Fix auto-release build order and config value flows#66
Merged
Conversation
Build dist before the auto-release pm-changelog pipeline so scheduled release generation can resolve dist/cli.js. Add pm config set <key> <value> routing for formats, criteria, and policies across CLI, SDK contracts, and MCP pm_run while shortening invalid-key guidance for agent loops. Fold current GitHub Nightly Windows failures into the same reliability slice by using npm.cmd for packed-package tests, normalizing generated loader comparisons, avoiding executable release-pipeline imports, and importing the secret scanner from a plain library module. Verification: full release gate passed with 117 files / 1761 tests / 100% coverage; pm-changelog 2026.5.24-15 check left CHANGELOG.md unchanged; manual temp-project config smoke, semantic dogfood, pm health, pm validate, and secret scan passed.
![sourcery-ai[bot]](https://avatars.githubusercontent.com/in/48477?s=60&v=4){kind=small}
|
Warning Review limit reached
Your plan includes 1 review of capacity. Refill in 40 minutes and 39 seconds. Your organization has run out of usage credits. Purchase more in the billing tab. ⌛ How to resolve this issue?After more review capacity refills, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than trial, open-source, and free plans. In all cases, review capacity refills continuously over time. Please see our FAQ for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: Repository UI (base), Organization UI (inherited) Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (6)
📝 WalkthroughWalkthroughThis PR adds optional positional-value support to ChangesConfig Positional Value + Windows Compatibility + Release Fixes
Sequence DiagramsequenceDiagram
participant User as User/CLI
participant Register as pm config (register-setup)
participant Router as resolveConfigPositionalValue
participant Command as runConfig
participant MCP as MCP Server
User->>Register: config set telemetry-tracking off
Register->>Register: resolve positional value
Register->>Router: resolveConfigPositionalValue("telemetry-tracking", "off")
Router-->>Register: {routable: true, flag: "policy", value: "disabled"}
Register->>Command: runConfig(..., valueValue: "off")
Command->>Command: applyPositionalValue(policy flag routing)
Command-->>User: {changed: true, policy: "disabled"}
User->>MCP: pm_run action=config, configAction=set, ...
MCP->>Command: runConfig with value from args
Command->>Router: resolve and route positional value
Router-->>Command: routed result
Command-->>MCP: config result
MCP-->>User: structured response
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~25 minutes Possibly related PRs
🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request implements a positional value form for pm config set, enabling automatic routing of values to the correct typed flags and mapping boolean synonyms. It also resolves a critical failure in the Auto Release workflow by ensuring the build step runs before the release pipeline and improves Windows test reliability through CRLF-tolerant checks and library-based script imports. Review feedback identifies a performance bottleneck in the secret scanner's line-number resolution, points out redundant imports in the scanner script, and suggests centralizing configuration metadata to eliminate duplication between the CLI and core logic.
Comment on lines
+41
to
+49
| function lineNumberFromIndex(content, index) { | ||
| let line = 1; | ||
| for (let i = 0; i < index; i += 1) { | ||
| if (content.charCodeAt(i) === 10) { | ||
| line += 1; | ||
| } | ||
| } | ||
| return line; | ||
| } |
There was a problem hiding this comment.
The lineNumberFromIndex function is called for every match found by every rule. Since matchAll returns matches in order, re-scanning the entire content from the beginning for each match is inefficient (
Comment on lines
+7
to
+8
| export { RULES, scanContent } from "./check-secrets-lib.mjs"; | ||
| import { scanContent } from "./check-secrets-lib.mjs"; |
There was a problem hiding this comment.
This script now both re-exports and imports from ./check-secrets-lib.mjs. Since the unit tests have been updated to import from the library directly, the export here appears redundant for an executable script. You can simplify this to just a single import.
