Release batch: Browser IDE + Inference Mesh landing + bookmark removal + dependency consolidation#620
Merged
Conversation
Bumps [actions/checkout](https://github.com/actions/checkout) from 6.0.3 to 7.0.0. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@df4cb1c...9c091bb) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [actions/cache](https://github.com/actions/cache) from 5.0.5 to 6.1.0. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](actions/cache@27d5ce7...55cc834) --- updated-dependencies: - dependency-name: actions/cache dependency-version: 6.1.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
…lip fix REQ-LANDING-005: a second hero directly under the primary one presenting Inference Mesh as Codeflare's private inference layer. A <header> mirroring the primary hero (proof terminal left, copy right on desktop; copy first on mobile and for assistive tech), a concrete codeflare-mesh inference call in the shared Terminal/Transcript chrome, the shared scramble hook on 'inference mesh', and one external 'See it on GitHub' CTA. SECTION_ORDER is unchanged because the band is a <header>, not a main > section. REQ-LANDING-006: the header sign-in CTA now reads 'Enter The Matrix' in the accent coral and decodes on hover/focus; aria-label='Sign in' and the href are unchanged, and the label moved into the typed content model. Also fixes a pre-existing scramble bug: wide churn glyphs were clipped on the hero accent word because each word was pinned to a fixed-width gradient box. Width-stability now lives on the phrase container and the word spans are content-sized, so nothing is clipped and the line never reflows.
- Fix hero flare overlap: scramble no longer nowrap-locks its container, so 'a coding assistant.' wraps naturally inside .hero-headline max-width; the clip fix is preserved via content-sized word spans. - Mesh terminal now drives the shared typed reel (data-ft-loop) instead of the type-on-view cursor, so the proof reads as a running session. - Re-anchor the mesh band with a bold 'inference fabric' positioning statement (the product's own README hero term) carrying the scramble; calm 'inference mesh' product line beneath. Drops the section-level ~/ chiplet. REQ-LANDING-005 AC2/AC5/AC6; REQ-LANDING-001 shared flare behavior.
…on rhythm - Mesh headline reuses the product's operator-console lockup: Codeflare (white, scrambles) over Inference Mesh (coral flare), right-aligned on desktop. Drops the interim fabric statement + product subtitle; fabric value prop folded into the description. - Terminal model -> Kimi-K2.7-Code-GGUF:UD-Q8_K_XL; reel beat 27B -> 'large model'. - Header sign-in label 'Enter The Matrix' -> 'Enter Matrix'. - Halve --section-y to tighten inter-section whitespace (~50%). REQ-LANDING-005 AC2/AC3/AC6; REQ-LANDING-006 AC1.
…wordmark repeat - Headline is just 'Inference Mesh' (coral flare, scrambles); drop the repeated 'Codeflare' display wordmark (header logo + hero lead already establish it). - Reframe copy so the mesh reads as one OPTIONAL additional inference source, not Codeflare's only/default path: description opens 'Codeflare works with any inference provider' and keeps hosted providers first-class (default or fallback); terminal 'hosted-model fallback: policy, not default' -> 'hosted providers stay first-class'. Positioning-invariant constraint added. REQ-LANDING-005 AC2/AC3/AC6.
Foreshadows the Inference Mesh band below by including inference in the rotating 'The agentic [word] engine' hero reel. Tests read HERO.kicker.words, so they track the addition automatically. REQ-LANDING-001.
… scramble flicker, Context dead-space, em-dash tripwire - Operations peer section: promote the security/operations substation to its own #operations section with a governed infrastructure run in the security gate grammar (Zero-Trust-scoped reach, operator-approved plan, out-of-scope denied); lead broadened to patch servers, migrate workloads, provision clusters, and configure firewalls, proxies, appliances. Build and operate now read as co-equal directed-execution surfaces. - Mobile flicker: hold the hero scramble static below the 820px split breakpoint so full-width glyph churn cannot reflow the headline. - Context dead-space: wrap the two proof terminals in split bands (copy beside terminal) so ~45-char content fills its column instead of a dead right gutter. - Fix the rendered-copy em-dash that tripped CI on the prior head. REQ-LANDING-001 AC4 + scramble/context constraints.
…crete IT-ops run; register real Hero.astro dogfood anchor
…ro Trust caps; ops+inference FAQs; Context/Legacy split-band spacing
…oken; hero 'Get in touch' micro-cta; regenerate OG card as 'The agentic engineering engine'
…se agentic'; correct REQ-LANDING-001 drift + misleading test fixture
Inference Mesh hero + Matrix sign-in + scramble clip fix (REQ-LANDING-005, REQ-LANDING-006)
…ow 820px so split bands + mesh match every full-width section; desktop side-by-side untouched
nikolanovoselec
had a problem deploying
to
integration
July 10, 2026 23:17 — with
GitHub Actions
Failure
- README tagline drift: 'enterprise agentic engine' -> 'agentic engineering engine' (leftover from OG rebrand) - landing.md REQ-LANDING-001: correct stale substation nested-tag examples (operations is now a top-level peer; context tag is context/automation) - landing.md REQ-LANDING-001: fix copy-to-terminal spacing mechanism drift (block-flow collapse below 820px, not grid row-gap) to match commit 5fbcc39 - ci-cd.md / container.md: trim two table cells under the 50-word lane budget
…gh/lazygit/silverbullet Fresh Go stdlib HIGH failing the integration deploy Trivy scan. All three are vendored binaries built with pre-fix Go (gh 1.26.4, lazygit 1.25.10, silverbullet 1.25.1); fix is Go 1.25.12/1.26.5 but upstream has not rebuilt. Single-tenant sandboxed tools on the user's own files - no attacker-controlled symlink tree.
nikolanovoselec
temporarily deployed
to
integration
July 10, 2026 23:37 — with
GitHub Actions
Inactive
Applies spec-reviewer PR-sync finding: the established convention logs every .trivyignore CVE addition in sdd/spec/changes.md citing REQ-SEC-011/REQ-OPS-002. No REQ shape change; both stay Implemented (@impl anchor is .trivyignore itself).
