The full security model (path restrictions → dangerous function blocklist → size limits → PHP syntax check → approval gateway → git isolation → --no-ff merge), why agents need more guardrails than humans. TokenBudget with $0.000009/token blended rate, per-model costs. AgentLog VARCHAR PK format for human-readable debugging, status meanings, iteration history reading.
The complete end-to-end healing flow with every class and method — LukaMiddleware::profile() → LukaManager::fireEvent() → AgentEventBridge::handleEvent() → HealerOrchestrator::handleIssue() (inline pre-checks) → AgentManager::run() → AgentExecutor loop → PatchValidator::validate() → PatchApplier::apply() → AgentNotifier::notifyPatchReady() → AgentCallbackHandler → merge --no-ff.
How scheduled agent runs differ from on-demand — AgentScheduleManager evaluates cron expressions, ScheduledAgentJob runs with system-level auth (no user context), TokenBudget pre-check before execution, three execution types (direct, healer, vajbcoder), Telegram approval with HITL conversation mode. New scheduled jobs: ArchitectureIndexJob (01:00 daily, rebuilds codebase index) and NightlyReviewJob (02:00 daily, auto code review with PM subtask creation).
How the LIMAi web chat streams agent responses via Server-Sent Events — SSE endpoint setup with 5 event types (thinking, progress, message, error, done), LIMAiAgentChannel implementing AgentChannel, ConversationModel dual-storage (session + DB) with cursor-based pagination (limit+1 trick for has_more), why SSE over WebSocket, and connection drop handling.
Following a single Telegram message through the entire stack — webhook receipt → register_shutdown_function + fastcgi_finish_request for background processing → TelegramCommandProcessor → LIMAEngine → KIK routing → DelegateAgentTool → specialist runs → response chunked back to Telegram via TelegramAgentChannel (4096 char limit). Every latency point mapped.
When BORNA rule-based scoring escalates to BornAgent — score thresholds and event types that trigger AI analysis, what data the agent receives (full request log, IP history, behavioral patterns), the difference between auto-block (BORNA) and AI-analyzed response (BornAgent), and why the agent writes analysis reports instead of patches.
The complete pipeline from N+1 detection to resolved code — LUKAmonitoring severity thresholds trigger events, AgentEventBridge routes to HealerOrchestrator, LukAgent receives detection data + previous failure context, generates patch → PatchValidator 6-step → PatchApplier autofix/ branch → Telegram approval → human merges. Every step with actual class names.
The full chain from subtask completion to pipeline advancement — PMAgentBridge coordinates execution with budget enforcement, cache-based rate limiting, and post-completion PHPStan validation. PipelineManager handles loop-to cycles with conditional stages and per-stage model profiles. Parallel wave execution via curl_multi for independent subtasks. Atomic queue claims prevent duplicate execution. AutoStatusEngine auto-completes projects with retrospectives.
WebhookDispatcher delivers alerts to Slack, Discord, Teams, and generic webhooks with platform-specific JSON formatters. AgentNotifier wraps webhooks with agent context (execution ID, agent name, status) and adds Telegram inline approval buttons for patches. How approval notifications differ between Telegram (interactive buttons) and webhooks (text summaries).
AgentEventBridge listens at priority -100 — after all other listeners have processed the event and updated DB state. Supports wildcard patterns (borna.*) and exact event names. Each agent's own `shouldHandle()` (severity + trigger match) + orchestrator-level pre-checks keep frequent low-severity events from flooding the pipeline. How to add a new event trigger in 3 lines.