Suggested change
| export { RULES, scanContent } from "./check-secrets-lib.mjs"; | |
| import { scanContent } from "./check-secrets-lib.mjs"; | |
| import { scanContent } from "./check-secrets-lib.mjs"; |
Comment on lines
+43
to
+103
| /** Canonical snake-case config keys this helper understands. */ | ||
| type CanonicalConfigKey = | ||
| | "definition_of_done" | ||
| | "item_format" | ||
| | "history_missing_stream_policy" | ||
| | "sprint_release_format_policy" | ||
| | "parent_reference_policy" | ||
| | "metadata_validation_profile" | ||
| | "metadata_required_fields" | ||
| | "lifecycle_stale_blocker_reason_patterns" | ||
| | "lifecycle_closure_like_blocked_reason_patterns" | ||
| | "lifecycle_closure_like_resolution_patterns" | ||
| | "lifecycle_closure_like_actual_result_patterns" | ||
| | "governance_preset" | ||
| | "governance_ownership_enforcement" | ||
| | "governance_create_mode_default" | ||
| | "governance_close_validation_default" | ||
| | "governance_parent_reference_policy" | ||
| | "governance_metadata_validation_profile" | ||
| | "governance_force_required_for_stale_lock" | ||
| | "test_result_tracking" | ||
| | "telemetry_tracking" | ||
| | "context"; | ||
|
|
||
| const FORMAT_KEYS: ReadonlySet<CanonicalConfigKey> = new Set<CanonicalConfigKey>(["item_format"]); | ||
|
|
||
| const CRITERIA_KEYS: ReadonlySet<CanonicalConfigKey> = new Set<CanonicalConfigKey>([ | ||
| "definition_of_done", | ||
| "metadata_required_fields", | ||
| "lifecycle_stale_blocker_reason_patterns", | ||
| "lifecycle_closure_like_blocked_reason_patterns", | ||
| "lifecycle_closure_like_resolution_patterns", | ||
| "lifecycle_closure_like_actual_result_patterns", | ||
| ]); | ||
|
|
||
| const POLICY_KEYS: ReadonlySet<CanonicalConfigKey> = new Set<CanonicalConfigKey>([ | ||
| "history_missing_stream_policy", | ||
| "sprint_release_format_policy", | ||
| "parent_reference_policy", | ||
| "metadata_validation_profile", | ||
| "governance_preset", | ||
| "governance_ownership_enforcement", | ||
| "governance_create_mode_default", | ||
| "governance_close_validation_default", | ||
| "governance_parent_reference_policy", | ||
| "governance_metadata_validation_profile", | ||
| "governance_force_required_for_stale_lock", | ||
| "test_result_tracking", | ||
| "telemetry_tracking", | ||
| ]); | ||
|
|
||
| /** | ||
| * Policy keys whose only valid values are enabled/disabled. For these we accept the | ||
| * intuitive synonyms off/on/true/false. Other policy keys pass through unchanged so | ||
| * their own validators report the precise allowed set. | ||
| */ | ||
| const ENABLED_DISABLED_POLICY_KEYS: ReadonlySet<CanonicalConfigKey> = new Set<CanonicalConfigKey>([ | ||
| "governance_force_required_for_stale_lock", | ||
| "test_result_tracking", | ||
| "telemetry_tracking", | ||
| ]); |
There was a problem hiding this comment.
The configuration key list and its categorization are hardcoded here, duplicating information from src/cli/commands/config.ts. This manual mapping is error-prone and increases maintenance effort. Consider defining a single source of truth for configuration metadata (e.g., a shared mapping object in src/core) from which both the CLI aliases and this routing logic can be derived. This would also allow simplifying the multiple Set lookups into a single data-driven resolution.
There was a problem hiding this comment.
Code Review
This pull request introduces several UX and reliability improvements across the CLI and CI/CD pipelines. Key updates include the implementation of positional value support for the pm config set command, allowing users to provide values directly without explicit flags, and a more concise error message for invalid configuration keys. The PR also resolves a failure in the Auto Release workflow by ensuring the project is built before changelog generation, refactors the secret scanner into a reusable library, and addresses Windows-specific test issues through CRLF normalization and platform-aware binary resolution. Review feedback highlights a bug where configuration aliases might be rejected by the new positional router, an opportunity to optimize the performance of the secret scanner's line-number calculation, and a suggestion to centralize configuration key definitions to avoid duplication between the CLI and core logic.
| const scope = normalizeScope(scopeValue); | ||
| const action = normalizeAction(actionValue); | ||
| const key = normalizeKeyForAction(action, keyValue); | ||
| options = applyPositionalValue(action, keyValue, valueValue, options); |
There was a problem hiding this comment.
Pass the normalized key instead of the raw keyValue to applyPositionalValue. This ensures that configuration key aliases (such as dod for definition_of_done) are correctly handled by the positional value router. The router in src/core/config/positional-value.ts only recognizes canonical kebab-case or snake_case forms, so passing the already-normalized key prevents it from rejecting valid aliases with an 'Unknown config key' error.
