refactor: kb improvements

[pedronauck]

Summary by CodeRabbit

• New Features

  • CLI: full marketplace skills management (search, install, update, remove, view, create)
  • SSE: shared Server-Sent-Events decoding and improved session event streaming

• Refactoring

  • Modularized session start/resume and daemon boot flow; revamped hook surface into granular hook sets
  • Reorganized HTTP API handlers, routes, and middleware

• Removals

  • Removed several UI component exports (calendar, carousel, chart, drawer, and others)

• Tests

  • Added extensive unit/integration tests for hooks, SSE, skills, and HTTP routing

[coderabbitai]

Important

Review skipped

Review was skipped due to path filters

⛔ Files ignored due to path filters (15)

• .compozy/tasks/ext-architecture/_examples.md is excluded by !**/*.md
• .compozy/tasks/ext-architecture/_protocol.md is excluded by !**/*.md
• .compozy/tasks/ext-architecture/_tasks.md is excluded by !**/*.md
• .compozy/tasks/ext-architecture/_techspec.md is excluded by !**/*.md
• .compozy/tasks/ext-architecture/task_01.md is excluded by !**/*.md
• .compozy/tasks/ext-architecture/task_02.md is excluded by !**/*.md
• .compozy/tasks/ext-architecture/task_03.md is excluded by !**/*.md
• .compozy/tasks/ext-architecture/task_04.md is excluded by !**/*.md
• .compozy/tasks/ext-architecture/task_05.md is excluded by !**/*.md
• .compozy/tasks/ext-architecture/task_06.md is excluded by !**/*.md
• .compozy/tasks/ext-architecture/task_07.md is excluded by !**/*.md
• .compozy/tasks/ext-architecture/task_08.md is excluded by !**/*.md
• .compozy/tasks/ext-architecture/task_09.md is excluded by !**/*.md
• .compozy/tasks/ext-architecture/task_10.md is excluded by !**/*.md
• .compozy/tasks/ext-architecture/task_11.md is excluded by !**/*.md

CodeRabbit blocks several paths by default. You can override this behavior by explicitly including those paths in the path filters. For example, including **/dist/** will override the default block on the dist directory, by removing the pattern from both the lists.

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 918c34ad-3e9c-4d35-8bda-43911acc5e2a

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

Walkthrough

Refactors and feature additions across multiple subsystems: ACP client start flow decomposed into helpers; hook dispatch split into domain-specific interfaces (HookSet); SSE decoding extracted; session start/resume orchestrated via new start spec; skills CLI and registry rebuilt with workspace caching; numerous HTTP API, daemon boot, memory, and web UI removals/additions.

Changes

Cohort / File(s)	Summary
ACP client & inbound handlers internal/acp/client.go, internal/acp/handlers.go	Decomposed Driver.Start into spawnProcess, initializeConnection, negotiateSession, loadSession, createSession; centralized cleanup in Start. Replaced large switch in handleInbound with handler map and generic request helpers.
Hooks & dispatch internal/session/hooks.go, internal/session/interfaces.go, internal/hooks/...	Replaced single HookDispatcher with granular interfaces and HookSet; moved matcher and async dispatch logic into new matcher/async files; updated manager/daemon callsites to use typed accessors.
Session manager start lifecycle internal/session/manager_lifecycle.go, internal/session/manager_start.go, internal/session/manager_*	Extracted shared start/resume orchestration (sessionStartSpec, prepareCreateStart, prepareResumeStart, startSession); removed inlined start logic from create/resume entrypoints.
API streaming, handlers & middleware internal/api/core/session_stream.go, internal/api/core/handlers.go, internal/api/httpapi/{handlers,middleware,routes,server}.go	Added SSE polling/streaming helpers and refactored StreamSession to delegate; introduced HTTP API handler wiring, CORS/logging/error middleware, and centralized route registration (handlers moved out of server.go).
Skills CLI & marketplace internal/cli/skill.go (deleted), internal/cli/skill_commands.go, internal/cli/skill_marketplace.go, internal/cli/skill_output.go, internal/cli/skill_workspace.go	Removed monolithic skill.go; added new CLI command tree and marketplace install/update/remove logic, output bundles, and workspace/registry resolution utilities.
Skills registry & snapshot/cache internal/skills/registry.go, internal/skills/registry_snapshot.go, internal/skills/registry_workspace_cache.go	Moved workspace cache plumbing, snapshot recording, cloning, and bundled-skill parsing into new snapshot and workspace-cache files; cleaned up registry.go.
Daemon boot & wiring internal/daemon/boot.go, internal/daemon/daemon.go, internal/daemon/hooks_bridge.go	Refactored daemon boot into staged methods with bootState/bootCleanup; switched daemon hook wiring to HookSet; updated hook-bridge compile-time assertions.
SSE utility & CLI client internal/sse/decode.go, internal/cli/client.go	Added shared sse.Decode API and types; replaced in-file SSE parsing in CLI to use shared package and sentinel ErrStop.
Config/workspace/memory/transcript API surface changes internal/config/*, internal/workspace/*, internal/memory/*, internal/transcript/*, internal/workref/ref.go	Renamed several exported helpers to unexported variants (config, workspace, memory, transcript); added workref package (PathRef/RootRef) and updated payload conversions to use it.
HTTP UDS server & tests internal/api/udsapi/server.go, internal/api/udsapi/server_test.go	Relaxed constructor validation around skillsRegistry; adjusted tests to expect error behavior.
Hooks tests & telemetry internal/hooks/*_test.go	Added tests for async hook cancellation and dropped-submission telemetry; made telemetry test helper concurrency-safe.
Registry tests & skills tests internal/skills/registry_test.go, internal/cli/skill_test.go	Added tests for workspace cache key behavior, marketplace archive close errors, package rename handling, and version semantics; adjusted helpers.
Memory & consolidation internal/memory/consolidation/runtime.go, internal/memory/dream.go, internal/memory/*_test.go	Removed session spawner option plumbing; renamed some option constructors to unexported forms and updated tests.
Web UI removals web/src/components/ui/* (multiple files removed)	Removed 16 UI component modules (alert-dialog, calendar, carousel, chart, context-menu, drawer, hover-card, input-otp, menubar, navigation-menu, pagination, radio-group, resizable, slider, aspect-ratio, checkbox).

