feat: agents soul#88
Merged
Merged
Conversation
|
Note Reviews pausedIt looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the Use the following commands to manage reviews:
Use the checkboxes below for quick actions:
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: CHILL Plan: Pro Run ID: ⛔ Files ignored due to path filters (254)
📒 Files selected for processing (46)
✅ Files skipped from review due to trivial changes (12)
🚧 Files skipped from review as they are similar to previous changes (4)
WalkthroughAdds a scenario-specific QA bootstrap environment and multiple evidence files for the "agent-soul" QA run. The bootstrap exports static environment variables for AGH runtime, provider paths, and browser automation; evidence files record HTTP statuses, API validation errors, session/run IDs, and textual QA notes. ChangesAgent-Soul QA Setup and Evidence
Estimated code review effort🎯 2 (Simple) | ⏱️ ~12 minutes Possibly related PRs
🚥 Pre-merge checks | ✅ 3 | ❌ 2❌ Failed checks (1 warning, 1 inconclusive)
✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches📝 Generate docstrings
Tip 💬 Introducing Slack Agent: The best way for teams to turn conversations into code.Slack Agent is built on CodeRabbit's deep understanding of your code, so your team can collaborate across the entire SDLC without losing context.
Built for teams:
One agent for your entire SDLC. Right inside Slack. 👉 Get your free trial and get 200 agent minutes per Slack user (a $50 value). Review rate limit: 4/5 reviews remaining, refill in 12 minutes. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 12
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (8)
internal/cli/extension.go (1)
162-168:⚠️ Potential issue | 🟡 Minor | ⚡ Quick winReject blank
extension updatetargets too.The non-
--allpath still accepts a whitespace-only name because it only checkslen(args). That bypasses the non-blank validation you just applied to the other extension commands and leaves downstream code to handle an empty extension name.Suggested fix
Args: func(_ *cobra.Command, args []string) error { if updateAll && len(args) > 0 { return errors.New("cli: update accepts either an extension name or --all, not both") } - if !updateAll && len(args) != 1 { - return errors.New("cli: update requires an extension name unless --all is set") + if !updateAll { + if err := exactOneNonBlankArg()(nil, args); err != nil { + return errors.New("cli: update requires a non-blank extension name unless --all is set") + } } return nil },🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@internal/cli/extension.go` around lines 162 - 168, The Args validation for the "extension update" command currently only checks len(args) and therefore allows a whitespace-only target; update the Args function (the Args closure using variables updateAll and args) to trim and validate the provided name when not updateAll—e.g., after confirming not updateAll, call strings.TrimSpace on args[0] and return an error like "cli: update requires a non-blank extension name" if the trimmed value is empty, ensuring whitespace-only names are rejected before downstream code runs.internal/cli/config.go (1)
1012-1035:⚠️ Potential issue | 🟠 Major | ⚡ Quick win
config setdropped the renamed provider secret path.This file now treats
secret_envas a sensitive/redacted field, butclassifyConfigMutationPathstill only recognizesproviders.<name>.commandandproviders.<name>.default_model. That meansagh config set providers.<name>.secret_env ...now falls through as unsupported, and a naive whitelist here would still returnredacted=false.Suggested fix
- if isProviderMutationPath(path) { - return configSetString, false, nil + if kind, redacted, ok := classifyProviderMutationPath(path); ok { + return kind, redacted, nil } if kind, redacted, ok := classifySandboxMutationPath(path); ok { return kind, redacted, nil } @@ -func isProviderMutationPath(path []string) bool { +func classifyProviderMutationPath(path []string) (configSetValueKind, bool, bool) { if len(path) == 3 && path[0] == "providers" { switch path[2] { case "command", "default_model": - return true + return configSetString, false, true + case "secret_env": + return configSetString, true, true } } - return false + return configSetString, false, false }As per coding guidelines, "Renames must update code, storage, APIs, CLI, extensions, specs, RFCs, and
.compozy/tasks/*artifacts in a single change; no aliases or dual fields".🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@internal/cli/config.go` around lines 1012 - 1035, Update provider mutation handling so providers.<name>.secret_env is accepted and treated as redacted: in isProviderMutationPath add "secret_env" to the switch for path[2] (alongside "command" and "default_model"), and update classifyConfigMutationPath so the branch that calls isProviderMutationPath(path) returns (configSetString, true, nil) instead of (configSetString, false, nil) so secret_env is allowed and flagged sensitive; reference functions: classifyConfigMutationPath and isProviderMutationPath and the providers.<name>.secret_env path.internal/api/udsapi/udsapi_integration_test.go (1)
1974-1982:⚠️ Potential issue | 🟠 Major | ⚡ Quick winDon’t drop the new
secretValuein the integration bridge service.This helper accepts the new parameter but ignores it, so the UDS integration suite cannot actually verify the bridge secret write path added by this PR. A regression where the handler stops forwarding/storing plaintext secret writes would still go green here.
As per coding guidelines, "Check dependent package APIs before writing integration code or tests".
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@internal/api/udsapi/udsapi_integration_test.go` around lines 1974 - 1982, The PutSecretBinding implementation in integrationBridgeService ignores the new secretValue parameter; update PutSecretBinding to forward that secretValue to the store call instead of dropping it—i.e., change the invocation of s.store.PutBridgeSecretBinding to pass the secretValue (or call the store method that accepts the plaintext value) so the integration test exercises the actual secret-write path; ensure the store interface/signature (PutBridgeSecretBinding) is adjusted/used accordingly and keep the ctx and binding parameters intact.internal/api/contract/settings.go (1)
356-393:⚠️ Potential issue | 🟠 Major | 🏗️ Heavy liftKeep secret bindings out of settings read payloads.
secret_ref,client_secret_ref, andsecret_envnow become part of the settings contract, which exposes secret bindings through settings views/status-like APIs. That conflicts with the repo’s redaction policy; these responses should carry only presence/source metadata or an opaque/hash form instead.As per coding guidelines, "Raw
claim_token(agh_claim_*), MCP auth tokens, OAuth codes, PKCE verifiers, and secret bindings must NEVER appear in logs, status APIs, settings views, error payloads, channel messages, SSE, web UI, or memory; use hash forms (claim_token_hash) over the wire".Also applies to: 396-505
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@internal/api/contract/settings.go` around lines 356 - 393, The settings API structs currently expose raw secret bindings (fields named SecretRef / secret_ref and any client_secret_ref or secret_env equivalents) which violates the redaction policy; update the payload types (SettingsProviderCredentialSlotPayload, SettingsProviderCredentialStatusPayload, SettingsProviderSecretWritePayload, SettingsProviderItemPayload and related types referenced around lines ~396-505) to remove or stop emitting raw secret binding fields and instead expose only presence/source metadata or an opaque/hash field (e.g., ClaimTokenHash/SecretRefHash) and the existing Present/Source booleans; ensure any write payload that must accept secrets (SettingsProviderSecretWritePayload) is only used on input paths and never returned in read/status views, and audit uses of fields named secret_ref, client_secret_ref, or secret_env to replace them with hashed/opaque variants in response structs.internal/api/contract/contract.go (1)
163-172:⚠️ Potential issue | 🟠 Major | 🏗️ Heavy liftKeep
secret_envout of the shared agent response contract.Line 170 adds secret bindings to a transport DTO that is returned by agent APIs. Even if the values are refs rather than raw secrets, they are still forbidden to expose over public/status surfaces.
As per coding guidelines, "Raw
claim_token(agh_claim_*), MCP auth tokens, OAuth codes, PKCE verifiers, and secret bindings must NEVER appear in logs, status APIs, settings views, error payloads, channel messages, SSE, web UI, or memory; use hash forms (claim_token_hash) over the wire".🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@internal/api/contract/contract.go` around lines 163 - 172, The AgentMCPServerJSON response struct currently exposes secret bindings via the SecretEnv field (SecretEnv map[string]string `json:"secret_env,omitempty"`); remove this field from the exported DTO so secret bindings are never serialized in agent API responses and replace any consumers to use an internal-only representation or a hashed/reference field (e.g., claim_token_hash style) when needed; update code that populates AgentMCPServerJSON to stop writing to SecretEnv and ensure any tests/serializers use the internal struct or a non-secret hashed field instead.internal/api/core/conversions.go (1)
1506-1575:⚠️ Potential issue | 🟠 Major | 🏗️ Heavy liftSettings responses are still exposing secret bindings.
These helpers return
secret_ref,client_secret_ref, andsecret_envdirectly in provider, MCP, sandbox, and hook payloads. That means the settings UI and generated clients can enumerate secret locations even though the secret values are hidden.As per coding guidelines, "Raw
claim_token(agh_claim_*), MCP auth tokens, OAuth codes, PKCE verifiers, and secret bindings must NEVER appear in logs, status APIs, settings views, error payloads, channel messages, SSE, web UI, or memory; use hash forms (claim_token_hash) over the wire".Also applies to: 1577-1615, 1656-1746
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@internal/api/core/conversions.go` around lines 1506 - 1575, The payload builders (notably settingsProviderItemPayload, settingsProviderSettingsPayload, settingsProviderCredentialSlotPayloads, and settingsProviderCredentialStatusPayloads) are currently exposing secret binding fields (secret_ref / client_secret_ref / secret_env); remove or replace those raw secret-location fields so they never travel over the wire — either omit them from contract.Settings*Payload or replace them with a deterministic hash/redaction field (e.g., secret_ref_hash or claim_token_hash) computed via a central helper (e.g., computeSecretBindingHash) and used consistently across provider, MCP, sandbox, and hook payload builders (also update the similar blocks around the other ranges called out in the comment). Ensure you do not log or include the raw secret string anywhere and update the payload struct mapping to use the hash/redacted field name instead.internal/automation/manager.go (1)
881-903:⚠️ Potential issue | 🟠 Major | ⚡ Quick winDelay old-secret deletion until the trigger update is fully committed.
deleteSupersededOwnedWebhookSecretruns beforecurrentEffective/applyTriggerToRuntime. If either later step fails, the code rolls the trigger record back tocurrentStoredbut never restores the deleted secret, so the reverted trigger can point at a missingWebhookSecretRef.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@internal/automation/manager.go` around lines 881 - 903, The code deletes the superseded webhook secret too early (deleteSupersededOwnedWebhookSecret is called before computing currentEffective and applying it to runtime), so if later steps fail and the trigger record is rolled back the secret is gone; move the deletion so it only runs after the trigger update and runtime apply are fully successful: i.e., keep applyWebhookSecretWritePointer and store.UpdateTrigger as-is, then compute currentEffective via effectiveTriggerFromStored and call applyTriggerToRuntime(currentEffective), and only after that (and after any successful store update commits) call deleteSupersededOwnedWebhookSecret; ensure rollback paths (where store.UpdateTrigger reverts to currentStored or applyTriggerToRuntime fails and previousEffective is reapplied) do not attempt to delete or must restore the secret. Reference functions: applyWebhookSecretWritePointer, deleteSupersededOwnedWebhookSecret, effectiveTriggerFromStored, applyTriggerToRuntime, and store.UpdateTrigger.internal/automation/resource_projection.go (1)
438-462:⚠️ Potential issue | 🟠 Major | 🏗️ Heavy liftMake the secret write rollback-safe in
updateTriggerResource.
applyWebhookSecretWritePointermutates the vault-backed secret beforetriggerResources.Putcommits the trigger update. If the resource write then fails, the API returns an error even though the secret has already changed, which can orphan a daemon-owned secret or overwrite a shared ref without the matching trigger update landing.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@internal/automation/resource_projection.go` around lines 438 - 462, The secret mutation via m.applyWebhookSecretWritePointer happens before the trigger update is committed, risking orphaned or mismatched secrets if m.triggerResources.Put fails; fix by deferring the secret write until after a successful Put (i.e., call m.applyWebhookSecretWritePointer only after m.triggerResources.Put returns no error), or if you must perform the secret write first then implement a rollback path that restores the prior secret state when m.triggerResources.Put fails; locate the sequence around applyWebhookSecretRef, stableConfigID, requireWebhookSecretRef, next.Validate, m.applyWebhookSecretWritePointer and m.triggerResources.Put in updateTriggerResource and either move the applyWebhookSecretWritePointer call to follow the Put or add explicit rollback logic to undo the secret mutation on Put error.