Suggested change
| options = applyPositionalValue(action, keyValue, valueValue, options); | |
| options = applyPositionalValue(action, key, valueValue, options); |
Comment on lines
+41
to
+49
| function lineNumberFromIndex(content, index) { | ||
| let line = 1; | ||
| for (let i = 0; i < index; i += 1) { | ||
| if (content.charCodeAt(i) === 10) { | ||
| line += 1; | ||
| } | ||
| } | ||
| return line; | ||
| } |
There was a problem hiding this comment.
The lineNumberFromIndex function iterates through the content for every finding, leading to
Comment on lines
+67
to
+92
| const FORMAT_KEYS: ReadonlySet<CanonicalConfigKey> = new Set<CanonicalConfigKey>(["item_format"]); | ||
|
|
||
| const CRITERIA_KEYS: ReadonlySet<CanonicalConfigKey> = new Set<CanonicalConfigKey>([ | ||
| "definition_of_done", | ||
| "metadata_required_fields", | ||
| "lifecycle_stale_blocker_reason_patterns", | ||
| "lifecycle_closure_like_blocked_reason_patterns", | ||
| "lifecycle_closure_like_resolution_patterns", | ||
| "lifecycle_closure_like_actual_result_patterns", | ||
| ]); | ||
|
|
||
| const POLICY_KEYS: ReadonlySet<CanonicalConfigKey> = new Set<CanonicalConfigKey>([ | ||
| "history_missing_stream_policy", | ||
| "sprint_release_format_policy", | ||
| "parent_reference_policy", | ||
| "metadata_validation_profile", | ||
| "governance_preset", | ||
| "governance_ownership_enforcement", | ||
| "governance_create_mode_default", | ||
| "governance_close_validation_default", | ||
| "governance_parent_reference_policy", | ||
| "governance_metadata_validation_profile", | ||
| "governance_force_required_for_stale_lock", | ||
| "test_result_tracking", | ||
| "telemetry_tracking", | ||
| ]); |
There was a problem hiding this comment.
The sets FORMAT_KEYS, CRITERIA_KEYS, and POLICY_KEYS duplicate the configuration keys defined in src/cli/commands/config.ts. This creates a maintenance burden where adding a new config key requires updating both files. Consider moving the canonical configuration key definitions and their categories to a shared location in src/core that both the CLI and this router can reference.
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 5
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In @.agents/pm/history/pm-5k2w.jsonl:
- Around line 59-61: The commit improperly edits agent system-of-record JSON
history entries (entries under metadata like "op":"comment_add" and
"metadata/updated_at") instead of producing the update via the approved pm
workflow output; revert/remove those direct edits to the agent history (undo the
patches that add/replace metadata/comments and metadata/updated_at and any
"op":"claim"/"op":"comment_add" changes), restore the original .agents history
content, and reapply your functional changes through the proper pm
workflow/output channel (generate the agent output artifact or place the change
into the designated pm workflow output path) so the same content (the new
positional-value helper, config wiring, tests, and docs) is committed as regular
repository files rather than edits to agent history; ensure future updates do
not modify the agent history directly.
In @.agents/pm/history/pm-7rlp.jsonl:
- Around line 32-43: This PR illegally edits system-of-record metadata in
.agents/pm/history/pm-7rlp.jsonl (changes to metadata/* such as
metadata/updated_at, metadata/assignee, metadata/comments, metadata/files,
metadata/tests and the recorded op patches like
files_add/tests_add/comment_add). Revert all direct edits to
.agents/pm/history/pm-7rlp.jsonl (undo the added/modified metadata entries and
any op patches) so the file is unchanged in this branch, and instead apply the
intended updates through the pm system flow or CLI so that the pm service
generates these metadata mutations; ensure no other .agents/pm/** files are
modified in the commit.
In @.agents/pm/history/pm-mf4j.jsonl:
- Around line 1-6: A history artifact under .agents/pm/history (metadata.id
"pm-mf4j") was added directly; remove this manual change and produce the record
through the pm system-of-record instead. Revert/delete the
.agents/pm/history/pm-mf4j.jsonl addition from the commit/branch, then run the
pm workflow/CLI that creates or updates the metadata (the same command your
CI/pm tooling uses) so the history entry is authored by pm; ensure no other
direct edits to .agents/pm/** remain before pushing. If needed, add a short
commit message noting the revert and that the artifact will be generated by pm.
