PR & Issue Triage Report (2026-03-22): 100+ open PRs, ~100 open issues

[ilblackdragon]

PR & Issue Triage Report — 2026-03-22

Supersedes #558.

---

Progress Since Last Triage (2026-03-20 → 2026-03-22)

Velocity

PRs merged (non-promotion): 30 in ~2 days
Issues closed:              ~75 in ~2 days
New PRs opened:             68
New issues opened:          ~35

Key Merges

• All 3 "Ready to Merge" from last triage were merged (fix(routines): surface errors when sandbox unavailable for full_job routines #769, feat(agent): activate stuck_threshold for time-based stuck job detection #1234, feat(web): add light theme with dark/light/system toggle #853)
• All 5 "Needs Review (Fixes)" merged (fix: prefer execution-local message routing metadata #1449, fix(setup): remove redundant LLM config and API keys from bootstrap .env #1448, fix: parameter coercion and validation for oneOf/anyOf/allOf schemas #1397, fix: restore libSQL vector search with dynamic dimensions #1393, fix: register sandbox jobs in ContextManager for query tool visibility #1426)
• 4 architectural PRs merged (feat: chat onboarding and routine advisor #927 chat onboarding, feat(ux): complete UX overhaul — design system, onboarding, web polish #1277 UX overhaul, feat(gemini_oauth): full Gemini CLI OAuth integration with Cloud Code API #1356 Gemini OAuth, feat(workspace): layered memory with sensitivity-based privacy redirect #1112 layered memory)
• CRITICAL [CRITICAL] OAuth flow registration and lookup key mismatch #1441 (OAuth key mismatch) fixed and closed
• 9 "Changes Requested" PRs unblocked and merged (fix(security): validate embedding base URLs to prevent SSRF #1221, fix(safety): escape tool output XML content and remove misleading sanitized attr #1067, perf(safety): single-pass escape_xml_attr #1028, feat(cli): add ironclaw hooks list subcommand #1023, fix: add musl targets for Linux installer fallback #1013, perf(agent): avoid preview allocations for non-truncated strings (fix #894) #924, feat(extensions): support text setup fields in web configure modal #496, feat(webhooks): add public webhook trigger endpoint for routines #736, fix(safety): escape tool output XML content and remove misleading sanitized attr #1067)
• New providers landed: GitHub Copilot (feat(llm): add GitHub Copilot as LLM provider #1512), OpenAI Codex (feat(llm): Add OpenAI Codex (ChatGPT subscription) as LLM provider #1461), Gemini OAuth (feat(gemini_oauth): full Gemini CLI OAuth integration with Cloud Code API #1356)
• v0.21.0 released (chore: release v0.21.0 #1472)

Issues Resolved

• [CRITICAL] OAuth flow registration and lookup key mismatch #1441 [CRITICAL] OAuth flow key mismatch → fixed by fix(oauth): reject malformed ic2.* states in decode_hosted_oauth_state (#1441) #1454
• Flaky OAuth wildcard callback tests race on OAUTH_CALLBACK_HOST in CI #1280 [P1] Flaky OAuth CI tests → fixed by fix(ci): serialize env-mutating OAuth wildcard tests with ENV_MUTEX #1468
• fix: Bedrock backend fails startup validation due to missing provider check #1009, Installer fails on Linux with glibc < 2.35 — no musl/static fallback #1008 Bedrock + Linux installer → fixed by fix: skip credential validation for Bedrock backend #1011, fix: add musl targets for Linux installer fallback #1013
• Feature Request: Light Theme for Web Gateway #761 Light theme, feat: Add OpenAI Codex (ChatGPT subscription) as LLM provider #742 OpenAI Codex, Routines: execution fails silently when sandbox/Docker unavailable #697 Routine failures, libSQL backend gaps: add secrets store and complete vector search integration #655 libSQL gaps, Add channel credential validation during setup and expose routine webhook trigger endpoint #651 Webhook trigger, feat: debounce rapid inbound messages into a single agent turn #259 Message debounce, Add command risk levels (Low/Medium/High) to shell tool for graduated approval #172 Command risk levels — all fulfilled
• ~50 staging-ci-review issues batch-closed

---

Current State: Quick Stats

Open PRs: 100+ (hitting gh limit) | Staging promotions: 23 | Draft: 1
Needs human review: ~35 | Changes requested: ~12 | Ready to merge: 2
Open issues: ~100 | Critical: 2 | P1: 7 | Bugs: ~35 | Enhancements: ~50

---

🔴 Action Required

1. Merge Now (APPROVED, CI passing)

PR	Title	Author
#1259	fix: ensure LLM calls always end with user message	Jacob-Lasky
#1242	fix: generate Mistral-compatible 9-char tool call IDs	noverby

2. Review Urgently — Security Fixes

PR	Title	Fixes Issue
#1543	fix(agent): eliminate TOCTOU race in approval thread	#1486 [CRITICAL]
#1564	fix(wasm): fall back to default scope for secret injection	#1537
#1546	fix(security): redact credentials from URL validation errors	—
#1534	security(webhooks): add HMAC verification	#1507

3. Decide — Competing Implementations

• Slack Socket Mode: feat: add Slack Socket Mode support for NAT-friendly connectivity and Attachment support for Slack (#1155) #1547 (justinfiore, +2890) vs feat: Slack Socket Mode for NAT-friendly connectivity #1549 (KonstantinMirin, +1991). Both address Support "Socket Mode" for Slack channel #1155. Pick one, close the other.

