chore: sync public OSS from private main (2026-04-03)#15
Merged
Conversation
Syncs engine and TUI updates from private main: - Step 13 refactor (streaming bridge, retry policy, request builder, compaction extraction) - Detached headless stabilization - Skill lifecycle release fixes (sign command, semantics, docs, e2e verification) - Chat attachments support - Tool error surfacing + loop hardening - Personal identifiers scrubbed from all test fixtures - Proprietary docs excluded - Tightened promotion guard allowlist
abbudjoe
added a commit
that referenced
this pull request
Apr 8, 2026
Critical fixes: - Replace unwrap() with expect() in create_user_input() helper (issue #1) - Add comprehensive documentation that WASM tests verify infrastructure only, not execution (issue #2) - Add TODO comments referencing PR #179 for real WASM runtime (issue #2) - Add timeout and multi_thread flavor to concurrent audit test to prevent deadlocks (issue #3) - Fix tautological assertions in edge case tests - now verify specific behavior (issue #4) High priority fixes: - Extend MockLlmProvider with 4 error types: ServiceUnavailable, RateLimitExceeded, Timeout, MalformedResponse (issue #5) - Add comprehensive doc comments to MockLlmProvider explaining matching strategy and thread-safety (issue #12) - Strengthen prompt injection test to require IntentCategory::Conversation (issue #6) - Add test_audit_hash_chain_tampering_detection test (issue #7) - Add test_skill_network_capability_denied test for runtime capability enforcement (issue #8) Medium priority fixes: - Extract all magic number encryption keys to named constants (issue #9) - Add comment in Cargo.toml explaining intentional E2E test dependencies (issue #10) - Make retry backoff timing test more robust with 80ms threshold instead of 100ms (issue #11) Low priority improvements: - Rename test_policy_allow_with_confirmation → test_policy_requires_confirmation_for_destructive_actions (issue #13) - Add task IDs to concurrent audit test events for better debugging (issue #14) - Remove unused test_storage_round_trip helper (was addressing issue #15 but simplified instead) All tests pass (28/28), clippy clean with -D warnings, formatted with rustfmt.
abbudjoe
added a commit
that referenced
this pull request
Apr 8, 2026
- Add 'Current Implementation Baseline' snapshot documenting what exists vs what is planned (Epics 1-8 complete, stubs identified, security gaps) - Add Phase 0.5: Hardening between Foundation and Phase 1 - Mandatory signature enforcement (--strict mode) - Time context in policy evaluation - Fail-closed audit verification - Remove panic-based Default impls - Config schema consolidation - Add Decision #15 to decision log - Issues: #184, #185, #186, #187, #188
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Syncs engine and TUI updates from private main.
Highlights
Public repo hygiene