In @.agents/pm/history/pm-yf8t.jsonl:
- Around line 1-9: The PR modified a PM system-of-record file
(.agents/pm/history/pm-yf8t.jsonl); revert this direct edit and instead apply
the change through the PM-managed workflow: remove the commit that adds/updates
metadata entries for "pm-yf8t" (fields under /metadata such as
id/title/description/assignee/comments), then open the appropriate PM workflow
or ticketing interface to record the issue (create the pm-yf8t record via the PM
service) so the system-of-record is updated correctly; ensure the auto-release
workflow fix (adding a Build step and the regression test) remains in your
branch but not recorded by directly editing .agents/pm files.
In @.agents/pm/issues/pm-yf8t.toon:
- Around line 1-19: The file .agents/pm/issues/pm-yf8t.toon was edited directly
(system-of-record), which violates the guideline that .agents/pm is managed by
PM tooling; revert any direct edits to that file and instead submit the change
via the PM-authoritative update path (e.g., update the PM issue through the PM
UI/API or follow the documented PM change workflow) so the record is updated
properly; keep the actual repo fixes in the codebase (the intended changes
belong in .github/workflows/auto-release.yml — add the "Build" step running
"pnpm build" before the "Run auto release pipeline" step — and the regression
spec tests/integration/release-automation-contract.spec.ts that assert the build
precedes scripts/release/run-release-pipeline.mjs), but do not commit or modify
.agents/pm/issues/pm-yf8t.toon directly.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Repository UI (base), Organization UI (inherited)
Review profile: CHILL
Plan: Pro
Run ID: 83c46b24-4177-4f71-b7b8-4cb405f8c963
📒 Files selected for processing (32)
.agents/pm/chores/pm-5k2w.toon.agents/pm/chores/pm-7rlp.toon.agents/pm/chores/pm-mf4j.toon.agents/pm/extensions/.managed-extensions.json.agents/pm/features/pm-rnpb.toon.agents/pm/history/pm-5k2w.jsonl.agents/pm/history/pm-7rlp.jsonl.agents/pm/history/pm-mf4j.jsonl.agents/pm/history/pm-rnpb.jsonl.agents/pm/history/pm-yf8t.jsonl.agents/pm/issues/pm-yf8t.toon.github/workflows/auto-release.ymldocs/CONFIGURATION.mdscripts/check-secrets-lib.mjsscripts/check-secrets.mjsscripts/gen-package-runtime-loaders.mjsscripts/release/release-relevance.mjsscripts/release/run-release-pipeline.mjssrc/cli/commands/config.tssrc/cli/register-setup.tssrc/core/config/positional-value.tssrc/mcp/server.tssrc/sdk/cli-contracts.tstests/integration/cli.integration.spec.tstests/integration/config-positional-cli.integration.spec.tstests/integration/mcp-dynamic-package-actions.spec.tstests/integration/release-automation-contract.spec.tstests/integration/release-readiness-runtime.spec.tstests/unit/check-secrets.spec.tstests/unit/config-command.spec.tstests/unit/config-positional-value.spec.tsvitest.config.ts
Comment on lines
+59
to
+61
| {"ts":"2026-05-25T08:19:06.971Z","author":"claude-code-agent","op":"claim","patch":[{"op":"replace","path":"/metadata/updated_at","value":"2026-05-25T08:19:06.971Z"}],"before_hash":"1a74b7873022acb6ee998e9be7649d248ffff70e89f391bda14a64f72b0ea3c5","after_hash":"15003ac911322aa4fb084c9f6c2532b465ddfc09ac75ca24efe699859d222e16"} | ||
| {"ts":"2026-05-25T08:22:35.797Z","author":"config-ux-subagent","op":"comment_add","patch":[{"op":"add","path":"/metadata/comments/17","value":{"created_at":"2026-05-25T08:22:35.797Z","author":"config-ux-subagent","text":"config-ux-subagent START: FIX A — add optional [value] positional to config cmd (register-setup.ts) + new pure helper src/core/config/positional-value.ts (resolveConfigPositionalValue) routing key→typed flag (format/policy/criterion) with off/on/true/false synonyms; wire into runConfig only when typed flag not already passed, conflict=error, context=hint. FIX B — shrink invalid-key error to canonical kebab forms + '(underscore variants also accepted)'. New unit spec at 100% cov, add helper to vitest include. Verify tsc + tests + smoke."}},{"op":"replace","path":"/metadata/updated_at","value":"2026-05-25T08:22:35.797Z"}],"before_hash":"15003ac911322aa4fb084c9f6c2532b465ddfc09ac75ca24efe699859d222e16","after_hash":"a3d8bb5e47b5ca8fcf7bbfd938259efe9ff1af6cf7ea4f4bf2dcd24549e47fae"} | ||
