Conversation
- Extracted M42 Identity System spec (~600 lines) to docs/features/identity-system.md - Extracted M40 Agent Skills summary to docs/features/agent-skills.md - Moved M40 from Planned to Completed (all P1-P4 done) - Removed M44 pump.fun content (belongs in pump.funner repo) - Removed orphaned research docs (pumpfun, kalshibot) for other projects - Added Scope Boundary rule to CLAUDE.md preventing cross-repo doc pollution - Updated Next Actions to reflect current priorities - Created v0.15.x changelog
…utput Replace raw JSON.parse with readJSONFile in apps/socialAccounts/scriptRunner to prevent server crashes on corrupted data files. Add optional chaining on app lookups and .catch on fire-and-forget clone promise. Redact env var secrets (keys, tokens, passwords) from scriptRunner lastOutput before persisting to disk.
The release.yml sed commands substituted version placeholders but never replaced the YYYY-MM-DD date placeholder, causing all releases since v0.11.17 to show "Released: YYYY-MM-DD". Fixed both the release body generation and the changelog archival step. Backfilled dates in archived changelog files.
…dead code Fix 10 bugs including index OOB in Windows process parsing, non-unique React keys, missing null guards, unsafe JSON.parse, dependency version mismatches, and hardcoded localhost in vite proxy. Extract loadApp middleware (11x DRY), spawnPm2Cli helper (3x DRY), useAutoRefetch hook (4x DRY), pickScheduleSettings (2x DRY), and reuse existing extractJSONArray/safeJSONParse utilities. Delete 3 dead .old.js files, unused command functions, and forbidden pm2:kill script. Net -516 lines.
There was a problem hiding this comment.
Pull request overview
This PR rolls the codebase to v0.15.4 with a batch of bug fixes and DRY refactors across server services, client dashboard widgets, release automation, and documentation—focused on safer JSON handling, reduced duplication, and cleaned-up project docs.
Changes:
- Hardened JSON/file handling and PM2 interactions (safe JSON parsing, shared PM2 CLI helper, output redaction).
- DRY refactors in API routes and client widgets (
loadAppmiddleware,useAutoRefetchhook,pickScheduleSettingshelper). - Documentation/plan reorg and CI release workflow improvements (date placeholder substitution, scope boundary rule, cleanup of orphaned docs).
Reviewed changes
Copilot reviewed 36 out of 38 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| server/services/socialAccounts.js | Use readJSONFile for safer persistence loading. |
| server/services/scriptRunner.js | Use readJSONFile for scripts state; add output redaction. |
| server/services/pm2.js | DRY PM2 CLI spawning; safer parsing of pm2 jlist output. |
| server/services/commands.js | Remove unused allowlist mutation helpers. |
| server/services/apps.js | Use readJSONFile and add null-safe app lookup. |
| server/services/agents.js | Fix Windows process parsing OOB guard. |
| server/routes/runs.old.js (deleted) | Remove dead legacy route file. |
| server/routes/providers.old.js (deleted) | Remove dead legacy route file. |
| server/routes/prompts.old.js (deleted) | Remove dead legacy route file. |
| server/routes/cos.js | DRY schedule updates; improve logging on actionable-insights failures. |
| server/routes/brain.js | Prevent unhandled rejection in fire-and-forget clone flow. |
| server/routes/apps.js | Add loadApp middleware and ?? fallback fix; reduce repeated 404 checks. |
| server/routes/agentTools.js | Optional chaining + nullish coalescing for comments response handling. |
| server/package.json | Bump server version to 0.15.4. |
| package.json | Bump root version; align express/pm2/toolkit deps; remove forbidden pm2:kill script. |
| package-lock.json | Lockfile updates reflecting dependency/version alignment. |
| docs/research/pumpfun-data-sources.md (deleted) | Remove out-of-scope research doc. |
| docs/research/kalshibot-health-check-2026-02-17.md (deleted) | Remove out-of-scope research doc. |
| docs/features/identity-system.md | Extract M42 spec into feature docs. |
| docs/features/agent-skills.md | Extract M40 summary into feature docs. |
| client/vite.config.js | Make API proxy target configurable via env host. |