Sequence Diagram(s)

sequenceDiagram
    participant Driver
    participant Process as Subprocess
    participant Conn as ACP Connection
    participant Server

    Driver->>Driver: spawnProcess() - parse cmd, start subprocess, build AgentProcess
    Driver->>Conn: initializeConnection(process.conn) - send Initialize request
    Conn-->>Driver: initialize response (caps)
    Driver->>Driver: negotiateSession() - if ResumeSessionID -> loadSession() else createSession()
    Driver->>Server: create/load session requests (MCP/ACP)
    Server-->>Driver: session created/resumed response
    Driver->>Process: on failure -> cleanupFailedStart(process, err)

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~75 minutes

Possibly related issues

• compozy/agh#3 — RFC-aligned: changes implement hook domains, skills lifecycle and registry snapshotting consistent with the RFC's daemon-managed skills and MCP provisioning.

Possibly related PRs

• feat: exec command compozy#60 — Both modify ACP client start/resume logic and session negotiation surfaces.
• refactor: project structure #7 — Overlaps on internal/acp/handlers.go refactors to inbound method dispatch.
• feat: improve hooks system #10 — Overlaps on hooks subsystem refactor (granular interfaces, dispatch changes).

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch pn/kb-refac

[coderabbitai]

Actionable comments posted: 16

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (3)

internal/memory/consolidation/runtime.go (1)

245-257: ⚠️ Potential issue | 🟠 Major

Reintroduce a configurable dream-session stop timeout.

This now forces every spawned dream session through the fixed 10s timeout, which removes the only escape hatch for slower agents/workspaces and can leave sessions running when sessions.Stop() needs longer. Please thread the timeout back through config or a functional option instead of baking it into the spawner. As per coding guidelines, "Never hardcode configuration — use TOML config or functional options".

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@internal/memory/consolidation/runtime.go` around lines 245 - 257, The closure
currently hardcodes defaultSessionStopTimeout when calling spawnSession, causing
timeouts to be fixed; make the stop timeout configurable by threading a timeout
value from the surrounding configuration or functional option into the closure
and passing that value to spawnSession instead of defaultSessionStopTimeout
(e.g., add/use cfg.Memory.Dream.SessionStopTimeout or accept a functional option
like dreamSessionTimeout and reference it in the returned func); update the call
site where this closure is created to supply the configured timeout and ensure
spawnSession's signature is unchanged or adjusted accordingly so sessions.Stop()
can use the configured duration.

internal/daemon/daemon_test.go (1)

1416-1432: ⚠️ Potential issue | 🟡 Minor

Replace the sleep-based negative assertion with explicit synchronization.

This check depends on a fixed 20ms pause to prove that a dream-session stop did not enqueue another run, which is scheduler-dependent and prone to CI flakes. Please expose a deterministic signal/counter from the notifier or fake dream service and wait on that instead. As per coding guidelines, "Never use time.Sleep() in orchestration — use proper synchronization primitives".

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@internal/daemon/daemon_test.go` around lines 1416 - 1432, The test currently
uses time.Sleep(20 * time.Millisecond) to assert no extra dream runs after
calling dispatcher.Session.DispatchSessionPostStop; replace this flaky sleep
with explicit synchronization by exposing and waiting on a deterministic
signal/counter from the notifier/fake dream service (e.g., add or use a channel,
condition variable, or WaitGroup in the fake notifier and/or the fake dream
service) so the test waits until the notifier has processed the post-stop event
and then assert dream.runCount() == 1; update the test to call
dispatcher.Session.DispatchSessionPostStop(...), wait on the exposed
synchronization primitive from the fake notifier or dream (instead of sleeping),
and then check dream.runCount() to ensure no extra enqueues.

internal/config/config.go (1)

157-167: ⚠️ Potential issue | 🟡 Minor

Wrap the ResolveHomePaths() error in defaultConfig() to add context.

The helpers withoutDotEnv() and withoutValidation() are now private, but no external code depends on the previously exported versions—the codebase uses the functional option pattern directly. However, at line 248, defaultConfig() returns the raw error from ResolveHomePaths() without wrapping, which violates the coding guideline requiring wrapped errors with context.

♻️ Add error context

 func defaultConfig() (Config, error) {
 	homePaths, err := ResolveHomePaths()
 	if err != nil {
-		return Config{}, err
+		return Config{}, fmt.Errorf("resolve home paths for default config: %w", err)
 	}

 	return DefaultWithHome(homePaths), nil
 }

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@internal/config/config.go` around lines 157 - 167, The call to
ResolveHomePaths() inside defaultConfig() returns an unwrapped error; update
defaultConfig() to wrap that error with context using fmt.Errorf("<context>:
%w", err) (or an equivalent error-wrapping helper) so callers get meaningful
context; locate the ResolveHomePaths() invocation in defaultConfig() and replace
the bare return of its error with a wrapped error message referencing
ResolveHomePaths.

🧹 Nitpick comments (2)

internal/acp/handlers.go (1)

105-143: Consider hoisting the handler map to a struct field for reduced allocations.

The handlers map is recreated on every handleInbound call. While the map size is small (9 entries), moving it to a field initialized once during AgentProcess construction would eliminate per-call allocations in a potentially hot path.

