Preserve the split lifecycle observability and UI truth model while retaining the latest sessions-redone PR transition handling and dependency updates.
Implement the Stage 5 rollout so API and UI consumers stop depending on one overloaded status and operators can see structured transition evidence without breaking older session metadata.
* fix Next.js build warnings, pin flatted override, regenerate lockfile
* fix ignoreDuringBuilds, add ao-core to serverExternalPackages, clean dist-server in prebuild
* fix ESLint plugin detection, remove ao-core from transpilePackages, suppress plugin-registry webpack warning
* fix(web): restore ao-core to transpilePackages, document overrides, fix dev:optimized cleanup
Move @aoagents/ao-core back to transpilePackages only. dist/ is gitignored so fresh
checkout has no dist/index.js; serverExternalPackages causes a hard crash at runtime.
Client components (SessionDetail, ProjectSidebar, sessions/[id]/page) also import
@aoagents/ao-core/types which serverExternalPackages does not cover.
Keep @composio/core in serverExternalPackages only with comment explaining it is an
optional transitive dep via tracker-linear dynamic import.
Add _overrides_rationale to document axios (SSRF CVE-2023-45857) and flatted
(prototype-pollution) security pins in root package.json.
Fix dev:optimized to clean both .next and dist-server, matching what prebuild does.
* fix: webpackIgnore dynamic imports in plugin-registry fixes#1056
* fix: move Next.js ESLint config to packages/web for build-time detection fixes#1058
* fix: remove scope creep and phantom agent-soma from lockfile
- remove agent-soma importer block from pnpm-lock.yaml
- remove @composio/core from serverExternalPackages
- remove redundant exprContextCritical webpack override
- remove flatted override and _overrides_rationale
- align @next/eslint-plugin-next to ^15.5.15
* fix: replace rm -rf with rimraf for cross-platform compatibility
* fix: use rimraf in clean script and sort devDependencies
* fix: add postcss.config.mjs to web ESLint ignores
* fix: restore no-console exemption for web package in root ESLint config
Address Copilot review feedback on PR #117:
- lifecycle-manager: replace string-matching guards (`metadata["role"]`,
`session.id.endsWith("-orchestrator")`) with the authoritative
`lifecycle.session.kind !== "orchestrator"` check. The previous guard
missed numbered orchestrator IDs like `${prefix}-orchestrator-1`, which
could let a fresh agent report incorrectly override an orchestrator
session's status.
- orchestrator-prompt: reword the "Explicit Agent Reports" section to stop
promising automatic surfacing in status/dashboard. CLI/UI display work
is not part of this PR; the prompt now describes reports as a hint to
lifecycle inference and explicitly notes SCM/runtime truth still wins.
Co-Authored-By: Claude <noreply@anthropic.com>
Address Copilot review feedback on PR #117:
- Drop the `done` alias from `INPUT_ALIASES`. Agents cannot self-report the
terminal `done` state (AO owns that transition via SCM ground truth), so
silently aliasing `done` → `completed` contradicted the prompts and
weakened the reserved-transition boundary.
- Tighten `validateAgentReportTransition` to reject ALL reports when
`session.state === "done"`. Previously `completed` slipped through, but
`completed` maps to `idle` and would have re-opened a terminal session,
contradicting the function's own doc comment.
- Reject future timestamps in `isAgentReportFresh`. A skewed/future
`agentReportedAt` would otherwise yield a negative delta that satisfies
`<= windowMs`, making the report appear "fresh" indefinitely and
overriding stronger inference signals.
Tests updated:
- Replace done→completed alias assertion with explicit null expectation.
- Expand `done`-state rejection test to cover `completed` and `needs_input`.
- Add freshness test for future-dated timestamps.
Co-Authored-By: Claude <noreply@anthropic.com>
Introduce an explicit reporting channel so worker agents can self-declare
their workflow phase (started/working/waiting/needs-input/fixing-ci/
addressing-reviews/completed). Fresh reports are trusted over weak inference
but runtime death, activity-based waiting_input, and SCM ground truth still
take precedence.
- Add `applyAgentReport`, validator, canonical mapping, and freshness helper
in `packages/core/src/agent-report.ts`.
- Wire the fallback into `determineStatus` just before the idle-beyond-
threshold promotion, skipping orchestrator and terminal sessions.
- Add `ao acknowledge` and `ao report <state>` CLI commands. Both resolve
the session from `AO_SESSION_ID` when no argument is passed.
- Teach the base agent prompt and orchestrator prompt about the new
reporting commands.
- Ship unit tests covering normalization, mapping, transition validation,
metadata persistence, freshness, and first-start behavior.
Stage 3 of the state-machine redesign (see aa-2/state-machine-redesign-
rollout-plan.md).
