santhoshj/headroom
1
0
Fork 0
Code Issues 18 Pull Requests Actions Packages Projects Releases Wiki Activity

Ralph iteration 1: work in progress

Browse Source
This commit is contained in:
Santhosh Janardhanan
2026-02-18 14:18:53 -05:00
parent f6a7e82036
commit a3b7eb116d
12 changed files with 1197 additions and 328 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
.opencode/command/ralph.md Normal file
View File

@@ -0,0 +1,44 @@
---
description: Run Open Ralph Wiggum loops in this repository
---
Run Open Ralph Wiggum in the current repository with OpenCode as the default agent.
**Input**: The argument after `/ralph` is the Ralph task prompt. Optional Ralph flags may be included.
**Steps**
1. **Require task input**
If no argument is provided, ask:
> "What task should Ralph run? Include success criteria and completion promise if you have one."
Stop after asking.
2. **Install Ralph locally in `.opencode`**
```bash
npm install --prefix ".opencode" @th0rgal/ralph-wiggum
```
3. **Run Ralph loop**
If the user did not provide iteration bounds, use:
```bash
npx --prefix ".opencode" ralph "<input>" --agent opencode --max-iterations 10
```
If the user included explicit flags (for example `--max-iterations`, `--tasks`, `--model`), preserve them and append `--agent opencode` only when agent is not specified.
4. **After run, show control commands**
```bash
npx --prefix ".opencode" ralph --status
npx --prefix ".opencode" ralph --add-context "Focus on <area>"
```
**Guardrails**
- Do not add `open-ralph-wiggum` to OpenCode plugin config.
- Keep the run scoped to this repository.
- Prefer bounded loops with `--max-iterations`.

41
.opencode/package-lock.json generated Normal file
View File

@@ -0,0 +1,41 @@
{
"name": ".opencode",
"lockfileVersion": 3,
"requires": true,
"packages": {
"": {
"dependencies": {
"@opencode-ai/plugin": "1.2.6",
"@th0rgal/ralph-wiggum": "^1.2.1"
}
},
"node_modules/@opencode-ai/plugin": {
"version": "1.2.6",
"license": "MIT",
"dependencies": {
"@opencode-ai/sdk": "1.2.6",
"zod": "4.1.8"
}
},
"node_modules/@opencode-ai/sdk": {
"version": "1.2.6",
"license": "MIT"
},
"node_modules/@th0rgal/ralph-wiggum": {
"version": "1.2.1",
"resolved": "https://registry.npmjs.org/@th0rgal/ralph-wiggum/-/ralph-wiggum-1.2.1.tgz",
"integrity": "sha512-8Xe6luwnKTArT9eBzyAx1newz+InGTBm9pCQrG4yiO9oYVHC0WZN3f1sQIpKwQbbnKQ4YJXdoraaatd0B4yDcA==",
"license": "MIT",
"bin": {
"ralph": "bin/ralph.js"
}
},
"node_modules/zod": {
"version": "4.1.8",
"license": "MIT",
"funding": {
"url": "https://github.com/sponsors/colinhacks"
}
}
}
}

47
.opencode/skills/open-ralph-wiggum/SKILL.md Normal file
View File

@@ -0,0 +1,47 @@
---
name: open-ralph-wiggum
description: Run autonomous Ralph loops in the current repository using OpenCode as the default agent.
license: MIT
compatibility: Requires Node.js/npm and OpenCode CLI configured with a working model.
metadata:
author: th0rgal
source: https://github.com/Th0rgal/open-ralph-wiggum
---
Use Open Ralph Wiggum to run repeatable autonomous coding loops from OpenCode.
**Input**: The user message after this skill should include the task prompt for Ralph. Optional Ralph flags can be passed as part of the message.
**Steps**
1. **Validate a task prompt exists**
If no task prompt is provided, ask for one clear prompt and stop.
2. **Ensure Ralph CLI is available in this repo**
Run:
```bash
npm install --prefix ".opencode" @th0rgal/ralph-wiggum
```
3. **Run Ralph with OpenCode agent (default)**
Use local binary via `npx` so no global install is required:
```bash
npx --prefix ".opencode" ralph "<user prompt>" --agent opencode --max-iterations 10
```
If the user already included `--max-iterations`, keep their value.
4. **Report result and next controls**
Mention how to monitor or steer loop if still running:
- `npx --prefix ".opencode" ralph --status`
- `npx --prefix ".opencode" ralph --add-context "<hint>"`
**Guardrails**
- Do not register Ralph as an OpenCode plugin. It is a CLI wrapper, not a plugin.
- Keep execution in the current repository.
- Do not use unlimited iterations by default; always set `--max-iterations` unless user explicitly asks otherwise.

