Move all tests from tests/ to package root for proper coverage.
Fix Fs zero-value: path() and validatePath() default empty root
to "/" so &Fs{} works without New().
New tests: PathGlob, PathIsAbs, CleanPath, Cli.SetOutput,
ServiceShutdown, Core.Context, Fs zero-value, Fs protected
delete, Command lifecycle with implementation, error formatting
branches, PerformAsync completion/no-handler/after-shutdown,
Extract with templates, Embed path traversal.
Coverage: 76.9% → 82.3% (23 test files, 82 new test cases).
Co-Authored-By: Virgil <virgil@lethean.io>
Codex agents are sandboxed to src/ and don't get ~/Code/go.work.
This template creates a go.work with `use .` so the Go toolchain
works in workspace mode inside the sandbox.
Co-Authored-By: Virgil <virgil@lethean.io>
Replace all os.UserHomeDir/os.Getenv/os.Hostname with core.Env().
Replace all filepath.Base/Dir/Glob/IsAbs with core.PathBase/PathDir/
PathGlob/PathIsAbs.
10 files migrated: paths, prep, review_queue, remote, dispatch,
ingest, mirror, plan, verify, watch.
Imports eliminated: 5x os, 7x filepath. All file I/O and path
construction now routes through Core primitives.
Bumps dappco.re/go/core to v0.6.0.
Co-Authored-By: Virgil <virgil@lethean.io>
Was skipping directories entirely (`if entry.IsDir() { continue }`),
so .core/reference/ and its contents were never extracted.
Replaced fs.ReadDir loop with fs.WalkDir to handle nested dirs.
Added tests: CreatesFiles, CreatesSubdirectories, TemplateSubstitution.
Co-Authored-By: Virgil <virgil@lethean.io>
Inline instructions for Codex agents — no spec references,
just the actual rules with code examples. Extracted into every
workspace automatically.
Co-Authored-By: Virgil <virgil@lethean.io>
Reference files (.core/reference/) are now part of the embedded
workspace template. ExtractWorkspace extracts them automatically —
no hardcoded filesystem paths, ships with the binary.
Co-Authored-By: Virgil <virgil@lethean.io>
Parallel to the Claude Code plugin (claude/), core-agent now supports
Codex with full feature parity:
- .codex/config.toml — model, profiles (review/quick/implement/lem),
MCP server, local model providers (Ollama/LM Studio)
- .codex/agents/ — reviewer, migrator, fixer (AX-aware)
- .codex/rules/ — Starlark rules for sandbox control
- .agents/skills/ — 9 skills matching Claude plugin
- AGENTS.md — Codex project instructions (like CLAUDE.md)
Supports --oss mode for local models (LEM via Ollama).
Same binary, two entry points.
Co-Authored-By: Virgil <virgil@lethean.io>
Replace separate go-io (coreio) and go-log (coreerr) packages with
Core's built-in Fs and error/logging functions. This is the reference
implementation for how all Core ecosystem packages should migrate.
Changes:
- coreio.Local.Read/Write/EnsureDir/Delete/IsFile → core.Fs methods
- coreerr.E() → core.E(), coreerr.Info/Warn/Error → core.Info/Warn/Error
- (value, error) return pattern → core.Result pattern (r.OK, r.Value)
- go-io and go-log moved from direct to indirect deps in go.mod
- Added AX usage-example comments on key public types
- Added newFs("/") helper for unrestricted filesystem access
Co-Authored-By: Virgil <virgil@lethean.io>
inbox.message events now include full message objects (id, from,
subject, content) so recipients can read messages inline without
calling agent_inbox. Charon's messages arrive directly in session.
Co-Authored-By: Virgil <virgil@lethean.io>
Both checkCompletions and checkInbox now seed on first run —
existing workspaces and messages are recorded without firing
channel events. Only genuinely new events trigger notifications.
Tests updated to pre-seed flags and filter debug events.
Co-Authored-By: Virgil <virgil@lethean.io>
Track inbox by highest message ID instead of unread count. Fixes:
- API pagination limit (max 20) no longer causes missed notifications
- Restart no longer floods with all existing unread messages (seeded)
- Each new message fires exactly once regardless of read state
Added MONITOR_INTERVAL env override and debugChannel helper for
faster iteration during channel development.
All three channel types confirmed working:
- agent.complete: workspace status changes
- inbox.message: new messages by ID tracking
- monitor.debug: real-time debug trace
Co-Authored-By: Virgil <virgil@lethean.io>
The MCP agent_inbox tool wraps the response as {messages:[...]},
but the raw API returns {data:[...]}. The monitor calls the raw
API directly, so it needs to parse {data:[...]}.
Verified with curl against live API. Removed debug channel events.
Co-Authored-By: Virgil <virgil@lethean.io>
New plugin: claude/research (core-research v0.1.0)
- 12 collection/research skills moved from core
- collection subsystem (hooks, scripts) moved
- Installed separately when research work is needed
Core plugin bumped to v0.12.0 — now focused on:
- Dispatch, review, messaging, OpenBrain (operational)
- Deploy, app-split, repo-sweep (infrastructure)
- Architecture review, security review (quality)
Marketplace updated with CoreResearch entry.
Co-Authored-By: Virgil <virgil@lethean.io>
Critical: /core:remember rewritten to use brain_remember MCP tool
instead of missing capture-context.sh script.
Major: /core:pipeline persona paths fixed — now reference
pkg/lib/persona/ with correct slugs instead of nonexistent
agents/engineering/ directory.
Major: Added YAML frontmatter (name + description) to all 12
collection skill SKILL.md files for Claude Code auto-discovery.
Removed empty channel/ directory.
Co-Authored-By: Virgil <virgil@lethean.io>
High: verify rebase push now targets Forge remote, not local origin
High/Security: planPath sanitises ID via filepath.Base to prevent
path traversal in plan read/update/delete
Medium: mirror compares and pushes local default branch, not HEAD
Findings 3-6 verified as false positives/known issues (bridge async
by design, API returns top-level memories not {data:...}, inbox uses
{messages:...} confirmed against live API).
Co-Authored-By: Virgil <virgil@lethean.io>
Medium: remote dispatch now propagates inner dispatchOut.Success
instead of hardcoding true.
Low: updateStatus clears stale question field when new state
has no question, preventing leftover rejection messages.
Co-Authored-By: Virgil <virgil@lethean.io>
High/Security: sanitise input.Repo via filepath.Base to prevent
path traversal in workspace prep (../escape from CODE_PATH).
High/Security: sanitise repo.Repo from API response in syncRepos
to prevent path traversal via crafted checkin responses.
Medium: dispatchFixFromQueue now returns error, review_queue checks
success before recording fix_dispatched.
Known issues updated with async bridge provider findings.
Co-Authored-By: Virgil <virgil@lethean.io>
API enhancements, test coverage gaps, conventions, and compile
issues — all acknowledged and tracked for future work.
Co-Authored-By: Virgil <virgil@lethean.io>
