feat(fleet): Document agent-to-agent communication pattern and add COPILOT_MCP_* env support#276
Merged
jbdevprimary merged 14 commits intomainfrom Nov 30, 2025
Merged
Conversation
|
You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard. |
Co-authored-by: jbcom <2650679+jbcom@users.noreply.github.com>
Co-authored-by: jbcom <2650679+jbcom@users.noreply.github.com>
Contributor
There was a problem hiding this comment.
Pull request overview
This PR investigates and documents a known limitation in Cursor API followup delivery between agents, where messages may not immediately appear in conversation history due to eventual consistency. The investigation concludes that the client implementation is correct and recommends using GitHub PR comments as the reliable workaround, which is already implemented in the coordinate command.
Key Changes:
- Added
COPILOT_MCP_*environment variable support for testing in Copilot agent environments - Created comprehensive investigation documentation
- Added test script for empirical validation of followup delivery
- Documented the known limitation in README with recommended workaround
Reviewed changes
Copilot reviewed 9 out of 11 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| packages/cursor-fleet/tsconfig.json | Added Node.js type definitions for TypeScript compilation |
| packages/cursor-fleet/src/test-followup-delivery.ts | New test script to empirically validate bidirectional followup delivery between agents |
| packages/cursor-fleet/src/handoff.ts | Added documentation comment explaining eventual consistency limitation and fallback to COPILOT_MCP_GITHUB_TOKEN |
| packages/cursor-fleet/src/cursor-api.ts | Added COPILOT_MCP_CURSOR_API_KEY environment variable fallback for testing |
| packages/cursor-fleet/src/ai-analyzer.ts | Added COPILOT_MCP_ANTHROPIC_API_KEY and COPILOT_MCP_GITHUB_TOKEN environment variable fallbacks |
| packages/cursor-fleet/package.json | Updated @types/node dependency version |
| packages/cursor-fleet/docs/FOLLOWUP_INVESTIGATION.md | Comprehensive investigation document analyzing the issue and recommending solutions |
| packages/cursor-fleet/README.md | Added "Known Limitations" section documenting followup delivery issue and workaround |
| packages/ai-triage/src/mcp-clients.ts | Added COPILOT_MCP_CURSOR_API_KEY and COPILOT_MCP_GITHUB_TOKEN environment variable fallbacks |
Files not reviewed (1)
- packages/cursor-fleet/package-lock.json: Language not supported
Co-authored-by: jbcom <2650679+jbcom@users.noreply.github.com>
Co-authored-by: jbcom <2650679+jbcom@users.noreply.github.com>
…-gen docs Co-authored-by: jbcom <2650679+jbcom@users.noreply.github.com>
Collaborator
|
/q review |
Contributor
|
⏳ Code review in progress. Analyzing for code quality issues and best practices. You can monitor the review status in the checks section at the bottom of this pull request. Detailed findings will be posted upon completion. Using Amazon Q Developer for GitHubAmazon Q Developer1 is an AI-powered assistant that integrates directly into your GitHub workflow, enhancing your development process with intelligent features for code development, review, and transformation. Slash Commands
FeaturesAgentic Chat Code Review CustomizationYou can create project-specific rules for Amazon Q Developer to follow:
Example rule: FeedbackTo provide feedback on Amazon Q Developer, create an issue in the Amazon Q Developer public repository. For more detailed information, visit the Amazon Q for GitHub documentation. Footnotes
|
Collaborator
|
/gemini review |
Collaborator
|
@cursor review |
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Code Review
This pull request provides a thorough investigation into the reliability of Cursor API followups, correctly identifying it as an API-level eventual consistency issue. The introduction of COPILOT_MCP_* environment variables is a great addition for improving testability, and the implementation is consistent across the codebase. The new documentation is excellent and very detailed. I have identified one high-severity issue regarding a potentially unintentional breaking change in package-lock.json and a minor placeholder in the new documentation that needs to be updated.
| "resolved": "https://registry.npmjs.org/accepts/-/accepts-1.3.8.tgz", | ||
| "integrity": "sha512-PYAthTa2m2VKxuvSD3DPC/Gy+U+sOA1LAuT8mkmRuvw+NACSaeXEQ+NHcVF7rONl6qcaxV3Uuemwawk+7+SJLw==", | ||
| "license": "MIT", | ||
| "peer": true, |
Contributor
There was a problem hiding this comment.
This lockfile has been modified to mark many dependencies, such as accepts here, with "peer": true. This is a significant and potentially breaking change for consumers of the @jbcom/cursor-fleet package, as it requires them to provide these dependencies. If this was unintentional, please regenerate the lockfile to remove these "peer": true flags. If it was intentional, this should be documented as a breaking change.
| @@ -0,0 +1,475 @@ | |||
| # Investigation: Cursor API Followup Delivery Reliability | |||
|
|
|||
| **Issue:** [bug(fleet): followups between agents not reliably delivered](https://github.com/jbcom/jbcom-control-center/issues/274) | |||
Contributor
There was a problem hiding this comment.
The link to the GitHub issue contains a placeholder XXX. Please update this to the correct issue number, which appears to be 274 based on the pull request description.
Suggested change
| **Issue:** [bug(fleet): followups between agents not reliably delivered](https://github.com/jbcom/jbcom-control-center/issues/274) | |
| **Issue:** [bug(fleet): followups between agents not reliably delivered](https://github.com/jbcom/jbcom-control-center/issues/274) |
Co-authored-by: jbcom <2650679+jbcom@users.noreply.github.com>
Contributor
|
Collaborator
|
/q review |
Contributor
|
⏳ Code review in progress. Analyzing for code quality issues and best practices. You can monitor the review status in the checks section at the bottom of this pull request. Detailed findings will be posted upon completion. Using Amazon Q Developer for GitHubAmazon Q Developer1 is an AI-powered assistant that integrates directly into your GitHub workflow, enhancing your development process with intelligent features for code development, review, and transformation. Slash Commands
FeaturesAgentic Chat Code Review CustomizationYou can create project-specific rules for Amazon Q Developer to follow:
Example rule: FeedbackTo provide feedback on Amazon Q Developer, create an issue in the Amazon Q Developer public repository. For more detailed information, visit the Amazon Q for GitHub documentation. Footnotes
|
![amazon-q-developer[bot]](https://avatars.githubusercontent.com/in/1220912?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Code Review Summary
This PR successfully implements COPILOT_MCP_* environment variable support across packages and documents the Cursor API followup delivery investigation. The changes are well-structured and follow consistent patterns.
Key Changes Reviewed:
- ✅ Environment Variable Priority: Proper implementation of
COPILOT_MCP_*prefixed variables with fallback to standard names - ✅ Documentation: Comprehensive environment variable documentation and investigation report
- ✅ Testing Infrastructure: Added followup delivery test script
- ✅ Consistent Implementation: All packages follow the same priority pattern
Issues Found:
- 🔧 Date Error: Investigation document has incorrect year (2025 instead of 2024)
- 🔧 Module Detection: Test script uses fragile module detection logic that may fail on different platforms
Security & Best Practices:
- ✅ No hardcoded secrets: All sensitive data properly handled via environment variables
- ✅ Backward compatibility: Standard environment variable names still work
- ✅ Clear priority order: Explicit parameter > COPILOT_MCP_* > standard names
The implementation correctly addresses the need for seamless testing in Copilot agent environments while maintaining backward compatibility. The investigation documentation provides valuable insights into the Cursor API limitations and recommended workarounds.
You can now have the agent implement changes and create commits directly on your pull request's source branch. Simply comment with /q followed by your request in natural language to ask the agent to make changes.
|
|
||
| // Run the test if this is the main module | ||
| // Note: In ES modules, we check if this file was directly executed | ||
| const isMainModule = process.argv[1] && import.meta.url.endsWith(process.argv[1].replace(/\\/g, '/')); |
Contributor
There was a problem hiding this comment.
The module detection logic is fragile and may not work correctly across different platforms. The current implementation using import.meta.url.endsWith() with path replacement could fail on Windows or with different Node.js execution contexts.
Suggested change
| const isMainModule = process.argv[1] && import.meta.url.endsWith(process.argv[1].replace(/\\/g, '/')); | |
| const isMainModule = import.meta.url === ` |
|
|
||
| **Issue:** [bug(fleet): followups between agents not reliably delivered](https://github.com/jbcom/jbcom-control-center/issues/274) | ||
|
|
||
| **Date:** 2025-11-30 |
Contributor
There was a problem hiding this comment.
Incorrect date - should be 2024, not 2025. We're still in 2024.
Suggested change
| **Date:** 2025-11-30 | |
| **Date:** 2024-11-30 |
Copilot
AI
changed the title
[WIP] Fix followups between agents not reliably delivered
bug(fleet): Document Cursor API followup eventual consistency and add COPILOT_MCP_* env support
Nov 30, 2025
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
packages/ai-triage/src/cli.ts
Outdated
| { name: "Cursor Agent MCP", env: "CURSOR_API_KEY" }, | ||
| { name: "GitHub MCP", env: "GITHUB_TOKEN or GITHUB_JBCOM_TOKEN" }, | ||
| { name: "Cursor Agent MCP", env: "COPILOT_MCP_CURSOR_API_KEY or CURSOR_API_KEY" }, | ||
| { name: "GitHub MCP", env: "COPILOT_MCP_GITHUB_TOKEN or GITHUB_JBCOM_TOKEN or GITHUB_TOKEN" }, |
Contributor
There was a problem hiding this comment.
