Metadata-Version: 2.4
Name: maestro
Version: 4.5.0
Summary: Maestro — Fleet Command System: AI-powered multi-agent Claude Code orchestration framework
License: Proprietary
Project-URL: Homepage, https://github.com/tavisbasing/Maestro
Project-URL: Repository, https://github.com/tavisbasing/Maestro
Requires-Python: >=3.9
Description-Content-Type: text/markdown
License-File: LICENSE
Requires-Dist: jinja2>=3.0
Requires-Dist: jsonschema>=4.0
Provides-Extra: dev
Requires-Dist: pytest>=8.0; extra == "dev"
Requires-Dist: pytest-cov>=5.0; extra == "dev"
Requires-Dist: pytest-mock>=3.14; extra == "dev"
Provides-Extra: azure-secrets
Requires-Dist: azure-keyvault-secrets>=4.7; extra == "azure-secrets"
Requires-Dist: azure-identity>=1.15; extra == "azure-secrets"
Provides-Extra: azure-anchor
Requires-Dist: azure-storage-blob>=12.19; extra == "azure-anchor"
Requires-Dist: azure-identity>=1.15; extra == "azure-anchor"
Provides-Extra: aws-secrets
Requires-Dist: boto3>=1.34; extra == "aws-secrets"
Provides-Extra: aws-anchor
Requires-Dist: boto3>=1.34; extra == "aws-anchor"
Dynamic: license-file

# Maestro — Multi-Agent Orchestration for Claude Code

[![CI](https://github.com/tavisbasing/Maestro/actions/workflows/ci.yml/badge.svg)](https://github.com/tavisbasing/Maestro/actions/workflows/ci.yml)

> AI-powered multi-agent orchestration for Claude Code. Coordinate up to 5 parallel AI squads across complex software projects — with role-based specialisation, dependency ordering, token tracking, backup/restore, and full audit trails.

**Site:** [maestrodevs.com](https://maestrodevs.com) · **Docs:** [docs.maestrodevs.com](https://docs.maestrodevs.com) · **Install:** `pip install maestro-fleet`

> **Formerly Admiralty.** Maestro was rebranded from the Admiralty Fleet Command System. In v4.0, the `adm`/`admiralty` CLI aliases and `ADMIRALTY_*` environment variables were permanently removed. Use `mso` and `MAESTRO_*` exclusively. The workspace directory is now `.mso/` (auto-migrated from `.adm/` on first `mso dispatch`). See [docs/MIGRATION-v4.md](docs/MIGRATION-v4.md) for the upgrade guide.

---

## What It Does

Maestro turns Claude Code into a coordinated team. You define work as **Orders** (discrete tasks), group them into **Sprints** (voyages), and the Dispatcher launches up to 5 specialised **Squads** in parallel — each running as an independent Claude Code session in its own role.

```
Human (You)  →  LEAD (Claude, interactive)  →  Dispatcher (mso dispatch)  →  5 Squads
```

In the built-in **nautical persona** (the default), this reads:

```
Captain (You)  →  Quartermaster (Claude)  →  Fleet Admiral (mso dispatch)  →  5 Crews
```

The nautical persona is purely stylistic — same mechanics, different vocabulary. See [docs/PERSONAS.md](docs/PERSONAS.md) for persona reference and switching instructions.

**Roles:**

| Code | Name | Nautical alias | Focus | Model |
|------|------|---------------|-------|-------|
| PLN | Planner | Navigator (NAV) | Planning & architecture | Sonnet 4.6 |
| BLD | Builder | Shipwright (SHP) | Development & implementation | Sonnet 4.6 |
| TST | Tester | Bosun (BOS) | QA & testing | Sonnet 4.6 |
| DOC | Docs writer | Scribe (SCR) | Documentation | Sonnet 4.6 |
| SEC | Security reviewer | Lookout (LKT) | Security & investigation | Haiku 4.5 |
| REL | Releaser | Coxswain (COX) | Integration & deployment | Opus 4.7 |

---

## Installation

1. Install Maestro from public PyPI:

   ```bash
   pip install maestro-fleet
   ```

   To pin a specific version, append e.g. `==4.5.0`. The Python import name is `maestro` regardless (so `from maestro import …` keeps working). Airgapped / restricted-egress operators: see [docs/AIR-GAPPED.md](docs/AIR-GAPPED.md) for the private-index install pattern.