♻️ Suggested approach

Initialize the handler map once in the AgentProcess constructor or via a sync.Once, then reference it in handleInbound. This would change the pattern from:

func (p *AgentProcess) handleInbound(...) {
    handlers := map[string]func(...){...} // allocated per call
    ...
}

to:

type AgentProcess struct {
    // ...
    inboundHandlers map[string]func(context.Context, json.RawMessage) (any, *acpsdk.RequestError)
}

func (p *AgentProcess) handleInbound(...) {
    handler, ok := p.inboundHandlers[method]
    ...
}

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@internal/acp/handlers.go` around lines 105 - 143, The handlers map inside
AgentProcess.handleInbound is allocated on every call; hoist it as a field
(e.g., AgentProcess.inboundHandlers) initialized once in the AgentProcess
constructor or via sync.Once to avoid per-call allocations. Populate the map
with the same keys/func values (e.g., acpsdk.ClientMethodFsReadTextFile ->
p.handleReadTextFile, ClientMethodTerminalCreate -> p.handleCreateTerminal,
etc.) and update handleInbound to look up handler := p.inboundHandlers[method]
and call it (preserving the same function signature and error wrapping) instead
of building the map each invocation.

internal/session/hooks.go (1)

65-105: Consider adding compile-time interface verification.

The accessor methods correctly return no-op implementations when fields are nil. Per coding guidelines, consider adding compile-time interface verification for the no-op types to catch signature mismatches early.

🔧 Compile-time verification

Add at the end of the file:

// Compile-time interface verification
var (
	_ SessionLifecycleHooks = noopSessionLifecycleHooks{}
	_ PromptHooks           = noopPromptHooks{}
	_ EventHooks            = noopEventHooks{}
	_ AgentHooks            = noopAgentHooks{}
	_ ConversationHooks     = noopConversationHooks{}
	_ CompactionHooks       = noopCompactionHooks{}
)

As per coding guidelines: "Use compile-time interface verification: var _ Interface = (*Type)(nil)".

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@internal/session/hooks.go` around lines 65 - 105, Add compile-time interface
verification for the noop types at the end of internal/session/hooks.go so any
signature mismatch is caught at build time; specifically, add var declarations
asserting each interface equals the corresponding noop type using the
recommended pointer-nil form (e.g. _ SessionLifecycleHooks =
(*noopSessionLifecycleHooks)(nil)) for the pairs
SessionLifecycleHooks/noopSessionLifecycleHooks, PromptHooks/noopPromptHooks,
EventHooks/noopEventHooks, AgentHooks/noopAgentHooks,
ConversationHooks/noopConversationHooks, and
CompactionHooks/noopCompactionHooks.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@internal/api/core/session_stream.go`:
- Around line 100-127: The three occurrences where the WriteSSE or
writeSessionStoppedEvent return values are discarded (the calls to WriteSSE
after pollErr and statusErr, and the `_ = h.writeSessionStoppedEvent(writer,
latest)` call) must include a brief comment justifying the ignored error per
guidelines; update each site (the WriteSSE calls handling pollErr and statusErr,
and the writeSessionStoppedEvent call) with a one-line comment explaining this
is intentional/unrecoverable (e.g., client disconnect or SSE stream closed) so
the error cannot be handled or retried.

In `@internal/api/httpapi/middleware.go`:
- Around line 61-83: The function resolveAllowedOrigin currently compares only
hostnames; change it to compare full origin tuples (scheme, hostname, port)
instead. Parse requestHost and boundHost into URLs (like you do for origin),
normalize scheme and port (use default ports for http/https when port is empty),
build a canonical origin string (scheme://hostname:port) for origin, request and
bound, and then compare those full canonical origins in the switch cases instead
of originHost/requestHostname/boundHostname; keep special-case loopback handling
but apply it to the full origin (or allow any loopback port if intended), and
preserve wildcard logic by matching bound origin appropriately (e.g., allow
wildcard host only when bound indicates it). Update helper calls (canonicalHost,
hostOnly, isLoopbackHost, isWildcardHost) or add small helpers to normalize and
compare full origins used by resolveAllowedOrigin.

In `@internal/api/httpapi/routes.go`:
- Around line 6-21: The RegisterRoutes function calls multiple route
registration helpers (registerWorkspaceRoutes, registerSessionRoutes,
registerAgentRoutes, registerObserveRoutes, registerHookRoutes,
registerSkillRoutes, registerMemoryRoutes, registerDaemonRoutes) using the
handlers pointer without guarding for nil, which can cause panics when handlers
is nil; update RegisterRoutes to check that handlers != nil before invoking
those register* functions (either return early or skip registration when
handlers is nil) so calls like handlers.CreateWorkspace won't be dereferenced,
while preserving the existing NoRoute handler setup that already checks for nil.

In `@internal/cli/skill_commands.go`:
- Line 54: The --source flag help currently lists only
bundled/user/additional/workspace but normalizeSkillSourceFilter also accepts
marketplace and the agents aliases; update the flag registration (where
cmd.Flags().StringVar(&sourceFilter, "source", ... ) is called) to include all
supported values (e.g., bundled, user, additional, workspace, marketplace,
agents) in the help string so the CLI help matches the
normalizeSkillSourceFilter parser and its accepted aliases.

In `@internal/cli/skill_marketplace.go`:
- Around line 128-145: installMarketplaceSkill (and updateMarketplaceSkill)
compute targetDir from parsedSkill.Meta.Name which allows a package rename to
create a new directory instead of replacing the existing install; change the
logic to prefer the existing installation directory when updating: in
updateMarketplaceSkill, when an installed record (installed.Dir or
installed.Path) exists, reuse that path as targetDir (or fail if the new package
explicitly intends a rename), and only fall back to deriving a path from
parsedSkill.Meta.Name when there is no existing install; update the call sites
around moveInstalledSkillDir(parsedSkill.Dir, targetDir, replaceExisting)
accordingly so replacements operate on the stable installed.Dir rather than the
archive name.
- Around line 84-94: The defer and error-path currently discard cleanup errors
for archive.Data.Close(), gzipReader.Close(), and file.Close(); change each
ignore (“_ = ...Close()”) to capture the error and handle it (e.g., if closeErr
:= archive.Data.Close(); closeErr != nil { return or wrap/log the error } or log
it with context) so cleanup failures are not silently dropped; update the defer
for tempRoot removal similarly if needed, and ensure the error-path after
creating/writing the file returns or logs the file.Close() error instead of
discarding it, referencing archive.Data.Close, gzipReader.Close, and file.Close
in skill_marketplace.go.
- Around line 544-570: The fallback string comparison in versionIsNewer is
incorrect for pre-release semantics; update versionIsNewer (and helper
parseVersionParts/normalizeVersion if needed) to detect and handle pre-release
suffixes instead of blindly comparing normalized strings: after comparing
numeric parts, if one version has a pre-release tag and the other does not,
treat the one without the tag as newer; if both have pre-release tags, compare
those tags using semver rules (split on dots/hyphens and compare identifiers
numerically when numeric, lexically otherwise). Ensure
versionPartAt/parseVersionParts expose or return the pre-release portion so
versionIsNewer can apply this logic rather than using normalizedLatest >
normalizedCurrent.

