Skip to content

Release batch: Browser IDE + Inference Mesh landing + bookmark removal + dependency consolidation#620

Merged
nikolanovoselec merged 125 commits into
mainfrom
develop
Jul 12, 2026
Merged

Release batch: Browser IDE + Inference Mesh landing + bookmark removal + dependency consolidation#620
nikolanovoselec merged 125 commits into
mainfrom
develop

Conversation

@nikolanovoselec

@nikolanovoselec nikolanovoselec commented Jul 6, 2026

Copy link
Copy Markdown
Owner

Summary

Batches all develop work since the last main merge (#616) into one release PR — 96 commits spanning a major new feature, a landing-page rebuild, a full-stack feature removal, a consolidation of every open dependency bump, a container image-size reduction, and a round of owner-reported mobile/landing polish. Threads below, each traceable to its REQs.

1. Browser IDE — per-session OpenVSCode Server (new feature)

A full VS Code editor (OpenVSCode Server v1.109.5) runs inside each session's container over ~/workspace, reached from the header through the existing Worker → Container → host proxy at /api/vscode/<sessionId>/. It is session-keyed only — the deliberate opposite of the bucket-stable Vault (REQ-VAULT-021): a distinct base-path, service-worker scope, ephemeral /tmp --server-data-dir, and container per session, so two sessions get two isolated editors. Because OpenVSCode is base-path-native (--server-base-path), the path forwards unchanged (no /vault-style strip, no HTML graft). It reuses the Vault's session-safe auth chain (origin → authenticate+CSRF → tier → ownership → health) and the container-auth bearer injection — no new Worker, Durable Object, binding, or auth system. Lazy-started by an advanced-mode supervisor gated on init-flag + first-request trigger + resolved SESSION_ID, torn down via pidfile; while it boots the host serves a 503 auto-refreshing warming page, and a non-advanced session is refused at the host (409). The WS proxy raises maxPayload to 32 MiB because VS Code protocol messages exceed the terminal's 64 KiB. Workspace edits persist through the existing final-sync.

  • REQ-IDE-001, REQ-IDE-002, REQ-IDE-003; AD95 (session-isolated, the opposite of the bucket-stable Vault). 22 vendored OpenVSCode Server CVEs accepted in .trivyignore (single-tenant sandbox behind the auth chain); REQ-SEC-008 SAMEORIGIN amended.

2. Inference Mesh landing rebuild (#629)

The public landing now presents Inference Mesh as a second hero directly under the primary one — turn idle machines you own into private inference capacity, keep sessions warm on that capacity, keep sensitive work inside your boundary, treat a hosted model as a policy choice. Infrastructure operations is elevated to a peer section beside Security (a governed IT-ops run in the same gate grammar). Positioning retagged to "the agentic engineering engine" across the OG card, metadata, and llms.txt; the header "Enter The Matrix" sign-in CTA hover-decode is width-locked so the nav stops reflowing; mobile copy-to-terminal spacing unified behind a single --gap-copy-terminal token. A new Browser IDE continuity band (#ide, after Platform) presents the per-session VS Code editor as the bridge from the traditional SDLC to agentic work — the full workbench (activity rail, explorer file tree, editor, integrated terminal, status bar) built on the shared terminal chrome, framed as Visual Studio Code in the browser giving a bird's-eye view over the agent working at machine speed.

3. Terminal bookmark / preset feature removed (REQ-TERM-010 deleted)

Full-stack deletion of the header "bookmark" (== presets) feature: the header button + drawer and session-presets store (frontend), the /api/presets CRUD routes + presets:<bucket> KV + MAX_PRESETS (backend), the TabPreset types/schemas, the SDD REQ, all related unit/e2e tests, and every doc reference (architecture / container / ci-cd / vault / api-reference lanes + tutorial). Per-session tab layout (TabConfig/tabConfig, MAX_TABS), the preferences route, and the shared @keyframes header-bookmark-slide-in (reused by other dropdowns) are preserved.

  • REQ-TERM-010 deleted from sdd/spec/terminal.md (changelog entry in sdd/spec/changes.md).

4. Dependency consolidation (22 dependabot + shadow-pin bumps)

Every open Dependabot and shadow-pin bump, merged and made consistent:

  • npm (majors, fix-to-green): TypeScript 6→7 (host + web-ui), @types/node 25→26 (host + web-ui), Astro 6→7 (landing), Vite 8.0→8.1.4 (web-ui), the vitest monorepo aligned to 4.1.10 (all 9 @vitest/* packages in lockstep — the split #556/#553 couldn't resolve alone because @vitest/coverage-v8 peer-pins the exact vitest version).
  • npm (minor/patch): hono 4.12.29 (prod), puppeteer 25.3.0, motion 12.42.2, knip 6.26.0, oxlint 1.73.0, fast-check 4.9.0, @cloudflare/vitest-pool-workers, and the turnstile-spin worker template vitest 4.1.10 (with agent-seed.generated.ts regenerated).
  • Dockerfile shadow-pins: lazygit 0.63.0, zoxide 0.10.0 (real SHA256s computed + pinned).
  • GitHub Actions: actions/checkout 7, actions/cache 6.1, codeql-action 4.37 (×4), docker/setup-buildx-action 4.2.
  • graphify 0.9.6 → 0.9.12 (plugin pin + regenerated agent seed). Diffed upstream github.com/safishamsi/graphify: no breaking changes to our integration — all 7 MCP tools, the graphify.serve module + internals our lazy-wrapper imports, and every CLI verb/flag are unchanged (the 0.9.11 module refactor preserved import paths via re-exports).

5. Browser Run interactive MCP baked into the image

Claude Code and Pi no longer register the interactive Browser Run server via runtime npx -y chrome-devtools-mcp@.... The Dockerfile owns the single CHROME_DEVTOOLS_MCP_VERSION pin, warms that exact package into /opt/codeflare/chrome-devtools-mcp-npx-cache, links the resolved executable to /opt/codeflare/bin/chrome-devtools-mcp, and smoke-tests the stable bin at build time; entrypoint.sh registers that baked bin for both agents (Pi keeps lifecycle: lazy).