30
.ralph/ralph-history.json Normal file
View File

@@ -0,0 +1,30 @@
{
"iterations": [
{
"iteration": 1,
"startedAt": "2026-02-18T19:18:48.446Z",
"endedAt": "2026-02-18T19:18:53.115Z",
"durationMs": 1302,
"agent": "opencode",
"model": "",
"toolsUsed": {},
"filesModified": [
".opencode/skills/open-ralph-wiggum/",
".ralph/"
],
"exitCode": 1,
"completionDetected": false,
"errors": [
"\u001b[91m\u001b[1mError: \u001b[0mSession not found"
]
}
],
"totalDurationMs": 1302,
"struggleIndicators": {
"repeatedErrors": {
"\u001b[91m\u001b[1mError: \u001b[0mSession not found": 1
},
"noProgressIterations": 0,
"shortIterations": 1
}
}

13
.ralph/ralph-loop.state.json Normal file
View File

@@ -0,0 +1,13 @@
{
"active": true,
"iteration": 1,
"minIterations": 1,
"maxIterations": 10,
"completionPromise": "COMPLETE",
"tasksMode": false,
"taskPromise": "READY_FOR_NEXT_TASK",
"prompt": "Test the changes made by running the scribe command and the swagger is working fine. In case any issues found, fix and retest until the issue is resolved. once that is done, /opsx-verify, /opsx-sync and /opsx-archive. Then commit the code. Attempt a push, if failed, leave it for me. <promise>DONE</promise> when complete.",
"startedAt": "2026-02-18T19:18:44.320Z",
"model": "",
"agent": "opencode"
}

20
.ralph/ralph-opencode.config.json Normal file
View File

@@ -0,0 +1,20 @@
{
"$schema": "https://opencode.ai/config.json",
"permission": {
"read": "allow",
"edit": "allow",
"glob": "allow",
"grep": "allow",
"list": "allow",
"bash": "allow",
"task": "allow",
"webfetch": "allow",
"websearch": "allow",
"codesearch": "allow",
"todowrite": "allow",
"todoread": "allow",
"question": "allow",
"lsp": "allow",
"external_directory": "allow"
}
}

55
backend/app/Http/Controllers/Api/AuthController.php
View File

@@ -10,8 +10,37 @@ use Illuminate\Support\Facades\Hash;
use Illuminate\Support\Facades\Redis;
use Illuminate\Support\Facades\Validator;
/**
* @group Authentication
*
* Endpoints for JWT authentication and session lifecycle.
*/
class AuthController extends Controller
{
/**
* Login and get tokens
*
* Authenticate with email and password to receive an access token and refresh token.
*
* @bodyParam email string required User email address. Example: user@example.com
* @bodyParam password string required User password. Example: secret123
*
* @response 200 {
* "access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9...",
* "refresh_token": "abc123def456",
* "token_type": "bearer",
* "expires_in": 3600,
* "user": {
* "id": "550e8400-e29b-41d4-a716-446655440000",
* "name": "Alice Johnson",
* "email": "user@example.com",
* "role": "manager"
* }
* }
* @response 401 {"message":"Invalid credentials"}
* @response 403 {"message":"Account is inactive"}
* @response 422 {"errors":{"email":["The email field is required."],"password":["The password field is required."]}}
*/
public function login(Request $request): JsonResponse
{
$validator = Validator::make($request->all(), [
@@ -56,6 +85,22 @@ class AuthController extends Controller
]);
}
/**
* Refresh access token
*
* Exchange a valid refresh token for a new access token and refresh token pair.
*
* @authenticated
* @bodyParam refresh_token string required Refresh token returned by login. Example: abc123def456
*
* @response 200 {
* "access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9...",
* "refresh_token": "newtoken123",
* "token_type": "bearer",
* "expires_in": 3600
* }
* @response 401 {"message":"Invalid or expired refresh token"}
*/
public function refresh(Request $request): JsonResponse
{
$refreshToken = $request->input('refresh_token');
@@ -89,6 +134,16 @@ class AuthController extends Controller
]);
}
/**
* Logout current session
*
* Invalidate a refresh token and end the active authenticated session.
*
* @authenticated
* @bodyParam refresh_token string Optional refresh token to invalidate immediately. Example: abc123def456
*
* @response 200 {"message":"Logged out successfully"}
*/
public function logout(Request $request): JsonResponse
{
$user = $request->user();