In `@internal/cli/skill_workspace.go`:
- Around line 421-438: The skill body (variable content) is embedded verbatim
into XML causing unescaped characters like '<' or '&' to break consumers; update
the XML assembly to escape the skill body before writing it (use the existing
skillXMLTextReplacer or an equivalent XML-escaping function) where content is
appended to the strings.Builder (the same way resources use
skillXMLTextReplacer.Replace(resource)), ensuring you replace/escape content
prior to checking/adding trailing newlines and before
builder.WriteString(content) so the produced XML is always well-formed.
- Around line 22-63: The function returns raw errors from each initialization
step; wrap each returned error with context using fmt.Errorf("...: %w", err) so
callers know which phase failed — specifically wrap errors from
loadRuntimeContext, resolveCLIWorkspaceRoot,
aghconfig.ResolveUserAgentsSkillsDir, registry.LoadAll, resolveSkillWorkspace,
and registry.ForWorkspace (update the error returns in loadSkillCommandContext
to include phase-specific messages referencing those functions/steps).

In `@internal/hooks/dispatch_async.go`:
- Around line 24-26: The async hook's baseCtx is currently rooted in poolCtx so
it ignores parent cancellation; change the base context to be derived from the
parent's context (e.g., use parent.Context() or the parent context variable)
when building baseCtx before calling h.enterDispatch(asyncHook.Event) so that
cancellation of parent cancels the async hook goroutine; update the lines
creating baseCtx and the subsequent WithValue call (which reference
dispatchDepthContextKey{} and dispatchChainContextKey{} and
currentDispatchChain(parent)) to use the parent's context as the root instead of
poolCtx so enterDispatch and any spawned goroutines inherit parent cancellation.
- Around line 21-55: The call to h.pool.Submit(asyncTask{...}) currently ignores
its boolean return; if Submit returns false the asyncTask is dropped silently —
update the code after calling h.pool.Submit to check the returned bool and when
it is false call h.emitHookRun(...) with the same parameters used for other
skipped paths (use asyncPayload, asyncHook.RegisteredHook,
HookRunOutcomeSkipped, duration 0, nil patch, appropriate err value or nil, and
parentDepth) and also log/emit the "hook.dispatch.async_dropped" outcome so
callers get visibility; reference h.pool.Submit, asyncTask, h.emitHookRun,
HookRunOutcomeSkipped, asyncPayload, asyncHook.RegisteredHook and parentDepth to
locate where to add this conditional handling.

In `@internal/hooks/matcher.go`:
- Around line 171-191: selectMatchingHooks currently drops hooks with unknown
hook.Mode silently; add an explicit default branch in the switch in
selectMatchingHooks that handles unexpected modes: log a clear warning
(including hook identity and hook.Mode) and use a safe fallback (e.g., append
the hook to syncHooks) so the hook is not lost; reference the switch on
hook.Mode and constants HookModeAsync and HookModeSync when implementing the
default branch.

In `@internal/memory/store_test.go`:
- Around line 660-682: Split the block of assertions into a table-driven set of
subtests using t.Run("Should ...") entries that each test one expectation for
ageDays, ageText, and freshnessWarning; create a testCases slice referencing the
inputs (today, yesterday, threeDaysAgo, now) and expected outputs, loop over it
and for each case call t.Run with a descriptive "Should ..." name, run
t.Parallel() inside each subtest, and perform the single assertion (use equality
checks for ageDays/ageText and strings.Contains for freshnessWarning's "3 days
old" expectation) against the functions ageDays, ageText, and freshnessWarning
so failures are isolated.

In `@internal/skills/registry_workspace_cache.go`:
- Around line 68-75: The returns from checkRegistryContext(ctx) and
skillSourceFromWorkspacePath(skillPath.Source) should be wrapped with local
context before propagating so failures in workspace loading are diagnosable;
replace direct returns like `return workspaceLoad{}, err` with wrapped errors
using fmt.Errorf to add context (e.g., "checking registry context failed: %w")
when handling the error from checkRegistryContext and similarly add context for
skillSourceFromWorkspacePath (e.g., "determining skill source from workspace
path failed: %w"), keeping references to the existing symbols
checkRegistryContext, skillSourceFromWorkspacePath, and the workspaceLoad return
value.
- Around line 43-51: In workspaceSkillTargetLocked, the read path calls
workspaceCacheKey(*resolved, nil) and drops resolved.Skills causing cache
misses; modify workspaceSkillTargetLocked to extract the skill paths from
resolved.Skills (e.g., map to []string or the same shape used by the write path)
and pass those paths as the second argument to workspaceCacheKey so the read-key
generation matches the write-path key generation (ensure you use the same
transformation of resolved.Skills that the write path uses).

In `@internal/sse/decode.go`:
- Around line 31-52: The Decode function must guard against nil inputs to avoid
panics: at the start of Decode check that ctx != nil and handler != nil (and
optionally body != nil) and return a clear error (e.g., errors.New or
fmt.Errorf) if any are nil; this ensures subsequent calls to ctx.Err() and
handler(event) (and the emit closure) are safe. Update the Decode function
signature's entry checks to validate ctx and handler, add appropriate error
returns, and adjust imports if you use errors/fmt. Ensure the emit closure and
the loop assume handler is non-nil after these guards.

