Joshua Lelon Mitchell
2d1e30d00c
feat(flows): add decision() helper for constrained LLM branching ( #278 )
...
Wraps the existing acp + parse + switch pattern into a typed helper that
scaffolds the JSON-with-reason prompt and validates the chosen value
against the supplied choices tuple. decisionEdge() builds the matching
switch edge with exhaustively-typed cases. Returns a plain AcpNodeDefinition
so no schema, snapshot, or replay-viewer changes are required.
Rewrites examples/flows/branch.flow.ts to use the helper.
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-05 20:28:05 +01:00
Vincent Koc
1a9fdabfd7
fix(security): avoid prototype setter in replay patches
CI / scope (push) Has been cancelled
CI / Docs (push) Has been cancelled
CI / ${{ matrix.name }} (pnpm run build, Build) (push) Has been cancelled
CI / ${{ matrix.name }} (pnpm run conformance:run -- --case acp.v1.initialize.handshake, Conformance Smoke) (push) Has been cancelled
CI / ${{ matrix.name }} (pnpm run format:check, Format) (push) Has been cancelled
CI / ${{ matrix.name }} (pnpm run lint, Lint) (push) Has been cancelled
CI / ${{ matrix.name }} (pnpm run test:coverage, Test, 22) (push) Has been cancelled
CI / ${{ matrix.name }} (pnpm run typecheck, Typecheck) (push) Has been cancelled
2026-04-30 03:38:06 -07:00
Vincent Koc
541742f800
fix(security): harden flow sanitizer paths
2026-04-30 03:33:29 -07:00
Peter Steinberger
69f527646b
chore: strengthen lint rules
2026-04-25 11:23:44 +01:00
JunghwanNA
486f596acb
Protect replay viewer file reads from run-id boundary escapes
...
The replay viewer already rejected relative-path traversal inside a selected
bundle, but it still trusted runId when resolving the bundle root. A crafted
runId could escape the configured runs directory and expose adjacent local
acpx files. This change validates the resolved run directory before serving
bundle files and adds unit plus HTTP regression coverage while preserving
normal in-root reads.
Constraint: Keep the fix narrow to replay-viewer server paths without changing bundle format or viewer semantics
Rejected: Sanitizing runId with a regex allowlist | would overfit naming conventions instead of enforcing the real filesystem boundary
Confidence: high
Scope-risk: narrow
Reversibility: clean
Directive: Preserve both checks: runDir must stay under runsDir and relativePath must stay under runDir
Tested: pnpm run build:test && node --test dist-test/test/replay-viewer-*.test.js; pnpm run viewer:typecheck; positive in-root HTTP read returned 200; out-of-root HTTP read returned 400
Not-tested: Full pnpm run check on Node >=22.12.0; public npm package build/install path outside local worktree
2026-04-25 06:58:43 +01:00
Onur Solmaz
be510ba918
refactor: add acpx runtime embedding API ( #220 )
...
* refactor: add acpx runtime embedding API
* fix: preserve session state on replay failure
* fix: honor startup controls in runtime manager
* Runtime: deduplicate shared session engine
* Runtime: honor oneshot and steer inputs
* Runtime: keep persistent sessions stable
* Runtime: initialize embedded event logs
* Runtime: drop unsupported ensure env
* Refactor: reorganize ACPX source layout
* refactor: finish ACPX source layout cleanup
* docs: note runtime embedding API
2026-04-06 00:52:21 +02:00
Onur Solmaz
ead133cfb2
feat: validate flow definitions and require defineFlow ( #219 )
...
* docs: clarify structured flow design
* docs: require conventional PR titles
* docs: detail zod flow validation direction
* feat: validate flow definitions with zod
* fix: allow extension fields in flow validation
* fix: reject ambiguous flow edge shapes
* fix: improve flow validation errors
* fix: validate plain exported flows before permission checks
* style: format flow CLI imports
* fix: preserve staged flow assembly
* feat: require defineFlow for flow modules
* fix: keep flow runner validation structural
* fix: resolve acpx flows in test builds
2026-04-05 15:34:56 +02:00
Onur Solmaz
48ae9011dc
feat: stream replay viewer runs live ( #205 )
...
* feat: stream replay viewer runs live
* fix: keep replay bootstrap stable during live updates
* fix: streamline replay viewer recent runs
* feat: add first-class replay viewer scripts
* docs: adopt json patch plus spec
* docs: pin live transport decisions
* feat: stream live replay session updates
* fix: harden replay viewer live sync
* fix: guard replay viewer recent-run races
* fix: refresh replay snapshots from source
* fix: tint replay runs by status
* fix: render live replay sessions directly
* fix: harden replay viewer live runs sync
* fix: preserve replay viewer conversation order
* fix: settle completed terminal replay nodes
* feat: compact replay viewer tool cards
* refactor: simplify replay viewer tool event chrome
* refactor: flatten replay viewer tool events
* fix: reveal replay tool calls before step completion
* fix: make replay viewer follow sticky to bottom
* fix: detach replay viewer follow on upward scroll
* fix: rename replay viewer part discriminators
2026-04-02 01:06:15 +02:00
Onur Solmaz
e75d471563
feat: add flow run title API ( #197 )
2026-03-29 12:17:36 +02:00
Onur Solmaz
aff31b3731
flow: broaden pr-triage refactor judgment ( #190 )
...