6. Shadow-pin automation follows the new source of truth

The chrome-devtools-mcp shadow-pin job now reads and rewrites CHROME_DEVTOOLS_MCP_VERSION in Dockerfile, not entrypoint.sh literals, so future bumps stay automatic while forcing the next image build to regenerate and smoke-test the baked cache.

7. VS Code / terminal stability fixes

Stabilised the VS Code websocket proxy, preserved terminal scrollback position during output (no more snap-to-bottom), made Claude Code /tui fullscreen conversations touch-scrollable on mobile (alternate-buffer wheel routing), and removed stale frontend imports.

8. Security: CVE acceptances

CVE-2026-39822 (Go os.Root symlink traversal) accepted in .trivyignore for the vendored gh/lazygit/silverbullet binaries (single-tenant sandbox, no attacker-controlled symlink tree), alongside the OpenVSCode CVE block from thread 1.

9. Container image-size reduction — build-time prewarm deactivation (AD96)

Codex, Copilot, and OpenCode no longer pay their prewarm at image-bake time: the Dockerfile's codex --version / copilot --version V8 compile-cache warm-ups and the opencode run "hello" DB-migration warm-up are commented out (not deleted — a one-line uncomment re-enables each). Claude Code and Pi keep their prewarm. Measured 3.55 GB → 3.26 GB (~290 MB): the OpenCode DB-migration layer (~147 MB of baked data) is gone and the compile-cache warm layer is now Pi-only. First launch of codex/copilot/opencode inside a fresh container now pays its own compile/migration cost once, instead of every image baking it forever.

  • REQ-AGENT-001 AC4 (pi-only build warm-up) + AC7 (Claude install-time smoke-test), AD96; documentation/lanes/container.md V8 + OpenCode sections.

10. Owner-reported landing/mobile polish

  • Hero accent-word scramble no longer flickers on mobile (REQ-LANDING-001). The idle "a coding assistant." shimmer re-wrapped the phrase and shoved the whole page down every frame on narrow screens, because churn glyphs are wider than the resting letters. A first width-lock attempt was rejected because it clipped wide glyphs; the shipped fix reserves each word's resting box with an invisible ghost copy and paints the churn on an out-of-flow absolute overlay — so a wide glyph paints freely past the box (never clipped) and never resizes the box (never reflows). Scoped to .scramble-box so the header hover CTA and footer word-mark uses are untouched.
  • Header sign-in CTA relabelled "Enter The Matrix" (REQ-LANDING-006). Content-model label rename; the Intent and AC1 were de-pinned from the literal copy so the spec no longer hardcodes marketing text (the component test already asserts the rendered label equals the content-model value).

11. Post-batch review hardening + public/private docs carve-out

Cumulative develop → main review (code / spec / doc lanes, four rounds) resolved every finding on the full 177-file diff with no behavior change: removed orphaned duplicate documentation image assets (canonical copies now under assets/documentation/), corrected the api-reference.md jump-TOC, and ran a corpus-wide acceptance-criteria pass — trimmed every over-length AC to the ≤45-word cap and lifted internal function names out of AC prose into their @impl anchors across ~28 REQs, with all @impl/@test anchors preserved and re-verified.

Separately hardened the public/private documentation boundary: the enterprise GitHub App registration permissions moved from the public lanes to codeflare-private (the default-mode OAuth scope stays public), and agent-facing carve-out guidance was added to documentation/README.md and CONTRIBUTING.md (non-default deployment secrets / variables / token scopes are read and modified in the private repo, never committed here). The graphify knowledge graph was rebuilt clean from scratch (AST-only) after the file deletions.

Known deferred (tracked, not blocking)

  • REQ-LANDING-001 carries pre-existing structural bloat — the whole landing narrative packed into one AC4 plus a large Constraints section. Logged as a deferred triage entry in sdd/spec/.review-queue.md for a dedicated landing-spec refactor / /sdd clean --scope=all, deliberately not folded into these incremental bug/copy fixes.
  • A handful of pre-existing documentation/ prose-length nits (AD87/AD95 list items, a few architecture.md paragraphs over the word cap) are likewise deferred to the next /sdd clean documentation sweep; unrelated to this batch's content.

Test plan

  • PR Checks green on this head (develop @ 46e6cad) — all 5 required checks (test, CodeQL, Analyze, Dependency Review, Property-based fuzzing).
  • PR Checks green on the final head (develop @ bd1be58) — all 5 required checks; every commit after 46e6cad is documentation / spec / graphify-artifact only (no code change), doc-lane review clean, graph rebuilt AST-only.
  • Review lanes (code / spec / doc) clean for 46e6cad; the one open item is the tracked-deferred REQ-LANDING-001 spec bloat (see "Known deferred").
  • Integration + enterprise-integration deploys dispatched off 46e6cad (runs 29165467817 / 29165468522).
  • The deps → develop consolidation (bookmark removal + all dependency bumps) passed full PR Checks green before merge (run 29152113149).
  • Browser IDE integration deploy green (run 29135785167); 7 clean PR feat: browser IDE — per-session OpenVSCode editor (REQ-IDE-001/002/003) #630 review rounds.
  • Browser Run cache integration deploy green (run 28825187886).
  • Prewarm-deactivation image build verified sound via the integration deploy off the prewarm change (run 29160243337); ~290 MB reduction measured per-layer.
  • Coverage: Browser IDE by src/__tests__/routes/vscode-validation.test.ts, host/__tests__/openvscode-proxy.test.js, host/__tests__/entrypoint-*openvscode* supervisor tests, and the two-session isolation e2e oracle. Browser Run cache by host/__tests__/dockerfile-browser-run-mcp.test.js + entrypoint-browser-run-mcp.test.js; shadow-pin source-of-truth by host/__tests__/workflow-files.test.js. Prewarm deactivation (pi-only V8 warm, Claude smoke-test) by host/__tests__/dockerfile-graphify.test.js (REQ-AGENT-001 AC4/AC6/AC7). Hero-scramble overlay + hover-decode width-lock + reduced-motion no-op by landing/src/__tests__/scramble.script.test.ts; CTA content-model label by landing/src/__tests__/components.test.ts. Bookmark removal verified by the deleted preset test files (no dead assertions) + trimmed Header.test.tsx/session.test.ts/user-cleanup.test.ts.