🧹 Nitpick comments (8)
internal/cli/command_paths_test.go (1)
55-75: ⚡ Quick winAssert that the new authored-context commands hit their dedicated client methods.
Right now this only proves the commands exit cleanly. If one of these subcommands is wired to the wrong API method, the test can still pass on zero-value output. Track call flags for the new soul/heartbeat/session methods and assert them after the loop so the matrix fails on misrouting.
As per coding guidelines "Ensure tests can fail when business logic changes".
Also applies to: 138-155, 203-235
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@internal/cli/command_paths_test.go` around lines 55 - 75, The test currently only verifies commands run without error but doesn't assert that the subcommands call the correct client methods; for each mocked client function shown (getAgentSoulFn, refreshSessionSoulFn, getAgentHeartbeatFn, getAgentHeartbeatStatusFn) add a call-tracking boolean (e.g., gotAgentSoulCalled, refreshedSessionSoulCalled, gotAgentHeartbeatCalled, gotAgentHeartbeatStatusCalled) that is set to true inside each mock implementation, then after exercising the command matrix assert each corresponding flag is true to fail the test if a subcommand is misrouted; apply the same call-flag/assertion pattern to the other similar mocked groups in the file (the other get/refresh/heartbeat mock blocks).internal/api/core/automation_test.go (1)
490-493: ⚡ Quick winExercise the
webhook_secret_refpath in this round-trip as well.This matrix now proves the inline
webhook_secret_valueflow, but it still never verifies that awebhook_secret_refrequest survives handler parsing and reaches the manager. A regression in the new ref-backed path would pass this suite unchanged. Add a sibling create case that sendswebhook_secret_refand asserts the manager receives the ref instead of a value.As per coding guidelines "Focus on critical paths: workflow execution, state management, error handling".
Also applies to: 661-668
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@internal/api/core/automation_test.go` around lines 490 - 493, Add a sibling test case that exercises the webhook_secret_ref path: in the CreateTriggerFn handler used in the test (CreateTriggerFn) add a parallel create invocation that sends an automationpkg.WebhookSecretWrite with Ref set (e.g. "secret-ref") and Value nil, and assert the manager receives secret.Ref == "secret-ref" and secret.Value == nil; mirror the same change for the other test block around the second location referenced (the block at 661-668) so both inline webhook_secret_value and ref-backed requests are round-tripped and validated by the test harness.internal/api/spec/authored_context.go (1)
401-402: Apply defensive copy for consistency with Tags handling.
append([]OperationSpec(nil), authoredContextOperationRegistry...)creates only a shallow copy of the outer slice. WhilebuildOperation()receivesOperationSpecby value (protecting against mutations), the code inconsistently handles nested slices—Tags receives a defensive copy at line 3454 (append([]string(nil), spec.Tags...)), but Parameters and Responses do not. For defensive consistency and to prevent future misuse, apply the same pattern to all slice fields.Suggested fix
func authoredContextOperations() []OperationSpec { - return append([]OperationSpec(nil), authoredContextOperationRegistry...) + copied := make([]OperationSpec, len(authoredContextOperationRegistry)) + for i, op := range authoredContextOperationRegistry { + copied[i] = op + copied[i].Tags = append([]string(nil), op.Tags...) + copied[i].Transports = append([]Transport(nil), op.Transports...) + copied[i].Parameters = append([]ParameterSpec(nil), op.Parameters...) + copied[i].Responses = append([]ResponseSpec(nil), op.Responses...) + } + return copied }🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@internal/api/spec/authored_context.go` around lines 401 - 402, The authoredContextOperations function returns a shallow copy of authoredContextOperationRegistry but nested slice fields (Parameters, Responses) are not defensively copied like Tags is; update the construction path (e.g., in buildOperation and/or wherever OperationSpec is copied from authoredContextOperationRegistry) to make defensive copies of all slice fields by using append([]T(nil), spec.Parameters...), append([]U(nil), spec.Responses...) (matching the existing append([]string(nil), spec.Tags...)), so every slice field (Tags, Parameters, Responses, etc.) is copied to prevent aliasing and future mutations of authoredContextOperationRegistry via OperationSpec values.internal/api/httpapi/httpapi_integration_test.go (2)
913-940: ⚡ Quick winAdd an explicit non-leak assertion for webhook secret responses.
This test now writes
webhook_secret_valuebut does not verify the secret never comes back in API payloads; that’s the critical regression to guard here.As per coding guidelines, "Raw `claim_token` (`agh_claim_*`), MCP auth tokens, OAuth codes, PKCE verifiers, and secret bindings must NEVER appear in logs, status APIs, settings views, error payloads, channel messages, SSE, web UI, or memory; use hash forms (`claim_token_hash`) over the wire".🔒 Suggested assertion hardening
getResp := mustHTTPRequest(t, runtime.client, http.MethodGet, mustURL(runtime.host, runtime.port, "/api/automation/triggers/"+created.Trigger.ID), nil, nil) if getResp.StatusCode != http.StatusOK { body, _ := io.ReadAll(getResp.Body) _ = getResp.Body.Close() t.Fatalf("get trigger status = %d, want %d; body=%s", getResp.StatusCode, http.StatusOK, string(body)) } - var fetched contract.TriggerResponse - decodeHTTPJSON(t, getResp, &fetched) + rawTriggerBody, err := io.ReadAll(getResp.Body) + _ = getResp.Body.Close() + if err != nil { + t.Fatalf("io.ReadAll(get trigger body) error = %v", err) + } + if strings.Contains(string(rawTriggerBody), "shared-secret") || + strings.Contains(string(rawTriggerBody), "webhook_secret_value") { + t.Fatalf("trigger payload leaked webhook secret: %s", string(rawTriggerBody)) + } + var fetched contract.TriggerResponse + if err := json.Unmarshal(rawTriggerBody, &fetched); err != nil { + t.Fatalf("json.Unmarshal(get trigger body) error = %v", err) + } if fetched.Trigger.EndpointSlug != "deploy-review" { t.Fatalf("fetched trigger endpoint_slug = %q, want %q", fetched.Trigger.EndpointSlug, "deploy-review") }🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@internal/api/httpapi/httpapi_integration_test.go` around lines 913 - 940, Add an explicit assertion that the plaintext webhook secret never appears in API responses: after decoding createResp into created (and after decoding getResp into fetched) assert that neither created.Trigger nor fetched.Trigger contains a non-empty plaintext secret field (e.g., WebhookSecretValue, WebhookSecret, etc.) and instead expect only a hash or empty value; update the test around variables createResp/created and getResp/fetched (and keep the existing endpoint/FormatWebhookEndpoint checks) to fail the test if any plaintext secret is returned.
1830-1839: ⚡ Quick winDon’t silently discard the new
secretValueargument in the bridge test double.Line 1833 currently ignores the new parameter entirely; failing fast when it is non-nil prevents false-positive integration coverage.
🧪 Suggested guard for contract drift
func (s *integrationBridgeService) PutSecretBinding( ctx context.Context, binding bridgepkg.BridgeSecretBinding, - _ *string, + secretValue *string, ) error { if s == nil || s.store == nil { return errors.New("integration bridge secret store is not configured") } + if secretValue != nil { + return errors.New("integration bridge service does not support inline secret values in this test harness") + } return s.store.PutBridgeSecretBinding(ctx, binding) }🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@internal/api/httpapi/httpapi_integration_test.go` around lines 1830 - 1839, The test double PutSecretBinding currently ignores the new secretValue parameter; update the integrationBridgeService.PutSecretBinding implementation to fail fast if the secretValue argument is non-nil (return a descriptive error like "secretValue not supported in integration bridge test double") instead of silently discarding it, then proceed to call s.store.PutBridgeSecretBinding(ctx, binding) only when secretValue is nil; reference the PutSecretBinding method and the secretValue parameter to locate and change the logic.internal/automation/trigger_test.go (1)
809-845: ⚡ Quick winMake the test resolver fail on unexpected secret refs.
Right now the resolver returns
"shared-secret"for every lookup, so these tests won't catch the engine resolving the wrongWebhookSecretRef. A ref-keyed stub would exercise the new contract much more directly.Suggested test helper tightening
opts = append( []TriggerEngineOption{ - WithTriggerEngineWebhookSecretResolver(staticTriggerWebhookSecretResolver{secret: "shared-secret"}), + WithTriggerEngineWebhookSecretResolver(staticTriggerWebhookSecretResolver{ + secrets: map[string]string{ + "env:AGH_TEST_WEBHOOK_SECRET": "shared-secret", + }, + }), }, opts..., ) @@ type staticTriggerWebhookSecretResolver struct { - secret string + secrets map[string]string } -func (r staticTriggerWebhookSecretResolver) ResolveRef(context.Context, string) (string, error) { - return r.secret, nil +func (r staticTriggerWebhookSecretResolver) ResolveRef(_ context.Context, ref string) (string, error) { + secret, ok := r.secrets[ref] + if !ok { + return "", errors.New("unexpected webhook secret ref") + } + return secret, nil }🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@internal/automation/trigger_test.go` around lines 809 - 845, The staticTriggerWebhookSecretResolver currently returns the same secret for any ref; change it to a ref-keyed stub that validates the incoming ref and returns an error when an unexpected ref is requested: update staticTriggerWebhookSecretResolver to hold a map[string]string (or expectedKey string) and modify ResolveRef(ctx, ref string) to look up the ref, return the mapped secret if present and return a non-nil error otherwise; adjust tests that call WithTriggerEngineWebhookSecretResolver/NewTriggerEngine to provide the appropriate map entries for expected WebhookSecretRef values so mis-resolutions will fail the test.internal/api/core/bridges_test.go (1)
341-349: ⚡ Quick winAssert the renamed
secret_ref/kindfields on the list response.This now only checks
binding_name, so the test would still pass if the handler dropped or mis-mapped the renamed secret-binding fields. It would be worth locking insecret_ref,kind, and the absence ofsecret_valuehere as well.Suggested assertion expansion
var listPayload contract.BridgeSecretBindingsResponse testutil.DecodeJSONResponse(t, listResp, &listPayload) if got, want := len(listPayload.Bindings), 1; got != want { t.Fatalf("len(bindings) = %d, want %d", got, want) } if listPayload.Bindings[0].BindingName != "bot_token" { t.Fatalf("binding = %#v", listPayload.Bindings[0]) } + if got, want := listPayload.Bindings[0].SecretRef, "vault:bridges/brg-core/bot_token"; got != want { + t.Fatalf("binding secret_ref = %q, want %q", got, want) + } + if got, want := listPayload.Bindings[0].Kind, "token"; got != want { + t.Fatalf("binding kind = %q, want %q", got, want) + } + if strings.Contains(listResp.Body.String(), "secret_value") { + t.Fatalf("list secret bindings response leaked secret_value: %s", listResp.Body.String()) + }🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@internal/api/core/bridges_test.go` around lines 341 - 349, The test currently only asserts BindingName on the decoded BridgeSecretBindingsResponse; add assertions to lock the renamed fields by checking listPayload.Bindings[0].SecretRef equals the expected secret reference, listPayload.Bindings[0].Kind equals the expected kind, and that listPayload.Bindings[0].SecretValue is absent/empty (e.g., == "" or nil depending on its type). Update the assertions immediately after the existing BindingName check using the same listPayload/Bindings[0] references to ensure the handler returns secret_ref and kind and does not leak secret_value.internal/automation/manager.go (1)
1468-1479: ⚡ Quick winRemove the dead
desiredTriggerSecretsparameter instead of keeping a hard-fail compatibility path.Every non-empty use now errors immediately, so the signature still advertises an obsolete mutation style that callers have to reason about even though it is no longer supported.