* flow: broaden pr-triage refactor judgment
* docs: add pr-triage tuning notes
* docs: add retroactive pr-triage tuning notes
* flow: tighten pr-triage cleanup judgment
* docs: clarify persistent flow session recovery
* fix: require persistent flow sessions to resume same ACP session
* fix: keep first persistent ACP turn on creating client
* docs: add pr-triage tuning follow-up note
2026-03-29 11:07:10 +02:00
Onur Solmaz
23faafd61c
Let ACP validation choose PR test plans ( #189 )
...
* flows: move pr validation planning back into ACP
* flows: split PR handoff lanes by outcome
2026-03-28 21:30:05 +01:00
Onur
09d53d3ae8
fix: stop hardcoding zsh in PR triage flow
2026-03-28 14:47:49 +01:00
Onur Solmaz
2475a3fd81
fix: validate maintenance PRs via standard repo checks ( #187 )
...
* fix: treat maintenance PRs as standard-checks validation
* refactor: keep pr-triage maintenance validation in the ACP lane
* test: compile pr-triage review helper for direct runs
2026-03-28 11:07:46 +01:00
Onur Solmaz
429b03071d
docs: specify explicit flow permission grants ( #186 )
...
* docs: specify explicit flow permission grants
* feat: enforce explicit flow permission grants
* docs: clarify codex review timing expectations
2026-03-28 10:04:04 +01:00
Onur Solmaz
9348242a1c
docs: specify the flow replay viewer ( #183 )
...
* docs: specify flow replay viewer semantics
* docs: tighten replay viewer presentation rules
* docs: remove redundant replay viewer chrome
* feat: tighten replay viewer flow inspection
* fix: keep empty ACP session pane full height
* fix: move replay transport into graph footer
* fix: tighten replay footer and empty session layout
* fix: stretch replay viewer to full viewport height
* fix: simplify ACP session conversation styling
* fix: widen replay viewer user bubbles
* fix: remove replay viewer session notes
* docs: specify continuous replay behavior
* feat: add continuous replay playback
* fix: remove replay viewer message outlines
* fix: simplify replay viewer chrome
* fix: tighten replay playback behavior
* feat: support replay viewer session switching
* fix: remove replay viewer session details
* fix: improve replay viewer terminal layout
* fix: stream only assistant turns in replay
* feat: add follow mode to replay viewer
* refactor: split replay viewer internals
* fix: normalize replay start behavior
* fix: stabilize replay viewer camera layout
* feat: use ELK for replay viewer layout
* fix: clamp replay scrubber at timeline end
* feat: add replay speed controls
* fix: keep replay controls centered
* fix: move replay camera controls into graph
* fix: remove duplicate replay speed control
* fix: reset replay sessions on non-acp steps
* fix: keep pr triage ci monitoring in one step
* feat: keep selected replay run in the URL
* feat: use path-based replay run URLs
* fix: tighten replay viewer controls
2026-03-28 01:40:07 +01:00
Onur Solmaz
4008683d51
feat: add flow trace replay bundles for flow runs ( #181 )
...
* docs: add flow trace replay spec
* docs: lock down flow trace replay details
* feat: add flow trace replay bundles
* fix: serialize bundled flow session events
* feat: add flow trace replay viewer example
* feat: add recent run picker to replay viewer
* feat: improve replay viewer navigation
* feat: tighten replay viewer layout and session rendering
* refactor: rename flow schema type fields
* fix: tighten replay viewer shell and session pane
* fix: simplify replay viewer sidebar
* fix: keep replay viewer run rows compact
* fix: harden pr triage json parsing
* fix: treat codex review output as plain text
* fix: separate replay position from run outcome
* fix: approve workflow runs from ci lane
2026-03-27 13:05:22 +01:00
Onur Solmaz
2383411828
docs: add conflict gates to PR triage flow ( #180 )
...
* docs: add conflict gates to pr triage flow
* docs: simplify conflict gate flowchart
* docs: refine pr triage human escalation lanes
* docs: tighten pr triage flowchart layout
* docs: simplify late conflict loop in pr triage flow
* docs: remove duplicate ci node from pr triage flow
* docs: separate late conflict branch labels
* docs: fold ci failure routing into check ci
* docs: pick cleaner pr triage flowchart layout
* docs: restore preferred pr triage flowchart layout
* docs: restore exact chosen flowchart variant
* docs: match selected pr triage variant
* docs: color pr triage terminal states
* docs: color human-judgment handoff yellow
* feat: add conflict gates to pr triage flow
* feat: refine pr triage conflict judgment
2026-03-26 20:11:19 +01:00
Onur Solmaz
697ee1f2a6
feat: add experimental acpx flows runtime and examples ( #179 )
...
* docs: add acpx flows implementation plan
* docs: simplify acpx flows session model
* docs: place flow examples under workflows dir
* feat: add experimental flow runner
* refactor: remove repo-specific flow examples
* docs: add generic flow examples
* fix: unwrap external flow module exports
* feat: add native flow action execution
* refactor: split flow runtime concerns
* feat: harden flow runtime workspaces and step bounds
* docs: clarify flow JSON simplicity rules
* Unify flows architecture docs
* Tighten flow validation and queue-owner args
* test: cover flows and queue runtime
* refactor: split flows queue and cli modules
* docs: add pr triage flow example
* docs: tighten flow documentation
* feat: route flow node timeouts as outcomes
* fix: tighten flow timeouts and cwd handling
* fix: harden flow timeout handling
* fix: support external flow imports
* chore: raise pr triage review timeout
2026-03-26 17:11:48 +01:00