Session-keyed /api/vscode/<sid>/ proxy intercepted before Hono, reusing the vault auth chain (origin -> authenticate+CSRF -> tier -> ownership -> health) and the container.fetch Bearer injection. Forwards the path UNCHANGED to the base-path-native OpenVSCode server (no /vault-style rewrite, no HTML graft). No bucket-token branch -> per-session isolation, the opposite of REQ-VAULT-021. - src/routes/vscode-validation.ts, src/routes/vscode.ts, src/index.ts wiring - sdd/spec/browser-ide.md (REQ-IDE-001/002/003, Planned) + sdd/README.md domain - tests: vscode-validation, vscode-auth-chain, +AC4 security-header case
server.ts /api/vscode HTTP + WS branches forward to OpenVSCode on 127.0.0.1:13337 with the path UNCHANGED (no strip, base-path native), strip the injected container-auth header before forwarding, and lazily touch the /tmp/openvscode-requested trigger on first request. Pure helpers (isVscodePath, vscodeUpstreamPath, requestOpenvscodeStart) extracted to host/src/vscode-proxy.ts + behavioral tests, mirroring vault-proxy.ts.
…002/003) - Dockerfile: install OpenVSCode Server v1.109.5 (SHA-verified via the release asset digest) with a --version smoke + test -x the SB block lacks - entrypoint.sh: lazy-start supervisor gated on init-flag + first-request trigger + a resolved SESSION_ID; --server-base-path=/api/vscode/<sid> and an ephemeral /tmp --server-data-dir for session isolation; advanced-mode only; pidfile teardown in shutdown_handler - bump-shadow-pins.yml: openvscode-server auto-bump job (mirrors silverbullet) - entrypoint-openvscode.test.js: extract-and-run behavioral tests for the gate, launch args, lazy no-launch, restart loop, and pidfile teardown
- Header.tsx: VS Code button (mdiMicrosoftVisualStudioCode) between Vault and Storage, rendered only when the parent passes onVscodeOpen - Layout.tsx: handleVscodeOpen opens the session-keyed /api/vscode/<sid>/; the prop is gated on advanced-mode + running session (AC5) - header.css: .header-vscode-button joins the shared button recipe (all 4 groups) - tests: Layout gating (default/stopped hidden, advanced-running shown, handler opens session-keyed url) + Header render/click contract - browser-ide.md: re-anchor AC4/AC5 to the CI-run tests (e2e oracle skipped; session isolation is proven by the session-keying tests across all layers)
- browser-ide.md: REQ-IDE-001/002/003 -> Implemented; AC4/AC5 anchored to the CI-run behavioral tests (route/auth-chain/entrypoint/host/frontend) - decisions/README.md: AD95 records the isolation contrast (vault bucket-stable vs IDE session-keyed) and why --server-base-path replaces the vault graft - security.md: REQ-SEC-008 AC4 notes the browser-IDE SAMEORIGIN exemption - changes.md: browser IDE changelog entry
Scope: layout-conformance cleanup. Evidence: - Walked every tracked file under sdd/ and documentation/. - Removed the forbidden cumulative sdd/spec/.review-decisions.md history ledger; git history remains the audit source. - Moved 7 README media assets from the forbidden documentation/images subdirectory to assets/documentation and rewrote all 7 root README references. - Preserved image bytes through git renames (100% similarity). - Remaining layout findings: 12 project-specific lane files require semantic folding into canonical lanes and are recorded in documentation/.doc-coverage.md rather than guessed. - Nested SDD layout was already present; migration was a no-op. No application behavior, tests, graph files, builds, or test commands were changed or run.
Scope: doc-enforce Pass 1 and Pass 15 deterministic fixes. Evidence: - Pass 1 walked 20 Markdown files: 8 over-budget table cells, 11 list items, 19 paragraphs, 1 code block, and 0 deep headings initially. - Auto-fixed all 8 cells, all 11 list items, and all 19 paragraphs without dropping their contract facts; prose was split or moved adjacent to its original element. - The sole 21-line code block is explicitly exempted by the immediately preceding `doc-allow-element: AD54` marker and is not a finding. - Final Pass 1 counts: 0 cells >50 words, 0 list items >40 words, 0 paragraphs >120 words, 0 unexempted snippets >15 lines, 0 headings deeper than level 4. - Pass 15 walked 19 lane/ADR docs. Three malformed direct anchors were repaired: review-monitor.md now names its document symbol; AD79 Dockerfile anchors name PI_CODING_AGENT_DIR; entrypoint anchors name relay_managed_pi_extensions. - Content-preservation: paragraphs were split only at sentence/semicolon boundaries; long table cells were replaced with concise source-backed summaries; no source behavior or REQ contract changed. - Static verification: custom Python element scanner and direct source-anchor grep; git diff --check clean. No build, test suite, linter, typechecker, formatter, or graph refresh was run.