2. Activate your licence (issued via Polar; see <https://maestrodevs.com/pricing>):

   ```bash
   mso licence activate <YOUR-KEY>
   ```

3. Verify the CLI is installed and the licence is active:

   ```bash
   mso version
   mso licence status
   ```

**v4.0:** Legacy CLI aliases have been removed. Use `mso` exclusively.

The wheel itself is openly distributed; the runtime licence check is the gate. Source remains private under proprietary licence; see [LICENSE](LICENSE) for the full terms. **Air-gapped / restricted-egress environments:** see [docs/AIR-GAPPED.md](docs/AIR-GAPPED.md) for the staging-machine activation pattern and the egress allowlist.

Then scaffold a workspace:

```bash
mso init --project MYPROJECT --directory my-workspace
cd my-workspace
mso dispatch --max-crews 3
```

To enable the Slack bridge for mobile control, run the setup wizard before starting the bridge:

```bash
mso bridge setup    # interactive configuration wizard (first-time setup)
mso bridge start    # start after setup is complete
```

---

## Quickstart

```bash
pip install maestro-fleet
mso quickstart
```

`mso quickstart` verifies your environment, scaffolds a demo workspace, dispatches a three-order demo sprint, and prints a summary — all in one command. Full guide: [docs/QUICKSTART.md](docs/QUICKSTART.md).

For deeper configuration, prerequisite validation, project analysis, and CI-friendly `--check` mode: `mso setup` — see [docs/SETUP.md](docs/SETUP.md).

---

## Persona Quickstart

Maestro ships with four built-in personas. Switch with:

```bash
# Use corporate persona (professional, no nautical metaphors)
mso dispatch --persona corporate

# Use startup persona (casual, fast-moving)
mso dispatch --persona startup

# Use default (minimal, no character)
mso dispatch --persona default

# The nautical persona is active by default
mso dispatch  # same as --persona nautical
```

Or set it permanently in `.mso/config/workspace.json`:

```json
{
  "persona": "corporate"
}
```

Full persona reference: [docs/PERSONAS.md](docs/PERSONAS.md).

---

## CLI Reference

```
# Dispatch & monitoring
mso dispatch      [--max-crews N] [--cleanup] [--stagger-delay S] [--timeout M] [--max-turns N] [--persona NAME]
mso status        [--once] [--compact]
mso cleanup
mso squad         --crew {1-5} [--status | --watch | --cleanup]          # alias: crew
mso verify        [--voyage VOY-ID] [--skip-tests]

# Sprints (voyages), orders & review
mso sprint        create "Title" | list | status VOY-ID | reconcile [--dry-run]   # alias: voyage
mso bug           "description" [!high]
mso review        queue | show | approve | revise --notes T | reject --notes T   <ORDER-ID>

# Roles (per-role overlays — FTR-0186)
mso roles         list | show CODE [--core|--overlay-only|--json] | validate | diff CODE | migrate-paths

# Workspace lifecycle
mso init          --project ACRONYM [--directory PATH]
mso quickstart
mso setup         [--check]
mso update        [--dry-run] [--force] [--directory PATH]
mso config        models
mso projects      list | remove

# Usage / security / identity / audit (enterprise tiers)
mso usage         [--summary | --voyage VOY-ID | --order ID | --report]
mso security      scan [--json --severity-threshold HIGH] | review [--against REF --staged]
mso identity      init | add-user | add-group | user|group|acl <add|remove|list> | show
mso audit         anchor [--auto]
mso secrets       doctor | rotate --key KEY | scrub | list
mso data-flow

# Licence / MCP / bridge / hooks / backup
mso licence       activate <KEY> | status | deactivate | revalidate     # alias: license
mso mcp           list | add | remove | validate | show
mso bridge        setup | start | stop | restart | status | test
mso hooks         install | uninstall
mso backup        [--project ACRONYM] [--list]
mso restore       BACKUP_FILE [--force] [--dry-run]
mso version
```

All commands use the `mso` prefix exclusively (the `adm` alias was removed in v4.0). Run `mso <command> --help` for the full flag set per command.

See [docs/CLI-REFERENCE.md](docs/CLI-REFERENCE.md) for full documentation.