nikolanovoselec and others added 4 commits July 6, 2026 23:40
Bumps [actions/checkout](https://github.com/actions/checkout) from 6.0.3 to 7.0.0.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@df4cb1c...9c091bb)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 7.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [actions/cache](https://github.com/actions/cache) from 5.0.5 to 6.1.0.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](actions/cache@27d5ce7...55cc834)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-version: 6.1.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
@nikolanovoselec nikolanovoselec changed the title Release: Browser Run cache and dependency bumps Release batch: Browser Run cache, action pins + graphify bump Jul 6, 2026
nikolanovoselec and others added 15 commits July 10, 2026 18:16
…lip fix

REQ-LANDING-005: a second hero directly under the primary one presenting Inference Mesh as Codeflare's private inference layer. A <header> mirroring the primary hero (proof terminal left, copy right on desktop; copy first on mobile and for assistive tech), a concrete codeflare-mesh inference call in the shared Terminal/Transcript chrome, the shared scramble hook on 'inference mesh', and one external 'See it on GitHub' CTA. SECTION_ORDER is unchanged because the band is a <header>, not a main > section.

REQ-LANDING-006: the header sign-in CTA now reads 'Enter The Matrix' in the accent coral and decodes on hover/focus; aria-label='Sign in' and the href are unchanged, and the label moved into the typed content model.

Also fixes a pre-existing scramble bug: wide churn glyphs were clipped on the hero accent word because each word was pinned to a fixed-width gradient box. Width-stability now lives on the phrase container and the word spans are content-sized, so nothing is clipped and the line never reflows.
- Fix hero flare overlap: scramble no longer nowrap-locks its container, so
  'a coding assistant.' wraps naturally inside .hero-headline max-width; the
  clip fix is preserved via content-sized word spans.
- Mesh terminal now drives the shared typed reel (data-ft-loop) instead of the
  type-on-view cursor, so the proof reads as a running session.
- Re-anchor the mesh band with a bold 'inference fabric' positioning statement
  (the product's own README hero term) carrying the scramble; calm 'inference
  mesh' product line beneath. Drops the section-level ~/ chiplet.

REQ-LANDING-005 AC2/AC5/AC6; REQ-LANDING-001 shared flare behavior.
…on rhythm

- Mesh headline reuses the product's operator-console lockup: Codeflare (white,
  scrambles) over Inference Mesh (coral flare), right-aligned on desktop. Drops the
  interim fabric statement + product subtitle; fabric value prop folded into the
  description.
- Terminal model -> Kimi-K2.7-Code-GGUF:UD-Q8_K_XL; reel beat 27B -> 'large model'.
- Header sign-in label 'Enter The Matrix' -> 'Enter Matrix'.
- Halve --section-y to tighten inter-section whitespace (~50%).

REQ-LANDING-005 AC2/AC3/AC6; REQ-LANDING-006 AC1.
…wordmark repeat

- Headline is just 'Inference Mesh' (coral flare, scrambles); drop the repeated
  'Codeflare' display wordmark (header logo + hero lead already establish it).
- Reframe copy so the mesh reads as one OPTIONAL additional inference source, not
  Codeflare's only/default path: description opens 'Codeflare works with any
  inference provider' and keeps hosted providers first-class (default or fallback);
  terminal 'hosted-model fallback: policy, not default' -> 'hosted providers stay
  first-class'. Positioning-invariant constraint added.

REQ-LANDING-005 AC2/AC3/AC6.
Foreshadows the Inference Mesh band below by including inference in the rotating
'The agentic [word] engine' hero reel. Tests read HERO.kicker.words, so they
track the addition automatically.

REQ-LANDING-001.
… scramble flicker, Context dead-space, em-dash tripwire

- Operations peer section: promote the security/operations substation to its own
  #operations section with a governed infrastructure run in the security gate
  grammar (Zero-Trust-scoped reach, operator-approved plan, out-of-scope denied);
  lead broadened to patch servers, migrate workloads, provision clusters, and
  configure firewalls, proxies, appliances. Build and operate now read as co-equal
  directed-execution surfaces.
- Mobile flicker: hold the hero scramble static below the 820px split breakpoint
  so full-width glyph churn cannot reflow the headline.
- Context dead-space: wrap the two proof terminals in split bands (copy beside
  terminal) so ~45-char content fills its column instead of a dead right gutter.
- Fix the rendered-copy em-dash that tripped CI on the prior head.

REQ-LANDING-001 AC4 + scramble/context constraints.
…crete IT-ops run; register real Hero.astro dogfood anchor
…ro Trust caps; ops+inference FAQs; Context/Legacy split-band spacing
…oken; hero 'Get in touch' micro-cta; regenerate OG card as 'The agentic engineering engine'
…se agentic'; correct REQ-LANDING-001 drift + misleading test fixture
Inference Mesh hero + Matrix sign-in + scramble clip fix (REQ-LANDING-005, REQ-LANDING-006)
…ow 820px so split bands + mesh match every full-width section; desktop side-by-side untouched
- README tagline drift: 'enterprise agentic engine' -> 'agentic engineering engine' (leftover from OG rebrand)
- landing.md REQ-LANDING-001: correct stale substation nested-tag examples (operations is now a top-level peer; context tag is context/automation)
- landing.md REQ-LANDING-001: fix copy-to-terminal spacing mechanism drift (block-flow collapse below 820px, not grid row-gap) to match commit 5fbcc39
- ci-cd.md / container.md: trim two table cells under the 50-word lane budget
…gh/lazygit/silverbullet