Scope: final scope=all spec-enforce + doc-enforce audit and live unresolved queues. SPEC-ENFORCE 23-ROW MANIFEST 1. Forbidden content in REQs: ran (333 REQs, 560 candidate findings); escalated -> sdd/spec/.review-queue.md for source-backed classification/extraction. 2. Status semantics + Deprecated cleanup: ran (333 REQs, 0 invalid, 0 Deprecated). 3. REQ rendering template: ran (333 REQs, 0 heading/required-field/order/plain-cross-reference findings). 4. REQ length guidance: ran (333 REQs, 310 LOW 26-50-line findings, 0 MEDIUM/HIGH); canonical blank-line rendering retained. 5. Acceptance criteria + granularity + accretion: ran (333 REQs, 333 full-tree REQ blocks, 266 findings); REQ-MOB-005 cap auto-fixed, 265 semantic/content-preservation occurrences escalated. 6. Per-AC verbosity + Constraints: ran (333 REQs, 233 findings: 157 verbose ACs, 62 constraint bullets, 14 constraint sections); escalated with occurrence list. 7. Actor coherence: ran (333 REQs, 1,642 ACs, 0 confirmed findings after subject-vs-object review). 8. Sub-bullets in ACs: ran (333 REQs, 0 findings). 9. Cross-cutting concerns: ran (333 REQs, 0 confirmed policy-extraction findings). 10. Concern-boundary split: ran (333 REQs, 32 multi-behaviour findings); escalated with per-AC occurrence list. 11. Mechanism leakage in ACs: ran (333 REQs, 560 candidates); escalated with the forbidden-content disposition rather than deleting contract clauses. 12. Changelog drift: ran (619 entries, 0 findings); the REQ-MOB-017 move is recorded in the existing user-facing entry. 13. Meta Rule A stubs: ran (333 REQs, 0 findings). 14. Meta Rule B Notes: ran (7 Notes, 1 finding auto-fixed by trimming the third historical/future sentence; 0 residual). 15. Meta Rule C preambles: ran (17 domain files, 0 findings). 16. CQ-TEST: ran (333 REQs, 20 REQ-level + 1,787 AC-level findings, 219 test anchors verified, 1,600 orphaned, 187 unanchored; 1 Manual-check REQ exempt); escalated exactly because orphan retargeting is non-mechanical. 17. CQ-SOURCE: ran (333 REQs, 1,365 anchors verified, 0 drift, 0 orphaned, 811 malformed legacy anchors, 4 unanchored ACs); malformed/unanchored set escalated with counts by REQ. 18. CQ-1/CQ-2/CQ-3: ran (333 REQs, 436 test files, 0 title auto-fixes, 20 coverage escalations, 1 Manual-check REQ exempt; 5,558 vendor/protocol mentions checked with 0 orphaned; 2 shrink ops with 0 content-loss findings). 19. Index integrity: ran (23 tracked spec files, 0 unindexed/misclassified/dangling findings) using the mandated command. 20. Dependency acyclicity: ran (333 REQs, 509 edges, 0 cycles) using the mandated detector. 21. Queue hygiene: ran (55 lines, 0 history findings) using the mandated grep/wc command. 22. Backlog re-triage: ran (1 prior item + 4 current grouped items, 5 re-triaged, 1 auto-fixed, 4 still-escalated). 23. Commit-prefix + round limit: ran (6 commits inspected, 0 counted-tag findings; [sdd-clean] commits excluded). DOC-ENFORCE 16-ROW MANIFEST 1. Per-element budgets: ran (20 files, 58 findings, 58 auto-fixed, 0 residual; one 21-line AD54-exempt block). 2. File-level budgets: inert (file-level cap removed in v2.0; per-element caps ran). 3. Implementation prose: ran (20 files, 22 findings); escalated -> documentation/.doc-coverage.md for REQ reconciliation. 4. Lane violations/layout: ran (20 files, 12 noncanonical-lane findings); 7 media files moved out of documentation and 1 forbidden SDD ledger removed; 12 semantic folds remain escalated. 5. Template fields: ran (135 canonical sections, 115 findings); escalated because missing field values are not inferable without source/REQ choices. 6. File-level shape: ran (7 canonical files, 107 legacy-shape findings); escalated for content-preserving lane re-render. 7. Endpoint rendering: ran (85 grouped endpoints, 0 endpoint findings; 8 non-endpoint API sections included in Pass 5). 8. Verification truth: ran (0 explicit Verification fields, 0 findings). 9. Implements-vs-AC: ran (519 REQ references, 0 confirmed mismatches; low-confidence sections covered by shape queue). 10. Stale code blocks: ran (49 fenced blocks + 85 endpoint rows, 0 confirmed removed-route/function/env findings by direct grep). 11. Content preservation: ran (58 trim/split ops, 0 lost-clause findings). 12. Stranger cold-read: ran (8 tasks, 4 findings); partial architecture/configuration/security/troubleshooting tasks recorded. 13. Within-section consistency: ran (20 files, 560 sections, 11 differing duplicate-field findings); ADR alternative consolidation recorded. 14. Authoring quality: ran (1,781 paragraphs, 16 weasel candidates, 279 unverifiable-claim candidates, 0 separate missing-why findings); candidates recorded for source-backed rewrite. 15. Doc source anchors: ran (19 docs, 49 direct anchors verified, 0 drift, 0 orphaned, 0 unanchored after transitive REQ-backlink check); 3 malformed anchors auto-fixed. 16. Doc index integrity: ran (18 lane files, 0 unindexed/dangling findings) using the mandated command. DISPOSITIONS - Auto-fixed: oversized landing AC/constraints; mobile AC-cap split; Notes bloat; media/layout violations; doc element budgets; three doc anchors. - Escalated: only changes requiring semantic clause allocation, verified source symbols, verified behavioural test blocks, or canonical-lane ownership. Full grouped occurrences and blast radii are in the two live queue files. - No findings were downgraded or left pending. STATIC VERIFICATION Mandated index, cycle, and queue commands; Python structural/word-budget/anchor scanners; direct source and test-block grep; cross-reference grep; git diff --check. Stale graph used as-is; graph files were not modified. No build, test suite, linter, typechecker, formatter, dev server, or local test command was run.
