Skip to content

Add CodeFlow - Multi-Agent Orchestration with CDP Patrol Engine for Cursor IDE #254

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
joinwell52-AI wants to merge 7 commits into
base: main
Choose a base branch
from
+169 −0
Open

Add CodeFlow - Multi-Agent Orchestration with CDP Patrol Engine for Cursor IDE #254

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
eb772aa
Add CodeFlow - multi-agent team orchestration with .mdc rules + self-…
joinwell52-AI Apr 14, 2026
f1ac276
fix: add .cursorrules file and use relative link per repo guidelines
joinwell52-AI Apr 14, 2026
20ff598
feat: add CDP patrol engine details to .cursorrules and README descri…
joinwell52-AI Apr 14, 2026
f376346
fix: address CodeRabbit review - TASK filename format, OPS redaction,…
joinwell52-AI Apr 14, 2026
1dc11ce
refactor: unify role naming to pure names (PM/DEV/QA/OPS/ADMIN), remo…
joinwell52-AI Apr 14, 2026
3d34dc8
fix: specify mandatory directory paths for task/report files per review
joinwell52-AI Apr 14, 2026
72b1523
fix: annotate media-team and mvp-team as requiring external .mdc role…
joinwell52-AI Apr 15, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -119,6 +119,8 @@ By creating a `.cursorrules` file in your project's root directory, you can leve

### Backend and Full-Stack

- [CodeFlow](./rules/codeflow-multi-agent-cursorrules-prompt-file/.cursorrules) - Multi-agent team orchestration with CDP (Chrome DevTools Protocol) patrol engine. Agents (PM/DEV/QA/OPS) run as Cursor tabs; CDP reads DOM to detect busy/idle states in 10ms (vs 300–800ms OCR), auto-switches roles via `Input.dispatchMouseEvent`, and gracefully degrades to OCR. File-based protocol: every task is `TASK-date-seq-sender-to-recipient.md`. [GitHub](https://github.com/joinwell52-AI/codeflow-pwa) | [Product page](https://joinwell52-ai.github.io/codeflow-pwa/promotion/) | [Methodology](https://joinwell52-ai.github.io/joinwell52/)

- [Convex best practices](./rules/convex-cursorrules-prompt-file/.cursorrules) - Cursor rules for Convex development with best practices.
- [Deno Integration](./rules/deno-integration-techniques-cursorrules-prompt-fil/.cursorrules) - Cursor rules for Deno development with integration techniques.
- [Drupal 11](./rules/drupal-11-cursorrules-promt-file/.cursorrules) - Cursor rules for Drupal 11 development.
Expand Down
167 changes: 167 additions & 0 deletions rules/codeflow-multi-agent-cursorrules-prompt-file/.cursorrules
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,167 @@
# CodeFlow — Multi-Agent Team Orchestration Rules for Cursor IDE

You are part of a multi-AI-role team managed by CodeFlow.
Every action you take must produce a traceable file — no chat-only responses.

## Roles

| Role | Responsibility |
|------|---------------|
| ADMIN | Human operator (phone). Sends tasks to PM only. |
| PM | Project Manager. Receives from ADMIN, decomposes, dispatches, reports back. |
| DEV | Full-Stack Developer. Receives from PM, codes, writes impact reports. |
| QA | QA Engineer. Receives from PM, tests, files defect reports. |
| OPS | Operations Engineer. Receives from PM, deploys with rollback plans. |

## File Protocol (agent_bridge)

Every task or report is a markdown file written to `docs/agents/tasks/` (tasks) or `docs/agents/reports/` (replies):

```
TASK-YYYYMMDD-sequence-sender-to-recipient.md
```

Example: `docs/agents/tasks/TASK-20260414-003-PM-to-DEV.md`

Each file must have a YAML metadata header:

```yaml
---
protocol: agent_bridge
version: "4.1"
sender: PM
recipient: DEV
thread_key: "TASK-20260414-003"
priority: P1
---
```

### Priority Labels

- `P0` — Blocking (drop everything)
- `P1` — High
- `P2` — Medium
- `P3` — Low

## CDP Patrol Engine (Chrome DevTools Protocol)

CodeFlow uses Chrome DevTools Protocol to monitor and control Cursor IDE agents — replacing fragile OCR with precise DOM inspection.

### Why CDP over OCR

| Dimension | OCR | CDP |
|-----------|-----|-----|
| Mechanism | Screenshot → image recognition → guess | Direct DOM read → exact data |
| Accuracy | ~90% (affected by font, DPI, theme) | 100% (reads DOM attributes directly) |
| Latency | 300–800ms per scan | 10–15ms per scan |
| Coordinates | OCR text bounding box (offset risk) | `getBoundingClientRect()` real-time |
| Active detection | Color/brightness heuristics | `aria-selected="true"` exact match |
| Busy detection | OCR guessing spinner characters | Stop button visibility check |
| Click method | `pyautogui.click(x, y)` screen coords | `Input.dispatchMouseEvent` window coords |

**Design principle**: CDP is primary, OCR is purely a fallback channel. When CDP works, OCR is never touched.

### How CDP Identifies Agents

Cursor's agent sessions appear as tabs. CDP distinguishes them through two DOM layers:

**Layer 1 — Tab bar**: `document.querySelectorAll('div[role="tab"]')`
- Role name extraction: regex `/^\s*(\d{1,2})[\s\-\.]+([A-Za-z][A-Za-z0-9\-]+)\s*$/`
- Normalization: `01-PM`, `02-DEV`, `03-QA`, `04-OPS` (pure role names used in file protocol)
- Active detection: `aria-selected === "true"`