| client/src/utils/formatters.js | Guard against null/invalid timestamps in formatTime(). |
| client/src/hooks/useAutoRefetch.js | New shared polling hook for widgets. |
| client/src/components/UpcomingTasksWidget.jsx | Use useAutoRefetch; fix non-unique list keys. |
| client/src/components/GoalProgressWidget.jsx | Use useAutoRefetch to DRY polling behavior. |
| client/src/components/DecisionLogWidget.jsx | Use useAutoRefetch to DRY polling behavior. |
| client/src/components/CosDashboardWidget.jsx | Use useAutoRefetch to DRY multi-fetch polling behavior. |
| client/package.json | Bump client version to 0.15.4. |
| PLAN.md | Major cleanup; move specs to docs; update links/next actions. |
| CLAUDE.md | Add “Scope Boundary” rule for agent-generated docs/research. |
| .gitignore | Remove redundant .pm2 ignore entry (keep .pm2/). |
| .github/workflows/release.yml | Substitute YYYY-MM-DD placeholders during releases. |
| .changelog/v0.9.19.md | Backfill release date placeholder. |
| .changelog/v0.15.x.md | Add v0.15.x changelog template. |
| .changelog/v0.14.21.md | Fix title/date placeholders. |
| .changelog/v0.13.20.md | Backfill release date placeholder. |
| .changelog/v0.12.48.md | Backfill release date placeholder. |
| .changelog/v0.11.17.md | Backfill release date placeholder. |
Comments suppressed due to low confidence (1)
server/services/pm2.js:183
getAppStatus()no longer distinguishes between “PM2 output couldn’t be parsed” vs “process not found”: if JSON parsing fails,safeJSONParse(..., [])returns[]and the function reportsstatus: 'not_found'. This hides real PM2/CLI errors. Consider capturingstderr/exit code and returningstatus: 'error'whenpm2 jlistfails or when stdout doesn’t contain a valid JSON array.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 36 out of 38 changed files in this pull request and generated 5 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
…e case, redact output consistently, tighten sensitive pattern
The job infrastructure was fully built (Feb 12) but never enabled. Toggles enabled:true so the weekly job runs automatically when autonomous jobs are active, auditing all tracked repos for security alerts, stale dependencies, missing CI/README/license, and local git health. Updates getDueJobs tests to be resilient to default-enabled jobs being merged into mock data.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 38 out of 40 changed files in this pull request and generated 2 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 38 out of 40 changed files in this pull request and generated 3 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 38 out of 40 changed files in this pull request and generated 1 comment.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 38 out of 40 changed files in this pull request and generated 1 comment.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 38 out of 40 changed files in this pull request and generated 1 comment.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
…run on first schedule check
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 38 out of 40 changed files in this pull request and generated 2 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Summary
loadAppmiddleware (11x),spawnPm2Clihelper (3x),useAutoRefetchhook (4x), reuse of existingsafeJSONParse/extractJSONArray.old.jsfiles, unused command functions, forbiddenpm2:killscriptNet result: -1,397 lines across 38 files. All 860 tests pass, client builds clean.
Highlights
Bugs Fixed
agents.js)UpcomingTasksWidgetcommentsResponse(agentTools.js)||instead of??for PM2 fallback (apps.js)JSON.parseinpm2.js— now usessafeJSONParsecos.jsactionable insightsformatTime()localhostin vite proxy — now configurable viaVITE_API_HOSTDRY Refactors
loadAppmiddleware eliminates 11 repeated app-not-found checks inapps.jsspawnPm2Clihelper consolidates 3 identical PM2 CLI spawn blocksuseAutoRefetchhook replaces 4 identical fetch+interval patterns in dashboard widgetspickScheduleSettingshelper removes duplicated field extraction incos.jsextractJSONArray/safeJSONParsefromfileUtils.jsTest plan
loadAppmiddlewarespawnPm2ClihelperuseAutoRefetchhook