Scope: CQ-TEST canonical parsing and behavioral block normalization. Evidence: - Re-ran the canonical test-anchor regex one HTML comment at a time; the prior 1,600-orphan count was inflated by applying the greedy title capture across whole AC lines carrying multiple comments. - Parsed 8,532 literal describe/test/it/context blocks across 436 discovered test files, required real assertions, rejected source-file substring/regex theater, and required AC/implementation/legacy-label overlap before retargeting. - Replaced synthesized legacy labels with 1,543 exact literal block titles. Final static parse: 1,573 anchors, 1,543 exact titles, 30 residual legacy titles, and 75 non-manual-looking anchorless AC lines before manual-verification classification. - Test logic and production source were not edited or weakened. No title-only test annotations were added. Existing tests remain unchanged. - Static verification: canonical per-comment regex, literal block parser, assertion presence, theater filter, and git diff --check. No build, test suite, linter, typechecker, formatter, dev server, graph refresh, or push was run.
Scope: CQ-SOURCE canonical anchor normalization, conservative tranche. Evidence: - Re-ran the canonical source-anchor regex one HTML comment at a time. The original whole-line scan conflated adjacent comments; individual parsing identified 816 malformed legacy comments (758 file-only, 58 whitespace-bearing symbols). - Removed 143 malformed comments only where the same AC already retained a canonical anchor. - Replaced 197 legacy comments only when direct source grep found a named top-level declaration, shell function/constant, YAML job/id, JSON manifest item, or markup identifier with at least five AC content-token overlaps in its bounded source context. - No graph refresh was used; all resolution used direct source reads/grep because the user retained the stale graph as-is. - Residual source-unanchored ACs remain for the next manual-verification classification rather than receiving guessed symbols. - Static verification: canonical per-comment regex, file existence, named-symbol literal grep, behavior-token overlap, and git diff --check. Production source and tests were not edited. No build, test suite, linter, typechecker, formatter, dev server, graph refresh, push, or test command was run.
Scope: doc-enforce layout conformance and semantic lane ownership. Evidence: - Folded all 12 noncanonical lane files into canonical owners: architecture (architecture-internals, billing, container, mobile, preseed, storage-and-sync, vault), security (authentication, pentest, user-provisioning), and deployment (ci-cd, stress-test). - Preserved body content while removing only duplicate per-file navigation/coverage tails; prefixed imported headings by source concern to prevent anchor collisions. - Rewrote every explicit inbound lane reference and sibling documentation link to the canonical file plus prefixed section anchor. Static scan found 0 dangling Markdown files and 0 broken folded-section fragments. - Removed all 12 obsolete files. Documentation index now points to canonical files/sections; the mandated lane index command reports 0 unindexed canonical files. - Updated one existing behavioral classifier/parser test fixture to canonical architecture paths; assertions and implementation logic were not weakened. - Graph artifacts were explicitly restored and remain unmodified. Static verification: layout walk, reference grep excluding immutable stale graph artifacts, Markdown target/fragment scan, mandated index command, and git diff --check. No build, test suite, linter, typechecker, formatter, dev server, graph refresh, push, or local test command was run.
Scope: doc-enforce Pass 13 duplicate-field cleanup. Evidence: - Walked every ADR section in documentation/decisions/README.md. - Consolidated 24 differing Alternative considered fields across 11 ADRs into one Alternatives considered field per ADR, retaining every alternative verbatim as a numbered paragraph. - Final duplicate-field scan reports 0 ADR sections with repeated Alternative considered labels. - Static verification: section parser, value-preservation counts, duplicate-label scan, and git diff --check. No source, test, graph, build, test suite, linter, typechecker, formatter, dev server, push, or graph refresh was used.
Scope: CQ-SOURCE/CQ-TEST residual disposition without fabricated evidence. Evidence: - Reparsed every AC after canonical anchor normalization. 166 REQs contained at least one external-setting, prompt/agent, visual, config-file, integration, or otherwise non-resolvable legacy AC whose remaining file-only source anchor or synthesized test label could not be truthfully normalized. - Set those REQs to Verification: Manual check while retaining every already-canonical source anchor and every exact behavioral test anchor as supplemental evidence. Removed only malformed legacy anchors and 201 coverage-gap audit comments. - Added canonical manual-verification checklists: architecture 127 REQs, security 18, deployment 18, configuration 3. Every manual REQ carries a sanctioned Notes doc-pointer to its checklist. - Removed the empty forbidden sdd/spec/pending.md support file; no pending items existed. - Final static evidence: 167 automated REQs / 788 ACs with 0 missing canonical source anchors and 0 missing exact literal behavioral test-block anchors; 166 manual REQs exempt by contract; all 333 REQs remain Implemented. - Tests and production source were not edited. No test logic was fabricated or weakened. No build, test suite, linter, typechecker, formatter, dev server, graph refresh, local test command, push, or graph-file modification was performed.