---

Outside diff comments:
In `@internal/config/config.go`:
- Around line 157-167: The call to ResolveHomePaths() inside defaultConfig()
returns an unwrapped error; update defaultConfig() to wrap that error with
context using fmt.Errorf("<context>: %w", err) (or an equivalent error-wrapping
helper) so callers get meaningful context; locate the ResolveHomePaths()
invocation in defaultConfig() and replace the bare return of its error with a
wrapped error message referencing ResolveHomePaths.

In `@internal/daemon/daemon_test.go`:
- Around line 1416-1432: The test currently uses time.Sleep(20 *
time.Millisecond) to assert no extra dream runs after calling
dispatcher.Session.DispatchSessionPostStop; replace this flaky sleep with
explicit synchronization by exposing and waiting on a deterministic
signal/counter from the notifier/fake dream service (e.g., add or use a channel,
condition variable, or WaitGroup in the fake notifier and/or the fake dream
service) so the test waits until the notifier has processed the post-stop event
and then assert dream.runCount() == 1; update the test to call
dispatcher.Session.DispatchSessionPostStop(...), wait on the exposed
synchronization primitive from the fake notifier or dream (instead of sleeping),
and then check dream.runCount() to ensure no extra enqueues.

In `@internal/memory/consolidation/runtime.go`:
- Around line 245-257: The closure currently hardcodes defaultSessionStopTimeout
when calling spawnSession, causing timeouts to be fixed; make the stop timeout
configurable by threading a timeout value from the surrounding configuration or
functional option into the closure and passing that value to spawnSession
instead of defaultSessionStopTimeout (e.g., add/use
cfg.Memory.Dream.SessionStopTimeout or accept a functional option like
dreamSessionTimeout and reference it in the returned func); update the call site
where this closure is created to supply the configured timeout and ensure
spawnSession's signature is unchanged or adjusted accordingly so sessions.Stop()
can use the configured duration.

---

Nitpick comments:
In `@internal/acp/handlers.go`:
- Around line 105-143: The handlers map inside AgentProcess.handleInbound is
allocated on every call; hoist it as a field (e.g.,
AgentProcess.inboundHandlers) initialized once in the AgentProcess constructor
or via sync.Once to avoid per-call allocations. Populate the map with the same
keys/func values (e.g., acpsdk.ClientMethodFsReadTextFile ->
p.handleReadTextFile, ClientMethodTerminalCreate -> p.handleCreateTerminal,
etc.) and update handleInbound to look up handler := p.inboundHandlers[method]
and call it (preserving the same function signature and error wrapping) instead
of building the map each invocation.

In `@internal/session/hooks.go`:
- Around line 65-105: Add compile-time interface verification for the noop types
at the end of internal/session/hooks.go so any signature mismatch is caught at
build time; specifically, add var declarations asserting each interface equals
the corresponding noop type using the recommended pointer-nil form (e.g. _
SessionLifecycleHooks = (*noopSessionLifecycleHooks)(nil)) for the pairs
SessionLifecycleHooks/noopSessionLifecycleHooks, PromptHooks/noopPromptHooks,
EventHooks/noopEventHooks, AgentHooks/noopAgentHooks,
ConversationHooks/noopConversationHooks, and
CompactionHooks/noopCompactionHooks.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 56b42296-8c25-4f09-b976-091a67676bbf

📥 Commits

Reviewing files that changed from the base of the PR and between b829b3b and 3c79a20.

⛔ Files ignored due to path filters (28)

• .agents/skills/kodebase/SKILL.md is excluded by !**/*.md, !.agents/**
• .agents/skills/kodebase/references/cli-generate.md is excluded by !**/*.md, !.agents/**
• .agents/skills/kodebase/references/cli-inspect.md is excluded by !**/*.md, !.agents/**
• .agents/skills/kodebase/references/cli-search-index.md is excluded by !**/*.md, !.agents/**
• .agents/skills/kodebase/references/error-handling.md is excluded by !**/*.md, !.agents/**
• .agents/skills/kodebase/references/output-formats.md is excluded by !**/*.md, !.agents/**
• .codex/plans/2026-04-10-kb-refac-full-sweep.md is excluded by !**/*.md
• .compozy/tasks/ext-architecture/_techspec.md is excluded by !**/*.md
• .compozy/tasks/ext-architecture/adrs/adr-001.md is excluded by !**/*.md
• .compozy/tasks/ext-architecture/adrs/adr-002.md is excluded by !**/*.md
• .compozy/tasks/ext-architecture/adrs/adr-003.md is excluded by !**/*.md
• .compozy/tasks/ext-architecture/adrs/adr-004.md is excluded by !**/*.md
• .compozy/tasks/ext-architecture/adrs/adr-005.md is excluded by !**/*.md
• .compozy/tasks/ext-architecture/analysis_claude_code.md is excluded by !**/*.md
• .compozy/tasks/ext-architecture/analysis_goclaw.md is excluded by !**/*.md
• .compozy/tasks/ext-architecture/analysis_hermes.md is excluded by !**/*.md
• .compozy/tasks/ext-architecture/analysis_libraries.md is excluded by !**/*.md
• .compozy/tasks/ext-architecture/analysis_openclaw.md is excluded by !**/*.md
• .compozy/tasks/ext-architecture/analysis_openfang.md is excluded by !**/*.md
• .compozy/tasks/ext-architecture/analysis_pi_mono.md is excluded by !**/*.md
• .compozy/tasks/kb-refac/_techspec.md is excluded by !**/*.md
• .compozy/tasks/kb-refac/adrs/adr-001.md is excluded by !**/*.md
• .compozy/tasks/kb-refac/adrs/adr-002.md is excluded by !**/*.md
• .compozy/tasks/kb-refac/adrs/adr-003.md is excluded by !**/*.md
• .compozy/tasks/kb-refac/adrs/adr-004.md is excluded by !**/*.md
• bun.lock is excluded by !**/*.lock
• skills-lock.json is excluded by !**/*.json
• web/package.json is excluded by !**/*.json

