以执行与禁止执行的操作。支持 `allow`、`deny` 和 `require-approval` 三种防护规则的可配置工具\u002F动作策略。所有策略决策都会被记录。 **决策审计追踪** — 记录代理的决策,包括置信度分数、支持性证据和所作假设。事后记录执行结果,以验证假设是否成立。 **行为漂移检测** — 设置指标基线和阈值;当代理行为出现偏差时,系统会发出告警。 **用户反馈循环** — 收集对代理输出的反馈,结合情感标签和分类分析。 **输出评估** — 根据加权标准配置文件(正则表达式、关键词、数值范围、自定义表达式)对代理输出进行评分。\n\n### 🤖 代理编排\n\n为任务启动自主编码代理。通过多代理仪表板实时跟踪代理状态——包括状态指示器、可展开的代理卡片以及模型归属信息。Squad Chat 为代理提供共享通信通道,并集成系统生命周期事件通知(如代理启动、完成或失败)。您可以为每个任务分配多个代理,设置权限级别(实习生\u002F专家\u002F负责人),并让它们协同工作。\n\n![代理编排](https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002FBradGroux_veritas-kanban_readme_b8891a098322.gif)\n\n### 📊 可定制仪表板(v4.0 新功能)\n\n**可拖拽且可调整大小的组件网格** — 通过拖放操作重新排列和调整仪表板组件的大小。布局在不同会话间保持一致。您可以从组件库中添加所需组件,或移除不需要的组件。 **全局系统健康状态栏** — 持续显示的头部状态栏,包含五个健康等级(稳定 → 警报),覆盖三大信号类别:系统资源、代理可用性和运行成功率。\n\n### 📝 提示模板注册表(v4.0 新功能)\n\n版本控制的提示模板,支持变量提取、完整的版本历史及回滚功能、使用情况跟踪,以及带示例变量注入的预览渲染。以管理代码的方式管理您的提示库。\n\n### ⚡ 工作流引擎\n\n将多步骤代理流水线定义为版本控制的 YAML 文件。支持顺序步骤、并行分支展开\u002F合并、集合上的循环迭代、人工介入审批节点以及重试路由等功能。类似于 GitHub Actions,但专为 AI 代理设计。提供实时执行视图,展示每一步的进度。监控仪表板则显示成功率、当前运行数以及每个工作流的健康指标。\n\n### 📋 任务智能\n\n不仅仅是看板上的卡片。任务拥有依赖关系图,具备环路检测、崩溃恢复检查点(自动清理敏感信息)、重要性评分的观察记忆、时间跟踪以及完整的活动日志。强制性检查点(审查关卡、委派执行、自动遥测)提供了生产环境的安全保障——全部可选,均可开关控制。\n\n![任务详情功能演示](https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002FBradGroux_veritas-kanban_readme_e9a9a5a7e2fc.gif)\n\n### 🔀 原生 Git 开发\n\n每个任务使用独立的工作树——无需切换分支,也不会产生冲突。内置代码评审功能,提供统一的差异查看器和内联评论。审批工作流(批准、请求修改、拒绝)。可视化解决合并冲突。可以直接从任务详情面板创建 GitHub Pull Request。双向同步 GitHub Issues,并支持标签映射。\n\n### 📁 零基础设施\n\n任务以 Markdown 文件存储,设置以 JSON 格式保存,工作流则用 YAML 描述。无需数据库、Docker 或 Redis。克隆仓库后,运行 `pnpm install` 和 `pnpm dev` 即可完成部署。所有内容都易于 `grep` 搜索、版本控制且人类可读。只需执行 `git push`,即可备份整个看板。\n\n### 🔌 三种集成接口\n\n- **MCP 服务器** — 通过模型上下文协议接入 7 大类中的 33+ 种工具(v4.0 新增项目管理和评论 CRUD 功能)\n- **CLI** — 使用 `vk begin \u003Cid>` \u002F `vk done \u003Cid> \"summary\"` 替代原本需要 6 次 API 调用的操作,仅需 2 条命令\n- **REST API** — 提供完整的生命周期管理。任何能够发起 HTTP 请求的系统都可以驱动该平台。\n\n> 📋 **包含所有配置选项的完整功能参考:** [docs\u002FFEATURES.md](docs\u002FFEATURES.md)\n\n\u003Cdetails>\n\u003Csummary>\u003Cstrong>📋 完整功能列表\u003C\u002Fstrong>\u003C\u002Fsummary>\n\n#### 核心看板\n\n- **拖放式看板** — 在待办、进行中、阻塞、已完成之间移动任务\n- **Markdown 存储** — 人类可读的任务文件,附带 YAML 前言\n- **深色\u002F浅色模式** — 在设置中切换深色与浅色主题\n\n#### 代码工作流\n\n- **Git 工作树** — 每个任务使用独立分支,自动清理\n- **代码评审** — 统一差异查看器,支持内联评论\n- **审批工作流** — 批准、要求修改或拒绝\n- **合并冲突** — 提供可视化的冲突解决界面\n- **GitHub PRs** — 直接从任务详情创建拉取请求\n\n#### AI 代理\n\n- **代理编排** — 为任务启动自主编码代理\n- **自定义代理** — 可以添加任意名称和命令的自定义代理,不限于内置类型\n- **跨平台 API** — REST 端点适用于任何代理平台\n- **原生 OpenClaw 支持** — 与 [OpenClaw](https:\u002F\u002Fgithub.com\u002Fopenclaw\u002Fopenclaw) 原生集成\n- **Squad Chat** — 实时代理间通信,支持 WebSocket 更新、系统生命周期事件、每条消息的模型归属信息以及可配置的显示名称\n- **@提及通知** — 解析评论中的 @agent-name,并支持线程订阅\n- **广播通知** — 基于优先级的持久化通知,带有已读回执和针对特定代理的送达机制\n- **Squad Chat Webhook** — 可配置的 Webhook(通用 HTTP 或 OpenClaw Direct),用于外部代理集成\n- **代理注册表** — 提供服务发现功能,包括心跳监测、能力描述和实时状态\n- **多代理仪表板** — 实时侧边栏,包含可展开的代理卡片和状态指示器\n- **多代理任务分配** — 为每个任务分配多个代理,并用不同颜色的芯片区分\n- **权限级别** — 实习生\u002F专家\u002F负责人三个层级,配备审批工作流\n- **错误学习** — 结构化失败分析,支持相似性搜索\n- **任务生命周期钩子** — 内置 7 个钩子、8 种事件,以及自定义钩子 API\n- **任务交付物** — 一类优先级的交付对象,可追踪类型和状态(代码、文档、数据等)\n- **高效轮询** — `\u002Fapi\u002Fchanges?since=...` 端点支持 ETag,优化代理轮询\n- **审批委派** — 支持假期模式下的分权审批及自动路由\n- **OpenClaw 集成** — 提供直接网关唤醒功能,实现实时 Squad Chat 通知和代理编排\n- **反向代理就绪** — 可部署在 nginx、Caddy、Traefik 或任何反向代理之后,只需启用 `TRUST_PROXY`\n- **多次尝试** — 可以更换不同代理重试,并保留历史记录\n- **运行指示器** — 当代理正在工作时,提供视觉反馈\n\n#### 工作流引擎\n\n- **YAML 工作流定义** — 将多步骤的代理编排流水线定义为受版本控制的 YAML 文件\n- **可视化执行** — 实时运行视图,显示逐步进度、状态指示器和输出预览\n- **顺序与高级步骤类型** — 代理步骤、循环迭代、门控审批、并行扇出\u002F扇入\n- **循环步骤** — 遍历集合,并支持可配置的完成策略(全部完成、任意完成、首次成功)\n- **门控步骤** — 基于条件的阻塞,结合人工审批、超时升级以及基于表达式的条件判断\n- **并行步骤** — 并发执行多个子步骤,支持多种完成条件(全部完成、任意完成、N 个中的 M 个)\n- **运行状态管理** — 持久化运行状态可在服务器重启后恢复,支持指数退避重试,并可恢复被阻塞的运行\n- **工具权限策略** — 基于角色的工具限制(默认 5 种角色:规划者、开发者、评审者、测试者、部署者),并支持自定义角色的 CRUD 操作\n- **会话隔离** — 每个工作流步骤都在全新的 OpenClaw 会话中运行,支持可配置的上下文注入\n- **监控仪表板** — 包含摘要卡片、实时活跃运行列表、近期历史记录以及按工作流划分的健康指标\n- **实时更新** — 以 WebSocket 为主,回退至轮询;连接时 API 调用次数减少 75%\n- **工作流 API** — 提供 9 个 CRUD 端点,用于管理工作流定义、运行及控制\n- **增强的验收标准** — 支持正则表达式模式、JSON Path 等值检查以及子字符串匹配,用于步骤验证\n- **安全加固** — 提供 ReDoS 防护、防止表达式注入、并行 DoS 限制以及门控审批验证机制\n- **进度文件跟踪** — 每次运行共享一个 `progress.md` 文件,用于在步骤间传递上下文\n- **审计日志** — 所有工作流变更都会记录到 `.veritas-kanban\u002Fworkflows\u002F.audit.jsonl`\n- **RBAC** — 基于角色的访问控制,适用于工作流的执行、编辑和查看\n\n#### 强制性门控\n\n- **squadChat** — 自动将任务生命周期事件发布到 squad chat\n- **reviewGate** — 在任务完成前需获得 4x10 的评审分数\n- **closingComments** — 在完成前需提供 ≥20 字的交付物摘要\n- **autoTelemetry** — 在状态变更时自动发出 `run.started`\u002F`run.completed` 事件\n- **autoTimeTracking** — 根据状态变化自动启动或停止计时器\n- **orchestratorDelegation** — 当编排者直接执行实现工作而非委派时发出警告\n\n#### 可见性与自动化\n\n- **GitHub Issues 同步** — 在 GitHub Issues 与您的看板之间实现双向同步\n- **活动页面** — 包含可点击的任务导航、颜色编码徽章和每日摘要的状态历史\n- **每日站会摘要** — 可通过 API 或 CLI 生成站会报告(`vk summary standup`)\n- **任务模板** — 创建可复用的模板,支持默认值、子任务和多任务蓝图\n- **文档新鲜度** — 通过新鲜度头信息和自动化过时检测来维护工作流文档\n- **成本预测** — 对任务进行多因素成本估算\n\n#### 仪表板\n\n- **时间去向** — 根据遥测数据按项目细分的时间分布\n- **活动时钟** — 24 小时甜甜圈图,展示代理的工作模式\n- **每小时活动** — 按小时统计事件数量的柱状图\n- **墙时切换** — 显示代理总工作时间及平均运行时长\n- **会话指标** — 会话数量、成功率以及完成情况追踪\n- **Markdown 渲染** — 在任务描述和评论中支持富文本 Markdown\n- **时区感知指标** — 服务器报告本地时区;客户端可通过 `?tz=` 参数请求任何时区的指标\n- **分析 API** — 提供时间线可视化及聚合指标(并行度、吞吐量、前置时间)\n\n#### 组织管理\n\n- **子任务** — 将复杂工作分解并跟踪进度\n- **任务依赖关系** — 双向依赖关系图,具备环路检测、递归树 API 和可视化徽章功能\n- **崩溃恢复检查点** — 保存\u002F恢复\u002F清除代理状态,并自动清理敏感信息\n- **观察记忆** — 为每个任务记录观察内容,支持重要性评分、全文搜索和时间线视图\n- **冲刺管理** — 通过 CLI 和 MCP 提供完整的冲刺 CRUD 功能,并配备建议引擎\n- **归档** — 可搜索的归档库,支持一键恢复\n- **时间跟踪** — 支持启动\u002F停止计时器或手动录入\n- **活动日志** — 记录任务事件的完整历史\n\n#### 设置与定制\n\n- **模块化设置** — 分为 8 个专注标签页(通用、看板、任务、代理、数据、通知、安全、管理)\n- **安全加固** — 防止 XSS 攻击、路径遍历和原型污染\n- **WCAG 2.1 AA** — 全面的无障碍设计,包括 ARIA 标签和键盘导航\n- **错误边界** — 每个标签页独立处理崩溃,并提供恢复选项\n- **性能优化** — 标签页懒加载、组件记忆化以及保存操作防抖\n- **导入\u002F导出** — 支持备份和恢复所有设置,并进行验证\n\n#### 集成\n\n- **CLI** — 使用 `vk` 命令进行终端工作流操作\n- **MCP 服务器** — 通过 Model Context Protocol 集成 7 大类共 33+ 种工具\n- **通知** — 支持 Teams 集成,用于任务更新\n\n\u003C\u002Fdetails>\n\n---\n\n\n\n## 🛠️ 技术栈\n\n| 层级 | 技术 | 版本 |\n| ------------------- | -------------------------------- | ----------------------------- |\n| **前端** | React、Vite、Tailwind CSS、Shadcn UI | React 19、Vite 7.3、Tailwind 4.2 |\n| **后端** | Express、WebSocket | Express 5.2 |\n| **语言** | TypeScript(严格模式) | 5.7 |\n| **存储** | 带有 YAML 前置元数据的 Markdown 文件 | gray-matter |\n| **Git** | simple-git、工作树管理 | — |\n| **测试** | Playwright(端到端)、Vitest(单元) | Playwright 1.58、Vitest 4 |\n| **运行时** | Node.js | 22+ |\n| **包管理器** | pnpm | 9+ |\n\n---\n\n## 🏆 为什么选择 Veritas Kanban?\n\n大多数代理型 AI 工具通常属于以下两类之一:一是功能强大但“隐形”的编排框架(如 CrewAI、AutoGen、LangGraph);二是界面美观但完全缺乏代理意识的项目看板工具(如 Jira、Linear、Notion)。 \n\nVeritas Kanban 则介于两者之间。它是一个**代理工作的可视化指挥中心**——在这里,您可以清晰地看到代理正在做什么、已经完成了什么以及即将执行什么,同时拥有完整的审计轨迹和生产环境的安全保障措施。\n\n### VK 有何不同之处\n\n| | Veritas Kanban | CrewAI \u002F AutoGen \u002F LangGraph | Jira \u002F Linear \u002F Plane |\n| ------------------------------- | :---------------------------------: | :--------------------------: | :-------------------: |\n| **可视化任务看板** | ✅ 拖拽式看板 | ❌ 仅代码,无 UI | ✅ 看板 UI |\n| **AI 代理编排** | ✅ 原生,多模型 | ✅ 核心功能 | ❌ 无代理工作流 |\n| **YAML 工作流管道** | ✅ 循环、门控、并行 | ⚠️ 仅代码定义 | ❌ |\n| **实时代理仪表盘** | ✅ 状态、模型归属 | ❌ | ❌ |\n| **代理间通信** | ✅ 小队聊天与生命周期事件 | ⚠️ 仅内部通信 | ❌ |\n| **MCP 服务器** | ✅ 33+ 工具 | ❌ | ❌ |\n| **CLI** | ✅ 全生命周期 | ❌ | ⚠️ 有限 |\n| **Git 工作树 + 代码评审**| ✅ 内置 | ❌ | ❌ |\n| **任务持久化** | ✅ Markdown 文件 | ❌ 内存中 | ✅ 数据库 |\n| **强制性门控机制** | ✅ 6 种可配置门控 | ❌ | ❌ |\n| **时间和成本跟踪** | ✅ 每任务、每模型 | ❌ | ⚠️ 基本 |\n| **无需数据库** | ✅ 磁盘上的文件 | ✅ | ❌ 需要 DB |\n| **开源** | ✅ MIT | ⚠️ 不同 | ⚠️ 不同 |\n| **平台无关性** | ✅ 任何代理、任何模型 | ⚠️ 受框架限制 | N\u002FA |\n\n**总结:** 编排框架让你执行代理任务,却缺乏可见性。项目看板提供可见性,却无法执行代理任务。而 Veritas Kanban 则兼具两者——同时还具备生产级代理工作所需的护栏、遥测和审计追踪。\n\n基于 [OpenClaw](https:\u002F\u002Fgithub.com\u002Fopenclaw\u002Fopenclaw) 构建并经过实战检验。适用于任何能够发起 HTTP 请求的平台。