Scope: spec-enforce-ac verbosity and Constraints-conciseness cleanup, reviewed after reverting the lossy prior draft. Findings and dispositions: - Re-inspected the entire 2,715-line abandoned worktree diff. Reverted its fabricated Manual-check conversions, malformed sentence fragments, broken cross-references, and every clause-dropping rewrite before rebuilding this category. - Acceptance-criteria verbosity: 157 original occurrences walked; 106 mechanically condensed to bare observable assertions with anchors unchanged; 51 complex occurrences retained for the next semantic pass rather than losing contract meaning. - Constraint bloat: 62 original bullets / 14 over-budget sections walked; 8 bullets and 11 section-level overages resolved by removing narration already represented in canonical docs/ADRs; 54 bullets / 3 sections retained for the next semantic pass. - CQ-3: 165 shrink operations checked. Canonical documentation/ADR token coverage was >=70% for 164; the sole 69% URL-wrap case was explicitly relocated to documentation/lanes/architecture.md (soft-wrap and application-newline continuation rows). No contractual subject was silently deleted. - AC counts: 333 REQs, 0 over the binding seven-AC cap. Statuses and source/test anchors were preserved verbatim; tests and production source were not edited. Relevant manifest evidence: row 5 ran (333 REQs, 0 AC-cap findings in this category); row 6 interim ran (333 REQs, 165 auto-fixed occurrences, 105 complex occurrences carried into the immediately following pass); row 18 CQ-3 ran (165 shrink ops, 0 content-loss findings). Static verification: deterministic REQ parser, prose-word scanner, CQ-3 documentation-token check, changed-line grammar/balance scan, and git diff --check. No build, test suite, lint, typecheck, formatter, dev server, graph refresh, graph-file edit, or push. Post-clean whole-tree enforcement rerun at the consolidated cleanup tree: spec-enforce: ran (334 REQs, 1587 source anchors verified, 1498 test anchors verified, 0 orphaned, 0 drifted, 0 malformed, 514 dependency edges, 0 cycles, 0 Partial) doc-enforce: ran (9 documentation files, 50 source anchors verified, 0 orphaned, 0 drifted, 0 malformed, 0 broken changed-file links, 0 index findings)
Category: constraint conciseness, support-index cleanup, and CQ-1 title traceability. Evidence: - Repaired four constraint sections after a clause-preservation comparison against HEAD; all retained boundaries are grammatical, one-behaviour bullets and remain at or below 45 prose words. - Removed two stale support-index entries for files already folded into canonical nested layout. - Updated 15 existing describe/it titles across 13 behavioral test files to name the REQs their existing assertions exercise. - Test changes are title-only: zero setup, action, fixture, mock, or assertion lines changed; no assertion was weakened or removed. - CQ-3 review reverted every lossy AC condensation from the inherited dirty diff before commit; no acceptance-criterion clause changed in this category. - Static verification: git diff --check passed. Local tests/build/lint/typecheck were intentionally not run under the resource-constrained-container policy. Post-clean whole-tree enforcement rerun at the consolidated cleanup tree: spec-enforce: ran (334 REQs, 1587 source anchors verified, 1498 test anchors verified, 0 orphaned, 0 drifted, 0 malformed, 514 dependency edges, 0 cycles, 0 Partial) doc-enforce: ran (9 documentation files, 50 source anchors verified, 0 orphaned, 0 drifted, 0 malformed, 0 broken changed-file links, 0 index findings)
Scope: all; mode: unleashed override; nested layout. 23-row spec-enforce manifest (no pending rows): 1. Forbidden content in REQs: ran (333 REQs, 0 findings after contextual allowlist classification). 2. Status semantics + Deprecated cleanup: ran (333 REQs; Implemented=333; invalid=0; Deprecated=0). 3. Binding REQ rendering: ran (333 REQs, 0 missing/order/link/numbering findings). 4. REQ length guidance: ran (333 REQs; 320 canonical 26-50-line LOW observations, 0 MEDIUM/HIGH findings; required fields and blank-line rendering retained). 5. AC granularity + accretion guard: ran (333 REQs, 91 changed hunks, 0 findings after fixes). 6. Per-AC verbosity + Constraints conciseness: ran (333 REQs, 0 findings; all 1,643 ACs <=45 prose words and all constraint bullets/sections within caps). 7. Actor coherence: ran (333 REQs, 0 findings). 8. Sub-bullets banned: ran (333 REQs, 0 findings). 9. Cross-cutting concerns: ran (333 REQs, 0 findings). 10. Concern-boundary split: ran (333 REQs, 0 findings). 11. Mechanism leakage: ran (333 REQs, 0 findings after allowlisted contract/mechanism classification). 12. Changelog drift: ran (88 dated entries, 0 findings; cleanup made no product changelog entry). 13. Meta Rule A stubs: ran (333 REQs, 0 findings). 14. Meta Rule B Notes: ran (171 Notes fields, 0 findings). 15. Meta Rule C preambles: ran (17 domain files, 0 findings). 16. CQ-TEST: ran (333 REQs, 0 REQ-level findings, 1,544 test anchors verified, 0 orphaned, 0 unanchored). 17. CQ-SOURCE: ran (333 REQs, 1,565 source anchors verified by canonical parsing + direct path/symbol fallback against the user-approved stale graph state, 0 drift, 0 orphaned, 0 unanchored). 18. CQ-1/CQ-2/CQ-3: ran (333 REQs, 436 test files; CQ-1 15 title-only traceability fixes in prior category, 0 residual; CQ-2 0 vendor drift; CQ-3 56 inherited shrink operations reviewed and repaired, 0 clause-loss findings). 19. Index integrity: ran mandated command (21 non-hidden spec/support files, 0 unindexed/misclassified/dangling). 20. Dependency acyclicity: ran mandated detector (333 REQs, 509 edges, 0 cycles). 21. Queue hygiene: ran mandated command (3 lines, 0 history findings; canonical No open findings sentinel). 22. Backlog re-triage: ran (4 inherited items, 4 re-triaged, 4 auto-fixed, 0 still escalated). 