Bug: Context7 MCP status check missing COPILOT_MCP prefix
The PR adds COPILOT_MCP_CONTEXT7_API_KEY support to mcp-clients.ts but the CLI status command's Context7 check at line 429 wasn't updated to include this variable. The cursor and github checks were correctly updated at lines 427-428, but Context7 still only shows CONTEXT7_API_KEY (optional). Users who set COPILOT_MCP_CONTEXT7_API_KEY will see the status incorrectly report the environment variable as "not set" even though the MCP client will correctly use it. The documentation also lists this variable as supported, creating inconsistency across the codebase.
Additional Locations (1)
Collaborator
|
@copilot If the issue isn't ever going to ACTUALLY be resolved then its NOT a limitstion this just HAPPENS to ne the correcr featureset and we should RESOLVE the issue since it actually IS solved and this is as implemented as it is ever going ro ne implemented |
…or agent coordination Co-authored-by: jbcom <2650679+jbcom@users.noreply.github.com>
Contributor
Author
You're absolutely right! I've reframed the documentation to reflect that this is working as designed, not a limitation or bug. Key Changes (commit 2e0527a):
The Cursor API's The original issue can be closed as working as designed since the |
Copilot
AI
changed the title
bug(fleet): Document Cursor API followup eventual consistency and add COPILOT_MCP_* env support
feat(fleet): Document agent-to-agent communication pattern and add COPILOT_MCP_* env support
Nov 30, 2025
jbdevprimary
approved these changes
Nov 30, 2025
Co-authored-by: jon <jon@jonbogaty.com>
Co-authored-by: jon <jon@jonbogaty.com>
Contributor
|
Cursor Agent can help with this pull request. Just |
Co-authored-by: jon <jon@jonbogaty.com>
Co-authored-by: jon <jon@jonbogaty.com>
Co-authored-by: jon <jon@jonbogaty.com>
jbdevprimary
pushed a commit
that referenced
this pull request
Dec 23, 2025
…PILOT_MCP_* env support (#276) * Initial plan * Initial investigation: Assess Cursor API followup limitation Co-authored-by: jbcom <2650679+jbcom@users.noreply.github.com> * Add COPILOT_MCP_ environment variable support for testing Co-authored-by: jbcom <2650679+jbcom@users.noreply.github.com> * Prioritize COPILOT_MCP_* environment variables across all packages Co-authored-by: jbcom <2650679+jbcom@users.noreply.github.com> * Add Context7 API key and finalize COPILOT_MCP_* support Co-authored-by: jbcom <2650679+jbcom@users.noreply.github.com> * Fix code review feedback: correct paths and remove unimplemented auto-gen docs Co-authored-by: jbcom <2650679+jbcom@users.noreply.github.com> * Update packages/cursor-fleet/docs/FOLLOWUP_INVESTIGATION.md Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Final cleanup: fix date, require TEST_REPO for safety Co-authored-by: jbcom <2650679+jbcom@users.noreply.github.com> * Reframe as working-as-designed: PR comments are the correct pattern for agent coordination Co-authored-by: jbcom <2650679+jbcom@users.noreply.github.com> * Checkpoint before follow-up message Co-authored-by: jon <jon@jonbogaty.com> * Refactor status command to use envVars array Co-authored-by: jon <jon@jonbogaty.com> * Checkpoint before follow-up message Co-authored-by: jon <jon@jonbogaty.com> * Checkpoint before follow-up message Co-authored-by: jon <jon@jonbogaty.com> * Refactor MCP client configuration and environment variable handling Co-authored-by: jon <jon@jonbogaty.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: jbcom <2650679+jbcom@users.noreply.github.com> Co-authored-by: Jon Bogaty <jon@jonbogaty.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Co-authored-by: Cursor Agent <cursoragent@cursor.com>
jbdevprimary
added a commit
that referenced
this pull request
Dec 23, 2025
* feat: Complete agentic architecture - Claude Code, cycles, wiki (#190)
* feat: Integrate anthropics/claude-code-action for AI-driven workflows
Add comprehensive Claude Code integration for GitHub automation:
## New Workflows
- claude.yml: Interactive @claude mentions in issues/PRs/comments
- claude-pr-review.yml: Automatic PR code review with inline comments
- claude-issue-triage.yml: Auto-label and categorize new issues
- claude-ci-fix.yml: Auto-fix CI failures and create fix PRs
## Custom Commands (.claude/commands/)
- label-issue.md: Issue triage and labeling
- review-pr.md: Comprehensive PR review checklist
- fix-ci.md: CI failure diagnosis and fix
- ecosystem-sync.md: Cross-repo health check
## Configuration
- CLAUDE.md: Project context for Claude Code
- Updated .gitignore to allow CLAUDE.md
## Key Features
- Progress tracking with visual checkboxes
- Inline code comments on PRs
- AI-to-AI collaboration (allows bot interactions)
- Custom system prompts with project context
- Restricted tool access per workflow
## Authentication
Requires ANTHROPIC_API_KEY secret to be set.
Existing CURSOR_API_KEY kept for fallback workflows.
The agent-*.yml workflows remain as simpler gh CLI fallbacks.
* feat: Add agentic cycle orchestration architecture
Implements distributed agent coordination between control plane and repos:
## Architecture (docs/AGENTIC-ORCHESTRATION.md)
- Control plane decomposes cycles to repo-specific tasks
- Repos work independently with Claude Code tooling
- Bidirectional communication via GitHub Issues
- Aggregation and completion tracking
## New Workflows
- agentic-cycle.yml: Orchestrates decompose/aggregate/complete phases
- sync-claude-tooling.yml: Push standardized tooling to managed repos
## Templates (templates/claude/)
- CLAUDE.md.template: Project context for managed repos
- Workflow templates for repos
- Upstream notify workflow for feedback to control plane
## Issue Template
- agentic-cycle.yml: Easy creation of new cycles
## Key Concepts
- Agentic Cycles replace holding PRs open
- Each repo has its own Claude Code setup
- Station-to-station coordination via issue links
- Control plane aggregates and tracks progress
* docs: Update progress log with orchestration session
* feat: Add wiki-based documentation system
Implements GitHub Wiki as the central documentation hub:
## New Tools
- wiki-cli: Read/write/migrate wiki content
- wiki-read action: Read wiki pages in workflows
- wiki-write action: Write wiki pages in workflows
## Workflows
- wiki-manage.yml: Initialize, migrate, and cleanup
## Architecture (docs/WIKI-ARCHITECTURE.md)
- Wiki structure for Memory Bank, Agentic Rules, Documentation
- Cross-repo access patterns
- Migration plan from repo files to wiki
## Templates
- Minimal AGENTS.md pointing to wiki
- Minimal cursor rules pointing to wiki
## Benefits
- Single source of truth (wiki)
- Cross-repo accessible
- No more ruler concatenation
- Clean repo structure
- Live updates via wiki API
---------
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
* fix: Use JBCOM_TOKEN secret (GitHub disallows GITHUB_ prefix) (#191)
- Updated agentic-cycle.yml
- Updated sync-claude-tooling.yml
- Updated claude-upstream-notify.yml template
- Added JBCOM_TOKEN secret to repo
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
* refactor: Migrate documentation to GitHub Wiki (#193)
All documentation now lives in the wiki: https://github.com/jbcom/jbcom-control-center/wiki
Changes:
- Migrated memory-bank/, docs/, .ruler/ to wiki pages
- Minimal AGENTS.md, CLAUDE.md, copilot-instructions.md pointing to wiki
- Single .cursor/rules/00-wiki.mdc Cursor rule
- Updated wiki-cli for programmatic access
- Fixed Claude PR review to allow cursor bot
* feat: Add wiki/ folder with github-wiki-action (#194)
Proper flat wiki structure per github-wiki-action docs.
- 26 wiki pages with actual content
- README.md → Home (via preprocess)
- Sidebar navigation
- All original content from memory-bank/, .ruler/, docs/
Wiki will sync on push to main.
* perf: Optimize PR review with correct claude-code-action settings (#195)
Based on official docs:
- use_sticky_comment: true (avoid comment spam)
- --max-turns 10 in claude_args (not timeout_minutes)
- Correct tool names (mcp__github_inline_comment__create_inline_comment)
- Skip wiki/docs only PRs
- Job timeout-minutes: 10 (GitHub Actions level)
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
* fix: Add missing Claude command templates for repo sync (#196)
- ecosystem-sync.md
- fix-ci.md
- review-pr.md
- Updated label-issue.md
- Updated claude.yml workflow template
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
* fix: Use pipe delimiter in sed to handle repo paths with slashes (#197)
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
* fix: Detect new untracked files in Claude sync workflow (#198)
git diff only shows changes in tracked files. Need to stage first
with git add -A to detect new files like CLAUDE.md and .claude/commands/
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
* fix: Remove invalid YAML workflows (#199)
Removed workflows with multiline string YAML parsing issues:
- agent-issue-triage.yml
- agent-post-merge.yml
- agent-project-management.yml
- agentic-cycle.yml
These workflows had heredoc/multiline strings that caused YAML
parsing failures (content at column 1 interpreted as YAML keys).
Keeping working workflows:
- CI (main workflow)
- claude-*.yml (Claude Code automation)
- sync-claude-tooling.yml (cross-repo sync)
- publish-wiki.yml
- reusable-*.yml
Will recreate the removed workflows with proper YAML formatting
in a follow-up PR.
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
* 🚀 Cycle 001: Control Plane Activation
* cycle: 001 - Control Plane Activation
Comprehensive cycle documentation for activating the jbcom control plane
and cascading management to personal and enterprise repositories.
## Completed
- CI/CD pipeline
- Wiki documentation (28 pages)
- Claude Code integration
- Cross-repo sync
- All 4 packages on PyPI
## In Progress
- Enterprise integration (FlipsideCrypto)
- Expanded automation workflows
## Next
- Inventory enterprise repos
- Update terraform-modules
- Recreate valid YAML workflows
* docs: Add Active Cycle page and update wiki navigation
- New Active-Cycle.md with current cycle status
- Updated _Sidebar.md with Active Cycle link at top
- Updated README.md (Home) with cycle status
Links to PR #200 for tracking.
