Move all tests from tests/ to package root for proper coverage.
Fix Fs zero-value: path() and validatePath() default empty root
to "/" so &Fs{} works without New().
New tests: PathGlob, PathIsAbs, CleanPath, Cli.SetOutput,
ServiceShutdown, Core.Context, Fs zero-value, Fs protected
delete, Command lifecycle with implementation, error formatting
branches, PerformAsync completion/no-handler/after-shutdown,
Extract with templates, Embed path traversal.
Coverage: 76.9% → 82.3% (23 test files, 82 new test cases).
Co-Authored-By: Virgil <virgil@lethean.io>
Codex agents are sandboxed to src/ and don't get ~/Code/go.work.
This template creates a go.work with `use .` so the Go toolchain
works in workspace mode inside the sandbox.
Co-Authored-By: Virgil <virgil@lethean.io>
Replace all os.UserHomeDir/os.Getenv/os.Hostname with core.Env().
Replace all filepath.Base/Dir/Glob/IsAbs with core.PathBase/PathDir/
PathGlob/PathIsAbs.
10 files migrated: paths, prep, review_queue, remote, dispatch,
ingest, mirror, plan, verify, watch.
Imports eliminated: 5x os, 7x filepath. All file I/O and path
construction now routes through Core primitives.
Bumps dappco.re/go/core to v0.6.0.
Co-Authored-By: Virgil <virgil@lethean.io>
Was skipping directories entirely (`if entry.IsDir() { continue }`),
so .core/reference/ and its contents were never extracted.
Replaced fs.ReadDir loop with fs.WalkDir to handle nested dirs.
Added tests: CreatesFiles, CreatesSubdirectories, TemplateSubstitution.
Co-Authored-By: Virgil <virgil@lethean.io>
Inline instructions for Codex agents — no spec references,
just the actual rules with code examples. Extracted into every
workspace automatically.
Co-Authored-By: Virgil <virgil@lethean.io>
Reference files (.core/reference/) are now part of the embedded
workspace template. ExtractWorkspace extracts them automatically —
no hardcoded filesystem paths, ships with the binary.
Co-Authored-By: Virgil <virgil@lethean.io>
Replace separate go-io (coreio) and go-log (coreerr) packages with
Core's built-in Fs and error/logging functions. This is the reference
implementation for how all Core ecosystem packages should migrate.
Changes:
- coreio.Local.Read/Write/EnsureDir/Delete/IsFile → core.Fs methods
- coreerr.E() → core.E(), coreerr.Info/Warn/Error → core.Info/Warn/Error
- (value, error) return pattern → core.Result pattern (r.OK, r.Value)
- go-io and go-log moved from direct to indirect deps in go.mod
- Added AX usage-example comments on key public types
- Added newFs("/") helper for unrestricted filesystem access
Co-Authored-By: Virgil <virgil@lethean.io>
inbox.message events now include full message objects (id, from,
subject, content) so recipients can read messages inline without
calling agent_inbox. Charon's messages arrive directly in session.
Co-Authored-By: Virgil <virgil@lethean.io>
Both checkCompletions and checkInbox now seed on first run —
existing workspaces and messages are recorded without firing
channel events. Only genuinely new events trigger notifications.
Tests updated to pre-seed flags and filter debug events.
Co-Authored-By: Virgil <virgil@lethean.io>
Track inbox by highest message ID instead of unread count. Fixes:
- API pagination limit (max 20) no longer causes missed notifications
- Restart no longer floods with all existing unread messages (seeded)
- Each new message fires exactly once regardless of read state
Added MONITOR_INTERVAL env override and debugChannel helper for
faster iteration during channel development.
All three channel types confirmed working:
- agent.complete: workspace status changes
- inbox.message: new messages by ID tracking
- monitor.debug: real-time debug trace
Co-Authored-By: Virgil <virgil@lethean.io>
The MCP agent_inbox tool wraps the response as {messages:[...]},
but the raw API returns {data:[...]}. The monitor calls the raw
API directly, so it needs to parse {data:[...]}.