1
backend/composer.json
View File

@@ -7,6 +7,7 @@
"license": "MIT",
"require": {
"php": "^8.2",
"knuckleswtf/scribe": "^5.7",
"laravel/framework": "^12.0",
"laravel/tinker": "^2.10.1",
"predis/predis": "^2.0",

974
backend/composer.lock generated
View File

File diff suppressed because it is too large Load Diff

24
backend/config/cors.php Normal file
View File

@@ -0,0 +1,24 @@
<?php
return [
'paths' => [
'api/*',
'api/documentation',
'api/documentation/*',
'sanctum/csrf-cookie',
],
'allowed_methods' => ['*'],
'allowed_origins' => ['*'],
'allowed_origins_patterns' => [],
'allowed_headers' => ['*'],
'exposed_headers' => [],
'max_age' => 0,
'supports_credentials' => false,
];

258
backend/config/scribe.php Normal file
View File

@@ -0,0 +1,258 @@
<?php
use Knuckles\Scribe\Config\AuthIn;
use Knuckles\Scribe\Config\Defaults;
use Knuckles\Scribe\Extracting\Strategies;
use function Knuckles\Scribe\Config\configureStrategy;
use function Knuckles\Scribe\Config\removeStrategies;
// Only the most common configs are shown. See the https://scribe.knuckles.wtf/laravel/reference/config for all.
return [
// The HTML <title> for the generated documentation.
'title' => 'Headroom API',
// A short description of your API. Will be included in the docs webpage, Postman collection and OpenAPI spec.
'description' => 'Resource planning and capacity management API',
// Text to place in the "Introduction" section, right after the `description`. Markdown and HTML are supported.
'intro_text' => <<<'INTRO'
Authenticate by sending `Authorization: Bearer {access_token}` on protected endpoints.
Access tokens are valid for 60 minutes. Use `/api/auth/refresh` with your refresh token to obtain a new access token and refresh token pair.
INTRO,
// The base URL displayed in the docs.
// If you're using `laravel` type, you can set this to a dynamic string, like '{{ config("app.tenant_url") }}' to get a dynamic base URL.
'base_url' => rtrim(config('app.url'), '/').'/api',
// Routes to include in the docs
'routes' => [
[
'match' => [
// Match only routes whose paths match this pattern (use * as a wildcard to match any characters). Example: 'users/*'.
'prefixes' => ['api/*'],
// Match only routes whose domains match this pattern (use * as a wildcard to match any characters). Example: 'api.*'.
'domains' => ['*'],
],
// Include these routes even if they did not match the rules above.
'include' => [
// 'users.index', 'POST /new', '/auth/*'
],
// Exclude these routes even if they matched the rules above.
'exclude' => [
// 'GET /health', 'admin.*'
],
],
],
// The type of documentation output to generate.
// - "static" will generate a static HTMl page in the /public/docs folder,
// - "laravel" will generate the documentation as a Blade view, so you can add routing and authentication.
// - "external_static" and "external_laravel" do the same as above, but pass the OpenAPI spec as a URL to an external UI template
'type' => 'laravel',
// See https://scribe.knuckles.wtf/laravel/reference/config#theme for supported options
'theme' => 'default',
'static' => [
// HTML documentation, assets and Postman collection will be generated to this folder.
// Source Markdown will still be in resources/docs.
'output_path' => 'public/docs',
],
'laravel' => [
// Whether to automatically create a docs route for you to view your generated docs. You can still set up routing manually.
'add_routes' => true,
// URL path to use for the docs endpoint (if `add_routes` is true).
// By default, `/docs` opens the HTML page, `/docs.postman` opens the Postman collection, and `/docs.openapi` the OpenAPI spec.
'docs_url' => '/api/documentation',
// Directory within `public` in which to store CSS and JS assets.
// By default, assets are stored in `public/vendor/scribe`.
// If set, assets will be stored in `public/{{assets_directory}}`
'assets_directory' => null,
// Middleware to attach to the docs endpoint (if `add_routes` is true).
'middleware' => [],
],
'external' => [
'html_attributes' => [],
],
'try_it_out' => [
// Add a Try It Out button to your endpoints so consumers can test endpoints right from their browser.
// Don't forget to enable CORS headers for your endpoints.
'enabled' => true,
// The base URL to use in the API tester. Leave as null to be the same as the displayed URL (`scribe.base_url`).
'base_url' => null,
// [Laravel Sanctum] Fetch a CSRF token before each request, and add it as an X-XSRF-TOKEN header.
'use_csrf' => false,
// The URL to fetch the CSRF token from (if `use_csrf` is true).
'csrf_url' => '/sanctum/csrf-cookie',
],
// How is your API authenticated? This information will be used in the displayed docs, generated examples and response calls.
'auth' => [
// Set this to true if ANY endpoints in your API use authentication.
'enabled' => true,
// Set this to true if your API should be authenticated by default. If so, you must also set `enabled` (above) to true.
// You can then use @unauthenticated or @authenticated on individual endpoints to change their status from the default.
'default' => true,
// Where is the auth value meant to be sent in a request?
'in' => AuthIn::BEARER->value,
// The name of the auth parameter (e.g. token, key, apiKey) or header (e.g. Authorization, Api-Key).
'name' => 'Authorization',
// The value of the parameter to be used by Scribe to authenticate response calls.
// This will NOT be included in the generated documentation. If empty, Scribe will use a random value.