* Checkpoint before follow-up message
Co-authored-by: jon <jon@jonbogaty.com>
* Checkpoint before follow-up message
Co-authored-by: jon <jon@jonbogaty.com>
---------
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
* cycle: Update Phase 1 progress - terraform-modules PR created (#201)
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
* cycle: Complete Phase 1 - Enterprise Integration (#202)
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
* chore(deps)(deps): Bump the github-actions-all group with 4 updates (#207)
Bumps the github-actions-all group with 4 updates: [actions/checkout](https://github.com/actions/checkout), [actions/setup-node](https://github.com/actions/setup-node), [actions/github-script](https://github.com/actions/github-script) and [Andrew-Chen-Wang/github-wiki-action](https://github.com/andrew-chen-wang/github-wiki-action).
Updates `actions/checkout` from 4 to 6
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v4...v6)
Updates `actions/setup-node` from 4 to 6
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/v4...v6)
Updates `actions/github-script` from 7 to 8
- [Release notes](https://github.com/actions/github-script/releases)
- [Commits](https://github.com/actions/github-script/compare/v7...v8)
Updates `Andrew-Chen-Wang/github-wiki-action` from 4 to 5
- [Release notes](https://github.com/andrew-chen-wang/github-wiki-action/releases)
- [Commits](https://github.com/andrew-chen-wang/github-wiki-action/compare/v4...v5)
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-version: '6'
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: github-actions-all
- dependency-name: actions/setup-node
dependency-version: '6'
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: github-actions-all
- dependency-name: actions/github-script
dependency-version: '8'
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: github-actions-all
- dependency-name: Andrew-Chen-Wang/github-wiki-action
dependency-version: '5'
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: github-actions-all
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* feat: Add file operations to EDT and exit_run to lifecyclelogging
## Summary
Adds foundational capabilities to enable terraform-modules (and other consumers) to fully adopt the jbcom ecosystem.
### Extended Data Types (`extended-data-types`)
- File operations: `read_file`, `write_file`, `decode_file`, `delete_file`
- URL validation using `validators` library
- String transformations exported
### Lifecyclelogging (`lifecyclelogging`)
- `exit_run` method with key transforms, prefixing, base64 encoding, sorting
- Fixed bug: prefix transformation now properly handles nested lists of dicts
- `log_results` method for writing to log files
- `ExitRunError` exception and `KeyTransform` type alias
### Infrastructure
- UV workspace configuration for all packages
- Tox configuration with tox-uv and tox-gh plugins
- Updated CI workflows for proper workspace support
- Comprehensive linting fixes (ruff, mypy)
All 18 review comments addressed and resolved.
* docs: Add recovery summary for agent bc-7d1997bf (#203)
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
* chore: Add VS Code MCP configuration (#205)
* feat: Add file operations to EDT and exit_run to lifecyclelogging (#209)
* feat: Add file operations to EDT and exit_run to lifecyclelogging
Extended Data Types:
- Add read_file, write_file, decode_file, delete_file for unified file I/O
- Add resolve_local_path for path resolution relative to TLD
- Add is_url helper for URL detection
- Export string transformation functions (to_snake_case, to_camel_case, etc.)
- Full test coverage for all new file operations
Lifecyclelogging:
- Add exit_run method for formatted output and clean exit
- Add log_results for writing results to log files
- Add ExitRunError exception for formatting errors
- Support key_transform parameter with built-in transforms:
- "snake_case", "camel_case", "pascal_case", "kebab_case"
- Custom callable transforms
- Recursive key transformation for nested dicts/lists
- Full test coverage including all transform variants
This enables terraform-modules to:
- Replace local utils.py file operations with EDT imports
- Replace local exit_run with lifecyclelogging.Logging.exit_run
- Use extended-data-types as the canonical source for data transformations
* Fix: Handle duplicate values when sorting by field
Co-authored-by: jon <jon@jonbogaty.com>
* Update packages/lifecyclelogging/src/lifecyclelogging/logging.py
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* Update packages/extended-data-types/src/extended_data_types/file_data_type.py
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* Update packages/extended-data-types/src/extended_data_types/file_data_type.py
Co-authored-by: amazon-q-developer[bot] <208079219+amazon-q-developer[bot]@users.noreply.github.com>
* Update packages/extended-data-types/src/extended_data_types/file_data_type.py
Co-authored-by: amazon-q-developer[bot] <208079219+amazon-q-developer[bot]@users.noreply.github.com>
* Update packages/lifecyclelogging/src/lifecyclelogging/logging.py
Co-authored-by: amazon-q-developer[bot] <208079219+amazon-q-developer[bot]@users.noreply.github.com>
* Update packages/lifecyclelogging/src/lifecyclelogging/logging.py
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
* Checkpoint before follow-up message
Co-authored-by: jon <jon@jonbogaty.com>
* Checkpoint before follow-up message
Co-authored-by: jon <jon@jonbogaty.com>
* Refactor logging and exit_run, improve type hints and error handling
Co-authored-by: jon <jon@jonbogaty.com>
* Remove noxfile.py configuration
Co-authored-by: jon <jon@jonbogaty.com>
* Checkpoint before follow-up message
Co-authored-by: jon <jon@jonbogaty.com>
* Checkpoint before follow-up message
Co-authored-by: jon <jon@jonbogaty.com>
* Checkpoint before follow-up message
Co-authored-by: jon <jon@jonbogaty.com>
* Checkpoint before follow-up message
Co-authored-by: jon <jon@jonbogaty.com>
* Refactor: Use uv for workspace dependency management
Co-authored-by: jon <jon@jonbogaty.com>
* Checkpoint before follow-up message
Co-authored-by: jon <jon@jonbogaty.com>
* Refactor CI to use tox for linting and testing
Co-authored-by: jon <jon@jonbogaty.com>
* Refactor file_data_type: improve error handling and documentation
Co-authored-by: jon <jon@jonbogaty.com>
* Initial plan
---------
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
Co-authored-by: jon <jon@jonbogaty.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: amazon-q-developer[bot] <208079219+amazon-q-developer[bot]@users.noreply.github.com>
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
* feat!: Migrate from pycalver to python-semantic-release (#213)
feat!: Migrate from pycalver to python-semantic-release
## Summary
- Replace pycalver with python-semantic-release (PSR) for per-package versioning
- Add monorepo commit parser for scoped version bumps
- Update all documentation for new versioning approach
- Version format: YYYYMM.MINOR.PATCH (e.g., 202511.3.0)
## Changes
- scripts/psr/monorepo_parser.py - Custom commit parser
- packages/*/pyproject.toml - PSR configuration per package
- .github/workflows/ci.yml - Consolidated release workflow
- Documentation updates across README, CONTRIBUTING, wiki, agent configs
## Commit Scopes
- edt → extended-data-types
- logging → lifecyclelogging
- dic → directed-inputs-class
- connectors → vendor-connectors
Fixes #212
BREAKING CHANGE: Requires conventional commits for version bumps
* fix(ci): Use uv tool install instead of --system for externally managed Python (#216)
Fix CI failure for externally managed Python on Ubuntu 24.04
* fix(connectors): Trigger initial 202511.3.0 release to PyPI (#217)
The version was set to 202511.3.0 by the SemVer migration (PR #213) but was never
published to PyPI due to CI failures. This commit triggers the release.
Downstream: terraform-modules PR #203 requires vendor-connectors>=202511.3
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
* fix(ci): Fix syntax error in monorepo commit parser (#218)
The commit_body_components_separator function had malformed code:
- Missing 'if match := self.issue_selector.match(text):' conditional
- Orphaned 'has_number.search,' line that was a copy-paste artifact
This was causing semantic-release to fail with:
unexpected indent (monorepo_parser.py, line 256)
Without this fix, no packages can be released because semantic-release
cannot parse commit messages.
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
* feat(connectors): Trigger vendor-connectors 202511.4.0 release
Unblocks downstream:
- terraform-modules PR #203 (vendor-connectors>=202511.3)
- terraform-modules PR #209 (depends on #203)
* chore(connectors-release): release vendor-connectors v202511.4.0 [skip ci]
Automatically generated by python-semantic-release
* fix(connectors): Disable GitHub release creation for vendor-connectors
The CI token doesn't have permission to create releases. This disables
VCS release creation since we only need PyPI publishing.
* chore(connectors-release): release vendor-connectors v202511.4.1 [skip ci]
Automatically generated by python-semantic-release
* fix(ci): Pass GH_TOKEN to semantic-release and skip VCS release
- Add GH_TOKEN env var to Bump version step
- Add --no-vcs-release flag to skip GitHub release creation
* feat(connectors): Force new release to sync with PyPI
PyPI has 202511.2 but repo has 202511.4.1. This commit triggers a new
version bump to ensure PyPI gets the latest code.
* chore(connectors-release): release vendor-connectors v202511.5.0 [skip ci]
Automatically generated by python-semantic-release
* fix(ci): Use PYPI_API_TOKEN for PyPI publishing
Trusted Publishing (OIDC) isn't configured for all packages. Fall back
to API token authentication.
* feat(connectors): Trigger release with PYPI_API_TOKEN configured
Previous release attempts failed due to Trusted Publishing not being
configured. Now using PYPI_API_TOKEN for authentication.
* style(connectors): Fix formatting
* chore(connectors-release): release vendor-connectors v202511.6.0 [skip ci]
Automatically generated by python-semantic-release
* fix(connectors): Use correct PYPI_TOKEN secret for PyPI publishing
The workflow was using PYPI_API_TOKEN but the secret is named PYPI_TOKEN.
