feat(agent-teams): v0.4.0 — run ID, bulk approve, dashboard grouping (#66)

* feat(agent-teams): v0.4 — run ID, bulk approve, dashboard grouping (#64)

* feat(run-id): W1 — add RunID to data model and plumbing

Add run ID support throughout the stack to enable agent team grouping.

Changes:
- hookInput: add session_id, transcript_path, cwd, permission_mode,
  hook_event_name, tool_use_id fields (full Claude Code PreToolUse schema)
- deriveRunID(): new func, priority: RAMPART_RUN > session_id > CLAUDE_CONVERSATION_ID > ""
- hookParseResult: add RunID field, populated from deriveRunID(session_id)
- engine.ToolCall: add RunID string field
- audit.Event: add run_id field (omitempty)
- hook cmd: wire RunID through call and audit event
- proxy server: accept run_id in createApprovalRequest, expose in list response
- hook_approval client: pass run_id to POST /v1/approvals
- tests: update requestApproval calls to pass empty runID string

The session_id field in Claude Code's PreToolUse JSON is shared across
all agents in the same Claude Code session, making it the ideal run ID
source for agent team grouping with zero new integration required.

Priority order for run ID:
1. RAMPART_RUN env (explicit override for scripted orchestration)
2. session_id from Claude Code hook stdin JSON
3. CLAUDE_CONVERSATION_ID env (future fallback)
4. "" (no grouping, standalone call)

* feat(bulk-approve): W2 — bulk resolve API and auto-approve cache

* ci: fix docs deploy target — push to peg/rampart-docs, not local gh-pages

The live docs at docs.rampart.sh are served from peg/rampart-docs (gh-pages branch).
The previous workflow was deploying to peg/rampart's own gh-pages branch, which
nobody visits, causing docs to appear permanently stale.

Fix: build site with mkdocs build, then rsync+push to peg/rampart-docs via a PAT.
Requires DOCS_DEPLOY_TOKEN secret (PAT with contents:write on peg/rampart-docs).

* feat(dashboard): W3 — group pending approvals by run_id

* test(proxy): Go tests for bulk-resolve and run_groups (W2/W3)

Adds 7 new tests covering the v0.4 agent teams features:

BulkResolve:
- TestBulkResolve_ApprovesAllInRun — resolves 2 approvals, returns ids
- TestBulkResolve_EmptyRunIDRejected — 400 on empty/whitespace/missing run_id
- TestBulkResolve_NoAuth — 401 without token
- TestBulkResolve_ZeroResolved_WhenNoPendingForRun — 0 resolved, ids=[] (not null)

AutoApproveCache:
- TestAutoApproveCache_SubsequentCallsSkipQueue — after bulk-approve, new
  approval from same run gets status=approved without queuing

ListApprovals run_groups:
- TestListApprovals_RunGroups — 2+ pending with same run_id form a group;
  solo item (no run_id) excluded; flat approvals still has all items
- TestListApprovals_RunGroupsSortedByEarliestCreatedAt — groups sorted by
  MIN(created_at) chronologically, not by run_id UUID

* feat(cline): wire taskId as run_id for agent team grouping

Cline's taskId is scoped to a single task/conversation, making it
equivalent to Claude Code's session_id for run grouping. Maps via
deriveRunID() so RAMPART_RUN override still takes priority.

* chore: CHANGELOG for v0.4.0 and v0.3.1

* fix(hook): handle 200 auto-approve response from serve

When bulk-resolve is called for a run, subsequent POST /v1/approvals
from that run return 200 {status: approved} instead of 201 (pending).

The hook approval client only checked for StatusCreated (201), so the
200 was treated as an error and fell back to hookAsk (native Claude
Code prompt). Auto-approve never actually worked in the real hook flow.

Fix: check for 200 + status=approved before the 201 check, return
hookAllow immediately without entering the poll loop.