As per coding guidelines, "Never sacrifice code quality for backward compatibility in greenfield alpha; delete obsolete code instead of working around it."
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@internal/automation/manager.go` around lines 1468 - 1479, The SyncManagedDefinitions function still accepts the obsolete desiredTriggerSecrets parameter and immediately errors on any non-empty map; remove the dead parameter from the SyncManagedDefinitions signature and delete the associated nil-check/error block (the conditional that returns "managed trigger plaintext values are not supported") and then update all call sites, tests, and any interface/type declarations that reference SyncManagedDefinitions to stop passing desiredTriggerSecrets (and adjust callers to no longer construct or expect that argument), plus update any docs/comments mentioning webhook_secret_ref plaintext support.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In @.compozy/tasks/agent-soul/qa/bootstrap.env:
- Around line 1-10: The bootstrap env file contains machine-specific absolute
paths and a username in variables like SCENARIO_SLUG, WORKSPACE_PATH,
QA_OUTPUT_PATH, AGH_HOME, AGH_UDS_PATH, TMUX_BRIDGE_SOCKET,
AGH_WEB_API_PROXY_TARGET, PROVIDER_HOME and PROVIDER_CODEX_HOME; replace these
hard-coded values with neutral template placeholders or environment-default
expressions (e.g. ${WORKSPACE_PATH:-/path/to/workspace}) and/or relative paths,
remove any user-identifying parts from SCENARIO_SLUG, and commit a sanitized
template (e.g., bootstrap.env.example) so CI/other devs populate real values
locally rather than storing local absolute paths in the repo.
In `@internal/api/contract/authored_context.go`:
- Around line 1048-1062: The SessionHealthPayload currently returns raw daemon
error text via LastError (see SessionHealthPayload return and the
normalized.LastError usage); change this to never expose raw error/secret
material by sanitizing or redacting normalized.LastError before returning (e.g.,
replace with nil, sanitized string, or a claim_token_hash) and ensure the same
sanitization is applied to the other occurrences referenced (lines ~1243-1274).
Update or call the project’s secret-sanitizer utility (or add a
sanitizeLastError function) to strip secret bindings (secret_ref/env:/vault:,
OAuth/PKCE codes, MCP/claim tokens) and return only safe hashed/placeholder
values in SessionHealthPayload.LastError and any related status/error payloads.
In `@internal/api/contract/automation.go`:
- Around line 64-83: The TriggerPayload currently exposes the raw webhook
binding via the webhook_secret_ref field (and similarly in the transport request
DTOs), which leaks secret identifiers; remove webhook_secret_ref from
TriggerPayload and the request DTOs and replace it with an opaque presence
indicator and/or a hashed form (e.g., WebhookSecretPresent bool and
WebhookSecretHash string) so callers only learn that a secret is configured (and
an irreversible hash) instead of the raw binding; update all places that
populate or marshal TriggerPayload and the transport DTOs to compute and set the
hash server-side (never accept or propagate the raw binding), change JSON tags
accordingly (e.g., "webhook_secret_present" / "webhook_secret_hash"), and ensure
logging, error messages, and any serialization paths do not include the raw
value (search for usages of TriggerPayload.webhook_secret_ref and the transport
request DTO names to update producers/consumers).
In `@internal/api/core/authored_context.go`:
- Around line 198-230: The PutAgentSoul handler (and the other authored-context
Soul handlers in the same file for the ranges covering delete/rollback/refresh)
must reject requests that use the If-Match header the same way heartbeat
mutations do: detect presence of the If-Match header early (before calling
decodeAuthoredJSONBody/resolveAuthoredAgentTarget and before calling
h.SoulAuthoring.* methods), and respond with the same error path used for
unsupported header-based CAS (use h.respondError with the same status/error used
by heartbeat mutations) rather than silently ignoring it; apply the same
check-and-reject logic to the other Soul handlers in this file (the
delete/rollback/refresh handlers around lines 233-265 and 303-364) so
conditional requests behave consistently.
In `@internal/api/core/automation.go`:
- Around line 1003-1024: The helpers webhookSecretWriteFromCreateRequest and
webhookSecretWriteFromUpdateRequest currently call strings.TrimSpace on webhook
secret values which can alter valid secrets; change them to preserve the secret
byte-for-byte by removing TrimSpace when assigning WebhookSecretValue (keep the
pointer semantics and allocate value variables as before), while still trimming
only the WebhookSecretRef (Ref) if desired; update
webhookSecretWriteFromCreateRequest to set write.Value to a pointer to the raw
req.WebhookSecretValue (if non-empty) and webhookSecretWriteFromUpdateRequest to
set write.Value to a pointer to *req.WebhookSecretValue without trimming so HMAC
and exact comparisons remain correct.
In `@internal/api/core/conversions.go`:
- Around line 636-654: The TriggerPayload currently includes the sensitive
WebhookSecretRef (in the return constructing contract.TriggerPayload), which
must not be serialized; modify the return so WebhookSecretRef is not populated
(set it to nil/empty string or omit it) when building the payload in this
conversion function (the code that constructs contract.TriggerPayload from
trigger and uses cloneFilter); ensure no other conversion paths populate
WebhookSecretRef for API responses and replace any exposed bindings with a
non-secret representation (e.g., a claim_token_hash) if needed.
In `@internal/api/core/settings_test.go`:
- Around line 1736-1742: The test that validates MCP secret ingestion sets
SecretValues with SecretEnv {"TOKEN":"server-token"} but does not assert the
HTTP mutation response never echoes that raw secret; update the test to capture
the HTTP response body (the mutation/handler response used in this test) and add
an explicit assertion that the body does not contain the raw secret value (e.g.,
"server-token" or SecretValues.SecretEnv["TOKEN"]) and/or the secret binding
key, and apply the same non-leak assertion to the other occurrence around lines
1770-1772; locate the test that constructs
contract.SettingsMCPSecretValuesPayload and add the guard immediately after the
request/response step so any response or logged output is checked for absence of
the raw secret.
In `@internal/api/httpapi/server_test.go`:
- Around line 735-750: The subtest "Should block vault metadata reads on
non-loopback HTTP" only checks StatusForbidden and can false-pass; update it to
also read and decode the response body and assert the JSON error payload matches
the expected forbidden-loopback policy error (same pattern used by other
forbidden-path tests). After calling doServerRequest/mustURL and obtaining resp,
read resp.Body, unmarshal the error JSON and assert the error fields/message
correspond to the loopback-violation response (in addition to asserting
resp.StatusCode == http.StatusForbidden) so the test validates both status and
body.
In `@internal/automation/trigger.go`:
- Around line 658-681: The Register/Update paths currently allow triggers with
empty or invalid WebhookSecretRef to be saved and only fail at delivery; update
TriggerEngine.Register and TriggerEngine.Update to perform the same upfront
validation as resolveWebhookSecret: ensure Trigger.WebhookSecretRef is non-empty
(trimmed), call vault.ValidateRefNamespace(ref, "automation") and return
ErrWebhookSecretRequired (or wrap it) on failure, and verify e.webhookSecrets is
present before accepting the trigger; use the same error semantics as
resolveWebhookSecret so misconfigured webhook triggers are rejected at
registration time.
In `@internal/cli/authored_context.go`:
- Around line 340-382: The CLI flag and usages for Heartbeat CAS should be
renamed from "--if-match" to "--expected-digest": update the Cobra command in
newAgentHeartbeatWriteCommand to change the Example string, the flag
registration cmd.Flags().StringVar(...) (currently using "if-match") to
"expected-digest", and any reads of that flag (the call to
optionalStringFlag(cmd, "if-match", expectedDigest)) to use "expected-digest";
also update the flag name and help text variable expectedDigest and any related
commands/handlers in the same file (the other heartbeat commands referenced
around the 385-418 and 458-519 ranges) as well as tests/examples to use
--expected-digest consistently (no alias).
In `@internal/cli/automation.go`:
- Around line 1600-1611: The CLI is trimming whitespace from webhook secret
fields so HMAC or whitespace-sensitive secrets change before reaching the API;
in the AutomationTriggerCreateRequest construction, stop calling
strings.TrimSpace on WebhookSecretValue and WebhookSecretRef so the raw input is
preserved verbatim (leave trimming on non-secret fields like
Name/AgentName/Prompt/Event), and make the same change in the corresponding
update request block (the update request that sets
WebhookSecretRef/WebhookSecretValue around lines ~1675-1679) to ensure both
create and update paths send secrets unchanged.
In `@internal/cli/client.go`:
- Around line 815-830: Add a fast-fail check for an empty vault ref at the start
of targeted vault operations: in unixSocketClient.GetVaultSecret (and same for
DeleteVaultSecret and the other occurrences referenced) validate that the
incoming ref string is non-empty and return a descriptive error (e.g., "vault
ref required" or similar) before calling vaultRefValues or making the request;
this prevents omitting the ref param and avoids ambiguous/broad server
behavior—update each function (GetVaultSecret, DeleteVaultSecret, and the two
other occurrences) to perform this check and return early on empty ref.
---
Outside diff comments:
In `@internal/api/contract/contract.go`:
- Around line 163-172: The AgentMCPServerJSON response struct currently exposes
secret bindings via the SecretEnv field (SecretEnv map[string]string
`json:"secret_env,omitempty"`); remove this field from the exported DTO so
secret bindings are never serialized in agent API responses and replace any
consumers to use an internal-only representation or a hashed/reference field
(e.g., claim_token_hash style) when needed; update code that populates
AgentMCPServerJSON to stop writing to SecretEnv and ensure any tests/serializers
use the internal struct or a non-secret hashed field instead.
In `@internal/api/contract/settings.go`:
- Around line 356-393: The settings API structs currently expose raw secret
bindings (fields named SecretRef / secret_ref and any client_secret_ref or
secret_env equivalents) which violates the redaction policy; update the payload
types (SettingsProviderCredentialSlotPayload,
SettingsProviderCredentialStatusPayload, SettingsProviderSecretWritePayload,
SettingsProviderItemPayload and related types referenced around lines ~396-505)
to remove or stop emitting raw secret binding fields and instead expose only
presence/source metadata or an opaque/hash field (e.g.,
ClaimTokenHash/SecretRefHash) and the existing Present/Source booleans; ensure
any write payload that must accept secrets (SettingsProviderSecretWritePayload)
is only used on input paths and never returned in read/status views, and audit
uses of fields named secret_ref, client_secret_ref, or secret_env to replace
them with hashed/opaque variants in response structs.
In `@internal/api/core/conversions.go`:
- Around line 1506-1575: The payload builders (notably
settingsProviderItemPayload, settingsProviderSettingsPayload,
settingsProviderCredentialSlotPayloads, and
settingsProviderCredentialStatusPayloads) are currently exposing secret binding
fields (secret_ref / client_secret_ref / secret_env); remove or replace those
raw secret-location fields so they never travel over the wire — either omit them
from contract.Settings*Payload or replace them with a deterministic
hash/redaction field (e.g., secret_ref_hash or claim_token_hash) computed via a
central helper (e.g., computeSecretBindingHash) and used consistently across
provider, MCP, sandbox, and hook payload builders (also update the similar
blocks around the other ranges called out in the comment). Ensure you do not log
or include the raw secret string anywhere and update the payload struct mapping
to use the hash/redacted field name instead.