\n\n---\n\n## 🔄 工作原理\n\n```\n 任意 AI 代理 \u002F CLI \u002F MCP 客户端\n │\n ▼\n┌──────────────────────────────┐\n│ REST API + WebSocket │\n│ http:\u002F\u002Flocalhost:3001 │\n│ │\n│ ┌───────┐ ┌───────────┐ │\n│ │ 任务 │ │ 工作流 │ │\n│ │ API │ │ 引擎 │ │\n│ └───┬───┘ └─────┬─────┘ │\n│ │ │ │\n│ ▼ ▼ │\n│ Markdown YAML 工作流 │\n│ 文件 + 运行状态 │\n└──────────────────────────────┘\n │\n ▼\n React 19 + Vite 前端\n http:\u002F\u002Flocalhost:3000\n```\n\n看板是事实真相的来源。代理通过 REST API 交互——创建任务、启动工作流、更新状态、记录时间、提交完成情况。工作流编排多步骤代理流水线,支持循环、门控和并行执行。前端通过 WebSocket 实时反映所有内容。无供应商锁定:只要能发起 HTTP 请求,就能驱动看板。\n\n---\n\n## 🏗️ 架构\n\n```\nveritas-kanban\u002F ← pnpm 单体仓库\n│\n├── web\u002F ← React 19 + Vite 前端\n│ └── src\u002F\n│ ├── components\u002F ← UI 组件(Shadcn + 自定义)\n│ ├── hooks\u002F ← React Query 钩子,WebSocket\n│ └── lib\u002F ← 工具函数,API 客户端\n│\n├── server\u002F ← Express + WebSocket API\n│ └── src\u002F\n│ ├── routes\u002F ← REST 端点 (\u002Fapi\u002Fv1\u002F*)\n│ ├── services\u002F ← 业务逻辑\n│ └── middleware\u002F ← 认证、限流、安全\n│\n├── shared\u002F ← TypeScript 类型与契约\n│ └── src\u002Ftypes\u002F ← Web 和服务器共享\n│\n├── cli\u002F ← `vk` CLI 工具\n├── mcp\u002F ← 用于 AI 助手的 MCP 服务器\n├── docs\u002F ← Sprint 和审计文档\n│\n├── tasks\u002F ← 任务存储(Markdown 文件)\n│ ├── active\u002F ← 当前任务(.gitignored)\n│ ├── archive\u002F ← 归档任务(.gitignored)\n│ └── examples\u002F ← 首次运行的示例任务\n│\n└── .veritas-kanban\u002F ← 运行时配置与数据\n ├── config.json\n ├── workflows\u002F ← YAML 工作流定义\n ├── workflow-runs\u002F ← 运行状态及步骤输出\n ├── tool-policies\u002F ← 基于角色的工具限制\n ├── worktrees\u002F\n ├── logs\u002F\n └── agent-requests\u002F\n```\n\n**数据流:** Web ↔ REST API \u002F WebSocket ↔ 服务器 ↔ 磁盘上的 Markdown\u002FYAML 文件\n\n---\n\n## 📖 API 版本控制\n\n所有 API 端点均支持版本化路径。当前(也是默认)版本为 **v1**。\n\n| 路径 | 描述 |\n| --------------- | --------------------------------------- |\n| `\u002Fapi\u002Fv1\u002Ftasks` | 规范的版本化端点 |\n| `\u002Fapi\u002Ftasks` | 向后兼容的别名(与 v1 相同) |\n\n每个响应都包含 `X-API-Version: v1` 头部。客户端也可以选择请求特定版本:\n\n```bash\ncurl -H \"X-API-Version: v1\" http:\u002F\u002Flocalhost:3001\u002Fapi\u002Ftasks\n```\n\n- **非破坏性更改**(新增字段、新增端点)会添加到当前版本。\n- **破坏性更改**将推出新版本(如 `v2`)。旧版本将在弃用期内继续可用。\n- 未版本化的 `\u002Fapi\u002F...` 别名始终指向最新稳定版本。\n\n---\n\n## 💻 CLI\n\n> 📖 **完整 CLI 指南:** [docs\u002FCLI-GUIDE.md](docs\u002FCLI-GUIDE.md) — 包括安装、所有命令、脚本示例和使用技巧。\n\n只需两条命令即可管理整个任务生命周期。\n\n```bash\n# 全局安装\ncd cli && npm link\n```\n\n### 设置与入门\n\n```bash\nvk setup # 引导式环境检查 + 示例任务\nvk setup --skip-task # 仅检查,不创建示例任务\nvk setup --json # 机器可读输出\n```\n\n验证 Node.js 版本、服务器健康状况、API 认证,并可选地创建欢迎任务以帮助你快速上手。\n\n### 工作流命令\n\n`vk begin` 和 `vk done` 命令将多步骤的 API 工作流简化为单个命令。这一设计灵感来源于 Boris Cherny(Claude Code 的创建者)的理念:“凡是重复两次的事情,就自动化它。”\n\n**之前(6 个独立的 curl 请求):**\n\n```bash\ncurl -X PATCH http:\u002F\u002Flocalhost:3001\u002Fapi\u002Ftasks\u002F\u003Cid> -H \"Content-Type: application\u002Fjson\" -d '{\"status\":\"in-progress\"}'\ncurl -X POST http:\u002F\u002Flocalhost:3001\u002Fapi\u002Ftasks\u002F\u003Cid>\u002Ftime\u002Fstart\ncurl -X POST http:\u002F\u002Flocalhost:3001\u002Fapi\u002Fagent\u002Fstatus -H \"Content-Type: application\u002Fjson\" -d '{\"status\":\"working\",\"taskId\":\"\u003Cid>\",\"taskTitle\":\"Title\"}'\n# ... 工作进行中 ...\ncurl -X POST http:\u002F\u002Flocalhost:3001\u002Fapi\u002Ftasks\u002F\u003Cid>\u002Ftime\u002Fstop\ncurl -X PATCH http:\u002F\u002Flocalhost:3001\u002Fapi\u002Ftasks\u002F\u003Cid> -H \"Content-Type: application\u002Fjson\" -d '{\"status\":\"done\"}'\ncurl -X POST http:\u002F\u002Flocalhost:3001\u002Fapi\u002Ftasks\u002F\u003Cid>\u002Fcomments -H \"Content-Type: application\u002Fjson\" -d '{\"author\":\"agent\",\"text\":\"summary\"}'\n```\n\n**之后(2 个命令):**\n\n```bash\nvk begin \u003Cid> # → 进行中 + 计时器 + 代理工作状态\nvk done \u003Cid> \"Added OAuth\" # → 计时器停止 + 完成 + 添加评论 + 代理空闲状态\n```\n\n| 命令 | 功能 |\n| ------------------------ | ------------------------------------------------------------ |\n| `vk begin \u003Cid>` | 设置任务为进行中 + 启动计时器 + 代理状态设为工作 |\n| `vk done \u003Cid> \"summary\"` | 停止计时器 + 设置任务为完成 + 添加评论 + 代理状态设为空闲 |\n| `vk block \u003Cid> \"reason\"` | 设置任务为阻塞 + 添加带有原因的评论 |\n| `vk unblock \u003Cid>` | 设置任务为进行中 + 重新启动计时器 |\n\n### 基本任务管理\n\n```bash\nvk list # 列出所有任务\nvk list --status in-progress # 按状态筛选\nvk show \u003Cid> # 查看任务详情\nvk create \"Title\" --type code # 创建任务\nvk update \u003Cid> --status review # 更新任务\n```\n\n### 时间跟踪\n\n```bash\nvk time start \u003Cid> # 开始时间跟踪\nvk time stop \u003Cid> # 停止时间跟踪\nvk time entry \u003Cid> 3600 \"desc\" # 手动添加时间记录(秒)\nvk time show \u003Cid> # 显示时间汇总\n```\n\n### 评论\n\n```bash\nvk comment \u003Cid> \"Fixed the bug\" # 添加评论\nvk comment \u003Cid> \"Done\" --author Veritas # 指定作者\n```\n\n### 代理状态\n\n```bash\nvk agent status # 显示当前代理状态\nvk agent working \u003Cid> # 设置为工作状态(自动获取任务标题)\nvk agent idle # 设置为空闲状态\nvk agent sub-agent 3 # 设置子代理模式,并指定数量\n```\n\n### 项目管理\n\n```bash\nvk project list # 列出所有项目\nvk project create \"my-app\" --color \"#7c3aed\" --description \"Main app\"\n```\n\n### GitHub 同步\n\n```bash\nvk github sync # 触发手动同步\nvk github status # 显示同步状态\nvk github config # 查看或更新配置\nvk github mappings # 列出 issue↔任务映射关系\n```\n\n### 代理相关命令\n\n```bash\nvk agents:pending # 列出待处理的代理请求\nvk agents:status \u003Cid> # 检查代理是否正在运行\nvk agents:complete \u003Cid> -s # 标记代理已完成\n```\n\n### 实用工具\n\n```bash\nvk summary # 项目统计信息\nvk summary standup # 每日站会摘要\nvk notify:pending # 检查未读通知\n```\n\n所有命令都支持 `--json` 参数,便于脚本化和机器消费。\n\n---\n\n## 🤖 代理集成\n\nVeritas Kanban 可与任何能够发起 HTTP 请求的代理平台协同工作。REST API 覆盖了完整的任务生命周期——创建、更新、时间跟踪、完成。\n\n该系统基于 [OpenClaw](https:\u002F\u002Fgithub.com\u002Fopenclaw\u002Fopenclaw)(原 Clawdbot\u002FMoltbot)构建并测试过,后者通过 `sessions_spawn` 提供原生编排功能。内置的代理服务专为 OpenClaw 设计——欢迎为其他平台开发适配器。\n\n### 工作原理\n\n1. **启动代理** — 在 UI 中点击代码任务上的“启动代理”按钮(或直接调用 API)\n2. **创建请求** — 服务器将请求写入 `.veritas-kanban\u002Fagent-requests\u002F`\n3. **代理接收** — 您的代理读取请求并开始工作\n4. **执行工作** — 代理更新任务状态、跟踪时间、提交代码\n5. **完成任务** — 代理调用完成端点并返回结果\n6. **更新任务** — 任务状态变为“评审”,同时发送通知\n\n### 任意平台(REST API)\n\n> 💡 **使用 CLI?** 跳过 curl 命令——`vk begin \u003Cid>` 和 `vk done \u003Cid> \"summary\"` 可以一步完成整个生命周期。详细信息请参阅 [CLI 指南](docs\u002FCLI-GUIDE.md)。\n\n```bash\n# 创建任务\ncurl -X POST http:\u002F\u002Flocalhost:3001\u002Fapi\u002Ftasks \\\n -H \"Content-Type: application\u002Fjson\" \\\n -H \"X-API-Key: $YOUR_KEY\" \\\n -d '{\"title\": \"Implement feature X\", \"type\": \"code\", \"status\": \"in-progress\"}'\n\n# 开始时间跟踪\ncurl -X POST http:\u002F\u002Flocalhost:3001\u002Fapi\u002Ftasks\u002F\u003Cid>\u002Ftime\u002Fstart \\\n -H \"X-API-Key: $YOUR_KEY\"\n\n# 标记完成\ncurl -X POST http:\u002F\u002Flocalhost:3001\u002Fapi\u002Fagents\u002F\u003Cid>\u002Fcomplete \\\n -H \"Content-Type: application\u002Fjson\" \\\n -H \"X-API-Key: $YOUR_KEY\" \\\n -d '{\"success\": true, \"summary\": \"What was done\"}'\n```\n\n### GitHub Issues 同步\n\n```bash\n# 触发手动同步\ncurl -X POST http:\u002F\u002Flocalhost:3001\u002Fapi\u002Fgithub\u002Fsync \\\n -H \"X-API-Key: $YOUR_KEY\"\n\n# 查看同步状态\ncurl http:\u002F\u002Flocalhost:3001\u002Fapi\u002Fgithub\u002Fsync\u002Fstatus \\\n -H \"X-API-Key: $YOUR_KEY\"\n```\n\n带有 `kanban` 标签的 GitHub Issues 会被导入为任务。状态变化会反向同步(完成 → 关闭,重新打开为待办\u002F进行中\u002F阻塞)。诸如 `priority:high` 和 `type:story` 等标签会映射到任务字段。可在 `.veritas-kanban\u002Fintegrations.json` 中进行配置。\n\n### OpenClaw(原生支持)\n\n```bash\n# 检查待处理的代理请求\nvk agents:pending\n\n# OpenClaw 子代理使用 sessions_spawn 执行工作,\n# 并自动调用完成端点。\n```\n\n---\n\n## 🔗 MCP 服务器\n\n通过 [Model Context Protocol](https:\u002F\u002Fmodelcontextprotocol.io\u002F) 提供跨 7 个类别(任务、代理、自动化、通知、摘要、冲刺、项目)的 33+ 种工具。\n\n**→ [完整 MCP 文档](docs\u002Fmcp\u002FREADME.md)** — 包括架构、快速入门、带示例的工具目录、安全模型和故障排除。\n\n**快速配置**(Claude Desktop \u002F Cursor \u002F OpenClaw):\n\n```json\n{\n \"mcpServers\": {\n \"veritas-kanban\": {\n \"command\": \"node\",\n \"args\": [\"\u002Fpath\u002Fto\u002Fveritas-kanban\u002Fmcp\u002Fdist\u002Findex.js\"],\n \"env\": {\n \"VK_API_URL\": \"http:\u002F\u002Flocalhost:3001\"\n }\n }\n }\n}\n```\n\n**添加配置后,重启 OpenClaw:**\n\n```bash\nopenclaw gateway restart\n```\n\n使用 `openclaw mcp list` 验证发现。如果服务器未显示,请参阅 [故障排除](docs\u002FTROUBLESHOOTING.md#mcp-server-connection-issues)。