* docs: overhaul 5-minute tutorial, quickstart, add agent teams page

tutorial.md:
- Lead with rampart quickstart (one command) instead of manual setup
- Add approval flow section with dashboard (require_approval → approve)
- Agent teams tip (run grouping, Approve All)
- Replace stale rampart watch ASCII UI with accurate dashboard reference
- Cut bloated MCP section to a link
- Add rampart doctor verification step
- Flow diagram kept but tightened

quickstart.md:
- Trim to essentials: one-command setup, doctor, test, approve
- Remove fake ASCII watch terminal UI
- Fix action: log → action: watch language
- Dashboard mention for approval flow

features/agent-teams.md (new):
- Run ID grouping, auto-approve cache, bulk-resolve API
- Dashboard cluster card UX
- Audit trail run_id field
- Supported agents table (Claude Code / Cline / RAMPART_RUN override)
- Wired into mkdocs.yml nav under Features

* fix(test): check http response error before using resp (go vet)

Author: peg

.github/workflows/docs.yml

@@ -10,7 +10,7 @@ on:
       - '.github/workflows/docs.yml'
 
 permissions:
-  contents: write
+  contents: read
 
 jobs:
   deploy:
@@ -24,4 +24,22 @@ jobs:
 
       - run: pip install mkdocs-material mkdocs-minify-plugin
 
-      - run: mkdocs gh-deploy --force
+      - name: Build docs
+        run: mkdocs build
+
+      # Deploy to peg/rampart-docs (the repo that serves docs.rampart.sh via GitHub Pages).
+      # Requires a PAT with contents:write on peg/rampart-docs stored as DOCS_DEPLOY_TOKEN.
+      - name: Push to peg/rampart-docs
+        env:
+          DOCS_DEPLOY_TOKEN: ${{ secrets.DOCS_DEPLOY_TOKEN }}
+        run: |
+          git config --global user.name "github-actions[bot]"
+          git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com"
+          cd /tmp
+          git clone --depth=1 https://x-access-token:${DOCS_DEPLOY_TOKEN}@github.com/peg/rampart-docs.git rampart-docs
+          rsync -a --delete --exclude='.git' "${GITHUB_WORKSPACE}/site/" rampart-docs/
+          cd rampart-docs
+          git add -A
+          git diff --cached --quiet && echo "No changes" && exit 0
+          git commit -m "docs: deploy from peg/rampart@${GITHUB_SHA::8}"
+          git push origin gh-pages

CHANGELOG.md

@@ -7,6 +7,33 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [0.4.0] — 2026-02-19
+
+### Added
+
+- **Agent team run grouping**: Every tool call is now tagged with a `run_id` derived from Claude Code's `session_id` (shared across all agents in the same session). Cline users get `taskId` as the run ID. Override with `RAMPART_RUN` env var; `CLAUDE_CONVERSATION_ID` used as fallback. Zero configuration required — existing policies and users see no change.
+- **`POST /v1/approvals/bulk-resolve`**: Resolve all pending approvals for an agent team run in one API call. Body: `{"run_id": "...", "action": "approve|deny", "resolved_by": "..."}`. Returns `{"resolved": N, "ids": [...]}`. Empty or missing `run_id` is hard-rejected with 400 to prevent accidental mass-approval.
+- **Auto-approve cache**: After bulk-approving a run, subsequent tool calls from that run bypass the approval queue automatically for the duration of the approval timeout (default 1h). Cache is TTL-based and cleaned up in the regular `Cleanup()` cycle — no goroutine leaks.
+- **Dashboard run clusters**: When 2+ pending approvals share a `run_id`, the Active tab groups them into a collapsible cluster card showing `Run: {id[:8]}… (N pending)`. Clusters have **Approve All** and **Deny All** buttons with confirmation dialogs. Solo items (no `run_id`, or unique `run_id`) render exactly as before.
+- **`GET /v1/approvals` run_groups field**: The approvals list response now includes a `run_groups` array alongside the flat `approvals` array. Each entry has `run_id`, `count`, `earliest_created_at`, and `items`. Only groups with 2+ pending items are included; groups are sorted by `MIN(created_at)` (chronological, not UUID order). Fully backwards compatible — existing consumers ignore the new field.
+- **Full PreToolUse hook schema**: `hookInput` now captures all fields Claude Code sends: `session_id`, `transcript_path`, `cwd`, `permission_mode`, `hook_event_name`, `tool_use_id`. Previously only `tool_name` and `tool_input` were parsed.
+- **`run_id` in audit events**: Audit log entries include `"run_id"` (omitempty) so team runs are traceable across the full audit trail.
+
+### Fixed
+
+- **CI docs deploy**: The Deploy Docs workflow was pushing compiled output to `peg/rampart`'s own `gh-pages` branch instead of `peg/rampart-docs`, which is the repo actually serving `docs.rampart.sh`. Fixed to clone and push to `peg/rampart-docs`. Requires `DOCS_DEPLOY_TOKEN` secret (PAT with `contents:write` on `peg/rampart-docs`).
+
+## [0.3.1] — 2026-02-18
+
+### Fixed
+
+- **Mobile hero font size**: `.hero-title` heading was 2.5rem on narrow screens (≤600px), causing word-wrap on small phones. Reduced to 1.75rem via media query.
+- **`file_path` parameter support**: Claude Code sends `file_path` (not `path`) in `Read`, `Write`, and `Edit` tool input. `Path()` method and dashboard `extractCmd` function now check `file_path` first, then fall back to `path`. Previously the file path was silently dropped from audit events and approval cards for all file operations.
+
+### Changed
+
+- **Docs subtitle**: Updated from "Open-source firewall for AI agents" to "Open-source guardrails for AI agents. A policy firewall for shell commands, file access, and MCP tools."
+
 ## [0.3.0] — 2026-02-18
 