In `@internal/api/udsapi/udsapi_integration_test.go`:
- Around line 1974-1982: The PutSecretBinding implementation in
integrationBridgeService ignores the new secretValue parameter; update
PutSecretBinding to forward that secretValue to the store call instead of
dropping it—i.e., change the invocation of s.store.PutBridgeSecretBinding to
pass the secretValue (or call the store method that accepts the plaintext value)
so the integration test exercises the actual secret-write path; ensure the store
interface/signature (PutBridgeSecretBinding) is adjusted/used accordingly and
keep the ctx and binding parameters intact.
In `@internal/automation/manager.go`:
- Around line 881-903: The code deletes the superseded webhook secret too early
(deleteSupersededOwnedWebhookSecret is called before computing currentEffective
and applying it to runtime), so if later steps fail and the trigger record is
rolled back the secret is gone; move the deletion so it only runs after the
trigger update and runtime apply are fully successful: i.e., keep
applyWebhookSecretWritePointer and store.UpdateTrigger as-is, then compute
currentEffective via effectiveTriggerFromStored and call
applyTriggerToRuntime(currentEffective), and only after that (and after any
successful store update commits) call deleteSupersededOwnedWebhookSecret; ensure
rollback paths (where store.UpdateTrigger reverts to currentStored or
applyTriggerToRuntime fails and previousEffective is reapplied) do not attempt
to delete or must restore the secret. Reference functions:
applyWebhookSecretWritePointer, deleteSupersededOwnedWebhookSecret,
effectiveTriggerFromStored, applyTriggerToRuntime, and store.UpdateTrigger.
In `@internal/automation/resource_projection.go`:
- Around line 438-462: The secret mutation via m.applyWebhookSecretWritePointer
happens before the trigger update is committed, risking orphaned or mismatched
secrets if m.triggerResources.Put fails; fix by deferring the secret write until
after a successful Put (i.e., call m.applyWebhookSecretWritePointer only after
m.triggerResources.Put returns no error), or if you must perform the secret
write first then implement a rollback path that restores the prior secret state
when m.triggerResources.Put fails; locate the sequence around
applyWebhookSecretRef, stableConfigID, requireWebhookSecretRef, next.Validate,
m.applyWebhookSecretWritePointer and m.triggerResources.Put in
updateTriggerResource and either move the applyWebhookSecretWritePointer call to
follow the Put or add explicit rollback logic to undo the secret mutation on Put
error.
In `@internal/cli/config.go`:
- Around line 1012-1035: Update provider mutation handling so
providers.<name>.secret_env is accepted and treated as redacted: in
isProviderMutationPath add "secret_env" to the switch for path[2] (alongside
"command" and "default_model"), and update classifyConfigMutationPath so the
branch that calls isProviderMutationPath(path) returns (configSetString, true,
nil) instead of (configSetString, false, nil) so secret_env is allowed and
flagged sensitive; reference functions: classifyConfigMutationPath and
isProviderMutationPath and the providers.<name>.secret_env path.
In `@internal/cli/extension.go`:
- Around line 162-168: The Args validation for the "extension update" command
currently only checks len(args) and therefore allows a whitespace-only target;
update the Args function (the Args closure using variables updateAll and args)
to trim and validate the provided name when not updateAll—e.g., after confirming
not updateAll, call strings.TrimSpace on args[0] and return an error like "cli:
update requires a non-blank extension name" if the trimmed value is empty,
ensuring whitespace-only names are rejected before downstream code runs.
---
Nitpick comments:
In `@internal/api/core/automation_test.go`:
- Around line 490-493: Add a sibling test case that exercises the
webhook_secret_ref path: in the CreateTriggerFn handler used in the test
(CreateTriggerFn) add a parallel create invocation that sends an
automationpkg.WebhookSecretWrite with Ref set (e.g. "secret-ref") and Value nil,
and assert the manager receives secret.Ref == "secret-ref" and secret.Value ==
nil; mirror the same change for the other test block around the second location
referenced (the block at 661-668) so both inline webhook_secret_value and
ref-backed requests are round-tripped and validated by the test harness.
In `@internal/api/core/bridges_test.go`:
- Around line 341-349: The test currently only asserts BindingName on the
decoded BridgeSecretBindingsResponse; add assertions to lock the renamed fields
by checking listPayload.Bindings[0].SecretRef equals the expected secret
reference, listPayload.Bindings[0].Kind equals the expected kind, and that
listPayload.Bindings[0].SecretValue is absent/empty (e.g., == "" or nil
depending on its type). Update the assertions immediately after the existing
BindingName check using the same listPayload/Bindings[0] references to ensure
the handler returns secret_ref and kind and does not leak secret_value.
In `@internal/api/httpapi/httpapi_integration_test.go`:
- Around line 913-940: Add an explicit assertion that the plaintext webhook
secret never appears in API responses: after decoding createResp into created
(and after decoding getResp into fetched) assert that neither created.Trigger
nor fetched.Trigger contains a non-empty plaintext secret field (e.g.,
WebhookSecretValue, WebhookSecret, etc.) and instead expect only a hash or empty
value; update the test around variables createResp/created and getResp/fetched
(and keep the existing endpoint/FormatWebhookEndpoint checks) to fail the test
if any plaintext secret is returned.
- Around line 1830-1839: The test double PutSecretBinding currently ignores the
new secretValue parameter; update the integrationBridgeService.PutSecretBinding
implementation to fail fast if the secretValue argument is non-nil (return a
descriptive error like "secretValue not supported in integration bridge test
double") instead of silently discarding it, then proceed to call
s.store.PutBridgeSecretBinding(ctx, binding) only when secretValue is nil;
reference the PutSecretBinding method and the secretValue parameter to locate
and change the logic.
In `@internal/api/spec/authored_context.go`:
- Around line 401-402: The authoredContextOperations function returns a shallow
copy of authoredContextOperationRegistry but nested slice fields (Parameters,
Responses) are not defensively copied like Tags is; update the construction path
(e.g., in buildOperation and/or wherever OperationSpec is copied from
authoredContextOperationRegistry) to make defensive copies of all slice fields
by using append([]T(nil), spec.Parameters...), append([]U(nil),
spec.Responses...) (matching the existing append([]string(nil), spec.Tags...)),
so every slice field (Tags, Parameters, Responses, etc.) is copied to prevent
aliasing and future mutations of authoredContextOperationRegistry via
OperationSpec values.
In `@internal/automation/manager.go`:
- Around line 1468-1479: The SyncManagedDefinitions function still accepts the
obsolete desiredTriggerSecrets parameter and immediately errors on any non-empty
map; remove the dead parameter from the SyncManagedDefinitions signature and
delete the associated nil-check/error block (the conditional that returns
"managed trigger plaintext values are not supported") and then update all call
sites, tests, and any interface/type declarations that reference
SyncManagedDefinitions to stop passing desiredTriggerSecrets (and adjust callers
to no longer construct or expect that argument), plus update any docs/comments
mentioning webhook_secret_ref plaintext support.
In `@internal/automation/trigger_test.go`:
- Around line 809-845: The staticTriggerWebhookSecretResolver currently returns
the same secret for any ref; change it to a ref-keyed stub that validates the
incoming ref and returns an error when an unexpected ref is requested: update
staticTriggerWebhookSecretResolver to hold a map[string]string (or expectedKey
string) and modify ResolveRef(ctx, ref string) to look up the ref, return the
mapped secret if present and return a non-nil error otherwise; adjust tests that
call WithTriggerEngineWebhookSecretResolver/NewTriggerEngine to provide the
appropriate map entries for expected WebhookSecretRef values so mis-resolutions
will fail the test.
In `@internal/cli/command_paths_test.go`:
- Around line 55-75: The test currently only verifies commands run without error
but doesn't assert that the subcommands call the correct client methods; for
each mocked client function shown (getAgentSoulFn, refreshSessionSoulFn,
getAgentHeartbeatFn, getAgentHeartbeatStatusFn) add a call-tracking boolean
(e.g., gotAgentSoulCalled, refreshedSessionSoulCalled, gotAgentHeartbeatCalled,
gotAgentHeartbeatStatusCalled) that is set to true inside each mock
implementation, then after exercising the command matrix assert each
corresponding flag is true to fail the test if a subcommand is misrouted; apply
the same call-flag/assertion pattern to the other similar mocked groups in the
file (the other get/refresh/heartbeat mock blocks).