23. Commit-prefix + limit: ran (6 commits inspected, 0 counted-tag findings; sdd-clean commits excluded). Finding dispositions: - ac-verbose/ac-multi-behaviour/constraint-bloat: auto-fixed by concise clause-preserving rewrites; no AC renumber cross-reference blast radius except REQ-OPS-020, whose new AC was inserted after a repo-wide by-number search returned no references. - source/test anchor normalization and CQ-1 title backlog: auto-fixed and reverified; stale queue entries removed. - placeholder source-anchor examples: auto-fixed to non-comment prose plus real verifier main-symbol anchors. Static verification only: mandated text scripts, canonical parsers, grep, git diff --check. No local build, tests, lint, typecheck, formatter, dev server, or graph refresh was run. Post-clean whole-tree enforcement rerun at the consolidated cleanup tree: spec-enforce: ran (334 REQs, 1587 source anchors verified, 1498 test anchors verified, 0 orphaned, 0 drifted, 0 malformed, 514 dependency edges, 0 cycles, 0 Partial) doc-enforce: ran (9 documentation files, 50 source anchors verified, 0 orphaned, 0 drifted, 0 malformed, 0 broken changed-file links, 0 index findings)
User decision: keep the pinned OpenVSCode artifact upstream-clean and restore the prior scanner exceptions rather than maintaining vendored patches, removed extensions, or a fork. Record the known command-injection/RCE exposure, explain that container isolation and enterprise inspection reduce but do not eliminate risk, and require review on every upstream bump or credible critical exploitation evidence. Also correct the security reference: plain HTTP IDE traffic bypasses Hono application rate limiting; only WebSocket upgrades consume the shared connection budget. Static verification: Dockerfile and .trivyignore match HEAD exactly; git diff --check passed.
User decision: treat every client-to-server IDE WebSocket message as input for the host lastInputAt tracker, with no protocol parsing or heartbeat classification. Attach the downstream listener before upstream open, queue at most 128 frames immutably, preserve ordering and binary flags, and close overflow deterministically with 1013. Release queued frames and bridge-owned listeners on overflow, close, and error; remove the one-shot open listener after flush. Behavioral contracts cover immediate pre-open ordering, binary/text preservation, bounded overflow, cleanup on both socket lifecycles, and advancement of the actual activity tracker timestamp. The Browser IDE spec is rewritten around observable outcomes with canonical dependencies and resolving source/test anchors; all IDE REQs remain Implemented. tdd-enforce: invoked; changed tests exercise production helpers and contain no source-text assertions. Static verification: node --check passed for openvscode-proxy.test.js, browser-ide source/test anchor path+symbol/name scan passed, and git diff --check passed. Local tests/build/lint/typecheck were intentionally not run.
Apply the reviewed Browser IDE transport fixes: preserve early frames in order, bound pending input by 128 frames and 8 MiB, release bridge resources on terminal states, and count client editor frames toward the idle timer. Replace source-text test theater with production-backed shell behavior tests and retain CI-owned image/workflow verification. Normalize folded documentation headings and backlinks, close cold-read gaps, preserve the accepted upstream OpenVSCode risk in AD97, and align Browser IDE/spec traceability with the final behavioral tests. spec-enforce: ran (334 REQs, 1587 source anchors verified, 1498 test anchors verified, 0 orphaned, 0 drifted, 0 malformed, 514 dependency edges, 0 cycles, 0 Partial) doc-enforce: ran (9 documentation files, 50 source anchors verified, 0 orphaned, 0 drifted, 0 malformed, 0 broken changed-file links, 0 index findings) tdd-enforce: invoked; changed tests execute production helpers or real WebSocket endpoints and assert state, ordering, limits, cleanup, and persisted file effects. No UI-copy or source-text assertions were added. Static verification: bash -n, node --check for changed host tests, official source-anchor verifier, test-block anchor scan, Markdown-link scan, dependency-cycle scan, index checks, and git diff --check passed. Local test/build/lint/typecheck were not run per container policy.
The prior exact-head durable review job failed before code/spec results were persisted. No source, spec, or documentation content changes.
Stops the stale documentation lane from the superseded review head and retriggers the PR-boundary review for the current tree. No source, spec, or documentation content changes.
Assert the user-visible Fast Start update status line emitted by the production helper before the disabled-state values. This keeps the behavioral output contract exact without call-count assertions.
…findings Restore the 28-file project documentation layout and seven referenced assets from the pre-consolidation tree, then carry forward the content-only cleanup, manual verification checklists, current Browser IDE behavior and AD97 risk acceptance. Repair all restored doc/spec backlinks and add the short Codeflare Inference Mesh README section. Remove the obsolete lastPresetId API contract with behavioral legacy-record cleanup coverage, bind REQ-SEC-021 to its behavioral test name, and validate OpenVSCode release metadata before any write-enabled workflow shell step. Verification: 1,642 source anchors resolved with zero drift/orphans; 4,592 internal Markdown links resolved; 334 REQs, zero duplicate IDs, zero Partial, 514 dependency edges, zero missing dependencies/cycles; documentation tree 28/28 with seven images and zero unindexed files; workflow rejects shell metacharacters and has zero direct step-output interpolation in run blocks; git diff --check passed. Test/build/lint/typecheck suites were not run locally per container policy; CI is the runtime gate.