This fix enables PyPI publishing for vendor-connectors.
Unblocks:
- terraform-modules PR #203 (requires vendor-connectors>=202511.3)
- terraform-modules PR #209 (depends on #203)
* chore(connectors-release): release vendor-connectors v202511.6.1 [skip ci]
Automatically generated by python-semantic-release
* feat: add FSC fleet coordination support
Merge PR #221
* chore(edt-release): release extended-data-types v202511.4.0 [skip ci]
Automatically generated by python-semantic-release
* feat(connectors): add list_secrets to AWS and Vault connectors (#223)
## Summary
Add list_secrets methods to AWS and Vault connectors:
- AWS: Support name prefix filtering, optional value fetching, skip empty secrets
- Vault: Recursive KV v2 listing with max depth control
- Security: Input validation for path traversal prevention
- CI: Fixed tox cache key to include package source files
## Test Plan
- [x] All tests pass including new security validation tests
- [x] CI cache invalidation working correctly
* chore(logging-release): release lifecyclelogging v202511.4.0 [skip ci]
Automatically generated by python-semantic-release
* fix(ci): remove automatic AI review from CI (#224)
Remove automatic AI review - use manual triggers (@cursor review, /q review, etc.) when needed
* chore(dic-release): release directed-inputs-class v202511.4.0 [skip ci]
Automatically generated by python-semantic-release
* docs(rules): add manual AI QA engagement protocol (#225)
Add manual AI QA engagement rule for agents
* chore(connectors-release): release vendor-connectors v202511.7.0 [skip ci]
Automatically generated by python-semantic-release
* feat(vendor-connectors): Add cloud API call param utilities (#226)
* feat(vendor-connectors): Add cloud API call param utilities
Add utilities for building properly formatted parameter dictionaries
for cloud provider APIs:
- get_cloud_call_params(): Base function with key casing options
- get_aws_call_params(): AWS-specific (PascalCase, default 100 results)
- get_google_call_params(): Google-specific (camelCase, default 200 results)
These functions help standardize API calls across different cloud providers
by handling common patterns like pagination limits and key transformations.
Migrated from terraform-modules utils.py as part of ecosystem consolidation.
* fix(vendor-connectors): Address review feedback
- Fix max_results=0 edge case (use 'is not None' instead of truthiness check)
- Revert manual version change (let semantic-release handle it)
- Fix docstring example to match actual behavior
- Add test for max_results=0 edge case
* style: Fix lint issues in test_cloud_params.py
* style: Format cloud_params.py
---------
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
* fix(vendor-connectors): Improve cloud_params module docstring (#227)
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
* feat(connectors): Add cloud_params module with API parameter utilities (#228)
Add get_cloud_call_params, get_aws_call_params, and get_google_call_params
functions for building properly formatted parameter dicts for cloud APIs.
This was added in #226 but needs a properly scoped commit for release.
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
* chore(connectors-release): release vendor-connectors v202511.8.0 [skip ci]
Automatically generated by python-semantic-release
* feat: Add AWS Secrets Manager create, update, delete operations (#236)
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
* feat: Add Slack usergroup and conversation listing (#237)
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
* feat: Add Vault AWS IAM role helpers (#239)
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
* Bump directed-inputs-class and vendor-connectors versions (#240)
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
* feat: Add filtering and transformation to Google user/group listing (#241)
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
* chore(edt-release): release extended-data-types v202511.5.0 [skip ci]
Automatically generated by python-semantic-release
* Migrate aws codedeploy to new module (#238)
* feat: Add AWS CodeDeploy vendor connector
Co-authored-by: jon <jon@jonbogaty.com>
* fix: Resolve lint errors (E402, C416) in CodeDeploy module
---------
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
* chore(logging-release): release lifecyclelogging v202511.5.0 [skip ci]
Automatically generated by python-semantic-release
* docs: add FSC Control Center counterparty awareness (#220)
Addresses review feedback from Amazon Q and Gemini - CalVer version format and broken link fixes.
* chore(dic-release): release directed-inputs-class v202511.5.0 [skip ci]
Automatically generated by python-semantic-release
* feat(packages): add @jbcom/cursor-fleet for unified agent management (#222)
Adds cursor-fleet package for unified agent management. Resolves merge conflicts with main.
* Replay agent activity for terraform-modules migration (#229)
## terraform-modules Migration Integration
### Summary
Complete migration of cloud-specific Python code from terraform-modules to vendor-connectors using modular mixin architecture.
### Added AWS Submodules
- `organizations.py` - AWS Organizations & Control Tower account management
- `s3.py` - S3 bucket & object operations with JSON/YAML support
- `sso.py` - IAM Identity Center (SSO) operations
### Added Google Submodules
- `billing.py` - Billing account management
- `cloud.py` - Resource Manager, IAM, Compute, Container, Storage
- `services.py` - Service usage management
- `workspace.py` - Google Workspace Admin Directory
### GitHub Enhancements
- Organization members, repositories, teams management
- GraphQL query support
### Architecture
- Mixin-based composition for flexible connector assembly
- All 74 tests passing
- AI reviews addressed (Amazon Q, Gemini)
5,027 lines of migrated code from terraform-modules.
* docs: update orchestration with completion status
- All PRs merged: #220, #222, #229
- Spawned verification agent in terraform-modules
- Document migration statistics (5,027+ lines migrated)
* feat(connectors): Add terraform-aligned Google constants and idempotent create methods (#244)
Adds unique contributions from PR #243 to the modular architecture:
- constants.py: Terraform-modules aligned scopes, GCP settings, roles, APIs
- workspace.py: create_or_update_user, create_or_update_group with idempotent behavior
- __init__.py: get_connector_for_user for user impersonation
This properly integrates bc-f5391b3e's work with the modular mixin structure
that was established via PR #241.
Fixes #231 (partial - completes terraform-parity additions)
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
* chore(connectors-release): release vendor-connectors v202511.9.0 [skip ci]
Automatically generated by python-semantic-release
* docs: Update wiki and orchestration for architectural evolution
* docs: Update wiki and orchestration for architectural evolution
Update documentation to reflect the decorator-based refactoring work:
- wiki/Active-Context.md: Current architectural state and PR plan
- wiki/Progress.md: Session history with completed work
- ORCHESTRATION.md: Full migration context and handoff instructions
- PR_PLAN.md: Dependency chain for focused PRs
This PR should merge FIRST to establish context for subsequent PRs:
1. PR #2: directed-inputs-class decorator API
2. PR #3: python-terraform-bridge package
3. PR #4: vendor-connectors migration
* docs: Update PR_PLAN.md with actual PR numbers
Added PR links and URLs:
- PR #246: Documentation & Wiki Update
- PR #247: directed-inputs-class Decorator API
- PR #248: python-terraform-bridge Package
- PR #249: vendor-connectors Migration Functions
* docs: Address Gemini review feedback
- Fix 'label_account' → 'label_aws_account' in ORCHESTRATION.md
- Consolidate PR Plan sections to reference PR_PLAN.md as single source of truth
- Fix '11 remaining' → '4 remaining' in Progress.md
---------
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
* Checkpoint before follow-up message
Co-authored-by: jon <jon@jonbogaty.com>
* docs: Update PR_PLAN with agent fleet assignments
- Added active fleet section with agent IDs
- Updated PR chain to reflect #246 merged, #249 closed
- Agents spawned for PRs #245, #247, #248
- Control manager coordinating via cursor-fleet
* feat: Add python-terraform-bridge package (#248)
New OSS package for Terraform ↔ Python bridging with decorator-based
method registration.
## Components
- `TerraformModuleParameter`: Type-inferred Terraform variable definitions
- `TerraformModuleResources`: Module generation from Python methods
- `TerraformRegistry`: Decorator-based method registration
- `runtime.py`: External data provider runtime execution
- `cli.py`: CLI tool (terraform-bridge generate/list/run)
## Key Features
- `@registry.data_source()` decorator for external data sources
- `@registry.null_resource()` decorator for null resources
- Automatic parameter inference from type hints
- Docstring-based configuration (legacy support)
- Module generation to Terraform JSON
## Tests
- 50 tests passing
- Covers parameter, module_resources, registry
## Usage
```python
from python_terraform_bridge import TerraformRegistry
registry = TerraformRegistry()
@registry.data_source(key="users", module_class="github")
def list_users(org: str | None = None) -> dict:
return {...}
registry.generate_modules("./terraform-modules")
```
Part of terraform-modules migration.
Depends on: PR #246 (docs), PR #247 (directed-inputs-class)
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
* chore(edt-release): release extended-data-types v202511.6.0 [skip ci]
Automatically generated by python-semantic-release
* 🤖 Fleet Coordination Channel (HOLD OPEN) (#251)
* Checkpoint before follow-up message
Co-authored-by: jon <jon@jonbogaty.com>
* Checkpoint before follow-up message
Co-authored-by: jon <jon@jonbogaty.com>
* feat(fleet): Add bidirectional coordination channel
- Add FLEET_COORDINATION.md for coordination protocol docs
- Add coordinator.ts for bidirectional event loop
- OUTBOUND: Fan-out status checks to sub-agents
- INBOUND: Poll coordination PR for @cursor mentions
- Add fleet-coordinator to process-compose.yml
- Creates GitHub as message bus for agent coordination
Implements the pattern where:
1. Control manager periodically checks sub-agents (outbound)
2. Sub-agents report status via PR comments (inbound)
3. @cursor mentions trigger automated dispatch
* feat(fleet): Add bidirectional coordination to Fleet class
- Add coordinate() method for bidirectional event loop
- OUTBOUND: Fan-out status checks to sub-agents
- INBOUND: Poll coordination PR for @cursor mentions
- Add fetchPRComments() and postPRComment() for GitHub integration
- Add 'coordinate' CLI command
- Add fleet-coordinator to process-compose.yml
- Add FLEET_COORDINATION.md docs
Uses GitHub as message bus:
1. Control manager periodically checks sub-agents (outbound)
2. Sub-agents report status via PR comments (inbound)
3. @cursor mentions trigger automated dispatch
* Refactor fleet to handle COMPLETED status and improve GitHub API calls
Co-authored-by: jon <jon@jonbogaty.com>
* Checkpoint before follow-up message
Co-authored-by: jon <jon@jonbogaty.com>
* feat(ruler): Restore .ruler/ structure + add fleet coordination
Restores .ruler/ directory that was migrated to wiki in PR #193.
