agent

core/agent

Author	SHA1	Message	Date
Snider	40d2b0db16	fix: address Codex round 7 — path traversal + dispatch check Some checks failed CI / test (push) Failing after 2s Details High/Security: sanitise input.Repo via filepath.Base to prevent path traversal in workspace prep (../escape from CODE_PATH). High/Security: sanitise repo.Repo from API response in syncRepos to prevent path traversal via crafted checkin responses. Medium: dispatchFixFromQueue now returns error, review_queue checks success before recording fix_dispatched. Known issues updated with async bridge provider findings. Co-Authored-By: Virgil <virgil@lethean.io>	2026-03-21 17:25:23 +00:00
Snider	5b39e13a6e	fix: address Codex round 6 findings — 2 high, 3 medium, 1 low Some checks failed CI / test (push) Failing after 3s Details High: workspace names use UnixNano to prevent same-second collisions High: sync only pulls the branch the server reported (was pulling current) Medium: drainQueue serialised via mutex to prevent concurrent over-dispatch Medium: remote_status checks JSON-RPC error field before reporting success Medium: dead agent PIDs without output log marked failed, not completed Low: detectLanguage uses ordered slice instead of map for deterministic results Also: URL-encoded agent names in messaging, monitor inbox, and sync endpoints. Co-Authored-By: Virgil <virgil@lethean.io>	2026-03-21 17:10:43 +00:00
Snider	66220021c9	fix: address Codex round 5 findings — 2 high, 5 medium, 4 low Some checks failed CI / test (push) Failing after 3s Details High: clean stale BLOCKED.md before spawn (prevents stuck workspaces) High: agentic_create_pr pushes to Forge URL, not local origin Medium: watch treats merged/ready-for-review as terminal states Medium: scan paginates org repos (was limited to first 50) Medium: agent_conversation URL-encodes agent names (injection fix) Low: inbox/sync/monitor URL-encode agent names in query strings Low: pullWiki closes response body on non-200 (connection leak) Co-Authored-By: Virgil <virgil@lethean.io>	2026-03-21 16:53:55 +00:00
Snider	67249fa78f	fix: address Codex round 3 findings — 5 high, 4 medium, 1 low Some checks failed CI / test (push) Failing after 3s Details High: prep creates workspace dir before clone (was missing) High: auto_pr detects default branch instead of hardcoding main High: mirror gh pr commands now use --repo for correct targeting High: syncRepos HTTP client has 15s timeout (was no timeout) High: sync timestamp only advances when all repos were pulled Medium: rebaseBranch uses detected default branch Medium: scan URL-encodes labels to prevent injection Medium: recall MinConfidence forwarding (acknowledged, API-level) Medium: recall tags preservation (acknowledged, API-level) Low: harvest pushBranch uses coreerr.E instead of fmt.Errorf Shared gitDefaultBranch helper added to agentic/paths.go. Co-Authored-By: Virgil <virgil@lethean.io>	2026-03-21 16:22:18 +00:00
Snider	026b31edf7	fix: address Codex round 2 mediums Some checks failed CI / test (push) Failing after 3s Details - harvest: message says 'ready-for-review' not 'pushed' - sync: timestamp advanced after pulls, not before - sync: accepts main/master/reported branch, not just main - inbox: checks CORE_BRAIN_KEY env before falling back to file - inbox: parses 'from' not 'from_agent', 'messages' not 'data' - queue: strips variant suffix for rate limit lookup (claude:opus → claude) - review_queue: respects ReviewQueueInput.Reviewer instead of hardcoding coderabbit - tests: updated to match real API response structure Co-Authored-By: Virgil <virgil@lethean.io>	2026-03-21 16:05:59 +00:00
Snider	21f234aa7c	refactor: flatten go/ subdir, migrate to dappco.re/go/agent, restore process service - Module path: dappco.re/go/agent - Core import: dappco.re/go/core v0.4.7 - Process service re-enabled with new Core API - Plugin bumped to v0.11.0 - Directory flattened from go/ to root Co-Authored-By: Virgil <virgil@lethean.io>	2026-03-21 11:10:44 +00:00
Snider	be1130f470	agent updates	2026-03-21 11:10:44 +00:00
Snider	6d04c893b7	fix: address all code review findings (medium + low) - os.ReadFile/WriteFile → coreio.Local in monitor and remote packages - Deduplicate agentName() → shared agentic.AgentName() - Deduplicate workspaceRoot() → shared agentic.WorkspaceRoot() - fileExists uses IsFile() instead of reading whole file - Fix SPDX-Licence → SPDX-License typo - Remove time.Now import hack - Fix hardcoded PR #1 in review queue Co-Authored-By: Virgil <virgil@lethean.io>	2026-03-17 19:19:04 +00:00
Snider	90b03191b2	feat(agent): v0.2.0 — HTTP daemon, remote dispatch, review queue, verify+merge Major additions: - core-agent serve: persistent HTTP daemon with PID file, health check, registry - agentic_dispatch_remote: dispatch tasks to remote agents (Charon) over MCP HTTP - agentic_status_remote: check remote agent workspace status - agentic_mirror: sync Forge repos to GitHub mirrors with file count limits - agentic_review_queue: CodeRabbit/Codex review queue with rate-limit awareness - verify.go: auto-verify (run tests) + auto-merge + retry with rebase + needs-review label - monitor sync: checkin API integration for cross-agent repo sync - PostToolUse inbox notification hook (check-notify.sh) Dispatch improvements: - --dangerously-skip-permissions (CLI flag changed) - proc.CloseStdin() after spawn (Claude CLI stdin pipe fix) - GOWORK=off in agent env and verify - Exit code / BLOCKED.md / failure detection - Monitor poke for instant notifications New agent types: - coderabbit: CodeRabbit CLI review (--plain --base) - codex:review: OpenAI Codex review mode Integrations: - CODEX.md: OpenAI Codex conventions file - Gemini extension: points at core-agent MCP (not Node server) - Codex config: core-agent MCP server added - GitHub webhook handler + CodeRabbit KPI tables (PHP) - Forgejo provider for uptelligence webhooks - Agent checkin endpoint for repo sync Co-Authored-By: Virgil <virgil@lethean.io>	2026-03-17 17:45:04 +00:00

9 commits