 ### Added

cmd/rampart/cli/hook.go

@@ -21,8 +21,21 @@ import (
 )
 
 // hookInput is the JSON sent by Claude Code on stdin for PreToolUse/PostToolUse hooks.
-// PostToolUse includes tool_response (free-form object whose schema varies by tool).
+// The base object (from oZ() in Claude Code source) includes session_id, transcript_path,
+// cwd, and permission_mode. PreToolUse adds hook_event_name, tool_name, tool_input, and
+// tool_use_id. PostToolUse additionally includes tool_response.
 type hookInput struct {
+	// Base fields (present on all hook events)
+	SessionID      string `json:"session_id"`
+	TranscriptPath string `json:"transcript_path,omitempty"`
+	CWD            string `json:"cwd,omitempty"`
+	PermissionMode string `json:"permission_mode,omitempty"`
+
+	// Event-type fields
+	HookEventName string `json:"hook_event_name,omitempty"`
+	ToolUseID     string `json:"tool_use_id,omitempty"`
+
+	// Tool-specific fields
 	ToolName     string         `json:"tool_name"`
 	ToolInput    map[string]any `json:"tool_input"`
 	ToolResponse map[string]any `json:"tool_response,omitempty"`
@@ -72,6 +85,7 @@ type hookParseResult struct {
 	Params   map[string]any
 	Agent    string
 	Response string // non-empty for PostToolUse events
+	RunID    string // run ID derived from session_id (or env overrides)
 }
 
 // gitContext holds the git repository context for the current working directory.
@@ -80,6 +94,28 @@ type gitContext struct {
 	root    string // absolute git root path e.g. "/home/user/projects/myapp"
 }
 
+// deriveRunID returns the run ID for the current hook invocation, used to group
+// all tool calls from the same agent orchestration run.
+//
+// Priority order:
+//  1. RAMPART_RUN env var — explicit override, useful for scripted orchestration
+//  2. sessionID — the session_id field from Claude Code's hook stdin JSON,
+//     shared across all agents in the same Claude Code session
+//  3. CLAUDE_CONVERSATION_ID env var — fallback for future Claude Code versions
+//  4. "" — no grouping; each call is standalone
+func deriveRunID(sessionID string) string {
+	if v := strings.TrimSpace(os.Getenv("RAMPART_RUN")); v != "" {
+		return v
+	}
+	if sessionID != "" {
+		return sessionID
+	}
+	if v := strings.TrimSpace(os.Getenv("CLAUDE_CONVERSATION_ID")); v != "" {
+		return v
+	}
+	return ""
+}
+
 // deriveGitContext returns the git context for the current working directory.
 // The RAMPART_SESSION env var overrides the session name if set (root is still detected).
 // Returns an empty gitContext if not in a git repo or git is unavailable.
@@ -292,6 +328,7 @@ Cline setup: Use "rampart setup cline" to install hooks automatically.`,
 				ID:        audit.NewEventID(),
 				Agent:     parsed.Agent,
 				Session:   hookSession,
+				RunID:     parsed.RunID,
 				Tool:      parsed.Tool,
 				Params:    parsed.Params,
 				Timestamp: time.Now().UTC(),
@@ -320,6 +357,7 @@ Cline setup: Use "rampart setup cline" to install hooks automatically.`,
 				Timestamp: call.Timestamp,
 				Agent:     call.Agent,
 				Session:   call.Session,
+				RunID:     call.RunID,
 				Tool:      call.Tool,
 				Request:   parsed.Params,
 				Decision:  eventDecision,
@@ -364,7 +402,7 @@ Cline setup: Use "rampart setup cline" to install hooks automatically.`,
 					}
 					command, _ := call.Params["command"].(string)
 					path := call.Path() // handles both "file_path" (Claude Code) and "path"
-					result := approvalClient.requestApprovalCtx(cmd.Context(), call.Tool, command, call.Agent, path, decision.Message, 5*time.Minute)
+					result := approvalClient.requestApprovalCtx(cmd.Context(), call.Tool, command, call.Agent, path, call.RunID, decision.Message, 5*time.Minute)
 					return outputHookResult(cmd, format, result, false, decision.Message, cmdStr)
 				}
 				return outputHookResult(cmd, format, hookAsk, false, decision.Message, cmdStr)
@@ -403,6 +441,7 @@ func parseClaudeCodeInput(reader interface{ Read([]byte) (int, error) }, logger
 		Tool:   toolType,
 		Params: params,
 		Agent:  "claude-code",
+		RunID:  deriveRunID(input.SessionID),
 	}
 