---

## V6 Enterprise Hardening — foundation merged (v3.0.0 release-gated)

A sprint targeting **v3.0.0** has shipped its foundation: identity + ACL, immutable audit trail with external anchoring, secrets-provider abstraction (Azure Key Vault / AWS Secrets Manager / HashiCorp Vault / 1Password / OS keyring / env), data-residency egress filter (permissive / restrictive / air-gapped / proxied), GDPR-aligned identity privacy + Article 15/17/18 rights tooling, and operator role separation (Human / Fleet Operator / Contributor / Auditor). Foundation merged in [PR #24](https://github.com/tavisbasing/Maestro/pull/24).

The post-implementation pen-test found **2 CRITICAL + 2 HIGH** open findings (audit-log truncation, print/subprocess secrets exfil, raw-socket egress bypass). The REL release gate **BLOCKS v3.0.0** until those are resolved in a v3.0.x patch sprint.

See:
- [docs/ENTERPRISE-SECURITY.md](docs/ENTERPRISE-SECURITY.md) — operator + buyer guide
- [docs/COMPLIANCE-MAPPING.md](docs/COMPLIANCE-MAPPING.md) — SOC2 + ISO27001 control mapping
- [docs/TRUST.md](docs/TRUST.md) — public-facing trust posture + open findings + SLAs

## What's New

For the full per-release history (including the latest release) see **[CHANGELOG.md](CHANGELOG.md)**. Highlights since v4.0:

- **v4.3.x — dispatcher reliability:** per-crew worktree isolation (parallel squads), crash-safe finalization + watchdog, convergence gating (no silent archive on a failed merge), per-tick heartbeat, and a process-tree kill for hung crews.
- **v4.2.0 — security posture hardening** + `mso usage --voyage` fixes.
- **v4.1.0 — v4 clean-break** (legacy `admiralty`/`adm` purge completed).

### v4.0.0 — Hard-cutover rebrand

- **All legacy aliases removed.** Legacy CLI entry points are gone. Use `mso` only. `MAESTRO_*` env vars exclusively. See [docs/MIGRATION-v4.md](docs/MIGRATION-v4.md).
- **Workspace directory:** `.adm/` auto-migrates to `.mso/` on first `mso dispatch`. Use `mso migrate-workspace --resolve` for split-brain situations.
- **`mso migrate-workspace` command** added for manual migration and split-brain resolution.
- **Default GitHub org** configurable via `workspace.json` `defaultGitHubOrg` field.

## What's New in v3.0.0

**v3.0.0 — Admiralty → Maestro rebrand + persona system**

- **Rebrand to Maestro.** CLI entry point: `mso` (legacy `adm` retained through v3.x). Package: `maestro` (legacy `admiralty` retained through v3.x). Environment variables: `MAESTRO_*` (legacy `ADMIRALTY_*` dual-read through v3.x). All shims removed in v4.0.
- **Persona system.** Four built-in personas: nautical (default, the heritage theme), corporate, startup, default (minimal). Switch with `--persona` flag, `MAESTRO_PERSONA` env var, or `workspace.json`. Custom personas supported via YAML. See [docs/PERSONAS.md](docs/PERSONAS.md).
- **Role renames.** Canonical codes: PLN/BLD/TST/DOC/SEC/REL/LEAD. Legacy codes NAV/SHP/BOS/SCR/LKT/COX/QM remain as aliases and continue to work in all order JSON, role-paths config, and CLI flags.
- **Dual-read workspace.** `.mso/` preferred, `.adm/` fallback. Both are equivalent; existing `.adm/` workspaces work without migration.
- **CLAUDE.md persona injection.** The Quartermaster (nautical) / LEAD (default) framing in CLAUDE.md is now persona-driven via templates.

