Conversation
Reference: core/api/LICENCE. Co-Authored-By: Cladius Maximus <cladius@lethean.io>
…block) - git submodule update on external/* to current dev tips - go.work paths fixed for Phase 1 /go/ subtree layout where stale - go.work go-version bumped 1.26.0 → 1.26.2 to match submodule floor Workspace-mode build (`go build ./...`) is the verification path. Some repos may surface transitive dep issues (api/go.sum checksum drift, etc.) which are separate cascade tickets — not blocking this metadata refresh. Co-Authored-By: Cladius Maximus <cladius@lethean.io>
…-artifacts) Removes from git index: node_modules.bak/, .lintdeps/, .scannerwork/, .DS_Store, dist/, etc. — regenerable build/scan outputs that should never be tracked. Updates .gitignore with the canonical pattern set. Audit dimension `tracked-artifacts` (core/go commit 62aac07) flagged 2 entries. Same root-cause class as Mantis #1333 (gui ui/node_modules.bak/) — applying the structural fix ecosystem-wide. Co-Authored-By: Cladius Maximus <cladius@lethean.io>
…ry (Mantis #1336) mcp already had Register + OnStartup + OnShutdown + HandleIPCEvents in register.go — canonical lifecycle was complete. Two changes: 1. Renamed register.go → service.go for canon-form alignment with the rest of the ecosystem (go-store, go-io, go-log, go-process, etc.). 2. Added NewService(Options) factory alongside the existing Register. Register stays the discovery-based path (collects subsystems from already-registered services); NewService is the explicit-options path for callers that own construction order. Behaviour unchanged. Both shapes available per Snider 2026-05-01.
audit: 12 -> 0 / verdict COMPLIANT. Includes HandleIPCEvents method coverage in addition to NewService / Register / OnStartup / OnShutdown. Co-Authored-By: Cladius <noreply@anthropic.com>
service_example_test.go and register_example_test.go both declared ExampleRegister, ExampleService_OnStartup, ExampleService_OnShutdown and ExampleService_HandleIPCEvents — a redeclaration that fails the package test binary compile on dev. Keep the complete versions (with Output assertions) in register_example_test.go; reduce service_example_test.go to its unique ExampleNewService. Pre-existing breakage, unblocks the S1 served-auth test suite. Co-authored-by: Hephaestus <hephaestus@lthn.ai> Co-Authored-By: Virgil <virgil@lethean.io>
RFC.serve.md S1 / Mantis #1807. Security-critical substrate fixes to the served MCP transports that every consumer inherits. Fail-closed served HTTP+SSE auth (S1.1): ServeHTTP refuses to bind a listener unless MCP_AUTH_TOKEN is set. The empty-token open-listener mode (and the 0.0.0.0 no-auth doc example) is removed — the served transport never serves unauthenticated. Per-request Authorization is enforced once the fail-open branch is gone (S1.2). The stdio path keeps its permissive single-client default. Distinct MCP_JWT_SECRET, no API-token fallback (S1.3): currentAuthConfig no longer falls back to the API token as the HMAC signing key. Conflating the bearer credential with the signing key let any token-holder self-mint tool:* claims; now a forged JWT signed with the API token is rejected. ServeHTTP refuses to bind without a distinct MCP_JWT_SECRET. ServeUnix socket hardening (S1 substrate bug): MkdirAll(dir,0700) + Chmod(socket,0600) before first Accept, plus a per-connection peer-cred owner check (LOCAL_PEERCRED on darwin, SO_PEERCRED on linux, permissive fallback elsewhere). Docstring steers auth-needing callers to HTTP+SSE since raw TCP/Unix cannot carry per-request auth. Per-session scoping (S1.4): canRunTool / canAccessWorkspaceFromInput are the enforced per-call scope. Fixed a latent fail-open where map[string]any inputs (the common tool-call shape) reported reflect.Interface and skipped workspace extraction — now unwrapped so workspace scope is enforced. Good/Bad/Ugly tests added for every auth path: fail-closed-when-no-secret, no-self-mint, distinct-secret round-trip, API-token direct match, socket perms 0600, peer-cred reject, entitlement + workspace scoping. go build ./... and go test ./... green (workspace + GOWORK=off module mode). Co-authored-by: Hephaestus <hephaestus@lthn.ai> Co-Authored-By: Virgil <virgil@lethean.io>
… (RFC.serve.md S1, Mantis #1807)
…8 pins external/go (v0.8 -> v0.10.3), external/io (v0.8 -> v0.11.0), external/log (v0.8 -> v0.10.0). The v0.8-era core/go family carried the same empty-error rendering hazard fixed in core/api; bring core/mcp's S1 substrate onto the current line. go.mod dappco.re/go -> v0.10.3. All packages green under go.work. Co-Authored-By: Virgil <virgil@lethean.io>
…trips Adds Good/Bad/Ugly coverage for the agentic subsystem's file-backed and pure-helper surfaces that were previously at 0%: - plan create/read/update/delete/list lifecycle + checkpoint validation, validPlanStatus, generatePlanID slug/cap behaviour - parsePositiveInt, itoa, parseRetryAfter, repoRootFromCodePath, shellQuote, shellJoin, baseAgent, parseSimpleInt, countFindingHints, sanitizeFilename, trimDashes, listLocalRepos, buildPRBody - loadAgentsConfig (default + YAML), delayForAgent, listWorkspaceDirs, countRunningByAgent, canDispatchAgent, readStatus round-trip + malformed Package coverage 22.8% -> 34.1%. Additive tests only; no production change. Co-Authored-By: Virgil <virgil@lethean.io>