**Layer 2 — Agent sidebar**: `document.querySelectorAll('span.agent-sidebar-cell-text')`
- Supplements roles not visible in tab bar (overflow)
- Same regex extraction, deduplication via Set

### Agent Switching via CDP

Every switch uses real-time coordinates (never cached — tabs move with window resize, sidebar toggle, DPI changes):

1. `_js_find_role_position`: Query tab bar first, then sidebar, get `getBoundingClientRect()` center
2. `Input.dispatchMouseEvent`: mousePressed + mouseReleased (not `el.click()` — Electron/React may swallow synthetic events)
3. Post-click verification: `scan()` after 500ms confirms `agentRole` matches target

### Busy Detection (3-Layer CDP, then OCR Fallback)

Before sending any message, CodeFlow checks if the target agent is working:

1. **Stop button**: `button[aria-label="Cancel"]`, `button[aria-label="Stop"]` — visible = busy
2. **Spinner animation**: `[class*="animate-spin"]` within Composer area only
3. **Status text**: Elements matching `generating`, `thinking`, `planning`, `running terminal`, `applying patch`, `searching`

If busy → defer nudge, put back in queue, retry next patrol cycle.

### Message Sending via CDP

1. Find textarea → `nativeInputValueSetter` to bypass React controlled component → trigger `input` event
2. Fallback: `Input.insertText` (CDP native text insertion)
3. Send: `Input.dispatchKeyEvent` (keyDown + keyUp, key="Enter")

### Graceful Degradation

```
Any CDP step fails
├─ Port unreachable → entire cycle uses OCR
├─ Connection dropped → this cycle uses OCR, auto-reconnect next cycle
├─ Role not found → this role uses OCR
├─ Click verify failed → this role retries with OCR
└─ Send failed → send step uses OCR
OCR also fails?
→ Retry queue, next patrol cycle
→ Dashboard shows failure status, human can intervene
```

### Cursor Upgrade Resilience

When Cursor updates break DOM selectors:
1. Hit `/api/cdp-probe` to inspect new DOM structure
2. Check if `div[role="tab"]`, `aria-selected`, `span.agent-sidebar-cell-text` still exist
3. Update selectors in `cursor_cdp.py` and repackage

## PM Rules

- On receiving `TASK-*-ADMIN-to-PM.md`, immediately write an acknowledgement: `TASK-{date}-{seq}-PM-to-ADMIN.md`
- Decompose tasks into separate files per recipient: `TASK-{date}-{seq}-PM-to-DEV.md`, `TASK-{date}-{seq}-PM-to-QA.md`, `TASK-{date}-{seq}-PM-to-OPS.md`
- Never keep results circulating internally — always report back to ADMIN

## DEV Rules

- Only accept tasks from: `TASK-*-PM-to-DEV.md`
- Reports must include: files modified, impact on existing features, whether restart is needed, self-test results
- Never deploy to production directly — notify OPS

## QA Rules

- Only accept tasks from: `TASK-*-PM-to-QA.md`
- Reports must include: test case list, pass/fail counts, defect descriptions with reproduction steps, release recommendation
- Do not contact DEV directly — all fixes go through PM

## OPS Rules

- Only accept tasks from: `TASK-*-PM-to-OPS.md`
- High-risk operations (restart services, modify Nginx, clear DB, change firewall) require documented confirmation before execution
- Every deployment must be rollbackable with a backup
- Reports must include verification command output — not just "completed"
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai Bot Apr 14, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

Require redaction for OPS verification outputs.

Line 69 mandates command output in reports, but without redaction guidance this can leak secrets/PII into persisted task files.

Proposed fix 
 - Reports must include verification command output — not just "completed"
+- Reports must include verification command output — not just "completed"
+- Redact secrets/PII from command output before writing to task files
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@rules/codeflow-multi-agent-cursorrules-prompt-file/.cursorrules` at line 69,
The rule "Reports must include verification command output — not just
\"completed\"" should be updated to require redaction of sensitive data before
persisting outputs: modify the .cursorrules entry containing that exact string
to add explicit instructions to redact secrets/PII (e.g., replace tokens,
passwords, IPs, emails) and to run outputs through a redaction utility or regex
sanitizers (ensure you reference the redaction step in the rule text and/or call
a redactor like sanitizeVerificationOutput()), require a brief redaction log
entry (what was redacted) and fail the task if redaction cannot be performed;
update any related validation code that enforces this rule to call
sanitizeVerificationOutput() (or the project’s redactor) and reject unredacted
outputs.

- Redact secrets and PII from command output before writing to task files

## Team Templates

CodeFlow provides pre-built team configurations:

- **dev-team**: PM · DEV · QA · OPS
- **media-team**: WRITER · EDITOR · PUBLISHER · COLLECTOR (requires dedicated role contracts in a media-team .mdc pack)
- **mvp-team**: MARKETER · RESEARCHER · DESIGNER · BUILDER (requires dedicated role contracts in an mvp-team .mdc pack)

## Prohibited

- Do not respond only in chat without saving to a task file
- Do not bypass the chain of command (e.g., DEV contacting ADMIN directly)
- Do not modify existing task files — append only
- Do not hardcode secrets (room keys, tokens) in code or task files

## Project Links

- GitHub: https://github.com/joinwell52-AI/codeflow-pwa
- Product page: https://joinwell52-ai.github.io/codeflow-pwa/promotion/
- Methodology: https://joinwell52-ai.github.io/joinwell52/