## What's New in v2.5.0

**v2.5.0 — Licence backend (Polar.sh) + public wheel distribution + branch discipline**

- **`mso licence` CLI** — `activate <KEY>` / `status` / `deactivate` / `revalidate`. Replaces the GitHub-collaborator auth gate. HMAC-signed local store at `~/.maestro/licence.json` (mode 0600); per-customer signing secret in OS keychain. 14-day offline grace from each successful online validation.
- **Polar.sh as the single licence integration.** Selected over Lemon Squeezy / Paddle / Keygen-self-host on take rate, OSS alignment, and AU-tax MoR coverage.
- **Public wheel distribution** at [`maestrodevs/maestrodevs.github.io`](https://github.com/maestrodevs/maestrodevs.github.io). The source repo stays private; the dist repo ships built wheels via a GitHub Pages PEP 503 simple/ index.
- **Branch discipline enforcement (BUG-0004).** `voyageBranch` is now load-bearing across three layers — dispatcher's `_verify_dispatcher_branch`, pretool `branch_guard.py`, and a "Branch discipline (mandatory)" section in every role prompt template.
- **Domain:** [maestrodevs.com](https://maestrodevs.com) (live).

## What's New in v2.2.0

**v2.2.0 — Releaser role expansion**
- **REL (Coxswain) is the terminal role** for every sprint — opens the PR, monitors `gh pr checks --watch`, fetches Copilot review comments, applies/regresses/declines each, resolves review threads via GraphQL, writes the `REL-to-LEAD.md` handoff, and notifies the Human via the bridge
- **Default REL model bumped to Opus 4.7** (`claude-opus-4-7`)
- **One sprint = one branch = one PR** — bundling forbidden by the branching policy

## What's New in v2.1.0

**v2.1.0 — Quality gates + workspace updates**
- **Quality gates** — structured `acceptanceCriteria` in orders; TST validates, REL enforces. Three validation types: `manual`, `command`, `file-exists`. Two severity levels: `blocking` and `advisory`
- **`mso update`** — new command to propagate schema and template changes from the installed pip package into an existing `.mso/` workspace without overwriting user data

## What's New in v2.0.0

**v2.0.0 — Architecture separation + `adm` CLI**
- **`adm` command** — CLI renamed from the v1.x binary to `adm` for brevity (now `mso` in v3.0.0+)
- **`.mso/` folder** — project artefacts live in `.mso/` (or `.maestro/` in v3.0.0+) in user projects
- **CLAUDE.md layering** — three-layer context system: project CLAUDE.md → `.mso/claude.md` → pip docs
- **`mso init`** scaffolds `.mso/` with pre-filled CLAUDE.md layers from templates

See [maestro/docs/VERSIONING.md](maestro/docs/VERSIONING.md) for full version history and scheme.

---

## Repo Structure

| Repository | Visibility | Purpose |
|---|---|---|
| [`tavisbasing/Maestro`](https://github.com/tavisbasing/Maestro) | private | Source — framework code + MSO project state. Single `main` branch; sprint / bug branches PR back to it. |
| [`maestrodevs/maestrodevs.github.io`](https://github.com/maestrodevs/maestrodevs.github.io) | public | Distribution — built wheels + PEP 503 simple/ index served via GitHub Pages. Auto-populated by the publish workflow on every `v*.*.*` tag-push. |

The wheel is openly downloadable; runtime use requires a valid licence key (see [docs/LICENCE.md](docs/LICENCE.md)).

In user projects, Maestro artefacts live under `.mso/` (scaffolded by `mso init`):

```
my-project/
├── .mso/             # Maestro artefacts
│   ├── claude.md     # Layer 2: Maestro orchestration context
│   ├── config/       # workspace.json, role-paths.json
│   ├── orders/       # active/, complete/, failed/
│   ├── voyages/      # active/, complete/
│   └── queues/       # orders/, bugs/, security/, ...
└── CLAUDE.md         # Layer 1: project architecture, stack, conventions
```

---

## Glossary

Maestro uses role-neutral terminology by default. The built-in nautical persona adds a layer of seafaring vocabulary. Here is the full mapping:

| Canonical term | Nautical persona | Plain description |
|----------------|-----------------|-------------------|
| **Human** | Captain | The person directing the squads |
| **LEAD** | Quartermaster | Your AI partner in the main session — plans, delegates, advises |
| **Dispatcher** | Fleet Admiral | The automation layer that launches and manages squads |
| **Squad** | Crew | An independent Claude Code session executing a single order |
| **PLN** | Navigator (NAV) | Plans, writes architecture notes, breaks requirements into orders |
| **BLD** | Shipwright (SHP) | Implements features and fixes bugs |
| **TST** | Bosun (BOS) | Tests, reviews, and validates work |
| **DOC** | Scribe (SCR) | Creates and updates documentation |
| **SEC** | Lookout (LKT) | Audits code for vulnerabilities and risks |
| **REL** | Coxswain (COX) | Handles deployment, CI/CD, and release |
| **Order** | Order | A single unit of work assigned to one squad |
| **Sprint** | Voyage | A group of related orders, tracked together |
| **Requirement** | Requirement | High-level description of what needs to happen |
| **Dispatch** | Dispatch | Starting the fleet to process queued orders |