- New repo-utils.ts with extractOwnerRepo() and isValidRepoString()
shared across detectEnvironment, autoCreateConfig, addProjectToConfig
- Remote regex now supports GitLab subgroup paths (group/subgroup/repo)
- Repo validation accepts multi-segment paths (owner/repo and deeper)
- Updated prompt text to mention group/subgroup/repo format
- Updated ProjectConfig.repo docstring to be provider-neutral
- Tests import from shared helpers instead of duplicating regex
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- detect-env: test GitHub/GitLab HTTPS/SSH remote extraction, unknown
hosts returning null, missing remote, and non-git directories
- repo-validation: test the anchored regex accepts owner/repo, rejects
empty, lone slash, missing segments, whitespace, and nested paths
- config-validation: test SCM/tracker inference skipped when repo is
missing or has no slash, and inferred correctly with owner/repo
- scm-webhooks: test eventMatchesProject returns false when project
has no repo configured
- orchestrator-prompt: existing test covers repo:undefined → "not configured"
- prompt-builder: existing test covers BASE_AGENT_PROMPT_NO_REPO selection
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
1. Fix ao start <path> regression: when target path differs from cwd,
run autoCreateConfig on the target (which is a git repo) instead of
cwd (which may not be). Removes the double-create pattern that added
a second project entry.
2. Gate remaining PR/CI sections in orchestrator-prompt: PR Takeover,
PR Review Flow, Bulk Issue Processing, and Monitoring Progress
details are now wrapped in project.repo checks so repo-less projects
don't get contradictory instructions.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Address review feedback from @illegalcall:
1. Fix canProbeRuntimeIdentity in determineStatus() — the previous
guard (hasPersistedRuntimeIdentity || status !== spawning) was
ineffective because spawn writes runtimeHandle to metadata before
leaving "spawning" status. Simplified to just check status !== spawning.
2. Guard getActivityState exited→killed transition — agent plugins
return "exited" before the process starts, so spawning sessions
were being marked killed via the agent activity path too.
3. Add lifecycle-manager tests covering both paths: runtime.isAlive
false with persisted handle, and agent reporting "exited" activity
during spawning.
Refs #1035
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
1. prompt-builder: gate PR/CI instructions on project.repo — use
trimmed BASE_AGENT_PROMPT_NO_REPO when no remote configured
2. orchestrator-prompt: gate Quick Start and Available Commands
sections on project.repo — omit issue/PR commands when absent
3. types.ts: add changeset (minor for ao-core) with migration note
4. config.ts: consistent includes("/") guard for tracker inference
5. start.ts: fail fast with clear error when run in non-git directory
6. start.ts: stricter repo validation regex (requires non-empty
segments on both sides of slash)
7. start.ts: addProjectToConfig now prompts for repo like
autoCreateConfig does, with matching warning message
8. scm-webhooks.ts: pre-filter projects without repo in
findWebhookProjects to skip unnecessary SCM plugin lookups
9. lifecycle-manager.ts: fix GitLab subgroup split — use lastIndexOf
to correctly handle group/subgroup/repo paths
Closes#1154
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add test for orchestrator-prompt with repo: undefined (verifies
"not configured" fallback instead of showing literal "undefined")
- Add c8 ignore for interactive prompt code in autoCreateConfig and
promptText (same pattern as existing promptConfirm/promptSelect)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Skip inferring tracker plugin when project.repo is undefined, matching
the existing SCM inference guard. Without this, tracker operations would
throw via requireRepo() for projects with no remote configured.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Make `repo` field optional in ProjectConfig and Zod schema so projects
without a detected GitHub remote can still load and run
- Remove placeholder `repo: "owner/repo"` from autoCreateConfig() and
addProjectToConfig() — omit the field entirely when no remote is found
- Always use actual workingDir for `path` instead of unreliable `~/<projectId>`
fallback for non-git directories
- Add null guards for `project.repo` across SCM plugins, tracker plugins,
lifecycle manager, webhooks, and prompt builders to prevent crashes when
repo is not configured
Closes#1154
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Real Codex sessions emit records like
`{"type":"event_msg","payload":{"type":"error",...}}` and
`{"type":"event_msg","payload":{"type":"approval_request",...}}`.
readLastJsonlEntry only exposed the top-level `type`, so the codex
plugin's activity switch matched `event_msg` and decayed to ready/idle,
never surfacing `blocked` or `waiting_input`. The approval_request/error
branches were dead code for payload-wrapped sessions, which is the exact
format this PR series is migrating to.
- readLastJsonlEntry now returns payloadType alongside lastType.
- Codex getActivityState prefers payloadType when present and classifies
task_started/agent_reasoning as active, task_complete as ready, and
the approval/error variants as waiting_input/blocked.
- New tests cover the payload-wrapped approval_request, exec_approval_request,
error, task_started, and task_complete cases end-to-end.
- Core utils gains coverage for payloadType extraction and null fallbacks.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>