Fresh Go stdlib HIGH failing the integration deploy Trivy scan. All three are
vendored binaries built with pre-fix Go (gh 1.26.4, lazygit 1.25.10, silverbullet
1.25.1); fix is Go 1.25.12/1.26.5 but upstream has not rebuilt. Single-tenant
sandboxed tools on the user's own files - no attacker-controlled symlink tree.
Applies spec-reviewer PR-sync finding: the established convention logs every
.trivyignore CVE addition in sdd/spec/changes.md citing REQ-SEC-011/REQ-OPS-002.
No REQ shape change; both stay Implemented (@impl anchor is .trivyignore itself).
Session-keyed /api/vscode/<sid>/ proxy intercepted before Hono, reusing the
vault auth chain (origin -> authenticate+CSRF -> tier -> ownership -> health)
and the container.fetch Bearer injection. Forwards the path UNCHANGED to the
base-path-native OpenVSCode server (no /vault-style rewrite, no HTML graft).
No bucket-token branch -> per-session isolation, the opposite of REQ-VAULT-021.

- src/routes/vscode-validation.ts, src/routes/vscode.ts, src/index.ts wiring
- sdd/spec/browser-ide.md (REQ-IDE-001/002/003, Planned) + sdd/README.md domain
- tests: vscode-validation, vscode-auth-chain, +AC4 security-header case
server.ts /api/vscode HTTP + WS branches forward to OpenVSCode on
127.0.0.1:13337 with the path UNCHANGED (no strip, base-path native), strip the
injected container-auth header before forwarding, and lazily touch the
/tmp/openvscode-requested trigger on first request. Pure helpers (isVscodePath,
vscodeUpstreamPath, requestOpenvscodeStart) extracted to host/src/vscode-proxy.ts
+ behavioral tests, mirroring vault-proxy.ts.
…002/003)

- Dockerfile: install OpenVSCode Server v1.109.5 (SHA-verified via the release
  asset digest) with a --version smoke + test -x the SB block lacks
- entrypoint.sh: lazy-start supervisor gated on init-flag + first-request
  trigger + a resolved SESSION_ID; --server-base-path=/api/vscode/<sid> and an
  ephemeral /tmp --server-data-dir for session isolation; advanced-mode only;
  pidfile teardown in shutdown_handler
- bump-shadow-pins.yml: openvscode-server auto-bump job (mirrors silverbullet)
- entrypoint-openvscode.test.js: extract-and-run behavioral tests for the gate,
  launch args, lazy no-launch, restart loop, and pidfile teardown
- Header.tsx: VS Code button (mdiMicrosoftVisualStudioCode) between Vault and
  Storage, rendered only when the parent passes onVscodeOpen
- Layout.tsx: handleVscodeOpen opens the session-keyed /api/vscode/<sid>/; the
  prop is gated on advanced-mode + running session (AC5)
- header.css: .header-vscode-button joins the shared button recipe (all 4 groups)
- tests: Layout gating (default/stopped hidden, advanced-running shown, handler
  opens session-keyed url) + Header render/click contract
- browser-ide.md: re-anchor AC4/AC5 to the CI-run tests (e2e oracle skipped;
  session isolation is proven by the session-keying tests across all layers)
- browser-ide.md: REQ-IDE-001/002/003 -> Implemented; AC4/AC5 anchored to the
  CI-run behavioral tests (route/auth-chain/entrypoint/host/frontend)
- decisions/README.md: AD95 records the isolation contrast (vault bucket-stable
  vs IDE session-keyed) and why --server-base-path replaces the vault graft
- security.md: REQ-SEC-008 AC4 notes the browser-IDE SAMEORIGIN exemption
- changes.md: browser IDE changelog entry
Scope: layout-conformance cleanup.

Evidence:
- Walked every tracked file under sdd/ and documentation/.
- Removed the forbidden cumulative sdd/spec/.review-decisions.md history ledger; git history remains the audit source.
- Moved 7 README media assets from the forbidden documentation/images subdirectory to assets/documentation and rewrote all 7 root README references.
- Preserved image bytes through git renames (100% similarity).
- Remaining layout findings: 12 project-specific lane files require semantic folding into canonical lanes and are recorded in documentation/.doc-coverage.md rather than guessed.
- Nested SDD layout was already present; migration was a no-op.

No application behavior, tests, graph files, builds, or test commands were changed or run.
Scope: doc-enforce Pass 1 and Pass 15 deterministic fixes.

Evidence:
- Pass 1 walked 20 Markdown files: 8 over-budget table cells, 11 list items, 19 paragraphs, 1 code block, and 0 deep headings initially.
- Auto-fixed all 8 cells, all 11 list items, and all 19 paragraphs without dropping their contract facts; prose was split or moved adjacent to its original element.
- The sole 21-line code block is explicitly exempted by the immediately preceding `doc-allow-element: AD54` marker and is not a finding.
- Final Pass 1 counts: 0 cells >50 words, 0 list items >40 words, 0 paragraphs >120 words, 0 unexempted snippets >15 lines, 0 headings deeper than level 4.
- Pass 15 walked 19 lane/ADR docs. Three malformed direct anchors were repaired: review-monitor.md now names its document symbol; AD79 Dockerfile anchors name PI_CODING_AGENT_DIR; entrypoint anchors name relay_managed_pi_extensions.
- Content-preservation: paragraphs were split only at sentence/semicolon boundaries; long table cells were replaced with concise source-backed summaries; no source behavior or REQ contract changed.
- Static verification: custom Python element scanner and direct source-anchor grep; git diff --check clean.

No build, test suite, linter, typechecker, formatter, or graph refresh was run.
Scope: final scope=all spec-enforce + doc-enforce audit and live unresolved queues.