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In @.compozy/tasks/agent-soul/qa/evidence/TC-SCEN-003-agent-output.txt:
- Around line 1-7: Fix typographical, grammatical, and formatting errors in the
QA evidence text: change "reach,ability" to "reachability" and normalize the
endpoint formatting from "`/api/agent`/context" to "`/api/agent/context`",
remove the double period after `HTTP 200` and standardize to "`HTTP 200`",
rewrite the unclear clause "this claimed task note makes ownership no" to a
clear sentence like "This claimed task note indicates no ownership." and replace
the malformed sentence beginning "boundary no evidence session in this
validates" with "No evidence in this session validates hidden queue state, token
contents, or broader production runtime health beyond the stated digest and
`HTTP 200`."; ensure consistent use of backticks around code/HTTP values and fix
punctuation in the "Soul Evidence digest" line so the digest statement reads
cleanly.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
Run ID: b7022c51-4554-4a00-9f97-be82595c6927
⛔ Files ignored due to path filters (186)
.agents/skills/compozy/SKILL.mdis excluded by!**/*.md,!.agents/**.agents/skills/compozy/references/config-reference.mdis excluded by!**/*.md,!.agents/**.agents/skills/compozy/references/skills-reference.mdis excluded by!**/*.md,!.agents/**.agents/skills/compozy/references/workflow-guide.mdis excluded by!**/*.md,!.agents/**.agents/skills/cy-create-prd/SKILL.mdis excluded by!**/*.md,!.agents/**.agents/skills/cy-create-prd/references/prd-template.mdis excluded by!**/*.md,!.agents/**.agents/skills/cy-create-tasks/SKILL.mdis excluded by!**/*.md,!.agents/**.agents/skills/cy-create-tasks/references/task-template.mdis excluded by!**/*.md,!.agents/**.agents/skills/cy-create-techspec/SKILL.mdis excluded by!**/*.md,!.agents/**.agents/skills/cy-create-techspec/references/techspec-template.mdis excluded by!**/*.md,!.agents/**.agents/skills/cy-fix-reviews/SKILL.mdis excluded by!**/*.md,!.agents/**.agents/skills/cy-review-round/SKILL.mdis excluded by!**/*.md,!.agents/**.compozy/tasks/agent-soul/qa/bootstrap-manifest.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/BUG-004-daemon-start.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/BUG-004-daemon-status-after-restart.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/BUG-004-daemon-stop.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/BUG-004-http-agent-context-go-test.logis excluded by!**/*.log.compozy/tasks/agent-soul/qa/evidence/BUG-004-http-agent-context-test-conventions.logis excluded by!**/*.log.compozy/tasks/agent-soul/qa/evidence/BUG-004-make-build.logis excluded by!**/*.log.compozy/tasks/agent-soul/qa/evidence/BUG-004-task-actors-test-conventions.logis excluded by!**/*.log.compozy/tasks/agent-soul/qa/evidence/BUG-005-build.logis excluded by!**/*.log.compozy/tasks/agent-soul/qa/evidence/BUG-005-child-spawn-after-fix.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/BUG-005-daemon-start-after-rebuild-env.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/BUG-005-daemon-start-after-rebuild.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/BUG-005-daemon-status-after-rebuild-env.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/BUG-005-daemon-status-after-rebuild.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/BUG-005-daemon-status-before-restart.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/BUG-005-daemon-stop-for-rebuild.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/BUG-005-hooks-notifier-focused-go-test.logis excluded by!**/*.log.compozy/tasks/agent-soul/qa/evidence/BUG-005-notifier-test-conventions.logis excluded by!**/*.log.compozy/tasks/agent-soul/qa/evidence/BUG-005-parent-child-ids-after-fix.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/BUG-005-parent-child-session-list-after-fix.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/BUG-005-parent-child-sessions-sqlite-after-fix.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/BUG-005-parent-session-new-after-fix.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/BUG-005-session-list-before-restart.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/BUG-006-config-cli-focused-go-test.logis excluded by!**/*.log.compozy/tasks/agent-soul/qa/evidence/BUG-006-config-test-conventions.logis excluded by!**/*.log.compozy/tasks/agent-soul/qa/evidence/BUG-006-go-build-bin.logis excluded by!**/*.log.compozy/tasks/agent-soul/qa/evidence/TC-REG-001-cross-feature.logis excluded by!**/*.log.compozy/tasks/agent-soul/qa/evidence/TC-REG-001-heartbeat-after-invalid.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/TC-REG-001-heartbeat-before.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/TC-REG-001-invalid-heartbeat.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/TC-REG-001-invalid-soul-write.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/TC-REG-001-invalid-soul.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/TC-REG-001-soul-after-invalid.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/TC-REG-001-soul-before.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/TC-REG-002-cli-heartbeat-write.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/TC-REG-002-cli-soul-write.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/TC-REG-002-cli.logis excluded by!**/*.log.compozy/tasks/agent-soul/qa/evidence/TC-REG-002-http-body-cas-heartbeat.logis excluded by!**/*.log.compozy/tasks/agent-soul/qa/evidence/TC-REG-002-http-body-cas-soul.logis excluded by!**/*.log.compozy/tasks/agent-soul/qa/evidence/TC-REG-002-http-body-cas.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/TC-REG-002-http-if-match-heartbeat.logis excluded by!**/*.log.compozy/tasks/agent-soul/qa/evidence/TC-REG-002-http-if-match-soul.logis excluded by!**/*.log.compozy/tasks/agent-soul/qa/evidence/TC-REG-002-http-if-match.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/TC-REG-003-bun-test.logis excluded by!**/*.log.compozy/tasks/agent-soul/qa/evidence/TC-REG-003-docs-cli-boundary.logis excluded by!**/*.log.compozy/tasks/agent-soul/qa/evidence/TC-REG-003-web-boundary.logis excluded by!**/*.log.compozy/tasks/agent-soul/qa/evidence/TC-REG-004-daemon-start.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/TC-REG-004-daemon-status-after-restart.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/TC-REG-004-daemon-stop.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/TC-REG-004-heartbeat-history-after-rollback.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/TC-REG-004-heartbeat-inspect-after-restart.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/TC-REG-004-heartbeat-rollback.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/TC-REG-004-heartbeat-write-v2.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/TC-REG-004-redaction-scan.logis excluded by!**/*.log.compozy/tasks/agent-soul/qa/evidence/TC-REG-004-restart-recovery.logis excluded by!**/*.log.compozy/tasks/agent-soul/qa/evidence/TC-REG-004-session-list-after-restart.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/TC-REG-004-soul-delete-stale.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/TC-REG-004-soul-delete.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/TC-REG-004-soul-history-after-delete.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/TC-REG-004-soul-inspect-after-restart.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/TC-REG-004-soul-rollback-stale.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/TC-REG-004-soul-rollback.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/TC-REG-004-soul-write-v2.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/TC-REG-004-task-list-after-heartbeat-rollback.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/TC-REG-005-config-agents-list.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/TC-REG-005-config-heartbeat-default-after-25m.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/TC-REG-005-config-heartbeat-default-after-invalid.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/TC-REG-005-config-heartbeat-default-before.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/TC-REG-005-config-heartbeat-default-restore-30m.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/TC-REG-005-config-heartbeat-default-restored.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/TC-REG-005-config-heartbeat-default-set-25m.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/TC-REG-005-config-heartbeat-invalid-stderr.logis excluded by!**/*.log.compozy/tasks/agent-soul/qa/evidence/TC-REG-005-config-heartbeat-invalid-stdout.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/TC-REG-005-config-heartbeat-retention-before.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/TC-REG-005-config-invalid-rejection-summary.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/TC-REG-005-config-soul-context-after-1536.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/TC-REG-005-config-soul-context-after-invalid.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/TC-REG-005-config-soul-context-before.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/TC-REG-005-config-soul-context-restore-2048.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/TC-REG-005-config-soul-context-restored.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/TC-REG-005-config-soul-context-set-1536.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/TC-REG-005-config-soul-invalid-stderr.logis excluded by!**/*.log.compozy/tasks/agent-soul/qa/evidence/TC-REG-005-config-soul-invalid-stdout.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/TC-REG-005-globaldb-migration-retention-claim-go-test.logis excluded by!**/*.log.compozy/tasks/agent-soul/qa/evidence/TC-REG-005-heartbeat-wake-policy-go-test.logis excluded by!**/*.log.compozy/tasks/agent-soul/qa/evidence/TC-REG-005-heartbeat-wake-retention-go-test.logis excluded by!**/*.log.compozy/tasks/agent-soul/qa/evidence/TC-REG-005-session-active-prompt-go-test.logis excluded by!**/*.log.compozy/tasks/agent-soul/qa/evidence/TC-REG-005-session-heartbeat-absent-check.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/TC-REG-005-session-heartbeat-absent-stderr.logis excluded by!**/*.log.compozy/tasks/agent-soul/qa/evidence/TC-REG-005-session-heartbeat-absent-stdout.logis excluded by!**/*.log.compozy/tasks/agent-soul/qa/evidence/TC-SCEN-001-api.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/TC-SCEN-001-cli.logis excluded by!**/*.log.compozy/tasks/agent-soul/qa/evidence/TC-SCEN-001-soul-history.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/TC-SCEN-001-soul-inspect-cli.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/TC-SCEN-002-cli.logis excluded by!**/*.log.compozy/tasks/agent-soul/qa/evidence/TC-SCEN-002-heartbeat-api.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/TC-SCEN-002-heartbeat-inspect-cli.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/TC-SCEN-002-heartbeat-status-after-dry-run.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/TC-SCEN-002-heartbeat-status-api.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/TC-SCEN-002-heartbeat-status-cli.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/TC-SCEN-002-heartbeat-status-session.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/TC-SCEN-002-heartbeat-wake-dry-run.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/TC-SCEN-002-heartbeat-wake-missing-session.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/TC-SCEN-002-session-events-after-dry-run.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/TC-SCEN-002-session-health.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/TC-SCEN-002-session-inspect.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/TC-SCEN-002-session-new.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/TC-SCEN-002-task-list-after-dry-run.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/TC-SCEN-003-agent-context-http-after-fix.logis excluded by!**/*.log.compozy/tasks/agent-soul/qa/evidence/TC-SCEN-003-agent-context-http-debug.logis excluded by!**/*.log.compozy/tasks/agent-soul/qa/evidence/TC-SCEN-003-agent-context-http-no-workspace.logis excluded by!**/*.log.compozy/tasks/agent-soul/qa/evidence/TC-SCEN-003-agent-context.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/TC-SCEN-003-agent-me-http-debug.logis excluded by!**/*.log.compozy/tasks/agent-soul/qa/evidence/TC-SCEN-003-agent-soul-http-after-fix.logis excluded by!**/*.log.compozy/tasks/agent-soul/qa/evidence/TC-SCEN-003-agent-soul-http-debug.logis excluded by!**/*.log.compozy/tasks/agent-soul/qa/evidence/TC-SCEN-003-followup-approval-2.logis excluded by!**/*.log.compozy/tasks/agent-soul/qa/evidence/TC-SCEN-003-followup-approval.logis excluded by!**/*.log.compozy/tasks/agent-soul/qa/evidence/TC-SCEN-003-followup-session-inspect-after-approval.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/TC-SCEN-003-followup-session-inspect-during-hang.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/TC-SCEN-003-followup-session-inspect-final.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/TC-SCEN-003-me-context-after-http-fix.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/TC-SCEN-003-me-context.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/TC-SCEN-003-me.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/TC-SCEN-003-provider-boundary.logis excluded by!