'use_value' => 'Bearer {token}',
// Placeholder your users will see for the auth parameter in the example requests.
// Set this to null if you want Scribe to use a random value as placeholder instead.
'placeholder' => 'Bearer {token}',
// Any extra authentication-related info for your users. Markdown and HTML are supported.
'extra_info' => 'Get tokens from `POST /api/auth/login`, send access token as `Bearer {token}`, and renew with `POST /api/auth/refresh` before access token expiry.',
],
// Example requests for each endpoint will be shown in each of these languages.
// Supported options are: bash, javascript, php, python
// To add a language of your own, see https://scribe.knuckles.wtf/laravel/advanced/example-requests
// Note: does not work for `external` docs types
'example_languages' => [
'bash',
'javascript',
],
// Generate a Postman collection (v2.1.0) in addition to HTML docs.
// For 'static' docs, the collection will be generated to public/docs/collection.json.
// For 'laravel' docs, it will be generated to storage/app/scribe/collection.json.
// Setting `laravel.add_routes` to true (above) will also add a route for the collection.
'postman' => [
'enabled' => true,
'overrides' => [
// 'info.version' => '2.0.0',
],
],
// Generate an OpenAPI spec in addition to docs webpage.
// For 'static' docs, the collection will be generated to public/docs/openapi.yaml.
// For 'laravel' docs, it will be generated to storage/app/scribe/openapi.yaml.
// Setting `laravel.add_routes` to true (above) will also add a route for the spec.
'openapi' => [
'enabled' => true,
// The OpenAPI spec version to generate. Supported versions: '3.0.3', '3.1.0'.
// OpenAPI 3.1 is more compatible with JSON Schema and is becoming the dominant version.
// See https://spec.openapis.org/oas/v3.1.0 for details on 3.1 changes.
'version' => '3.0.3',
'overrides' => [
// 'info.version' => '2.0.0',
],
// Additional generators to use when generating the OpenAPI spec.
// Should extend `Knuckles\Scribe\Writing\OpenApiSpecGenerators\OpenApiGenerator`.
'generators' => [],
],
'groups' => [
// Endpoints which don't have a @group will be placed in this default group.
'default' => 'Endpoints',
// By default, Scribe will sort groups alphabetically, and endpoints in the order their routes are defined.
// You can override this by listing the groups, subgroups and endpoints here in the order you want them.
// See https://scribe.knuckles.wtf/blog/laravel-v4#easier-sorting and https://scribe.knuckles.wtf/laravel/reference/config#order for details
// Note: does not work for `external` docs types
'order' => [],
],
// Custom logo path. This will be used as the value of the src attribute for the <img> tag,
// so make sure it points to an accessible URL or path. Set to false to not use a logo.
// For example, if your logo is in public/img:
// - 'logo' => '../img/logo.png' // for `static` type (output folder is public/docs)
// - 'logo' => 'img/logo.png' // for `laravel` type
'logo' => false,
// Customize the "Last updated" value displayed in the docs by specifying tokens and formats.
// Examples:
// - {date:F j Y} => March 28, 2022
// - {git:short} => Short hash of the last Git commit
// Available tokens are `{date:<format>}` and `{git:<format>}`.
// The format you pass to `date` will be passed to PHP's `date()` function.
// The format you pass to `git` can be either "short" or "long".
// Note: does not work for `external` docs types
'last_updated' => 'Last updated: {date:F j, Y}',
'examples' => [
// Set this to any number to generate the same example values for parameters on each run,
'faker_seed' => 1234,
// With API resources and transformers, Scribe tries to generate example models to use in your API responses.
// By default, Scribe will try the model's factory, and if that fails, try fetching the first from the database.
// You can reorder or remove strategies here.
'models_source' => ['factoryCreate', 'factoryMake', 'databaseFirst'],
],
// The strategies Scribe will use to extract information about your routes at each stage.
// Use configureStrategy() to specify settings for a strategy in the list.
// Use removeStrategies() to remove an included strategy.
'strategies' => [
'metadata' => [
...Defaults::METADATA_STRATEGIES,
],
'headers' => [
...Defaults::HEADERS_STRATEGIES,
Strategies\StaticData::withSettings(data: [
'Content-Type' => 'application/json',
'Accept' => 'application/json',
]),
],
'urlParameters' => [
...Defaults::URL_PARAMETERS_STRATEGIES,
],
'queryParameters' => [
...Defaults::QUERY_PARAMETERS_STRATEGIES,
],
'bodyParameters' => [
...Defaults::BODY_PARAMETERS_STRATEGIES,
],
'responses' => configureStrategy(
Defaults::RESPONSES_STRATEGIES,
Strategies\Responses\ResponseCalls::withSettings(
only: ['GET *'],
// Recommended: disable debug mode in response calls to avoid error stack traces in responses
config: [
'app.debug' => false,
]
)
),
'responseFields' => [
...Defaults::RESPONSE_FIELDS_STRATEGIES,
],
],
// For response calls, API resource responses and transformer responses,
// Scribe will try to start database transactions, so no changes are persisted to your database.
// Tell Scribe which connections should be transacted here. If you only use one db connection, you can leave this as is.
'database_connections_to_transact' => [config('database.default')],
'fractal' => [
// If you are using a custom serializer with league/fractal, you can specify it here.
'serializer' => null,
],
];