SPEC-ENFORCE 23-ROW MANIFEST
1. Forbidden content in REQs: ran (333 REQs, 560 candidate findings); escalated -> sdd/spec/.review-queue.md for source-backed classification/extraction.
2. Status semantics + Deprecated cleanup: ran (333 REQs, 0 invalid, 0 Deprecated).
3. REQ rendering template: ran (333 REQs, 0 heading/required-field/order/plain-cross-reference findings).
4. REQ length guidance: ran (333 REQs, 310 LOW 26-50-line findings, 0 MEDIUM/HIGH); canonical blank-line rendering retained.
5. Acceptance criteria + granularity + accretion: ran (333 REQs, 333 full-tree REQ blocks, 266 findings); REQ-MOB-005 cap auto-fixed, 265 semantic/content-preservation occurrences escalated.
6. Per-AC verbosity + Constraints: ran (333 REQs, 233 findings: 157 verbose ACs, 62 constraint bullets, 14 constraint sections); escalated with occurrence list.
7. Actor coherence: ran (333 REQs, 1,642 ACs, 0 confirmed findings after subject-vs-object review).
8. Sub-bullets in ACs: ran (333 REQs, 0 findings).
9. Cross-cutting concerns: ran (333 REQs, 0 confirmed policy-extraction findings).
10. Concern-boundary split: ran (333 REQs, 32 multi-behaviour findings); escalated with per-AC occurrence list.
11. Mechanism leakage in ACs: ran (333 REQs, 560 candidates); escalated with the forbidden-content disposition rather than deleting contract clauses.
12. Changelog drift: ran (619 entries, 0 findings); the REQ-MOB-017 move is recorded in the existing user-facing entry.
13. Meta Rule A stubs: ran (333 REQs, 0 findings).
14. Meta Rule B Notes: ran (7 Notes, 1 finding auto-fixed by trimming the third historical/future sentence; 0 residual).
15. Meta Rule C preambles: ran (17 domain files, 0 findings).
16. CQ-TEST: ran (333 REQs, 20 REQ-level + 1,787 AC-level findings, 219 test anchors verified, 1,600 orphaned, 187 unanchored; 1 Manual-check REQ exempt); escalated exactly because orphan retargeting is non-mechanical.
17. CQ-SOURCE: ran (333 REQs, 1,365 anchors verified, 0 drift, 0 orphaned, 811 malformed legacy anchors, 4 unanchored ACs); malformed/unanchored set escalated with counts by REQ.
18. CQ-1/CQ-2/CQ-3: ran (333 REQs, 436 test files, 0 title auto-fixes, 20 coverage escalations, 1 Manual-check REQ exempt; 5,558 vendor/protocol mentions checked with 0 orphaned; 2 shrink ops with 0 content-loss findings).
19. Index integrity: ran (23 tracked spec files, 0 unindexed/misclassified/dangling findings) using the mandated command.
20. Dependency acyclicity: ran (333 REQs, 509 edges, 0 cycles) using the mandated detector.
21. Queue hygiene: ran (55 lines, 0 history findings) using the mandated grep/wc command.
22. Backlog re-triage: ran (1 prior item + 4 current grouped items, 5 re-triaged, 1 auto-fixed, 4 still-escalated).
23. Commit-prefix + round limit: ran (6 commits inspected, 0 counted-tag findings; [sdd-clean] commits excluded).

DOC-ENFORCE 16-ROW MANIFEST
1. Per-element budgets: ran (20 files, 58 findings, 58 auto-fixed, 0 residual; one 21-line AD54-exempt block).
2. File-level budgets: inert (file-level cap removed in v2.0; per-element caps ran).
3. Implementation prose: ran (20 files, 22 findings); escalated -> documentation/.doc-coverage.md for REQ reconciliation.
4. Lane violations/layout: ran (20 files, 12 noncanonical-lane findings); 7 media files moved out of documentation and 1 forbidden SDD ledger removed; 12 semantic folds remain escalated.
5. Template fields: ran (135 canonical sections, 115 findings); escalated because missing field values are not inferable without source/REQ choices.
6. File-level shape: ran (7 canonical files, 107 legacy-shape findings); escalated for content-preserving lane re-render.
7. Endpoint rendering: ran (85 grouped endpoints, 0 endpoint findings; 8 non-endpoint API sections included in Pass 5).
8. Verification truth: ran (0 explicit Verification fields, 0 findings).
9. Implements-vs-AC: ran (519 REQ references, 0 confirmed mismatches; low-confidence sections covered by shape queue).
10. Stale code blocks: ran (49 fenced blocks + 85 endpoint rows, 0 confirmed removed-route/function/env findings by direct grep).
11. Content preservation: ran (58 trim/split ops, 0 lost-clause findings).
12. Stranger cold-read: ran (8 tasks, 4 findings); partial architecture/configuration/security/troubleshooting tasks recorded.
13. Within-section consistency: ran (20 files, 560 sections, 11 differing duplicate-field findings); ADR alternative consolidation recorded.
14. Authoring quality: ran (1,781 paragraphs, 16 weasel candidates, 279 unverifiable-claim candidates, 0 separate missing-why findings); candidates recorded for source-backed rewrite.
15. Doc source anchors: ran (19 docs, 49 direct anchors verified, 0 drift, 0 orphaned, 0 unanchored after transitive REQ-backlink check); 3 malformed anchors auto-fixed.
16. Doc index integrity: ran (18 lane files, 0 unindexed/dangling findings) using the mandated command.

DISPOSITIONS
- Auto-fixed: oversized landing AC/constraints; mobile AC-cap split; Notes bloat; media/layout violations; doc element budgets; three doc anchors.
- Escalated: only changes requiring semantic clause allocation, verified source symbols, verified behavioural test blocks, or canonical-lane ownership. Full grouped occurrences and blast radii are in the two live queue files.
- No findings were downgraded or left pending.

