fix(teams): add agent loop protection — rate limiter + chain depth cap

packages/core/src/queues.ts

@@ -6,12 +6,17 @@
 import Database from 'better-sqlite3';
 import path from 'path';
 import { EventEmitter } from 'events';
-import { TINYCLAW_HOME } from './config';
+import { TINYCLAW_HOME, getSettings } from './config';
+import { log } from './logging';
 import { MessageJobData, ResponseJobData } from './types';
 
 const QUEUE_DB_PATH = path.join(TINYCLAW_HOME, 'tinyclaw.db');
 const MAX_RETRIES = 5;
 
+// Agent loop protection defaults — configurable via settings.json protection block
+const DEFAULT_MAX_AGENT_MESSAGES_PER_MINUTE = 10;
+const RATE_WINDOW_MS = 60_000;
+
 let db: Database.Database | null = null;
 export const queueEvents = new EventEmitter();
 
@@ -78,6 +83,28 @@ function getDb(): Database.Database {
 
 export function enqueueMessage(data: MessageJobData): number | null {
     const now = Date.now();
+
+    // Agent loop protection: rate-limit agent-to-agent messages.
+    // When fromAgent is set, this message was generated by an agent (not a human).
+    // Check how many such messages the target agent already has queued in the last
+    // minute. If over the limit, drop the message and log a warning instead of
+    // letting an agent feedback loop exhaust the API budget.
+    if (data.fromAgent) {
+        const settings = getSettings();
+        const maxPerMinute = settings.protection?.max_agent_messages_per_minute ?? DEFAULT_MAX_AGENT_MESSAGES_PER_MINUTE;
+        const targetAgent = data.agent ?? 'default';
+        const recent = getDb().prepare(
+            `SELECT COUNT(*) as cnt FROM messages
+             WHERE agent=? AND from_agent IS NOT NULL
+             AND created_at > ? AND status IN ('pending','processing')`
+        ).get(targetAgent, now - RATE_WINDOW_MS) as { cnt: number };
+
+        if (recent.cnt >= maxPerMinute) {
+            log('WARN', `[LoopGuard] Dropped agent-to-agent message: @${data.fromAgent} → @${targetAgent} (${recent.cnt} messages in last 60s, limit ${maxPerMinute}). Possible agent feedback loop.`);
+            return null;
+        }
+    }
+
     try {
         const r = getDb().prepare(
             `INSERT INTO messages (message_id,channel,sender,sender_id,message,agent,files,conversation_id,from_agent,status,created_at,updated_at)

packages/core/src/types.ts

@@ -62,6 +62,13 @@ export interface Settings {
     monitoring?: {
         heartbeat_interval?: number;
     };
+    protection?: {
+        // Max agent-to-agent messages a single agent may receive per minute before
+        // the loop guard drops further messages. Default: 10.
+        max_agent_messages_per_minute?: number;
+        // Max total agent exchanges in a single team conversation chain. Default: 10.
+        max_chain_depth?: number;
+    };
 }
 
 export interface MessageData {

packages/teams/src/conversation.ts

@@ -12,7 +12,7 @@ import { convertTagsToReadable, extractTeammateMentions, extractChatRoomMessages
 // Active conversations — tracks in-flight team message passing
 export const conversations = new Map<string, Conversation>();
 
-export const MAX_CONVERSATION_MESSAGES = 50;
+export const DEFAULT_MAX_CONVERSATION_MESSAGES = 10;
 
 // Per-conversation locks to prevent race conditions
 const conversationLocks = new Map<string, Promise<void>>();
@@ -245,7 +245,7 @@ export async function handleTeamResponse(params: {
             responses: [],
             files: new Set(),
             totalMessages: 0,
-            maxMessages: MAX_CONVERSATION_MESSAGES,
+            maxMessages: getSettings().protection?.max_chain_depth ?? DEFAULT_MAX_CONVERSATION_MESSAGES,
             teamContext,
             startTime: Date.now(),
             outgoingMentions: new Map(),