Verified with curl against live API. Removed debug channel events.
Co-Authored-By: Virgil <virgil@lethean.io>
High: verify rebase push now targets Forge remote, not local origin
High/Security: planPath sanitises ID via filepath.Base to prevent
path traversal in plan read/update/delete
Medium: mirror compares and pushes local default branch, not HEAD
Findings 3-6 verified as false positives/known issues (bridge async
by design, API returns top-level memories not {data:...}, inbox uses
{messages:...} confirmed against live API).
Co-Authored-By: Virgil <virgil@lethean.io>
Medium: remote dispatch now propagates inner dispatchOut.Success
instead of hardcoding true.
Low: updateStatus clears stale question field when new state
has no question, preventing leftover rejection messages.
Co-Authored-By: Virgil <virgil@lethean.io>
High/Security: sanitise input.Repo via filepath.Base to prevent
path traversal in workspace prep (../escape from CODE_PATH).
High/Security: sanitise repo.Repo from API response in syncRepos
to prevent path traversal via crafted checkin responses.
Medium: dispatchFixFromQueue now returns error, review_queue checks
success before recording fix_dispatched.
Known issues updated with async bridge provider findings.
Co-Authored-By: Virgil <virgil@lethean.io>
High: workspace names use UnixNano to prevent same-second collisions
High: sync only pulls the branch the server reported (was pulling current)
Medium: drainQueue serialised via mutex to prevent concurrent over-dispatch
Medium: remote_status checks JSON-RPC error field before reporting success
Medium: dead agent PIDs without output log marked failed, not completed
Low: detectLanguage uses ordered slice instead of map for deterministic results
Also: URL-encoded agent names in messaging, monitor inbox, and sync endpoints.
Co-Authored-By: Virgil <virgil@lethean.io>
- harvest: message says 'ready-for-review' not 'pushed'
- sync: timestamp advanced after pulls, not before
- sync: accepts main/master/reported branch, not just main
- inbox: checks CORE_BRAIN_KEY env before falling back to file
- inbox: parses 'from' not 'from_agent', 'messages' not 'data'
- queue: strips variant suffix for rate limit lookup (claude:opus → claude)
- review_queue: respects ReviewQueueInput.Reviewer instead of hardcoding coderabbit
- tests: updated to match real API response structure
Co-Authored-By: Virgil <virgil@lethean.io>
High: harvest no longer hardcodes 'main' — detects default branch
via symbolic-ref/rev-parse fallback. Repos with master/other
default branches are now harvested correctly.
High: empty task no longer produces invalid 'agent/' branch name.
Falls back to issue-N or work-timestamp. Branch creation errors
are now surfaced instead of silently ignored.
High: PHP verification no longer returns passed:true when no test
runner exists. Untested PHP repos correctly fail verification.
(brain/direct.go findings 5-6 verified as false positives — API
returns top-level keys, not {data: ...} envelope)
Co-Authored-By: Virgil <virgil@lethean.io>
High: Fix missed-notification bug — track completions by workspace
name instead of count, so harvest status rewrites don't suppress
future notifications. Also tracks blocked/failed terminal states.
High: Safety gate fail-closed — check ALL changed files (not just
added), reject on git diff failure instead of proceeding.
Medium: emitCompletionEvent now passes actual status (completed,
failed, blocked) instead of hardcoding "completed".
Medium/AX: Harvest no longer auto-pushes to source repos. Sets
status to ready-for-review only — pushing happens during explicit
review, not silently in the background.
Co-Authored-By: Virgil <virgil@lethean.io>
- Module path: dappco.re/go/agent
- Core import: dappco.re/go/core v0.4.7
- Process service re-enabled with new Core API
- Plugin bumped to v0.11.0
- Directory flattened from go/ to root
Co-Authored-By: Virgil <virgil@lethean.io>