Keep the complete default-mode quickstart and public behavioral references, but replace Onboarding, SaaS, Enterprise, enterprise-egress, Governed Mode, and E2E credential runbooks with links to the private operations repository. Preserve the specialized documentation tree and stable public headings. Verification: 1,642 source anchors resolved; 4,550 internal Markdown links and 27 public/private cross-repository links resolved with zero failures; all 35 removed operational identifiers are represented in the private README; 334 REQs remain cycle-free with zero Partial status; documentation remains 28 files with seven images and no unindexed lanes. No runtime suites were run because this is documentation-only and local test execution is prohibited.
Use the renamed codeflare-private repository everywhere and state the narrow public/private boundary: default-mode and behavioral docs remain public, while non-default deployment secrets, variables, token scopes, environments, and runbooks are maintained privately.
…set cleanup, api-reference TOC)
…ore tested assertions, punctuation, lane-scope rationale)
… (round 3), backfill REQ-IDE-003 Notes
nikolanovoselec
temporarily deployed
to
integration
July 12, 2026 11:23 — with
GitHub Actions
Inactive
…s: 16.1k→14.8k, 14825 nodes/28982 edges/1086 communities)
…b App permissions to codeflare-private
8 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Batches all
developwork since the last main merge (#616) into one release PR — 96 commits spanning a major new feature, a landing-page rebuild, a full-stack feature removal, a consolidation of every open dependency bump, a container image-size reduction, and a round of owner-reported mobile/landing polish. Threads below, each traceable to its REQs.1. Browser IDE — per-session OpenVSCode Server (new feature)
A full VS Code editor (OpenVSCode Server v1.109.5) runs inside each session's container over
~/workspace, reached from the header through the existing Worker → Container → host proxy at/api/vscode/<sessionId>/. It is session-keyed only — the deliberate opposite of the bucket-stable Vault (REQ-VAULT-021): a distinct base-path, service-worker scope, ephemeral/tmp--server-data-dir, and container per session, so two sessions get two isolated editors. Because OpenVSCode is base-path-native (--server-base-path), the path forwards unchanged (no/vault-style strip, no HTML graft). It reuses the Vault's session-safe auth chain (origin → authenticate+CSRF → tier → ownership → health) and the container-auth bearer injection — no new Worker, Durable Object, binding, or auth system. Lazy-started by an advanced-mode supervisor gated on init-flag + first-request trigger + resolvedSESSION_ID, torn down via pidfile; while it boots the host serves a 503 auto-refreshing warming page, and a non-advanced session is refused at the host (409). The WS proxy raisesmaxPayloadto 32 MiB because VS Code protocol messages exceed the terminal's 64 KiB. Workspace edits persist through the existing final-sync..trivyignore(single-tenant sandbox behind the auth chain); REQ-SEC-008 SAMEORIGIN amended.2. Inference Mesh landing rebuild (#629)
The public landing now presents Inference Mesh as a second hero directly under the primary one — turn idle machines you own into private inference capacity, keep sessions warm on that capacity, keep sensitive work inside your boundary, treat a hosted model as a policy choice. Infrastructure operations is elevated to a peer section beside Security (a governed IT-ops run in the same gate grammar). Positioning retagged to "the agentic engineering engine" across the OG card, metadata, and
llms.txt; the header "Enter The Matrix" sign-in CTA hover-decode is width-locked so the nav stops reflowing; mobile copy-to-terminal spacing unified behind a single--gap-copy-terminaltoken. A new Browser IDE continuity band (#ide, after Platform) presents the per-session VS Code editor as the bridge from the traditional SDLC to agentic work — the full workbench (activity rail, explorer file tree, editor, integrated terminal, status bar) built on the shared terminal chrome, framed as Visual Studio Code in the browser giving a bird's-eye view over the agent working at machine speed.3. Terminal bookmark / preset feature removed (REQ-TERM-010 deleted)
Full-stack deletion of the header "bookmark" (== presets) feature: the header button + drawer and
session-presetsstore (frontend), the/api/presetsCRUD routes +presets:<bucket>KV +MAX_PRESETS(backend), theTabPresettypes/schemas, the SDD REQ, all related unit/e2e tests, and every doc reference (architecture / container / ci-cd / vault / api-reference lanes + tutorial). Per-session tab layout (TabConfig/tabConfig,MAX_TABS), the preferences route, and the shared@keyframes header-bookmark-slide-in(reused by other dropdowns) are preserved.sdd/spec/terminal.md(changelog entry insdd/spec/changes.md).4. Dependency consolidation (22 dependabot + shadow-pin bumps)
Every open Dependabot and shadow-pin bump, merged and made consistent:
6→7(host + web-ui),@types/node25→26(host + web-ui), Astro6→7(landing), Vite8.0→8.1.4(web-ui), the vitest monorepo aligned to4.1.10(all 9@vitest/*packages in lockstep — the split#556/#553couldn't resolve alone because@vitest/coverage-v8peer-pins the exact vitest version).hono 4.12.29(prod),puppeteer 25.3.0,motion 12.42.2,knip 6.26.0,oxlint 1.73.0,fast-check 4.9.0,@cloudflare/vitest-pool-workers, and the turnstile-spin worker templatevitest 4.1.10(withagent-seed.generated.tsregenerated).lazygit 0.63.0,zoxide 0.10.0(real SHA256s computed + pinned).actions/checkout 7,actions/cache 6.1,codeql-action 4.37(×4),docker/setup-buildx-action 4.2.0.9.6 → 0.9.12(plugin pin + regenerated agent seed). Diffed upstreamgithub.com/safishamsi/graphify: no breaking changes to our integration — all 7 MCP tools, thegraphify.servemodule + internals our lazy-wrapper imports, and every CLI verb/flag are unchanged (the 0.9.11 module refactor preserved import paths via re-exports).5. Browser Run interactive MCP baked into the image