\n\n**MCP 连接问题故障排除:**\n\n- **MCP 配置更改后务必重启 OpenClaw** — MCP 服务器在启动时被发现\n- **验证工具是否可用:** 运行 `openclaw mcp list` 确认 26 个 Veritas Kanban 工具已出现\n- **报告问题时,请提供:**\n - OpenClaw 版本 (`openclaw --version`)\n - VK 版本和健康状态 (`curl http:\u002F\u002Flocalhost:3001\u002Fapi\u002Fhealth`)\n - MCP 日志 (`~\u002F.openclaw\u002Flogs\u002Fmcp.log` 在 macOS\u002FLinux 上)\n - API 可访问性测试 (`curl -H \"X-API-Key: your-key\" http:\u002F\u002Flocalhost:3001\u002Fapi\u002Ftasks`)\n\n详情请参阅 [完整的 MCP 故障排除指南](docs\u002FTROUBLESHOOTING.md#mcp-server-connection-issues)。\n\n## 📄 任务格式\n\n任务是带有 YAML 前言的 Markdown 文件:\n\n```markdown\n---\nid: 'task_20260126_abc123'\ntitle: '实现功能 X'\ntype: 'code'\nstatus: 'in-progress'\npriority: 'high'\nproject: 'rubicon'\ngit:\n repo: 'my-project'\n branch: 'feature\u002Ftask_abc123'\n baseBranch: 'main'\n---\n\n## 描述\n\n任务详情在此...\n```\n\n---\n\n## 🧑‍💻 开发\n\n```bash\npnpm dev # 启动开发服务器(Web 和 API 并发)\npnpm build # 生产构建\npnpm typecheck # TypeScript 严格检查\npnpm lint # ESLint\npnpm test # 单元测试(Vitest)\npnpm test:e2e # 端到端测试(Playwright)\n```\n\n---\n\n## 📚 文档\n\n| 文档 | 描述 |\n| ------------------------------------------ | ------------------------- |\n| [功能](docs\u002FFEATURES.md) | 完整的功能参考 |\n| [API 参考](docs\u002FAPI-REFERENCE.md) | 认证、端点、WebSocket 文档 |\n| [CLI 指南](docs\u002FCLI-GUIDE.md) | 全面的 CLI 使用指南 |\n| [自托管指南](docs\u002Fguides\u002FSELF_HOST.md) | 生产部署、反向代理、Docker |\n| [部署](docs\u002FDEPLOYMENT.md) | Docker、裸金属、环境配置 |\n| [故障排除](docs\u002FTROUBLESHOOTING.md) | 常见问题及解决方案 |\n| [贡献指南](CONTRIBUTING.md) | 如何贡献、PR 指南 |\n| [安全策略](SECURITY.md) | 漏洞报告 |\n| [行为准则](CODE_OF_CONDUCT.md) | 社区指导原则 |\n| [变更日志](CHANGELOG.md) | 发布历史 |\n| [冲刺文档](docs\u002F) | 冲刺计划与审计报告 |\n\n---\n\n## 📸 截图\n\n\u003Cdetails>\n\u003Csummary>\u003Cstrong>点击展开截图\u003C\u002Fstrong>\u003C\u002Fsummary>\n\n### 板概览\n\n| | |\n| -------------------------------------------------- | --------------------------------------------------- |\n| ![主板视图](https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002FBradGroux_veritas-kanban_readme_29e1be4f96a5.png) | ![带任务的板](https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002FBradGroux_veritas-kanban_readme_3388409f4f21.png) |\n| ![板列](https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002FBradGroux_veritas-kanban_readme_27115ffc8816.png) | ![板暗模式](https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002FBradGroux_veritas-kanban_readme_ef20f52d271b.png) |\n\n### 任务管理\n\n| | |\n| ----------------------------------------------------------- | ---------------------------------------------------------- |\n| ![新建任务对话框](https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002FBradGroux_veritas-kanban_readme_7bde8a307beb.png) | ![任务详情面板](https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002FBradGroux_veritas-kanban_readme_1ce36826c8de.png) |\n| ![任务详情列表视图](https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002FBradGroux_veritas-kanban_readme_a30c116bbd54.png) | ![应用任务模板](https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002FBradGroux_veritas-kanban_readme_03ae8b3650e7.png) |\n\n### 任务附加功能\n\n| | |\n| -------------------------------------------- | ---------------------------------------------------- |\n| ![任务指标](https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002FBradGroux_veritas-kanban_readme_8eb2e0cac8e6.png) | ![任务附件](https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002FBradGroux_veritas-kanban_readme_1607132e15c2.png) |\n| ![活动日志](https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002FBradGroux_veritas-kanban_readme_7c35f8ca85cb.png) | ![归档](https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002FBradGroux_veritas-kanban_readme_860b1ee9d57f.png) |\n\n### 指标与仪表盘\n\n| | |\n| -------------------------------------------------- | -------------------------------------------------- |\n| ![指标概览](https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002FBradGroux_veritas-kanban_readme_98f5ad207d7e.png) | ![Token 使用情况](https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002FBradGroux_veritas-kanban_readme_3e0c16630051.png)|\n| ![失败运行](https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002FBradGroux_veritas-kanban_readme_07afd1084e1e.png) | ![导出指标](https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002FBradGroux_veritas-kanban_readme_73b96c7df386.png) |\n\n### 设置\n\n| | |\n| ------------------------------------------------------ | --------------------------------------------------------------- |\n| ![常规设置](https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002FBradGroux_veritas-kanban_readme_724e9fdb687e.png) | ![板设置](https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002FBradGroux_veritas-kanban_readme_a42cc6caf149.png) |\n| ![任务设置](https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002FBradGroux_veritas-kanban_readme_363a4d0f3b2a.png) | ![代理设置](https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002FBradGroux_veritas-kanban_readme_14b12fc14a5e.png) |\n| ![数据设置](https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002FBradGroux_veritas-kanban_readme_3e0faf09c89d.png) | ![通知设置](https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002FBradGroux_veritas-kanban_readme_1cd8c04a5d41.png) |\n| ![安全设置](https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002FBradGroux_veritas-kanban_readme_aa1a8935b84f.png) | ![管理设置](https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002FBradGroux_veritas-kanban_readme_10fff094959d.png) |\n\n### 菜单与活动\n\n| | |\n| ----------------------------------------------------- | ------------------------------------------------------------- |\n| ![代理活动](https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002FBradGroux_veritas-kanban_readme_27ec993a4644.png) | ![WebSocket 活动](https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002FBradGroux_veritas-kanban_readme_0888349a8cb5.png) |\n| ![键盘快捷键](https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002FBradGroux_veritas-kanban_readme_b4d6cfa3ac3b.png) | ![安全菜单](https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002FBradGroux_veritas-kanban_readme_484115d1b19f.png) |\n\n\u003C\u002Fdetails>\n\n---\n\n## 🗺️ 路线图\n\n请参阅 [公开问题](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues) 了解接下来的计划。欢迎社区贡献!\n\n### 在 v4.0.0 中发布\n\n- ~~[#178](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F178) — 代理策略与防护引擎~~ — 可配置的工具\u002F动作策略,支持允许、拒绝和需审批的防护规则\n- ~~[#179](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F179) — 带假设跟踪的决策审计轨迹~~ — 记录决策及其置信度分数、证据和结果跟踪\n- ~~[#180](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F180) — 代理输出评估与评分框架~~ — 带加权标准的综合评分体系\n- ~~[#181](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F181) — 行为漂移检测与告警~~ — 基于指标基线的可配置告警阈值\n- ~~[#182](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F182) — 带情感分析的用户反馈循环~~ — 收集反馈并进行情感标签化及聚合分析\n- ~~[#183](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F183) — 可拖拽且可调整大小的仪表盘组件网格~~ — 拖放式布局并支持状态持久化\n- ~~[#184](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F184) — 带版本控制的提示模板注册表~~ — 版本化的模板,支持回滚和使用情况跟踪\n- ~~[#185](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F185) — 全局系统健康状态栏~~ — 覆盖系统、代理和操作信号的五级健康状态\n- ~~[#186](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F186) — 升级至 shadcn\u002Fui CLI v4.0~~ — 所有组件均已更新,集成 Tailwind v4\n\n### 待办事项\n\n- [WCAG 2.1 AA 无障碍标准](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F1) — 完整的键盘导航、屏幕阅读器支持、色彩对比度\n- [示例视频](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F68) — 在 YouTube 或 Vimeo 上托管的演示视频\n\n### 在 v3.3.x 中发布\n\n- ~~[任务依赖关系图](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F122)~~ — 双向依赖模型,具备环路检测、递归树 API 和可视化标记功能\n- ~~[崩溃恢复检查点机制](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F123)~~ — 保存\u002F恢复\u002F清除代理状态,自动清理敏感信息,限制为 1MB,有效期 24 小时\n- ~~[观察记忆](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F124)~~ — 每个任务的观察记录,带重要性评分(1–10),支持全文搜索和时间线视图\n- ~~[代理筛选器](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F125)~~ — 可通过 `?agent=name` 参数按代理名称查询任务\n- ~~[冲刺管理 CLI + MCP](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F161)~~ — 从命令行和 MCP 实现完整的冲刺 CRUD 操作(列出、创建、更新、删除、关闭、建议)\n- ~~[任务↔代理状态同步](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F155)~~ — 双向同步引擎,确保任务状态与代理执行保持一致\n- ~~编排器委派强制执行~~ — 完整的强制执行门控,支持委派违规报告\n- ~~Express 5 + Vite 7 + Tailwind 4 + Zod 4 迁移~~ — 重大依赖库升级\n- ~~[SSRF Webhook 防护](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F165)~~ — 服务器端请求伪造防护措施\n- ~~[WebSocket 广播批处理](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F167)~~ — 防止高频更新导致事件循环阻塞\n\n### 在 v3.2.0 中发布\n\n- ~~[Markdown 编辑器](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fpull\u002F118)~~ — 丰富的编辑工具栏、实时预览以及用于任务描述和评论的快捷键(Ctrl+B\u002FI\u002FK)\n- ~~[共享资源注册表](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fpull\u002F119)~~ — 可复用资源(提示、指南、模板),可在不同项目间挂载使用\n- ~~[文档新鲜度](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fpull\u002F120)~~ — 新鲜度追踪,提供新鲜度评分、告警并自动生成审核任务\n- ~~[Docker 认证持久化](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F116)~~ — 修复了容器重建时认证状态被清除的问题;新增自动迁移功能\n\n### 在 v2.1.2 中发布\n\n- ~~[Docker 路径解析](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F102)~~ — 修复了容器化部署中 `.veritas-kanban` 目录的 WORKDIR 解析问题\n\n### 在 v2.1.1 中发布\n\n- ~~[反向代理支持](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F100)~~ — 添加了 `TRUST_PROXY` 环境变量,适用于 nginx、Caddy、Traefik 等反向代理\n- ~~[提示模板注册表](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F101)~~ — 集中式提示模板,支持版本管理和代理特定定制\n\n### 在 v2.0.0 中发布\n\n- ~~[仪表盘小部件切换开关](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F92)~~ · ~~[多代理仪表盘](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F28)~~ · ~~[多代理任务分配](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F29)~~ · ~~[@提及通知](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F30)~~ · ~~[代理权限级别](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F31)~~ · ~~[代理自我报告](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F52)~~ · ~~[CLI 使用情况报告](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F50)~~ · ~~[Markdown 渲染](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F63)~~ · ~~[成本预测](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F54)~~ · ~~[错误学习](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F91)~~ · ~~[任务生命周期钩子](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F72)~~ · ~~[文档新鲜度](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F74)~~ · ~~[时间去哪了](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F57)~~ · ~~[活动时钟](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F58)~~ · ~~[每小时活动](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F59)~~ · ~~[真实时间切换](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F60)~~ · ~~[会话指标](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F61)~~ · ~~[生产环境绑定](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F55)~~\n\n### 在 v1.6.0 中发布\n\n- ~~[模型使用模式与 API](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F47)~~ · ~~[全局使用量汇总](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F48)~~ · ~~[仪表盘模型使用情况](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F49)~~ · ~~[站立会议附带成本](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F51)~~ · ~~[按模型划分的成本表格](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F53)~~ · ~~[仪表盘筛选栏](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F56)~~ · ~~[健康状况端点](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F82)~~\n\n### 在 v1.1.0–v1.3.0 版本中发布\n\n- ~~[API 响应封装](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F2)~~ · ~~[熔断器](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F3)~~ · ~~[负载测试 (k6)](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F4)~~ · ~~[Prometheus\u002FOTel](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F5)~~ · ~~[存储抽象层](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F6)~~ · ~~[GitHub Issues 同步](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F21)~~ · ~~[活动动态](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F33)~~ · ~~[每日站会](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F34)~~\n\n---\n\n## 💬 支持\n\n所有支持与功能请求均通过 GitHub 进行:\n\n- **🐛 Bug 报告** — [新建议题](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002Fnew?template=bug_report.md)\n- **💡 功能请求** — [新建议题](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002Fnew?template=feature_request.md)\n- **❓ 问题与讨论** — [GitHub Discussions](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fdiscussions)\n\n> **注意:** 我们不通过电子邮件或社交媒体提供支持。GitHub 是本项目所有沟通的唯一权威来源。\n\n---\n\n## 🙏 致谢\n\n特别感谢 [Peter Steinberger](https:\u002F\u002Fgithub.com\u002Fsteipete) 和 [OpenClaw](https:\u002F\u002Fgithub.com\u002Fopenclaw\u002Fopenclaw)(前身为 Clawdbot\u002FMoltbot)——正是这个平台启发了本项目,并让自主代理编排仿佛魔法一般。\n\n---\n\n## 📜 许可证\n\n[MIT](LICENSE) © 2026 [Digital Meld](https:\u002F\u002Fdigitalmeld.io)\n\n---\n\n\u003Cdiv align=\"center\">\n\n得克萨斯州制造,满怀热爱 💜\n\n最初为 [OpenClaw](https:\u002F\u002Fgithub.com\u002Fopenclaw\u002Fopenclaw) 打造。适用于任何代理型平台。\n\n\u003C\u002Fdiv>","# Veritas Kanban 快速上手指南\n\nVeritas Kanban 是一个**本地优先**的任务管理与 AI Agent 编排平台,专为希望结合可视化看板与自主编码代理的开发者设计。它无需数据库,所有数据以 Markdown 和 JSON 文件形式存储,便于版本控制。\n\n## 1. 环境准备\n\n在开始之前,请确保您的开发环境满足以下要求:\n\n* **操作系统**: macOS, Linux 或 Windows (WSL2 推荐)\n* **Node.js**: 建议安装最新 LTS 版本 (项目基于 TypeScript 5.7+)\n* **包管理器**: 必须安装 **pnpm** (项目未使用 npm\u002Fyarn)\n ```bash\n # 如果未安装 pnpm,可通过 npm 全局安装\n npm install -g pnpm\n ```\n* **Git**: 用于克隆仓库及管理任务文件版本\n\n> **国内加速提示**:如果访问 GitHub 克隆速度慢,建议使用国内镜像源(如 Gitee 镜像)或配置 Git 代理。安装 pnpm 时若遇网络问题,可切换淘宝镜像:\n> `npm config set registry https:\u002F\u002Fregistry.npmmirror.com`\n\n## 2. 安装步骤\n\n只需几分钟即可完成本地部署:\n\n1. **克隆项目仓库**\n ```bash\n git clone https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban.git\n cd veritas-kanban\n ```\n\n2. **安装依赖**\n ```bash\n pnpm install\n ```\n\n3. **配置环境变量**\n 复制示例配置文件到服务器目录,并根据需要修改管理员密钥(`VERITAS_ADMIN_KEY`)。\n ```bash\n cp server\u002F.env.example server\u002F.env\n # 使用编辑器修改 server\u002F.env 文件,强烈建议更改默认密钥\n ```\n\n4. **启动开发服务器**\n ```bash\n pnpm dev\n ```\n\n## 3. 基本使用\n\n启动成功后,终端会显示服务地址。\n\n1. **访问看板**\n 打开浏览器访问:[http:\u002F\u002Flocalhost:3000](http:\u002F\u002Flocalhost:3000)\n * 首次运行时,看板会自动填充示例任务供你探索。\n\n2. **清理示例数据(可选)**\n 如果你希望从一个空白看板开始,删除示例任务文件并刷新页面:\n ```bash\n rm tasks\u002Factive\u002Ftask_example_*.md\n ```\n *(Windows PowerShell 用户请使用: `Remove-Item tasks\u002Factive\u002Ftask_example_*.md`)*\n\n3. **核心工作流**\n * **创建任务**:在看板上直接新建卡片,任务将以 `.md` 文件形式保存在 `tasks\u002F` 目录。\n * **编排 Agent**:在任务详情页中,可以召唤自主编码 Agent(如 OpenClaw)执行代码编写、修复或审查工作。\n * **Git 原生开发**:每个任务自动关联独立的 Git Worktree,支持在看板内直接进行代码审查、解决冲突并提交 PR。\n\n4. **恢复示例数据**\n 如果需要重新查看示例任务(仅在看板为空时有效):\n ```bash\n pnpm seed\n ```\n\n> **安全提示**:切勿将 `.env` 文件提交到版本控制系统。AI Agent 拥有执行代码和修改文件的权限,请在受控的本地环境中运行,并遵循最小权限原则。","某全栈开发团队正利用多个自主编码 Agent(如 OpenClaw)并行重构遗留系统,急需协调任务流转与代码质量。\n\n### 没有 veritas-kanban 时\n- **状态黑盒**:Agent 执行进度分散在终端日志或临时文件中,开发者无法直观看到哪些任务卡住、哪些已完成,项目真实状态如同“盲盒”。\n- **协作断层**:不同 Agent 之间缺乏统一的任务交接标准,导致“规划者”生成的任务常被“执行者”误解,重复劳动频发。\n- **审计缺失**:当代码出现回归错误时,难以追溯是哪个 Agent 在什么决策下修改了代码,缺乏行为漂移检测和决策审计线索。\n- **工具割裂**:需要手动切换看板软件、聊天窗口和命令行来监控 Agent,上下文频繁跳转严重拖慢调试效率。\n\n### 使用 veritas-kanban 后\n- **全景可视**:本地优先的看板实时同步所有 Agent 动态,任务从“待办”到“完成”的流转一目了然,彻底消除信息不对称。\n- **标准化编排**:内置的 Squad Chat 协议和 SOP 工作流让 Agent 间自动通过结构化消息交接任务,大幅降低沟通误差。\n- **可信溯源**:自动记录每个任务的模型归属与决策路径,支持跨模型代码审查(如 Claude 审查 GPT 代码),快速定位问题根源。\n- **无缝集成**:作为轻量级编排平台,直接通过 MCP Server 连接各类 Agent,开发者在一个界面即可完成监控、干预与部署。\n\nveritas-kanban 将混乱的 Agent 群控转化为透明、可审计的自动化流水线,让开发者真正掌握项目的“未过滤真相”。","https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002FBradGroux_veritas-kanban_b8891a09.gif","BradGroux","Brad Groux","https:\u002F\u002Foss.gittoolsai.com\u002Favatars\u002FBradGroux_2c1a1d62.jpg","CEO @ Digital Meld | OpenClaw Microsoft Maintainer | Host of the Start Small, Think Big Podcast","@DigitalMeld @openclaw","Houston, TX",null,"bradgroux","https:\u002F\u002Fwww.digitalmeld.io","https:\u002F\u002Fgithub.com\u002FBradGroux",[84,88,92,96,100,104],{"name":85,"color":86,"percentage":87},"TypeScript","#3178c6",96.3,{"name":89,"color":90,"percentage":91},"HTML","#e34c26",1.4,{"name":93,"color":94,"percentage":95},"Shell","#89e051",1.2,{"name":97,"color":98,"percentage":99},"JavaScript","#f1e05a",0.6,{"name":101,"color":102,"percentage":103},"CSS","#663399",0.3,{"name":105,"color":106,"percentage":107},"Dockerfile","#384d54",0.1,641,77,"2026-04-16T09:42:02","MIT","未说明 (基于 Node.js\u002FTypeScript,通常支持 Linux, macOS, Windows)","未说明 (无需 GPU,为非深度学习类应用)","未说明",{"notes":116,"python":117,"dependencies":118},"该项目是一个本地优先的任务管理和 AI 代理编排平台,核心基于 TypeScript 开发,使用 pnpm 作为包管理器。