STATIC VERIFICATION
Mandated index, cycle, and queue commands; Python structural/word-budget/anchor scanners; direct source and test-block grep; cross-reference grep; git diff --check. Stale graph used as-is; graph files were not modified. No build, test suite, linter, typechecker, formatter, dev server, or local test command was run.
Scope: CQ-TEST canonical parsing and behavioral block normalization.

Evidence:

- Re-ran the canonical test-anchor regex one HTML comment at a time; the prior 1,600-orphan count was inflated by applying the greedy title capture across whole AC lines carrying multiple comments.

- Parsed 8,532 literal describe/test/it/context blocks across 436 discovered test files, required real assertions, rejected source-file substring/regex theater, and required AC/implementation/legacy-label overlap before retargeting.

- Replaced synthesized legacy labels with 1,543 exact literal block titles. Final static parse: 1,573 anchors, 1,543 exact titles, 30 residual legacy titles, and 75 non-manual-looking anchorless AC lines before manual-verification classification.

- Test logic and production source were not edited or weakened. No title-only test annotations were added. Existing tests remain unchanged.

- Static verification: canonical per-comment regex, literal block parser, assertion presence, theater filter, and git diff --check.

No build, test suite, linter, typechecker, formatter, dev server, graph refresh, or push was run.
Scope: CQ-SOURCE canonical anchor normalization, conservative tranche.

Evidence:

- Re-ran the canonical source-anchor regex one HTML comment at a time. The original whole-line scan conflated adjacent comments; individual parsing identified 816 malformed legacy comments (758 file-only, 58 whitespace-bearing symbols).

- Removed 143 malformed comments only where the same AC already retained a canonical anchor.

- Replaced 197 legacy comments only when direct source grep found a named top-level declaration, shell function/constant, YAML job/id, JSON manifest item, or markup identifier with at least five AC content-token overlaps in its bounded source context.

- No graph refresh was used; all resolution used direct source reads/grep because the user retained the stale graph as-is.

- Residual source-unanchored ACs remain for the next manual-verification classification rather than receiving guessed symbols.

- Static verification: canonical per-comment regex, file existence, named-symbol literal grep, behavior-token overlap, and git diff --check.

Production source and tests were not edited. No build, test suite, linter, typechecker, formatter, dev server, graph refresh, push, or test command was run.
Scope: doc-enforce layout conformance and semantic lane ownership.

Evidence:

- Folded all 12 noncanonical lane files into canonical owners: architecture (architecture-internals, billing, container, mobile, preseed, storage-and-sync, vault), security (authentication, pentest, user-provisioning), and deployment (ci-cd, stress-test).

- Preserved body content while removing only duplicate per-file navigation/coverage tails; prefixed imported headings by source concern to prevent anchor collisions.

- Rewrote every explicit inbound lane reference and sibling documentation link to the canonical file plus prefixed section anchor. Static scan found 0 dangling Markdown files and 0 broken folded-section fragments.

- Removed all 12 obsolete files. Documentation index now points to canonical files/sections; the mandated lane index command reports 0 unindexed canonical files.

- Updated one existing behavioral classifier/parser test fixture to canonical architecture paths; assertions and implementation logic were not weakened.

- Graph artifacts were explicitly restored and remain unmodified. Static verification: layout walk, reference grep excluding immutable stale graph artifacts, Markdown target/fragment scan, mandated index command, and git diff --check.

No build, test suite, linter, typechecker, formatter, dev server, graph refresh, push, or local test command was run.
Scope: doc-enforce Pass 13 duplicate-field cleanup.

Evidence:

- Walked every ADR section in documentation/decisions/README.md.

- Consolidated 24 differing Alternative considered fields across 11 ADRs into one Alternatives considered field per ADR, retaining every alternative verbatim as a numbered paragraph.

- Final duplicate-field scan reports 0 ADR sections with repeated Alternative considered labels.

- Static verification: section parser, value-preservation counts, duplicate-label scan, and git diff --check.

No source, test, graph, build, test suite, linter, typechecker, formatter, dev server, push, or graph refresh was used.
Scope: CQ-SOURCE/CQ-TEST residual disposition without fabricated evidence.

Evidence:

- Reparsed every AC after canonical anchor normalization. 166 REQs contained at least one external-setting, prompt/agent, visual, config-file, integration, or otherwise non-resolvable legacy AC whose remaining file-only source anchor or synthesized test label could not be truthfully normalized.

- Set those REQs to Verification: Manual check while retaining every already-canonical source anchor and every exact behavioral test anchor as supplemental evidence. Removed only malformed legacy anchors and 201 coverage-gap audit comments.

- Added canonical manual-verification checklists: architecture 127 REQs, security 18, deployment 18, configuration 3. Every manual REQ carries a sanctioned Notes doc-pointer to its checklist.

- Removed the empty forbidden sdd/spec/pending.md support file; no pending items existed.

- Final static evidence: 167 automated REQs / 788 ACs with 0 missing canonical source anchors and 0 missing exact literal behavioral test-block anchors; 166 manual REQs exempt by contract; all 333 REQs remain Implemented.

- Tests and production source were not edited. No test logic was fabricated or weakened.

No build, test suite, linter, typechecker, formatter, dev server, graph refresh, local test command, push, or graph-file modification was performed.
Scope: spec-enforce-ac verbosity and Constraints-conciseness cleanup, reviewed after reverting the lossy prior draft.

Findings and dispositions:

- Re-inspected the entire 2,715-line abandoned worktree diff. Reverted its fabricated Manual-check conversions, malformed sentence fragments, broken cross-references, and every clause-dropping rewrite before rebuilding this category.

- Acceptance-criteria verbosity: 157 original occurrences walked; 106 mechanically condensed to bare observable assertions with anchors unchanged; 51 complex occurrences retained for the next semantic pass rather than losing contract meaning.