**/*.log.compozy/tasks/agent-soul/qa/evidence/TC-SCEN-003-provider-followup.logis excluded by!**/*.log.compozy/tasks/agent-soul/qa/evidence/TC-SCEN-003-session-context.logis excluded by!**/*.log.compozy/tasks/agent-soul/qa/evidence/TC-SCEN-003-session-events-after-followup-approval.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/TC-SCEN-003-session-events-after-prompt.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/TC-SCEN-003-session-events-during-followup.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/TC-SCEN-003-session-history-after-prompt.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/TC-SCEN-003-session-history-final.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/TC-SCEN-003-session-inspect-after-http-fix.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/TC-SCEN-003-session-inspect.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/TC-SCEN-003-session-list.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/TC-SCEN-003-session-new-after-http-fix.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/TC-SCEN-003-session-new.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/TC-SCEN-003-session-soul-refresh-with-cas.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/TC-SCEN-003-session-soul-refresh.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/TC-SCEN-004-child-session-inspect-after-sqlite-discrepancy.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/TC-SCEN-004-child-session-meta.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/TC-SCEN-004-child-session-sqlite.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/TC-SCEN-004-child-spawn.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/TC-SCEN-004-general-agent-inspect.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/TC-SCEN-004-general-soul-inspect.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/TC-SCEN-004-parent-child-sessions-table.tsvis excluded by!**/*.tsv.compozy/tasks/agent-soul/qa/evidence/TC-SCEN-004-parent-session-inspect-before-refresh.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/TC-SCEN-004-parent-session-meta-after-active-refresh-reject.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/TC-SCEN-004-parent-session-meta-after-refresh.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/TC-SCEN-004-parent-session-meta-before-refresh.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/TC-SCEN-004-parent-session-new.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/TC-SCEN-004-parent-session-status-before-refresh.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/TC-SCEN-004-session-soul-refresh-active-http-409.logis excluded by!**/*.log.compozy/tasks/agent-soul/qa/evidence/TC-SCEN-004-session-soul-refresh-active-status.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/TC-SCEN-004-session-soul-refresh-active-stderr.logis excluded by!**/*.log.compozy/tasks/agent-soul/qa/evidence/TC-SCEN-004-session-soul-refresh-active-stdout.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/TC-SCEN-004-session-soul-refresh-idle.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/TC-SCEN-004-sessions-schema-confirm.logis excluded by!**/*.log.compozy/tasks/agent-soul/qa/evidence/TC-SCEN-004-sessions-schema.logis excluded by!**/*.log.compozy/tasks/agent-soul/qa/evidence/TC-SCEN-004-sessions-sqlite-raw.logis excluded by!**/*.log.compozy/tasks/agent-soul/qa/evidence/TC-SCEN-004-soul-baseline-write.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/TC-SCEN-004-soul-v2-write.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/TC-SCEN-004-task-claim-after-start.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/TC-SCEN-004-task-claim.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/TC-SCEN-004-task-create.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/TC-SCEN-004-task-default-claim.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/TC-SCEN-004-task-default-create.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/TC-SCEN-004-task-default-start.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/TC-SCEN-004-task-publish.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/TC-SCEN-004-task-run-metadata.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/TC-SCEN-004-task-start.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/TC-SCEN-005-context-truncation-session-new.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/TC-SCEN-005-context-truncation-summary.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/TC-SCEN-005-http-agent-context-truncated.jsonis excluded by!**/*.json.compozy/tasks/agent-soul/qa/evidence/TC-SCEN-005-http-heartbeat-read-before.jsonis excluded by!**/*.json
📒 Files selected for processing (42)
.compozy/tasks/agent-soul/qa/bootstrap.env.compozy/tasks/agent-soul/qa/evidence/BUG-004-daemon-start.err.compozy/tasks/agent-soul/qa/evidence/BUG-004-daemon-stop.err.compozy/tasks/agent-soul/qa/evidence/TC-REG-001-invalid-heartbeat.err.compozy/tasks/agent-soul/qa/evidence/TC-REG-001-invalid-soul-write.err.compozy/tasks/agent-soul/qa/evidence/TC-REG-001-invalid-soul.err.compozy/tasks/agent-soul/qa/evidence/TC-REG-002-cli-heartbeat-write.err.compozy/tasks/agent-soul/qa/evidence/TC-REG-002-cli-soul-write.err.compozy/tasks/agent-soul/qa/evidence/TC-REG-004-daemon-start.err.compozy/tasks/agent-soul/qa/evidence/TC-REG-004-daemon-stop.err.compozy/tasks/agent-soul/qa/evidence/TC-REG-004-heartbeat-rollback.err.compozy/tasks/agent-soul/qa/evidence/TC-REG-004-heartbeat-write-v2.err.compozy/tasks/agent-soul/qa/evidence/TC-REG-004-soul-delete-stale.err.compozy/tasks/agent-soul/qa/evidence/TC-REG-004-soul-delete.err.compozy/tasks/agent-soul/qa/evidence/TC-REG-004-soul-inspect-after-restart.err.compozy/tasks/agent-soul/qa/evidence/TC-REG-004-soul-rollback-stale.err.compozy/tasks/agent-soul/qa/evidence/TC-REG-004-soul-rollback.err.compozy/tasks/agent-soul/qa/evidence/TC-REG-004-soul-write-v2.err.compozy/tasks/agent-soul/qa/evidence/TC-REG-005-session-heartbeat-absent-status.txt.compozy/tasks/agent-soul/qa/evidence/TC-SCEN-002-heartbeat-status-session.err.compozy/tasks/agent-soul/qa/evidence/TC-SCEN-002-heartbeat-wake-dry-run.err.compozy/tasks/agent-soul/qa/evidence/TC-SCEN-002-heartbeat-wake-missing-session.err.compozy/tasks/agent-soul/qa/evidence/TC-SCEN-002-session-health.err.compozy/tasks/agent-soul/qa/evidence/TC-SCEN-002-session-id.txt.compozy/tasks/agent-soul/qa/evidence/TC-SCEN-002-session-inspect.err.compozy/tasks/agent-soul/qa/evidence/TC-SCEN-002-session-new.err.compozy/tasks/agent-soul/qa/evidence/TC-SCEN-003-agent-context-clean.err.compozy/tasks/agent-soul/qa/evidence/TC-SCEN-003-agent-context.err.compozy/tasks/agent-soul/qa/evidence/TC-SCEN-003-agent-followup-output.txt.compozy/tasks/agent-soul/qa/evidence/TC-SCEN-003-agent-output.txt.compozy/tasks/agent-soul/qa/evidence/TC-SCEN-003-me-context-after-http-fix.err.compozy/tasks/agent-soul/qa/evidence/TC-SCEN-003-me-context.err.compozy/tasks/agent-soul/qa/evidence/TC-SCEN-003-me.err.compozy/tasks/agent-soul/qa/evidence/TC-SCEN-003-provider-boundary.err.compozy/tasks/agent-soul/qa/evidence/TC-SCEN-003-provider-followup.err.compozy/tasks/agent-soul/qa/evidence/TC-SCEN-003-session-id-after-http-fix.txt.compozy/tasks/agent-soul/qa/evidence/TC-SCEN-003-session-inspect.err.compozy/tasks/agent-soul/qa/evidence/TC-SCEN-003-session-new-after-http-fix.err.compozy/tasks/agent-soul/qa/evidence/TC-SCEN-003-session-new.err.compozy/tasks/agent-soul/qa/evidence/TC-SCEN-003-session-soul-refresh-with-cas.err.compozy/tasks/agent-soul/qa/evidence/TC-SCEN-003-session-soul-refresh.err.compozy/tasks/agent-soul/qa/evidence/TC-SCEN-004-claimed-run-id.txt
✅ Files skipped from review due to trivial changes (13)
- .compozy/tasks/agent-soul/qa/evidence/TC-SCEN-003-session-soul-refresh.err
- .compozy/tasks/agent-soul/qa/evidence/TC-REG-004-soul-delete-stale.err
- .compozy/tasks/agent-soul/qa/evidence/TC-SCEN-004-claimed-run-id.txt
- .compozy/tasks/agent-soul/qa/evidence/TC-SCEN-002-session-id.txt
- .compozy/tasks/agent-soul/qa/evidence/TC-SCEN-003-session-id-after-http-fix.txt
- .compozy/tasks/agent-soul/qa/evidence/TC-REG-001-invalid-soul.err
- .compozy/tasks/agent-soul/qa/evidence/TC-REG-005-session-heartbeat-absent-status.txt
- .compozy/tasks/agent-soul/qa/evidence/TC-REG-001-invalid-heartbeat.err
- .compozy/tasks/agent-soul/qa/evidence/TC-SCEN-003-agent-context.err
- .compozy/tasks/agent-soul/qa/evidence/TC-SCEN-003-agent-followup-output.txt
- .compozy/tasks/agent-soul/qa/evidence/TC-REG-004-soul-rollback-stale.err
- .compozy/tasks/agent-soul/qa/evidence/TC-SCEN-002-heartbeat-wake-missing-session.err
- .compozy/tasks/agent-soul/qa/evidence/TC-REG-001-invalid-soul-write.err
🚧 Files skipped from review as they are similar to previous changes (1)
- .compozy/tasks/agent-soul/qa/bootstrap.env
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Add Fumadocs runtime coverage for the authored-context surfaces shipped in tasks 12-14: dedicated SOUL.md and HEARTBEAT.md concept pages, a session-health concept page, [agents.soul]/[agents.heartbeat] config reference, authored-context Host API/hook/native-tool sections in the extension developer guide, and the AGH Network greet boundary statement. Adds runtime-authored-context-docs.test.ts as a guard suite asserting no agh session heartbeat command, no Soul native tool, and no speculative editor leak into docs. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This was referenced May 23, 2026
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Merged
pedronauck
added a commit
that referenced
this pull request
May 26, 2026
## Release v0.0.1 This PR prepares the release of version v0.0.1. ### Changelog ## 0.0.1 - 2026-05-26 ### Other Changes - Lessons learned ### ♻️ Refactoring - Project structure (#7) - Kb improvements (#12) - Rename spaces to channels (#17) - Add extensions gaps (#21) - Improve tool calls ui (#22) - Remove web app header - Module improvements (#29) - Memory improvements (#35) - Storybook for web and ui (#38) - Enable AGH network by default for new installs (#57) - Hermes adjustments (#69) - Badges design (#84) - Storybook scenario and logos gallery - Migrate typescript tests (#114) - Internal go packages (#120) - Ui patterns (#127) - Improve e2e tests (#130) - Ui redesign - Workspace isolation across runtime surfaces (#145) - Prod ready applies (#162) - Tool card ui (#164) - Alpha on logo - Prod ready features (#167) - Thread sheet (#202) ### 🎉 Features - Implement config foundation packages - Implement sqlite store package - Add ACP client package - Add session lifecycle manager - Implement observe package - Add daemon composition root - Add uds api server - Implement cli package - Add http api server - Add system design - Add foundation types, schemas, and layout shell for web client - Add daemon health polling and agent sidebar systems for web client - Add session system CRUD, streaming core, and session store for web client - Add chat view, messages, and composer tests for web client - Add tool cards and renderers for web client - Add file-backed memory store core - Scaffold memory session seams - Add memory dream consolidation service - Wire memory assembler into daemon - Add memory api and cli - New skills system (#1) - Add workspace entity (#5) - Add new skill capabilities (#8) - Web ui v2 (#9) - Improve hooks system (#10) - Session resilience (#11) - Add extensability (#13) - Add automation (#16) - Add channels (#14) - Add network implementation (#15) - Add network, bridges and automations web pages (#18) - Ext registry (#20) - Add core tasks (#19) - Bridge adapters (#23) - Add site (#26) - Add ext refac and sandbox (#25) - Settings ui (#37) - Tasks ui (#36) - Harness improvements (#44) - Agent capabilities (#49) - Redesign ui (#48) - Unify capability (#53) - Redesign network workspace (#59) - Add task deletion and split session delete from stop (#58) - Session provider selection (#60) - Production grade adjustments (#66) - Autonomous system (#75) - Add agent session route (#80) - Tools registry (#85) - Agents soul (#88) - Add network threads (#105) - Orchestration improvements (#106) - Memory v2 (#108) - Agent categories (#113) - Providers model (#118) - Add canonical AGH bundled skill (#143) - Onboarding and improvements (#198) - Onboarding and improvements (#201) ### 🐛 Bug Fixes - Review round - Review rounds - Resolve memory extensibility review batch - Embed web into daemon - Defaults agents - Acp integration (#4) - Lint errors - Prd folder - Remove orphan web actions and dead surfaces (#55) - Qa testing and fixes (#73) - New review rounds (#82) - Security audit (#90) - Release qa round (#95) - Add missing tools (#141) - New qa round (#147) - Advanced qa round (#149) - Homebrew tap - Final review round (#151) - Daemon healthy - Reasoning models (#158) - Lint errors (#160) - Review round (#168) - Release adjustments (#171) - Stabilize release ci fixtures - Stabilize release integration gate - Stabilize release verify gates - Stabilize release integration flows - Stabilize release verify gates - Stabilize main verify shutdown - Ignore stale acpmock cancel - Marketplace search focus and filtering (#193) - Website video - Workspace command select ### 📚 Documentation - Update agents.md - Update prd - Update skills - Update compozy tasks - Update compozy - Update compozy - Add new skills - Archive prd - Update prds - Update rfc - Update prds - Update prds - Add automation prd - Channels prd - Update prd - Update prd - New prds - Archive prds - Bridges adapters prd - Sandbox prd - Update - Archive prd - Update - Add new prd - New design - Update prd - Archive prds - Update prds - Tasks-ui prd tasks - Update prd - Update design docs - Agent capabilities prd - Improve site docs - Remove old design references - Udpate - Autonomous prd - Update skills - Blog design - Agent sould prd - Final qa plan - Update - Remove codex ledgers from gitignore - Remove not needed files - Udpate ledger - Update cy-codex-loop skill - Orchestration improves prd - Update prds - Orch improvs prd - Memv2 prd - Providers model prd - Update refacs prd - New design proposal - Update rules - Update skills - New blog posts (#173) - Format docs - Remove old design files - Remove old - Skeeper update ### 📦 Build System - Initial structure - Commitlint - Frontend base structure - Update vscode settings - Add subagents - Coderabbit - Prd and tooling - Bun lock - Lint tooling - Copy.md and tooling adjusts - Add repoclone rc - Upgrade skeeper to v0.2.0 - Update go.mod - Adopt task artifacts into skeeper - Sync codex plans with skeeper - Skeeper lock - Skeeper lock - New skills - Skeeper lock - Skeeper lock - Skeeper lock - Update deps and go - Regenerate daytona sidecar assets for go 1.26.3 - Fix cliff - Ignore docs on fmt - Build web assets before goreleaser - Extend release dry-run timeout ### 🔧 CI/CD - Lint errors - Fint release pr - Fix goreleaser ### 🧪 Testing - Add e2e tests (#27) - Qa rounds (#78) - Improve test suite (#138) - Harden daemon-served restart reloads - Harden daemon-served readiness waits - Stabilize dashboard focus assertion - Stabilize release integration gates - Stabilize release e2e markers - Stabilize release e2e flows Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
This was referenced May 26, 2026