18
openspec/changes/p00-api-documentation/tasks.md
View File

@@ -2,19 +2,19 @@
## Phase 1: Configure Scribe
- [ ] 0.1 Install Scribe (if not already installed): `composer require knuckleswtf/scribe`
- [ ] 0.2 Publish Scribe config: `php artisan vendor:publish --tag=scribe-config`
- [ ] 0.3 Configure `config/scribe.php` with Headroom settings
- [ ] 0.4 Add `/api/documentation` to CORS allowed paths
- [x] 0.1 Install Scribe (if not already installed): `composer require knuckleswtf/scribe`
- [x] 0.2 Publish Scribe config: `php artisan vendor:publish --tag=scribe-config`
- [x] 0.3 Configure `config/scribe.php` with Headroom settings
- [x] 0.4 Add `/api/documentation` to CORS allowed paths
## Phase 2: Annotate Controllers
### AuthController
- [ ] 0.5 Add `@group Authentication` to class
- [ ] 0.6 Document `POST /api/auth/login` with @bodyParam, @response
- [ ] 0.7 Document `POST /api/auth/refresh` with @authenticated, @response
- [ ] 0.8 Document `POST /api/auth/logout` with @authenticated, @response
- [ ] 0.9 Add authentication section to Scribe config
- [x] 0.5 Add `@group Authentication` to class
- [x] 0.6 Document `POST /api/auth/login` with @bodyParam, @response
- [x] 0.7 Document `POST /api/auth/refresh` with @authenticated, @response
- [x] 0.8 Document `POST /api/auth/logout` with @authenticated, @response
- [x] 0.9 Add authentication section to Scribe config
### TeamMemberController
- [ ] 0.10 Add `@group Team Members` to class