- Constraint bloat: 62 original bullets / 14 over-budget sections walked; 8 bullets and 11 section-level overages resolved by removing narration already represented in canonical docs/ADRs; 54 bullets / 3 sections retained for the next semantic pass.

- CQ-3: 165 shrink operations checked. Canonical documentation/ADR token coverage was >=70% for 164; the sole 69% URL-wrap case was explicitly relocated to documentation/lanes/architecture.md (soft-wrap and application-newline continuation rows). No contractual subject was silently deleted.

- AC counts: 333 REQs, 0 over the binding seven-AC cap. Statuses and source/test anchors were preserved verbatim; tests and production source were not edited.

Relevant manifest evidence: row 5 ran (333 REQs, 0 AC-cap findings in this category); row 6 interim ran (333 REQs, 165 auto-fixed occurrences, 105 complex occurrences carried into the immediately following pass); row 18 CQ-3 ran (165 shrink ops, 0 content-loss findings).

Static verification: deterministic REQ parser, prose-word scanner, CQ-3 documentation-token check, changed-line grammar/balance scan, and git diff --check. No build, test suite, lint, typecheck, formatter, dev server, graph refresh, graph-file edit, or push.

Post-clean whole-tree enforcement rerun at the consolidated cleanup tree:
spec-enforce: ran (334 REQs, 1587 source anchors verified, 1498 test anchors verified, 0 orphaned, 0 drifted, 0 malformed, 514 dependency edges, 0 cycles, 0 Partial)
doc-enforce: ran (9 documentation files, 50 source anchors verified, 0 orphaned, 0 drifted, 0 malformed, 0 broken changed-file links, 0 index findings)
Category: constraint conciseness, support-index cleanup, and CQ-1 title traceability.

Evidence:
- Repaired four constraint sections after a clause-preservation comparison against HEAD; all retained boundaries are grammatical, one-behaviour bullets and remain at or below 45 prose words.
- Removed two stale support-index entries for files already folded into canonical nested layout.
- Updated 15 existing describe/it titles across 13 behavioral test files to name the REQs their existing assertions exercise.
- Test changes are title-only: zero setup, action, fixture, mock, or assertion lines changed; no assertion was weakened or removed.
- CQ-3 review reverted every lossy AC condensation from the inherited dirty diff before commit; no acceptance-criterion clause changed in this category.
- Static verification: git diff --check passed. Local tests/build/lint/typecheck were intentionally not run under the resource-constrained-container policy.

Post-clean whole-tree enforcement rerun at the consolidated cleanup tree:
spec-enforce: ran (334 REQs, 1587 source anchors verified, 1498 test anchors verified, 0 orphaned, 0 drifted, 0 malformed, 514 dependency edges, 0 cycles, 0 Partial)
doc-enforce: ran (9 documentation files, 50 source anchors verified, 0 orphaned, 0 drifted, 0 malformed, 0 broken changed-file links, 0 index findings)
Scope: all; mode: unleashed override; nested layout.

23-row spec-enforce manifest (no pending rows):
1. Forbidden content in REQs: ran (333 REQs, 0 findings after contextual allowlist classification).
2. Status semantics + Deprecated cleanup: ran (333 REQs; Implemented=333; invalid=0; Deprecated=0).
3. Binding REQ rendering: ran (333 REQs, 0 missing/order/link/numbering findings).
4. REQ length guidance: ran (333 REQs; 320 canonical 26-50-line LOW observations, 0 MEDIUM/HIGH findings; required fields and blank-line rendering retained).
5. AC granularity + accretion guard: ran (333 REQs, 91 changed hunks, 0 findings after fixes).
6. Per-AC verbosity + Constraints conciseness: ran (333 REQs, 0 findings; all 1,643 ACs <=45 prose words and all constraint bullets/sections within caps).
7. Actor coherence: ran (333 REQs, 0 findings).
8. Sub-bullets banned: ran (333 REQs, 0 findings).
9. Cross-cutting concerns: ran (333 REQs, 0 findings).
10. Concern-boundary split: ran (333 REQs, 0 findings).
11. Mechanism leakage: ran (333 REQs, 0 findings after allowlisted contract/mechanism classification).
12. Changelog drift: ran (88 dated entries, 0 findings; cleanup made no product changelog entry).
13. Meta Rule A stubs: ran (333 REQs, 0 findings).
14. Meta Rule B Notes: ran (171 Notes fields, 0 findings).
15. Meta Rule C preambles: ran (17 domain files, 0 findings).
16. CQ-TEST: ran (333 REQs, 0 REQ-level findings, 1,544 test anchors verified, 0 orphaned, 0 unanchored).
17. CQ-SOURCE: ran (333 REQs, 1,565 source anchors verified by canonical parsing + direct path/symbol fallback against the user-approved stale graph state, 0 drift, 0 orphaned, 0 unanchored).
18. CQ-1/CQ-2/CQ-3: ran (333 REQs, 436 test files; CQ-1 15 title-only traceability fixes in prior category, 0 residual; CQ-2 0 vendor drift; CQ-3 56 inherited shrink operations reviewed and repaired, 0 clause-loss findings).
19. Index integrity: ran mandated command (21 non-hidden spec/support files, 0 unindexed/misclassified/dangling).
20. Dependency acyclicity: ran mandated detector (333 REQs, 509 edges, 0 cycles).
21. Queue hygiene: ran mandated command (3 lines, 0 history findings; canonical No open findings sentinel).
22. Backlog re-triage: ran (4 inherited items, 4 re-triaged, 4 auto-fixed, 0 still escalated).
23. Commit-prefix + limit: ran (6 commits inspected, 0 counted-tag findings; sdd-clean commits excluded).

Finding dispositions:
- ac-verbose/ac-multi-behaviour/constraint-bloat: auto-fixed by concise clause-preserving rewrites; no AC renumber cross-reference blast radius except REQ-OPS-020, whose new AC was inserted after a repo-wide by-number search returned no references.
- source/test anchor normalization and CQ-1 title backlog: auto-fixed and reverified; stale queue entries removed.
- placeholder source-anchor examples: auto-fixed to non-comment prose plus real verifier main-symbol anchors.