Closed
Merged
pedronauck
added a commit
that referenced
this pull request
May 26, 2026
## Release v0.0.1 This PR prepares the release of version v0.0.1. ### Changelog ## 0.0.1 - 2026-05-26 ### Other Changes - Lessons learned ### ♻️ Refactoring - Project structure (#7) - Kb improvements (#12) - Rename spaces to channels (#17) - Add extensions gaps (#21) - Improve tool calls ui (#22) - Remove web app header - Module improvements (#29) - Memory improvements (#35) - Storybook for web and ui (#38) - Enable AGH network by default for new installs (#57) - Hermes adjustments (#69) - Badges design (#84) - Storybook scenario and logos gallery - Migrate typescript tests (#114) - Internal go packages (#120) - Ui patterns (#127) - Improve e2e tests (#130) - Ui redesign - Workspace isolation across runtime surfaces (#145) - Prod ready applies (#162) - Tool card ui (#164) - Alpha on logo - Prod ready features (#167) - Thread sheet (#202) ### 🎉 Features - Implement config foundation packages - Implement sqlite store package - Add ACP client package - Add session lifecycle manager - Implement observe package - Add daemon composition root - Add uds api server - Implement cli package - Add http api server - Add system design - Add foundation types, schemas, and layout shell for web client - Add daemon health polling and agent sidebar systems for web client - Add session system CRUD, streaming core, and session store for web client - Add chat view, messages, and composer tests for web client - Add tool cards and renderers for web client - Add file-backed memory store core - Scaffold memory session seams - Add memory dream consolidation service - Wire memory assembler into daemon - Add memory api and cli - New skills system (#1) - Add workspace entity (#5) - Add new skill capabilities (#8) - Web ui v2 (#9) - Improve hooks system (#10) - Session resilience (#11) - Add extensability (#13) - Add automation (#16) - Add channels (#14) - Add network implementation (#15) - Add network, bridges and automations web pages (#18) - Ext registry (#20) - Add core tasks (#19) - Bridge adapters (#23) - Add site (#26) - Add ext refac and sandbox (#25) - Settings ui (#37) - Tasks ui (#36) - Harness improvements (#44) - Agent capabilities (#49) - Redesign ui (#48) - Unify capability (#53) - Redesign network workspace (#59) - Add task deletion and split session delete from stop (#58) - Session provider selection (#60) - Production grade adjustments (#66) - Autonomous system (#75) - Add agent session route (#80) - Tools registry (#85) - Agents soul (#88) - Add network threads (#105) - Orchestration improvements (#106) - Memory v2 (#108) - Agent categories (#113) - Providers model (#118) - Add canonical AGH bundled skill (#143) - Onboarding and improvements (#198) - Onboarding and improvements (#201) ### 🐛 Bug Fixes - Review round - Review rounds - Resolve memory extensibility review batch - Embed web into daemon - Defaults agents - Acp integration (#4) - Lint errors - Prd folder - Remove orphan web actions and dead surfaces (#55) - Qa testing and fixes (#73) - New review rounds (#82) - Security audit (#90) - Release qa round (#95) - Add missing tools (#141) - New qa round (#147) - Advanced qa round (#149) - Homebrew tap - Final review round (#151) - Daemon healthy - Reasoning models (#158) - Lint errors (#160) - Review round (#168) - Release adjustments (#171) - Stabilize release ci fixtures - Stabilize release integration gate - Stabilize release verify gates - Stabilize release integration flows - Stabilize release verify gates - Stabilize main verify shutdown - Ignore stale acpmock cancel - Marketplace search focus and filtering (#193) - Website video - Workspace command select ### 📚 Documentation - Update agents.md - Update prd - Update skills - Update compozy tasks - Update compozy - Update compozy - Add new skills - Archive prd - Update prds - Update rfc - Update prds - Update prds - Add automation prd - Channels prd - Update prd - Update prd - New prds - Archive prds - Bridges adapters prd - Sandbox prd - Update - Archive prd - Update - Add new prd - New design - Update prd - Archive prds - Update prds - Tasks-ui prd tasks - Update prd - Update design docs - Agent capabilities prd - Improve site docs - Remove old design references - Udpate - Autonomous prd - Update skills - Blog design - Agent sould prd - Final qa plan - Update - Remove codex ledgers from gitignore - Remove not needed files - Udpate ledger - Update cy-codex-loop skill - Orchestration improves prd - Update prds - Orch improvs prd - Memv2 prd - Providers model prd - Update refacs prd - New design proposal - Update rules - Update skills - New blog posts (#173) - Format docs - Remove old design files - Remove old - Skeeper update ### 📦 Build System - Initial structure - Commitlint - Frontend base structure - Update vscode settings - Add subagents - Coderabbit - Prd and tooling - Bun lock - Lint tooling - Copy.md and tooling adjusts - Add repoclone rc - Upgrade skeeper to v0.2.0 - Update go.mod - Adopt task artifacts into skeeper - Sync codex plans with skeeper - Skeeper lock - Skeeper lock - New skills - Skeeper lock - Skeeper lock - Skeeper lock - Update deps and go - Regenerate daytona sidecar assets for go 1.26.3 - Fix cliff - Ignore docs on fmt - Build web assets before goreleaser - Extend release dry-run timeout ### 🔧 CI/CD - Lint errors - Fint release pr - Fix goreleaser - Fix release ### 🧪 Testing - Add e2e tests (#27) - Qa rounds (#78) - Improve test suite (#138) - Harden daemon-served restart reloads - Harden daemon-served readiness waits - Stabilize dashboard focus assertion - Stabilize release integration gates - Stabilize release e2e markers - Stabilize release e2e flows Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Merged
pedronauck
added a commit
that referenced
this pull request
May 26, 2026
## Release v0.0.2 This PR prepares the release of version v0.0.2. ### Changelog ## 0.0.2 - 2026-05-26 ### Other Changes - Lessons learned ### ♻️ Refactoring - Project structure (#7) - Kb improvements (#12) - Rename spaces to channels (#17) - Add extensions gaps (#21) - Improve tool calls ui (#22) - Remove web app header - Module improvements (#29) - Memory improvements (#35) - Storybook for web and ui (#38) - Enable AGH network by default for new installs (#57) - Hermes adjustments (#69) - Badges design (#84) - Storybook scenario and logos gallery - Migrate typescript tests (#114) - Internal go packages (#120) - Ui patterns (#127) - Improve e2e tests (#130) - Ui redesign - Workspace isolation across runtime surfaces (#145) - Prod ready applies (#162) - Tool card ui (#164) - Alpha on logo - Prod ready features (#167) - Thread sheet (#202) ### 🎉 Features - Implement config foundation packages - Implement sqlite store package - Add ACP client package - Add session lifecycle manager - Implement observe package - Add daemon composition root - Add uds api server - Implement cli package - Add http api server - Add system design - Add foundation types, schemas, and layout shell for web client - Add daemon health polling and agent sidebar systems for web client - Add session system CRUD, streaming core, and session store for web client - Add chat view, messages, and composer tests for web client - Add tool cards and renderers for web client - Add file-backed memory store core - Scaffold memory session seams - Add memory dream consolidation service - Wire memory assembler into daemon - Add memory api and cli - New skills system (#1) - Add workspace entity (#5) - Add new skill capabilities (#8) - Web ui v2 (#9) - Improve hooks system (#10) - Session resilience (#11) - Add extensability (#13) - Add automation (#16) - Add channels (#14) - Add network implementation (#15) - Add network, bridges and automations web pages (#18) - Ext registry (#20) - Add core tasks (#19) - Bridge adapters (#23) - Add site (#26) - Add ext refac and sandbox (#25) - Settings ui (#37) - Tasks ui (#36) - Harness improvements (#44) - Agent capabilities (#49) - Redesign ui (#48) - Unify capability (#53) - Redesign network workspace (#59) - Add task deletion and split session delete from stop (#58) - Session provider selection (#60) - Production grade adjustments (#66) - Autonomous system (#75) - Add agent session route (#80) - Tools registry (#85) - Agents soul (#88) - Add network threads (#105) - Orchestration improvements (#106) - Memory v2 (#108) - Agent categories (#113) - Providers model (#118) - Add canonical AGH bundled skill (#143) - Onboarding and improvements (#198) - Onboarding and improvements (#201) ### 🐛 Bug Fixes - Review round - Review rounds - Resolve memory extensibility review batch - Embed web into daemon - Defaults agents - Acp integration (#4) - Lint errors - Prd folder - Remove orphan web actions and dead surfaces (#55) - Qa testing and fixes (#73) - New review rounds (#82) - Security audit (#90) - Release qa round (#95) - Add missing tools (#141) - New qa round (#147) - Advanced qa round (#149) - Homebrew tap - Final review round (#151) - Daemon healthy - Reasoning models (#158) - Lint errors (#160) - Review round (#168) - Release adjustments (#171) - Stabilize release ci fixtures - Stabilize release integration gate - Stabilize release verify gates - Stabilize release integration flows - Stabilize release verify gates - Stabilize main verify shutdown - Ignore stale acpmock cancel - Marketplace search focus and filtering (#193) - Website video - Workspace command select ### 📚 Documentation - Update agents.md - Update prd - Update skills - Update compozy tasks - Update compozy - Update compozy - Add new skills - Archive prd - Update prds - Update rfc - Update prds - Update prds - Add automation prd - Channels prd - Update prd - Update prd - New prds - Archive prds - Bridges adapters prd - Sandbox prd - Update - Archive prd - Update - Add new prd - New design - Update prd - Archive prds - Update prds - Tasks-ui prd tasks - Update prd - Update design docs - Agent capabilities prd - Improve site docs - Remove old design references - Udpate - Autonomous prd - Update skills - Blog design - Agent sould prd - Final qa plan - Update - Remove codex ledgers from gitignore - Remove not needed files - Udpate ledger - Update cy-codex-loop skill - Orchestration improves prd - Update prds - Orch improvs prd - Memv2 prd - Providers model prd - Update refacs prd - New design proposal - Update rules - Update skills - New blog posts (#173) - Format docs - Remove old design files - Remove old - Skeeper update ### 📦 Build System - Initial structure - Commitlint - Frontend base structure - Update vscode settings - Add subagents - Coderabbit - Prd and tooling - Bun lock - Lint tooling - Copy.md and tooling adjusts - Add repoclone rc - Upgrade skeeper to v0.2.0 - Update go.mod - Adopt task artifacts into skeeper - Sync codex plans with skeeper - Skeeper lock - Skeeper lock - New skills - Skeeper lock - Skeeper lock - Skeeper lock - Update deps and go - Regenerate daytona sidecar assets for go 1.26.3 - Fix cliff - Ignore docs on fmt - Build web assets before goreleaser - Extend release dry-run timeout ### 🔧 CI/CD - Lint errors - Fint release pr - Fix goreleaser - Fix release - Fix release process ### 🧪 Testing - Add e2e tests (#27) - Qa rounds (#78) - Improve test suite (#138) - Harden daemon-served restart reloads - Harden daemon-served readiness waits - Stabilize dashboard focus assertion - Stabilize release integration gates - Stabilize release e2e markers - Stabilize release e2e flows - Improve suite speed Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
This was referenced May 26, 2026