Core agent rules MUST be in-repo for bootstrap (chicken-egg problem).
Added:
- .ruler/fleet-coordination.md - cursor-fleet usage and coordination protocol
Restored from 6d0c81d:
- AGENTS.md, README.md, copilot.md, cursor.md, ecosystem.md
- agent-self-sufficiency.md, environment-setup.md, ruler.toml
* Checkpoint before follow-up message
Co-authored-by: jon <jon@jonbogaty.com>
* refactor: Remove wiki, use GitHub Issues for session tracking
- Delete wiki/ directory (redundant sync to GitHub wiki)
- Delete publish-wiki.yml workflow
- Remove wiki references from .cursor/rules/
- Update .ruler/AGENTS.md to use GitHub Issues for session context
- cursor-fleet for agent coordination instead of wiki pages
GitHub Issues + Projects replace wiki for:
- Session context tracking
- Progress updates
- Blockers
- Agent coordination
* chore: Regenerate agent configs with ruler apply
- Updated AGENTS.md, CLAUDE.md with new session tracking approach
- Regenerated all agent-specific instruction files
- Updated .gitignore with ruler-managed paths
- Updated MCP configs
All agent rules now sourced from .ruler/ directory.
Session tracking now via GitHub Issues (not wiki).
---------
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
* chore(logging-release): release lifecyclelogging v202511.6.0 [skip ci]
Automatically generated by python-semantic-release
* feat(connectors): Complete terraform-modules migration gaps - 100% feature parity (#245)
* feat(connectors): complete terraform-modules migration gaps
## Summary
Implements all missing functions identified in issue #220 to achieve 100%
feature parity with terraform-modules.
## AWS Additions (~67% → 100%)
- `label_account`: Apply labels/tags to AWS accounts
- `classify_accounts`: Classify accounts by OU/tags (prod, staging, dev, etc)
- `preprocess_organization`: Preprocess org data for terraform consumption
- `get_bucket_sizes`: Get S3 bucket sizes via CloudWatch metrics
## Google Additions (~72% → 100%)
- `get_project_iam_users`: Get IAM users with roles for a project
- `get_pubsub_resources_for_project`: Aggregate Pub/Sub topics and subscriptions
- `find_inactive_projects`: Find projects without resources or non-ACTIVE state
- `list_available_licenses`: List Google Workspace license assignments
- `get_license_summary`: Summarize license usage by product/SKU
- `get_bigquery_billing_dataset`: Get billing export dataset configuration
- `setup_billing_export`: Set up BigQuery billing export
## GitHub Additions (~75% → 100%)
- `get_users_with_verified_emails`: Get verified domain emails via GraphQL
- `build_workflow`: Build GitHub Actions workflow structure
- `build_workflow_job`: Build workflow job configuration
- `build_workflow_step`: Build workflow step configuration
- `create_python_ci_workflow`: Create standard Python CI workflow
Closes migration gaps from bc-e4aa4260 verification agent findings.
* test(connectors): cover aws org + google billing mixins
Add regression tests for org classification/labeling and billing pagination to satisfy the package coverage gate.
---------
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
* chore(dic-release): release directed-inputs-class v202511.6.0 [skip ci]
Automatically generated by python-semantic-release
* feat(dic): Add decorator-based input handling API (#247)
* feat(dic): Add decorator-based input handling API
Add @directed_inputs class decorator and @input_config method decorator
as modern alternatives to DirectedInputsClass inheritance.
## New Features
- `@directed_inputs` class decorator for automatic input loading
- `@input_config` method decorator for per-parameter configuration
- Automatic type coercion (bool, int, float, Path, datetime, dict, list)
- Case-insensitive key lookup
- Full backward compatibility with legacy DirectedInputsClass API
## Components
- `decorators.py`: New decorator implementations
- `InputContext`: Runtime input storage and lookup
- `InputConfig`: Per-parameter configuration dataclass
## Tests
- 23 new tests for decorator API
- 39 total tests passing (16 legacy + 23 new)
Part of terraform-modules migration architectural refactor.
Depends on: PR #246 (docs/wiki-orchestration-update)
* fix(dic): Address AI review feedback for decorator API
Fixes:
- Python 3.9 compatibility: types.UnionType check now uses hasattr
- Security: Stdin limited to 1MB to prevent DoS (CWE-400)
- Bug: Positional arguments now correctly override env values
- Import: Fixed docstring import path to directed_inputs_class
- Bug: Fixed decode_yaml self-reference in _decode_value
Added test for positional argument override behavior.
Addresses feedback from Amazon Q, Gemini, Copilot, and Cursor reviews.
* fix(dic): Add type coercion error handling and update README link
---------
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
* chore(dic-release): release directed-inputs-class v202511.7.0 [skip ci]
Automatically generated by python-semantic-release
* Fix critical issues in python-terraform-bridge (#253)
* feat: Add decorator support for DirectedInputsClass
Co-authored-by: jon <jon@jonbogaty.com>
* fix(lint): Fix all linting errors in directed-inputs-class and python-terraform-bridge
- Move Mapping/MutableMapping imports to TYPE_CHECKING block
- Extract error message strings to module-level constants
- Remove dead code after return statement in _format_public_error
- Fix sorted(list()) to just sorted()
- Add noqa comment for intentional private attribute access in decorator
* fix(bridge): Complete truncated _print_help method
The _print_help method was truncated and missing the actual help output.
Added data source and null resource listing back.
---------
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
* chore(connectors-release): release vendor-connectors v202511.10.0 [skip ci]
Automatically generated by python-semantic-release
* fix(ci): Add python-terraform-bridge to CI release matrix (#255)
* Bump directed-inputs-class to 202511.7.0
Co-authored-by: jon <jon@jonbogaty.com>
* Checkpoint before follow-up message
Co-authored-by: jon <jon@jonbogaty.com>
* fix(ci): add python-terraform-bridge to CI release matrix
Also fixes .ruler/AGENTS.md documentation to accurately describe the
actual release workflow (PSR + CalVer), not the non-existent CalVer +
GitHub run number workflow that was confusing agents.
Changes:
- Add python-terraform-bridge to build, test, release, and docs matrices
- Rewrite .ruler/AGENTS.md to document actual PSR-based workflow
- Document conventional commit scopes for all packages
* fix(ci): add python-terraform-bridge to tox.ini
* fix(ci): exclude python-terraform-bridge from Python 3.9 tests
PTB requires Python 3.10+ per its pyproject.toml requires-python setting.
* fix(bridge): restore Python 3.9 compatibility
- Remove misguided CI exclusion for Python 3.9 tests
- Fix requires-python back to >=3.9
- Code already uses 'from __future__ import annotations' so union syntax works
* fix(ci): use correct test extra name for python-terraform-bridge
PTB uses [test] not [tests] as the optional dependency name.
---------
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
* chore(ptb-release): release python-terraform-bridge v1.0.0 [skip ci]
Automatically generated by python-semantic-release
* feat(fleet): Add direct CursorAPI client for bidirectional coordination (#261)
* Checkpoint before follow-up message
Co-authored-by: jon <jon@jonbogaty.com>
* fix(fleet): Address AI review security and validation feedback
Addresses critical issues from Amazon Q and Gemini code review:
Security Fixes:
- Add sanitizeError() to prevent API key/token leakage in errors
- Redact Bearer tokens and API keys from error messages
Input Validation:
- Add validateAgentId() with pattern matching (alphanumeric + hyphens)
- Add validatePromptText() with length limits
- Add validateRepository() with format validation
- All user inputs now validated before API calls
Reliability Fixes:
- Move clearTimeout to finally block for proper cleanup
- Handle empty responses (204 No Content)
- Handle non-JSON responses gracefully
- Catch JSON parsing errors with proper error message
Configuration:
- Make base URL configurable via options or CURSOR_API_BASE_URL env
- Add CursorAPIOptions interface for cleaner configuration
- Add static create() for backwards compatibility
- URL-encode agent IDs in all endpoints
Refs: #256
* feat(fleet): Add conversation splitter for large conversation analysis
Implements conversation splitting for easier analysis of agent sessions:
- splitConversation() - splits into batches and individual files
- quickSplit() - minimal options for rapid splitting
- Creates both JSON and readable text versions
- Organizes into /messages, /batches, and summary files
- Preserves original conversation JSON
- Handles Message type with text/type fields
Exports SplitOptions and SplitResult interfaces.