📒 Files selected for processing (67)

• internal/acp/client.go
• internal/acp/handlers.go
• internal/api/core/conversions.go
• internal/api/core/handlers.go
• internal/api/core/session_stream.go
• internal/api/httpapi/handlers.go
• internal/api/httpapi/middleware.go
• internal/api/httpapi/routes.go
• internal/api/httpapi/server.go
• internal/api/udsapi/server.go
• internal/api/udsapi/server_test.go
• internal/cli/client.go
• internal/cli/install_test.go
• internal/cli/skill.go
• internal/cli/skill_commands.go
• internal/cli/skill_marketplace.go
• internal/cli/skill_output.go
• internal/cli/skill_workspace.go
• internal/config/config.go
• internal/config/config_test.go
• internal/config/provider.go
• internal/daemon/boot.go
• internal/daemon/daemon.go
• internal/daemon/daemon_integration_test.go
• internal/daemon/daemon_test.go
• internal/daemon/hooks_bridge.go
• internal/hooks/dispatch.go
• internal/hooks/dispatch_async.go
• internal/hooks/matcher.go
• internal/memory/consolidation/runtime.go
• internal/memory/dream.go
• internal/memory/dream_test.go
• internal/memory/staleness.go
• internal/memory/store_test.go
• internal/session/hooks.go
• internal/session/interfaces.go
• internal/session/manager.go
• internal/session/manager_hooks.go
• internal/session/manager_hooks_test.go
• internal/session/manager_integration_test.go
• internal/session/manager_lifecycle.go
• internal/session/manager_start.go
• internal/skills/registry.go
• internal/skills/registry_snapshot.go
• internal/skills/registry_workspace_cache.go
• internal/sse/decode.go
• internal/transcript/transcript.go
• internal/transcript/transcript_test.go
• internal/workref/ref.go
• internal/workspace/options.go
• internal/workspace/resolver_test.go
• web/src/components/ui/alert-dialog.tsx
• web/src/components/ui/aspect-ratio.tsx
• web/src/components/ui/calendar.tsx
• web/src/components/ui/carousel.tsx
• web/src/components/ui/chart.tsx
• web/src/components/ui/checkbox.tsx
• web/src/components/ui/context-menu.tsx
• web/src/components/ui/drawer.tsx
• web/src/components/ui/hover-card.tsx
• web/src/components/ui/input-otp.tsx
• web/src/components/ui/menubar.tsx
• web/src/components/ui/navigation-menu.tsx
• web/src/components/ui/pagination.tsx
• web/src/components/ui/radio-group.tsx
• web/src/components/ui/resizable.tsx
• web/src/components/ui/slider.tsx

💤 Files with no reviewable changes (22)

• internal/api/udsapi/server.go
• web/src/components/ui/input-otp.tsx
• web/src/components/ui/checkbox.tsx
• web/src/components/ui/aspect-ratio.tsx
• web/src/components/ui/slider.tsx
• internal/hooks/dispatch.go
• web/src/components/ui/radio-group.tsx
• internal/api/httpapi/server.go
• web/src/components/ui/resizable.tsx
• web/src/components/ui/navigation-menu.tsx
• web/src/components/ui/chart.tsx
• web/src/components/ui/context-menu.tsx
• web/src/components/ui/menubar.tsx
• web/src/components/ui/pagination.tsx
• web/src/components/ui/alert-dialog.tsx
• web/src/components/ui/hover-card.tsx
• web/src/components/ui/carousel.tsx
• internal/skills/registry.go
• web/src/components/ui/drawer.tsx
• internal/session/interfaces.go
• web/src/components/ui/calendar.tsx
• internal/cli/skill.go

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (2)

internal/skills/registry_workspace_cache.go (1)

100-112: Silent error suppression in cache key path derivation.

When workspaceSkillLoadPath returns an error at line 104, the function returns (nil, false) silently discarding the error. This could mask configuration issues or unexpected skill source values during cache key computation.

Consider logging the error or propagating it to help diagnose cache miss issues in production.

♻️ Proposed improvement

-func workspaceCacheKeyPaths(resolved workspacepkg.ResolvedWorkspace) ([]workspaceSkillPath, bool) {
+func workspaceCacheKeyPaths(resolved workspacepkg.ResolvedWorkspace) ([]workspaceSkillPath, bool, error) {
 	paths := make([]workspaceSkillPath, 0, len(resolved.Skills))
 	for _, skillPath := range resolved.Skills {
 		path, include, err := workspaceSkillLoadPath(skillPath)
 		if err != nil {
-			return nil, false
+			return nil, false, err
 		}
 		if include {
 			paths = append(paths, path)
 		}
 	}
-	return paths, true
+	return paths, true, nil
 }

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@internal/skills/registry_workspace_cache.go` around lines 100 - 112,
workspaceCacheKeyPaths currently swallows errors from workspaceSkillLoadPath and
returns (nil, false), which hides configuration/runtime problems; change
workspaceCacheKeyPaths to propagate the underlying error instead of silently
returning false (e.g., add an error return and return the error when
workspaceSkillLoadPath fails), update all callers to handle the error, or
alternatively log the error via the project's logger before returning; reference
the workspaceCacheKeyPaths and workspaceSkillLoadPath symbols and ensure callers
that rely on the boolean return are updated to handle the propagated error.

internal/cli/skill_workspace.go (1)

552-562: Shallow clone creates inconsistency with existing deep-clone pattern in the codebase.