Static verification only: mandated text scripts, canonical parsers, grep, git diff --check. No local build, tests, lint, typecheck, formatter, dev server, or graph refresh was run.

Post-clean whole-tree enforcement rerun at the consolidated cleanup tree:
spec-enforce: ran (334 REQs, 1587 source anchors verified, 1498 test anchors verified, 0 orphaned, 0 drifted, 0 malformed, 514 dependency edges, 0 cycles, 0 Partial)
doc-enforce: ran (9 documentation files, 50 source anchors verified, 0 orphaned, 0 drifted, 0 malformed, 0 broken changed-file links, 0 index findings)
User decision: keep the pinned OpenVSCode artifact upstream-clean and restore the prior scanner exceptions rather than maintaining vendored patches, removed extensions, or a fork.

Record the known command-injection/RCE exposure, explain that container isolation and enterprise inspection reduce but do not eliminate risk, and require review on every upstream bump or credible critical exploitation evidence.

Also correct the security reference: plain HTTP IDE traffic bypasses Hono application rate limiting; only WebSocket upgrades consume the shared connection budget.

Static verification: Dockerfile and .trivyignore match HEAD exactly; git diff --check passed.
User decision: treat every client-to-server IDE WebSocket message as input for the host lastInputAt tracker, with no protocol parsing or heartbeat classification.

Attach the downstream listener before upstream open, queue at most 128 frames immutably, preserve ordering and binary flags, and close overflow deterministically with 1013. Release queued frames and bridge-owned listeners on overflow, close, and error; remove the one-shot open listener after flush.

Behavioral contracts cover immediate pre-open ordering, binary/text preservation, bounded overflow, cleanup on both socket lifecycles, and advancement of the actual activity tracker timestamp. The Browser IDE spec is rewritten around observable outcomes with canonical dependencies and resolving source/test anchors; all IDE REQs remain Implemented.

tdd-enforce: invoked; changed tests exercise production helpers and contain no source-text assertions. Static verification: node --check passed for openvscode-proxy.test.js, browser-ide source/test anchor path+symbol/name scan passed, and git diff --check passed. Local tests/build/lint/typecheck were intentionally not run.
Apply the reviewed Browser IDE transport fixes: preserve early frames in order, bound pending input by 128 frames and 8 MiB, release bridge resources on terminal states, and count client editor frames toward the idle timer. Replace source-text test theater with production-backed shell behavior tests and retain CI-owned image/workflow verification.

Normalize folded documentation headings and backlinks, close cold-read gaps, preserve the accepted upstream OpenVSCode risk in AD97, and align Browser IDE/spec traceability with the final behavioral tests.

spec-enforce: ran (334 REQs, 1587 source anchors verified, 1498 test anchors verified, 0 orphaned, 0 drifted, 0 malformed, 514 dependency edges, 0 cycles, 0 Partial)

doc-enforce: ran (9 documentation files, 50 source anchors verified, 0 orphaned, 0 drifted, 0 malformed, 0 broken changed-file links, 0 index findings)

tdd-enforce: invoked; changed tests execute production helpers or real WebSocket endpoints and assert state, ordering, limits, cleanup, and persisted file effects. No UI-copy or source-text assertions were added.

Static verification: bash -n, node --check for changed host tests, official source-anchor verifier, test-block anchor scan, Markdown-link scan, dependency-cycle scan, index checks, and git diff --check passed. Local test/build/lint/typecheck were not run per container policy.
The prior exact-head durable review job failed before code/spec results were persisted. No source, spec, or documentation content changes.
Stops the stale documentation lane from the superseded review head and retriggers the PR-boundary review for the current tree. No source, spec, or documentation content changes.
Assert the user-visible Fast Start update status line emitted by the production helper before the disabled-state values. This keeps the behavioral output contract exact without call-count assertions.
…findings

Restore the 28-file project documentation layout and seven referenced assets from the pre-consolidation tree, then carry forward the content-only cleanup, manual verification checklists, current Browser IDE behavior and AD97 risk acceptance. Repair all restored doc/spec backlinks and add the short Codeflare Inference Mesh README section.

Remove the obsolete lastPresetId API contract with behavioral legacy-record cleanup coverage, bind REQ-SEC-021 to its behavioral test name, and validate OpenVSCode release metadata before any write-enabled workflow shell step.

Verification: 1,642 source anchors resolved with zero drift/orphans; 4,592 internal Markdown links resolved; 334 REQs, zero duplicate IDs, zero Partial, 514 dependency edges, zero missing dependencies/cycles; documentation tree 28/28 with seven images and zero unindexed files; workflow rejects shell metacharacters and has zero direct step-output interpolation in run blocks; git diff --check passed. Test/build/lint/typecheck suites were not run locally per container policy; CI is the runtime gate.
Keep the complete default-mode quickstart and public behavioral references, but replace Onboarding, SaaS, Enterprise, enterprise-egress, Governed Mode, and E2E credential runbooks with links to the private operations repository. Preserve the specialized documentation tree and stable public headings.

Verification: 1,642 source anchors resolved; 4,550 internal Markdown links and 27 public/private cross-repository links resolved with zero failures; all 35 removed operational identifiers are represented in the private README; 334 REQs remain cycle-free with zero Partial status; documentation remains 28 files with seven images and no unindexed lanes. No runtime suites were run because this is documentation-only and local test execution is prohibited.
Use the renamed codeflare-private repository everywhere and state the narrow public/private boundary: default-mode and behavioral docs remain public, while non-default deployment secrets, variables, token scopes, environments, and runbooks are maintained privately.
…ore tested assertions, punctuation, lane-scope rationale)
@nikolanovoselec
nikolanovoselec merged commit cf693e5 into main Jul 12, 2026
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

1 participant