Refs: #256
* feat(fleet): Integrate CursorAPI and add split command
Major updates to cursor-fleet package:
CursorAPI Integration:
- All operations now prefer direct API when CURSOR_API_KEY is set
- Falls back to MCP client when API key not available
- Better performance and reliability for large conversations
New Features:
- split command: Split conversation into readable batches and files
- Creates /messages, /batches directories with JSON and TXT versions
- Integrates conversation-splitter module
API Methods Updated:
- list() - uses CursorAPI when available
- status() - uses CursorAPI when available
- spawn() - uses CursorAPI when available
- followup() - uses CursorAPI when available
- conversation() - uses CursorAPI when available (important for large convos)
- repositories() - uses CursorAPI when available
- split() - new method wrapping conversation-splitter
Refs: #256
* Checkpoint before follow-up message
Co-authored-by: jon <jon@jonbogaty.com>
* feat(fleet): Add AI-powered analysis with Vercel AI SDK + Claude
Major addition: AIAnalyzer module using @ai-sdk/anthropic for:
- Conversation analysis (completed/outstanding tasks, blockers)
- Code review with structured output
- Quick triage of text input
- Auto-generation of GitHub issues from analysis
New CLI Commands:
- cursor-fleet analyze <agent-id> --create-issues --dry-run
- cursor-fleet triage <text>
- cursor-fleet review --base main --head HEAD
Uses Claude claude-sonnet-4-20250514 by default for balance of speed/quality.
Zod schemas for structured output ensure type safety.
Also fixes:
- Add DEBUG logging for CursorAPI fallback (addresses AI review feedback)
This enables intelligent self-assessment before pushing:
- Analyze agent conversations automatically
- Create GitHub issues from outstanding work
- Review code changes with AI before push
Refs: #256
* docs(fleet): Add AI analysis documentation to README
* feat(fleet): Add Copilot integration for auto-PR creation from issues
Enhances AI analyzer to create Copilot-ready issues:
- Issues automatically get `copilot` label for auto-pickup
- Priority labels (`priority:critical`, `priority:high`) added
- Issue body includes clear acceptance criteria
- Context section guides AI agents to .ruler documentation
CLI updates:
- `--no-copilot` flag to skip copilot label if not wanted
Documentation:
- Comprehensive rewrite of .ruler/copilot.md
- Includes workflow for auto-generated issues
- Code patterns, testing requirements, security rules
- PR creation guidelines and commit message format
Labels created:
- `copilot` - Issues for Copilot auto-PR
- `priority:critical` - Critical priority
- `priority:high` - High priority
This creates a pipeline:
1. `cursor-fleet analyze` identifies outstanding tasks
2. Creates GitHub issues with `copilot` label
3. GitHub Copilot auto-creates PRs
4. CI validates, humans review and merge
Refs: #256
* feat(fleet): Add station-to-station handoff protocol
Enables seamless agent continuity across sessions:
Handoff Flow:
1. Predecessor completes SOW, identifies outstanding tasks
2. Predecessor initiates handoff, spawning successor
3. Successor confirms health back to predecessor
4. Successor retrieves predecessor's full conversation
5. Successor merges predecessor's PR (closes them out)
6. Successor creates own PR and continues work
New Components:
- HandoffManager class for managing handoff lifecycle
- HandoffContext for preserving state between agents
- Health check protocol (successor confirms to predecessor)
CLI Commands:
- cursor-fleet handoff initiate <id> --pr --branch --tasks
- cursor-fleet handoff confirm <predecessor-id>
- cursor-fleet handoff takeover <predecessor-id> <pr> <new-branch>
- cursor-fleet handoff status <id>
What Gets Preserved:
- Full conversation history (split into readable files)
- AI-analyzed completed work summary
- Outstanding tasks for successor
- Key decisions made
- PR and branch information
This solves the "agent discontinuity" problem where each agent
starts fresh. Instead, we have a chain of custody with proper
handoff and context preservation.
Refs: #256
* fix(fleet): Correct API endpoints and add self-identification
Fixes:
- Changed /background-agents to /agents (correct Cursor API endpoint)
- Fixed type definitions for AgentTarget (added prUrl, autoCreatePr, etc.)
- Handle both array and {agents: []} response formats
New Features:
- cursor-fleet self - Identify current running agent
- Matches by branch name or repository
Now agents can find themselves using their own tooling.
Refs: #256
---------
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
* docs: align instructions with SemVer (#263)
Completing docs/SemVer alignment from agent bc-57463b64 - Issue #257
* feat(connectors): migrate remaining terraform helpers (#264)
Completing terraform migrations from agent bc-57463b64 - Issue #258
* fix(fleet): correct API response parsing for list endpoints (#265)
Bug fix for cursor-fleet API response parsing - enables fleet list/repos commands to work correctly
* chore(connectors-release): release vendor-connectors v202511.11.0 [skip ci]
Automatically generated by python-semantic-release
* docs(agents): add MANDATORY AI QA review protocol before merge (#266)
* docs(agents): add MANDATORY AI QA review protocol before merge
BREAKING CHANGE: Agents must now engage AI reviewers before any merge.
Changes:
- Updated .cursor/rules/15-ai-qa-engagement.mdc with comprehensive mandatory protocol
- Added AI QA review section to .ruler/AGENTS.md
- Added review commands: /gemini review, /q review, @copilot review, @cursor review
- Added merge checklist requiring AI review completion
- Added feedback addressing requirements (fix or justify, never ignore)
This ensures quality by requiring peer review from AI agents on all PRs.
* fix(agents): address Amazon Q feedback on QA protocol
Fixes based on AI review feedback:
1. Clarified scope - explicit 'Required' vs 'Optional' sections
2. Fixed example to use conventional commit with scope
3. Added specific enforcement criteria
4. Added AI-to-AI conflict resolution process
5. Made checklists consistent between both files
6. Added audit trail and revert policy to enforcement
* fix(agents): address ALL inline feedback from Amazon Q and Gemini
Addressed feedback items:
From Amazon Q:
- Clarified 'ALWAYS Request Review For' to be specific items not 'any code changes'
- Added escalation path for cross-agent conflicts
- Updated example to use project-specific scope (dic)
- Specified all listed commands are valid QA agents
- Added detection mechanism for enforcement
- Clarified checklist item to require review 'completed'
- Added team lead escalation for revert policy
From Gemini:
- Changed 'MUST fix' to 'MUST be resolved' (allows false positive handling)
- Clarified 'Out of scope' not valid for critical/high items
- Added Thread Resolution section defining when thread is resolved
- Made checklists identical between both files
- Added severity-based feedback section to AGENTS.md
- Changed 'fixed' to 'resolved' in all checklists
* Checkpoint before follow-up message
Co-authored-by: jon <jon@jonbogaty.com>
* fix(agents): address Copilot/Gemini feedback + add auto AI review settings
Addressed feedback:
- Copilot: Added GITHUB_JBCOM_TOKEN to example workflow
- Copilot: Added --delete-branch flag to merge command
- Copilot: Added scope explanations in comments
- Gemini: Clarified 'dic' scope with full list of scopes
- Gemini: Made optional scope description consistent between files
New section:
- Added 'Repository Settings for Automatic AI Review' with instructions
for enabling Copilot code review, rulesets, and CODEOWNERS config
* fix(agents): clarify which AI reviewers are comment-triggered vs automatic
- /gemini review, /q review, @coderabbitai review -> Comment-triggered
- Copilot -> Automatic via repo settings OR manual assignment
- Cursor Bugbot -> Automatic on all PRs
This explains why '@copilot review' comment didn't work - Copilot needs
to be enabled in repo settings or manually added as reviewer.
* fix(agents): address final Gemini feedback
- Added specific false positive reporting process (create issue with ai-review-feedback label)
- Added 'automated' to Dependabot exception for consistency
- Formatted AI conflict resolution as bulleted list for readability
* Checkpoint before follow-up message
Co-authored-by: jon <jon@jonbogaty.com>
* fix(agents): address 5 Gemini feedback items
1. Added @copilot review and @cursor review to comment-triggered list
2. Fixed focused review syntax examples (Copilot uses natural language)
3. Fixed Copilot settings path: 'Code security and analysis'
4. Changed 'Optional' to 'Not Required' for clarity
* Checkpoint before follow-up message
Co-authored-by: jon <jon@jonbogaty.com>
* feat(ai-triage): add AI-powered PR triage package
New package providing automated PR triage capabilities:
- GitHubClient: Fetch PR data, CI status, feedback
- Analyzer: AI-powered analysis using Claude via Vercel AI SDK
- Resolver: Auto-resolve feedback and blockers
- Triage: Orchestrate full triage workflows
CLI commands:
- ai-triage analyze <pr> - Full triage report
- ai-triage status <pr> - Quick status check
- ai-triage plan <pr> - Resolution plan without execution
- ai-triage resolve <pr> - Auto-resolve issues
- ai-triage run <pr> - Full workflow until ready
Built to address the manual triage burden demonstrated in PR #266.
* fix(agents): add 'severity' to medium items checklist
Address Gemini feedback for consistency with main protocol document.
---------
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
* feat(ai-triage): complete AI-powered PR triage package with MCP integration (#270)
* docs(agents): add MANDATORY AI QA review protocol before merge
BREAKING CHANGE: Agents must now engage AI reviewers before any merge.
Changes:
- Updated .cursor/rules/15-ai-qa-engagement.mdc with comprehensive mandatory protocol
- Added AI QA review section to .ruler/AGENTS.md
- Added review commands: /gemini review, /q review, @copilot review, @cursor review
- Added merge checklist requiring AI review completion
- Added feedback addressing requirements (fix or justify, never ignore)
This ensures quality by requiring peer review from AI agents on all PRs.