 	// Extract response text from PostToolUse tool_response.
@@ -464,6 +503,9 @@ func parseClineInput(reader interface{ Read([]byte) (int, error) }, logger *slog
 		Tool:   toolType,
 		Params: params,
 		Agent:  "cline",
+		// Cline's taskId is scoped to a single task/conversation — equivalent
+		// to Claude Code's session_id for run grouping purposes.
+		RunID: deriveRunID(input.TaskID),
 	}
 
 	// For PostToolUse, extract output from parameters if present

cmd/rampart/cli/hook_approval.go

@@ -33,6 +33,7 @@ type createApprovalRequest struct {
 	Agent   string `json:"agent"`
 	Path    string `json:"path,omitempty"`
 	Message string `json:"message"`
+	RunID   string `json:"run_id,omitempty"`
 }
 
 // createApprovalResponse is the JSON returned from POST /v1/approvals.
@@ -52,19 +53,20 @@ type pollApprovalResponse struct {
 // Returns hookAllow if approved, hookDeny if denied/expired/error.
 // Falls back to hookAsk if the serve instance is unreachable.
 // The context allows cancellation (e.g., user Ctrl-C).
-func (c *hookApprovalClient) requestApproval(tool, command, agent, path, message string, timeout time.Duration) hookDecisionType {
-	return c.requestApprovalCtx(context.Background(), tool, command, agent, path, message, timeout)
+func (c *hookApprovalClient) requestApproval(tool, command, agent, path, runID, message string, timeout time.Duration) hookDecisionType {
+	return c.requestApprovalCtx(context.Background(), tool, command, agent, path, runID, message, timeout)
 }
 
 // requestApprovalCtx is like requestApproval but accepts a context for cancellation.
-func (c *hookApprovalClient) requestApprovalCtx(ctx context.Context, tool, command, agent, path, message string, timeout time.Duration) hookDecisionType {
+func (c *hookApprovalClient) requestApprovalCtx(ctx context.Context, tool, command, agent, path, runID, message string, timeout time.Duration) hookDecisionType {
 	// Create the approval
 	body := createApprovalRequest{
 		Tool:    tool,
 		Command: command,
 		Agent:   agent,
 		Path:    path,
 		Message: message,
+		RunID:   runID,
 	}
 
 	data, err := json.Marshal(body)
@@ -94,6 +96,19 @@ func (c *hookApprovalClient) requestApprovalCtx(ctx context.Context, tool, comma
 	}
 	defer resp.Body.Close()
 
+	// 200 means the run was already bulk-approved — no queuing needed.
+	if resp.StatusCode == http.StatusOK {
+		var autoResp struct {
+			Status string `json:"status"`
+		}
+		if err := json.NewDecoder(resp.Body).Decode(&autoResp); err == nil && autoResp.Status == "approved" {
+			c.logger.Debug("hook: run auto-approved by bulk-resolve, skipping queue")
+			return hookAllow
+		}
+		c.logger.Error("hook: unexpected 200 from approval create", "url", c.serveURL)
+		return hookAsk
+	}
+
 	if resp.StatusCode != http.StatusCreated {
 		respBody, _ := io.ReadAll(resp.Body)
 		c.logger.Error("hook: create approval failed", "status", resp.StatusCode, "body", string(respBody))

cmd/rampart/cli/hook_approval_test.go

@@ -46,7 +46,7 @@ func TestHookApprovalClient_Approved(t *testing.T) {
 		logger:   testLogger(),
 	}
 