它不依赖传统的深度学习框架(如 PyTorch\u002FTensorFlow),因此无特定 GPU 或 Python 版本要求。任务数据以 Markdown 文件存储,配置为 JSON,工作流为 YAML,无需数据库、Docker 或 Redis。用户需自行配置 .env 文件并设置管理员密钥。若需运行 AI 代理,需额外配置外部代理工具(如 OpenClaw)及对应的 API 密钥。","不需要 (基于 TypeScript\u002FNode.js)",[119,120,121],"pnpm (包管理器)","TypeScript 5.7","Node.js (隐含依赖)",[13],[124,125,126,127,128,129,130,131,132,133],"ai-agents","developer-tools","kanban","local-first","pino","project-management","react","task-management","typescript","vite","2026-03-27T02:49:30.150509","2026-04-17T10:21:07.313682",[137,142,147,152,157,161],{"id":138,"question_zh":139,"answer_zh":140,"source_url":141},37539,"如何让 AI Agent 自动接收或处理看板上的任务?","您可以指示编排器(orchestrator)查阅特定功能的文档,并将其添加为标准操作程序(SOP)。触发方式非常灵活,可以基于定时器、任务状态变更或任务更新。但需注意避免浪费 Token,例如不要设置每 5 分钟检查一次状态的 Cron 作业。推荐使用 n8n 管理工作流以节省 Token。此外,可以通过 Webhooks 实现当任务移动到“就绪(Ready)”状态时自动让 Agent 接手任务。目前许多用户已完全通过聊天交互完成工作,看板主要供人类查看。","https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F175",{"id":143,"question_zh":144,"answer_zh":145,"source_url":146},37540,"Veritas Kanban 支持哪些任务状态?'planning' 状态还在吗?","'planning' 状态已被完全移除,因为它对以 Agent 为主的看板来说过于繁琐且占用过多 UI 空间。当前的有效状态流转为:`todo`(待办)→ `in-progress`(进行中)→ `blocked`(阻塞)→ `done`(完成)。规划工作应体现在任务笔记、清单或 Agent 内部规划中,而不是作为一个独立的状态列。如果在文档中看到旧的任务引用了 `planning` 状态转换,应将其更新为反映当前工作流的描述,并添加注释说明该状态已无效,以防 Agent 扫描仓库时产生误解。","https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F84",{"id":148,"question_zh":149,"answer_zh":150,"source_url":151},37541,"在反向代理(如 Nginx, Traefik, Synology DSM)后部署时遇到 'X-Forwarded-For' 验证错误怎么办?","这是因为 Express 默认不信任代理,而反向代理添加了 `X-Forwarded-For` 头导致的。从 v2.1.1 版本开始,可以通过设置 `TRUST_PROXY` 环境变量来解决。支持的配置值包括:\n- `TRUST_PROXY=1`:信任单跳代理(大多数单一反向代理场景的推荐设置)。\n- `TRUST_PROXY=2`:信任两跳(例如 CDN + 反向代理)。\n- `TRUST_PROXY=loopback`:仅信任本地回环地址。\n- 也可以设置具体的子网字符串(如 `10.0.0.0\u002F8`)。\n注意:出于安全考虑,系统故意阻止设置 `TRUST_PROXY=true`(无条件信任所有代理),如果强制设置会收到警告并回退到安全默认值。请在 docker-compose.yml 或容器环境变量中配置此变量。","https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F100",{"id":153,"question_zh":154,"answer_zh":155,"source_url":156},37542,"重建 Docker 容器后认证状态(密码和恢复密钥)丢失,需要重新设置怎么办?","这是一个已知问题,根本原因是 `security.json` 文件被写入了容器的临时文件系统,而不是挂载的数据卷中。该问题已在后续修复中解决(见 Issue #117)。修复内容包括修正了 5 个存在相同路径解析问题的文件,确保它们使用共享的 `getRuntimeDir()` 助手函数来获取正确的持久化路径。对于受影响的现有用户,修复版本包含了自动迁移脚本以恢复数据,并提供了恢复文档。如果您遇到此问题,请升级到包含修复的最新版本,并确保您的 Docker 卷正确挂载到数据目录。","https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F116",{"id":158,"question_zh":159,"answer_zh":160,"source_url":141},37543,"OpenClaw 无法拾取物品,是否需要先进行注册?","通常不需要单独的“注册”步骤。如果安装了板卡(board)和 MCP 服务器但仍无法工作,请检查您的编排器(orchestrator)是否已正确配置以识别该功能。建议让 Agent 查阅相关文档并将操作流程添加为 SOP(标准操作程序)。确保没有因为频繁的轮询检查(如高频 Cron 任务)而导致 Token 耗尽或逻辑阻塞。如果问题依旧,可以尝试通过聊天直接询问 Agent 关于 n8n 工作流集成或 Webhook 的配置,因为大部分交互现在都可以通过聊天完成。",{"id":162,"question_zh":163,"answer_zh":164,"source_url":141},37544,"如何优化 Token 使用以避免在自动化任务中浪费资源?","避免设置高频的定时任务(例如每 5 分钟检查一次状态),这会大量消耗 Token。推荐使用 n8n 等外部工具来管理工作流和定时任务,Agent 对 n8n 有很好的支持,这样可以显著节省 Token。另外,尽量利用事件驱动的方式(如 Webhooks 监听任务状态变化)来触发 Agent 行动,而不是让 Agent 主动轮询。目前许多高级用户已转向完全通过聊天与 Agent 交互,仅在必要时查看看板可视化界面,从而最大化效率。",[166,171,176,181,186,191,196,201,206,211,216,221,226,231,236,241,246,251,256,261],{"id":167,"version":168,"summary_zh":169,"released_at":170},298076,"v4.0.0","## Veritas Kanban 4.0 — 代理治理与信任\n\n本次发布为治理版本。VK 现已提供完整的代理治理层——可配置的策略、行为偏差检测、决策审计追踪、输出评估以及用户反馈分析。与此同时,还新增了完全可自定义的仪表板网格、带有版本控制的提示模板注册表,以及实时的全局系统健康状态条。\n\n所有 shadcn\u002Fui 组件均已升级至 v4,并集成 Tailwind v4。MCP 服务器现已扩展至 7 大类共 33 款工具,包括完整的评论 CRUD 操作和项目管理功能。此外,文档中还新增了七份标准操作流程指南、更新后的 API 参考文档,以及一份全面的自托管指南。\n\n自 v3.3.3 以来,共计 **54 次提交**。\n\n---\n\n## ✨ 新增功能\n\n### 🛡️ 代理治理层\n\n- **代理策略与防护引擎 (#178)** — 定义代理可以执行与禁止执行的操作。支持按工具和动作配置 `允许` \u002F `拒绝` \u002F `需审批` 的防护规则,并可设置优先级顺序(先拒后允或先允后拒),同时支持按代理和项目进行作用域划分,以及为每项策略决策内置审计日志。REST API:`GET\u002FPOST \u002Fapi\u002Fpolicies`、`GET\u002FPUT\u002FDELETE \u002Fapi\u002Fpolicies\u002F:id`、`POST \u002Fapi\u002Fpolicies\u002F:id\u002Fevaluate`。\n\n- **带假设跟踪的决策审计追踪 (#179)** — 以结构化记录形式记录代理决策:决策文本、置信度分数、支持证据及所作假设。事后记录执行结果,以便验证假设是否成立。支持全文搜索及按代理、任务和置信度范围进行筛选。REST API:`GET\u002FPOST \u002Fapi\u002Fdecisions`、`GET\u002FPUT\u002FDELETE \u002Fapi\u002Fdecisions\u002F:id`、`POST \u002Fapi\u002Fdecisions\u002F:id\u002Foutcome`。\n\n- **代理输出评估与评分框架 (#180)** — 根据加权标准配置对代理输出进行评分:`正则匹配`、`包含关键词`、`数值范围`、`自定义表达式`。支持通过 `加权平均`、`最小值` 或 `几何平均` 进行综合评分。提供按评分者细分及各维度解释的评估历史记录。REST API:`GET\u002FPOST \u002Fapi\u002Fscoring\u002Fprofiles`、`POST \u002Fapi\u002Fscoring\u002Fevaluate`、`GET \u002Fapi\u002Fscoring\u002Fhistory`。\n\n- **行为偏差检测与告警 (#181)** — 设置指标基线和告警阈值,当代理行为出现偏离时即发送通知。偏差状态生命周期:`正常` → `警告` → `告警` → `已解决`,并自动记录检测与解决时间戳。REST API:`GET\u002FPOST \u002Fapi\u002Fdrift`、`GET\u002FPUT\u002FDELETE \u002Fapi\u002Fdrift\u002F:id`、`POST \u002Fapi\u002Fdrift\u002F:id\u002Fresolve`。\n\n- **带情感分析的用户反馈闭环 (#182)** — 收集针对代理输出的反馈,并标注情感标签(`正面` \u002F ` neutral` \u002F `负面`)及分类标签。提供聚合分析功能:情感分布、随时间变化的趋势、各类别占比等。REST API:`GET\u002FPOST \u002Fapi\u002Ffeedback`、`GET\u002FDELETE \u002Fapi\u002Ffeedback\u002F:id`、`GET \u002Fapi\u002Ffeedback\u002Fanalytics`。\n\n### 📊 仪表板与可见性\n\n- **可拖拽且可调整大小的仪表板组件网格 (#183)** — 支持平滑动画的拖放式组件重新布局,可按网格对齐调整大小的组件,以及通过 `settings.json` 实现布局持久化。可添加或删除 wi","2026-03-21T17:52:36",{"id":172,"version":173,"summary_zh":174,"released_at":175},298077,"v3.3.3","## 变更内容\n\n### 修复\n- **#162 — 完成 Zod 4 API 迁移** — 解决了 50 多个阻碍 CI\u002FCD 的 TypeScript 编译错误(`ZodError.errors` → `ZodError.issues`,显式指定 `z.record()` 的键类型,修正模式默认类型)\n- **#165 — Webhook URL 的 SSRF 防护** — 为所有出站 Webhook 目的地添加服务器端请求伪造防护措施\n\n### 新增\n- **编排器委托强制执行** — 全面的强制执行入口:代理选择器、状态徽章、警告横幅、违规上报接口\n- **强制执行入口提示通知** — 带有可操作指引的入口专属标题,持续 10 秒,并在批量操作栏中显示\n- **仪表板强制执行指示器** — 彩色盾牌图标,显示当前生效与总入口数,以及各入口的状态点\n\n### 性能优化\n- **#167 — WebSocket 广播批处理** — 对广播进行批处理,以防止高频更新时阻塞事件循环\n\n---\n\n**完整变更日志**:https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fcompare\u002Fv3.3.2...v3.3.3","2026-03-01T20:00:26",{"id":177,"version":178,"summary_zh":179,"released_at":180},298078,"v3.3.2","## 新功能\n\n### ✨ 燃尽图管理 — CLI + MCP (#161)\n为人工操作员和 AI 代理提供完整的燃尽图 CRUD 操作及任务集成:\n- `vk sprint list\u002Fcreate\u002Fupdate\u002Fdelete\u002Fclose\u002Fsuggestions`\n- 任务标记:`vk list\u002Fcreate\u002Fupdate -S \u003Csprint>`\n- MCP 工具:`list_sprints`、`create_sprint`、`update_sprint`、`delete_sprint`、`close_sprint`、`sprint_suggestions`\n- 在 `list_tasks`、`create_task`、`update_task` 中新增燃尽图字段\n\n### 🔄 任务↔代理状态同步 + 对账 (#155)\n双向同步引擎可保持任务状态与代理执行状态的一致性,并通过对账流程解决记录不一致的问题。\n\n### 🔒 同步认证边界加固 (#159)\n强化了任务-代理同步接口的认证检查,以防止未经授权的状态篡改。\n\n### 🧪 熔断器测试套件 (#156)\n新增 18 个单元测试,覆盖熔断器的打开\u002F半开\u002F闭合状态切换、超时行为以及错误阈值等场景。\n\n## 完整变更日志\n详情请参阅 [CHANGELOG.md](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fblob\u002Fmain\u002FCHANGELOG.md#332---2026-03-01)。","2026-03-01T19:09:07",{"id":182,"version":183,"summary_zh":184,"released_at":185},298079,"v3.3.1","## 变更\n\n- 修复:兼容 Express 5 的通配符路由 (#153)\n- 修复(安全):将 hono 升级至 >=4.12.2 (GHSA-xh87-mx6m-69f3)\n- 杂项:将 Vite 从 6 升级到 7 (#148)\n- 杂项:将 Tailwind CSS 从 3 升级到 4 (#149)\n- 杂项:升级 8 个生产依赖项 (#154)\n\n详情请参阅 [CHANGELOG.md](CHANGELOG.md)。","2026-02-28T15:58:03",{"id":187,"version":188,"summary_zh":189,"released_at":190},298080,"v3.3.0","## 新增功能\n\n四项已准备好投入生产的特性——在安全性、可靠性、性能和可访问性方面均获得 **10\u002F10 分**(4x10 审核关卡)。跨模型验证通过(Claude Sonnet 编写,GPT Codex 审核)。\n\n### 🔗 任务依赖图 (#122)\n双向依赖模型,具备环路检测、递归图 API 和完全符合 ARIA 标准的可访问 UI。批量加载遍历机制消除了 N+1 查询问题。\n\n### 💾 崩溃恢复检查点 (#123)\n子代理现在可以在发生崩溃后保存并恢复状态。支持密钥信息清理(20 多种模式 + 正则表达式值检测)、1MB 大小限制、24 小时过期机制,并在恢复时自动将上下文注入到代理提示中。\n\n### 👁️ 观察记忆 (#124)\n为任意任务记录决策、阻碍因素、洞察及上下文信息,并赋予重要性评分(1-10 分)。提供全文搜索功能,可分页显示所有观察记录。\n\n### 🔍 代理筛选器 (#125)\n可通过 `GET \u002Fapi\u002Ftasks?agent=name` 按代理名称筛选任务。