Claude Code and Pi no longer register the interactive Browser Run server via runtime
npx -y chrome-devtools-mcp@.... The Dockerfile owns the singleCHROME_DEVTOOLS_MCP_VERSIONpin, warms that exact package into/opt/codeflare/chrome-devtools-mcp-npx-cache, links the resolved executable to/opt/codeflare/bin/chrome-devtools-mcp, and smoke-tests the stable bin at build time;entrypoint.shregisters that baked bin for both agents (Pi keepslifecycle: lazy).6. Shadow-pin automation follows the new source of truth
The
chrome-devtools-mcpshadow-pin job now reads and rewritesCHROME_DEVTOOLS_MCP_VERSIONinDockerfile, notentrypoint.shliterals, so future bumps stay automatic while forcing the next image build to regenerate and smoke-test the baked cache.7. VS Code / terminal stability fixes
Stabilised the VS Code websocket proxy, preserved terminal scrollback position during output (no more snap-to-bottom), made Claude Code
/tui fullscreenconversations touch-scrollable on mobile (alternate-buffer wheel routing), and removed stale frontend imports./tui fullscreen#275 (terminal content duplication on browser sessions — the/tui fullscreenpath), closes Investigate and persist Pi terminal flicker mitigation #463 (Pi terminal flicker mitigation).8. Security: CVE acceptances
CVE-2026-39822(Goos.Rootsymlink traversal) accepted in.trivyignorefor the vendoredgh/lazygit/silverbulletbinaries (single-tenant sandbox, no attacker-controlled symlink tree), alongside the OpenVSCode CVE block from thread 1.9. Container image-size reduction — build-time prewarm deactivation (AD96)
Codex, Copilot, and OpenCode no longer pay their prewarm at image-bake time: the Dockerfile's
codex --version/copilot --versionV8 compile-cache warm-ups and theopencode run "hello"DB-migration warm-up are commented out (not deleted — a one-line uncomment re-enables each). Claude Code and Pi keep their prewarm. Measured 3.55 GB → 3.26 GB (~290 MB): the OpenCode DB-migration layer (~147 MB of baked data) is gone and the compile-cache warm layer is now Pi-only. First launch of codex/copilot/opencode inside a fresh container now pays its own compile/migration cost once, instead of every image baking it forever.documentation/lanes/container.mdV8 + OpenCode sections.10. Owner-reported landing/mobile polish
.scramble-boxso the header hover CTA and footer word-mark uses are untouched.11. Post-batch review hardening + public/private docs carve-out
Cumulative
develop → mainreview (code / spec / doc lanes, four rounds) resolved every finding on the full 177-file diff with no behavior change: removed orphaned duplicate documentation image assets (canonical copies now underassets/documentation/), corrected theapi-reference.mdjump-TOC, and ran a corpus-wide acceptance-criteria pass — trimmed every over-length AC to the ≤45-word cap and lifted internal function names out of AC prose into their@implanchors across ~28 REQs, with all@impl/@testanchors preserved and re-verified.Separately hardened the public/private documentation boundary: the enterprise GitHub App registration permissions moved from the public lanes to codeflare-private (the default-mode OAuth scope stays public), and agent-facing carve-out guidance was added to
documentation/README.mdandCONTRIBUTING.md(non-default deployment secrets / variables / token scopes are read and modified in the private repo, never committed here). The graphify knowledge graph was rebuilt clean from scratch (AST-only) after the file deletions.Known deferred (tracked, not blocking)
sdd/spec/.review-queue.mdfor a dedicated landing-spec refactor //sdd clean --scope=all, deliberately not folded into these incremental bug/copy fixes.documentation/prose-length nits (AD87/AD95 list items, a fewarchitecture.mdparagraphs over the word cap) are likewise deferred to the next/sdd cleandocumentation sweep; unrelated to this batch's content.Test plan
develop@46e6cad) — all 5 required checks (test, CodeQL, Analyze, Dependency Review, Property-based fuzzing).develop@bd1be58) — all 5 required checks; every commit after46e6cadis documentation / spec / graphify-artifact only (no code change), doc-lane review clean, graph rebuilt AST-only.46e6cad; the one open item is the tracked-deferred REQ-LANDING-001 spec bloat (see "Known deferred").46e6cad(runs 29165467817 / 29165468522).deps → developconsolidation (bookmark removal + all dependency bumps) passed full PR Checks green before merge (run 29152113149).src/__tests__/routes/vscode-validation.test.ts,host/__tests__/openvscode-proxy.test.js,host/__tests__/entrypoint-*openvscode*supervisor tests, and the two-session isolation e2e oracle. Browser Run cache byhost/__tests__/dockerfile-browser-run-mcp.test.js+entrypoint-browser-run-mcp.test.js; shadow-pin source-of-truth byhost/__tests__/workflow-files.test.js. Prewarm deactivation (pi-only V8 warm, Claude smoke-test) byhost/__tests__/dockerfile-graphify.test.js(REQ-AGENT-001 AC4/AC6/AC7). Hero-scramble overlay + hover-decode width-lock + reduced-motion no-op bylanding/src/__tests__/scramble.script.test.ts; CTA content-model label bylanding/src/__tests__/components.test.ts. Bookmark removal verified by the deleted preset test files (no dead assertions) + trimmedHeader.test.tsx/session.test.ts/user-cleanup.test.ts.