Conversation
Explains the two-store architecture, search strategy, memory types with TTLs, search engine fallback chain, and MCP tools/resources.
- Snapshot active_subagents dict before iteration in cancel_all to prevent RuntimeError - Add proper shutdown event handling with fallback force exit in main loop - Replace connection caching with per-operation connections in memory store for thread safety - Add row-level locking and retry logic to issue_response_manager and task_type_manager - Rewrite work_queue with WAL mode, busy timeout, and immediate transactions - Add comprehensive concurrency test suite (16 tests) and benchmarks - Update pytest markers with clearer descriptions
Windows CI runners hit 45 ops/sec which is fine but tripped the 50 ops/sec floor. 30 ops/sec still catches real regressions without flaking on slower CI hardware.
Throughput benchmarks are too variable on shared CI runners (10-45 ops/sec on Windows). Mark them with @pytest.mark.benchmark and exclude from CI. Run locally with: pytest -m benchmark
Fix concurrency issues across storage layer
- Add ALLOWED_UPDATE_COLUMNS allowlist in work_queue.py to validate column names before SQL interpolation in update_work() - Add -- end-of-options separator and file_pattern regex validation in MCP _search_codebase() to prevent grep flag injection - Apply shlex.quote() to task fields in HookExecutor before shell command format substitution to prevent shell injection
Three public MemoryStore methods were not protected by self._lock despite the connection using check_same_thread=False. Concurrent reads during an in-progress write could observe partial state. - Wrap list_memories, count, and prune_expired with `with self._lock:` matching the pattern used by store, get, delete, search, and close - Add lock-invariant docstring to _update_access noting it must only be called from already-locked contexts (via _search_semantic/_search_keyword) - Replace silent `except: pass` on vector deletion in delete and prune_expired with logger.warning calls so failures are visible
Replace all >= range specifiers with == exact versions across main dependencies, all optional groups (github, dev, test, mcp, memory, opencode), and build-system requires. Versions resolved from the installed pipx sugarai venv and current PyPI releases.
The billing module (sugar/billing/) was fully implemented but never imported or used anywhere in the codebase. It does not belong in this open-source tool. Removes the module, its tests, conftest fixtures, and all doc references.
Adds a contributor-focused architecture doc with ASCII system diagram, component descriptions sourced from actual code, data flow walkthrough, memory model reference, and directory map. Adds five workflow guides (security auto-fix, bug triage, test coverage, code quality, feature development) with realistic config snippets, CLI commands, and example terminal output.
Lead with the value proposition: scan tools find problems, Sugar resolves them. Add comparison section showing Sugar as the resolution layer in the AI dev tool stack.
Fix security vulnerabilities in work queue, MCP server, and hooks
Add missing locks to MemoryStore public methods
Pin all dependencies to exact versions
Remove unused billing module
Update CHANGELOG through v3.9.0
Document hold, release, logs, and opencode CLI commands
Add Architecture.md and workflow examples
Reposition README as autonomous issue resolution tool
- .gitignore: remove duplicate entries (.DS_Store x3, .mypy_cache/ x2,
*.swp/*.swo/*~ x2 each), add .fastembed_cache/ (86MB ML model cache),
add .env.local
- api_keys.py: remove unused key_bytes variable in generate_key(); raise
ValueError when SUGAR_SIGNING_SECRET is absent instead of silently
generating a random secret that invalidates all keys on restart
- store.py: replace bare except/pass on vector delete with logger.warning;
remove no-op .replace('AND', ...) in LIKE fallback query; add
logger.warning when unknown memory_type silently defaults to DECISION
Fix gitignore gaps, dead code, and silent error handling
Update description across pyproject.toml, CLI help, and plugin README to reflect autonomous issue resolution positioning.
Update CHANGELOG with all changes since v3.9.0. Set version to 3.9.1 for release.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Release v3.9.1
Security
Fixed
Changed
Added
Removed
Test plan