输入已进行安全 sanitization,兼容分页功能,并已在 OpenAPI 文档中详细说明。\n\n---\n\n**完整变更日志:** https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fcompare\u002Fv3.2.1...v3.3.0","2026-02-15T05:49:08",{"id":192,"version":193,"summary_zh":194,"released_at":195},298081,"v3.2.1","## v3.2.1 — 修复与加固\n\n### 修复\n- **reviewGate 强制执行** 现在仅适用于代码类任务类型(代码、缺陷、特性、自动化、系统)——非代码任务将跳过该检查点。\n- **设置页面崩溃问题** —— 在所有 8 个设置标签页中增加了防御性访问控制,防止因配置节缺失而导致的崩溃。\n- **设置开关持久化** —— 使用正确的补丁合并方式替换了 `deepMergeDefaults`;共享资源和文档新鲜度开关现已正确持久化。\n- **小队聊天系统消息** 现在以灰色消息气泡形式显示(之前为不可见的分隔线)。\n- **工时跟踪** —— 修复了损坏的 17K 小时遥测条目;后端新增了 7 天 `durationMs` 上限。\n- **已归档任务** 不会再重新出现在看板上(清理了因标题变更而产生的孤立文件)。\n- **EnforcementTab** —— reviewGate 警告文本格式化正确,移除了冗余的“质量门”标题。\n\n### 文档\n- 新增《以 PRD 为导向的自主开发》指南(`docs\u002Ffeatures\u002Fprd-driven-development.md`)。\n- 新增工时跟踪 Bug 的事后分析报告。\n\n### 样式\n- 小队聊天系统消息采用一致的灰色样式。\n- 设置界面全面使用主题令牌。\n\n**完整更新日志**:https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fcompare\u002Fv3.2.0...v3.2.1","2026-02-12T11:42:17",{"id":197,"version":198,"summary_zh":199,"released_at":200},298082,"v3.2.0","## 新功能\n\n### ✨ Markdown 编辑器\n为任务描述和评论提供丰富的 Markdown 编辑功能——包括格式化工具栏、实时预览、键盘快捷键(Ctrl+B\u002FI\u002FK)、语法高亮以及深色模式支持。\n\n### 📦 共享资源注册中心\n定义可重用的资源(提示、指南、技能、配置、模板),并在不同项目中挂载使用。提供完整的 CRUD API,包含挂载和卸载端点。\n\n### 📄 文档新鲜度跟踪\n通过新鲜度评分、告警以及可选的自动评审任务创建,跟踪文档的新鲜度。支持自定义阈值和扫描间隔。\n\n### 🐛 错误修复\n- 修复了 Docker 认证状态的持久化问题——`security.json` 及其他 4 个服务文件现在能够在容器重建时正确地持久化到 Docker 卷中(#116)\n- 添加了对现有 Docker 安装的自动迁移功能\n- 修复了“经验教训”部分的深色模式样式问题(已切换为主题感知的样式变量)\n- 修复了任务卡片预览中显示原始 Markdown 的问题(现已改为纯文本)\n- 修复了 `jwt-rotation.test.ts` 中因 `vi.hoisted()` 导致的时间死区错误\n\n**完整更新日志**:https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fcompare\u002Fv3.1.0...v3.2.0","2026-02-11T16:31:56",{"id":202,"version":203,"summary_zh":204,"released_at":205},298083,"v3.1.0","## 结构化流程强制门控\n\nVeritas Kanban 现在包含 6 个可选的强制门控,通过结构化的纪律来强化您的代理工作流——而不仅仅是依赖文档中的承诺。\n\n### 🛡️ 强制门控\n所有门控默认**已禁用**,可通过设置 API 单独启用或禁用:\n\n| 门控 | 功能描述 |\n|------|----------|\n| **squadChat** | 自动将任务生命周期事件发布到小队聊天中 |\n| **reviewGate** | 在任务完成前,需获得 4 次 10 分的评审分数(四次均为 10 分) |\n| **closingComments** | 在任务完成前,要求在评审评论中包含交付物摘要 |\n| **autoTelemetry** | 在状态变更时发出 run.started\u002Frun.completed 的遥测信息 |\n| **autoTimeTracking** | 根据状态变化自动启动\u002F停止计时器 |\n| **orchestratorDelegation** | 当协调者直接执行实现工作而非进行委派时发出警告 |\n\n### 📖 针对 AI 代理\n完整的文档包含专门的“针对 AI 代理”章节,涵盖飞行前检查、错误处理和集成模式。详情请参阅 [docs\u002Fenforcement.md](docs\u002Fenforcement.md)。\n\n### 🐛 错误修复\n- 修复了强制门控逻辑(将 `?? true` 更正为 `=== true` 检查)\n- 修复了 TelemetryService 对回溯时间戳的支持\n- 修复了 Docker 环境下 TelemetryService 的 DATA_DIR 配置\n- 修复了模板 YAML 序列化中嵌套未定义值的问题\n- 修复了小队聊天中不区分大小写的代理颜色查找问题\n\n**完整更新日志:** https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fcompare\u002Fv3.0.0...v3.1.0 \n关闭 #115","2026-02-10T14:13:13",{"id":207,"version":208,"summary_zh":209,"released_at":210},298084,"v3.0.0","# ⚖️ Veritas Kanban v3.0.0 — 工作流引擎\n\nVK 现在已成为一个**功能完善的 AI 编排平台**。工作流引擎将 VK 从一个任务看板转变为用于多智能体协作的生产流水线。\n\n## 🚀 新特性\n\n### 核心工作流引擎(第一阶段)\n- 基于 YAML 的工作流定义与可视化执行\n- 9 个用于工作流 CRUD 操作及运行管理的 API 端点\n- 使用 Zod 进行验证、审计日志记录以及基于角色的访问控制授权\n\n### 运行状态管理(第二阶段)\n- 持久化运行状态(服务器重启后仍可恢复)\n- 具有指数退避机制的重试功能\n- 每个步骤的进度文件跟踪\n- 会话模式(全新\u002F复用)\n\n### 前端与实时更新(第三阶段)\n- WorkflowsPage、WorkflowRunView、WorkflowRunList、WorkflowSection 组件\n- **全面从轮询重构为 WebSocket**:13 个钩子和组件现以 WebSocket 为主\n- 当 WebSocket 连接时,API 调用次数减少约 75%\n- 实时计数器、活动、指标以及智能体状态\n\n### 高级编排功能(第四阶段)\n- **循环步骤**:支持带进度跟踪的迭代(安全上限为 1,000 次)\n- **网关步骤**:包含审批、条件判断与超时机制,并可人工升级处理\n- **并行步骤**:扇出\u002F扇入结构(最多 50 个并发任务,使用 Promise.allSettled)\n- 增强的验收准则(支持正则表达式、JSON Path 和子字符串匹配)\n\n### 工作流仪表盘 (#114)\n- 概要卡片、当前运行、历史记录以及按工作流划分的健康指标\n- WebSocket 实时更新\n\n### 基于角色的工具策略 (#110)\n- 5 种默认角色:规划者、开发者、审核员、测试员、部署者\n- 提供用于自定义角色的完整 CRUD API\n- 在工作流步骤执行期间强制实施\n\n### 每个步骤的全新会话 (#111)\n- 隔离的会话可防止上下文泄漏\n- 上下文模式:极简、完整、自定义\n- 清理模式:删除、保留\n\n## 🔒 安全性\n- ReDoS 攻击防护(限制模式长度并设置执行超时)\n- 表达式注入防范(采用标记化评估)\n- 并发 DoS 限制(每步最多 50 个子步骤)\n- 网关审批验证(类型检查)\n\n## 📊 数据概览\n- **8 个问题已关闭**(#107–#114)\n- **约 22,500 行**代码及文档\n- **4 个阶段**在一个版本中完成\n- **37 次提交**经过评审\n- 最终评审时**无任何阻塞问题**\n- 在所有评审维度上均获得**10\u002F10\u002F10\u002F10**\n\n## 📚 文档\n- [工作流用户指南](docs\u002FWORKFLOW-GUIDE.md) — 33KB 的全面指南\n- [API 参考文档](docs\u002FAPI-WORKFLOWS.md) — 32KB 的完整端点说明\n- [架构规范](docs\u002FWORKFLOW_ENGINE_ARCHITECTURE.md) — 完整的技术设计\n\n---\n\n**完整变更日志**:https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fblob\u002Fmain\u002FCHANGELOG.md","2026-02-10T01:48:54",{"id":212,"version":213,"summary_zh":214,"released_at":215},298085,"v2.1.4","## 修复内容\n\n### 状态计数器准确性 (#104)\n侧边栏任务计数现使用专用的 `\u002Fapi\u002Ftasks\u002Fcounts` 端点,该端点返回的总数不受看板时间范围筛选器的影响。不再出现虚增的任务数。\n\n### 批量操作超时问题 (#105)\n批量归档、状态更新和待办事项降级操作现采用单次 API 调用,而非 N 次顺序请求:\n- `POST \u002Fapi\u002Ftasks\u002Fbulk-update` — 更新多个任务的状态\n- `POST \u002Fapi\u002Ftasks\u002Fbulk-archive-by-ids` — 归档多个任务\n- `POST \u002Fapi\u002Fbacklog\u002Fbulk-demote` — 将多个任务降级至待办事项\n- 数组大小上限为 100(安全加固)\n- 通过 `Promise.allSettled()` 并行执行 — 对于大型批次,速度提升约 **26 倍**\n\n### Squad Chat 文档 (#106)\n澄清了 `model` 字段在 API 中是一个结构化的 JSON 字段。\n\n---\n\n**完整变更日志:** [v2.1.3...v2.1.4](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fcompare\u002Fv2.1.3...v2.1.4) \n**评审结果:** 10\u002F10\u002F10\u002F10(正确性、安全性、性能、代码质量)","2026-02-09T21:04:24",{"id":217,"version":218,"summary_zh":219,"released_at":220},298086,"v2.1.3","## Docker Path Standardization (#102)\n\nComprehensive refactor: created shared `paths.ts` utility and migrated all 7 services to use it for consistent `.veritas-kanban` path resolution.\n\n### What Changed\n\n- **New:** `server\u002Fsrc\u002Futils\u002Fpaths.ts` — single source of truth for all path resolution\n- **Refactored:** task-service, activity-service, chat-service, audit-service, metrics\u002Fhelpers, backlog-repository (7 files)\n- **Resolution priority:** `DATA_DIR` \u002F `VERITAS_DATA_DIR` env var → project root auto-discovery → fallback\n- **Safety:** Filesystem root guard prevents silent `\u002F` resolution (the original EACCES bug)\n- **Backwards compatible:** Existing `DATA_DIR` configurations continue to work unchanged\n\n### Quality Gate\n\n- ✅ Cross-model reviewed: **10\u002F10\u002F10\u002F10** (GPT-5.1 authored, Claude Sonnet 4.5 reviewed)\n- ✅ Build passes\n- ✅ All affected tests pass (17\u002F17 audit tests)\n- ✅ Docker build verified\n\n### Upgrade\n\nNo breaking changes. Existing Docker configurations and `DATA_DIR` settings continue to work. The shared `paths.ts` utility provides a more robust foundation for path resolution across all services.\n\n**Full Changelog:** https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fcompare\u002Fv2.1.2...v2.1.3","2026-02-08T04:02:24",{"id":222,"version":223,"summary_zh":224,"released_at":225},298087,"v2.1.2","### Fixed\n\n- **Docker Path Resolution** (#102) — Fixed WORKDIR resolution so services correctly find `.veritas-kanban` in containerized deployments\n - **Root cause:** Services use `process.cwd()\u002F..` to locate project root; with `WORKDIR \u002Fapp` this resolved to `\u002F` (filesystem root), causing `EACCES: permission denied` on container startup\n - **Fix:** Changed production WORKDIR to `\u002Fapp\u002Fserver`, ensured `\u002Fapp\u002Ftasks` and `\u002Fapp\u002Fserver` are writable\n - **Impact:** Resolves permission denied errors when starting VK in Docker containers\n\n### Upgrade\n\n```bash\ngit pull origin main\ndocker compose build --no-cache\ndocker compose up -d\n```\n\n**Full Changelog:** https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fcompare\u002Fv2.1.1...v2.1.2","2026-02-07T22:57:49",{"id":227,"version":228,"summary_zh":229,"released_at":230},298088,"v2.1.1","## Fixed\n\n- **Reverse Proxy Support** ([#100](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fissues\u002F100)) — Added `TRUST_PROXY` environment variable for deployments behind nginx, Caddy, Traefik, Synology DSM, and other reverse proxies. Fixes `express-rate-limit` ValidationError and WebSocket authentication loops caused by untrusted `X-Forwarded-For` headers.