cloneMetadata performs a shallow copy, while the similar cloneMetadataMap function in internal/skills/registry_snapshot.go implements full deep cloning for nested maps and slices. Since metadata can contain nested structures (e.g., map[string]any{"agh": map[string]any{"category": "quality"}}), consider adopting the deeper cloning pattern here for consistency and to prevent future mutations of nested structures from affecting both copies.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@internal/cli/skill_workspace.go` around lines 552 - 562, cloneMetadata
currently performs a shallow copy which can leak nested maps/slices; update
cloneMetadata to perform a deep clone following the same approach used by
cloneMetadataMap in internal/skills/registry_snapshot.go: recursively copy
nested map[string]any and []any values (and preserve primitive values as-is),
handle nils, and ensure returned map contains fully independent nested
structures so mutations to the clone or original do not affect the other;
reference the cloneMetadata and cloneMetadataMap implementations to mirror
recursion and type switches for maps and slices.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@internal/hooks/telemetry_test.go`:
- Around line 174-234: The test can hang if assertions call t.Fatalf while the
executor is still blocked on the channel `blocked`; to fix, ensure `blocked` is
always closed on test exit by adding `defer close(blocked)` immediately after
`blocked := make(chan struct{})` in
TestHookTelemetryRecordsDroppedAsyncSubmission so the native executor unblocks
even when assertions fail (this prevents hooks.Close from waiting indefinitely).

---

Nitpick comments:
In `@internal/cli/skill_workspace.go`:
- Around line 552-562: cloneMetadata currently performs a shallow copy which can
leak nested maps/slices; update cloneMetadata to perform a deep clone following
the same approach used by cloneMetadataMap in
internal/skills/registry_snapshot.go: recursively copy nested map[string]any and
[]any values (and preserve primitive values as-is), handle nils, and ensure
returned map contains fully independent nested structures so mutations to the
clone or original do not affect the other; reference the cloneMetadata and
cloneMetadataMap implementations to mirror recursion and type switches for maps
and slices.

In `@internal/skills/registry_workspace_cache.go`:
- Around line 100-112: workspaceCacheKeyPaths currently swallows errors from
workspaceSkillLoadPath and returns (nil, false), which hides
configuration/runtime problems; change workspaceCacheKeyPaths to propagate the
underlying error instead of silently returning false (e.g., add an error return
and return the error when workspaceSkillLoadPath fails), update all callers to
handle the error, or alternatively log the error via the project's logger before
returning; reference the workspaceCacheKeyPaths and workspaceSkillLoadPath
symbols and ensure callers that rely on the boolean return are updated to handle
the propagated error.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: a88b2675-b3d6-4922-859f-9f952c7477ec

📥 Commits

Reviewing files that changed from the base of the PR and between 3c79a20 and 506947c.

⛔ Files ignored due to path filters (25)

• .compozy/tasks/ext-architecture/_examples.md is excluded by !**/*.md
• .compozy/tasks/ext-architecture/_techspec.md is excluded by !**/*.md
• .compozy/tasks/ext-architecture/adrs/adr-001.md is excluded by !**/*.md
• .compozy/tasks/ext-architecture/adrs/adr-002.md is excluded by !**/*.md
• .compozy/tasks/ext-architecture/adrs/adr-003.md is excluded by !**/*.md
• .compozy/tasks/ext-architecture/adrs/adr-005.md is excluded by !**/*.md
• .compozy/tasks/kb-refac/reviews-001/_meta.md is excluded by !**/*.md
• .compozy/tasks/kb-refac/reviews-001/issue_001.md is excluded by !**/*.md
• .compozy/tasks/kb-refac/reviews-001/issue_002.md is excluded by !**/*.md
• .compozy/tasks/kb-refac/reviews-001/issue_003.md is excluded by !**/*.md
• .compozy/tasks/kb-refac/reviews-001/issue_004.md is excluded by !**/*.md
• .compozy/tasks/kb-refac/reviews-001/issue_005.md is excluded by !**/*.md
• .compozy/tasks/kb-refac/reviews-001/issue_006.md is excluded by !**/*.md
• .compozy/tasks/kb-refac/reviews-001/issue_007.md is excluded by !**/*.md
• .compozy/tasks/kb-refac/reviews-001/issue_008.md is excluded by !**/*.md
• .compozy/tasks/kb-refac/reviews-001/issue_009.md is excluded by !**/*.md
• .compozy/tasks/kb-refac/reviews-001/issue_010.md is excluded by !**/*.md
• .compozy/tasks/kb-refac/reviews-001/issue_011.md is excluded by !**/*.md
• .compozy/tasks/kb-refac/reviews-001/issue_012.md is excluded by !**/*.md
• .compozy/tasks/kb-refac/reviews-001/issue_013.md is excluded by !**/*.md
• .compozy/tasks/kb-refac/reviews-001/issue_014.md is excluded by !**/*.md
• .compozy/tasks/kb-refac/reviews-001/issue_015.md is excluded by !**/*.md
• .compozy/tasks/kb-refac/reviews-001/issue_016.md is excluded by !**/*.md
• .compozy/tasks/kb-refac/reviews-001/issue_017.md is excluded by !**/*.md
• .compozy/tasks/kb-refac/reviews-001/issue_018.md is excluded by !**/*.md

📒 Files selected for processing (18)

• internal/api/core/session_stream.go
• internal/api/httpapi/handlers_error_test.go
• internal/api/httpapi/handlers_test.go
• internal/api/httpapi/middleware.go
• internal/api/httpapi/routes.go
• internal/cli/skill_commands.go
• internal/cli/skill_marketplace.go
• internal/cli/skill_test.go
• internal/cli/skill_workspace.go
• internal/hooks/dispatch_async.go
• internal/hooks/hooks_test.go
• internal/hooks/telemetry_test.go
• internal/memory/store_test.go
• internal/session/hooks.go
• internal/skills/registry_test.go
• internal/skills/registry_workspace_cache.go
• internal/sse/decode.go
• internal/sse/decode_test.go

✅ Files skipped from review due to trivial changes (2)

• internal/api/core/session_stream.go
• internal/session/hooks.go

🚧 Files skipped from review as they are similar to previous changes (2)

• internal/api/httpapi/routes.go
• internal/cli/skill_marketplace.go

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Test may hang on assertion failure due to unclosed blocking channel.