Adds Good/Bad/Ugly coverage for previously-0% pkg/mcp surfaces: - metricsRecord/metricsQuery handlers, recordMetricEvent, readMetricEvents, summarizeMetricEvents, convertMetricCounts (in-memory event store) - createDirectory/deleteFile/renameFile/fileExists/editDiff workspace-medium handlers (single + replace-all + not-found + empty-old-string paths) - detectLanguage handler + getSupportedLanguages, countOccurrences, replaceFirst pure helpers Package coverage 61.8% -> 65.5%. Additive tests only; no production change. Co-Authored-By: Virgil <virgil@lethean.io>
Adds Good/Bad/Ugly coverage for previously-0% pkg/mcp helper surfaces: - mapFromAny (nil/map/RawMessage/string/struct + non-JSON _raw fallback), parseArgumentString, indexByte, indexAny, trimBytes, extractTextFromAny, normaliseAnthropicTools, normaliseOpenAITools (function + custom envelope) - claimsFromContext (present/absent/nil-ctx), withAuthClaims nil-ctx no-panic, authClaimsFromToolRequest (token-disabled / context-claims / direct-call), inputWorkspaceFromValue over struct/ptr/map/no-match (reflection guard) Package coverage 65.5% -> 69.0%. Additive tests only; no production change. Co-Authored-By: Virgil <virgil@lethean.io>
Adds Good/Bad/Ugly coverage for previously-thin brain surfaces: - provider remember/recall/forget/list gin handlers across the three response branches: 503 nil-bridge, 400 malformed-JSON, 500 bridge-not-connected - Subsystem brainForget/brainList over nil-bridge, over-length-org validation, and disconnected-bridge send failure; validateListInput Good/Bad Package coverage 61.6% -> 82.6%. Additive tests only; no production change. Co-Authored-By: Virgil <virgil@lethean.io>
Adds Good/Bad/Ugly coverage for previously-0%/low ide surfaces: - buildInfosFromData, buildLogsFromData ([]any/[]string/output variants), buildLinesFromData, sessionsFromData, sessionFromData, chatHistoryFromData (sessionId/session_id fallbacks), chatMessageFromData, stringFromAny — all exercising malformed/wrong-shape inputs - listBuilds repo filter + limit + most-recent ordering, appendBuildLog + buildLogTail full/bounded/oversize/missing Package coverage 72.2% -> 89.5%. Additive tests only; no production change. Co-Authored-By: Virgil <virgil@lethean.io>
Adds Good/Bad/Ugly coverage for: - writePromptTemplate across conventions/security/coding templates + the default unknown-template fallback (verifies PROMPT.md content per branch) - writeAtomic parent-dir creation, overwrite, and the file-as-directory collision error path Additive tests only; no production change. Co-Authored-By: Virgil <virgil@lethean.io>
…ify helpers Replaces type-identity-only coverage with behavioural tests: - NewService factory builds a Service with a wired ServiceRuntime + Core - OnStartup registers the mcp and serve commands on the Core; nil-runtime OnStartup is a safe no-op - debugNotify nil-receiver/logger-less safety + with-logger path, coreNotifyError message round-trip, snapshotSessions nil-server guard Additive tests only; no production change. Co-Authored-By: Virgil <virgil@lethean.io>
…r zero
A raw Config{} (callers building it inline, e.g. the agent hub) left
ReconnectInterval at 0, and connectLoop's backoff min(delay*2, max) stayed
pinned at 0 → a tight reconnect flood instead of 2s→30s. Apply WithDefaults in
NewBridge so every bridge has sane intervals regardless of caller.
Co-Authored-By: Virgil <virgil@lethean.io>
Advance external/go workspace submodule to v0.10.4 so dev (GOWORK on) and standalone (GOWORK=off) builds resolve the same core/go. Co-Authored-By: Virgil <virgil@lethean.io>
Co-Authored-By: Virgil <virgil@lethean.io>
Co-Authored-By: Virgil <virgil@lethean.io>
|
Warning Review limit reached
Next review available in: 50 minutes Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available. How can I continue?After more reviews become available, a review can be triggered using the To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews. How do review limits work?CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability. For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window. Please refer docs for additional details. Review details⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: ⛔ Files ignored due to path filters (3)
📒 Files selected for processing (39)
Warning Billing warning: we have not been able to collect payment for this subscription for more than 72 hours. Please update the payment method or pay any pending invoices in Billing to avoid service interruption. Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
|



This pull request introduces several important updates to the repository, primarily focused on licensing, dependency management, and documentation cleanup. The key highlights are the addition of the EUPL v1.2 license, updates to the way external dependencies are referenced, and the removal of obsolete documentation and configuration files.
Licensing:
LICENCEfile, formally specifying the open-source license terms for the project.Dependency management:
go.workto point to their respectivegosubdirectories (e.g.,./external/io/goinstead of./external/io), reflecting a new structure for Go module management.external/go,external/io,external/log,external/process,external/rag, andexternal/wsto track the latest versions. [1] [2] [3] [4] [5] [6]Documentation and configuration cleanup:
.scannerwork/report-task.txtfile, which contained SonarQube project analysis metadata, likely as part of decommissioning or migrating the code quality system.EXCEPTIONS.md, cleaning up documentation related to previously unfixable Codex review items that are now either obsolete or addressed elsewhere.