---

## Documentation

| Document | Audience |
|----------|----------|
| [docs/QUICKSTART.md](docs/QUICKSTART.md) | New users — 5-minute guide to first dispatch |
| [docs/GETTING-STARTED.md](docs/GETTING-STARTED.md) | New users — full installation and setup walkthrough |
| [docs/PERSONAS.md](docs/PERSONAS.md) | All users — persona system reference |
| [docs/CHAIN-OF-COMMAND.md](docs/CHAIN-OF-COMMAND.md) | Technical — 3-layer chain spec with persona-aware sub-sections |
| [docs/LICENCE.md](docs/LICENCE.md) | All users — `mso licence` activate / status / deactivate / revalidate |
| [docs/AIR-GAPPED.md](docs/AIR-GAPPED.md) | Restricted-egress / offline operators |
| [docs/CLI-REFERENCE.md](docs/CLI-REFERENCE.md) | All users — complete command reference |
| [docs/OPERATOR-GUIDE.md](docs/OPERATOR-GUIDE.md) | All users — daily operations, scaling, cost management |
| [docs/ROLES-GUIDE.md](docs/ROLES-GUIDE.md) | All users — understanding squad roles |
| [docs/ORDERS-AND-VOYAGES.md](docs/ORDERS-AND-VOYAGES.md) | All users — creating and managing work |
| [docs/BRANCH-DISCIPLINE.md](docs/BRANCH-DISCIPLINE.md) | Operators — voyageBranch enforcement |
| [docs/TRUST.md](docs/TRUST.md) | Security buyers — trust posture, threat model, open findings, SLAs |
| [docs/ARCHITECTURE.md](docs/ARCHITECTURE.md) | Security / infra — diagram, data flow, egress inventory |
| [docs/OWNER-GUIDE.md](docs/OWNER-GUIDE.md) | Framework owners — development and releases |

---

## Security

For security questions, vulnerability reporting, and compliance documentation:

- [SECURITY.md](SECURITY.md) — vulnerability reporting policy + links to all security docs
- [docs/PUBLIC-SECURITY-OVERVIEW.md](docs/PUBLIC-SECURITY-OVERVIEW.md) — 1-page CISO-facing summary with data-flow diagram
- [docs/ENTERPRISE-SECURITY.md](docs/ENTERPRISE-SECURITY.md) — operator technical detail (ACL, audit, secrets, egress)
- [docs/COMPLIANCE-MAPPING.md](docs/COMPLIANCE-MAPPING.md) — SOC2 + ISO27001 control mapping

**Report vulnerabilities** to **maestro@tech127.com** — do not open public GitHub issues.

---

## Requirements

- Python 3.9+
- [Claude Code](https://claude.ai/code) CLI installed and authenticated
- Anthropic API key with access to Sonnet 4.6, Haiku 4.5, and Opus 4.7

---

## License

Proprietary — All Rights Reserved.

The Maestro framework is commercial software, owned and operated by **Tech 127 Pty Ltd** (Australia). Use is governed by the terms of the [LICENSE](LICENSE) file included in this repository. In summary:

- You may use the software for internal business purposes under the terms of a valid licence (issued at activation via Polar — see [maestrodevs.com/pricing](https://maestrodevs.com/pricing)).
- Redistribution, resale, sublicensing, and reverse engineering are strictly prohibited.
- All intellectual property rights remain with Tech 127 Pty Ltd.

The wheel published at [maestrodevs.github.io](https://github.com/maestrodevs/maestrodevs.github.io) is openly downloadable; the **runtime licence check** is the gate. Runtime use without a valid key is unauthorised and a breach of the licence.

For licensing enquiries, billing, or sales:
- Email: [maestro@tech127.com](mailto:maestro@tech127.com)
- Website: [maestrodevs.com](https://maestrodevs.com)
- Docs: [docs.maestrodevs.com](https://docs.maestrodevs.com)