\n - Supports hop counts (`TRUST_PROXY=1`), named values (`loopback`, `linklocal`), and subnet strings\n - `TRUST_PROXY=true` is blocked by default (security hardening — logs warning, falls back to no trust)\n - Disabled by default — no behavior change for existing deployments\n - Documentation added for nginx, Caddy, and Docker Compose configurations\n\n## Security\n\n- Blocked `TRUST_PROXY=true` to prevent accidental trust-all-proxies misconfiguration on public-facing deployments\n\n## Docs Updated\n\n- `CHANGELOG.md` — v2.1.1 entry\n- `README.md` — version badge bumped\n- `docs\u002FDEPLOYMENT.md` — reverse proxy guidance (nginx + Caddy)\n- `docs\u002FTROUBLESHOOTING.md` — rate limit error fix\n- `docs\u002FGETTING-STARTED.md` — TRUST_PROXY env var reference\n\n---\n\n**Full Changelog:** https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fcompare\u002Fv2.1.0...v2.1.1\n\nThanks to [@Casenl](https:\u002F\u002Fgithub.com\u002FCasenl) for reporting this issue! 🎉","2026-02-07T21:23:57",{"id":232,"version":233,"summary_zh":234,"released_at":235},298089,"v2.1.0","## ⚖️ Veritas Kanban 2.1.0 — Documentation, Security Hardening & Process\n\nThis release documents all v2.0 features, hardens security, and establishes the multi-agent development process going forward.\n\n### 📖 Documentation\n- **README updated** — All 7 new features documented (Squad Chat, Broadcasts, Deliverables, Polling, Delegation, OpenClaw Integration, Webhooks)\n- **5 feature guides** created in `docs\u002Ffeatures\u002F`:\n - Squad Chat — Real-time agent communication with WebSocket, system messages\n - Broadcast Notifications — Priority-based with read receipts\n - Task Deliverables — First-class objects with type\u002Fstatus tracking\n - Efficient Polling — `\u002Fapi\u002Fchanges?since=...` with ETag support\n - Approval Delegation — Vacation mode with scoped delegation\n- **Cleaned up 8 scattered docs** — Consolidated into proper feature guides\n- **Updated lessons learned** — 13 operational lessons from multi-agent development\n\n### 🔒 Security Hardening\n- **Gateway token stripped from API responses** — `openclawGatewayToken` and `secret` are now write-only fields; never returned in GET or PATCH responses\n- **File locking added** to notification-service and config-service — all write operations now protected by `withFileLock()`\n- **Path traversal protection** verified across all services\n- **TOCTTOU race conditions** eliminated in all read-modify-write operations\n\n### 🚀 Performance\n- Removed double cache invalidation in squad chat\n- Added `React.memo()` to message bubble components\n\n### 📋 Process Improvements\n- **Pre-Commit Review Protocol** added to CONTRIBUTING.md — mandatory 4 checks (Code, Functionality, Performance, Security) before every commit\n- **One Agent Per File** rule documented — prevents concurrent edit conflicts\n- **Never push without human approval** — explicit in contributing guidelines\n\n### 👥 Contributors\nTARS (code review), CASE (functionality review), Ava (performance review), K-2SO (security review + docs), R2-D2 (squad chat), VERITAS (orchestration)\n\n**Full Changelog:** https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fcompare\u002Fv2.0.0...v2.1.0","2026-02-07T17:52:50",{"id":237,"version":238,"summary_zh":239,"released_at":240},298090,"v2.0.0","## ⚖️ Veritas Kanban 2.0 — The Multi-Agent Release\n\n**18 features** shipped across agent orchestration, dashboard analytics, lifecycle automation, and developer experience. This release transforms VK from a single-agent task board into a full multi-agent orchestration platform.\n\n### 🤖 Multi-Agent System\n- **Agent Registry** (#52) — Service discovery with heartbeat tracking, capabilities, live status\n- **Multi-Agent Dashboard** (#28) — Real-time sidebar with expandable agent cards\n- **Multi-Agent Task Assignment** (#29) — Multiple agents per task with color-coded chips\n- **@Mention Notifications** (#30) — @agent-name parsing, thread subscriptions, delivery tracking\n- **Agent Permission Levels** (#31) — Intern \u002F Specialist \u002F Lead with approval workflows\n- **Error Learning** (#91) — Structured failure analysis with similarity search\n- **Task Lifecycle Hooks** (#72) — 7 built-in hooks, 8 events, custom hooks API\n- **Documentation Freshness** (#74) — Steward workflow with freshness headers\n\n### 📊 Dashboard Analytics\n- **Where Time Went** (#57) — Time breakdown by project\n- **Activity Clock** (#58) — 24-hour donut chart\n- **Hourly Activity** (#59) — Bar chart with event counts\n- **Wall Time Toggle** (#60) — Total agent time + avg run duration\n- **Session Metrics** (#61) — Session count, success rate, completion tracking\n- **Dashboard Widget Toggles** (#92) — Show\u002Fhide widgets with localStorage persistence\n\n### 🛠️ Developer Experience\n- **Markdown Rendering** (#63) — Rich markdown in task descriptions and comments\n- **Cost Prediction** (#54) — Multi-factor cost estimation\n- **CLI Usage Reporting** (#50) — `vk usage` command\n- **Production Binding** (#55) — VK_HOST + VK_PORT env vars\n- **Custom Favicon** — Purple scales-of-justice SVG\n\n### 🔒 Security\n- MCP SDK patched to ^1.26.0 (GHSA-345p-7cg4-v4c7)\n- Rate limiting documented for public deployments\n- Agent permission enforcement on API endpoints\n\n### 🙏 Credits\n- [@nateherk](https:\u002F\u002Fgithub.com\u002Fnateherk) — Error learning workflow inspiration\n- [@mvoutov](https:\u002F\u002Fgithub.com\u002Fmvoutov) — Documentation freshness inspiration\n\n**Full changelog:** [CHANGELOG.md](https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fblob\u002Fmain\u002FCHANGELOG.md)","2026-02-06T03:00:18",{"id":242,"version":243,"summary_zh":244,"released_at":245},298091,"v1.6.0","## ✨ Highlights\n\n- **Activity Page Redesign** — Streamlined to focus on status history with full-width layout, clickable task navigation, and color-coded status badges\n- **Task Templates UI (#39)** — Full management interface for creating, editing, and instantiating task templates with blueprints\n- **Analytics API (#43)** — New endpoints for timeline visualization and aggregate metrics (parallelism, throughput, lead time)\n- **Status Transition Hooks** — Quality gates and automated actions for task status changes\n- **7 GitHub Issues Closed** — #47, #48, #49, #51, #53, #56, #82 verified complete and documented\n\n## 🎨 Activity Page\n\n- Full-width status history (removed activity feed column)\n- Clickable entries navigate to task detail\n- Color-coded badges:\n - Agent: `working` (green), `sub-agent` (purple), `idle` (gray), `error` (red)\n - Task: `todo` (slate), `in-progress` (amber), `blocked` (red), `done` (blue)\n- Unified timeline shows both agent and task status changes\n\n## 📋 Task Templates\n\n- Templates page at `\u002Ftemplates` with grid view and category grouping\n- Template editor with task defaults, subtask templates, and blueprint support\n- One-click task creation from any template\n- Full API: `GET\u002FPOST\u002FPUT\u002FDELETE \u002Fapi\u002Ftemplates`, `POST \u002Fapi\u002Ftemplates\u002F:id\u002Finstantiate`\n\n## 📊 Analytics API\n\n| Endpoint | Description |\n|----------|-------------|\n| `GET \u002Fapi\u002Fanalytics\u002Ftimeline` | Task execution timeline with parallelism snapshots |\n| `GET \u002Fapi\u002Fanalytics\u002Fmetrics` | Aggregate metrics (parallelism, throughput, lead time, utilization) |\n\n## 🔒 Security\n\n- **SEC-001 Fixed** — Path traversal vulnerability patched in trace and template services\n\n## ✅ Closed Issues\n\n| Issue | Title |\n|-------|-------|\n| #82 | Dev reliability (health endpoints, dev:clean, watchdog) |\n| #56 | Dashboard filter bar with time presets |\n| #53 | Per-model cost tables & calculation |\n| #51 | Standup summary with model usage |\n| #49 | Dashboard Model Usage & Cost panel |\n| #48 | Global usage aggregation service & API |\n| #47 | Model Usage schema, types & API |\n\n---\n\n**Full