-	result := client.requestApproval("exec", "kubectl delete pod foo", "claude-code", "/tmp", "needs approval", 10*time.Second)
+	result := client.requestApproval("exec", "kubectl delete pod foo", "claude-code", "/tmp", "", "needs approval", 10*time.Second)
 	if result != hookAllow {
 		t.Fatalf("expected hookAllow, got %d", result)
 	}
@@ -77,7 +77,7 @@ func TestHookApprovalClient_Denied(t *testing.T) {
 		logger:   testLogger(),
 	}
 
-	result := client.requestApproval("exec", "rm -rf /tmp/stuff", "claude-code", "/tmp", "dangerous", 10*time.Second)
+	result := client.requestApproval("exec", "rm -rf /tmp/stuff", "claude-code", "/tmp", "", "dangerous", 10*time.Second)
 	if result != hookDeny {
 		t.Fatalf("expected hookDeny, got %d", result)
 	}
@@ -90,7 +90,7 @@ func TestHookApprovalClient_Unreachable(t *testing.T) {
 		logger:   testLogger(),
 	}
 
-	result := client.requestApproval("exec", "echo hi", "claude-code", "/tmp", "test", 2*time.Second)
+	result := client.requestApproval("exec", "echo hi", "claude-code", "/tmp", "", "test", 2*time.Second)
 	if result != hookAsk {
 		t.Fatalf("expected hookAsk (fallback), got %d", result)
 	}
@@ -107,7 +107,7 @@ func TestHookApprovalClient_FallbackOnUnreachablePort1(t *testing.T) {
 		logger:   logger,
 	}
 
-	result := client.requestApproval("exec", "echo hi", "claude-code", "/tmp", "test", 5*time.Second)
+	result := client.requestApproval("exec", "echo hi", "claude-code", "/tmp", "", "test", 5*time.Second)
 	if result != hookAsk {
 		t.Fatalf("expected hookAsk (native prompt fallback), got %d", result)
 	}
@@ -146,7 +146,7 @@ func TestHookApprovalClient_AutoDiscoverApproved(t *testing.T) {
 		autoDiscovered: true,
 	}
 
-	result := client.requestApproval("exec", "kubectl apply -f deploy.yaml", "claude-code", "/tmp", "needs approval", 10*time.Second)
+	result := client.requestApproval("exec", "kubectl apply -f deploy.yaml", "claude-code", "/tmp", "", "needs approval", 10*time.Second)
 	if result != hookAllow {
 		t.Fatalf("expected hookAllow, got %d", result)
 	}
@@ -165,7 +165,7 @@ func TestHookApprovalClient_AutoDiscoverUnreachableSilent(t *testing.T) {
 		autoDiscovered: true,
 	}
 
-	result := client.requestApproval("exec", "echo hi", "claude-code", "/tmp", "test", 5*time.Second)
+	result := client.requestApproval("exec", "echo hi", "claude-code", "/tmp", "", "test", 5*time.Second)
 	if result != hookAsk {
 		t.Fatalf("expected hookAsk (silent fallback), got %d", result)
 	}
@@ -193,7 +193,7 @@ func TestHookApprovalClient_ExplicitUnreachableShowsWarning(t *testing.T) {
 		autoDiscovered: false,
 	}
 
-	result := client.requestApproval("exec", "echo hi", "claude-code", "/tmp", "test", 5*time.Second)
+	result := client.requestApproval("exec", "echo hi", "claude-code", "/tmp", "", "test", 5*time.Second)
 	if result != hookAsk {
 		t.Fatalf("expected hookAsk, got %d", result)
 	}
@@ -231,7 +231,7 @@ func TestHookApprovalClient_Timeout(t *testing.T) {
 	}
 
 	start := time.Now()
-	result := client.requestApproval("exec", "echo hi", "claude-code", "/tmp", "test", 2*time.Second)
+	result := client.requestApproval("exec", "echo hi", "claude-code", "/tmp", "", "test", 2*time.Second)
 	elapsed := time.Since(start)
 
 	if result != hookDeny {