4. Close Superseded PRs

PR	Reason
#1405	Slack thread replies — superseded by #1540
#1107	SSRF validation — #1221 merged instead
#1206	CI panic-check — stale 7 days, OBE
Loser of #1547/#1549	Competing Slack Socket Mode

---

🟡 Needs Human Review — Bug Fixes (12 PRs)

Small, mostly from G7CNF addressing filed issues:

PR	Title	Size
#1565	fix(gemini): preserve thought signatures	XS
#1571	fix(mcp): camelCase tool annotations	XS
#1530	fix: Completed/Submitted in is_terminal()	XS
#1529	fix(gmail): Content-Length for POST w/no body	XS
#1528	fix(telegram): retry sendMessage on timeout	S
#1535	fix(webhook): default loopback bind on windows	XS
#1536	fix(telegram): auto-generate webhook secret	XS
#1541	fix(web): open Google auth in new tab	XS
#1540	fix(slack): remember thread participation	S
#1544	fix(agent): surface errors on missing approval thread	M
#1545	perf(agent): parse UUID once in hot path	S
#1377	fix(wasm): leak scan on pre-injection headers	XS

🟡 Needs Human Review — Features (17 PRs)

PR	Title	Size	Module
#1567	docs(feishu): clarify webhook-only support	XS	Docs
#1563	docs: add gitcgr code graph badge	XS	Docs
#1491	feat(web): expose cheap_model in settings UI	XS	Web
#1401	feat(config): conflict detection warnings	S	Config
#1533	feat(cli/logs): add --grep support	S	CLI
#1532	fix(auth): Google tool status scope-aware	S	Extensions
#1562	feat(llm): promote decorator config to LlmConfig	M	LLM
#1542	feat(shell): inject credential env vars	M	Tools
#1527	feat(workspace): document metadata helpers	M	Workspace
#1526	feat(agent): auto-approve whitelisted domains	M	Agent
#1568	feat: AWS Bedrock embeddings	M	Workspace
#1572	feat(cli): credential auth status in tool info	S	CLI
#1446	feat: Aliyun Coding Plan support	XL	LLM
#1569	feat: GWS MCP bridge extension	XL	Extensions
#1566	feat(workspace): tiered context summaries	XL	Workspace
#1238	feat(web): i18n framework + zh-TW	XL	Web
#1511	feat(embeddings): Gemini embedding provider	XL	Workspace

🟠 Needs Deep Architectural Review (6 PRs)

PR	Title	Size	Key Risk
#1557	v2 engine: Thread-Capability-CodeAct (DRAFT)	+8700	New architecture
#1437	Streamable HTTP MCP transport + session mgr	+4129	Grew from +40 since last triage
#1505/#1498/#1490	Import conversation history (3-PR chain)	+10k total	DB schema, dual-backend
#1463	OIDC JWT auth for reverse-proxy	+1020	Security-critical auth layer
#1513	Per-tool reasoning through all surfaces	+623	Cross-cutting agent change
#1187	Adaptive learning system	+5321	New modules, DB migrations

🔵 Changes Requested — Waiting on Author (11 PRs)

PR	Title	Days since CR
#1406	ANP identity foundation	2
#1378	Per-channel MCP/tool filtering	1
#1358	Rate limit cascade test fixture	4
#1300	Universal user whitelist	4
#1298	Omnisearch command palette UI	4
#1243	Per-job MCP filtering	0
#1208	Allow image-only messages	7
#1206	CI panic-check bypass	7
#1201	Reuse HTTP client in tunnel	5
#1198	Workspace snapshot/hydration	6
#1187	Adaptive learning system	1

---

Critical / Blocking Issues

#	Title	Risk	Has PR?
#1486	[CRITICAL] TOCTOU race in approval thread	HIGH	#1543
#1485	[CRITICAL] Cross-channel approval hijacking	HIGH	#1495

High Priority Issues

#	Title	Has PR?
#1487	Incomplete fallback for missing approval threads	#1544
#1537	WASM credential injection fails on TEE	#1564
#1510	Gemini thought_signature missing	#1565
#1249	Telegram business logic bloats ExtensionManager	No
#1248	Hardcoded channel-specific logic	No
#1303	WASM tools expose permissive {} schemas	#1352

Issues With PRs Ready (19 pairs)

Issue	PR	Status
#1486	#1543	Needs review
#1485	#1495	Commented
#1487	#1544	Commented
#1489	#1497	Commented
#1488	#1545	Needs review
#1537	#1564	Needs review
#1510	#1565	Needs review
#1507	#1534	Needs review
#1404	#1540	Needs review
#1386	#1536	Needs review
#1403	#1535	Needs review
#1502	#1541	Needs review
#1500	#1532	Commented
#1241	#1242	APPROVED
#1465	#1542	Needs review
#1518	#1526	Needs review
#1519	#1523	Needs review
#1473	#1566	Needs review
#1501	#1568	Needs review

New Issues Needing Attention

#	Title	Priority
#1538	[Security] Microsoft Defender Flagging	Investigate
#1554	Promote decorator chain settings	Enhancement
#1476	Structured daily session digests	P1
#1474	Auto-extract structured memories	P1
#1504	Workspace as skill storage source of truth	P2
#1494	Add email/password signup option	Enhancement
#1458	Persistent sandbox for generic actions	Enhancement

Module Heatmap

Module	Open PRs	Key PR
Agent Core	~15	#1543 (TOCTOU fix)
LLM	~8	#1565 (Gemini sigs)
Tools (MCP)	3	#1437 (Streamable HTTP)
Tools (general)	~6	#1542 (credential env)
Channels (WASM)	~8	#1564 (secret fallback)
Web Gateway	~8	#1534 (HMAC security)
Workspace	~6	#1566 (tiered summaries)
Security	~5	#1546 (redaction)
Config & Setup	~5	#1401 (conflict detect)
CLI	~3	#1533 (logs --grep)
Staging Promotions	23	Automated

---

Generated by triage automation. Previous report: #558.