* fix(agents): address Amazon Q feedback on QA protocol
Fixes based on AI review feedback:
1. Clarified scope - explicit 'Required' vs 'Optional' sections
2. Fixed example to use conventional commit with scope
3. Added specific enforcement criteria
4. Added AI-to-AI conflict resolution process
5. Made checklists consistent between both files
6. Added audit trail and revert policy to enforcement
* fix(agents): address ALL inline feedback from Amazon Q and Gemini
Addressed feedback items:
From Amazon Q:
- Clarified 'ALWAYS Request Review For' to be specific items not 'any code changes'
- Added escalation path for cross-agent conflicts
- Updated example to use project-specific scope (dic)
- Specified all listed commands are valid QA agents
- Added detection mechanism for enforcement
- Clarified checklist item to require review 'completed'
- Added team lead escalation for revert policy
From Gemini:
- Changed 'MUST fix' to 'MUST be resolved' (allows false positive handling)
- Clarified 'Out of scope' not valid for critical/high items
- Added Thread Resolution section defining when thread is resolved
- Made checklists identical between both files
- Added severity-based feedback section to AGENTS.md
- Changed 'fixed' to 'resolved' in all checklists
* Checkpoint before follow-up message
Co-authored-by: jon <jon@jonbogaty.com>
* fix(agents): address Copilot/Gemini feedback + add auto AI review settings
Addressed feedback:
- Copilot: Added GITHUB_JBCOM_TOKEN to example workflow
- Copilot: Added --delete-branch flag to merge command
- Copilot: Added scope explanations in comments
- Gemini: Clarified 'dic' scope with full list of scopes
- Gemini: Made optional scope description consistent between files
New section:
- Added 'Repository Settings for Automatic AI Review' with instructions
for enabling Copilot code review, rulesets, and CODEOWNERS config
* fix(agents): clarify which AI reviewers are comment-triggered vs automatic
- /gemini review, /q review, @coderabbitai review -> Comment-triggered
- Copilot -> Automatic via repo settings OR manual assignment
- Cursor Bugbot -> Automatic on all PRs
This explains why '@copilot review' comment didn't work - Copilot needs
to be enabled in repo settings or manually added as reviewer.
* fix(agents): address final Gemini feedback
- Added specific false positive reporting process (create issue with ai-review-feedback label)
- Added 'automated' to Dependabot exception for consistency
- Formatted AI conflict resolution as bulleted list for readability
* Checkpoint before follow-up message
Co-authored-by: jon <jon@jonbogaty.com>
* fix(agents): address 5 Gemini feedback items
1. Added @copilot review and @cursor review to comment-triggered list
2. Fixed focused review syntax examples (Copilot uses natural language)
3. Fixed Copilot settings path: 'Code security and analysis'
4. Changed 'Optional' to 'Not Required' for clarity
* Checkpoint before follow-up message
Co-authored-by: jon <jon@jonbogaty.com>
* Checkpoint before follow-up message
Co-authored-by: jon <jon@jonbogaty.com>
* Checkpoint before follow-up message
Co-authored-by: jon <jon@jonbogaty.com>
* Checkpoint before follow-up message
Co-authored-by: jon <jon@jonbogaty.com>
* Checkpoint before follow-up message
Co-authored-by: jon <jon@jonbogaty.com>
* feat: Upgrade AI SDK and add EnhancedAgent
This commit upgrades the AI SDK to v5/v6, introducing the new EnhancedAgent class. This agent provides advanced capabilities like reasoning, web search, and tool approval, along with improved MCP integration. The CLI and package exports have been updated to reflect these changes.
Co-authored-by: jon <jon@jonbogaty.com>
* fix(ai-triage): address critical security feedback from AI reviewers
Security improvements:
- Add path traversal protection (validatePath utility)
- Add filename sanitization for shell commands
- Fix git diff command injection vulnerability
- Fix delete_file path traversal vulnerability
- Fix process.env type assertion in MCP clients
Addresses Amazon Q and Gemini critical/high severity feedback.
---------
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
* feat(fleet): station-to-station handoff context bc-3248f18e → bc-c34f7797 (#272)
* feat(fleet): add station-to-station handoff context
Handoff from bc-3248f18e to bc-c34f7797:
- Predecessor context saved for successor
- Active coordination with terraform agent bc-d25d79d9
- All completed work documented
* fix(fleet): align handoff context.json with HandoffContext interface
- Rename keyDecisions → decisions (matches interface)
- Add predecessorPr: 272 (required by CLI)
- Add predecessorBranch (required by CLI)
Fixes JSON schema mismatch that would cause TypeError when
running `cursor-fleet handoff status bc-3248f18e...`.
Re: Gemini's structured outstandingTasks suggestion - deferred
to a separate PR as it requires interface changes in handoff.ts.
---------
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
* docs: fix test instructions + repository health audit (#275)
* Checkpoint before follow-up message
Co-authored-by: jon <jon@jonbogaty.com>
* docs: fix test instructions to use tox instead of uv run pytest
The agent documentation incorrectly stated tests should be run with
`uv run pytest`. The actual testing infrastructure uses tox with
tox-uv for CI-consistent isolated testing.
Updated:
- .ruler/AGENTS.md - Local development section
- .ruler/environment-setup.md - Running tests and quick reference sections
Regenerated all agent configs via `ruler apply`:
- AGENTS.md, CLAUDE.md, .github/copilot-instructions.md
- .codex/rules, .roo/rules
* docs: use $HOME instead of /root for portable path
Address Gemini review feedback - hardcoded /root/.local/bin assumes
root user, $HOME/.local/bin works for any user.
---------
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
* feat(fleet): Document agent-to-agent communication pattern and add COPILOT_MCP_* env support (#276)
* Initial plan
* Initial investigation: Assess Cursor API followup limitation
Co-authored-by: jbcom <2650679+jbcom@users.noreply.github.com>
* Add COPILOT_MCP_ environment variable support for testing
Co-authored-by: jbcom <2650679+jbcom@users.noreply.github.com>
* Prioritize COPILOT_MCP_* environment variables across all packages
Co-authored-by: jbcom <2650679+jbcom@users.noreply.github.com>
* Add Context7 API key and finalize COPILOT_MCP_* support
Co-authored-by: jbcom <2650679+jbcom@users.noreply.github.com>
* Fix code review feedback: correct paths and remove unimplemented auto-gen docs
Co-authored-by: jbcom <2650679+jbcom@users.noreply.github.com>
* Update packages/cursor-fleet/docs/FOLLOWUP_INVESTIGATION.md
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* Final cleanup: fix date, require TEST_REPO for safety
Co-authored-by: jbcom <2650679+jbcom@users.noreply.github.com>
* Reframe as working-as-designed: PR comments are the correct pattern for agent coordination
Co-authored-by: jbcom <2650679+jbcom@users.noreply.github.com>
* Checkpoint before follow-up message
Co-authored-by: jon <jon@jonbogaty.com>
* Refactor status command to use envVars array
Co-authored-by: jon <jon@jonbogaty.com>
* Checkpoint before follow-up message
Co-authored-by: jon <jon@jonbogaty.com>
* Checkpoint before follow-up message
Co-authored-by: jon <jon@jonbogaty.com>
* Refactor MCP client configuration and environment variable handling
Co-authored-by: jon <jon@jonbogaty.com>
---------
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: jbcom <2650679+jbcom@users.noreply.github.com>
Co-authored-by: Jon Bogaty <jon@jonbogaty.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
* fix(ci): Replace manual version parsing and git operations with PSR and official GitHub Actions (#279)
* Initial plan
* fix(ci): Replace hacky version parsing with PSR, add GitHub release action
Co-authored-by: jbcom <2650679+jbcom@users.noreply.github.com>
* fix(ci): Replace grep/sed version parsing in docs step with Python tomllib
Co-authored-by: jbcom <2650679+jbcom@users.noreply.github.com>
* feat(ci): Replace all hacky scripts with proper GitHub Actions for sync and docs
Co-authored-by: jbcom <2650679+jbcom@users.noreply.github.com>
* fix(ci): Address code review feedback - add skip-existing and fix terminology
Co-authored-by: jbcom <2650679+jbcom@users.noreply.github.com>
* docs: Add before/after comparison document
Co-authored-by: jbcom <2650679+jbcom@users.noreply.github.com>
* Update CI to ignore new cache dirs and use latest actions
Co-authored-by: jon <jon@jonbogaty.com>
* Update .github/sync/extended-data-types.yml
Co-authored-by: amazon-q-developer[bot] <208079219+amazon-q-developer[bot]@users.noreply.github.com>
* Update .github/workflows/ci.yml
Co-authored-by: amazon-q-developer[bot] <208079219+amazon-q-developer[bot]@users.noreply.github.com>
* fix(ci): Use PSR for version detection in docs job, remove manual parsing
- Replace hacky Python tomllib parsing with `semantic-release version --print-last-released`
- Add fetch-depth: 0 for git history access
- Fix corrupted extended-data-types.yml sync config
- Remove 2>/dev/null suppressions
---------
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: jbcom <2650679+jbcom@users.noreply.github.com>
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
Co-authored-by: jon <jon@jonbogaty.com>
Co-authored-by: amazon-q-developer[bot] <208079219+amazon-q-developer[bot]@users.noreply.github.com>
* fix(ci): correct repo-file-sync-action version to v1.21.1 (#280)
The version v1.22.0 does not exist. Latest available is v1.21.1.
This was causing all release jobs to fail during "Set up job" phase.
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
* fix(ci): remove invalid --skip-existing flag from semantic-release (#281)
The --skip-existing flag doesn't exist in python-semantic-release.
The "Check if release needed" step already handles this logic.
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
* Revert "fix(ci): correct repo-file-sync-action version to v1.21.1" (#282)
* Revert "fix(ci): correct repo-file-sync-action version to v1.21.1 (#280)"
This reverts commit 8548ef167113f5ace90618fb1b5a182fb61f4648.