Closed
Closed
Merged
pedronauck
added a commit
that referenced
this pull request
May 27, 2026
## Release v0.0.2 This PR prepares the release of version v0.0.2. ### Changelog ## 0.0.2 - 2026-05-26 ### Other Changes - Lessons learned ### ♻️ Refactoring - Project structure (#7) - Kb improvements (#12) - Rename spaces to channels (#17) - Add extensions gaps (#21) - Improve tool calls ui (#22) - Remove web app header - Module improvements (#29) - Memory improvements (#35) - Storybook for web and ui (#38) - Enable AGH network by default for new installs (#57) - Hermes adjustments (#69) - Badges design (#84) - Storybook scenario and logos gallery - Migrate typescript tests (#114) - Internal go packages (#120) - Ui patterns (#127) - Improve e2e tests (#130) - Ui redesign - Workspace isolation across runtime surfaces (#145) - Prod ready applies (#162) - Tool card ui (#164) - Alpha on logo - Prod ready features (#167) - Thread sheet (#202) ### 🎉 Features - Implement config foundation packages - Implement sqlite store package - Add ACP client package - Add session lifecycle manager - Implement observe package - Add daemon composition root - Add uds api server - Implement cli package - Add http api server - Add system design - Add foundation types, schemas, and layout shell for web client - Add daemon health polling and agent sidebar systems for web client - Add session system CRUD, streaming core, and session store for web client - Add chat view, messages, and composer tests for web client - Add tool cards and renderers for web client - Add file-backed memory store core - Scaffold memory session seams - Add memory dream consolidation service - Wire memory assembler into daemon - Add memory api and cli - New skills system (#1) - Add workspace entity (#5) - Add new skill capabilities (#8) - Web ui v2 (#9) - Improve hooks system (#10) - Session resilience (#11) - Add extensability (#13) - Add automation (#16) - Add channels (#14) - Add network implementation (#15) - Add network, bridges and automations web pages (#18) - Ext registry (#20) - Add core tasks (#19) - Bridge adapters (#23) - Add site (#26) - Add ext refac and sandbox (#25) - Settings ui (#37) - Tasks ui (#36) - Harness improvements (#44) - Agent capabilities (#49) - Redesign ui (#48) - Unify capability (#53) - Redesign network workspace (#59) - Add task deletion and split session delete from stop (#58) - Session provider selection (#60) - Production grade adjustments (#66) - Autonomous system (#75) - Add agent session route (#80) - Tools registry (#85) - Agents soul (#88) - Add network threads (#105) - Orchestration improvements (#106) - Memory v2 (#108) - Agent categories (#113) - Providers model (#118) - Add canonical AGH bundled skill (#143) - Onboarding and improvements (#198) - Onboarding and improvements (#201) ### 🐛 Bug Fixes - Review round - Review rounds - Resolve memory extensibility review batch - Embed web into daemon - Defaults agents - Acp integration (#4) - Lint errors - Prd folder - Remove orphan web actions and dead surfaces (#55) - Qa testing and fixes (#73) - New review rounds (#82) - Security audit (#90) - Release qa round (#95) - Add missing tools (#141) - New qa round (#147) - Advanced qa round (#149) - Homebrew tap - Final review round (#151) - Daemon healthy - Reasoning models (#158) - Lint errors (#160) - Review round (#168) - Release adjustments (#171) - Stabilize release ci fixtures - Stabilize release integration gate - Stabilize release verify gates - Stabilize release integration flows - Stabilize release verify gates - Stabilize main verify shutdown - Ignore stale acpmock cancel - Marketplace search focus and filtering (#193) - Website video - Workspace command select ### 📚 Documentation - Update agents.md - Update prd - Update skills - Update compozy tasks - Update compozy - Update compozy - Add new skills - Archive prd - Update prds - Update rfc - Update prds - Update prds - Add automation prd - Channels prd - Update prd - Update prd - New prds - Archive prds - Bridges adapters prd - Sandbox prd - Update - Archive prd - Update - Add new prd - New design - Update prd - Archive prds - Update prds - Tasks-ui prd tasks - Update prd - Update design docs - Agent capabilities prd - Improve site docs - Remove old design references - Udpate - Autonomous prd - Update skills - Blog design - Agent sould prd - Final qa plan - Update - Remove codex ledgers from gitignore - Remove not needed files - Udpate ledger - Update cy-codex-loop skill - Orchestration improves prd - Update prds - Orch improvs prd - Memv2 prd - Providers model prd - Update refacs prd - New design proposal - Update rules - Update skills - New blog posts (#173) - Format docs - Remove old design files - Remove old - Skeeper update ### 📦 Build System - Initial structure - Commitlint - Frontend base structure - Update vscode settings - Add subagents - Coderabbit - Prd and tooling - Bun lock - Lint tooling - Copy.md and tooling adjusts - Add repoclone rc - Upgrade skeeper to v0.2.0 - Update go.mod - Adopt task artifacts into skeeper - Sync codex plans with skeeper - Skeeper lock - Skeeper lock - New skills - Skeeper lock - Skeeper lock - Skeeper lock - Update deps and go - Regenerate daytona sidecar assets for go 1.26.3 - Fix cliff - Ignore docs on fmt - Build web assets before goreleaser - Extend release dry-run timeout ### 🔧 CI/CD - Lint errors - Fint release pr - Fix goreleaser - Fix release - Fix release process - Fix release sync - Decouple release dry-run npm auth - Persist web assets git auth ### 🧪 Testing - Add e2e tests (#27) - Qa rounds (#78) - Improve test suite (#138) - Harden daemon-served restart reloads - Harden daemon-served readiness waits - Stabilize dashboard focus assertion - Stabilize release integration gates - Stabilize release e2e markers - Stabilize release e2e flows - Improve suite speed <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Chores** * Updated web assets dependency to a newer version for improved stability and performance. <!-- review_stack_entry_start --> [](https://app.coderabbit.ai/change-stack/compozy/agh/pull/211?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack) <!-- review_stack_entry_end --> <!-- end of auto-generated comment: release notes by coderabbit.ai --> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
](https://app.coderabbit.ai/change-stack/compozy/agh/pull/211?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack){kind=link}
This was referenced May 27, 2026
Closed
Closed
Merged
pedronauck
added a commit
that referenced
this pull request
May 27, 2026
## Release v0.0.2 This PR prepares the release of version v0.0.2. ### Changelog ## 0.0.2 - 2026-05-27 ### Other Changes - Lessons learned ### ♻️ Refactoring - Project structure (#7) - Kb improvements (#12) - Rename spaces to channels (#17) - Add extensions gaps (#21) - Improve tool calls ui (#22) - Remove web app header - Module improvements (#29) - Memory improvements (#35) - Storybook for web and ui (#38) - Enable AGH network by default for new installs (#57) - Hermes adjustments (#69) - Badges design (#84) - Storybook scenario and logos gallery - Migrate typescript tests (#114) - Internal go packages (#120) - Ui patterns (#127) - Improve e2e tests (#130) - Ui redesign - Workspace isolation across runtime surfaces (#145) - Prod ready applies (#162) - Tool card ui (#164) - Alpha on logo - Prod ready features (#167) - Thread sheet (#202) ### 🎉 Features - Implement config foundation packages - Implement sqlite store package - Add ACP client package - Add session lifecycle manager - Implement observe package - Add daemon composition root - Add uds api server - Implement cli package - Add http api server - Add system design - Add foundation types, schemas, and layout shell for web client - Add daemon health polling and agent sidebar systems for web client - Add session system CRUD, streaming core, and session store for web client - Add chat view, messages, and composer tests for web client - Add tool cards and renderers for web client - Add file-backed memory store core - Scaffold memory session seams - Add memory dream consolidation service - Wire memory assembler into daemon - Add memory api and cli - New skills system (#1) - Add workspace entity (#5) - Add new skill capabilities (#8) - Web ui v2 (#9) - Improve hooks system (#10) - Session resilience (#11) - Add extensability (#13) - Add automation (#16) - Add channels (#14) - Add network implementation (#15) - Add network, bridges and automations web pages (#18) - Ext registry (#20) - Add core tasks (#19) - Bridge adapters (#23) - Add site (#26) - Add ext refac and sandbox (#25) - Settings ui (#37) - Tasks ui (#36) - Harness improvements (#44) - Agent capabilities (#49) - Redesign ui (#48) - Unify capability (#53) - Redesign network workspace (#59) - Add task deletion and split session delete from stop (#58) - Session provider selection (#60) - Production grade adjustments (#66) - Autonomous system (#75) - Add agent session route (#80) - Tools registry (#85) - Agents soul (#88) - Add network threads (#105) - Orchestration improvements (#106) - Memory v2 (#108) - Agent categories (#113) - Providers model (#118) - Add canonical AGH bundled skill (#143) - Onboarding and improvements (#198) - Onboarding and improvements (#201) ### 🐛 Bug Fixes - Review round - Review rounds - Resolve memory extensibility review batch - Embed web into daemon - Defaults agents - Acp integration (#4) - Lint errors - Prd folder - Remove orphan web actions and dead surfaces (#55) - Qa testing and fixes (#73) - New review rounds (#82) - Security audit (#90) - Release qa round (#95) - Add missing tools (#141) - New qa round (#147) - Advanced qa round (#149) - Homebrew tap - Final review round (#151) - Daemon healthy - Reasoning models (#158) - Lint errors (#160) - Review round (#168) - Release adjustments (#171) - Stabilize release ci fixtures - Stabilize release integration gate - Stabilize release verify gates - Stabilize release integration flows - Stabilize release verify gates - Stabilize main verify shutdown - Ignore stale acpmock cancel - Marketplace search focus and filtering (#193) - Website video - Workspace command select ### 📚 Documentation - Update agents.md - Update prd - Update skills - Update compozy tasks - Update compozy - Update compozy - Add new skills - Archive prd - Update prds - Update rfc - Update prds - Update prds - Add automation prd - Channels prd - Update prd - Update prd - New prds - Archive prds - Bridges adapters prd - Sandbox prd - Update - Archive prd - Update - Add new prd - New design - Update prd - Archive prds - Update prds - Tasks-ui prd tasks - Update prd - Update design docs - Agent capabilities prd - Improve site docs - Remove old design references - Udpate - Autonomous prd - Update skills - Blog design - Agent sould prd - Final qa plan - Update - Remove codex ledgers from gitignore - Remove not needed files - Udpate ledger - Update cy-codex-loop skill - Orchestration improves prd - Update prds - Orch improvs prd - Memv2 prd - Providers model prd - Update refacs prd - New design proposal - Update rules - Update skills - New blog posts (#173) - Format docs - Remove old design files - Remove old - Skeeper update ### 📦 Build System - Initial structure - Commitlint - Frontend base structure - Update vscode settings - Add subagents - Coderabbit - Prd and tooling - Bun lock - Lint tooling - Copy.md and tooling adjusts - Add repoclone rc - Upgrade skeeper to v0.2.0 - Update go.mod - Adopt task artifacts into skeeper - Sync codex plans with skeeper - Skeeper lock - Skeeper lock - New skills - Skeeper lock - Skeeper lock - Skeeper lock - Update deps and go - Regenerate daytona sidecar assets for go 1.26.3 - Fix cliff - Ignore docs on fmt - Build web assets before goreleaser - Extend release dry-run timeout - Fix release dry-run token contract ### 🔧 CI/CD - Lint errors - Fint release pr - Fix goreleaser - Fix release - Fix release process - Fix release sync - Decouple release dry-run npm auth - Persist web assets git auth - Require npm auth before release merge ### 🧪 Testing - Add e2e tests (#27) - Qa rounds (#78) - Improve test suite (#138) - Harden daemon-served restart reloads - Harden daemon-served readiness waits - Stabilize dashboard focus assertion - Stabilize release integration gates - Stabilize release e2e markers - Stabilize release e2e flows - Improve suite speed <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Chores** * Updated dependencies to latest versions. <!-- review_stack_entry_start --> [](https://app.coderabbit.ai/change-stack/compozy/agh/pull/214?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack) <!-- review_stack_entry_end --> <!-- end of auto-generated comment: release notes by coderabbit.ai --> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
](https://app.coderabbit.ai/change-stack/compozy/agh/pull/214?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack){kind=link}
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Verification
Summary by CodeRabbit
Tests
Chores