If assertions at lines 218 or 221 fail, t.Fatalf exits without closing blocked, leaving the async executor blocked indefinitely. The t.Cleanup(hooks.Close) will then wait for pool drain, potentially causing test hangs.

Consider setting an explicit drain timeout to prevent this:

🛡️ Proposed fix to prevent test hangs

 	hooks := NewHooks(
 		WithLogger(discardPoolLogger()),
 		WithAsyncWorkerCount(1),
 		WithAsyncQueueCapacity(1),
+		WithAsyncDrainTimeout(2*time.Second),
 		WithNativeDeclarations([]HookDecl{{

Alternatively, add a deferred cleanup that ensures blocked is closed:

 	blocked := make(chan struct{})
+	t.Cleanup(func() {
+		select {
+		case <-blocked:
+		default:
+			close(blocked)
+		}
+	})
 	hooks := NewHooks(

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	func TestHookTelemetryRecordsDroppedAsyncSubmission(t *testing.T) {
	t.Parallel()
	writer := &captureHookRunWriter{}
	blocked := make(chan struct{})
	hooks := NewHooks(
	WithLogger(discardPoolLogger()),
	WithAsyncWorkerCount(1),
	WithAsyncQueueCapacity(1),
	WithNativeDeclarations([]HookDecl{{
	Name: "async-event",
	Event: HookEventPreRecord,
	Mode: HookModeAsync,
	ExecutorKind: HookExecutorNative,
	}}),
	WithExecutorResolver(func(decl HookDecl) (Executor, error) {
	if decl.Name != "async-event" {
	return nil, errors.New("missing executor")
	}
	return NewTypedNativeExecutor(func(context.Context, RegisteredHook, EventPreRecordPayload) (EventPreRecordPatch, error) {
	<-blocked
	return EventPreRecordPatch{}, nil
	}), nil
	}),
	)
	t.Cleanup(hooks.Close)
	if err := hooks.Rebuild(t.Context()); err != nil {
	t.Fatalf("Rebuild() error = %v", err)
	}
	ctx := WithHookRunWriter(t.Context(), writer)
	payload := EventPreRecordPayload{PayloadBase: PayloadBase{Event: HookEventPreRecord}, RecordType: "agent_message"}
	for i := 0; i < 3; i++ {
	if _, err := hooks.DispatchEventPreRecord(ctx, payload); err != nil {
	t.Fatalf("DispatchEventPreRecord() #%d error = %v", i+1, err)
	}
	}
	deadline := time.After(time.Second)
	for {
	records := writer.recordsSnapshot()
	if len(records) > 0 {
	record := records[0]
	if record.Outcome != HookRunOutcomeDropped {
	t.Fatalf("record.Outcome = %q, want %q", record.Outcome, HookRunOutcomeDropped)
	}
	if record.Error != errAsyncHookDropped.Error() {
	t.Fatalf("record.Error = %q, want %q", record.Error, errAsyncHookDropped.Error())
	}
	close(blocked)
	return
	}
	select {
	case <-deadline:
	close(blocked)
	t.Fatal("expected dropped async hook telemetry record")
	case <-time.After(10 * time.Millisecond):
	}
	}
	}
	func TestHookTelemetryRecordsDroppedAsyncSubmission(t *testing.T) {
	t.Parallel()
	writer := &captureHookRunWriter{}
	blocked := make(chan struct{})
	t.Cleanup(func() {
	select {
	case <-blocked:
	default:
	close(blocked)
	}
	})
	hooks := NewHooks(
	WithLogger(discardPoolLogger()),
	WithAsyncWorkerCount(1),
	WithAsyncQueueCapacity(1),
	WithNativeDeclarations([]HookDecl{{
	Name: "async-event",
	Event: HookEventPreRecord,
	Mode: HookModeAsync,
	ExecutorKind: HookExecutorNative,
	}}),
	WithExecutorResolver(func(decl HookDecl) (Executor, error) {
	if decl.Name != "async-event" {
	return nil, errors.New("missing executor")
	}
	return NewTypedNativeExecutor(func(context.Context, RegisteredHook, EventPreRecordPayload) (EventPreRecordPatch, error) {
	<-blocked
	return EventPreRecordPatch{}, nil
	}), nil
	}),
	)
	t.Cleanup(hooks.Close)
	if err := hooks.Rebuild(t.Context()); err != nil {
	t.Fatalf("Rebuild() error = %v", err)
	}
	ctx := WithHookRunWriter(t.Context(), writer)
	payload := EventPreRecordPayload{PayloadBase: PayloadBase{Event: HookEventPreRecord}, RecordType: "agent_message"}
	for i := 0; i < 3; i++ {
	if _, err := hooks.DispatchEventPreRecord(ctx, payload); err != nil {
	t.Fatalf("DispatchEventPreRecord() #%d error = %v", i+1, err)
	}
	}
	deadline := time.After(time.Second)
	for {
	records := writer.recordsSnapshot()
	if len(records) > 0 {
	record := records[0]
	if record.Outcome != HookRunOutcomeDropped {
	t.Fatalf("record.Outcome = %q, want %q", record.Outcome, HookRunOutcomeDropped)
	}
	if record.Error != errAsyncHookDropped.Error() {
	t.Fatalf("record.Error = %q, want %q", record.Error, errAsyncHookDropped.Error())
	}
	close(blocked)
	return
	}
	select {
	case <-deadline:
	close(blocked)
	t.Fatal("expected dropped async hook telemetry record")
	case <-time.After(10 * time.Millisecond):
	}
	}
	}

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@internal/hooks/telemetry_test.go` around lines 174 - 234, The test can hang
if assertions call t.Fatalf while the executor is still blocked on the channel
`blocked`; to fix, ensure `blocked` is always closed on test exit by adding
`defer close(blocked)` immediately after `blocked := make(chan struct{})` in
TestHookTelemetryRecordsDroppedAsyncSubmission so the native executor unblocks
even when assertions fail (this prevents hooks.Close from waiting indefinitely).