* Update GitHub Actions checkout and other action versions
Co-authored-by: jon <jon@jonbogaty.com>
* Checkpoint before follow-up message
Co-authored-by: jon <jon@jonbogaty.com>
* fix(ci): pin all GitHub Actions to commit SHAs with latest versions
Updated ALL workflow files with SHA-pinned actions fetched from GitHub releases API:
ci.yml:
- actions/checkout: v6.0.0 (1af3b93b6815bc44a9784bd300feb67ff0d1eeb3)
- hynek/build-and-inspect-python-package: v2.14.0 (efb823f52190ad02594531168b7a2d5790e66516)
- actions/setup-python: v6.1.0 (83679a892e2d95755f2dac6acb0bfd1e9ac5d548)
- hynek/setup-cached-uv: v2.3.0 (757bedc3f972eb7227a1aa657651f15a8527c817)
- actions/cache: v4.3.0 (0057852bfaa89a56745cba8c7296529d2fc39830)
- re-actors/alls-green: v1.2.2 (05ac9388f0aebcb5727afa17fcccfecd6f8ec5fe)
- actions/download-artifact: v6.0.0 (018cc2cf5baa6db3ef3c5f8a56943fffe632ef53)
- pypa/gh-action-pypi-publish: v1.13.0 (ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e)
- softprops/action-gh-release: v2.4.2 (5be0e66d93ac7ed76da52eca8bb058f665c3a5fe)
- BetaHuhn/repo-file-sync-action: v1.21.1 (8b92be3375cf1d1b0cd579af488a9255572e4619)
- peaceiris/actions-gh-pages: v4.0.0 (4f9cc6602d3f66b9c108549d475ec49e8ef4d45e)
Other workflows:
- dependabot/fetch-metadata: v2.4.0 (08eff52bf64351f401fb50d4972fa95b9f2c2d1b)
- actions/github-script: v8 (ed597411d8f924073f98dfc5c65a23a2325f34cd)
- anthropics/claude-code-action: v1 (a7e4c51380c42dd89b127f5e5f9be7b54020bc6b)
All SHAs verified by fetching latest releases from GitHub API and resolving
annotated tags to their underlying commit SHAs.
---------
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
* Check pypi token config for trusted publishing (#283)
* Fix: Remove unnecessary PyPI token permissions
Co-authored-by: jon <jon@jonbogaty.com>
* Checkpoint before follow-up message
Co-authored-by: jon <jon@jonbogaty.com>
* Checkpoint before follow-up message
Co-authored-by: jon <jon@jonbogaty.com>
* Checkpoint before follow-up message
Co-authored-by: jon <jon@jonbogaty.com>
* Checkpoint before follow-up message
Co-authored-by: jon <jon@jonbogaty.com>
* Fix: Update mypy dependencies to use specific type stubs
Co-authored-by: jon <jon@jonbogaty.com>
* Checkpoint before follow-up message
Co-authored-by: jon <jon@jonbogaty.com>
* Update .ruler/environment-setup.md
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* Checkpoint before follow-up message
Co-authored-by: jon <jon@jonbogaty.com>
* Checkpoint before follow-up message
Co-authored-by: jon <jon@jonbogaty.com>
* Refactor: Clarify tool usage rules for agents
Co-authored-by: jon <jon@jonbogaty.com>
---------
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* feat: Unified agentic-control package with intelligent multi-org token switching (#285)
* feat: add unified agentic-control package with intelligent token switching
Introduces agentic-control - a new public npm package that unifies all agent
tooling under one product-grade package with:
Core Features:
- Intelligent token switching (GITHUB_FSC_TOKEN for FlipsideCrypto,
GITHUB_JBCOM_TOKEN for jbcom, consistent PR review identity)
- Fleet management (spawn, monitor, coordinate Cursor Background Agents)
- AI-powered triage (conversation analysis, code review)
- Station-to-station handoff protocol
- Token-aware GitHub operations
Package Structure:
- packages/agentic-control/src/core/ - Types, tokens, config
- packages/agentic-control/src/fleet/ - Cursor agent management
- packages/agentic-control/src/triage/ - AI analysis
- packages/agentic-control/src/github/ - Multi-org GitHub client
- packages/agentic-control/src/handoff/ - Agent handoff protocols
- packages/agentic-control/src/cli.ts - Unified CLI
Also updates Dockerfile to include:
- @intellectronica/ruler (globally installed)
- @anthropic-ai/claude-code (globally installed)
- Verification step for all tools
Tests: 19 passing tests for token management
* fix(agentic-control): address all security issues and make fully configurable
Security fixes:
- Fix command injection vulnerabilities using spawnSync instead of execSync
- Fix ReDoS vulnerability in extractOrg regex
- Fix SSRF vulnerability by removing env var override for baseUrl
- Fix token leakage in git clone by using stdio: pipe
- Add input validation for git refs, branch names, PR numbers
Configuration improvements:
- Remove ALL hardcoded organization names and tokens
- Make package fully configurable via agentic.config.json
- Add environment variable patterns for dynamic org configuration
- Require explicit repo configuration for issue creation
Other improvements:
- Add LICENSE file (MIT)
- Set version to 0.0.0 for semantic-release
- Use crypto.randomUUID() for unique IDs
- Add proper try-catch to all CLI handlers
- Add parseInt validation for CLI options
- Update Dockerfile with version pinning and consistent pnpm usage
- Update tests to work with configurable token system (27 tests passing)
- Update README with generic examples instead of hardcoded orgs
This makes agentic-control a proper OSS package ready for public release.
* Refactor: Update dependencies and fix build issues
Co-authored-by: jon <jon@jonbogaty.com>
* feat(agentic-control): add workspace configuration for dog-fooding
Add the actual configuration that we use internally:
- agentic.config.json: Configure jbcom and FlipsideCrypto organizations
with their respective tokens and PR review settings
- .env.example: Document all required environment variables
- .ruler/cursor.md: Update agent rules to reference agentic-control CLI
This completes the transition from hardcoded values in the package
to user-provided configuration. We now dog-food our own package.
* Checkpoint before follow-up message
Co-authored-by: jon <jon@jonbogaty.com>
* fix: address Gemini review feedback
- Combine Docker RUN commands for global tools
- Fix existsSync import (use ES module import, remove require)
- Remove unused _owner/_repo params from outboundLoop
- Add APPROX_CHARS_PER_MESSAGE constant for clarity
---------
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
* chore(edt-release): release extended-data-types v202511.7.0 [skip ci]
Automatically generated by python-semantic-release
* fix: update default model to claude-4-opus for Cursor compatibility (#290)
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
* chore(edt-release): release extended-data-types v202511.7.1 [skip ci]
Automatically generated by python-semantic-rele…
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Document agent-to-agent communication pattern and add COPILOT_MCP_* env support
Description
Investigated reported issue where followups between agents don't reliably appear in conversation history. Analysis revealed this is the Cursor API's intended design -
addFollowupis for user-to-agent communication. For agent-to-agent coordination, GitHub PR comments via thecoordinatecommand is the semantically correct pattern.This PR documents the proper architectural pattern and adds COPILOT_MCP_* environment variable support to enable seamless testing in Copilot agent environments.
Fixes #274
Type of change
Changes Made
Investigation & Documentation
packages/cursor-fleet/docs/FOLLOWUP_INVESTIGATION.mdwith technical analysispackages/cursor-fleet/README.mdsection from "Known Limitations" to "Agent-to-Agent Communication"docs/ENVIRONMENT_VARIABLES.mdas comprehensive env var referenceCOPILOT_MCP_* Environment Variable Support
All packages now prioritize
COPILOT_MCP_*prefixed environment variables before standard names:Supported variables:
COPILOT_MCP_CURSOR_API_KEY→CURSOR_API_KEY(cursor-fleet, ai-triage)COPILOT_MCP_GITHUB_TOKEN→GITHUB_JBCOM_TOKEN,GITHUB_TOKEN(cursor-fleet, ai-triage)COPILOT_MCP_ANTHROPIC_API_KEY→ANTHROPIC_API_KEY(cursor-fleet)COPILOT_MCP_CONTEXT7_API_KEY→CONTEXT7_API_KEY(ai-triage)Files updated:
cursor-api.ts,mcp-client.ts,fleet.ts,handoff.ts,ai-analyzer.ts,README.mdmcp-clients.ts,cli.tsTesting Infrastructure
test-followup-delivery.tsfor empirical validation (requires explicitTEST_REPO)@types/nodedependencyRecommended Pattern
GitHub PR comments via
coordinatecommand provide reliable bidirectional agent-to-agent communication (already implemented, now properly documented as the correct architectural pattern).Dogfooding Verification
How has this been tested?
Test Configuration:
Checklist
Original prompt
💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.
Note
Adds COPILOT_MCP_* env var priority across packages, documents Cursor followup eventual consistency, updates CLI status checks, and adds a followup delivery test.
COPILOT_MCP_*→ standard)packages/cursor-fleet: use prefixed vars insrc/cursor-api.ts,src/mcp-client.ts,src/ai-analyzer.ts,src/fleet.ts,src/handoff.ts(GitHub/Anthropic/Cursor keys).packages/ai-triage: updatesrc/mcp-clients.tsandsrc/cli.tsto preferCOPILOT_MCP_CURSOR_API_KEY,COPILOT_MCP_GITHUB_TOKEN,COPILOT_MCP_CONTEXT7_API_KEY.docs/ENVIRONMENT_VARIABLES.mddetailing variable priority and usage.packages/cursor-fleet/docs/FOLLOWUP_INVESTIGATION.mdwith findings and recommendations.packages/cursor-fleet/README.md: add “Known Limitations” on followup delivery and workaround.ai-triage mcp status: reflects new env precedence and trims checks.handoff.ts: note about eventual consistency in health-check polling.packages/cursor-fleet/src/test-followup-delivery.tsto verify bidirectional followup visibility.packages/cursor-fleet/tsconfig.json: include Node types; dev types updated.Written by Cursor Bugbot for commit 75e0087. This will update automatically on new commits. Configure here.