Changelog:** https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fblob\u002Fmain\u002FCHANGELOG.md","2026-02-05T04:14:08",{"id":247,"version":248,"summary_zh":249,"released_at":250},298092,"v1.5.0","## ✨ Highlights\n\n- **Complete SOP Documentation Suite** — 8 new guides covering agent workflows, sprint planning, multi-agent orchestration, cross-model review, best practices, examples, and power user tips\n- **Bulk Archive Error Handling** — Fixed silent failures in Done column archival with per-task error tracking and user feedback toasts\n- **Sidebar Metrics Sync** — Fixed stale task counts by invalidating metrics cache on status changes\n\n## 📚 Documentation (8 new files)\n\n- **GETTING-STARTED.md** — 5-minute quickstart (Neal @nealmummau credit)\n- **SOP-agent-task-workflow.md** — Task lifecycle with API\u002FCLI examples\n- **SOP-sprint-planning.md** — Epic → Sprint hierarchy + RF-002 bug example\n- **SOP-multi-agent-orchestration.md** — PM + worker orchestration patterns\n- **SOP-cross-model-code-review.md** — Claude ↔ GPT gate (91% RF-002 validation)\n- **BEST-PRACTICES.md** — 10 DOs + 10 DON'Ts from real usage\n- **EXAMPLES-agent-workflows.md** — 6 copy\u002Fpasteable recipes\n- **TIPS-AND-TRICKS.md** — CLI shortcuts, integrations, power moves\n- **README.md** — Added 'Documentation Map' section\n\n## 🐛 Fixes\n\n**GH-86: Bulk Archive Silent Failure**\n- Per-task error tracking (replaces Promise.all)\n- Toast notifications on success\u002Fpartial\u002Ffailure\n- Console logging of individual task failures\n- File: web\u002Fsrc\u002Fcomponents\u002Fboard\u002FBulkActionsBar.tsx\n\n**GH-87: Sidebar Metrics Out of Sync**\n- Invalidate metrics cache when task status changes\n- Prevents up-to-30s lag in sidebar counts\n- Preserves timer state during mutations\n- File: web\u002Fsrc\u002Fhooks\u002FuseTasks.ts\n\n## 🛠️ Scripts\n\n- **scripts\u002Fdev-clean.sh** — Added pnpm path resolution for launchd\n- **scripts\u002Fdev-watchdog.sh** — Improved restart storm prevention\n\n## 📦 Version Bumps\n\n- Root: 1.4.1 → 1.5.0\n- Server: 1.4.1 → 1.5.0\n- Web: 1.4.1 → 1.5.0\n- Shared: 1.4.1 → 1.5.0\n\nSee CHANGELOG.md for full details.","2026-02-04T14:42:21",{"id":252,"version":253,"summary_zh":254,"released_at":255},298093,"v1.4.1","## v1.4.1 — Security Fixes + Version Alignment\n\n### Security\n\n- **SEC-001 Path Traversal Prevention** — added strict path segment validation + base directory enforcement in server utilities; applied to file-based services that join paths from user-controlled ids\n- **SEC-007 Admin Authorization** — enforced admin (or admin+agent where appropriate) on mutating settings\u002Fconfig\u002Factivity\u002Fstatus-history\u002Fnotifications endpoints\n\n### Fixed\n\n- **Agent Status Panel** now uses real-time WebSocket updates (`useRealtimeAgentStatus`) and correctly handles `activeAgents` payloads\n- Improved proxy\u002FIP trust behavior for rate limiting (`X-Forwarded-For` only trusted when `trust proxy` is configured)\n\n---\n\n**Full Changelog:** https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fcompare\u002Fv1.4.0...v1.4.1\n","2026-02-03T11:19:13",{"id":257,"version":258,"summary_zh":259,"released_at":260},298094,"v1.4.0","## v1.4.0 — Backlog Board + Dashboard Overhaul\n\n### ✨ Highlights\n\n- **CLI Workflow Commands** — Two-command task lifecycle (`vk begin` \u002F `vk done`) plus time tracking, comments, agent status, and project management from the terminal\n- Inspired by Boris Cherny's (Claude Code creator) \"automate everything you do twice\" philosophy\n\n### Added\n\n#### CLI Workflow Commands (#44)\n\n- **Composite workflows** — Complete task lifecycle in single commands:\n - `vk begin \u003Cid>` — Sets in-progress + starts timer + updates agent status to working\n - `vk done \u003Cid> \"summary\"` — Stops timer + sets done + adds comment + sets agent idle\n - `vk block \u003Cid> \"reason\"` — Sets blocked + adds comment with reason\n - `vk unblock \u003Cid>` — Sets in-progress + restarts timer\n- **Time tracking CLI** — Full time management from terminal:\n - `vk time start \u003Cid>` — Start time tracker\n - `vk time stop \u003Cid>` — Stop time tracker\n - `vk time entry \u003Cid> \u003Cseconds> \"description\"` — Add manual time entry\n - `vk time show \u003Cid>` — Display time tracking summary (total, running status, entries)\n- **Comments CLI** — `vk comment \u003Cid> \"text\"` with optional `--author` flag\n- **Agent status CLI** — Manage agent presence:\n - `vk agent status` — Show current agent status\n - `vk agent working \u003Cid>` — Set to working (auto-fetches task title)\n - `vk agent idle` — Set to idle\n - `vk agent sub-agent \u003Ccount>` — Set sub-agent mode with count\n- **Project management CLI** — `vk project list` and `vk project create \"name\"` with `--color` and `--description` flags\n- All commands support `--json` for scripting and automation\n- 5 new command modules, 18 subcommands, 651 lines added\n\n---\n\n---\n\n---\n\n**Full Changelog:** https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fcompare\u002Fv1.3.0...v1.4.0\n","2026-02-03T11:19:09",{"id":262,"version":263,"summary_zh":264,"released_at":265},298095,"v1.3.0","## v1.3.0 — Visibility & Automation\n\n### ✨ Highlights\n\n- **GitHub Issues Bidirectional Sync** — Import issues with the `kanban` label and push status changes back to GitHub\n- **Activity Feed** — Full-page chronological activity feed with filtering, real-time updates, and compact\u002Fdetailed toggle\n- **Daily Standup Summary** — Generate standup reports via API or CLI with completed, in-progress, blocked, and upcoming sections\n\n### Added\n\n#### GitHub Issues Sync (#21)\n\n- `GitHubSyncService` (464 lines) with polling, label-based field mapping, and circuit breaker\n- Inbound: import issues with `kanban` label as tasks\n- Outbound: push status changes (done → close issue, reopen on todo\u002Fin-progress\u002Fblocked) and comments\n- Label mapping: `priority:high` → priority field, `type:story` → type field\n- Config: `.veritas-kanban\u002Fintegrations.json`, state: `.veritas-kanban\u002Fgithub-sync.json`\n- `TaskGitHub` interface in shared types: `{issueNumber, repo, syncedAt?}`\n- New API endpoints:\n - `POST \u002Fapi\u002Fgithub\u002Fsync` — trigger manual sync\n - `GET \u002Fapi\u002Fgithub\u002Fsync\u002Fstatus` — last sync info\n - `GET \u002Fapi\u002Fgithub\u002Fsync\u002Fconfig` — get config\n - `PUT \u002Fapi\u002Fgithub\u002Fsync\u002Fconfig` — update config\n - `GET \u002Fapi\u002Fgithub\u002Fsync\u002Fmappings` — list issue↔task mappings\n- New CLI commands: `vk github sync`, `vk github status`, `vk github config`, `vk github mappings`\n\n#### Activity Feed (#33)\n\n- Full-page chronological activity feed accessible from header nav (ListOrdered icon)\n- `agent` field added to Activity interface\n- `ActivityFilters` for combinable filtering (agent, type, taskId, since, until)\n- `GET \u002Fapi\u002Factivity` enhanced with query params: `?agent=X&type=Y&taskId=Z&since=ISO&until=ISO`\n- `GET \u002Fapi\u002Factivity\u002Ffilters` — distinct agents and types for filter dropdowns\n- `ActivityFeed.tsx` component with day grouping, 15 activity type icons, filter bar, compact\u002Fdetailed toggle\n- Infinite scroll via IntersectionObserver\n- Real-time WebSocket updates\n- `ViewContext` for board ↔ activity navigation\n\n#### Daily Standup Summary (#34)\n\n- `GET \u002Fapi\u002Fsummary\u002Fstandup?date=YYYY-MM-DD&format=json|markdown|text`\n- Sections: completed, in-progress, blocked, upcoming, stats\n- `generateStandupMarkdown()` and `generateStandupText()` in SummaryService\n- CLI: `vk summary standup` with `--yesterday`, `--date YYYY-MM-DD`, `--json`, `--text` flags\n- 12 new tests\n\n### Changed\n\n- MAX_ACTIVITIES increased from 1,000 to 5,000\n\n---\n\n---\n\n**Full Changelog:** https:\u002F\u002Fgithub.com\u002FBradGroux\u002Fveritas-kanban\u002Fcompare\u002Fv1.2.0...v1.3.0\n","2026-02-03T11:19:06"]