| {"ts":"2026-05-25T08:32:31.586Z","author":"config-ux-subagent","op":"comment_add","patch":[{"op":"add","path":"/metadata/comments/18","value":{"created_at":"2026-05-25T08:32:31.586Z","author":"config-ux-subagent","text":"config-ux-subagent DONE (FIX A + FIX B both complete; item left open per instructions).\n\nFIX A (positional value for `pm config set <key> <value>`):\n- NEW pure helper src/core/config/positional-value.ts exporting resolveConfigPositionalValue(keyOrAlias, value) -> discriminated union. Accepts BOTH kebab and snake key forms (normalizes interior '-' to '_'). Mapping table:\n * item-format -> {flag:'format', value} (verbatim)\n * definition-of-done, metadata-required-fields, lifecycle-stale-blocker-reason-patterns, lifecycle-closure-like-blocked-reason-patterns, lifecycle-closure-like-resolution-patterns, lifecycle-closure-like-actual-result-patterns -> {flag:'criterion', values:[value]}\n * history-missing-stream-policy, sprint-release-format-policy, parent-reference-policy, metadata-validation-profile, governance-preset, governance-ownership-enforcement, governance-create-mode-default, governance-close-validation-default, governance-parent-reference-policy, governance-metadata-validation-profile, governance-force-required-for-stale-lock, test-result-tracking, telemetry-tracking -> {flag:'policy', value}. For the three enabled/disabled-valued keys (governance-force-required-for-stale-lock, test-result-tracking, telemetry-tracking) the synonyms off->disabled, on->enabled, true->enabled, false->disabled (case-insensitive) are applied; all other policy keys pass the value through unchanged so existing validators keep their good error messages.\n * context -> {routable:false, reason: hint naming --default-depth/--activity-limit/--stale-threshold-days/--section-<name>}\n * unknown key -> {routable:false} (caller hits the FIX-B invalid-key error first since normalizeKey runs before routing)\n- Wired in src/cli/commands/config.ts: new optional 6th param valueValue on runConfig; private applyPositionalValue(action,key,value,options) injects the routed flag into options ONLY when (a) action==='set', (b) key present, (c) the typed flag was NOT already supplied. If the explicit flag matches the positional -> no-op; if it conflicts -> clear USAGE error; positional on non-set action or with no key -> clear USAGE error; context -> hint error. All existing typed-flag behavior 100% intact (back-compat verified).\n- register-setup.ts: added 4th positional [value] argument + help text; action handler now resolves value with shorthand-scope shift (config set <key> <value> => action=set,key,value; config project set <key> <value> also works) and passes resolvedValue as 6th arg.\n- MCP parity: src/mcp/server.ts config case now passes readString(args/options,'value') as 6th arg; src/sdk/cli-contracts.ts config schema-contract optional list gains 'value' (param 'value' already typed in props map).\n\nFIX B (token-heavy invalid-key error): src/cli/commands/config.ts normalizeKey now lists CANONICAL_CONFIG_KEYS (21 kebab forms derived from CONFIG_KEY_ALIASES[k][0]) + '(underscore variants also accepted)' instead of all ~45 kebab+snake CONFIG_KEY_VALUES. Snake forms still fully accepted as input. No other code/tests depended on the old exact string (only assertion was exitCode===USAGE).\n\nFILES CHANGED:\n- NEW src/core/config/positional-value.ts (in vitest include @100% cover)\n- src/cli/commands/config.ts (import, CANONICAL_CONFIG_KEYS, applyPositionalValue, runConfig 6th param, shortened error)\n- src/cli/register-setup.ts ([value] arg + handler wiring + shorthand shift)\n- src/mcp/server.ts (config value pass-through)\n- src/sdk/cli-contracts.ts (config optional += 'value')\n- vitest.config.ts (added positional-value.ts to coverage include only; NOT exclude)\n- docs/CONFIGURATION.md (documented positional value form + context-uses-flags note)\n- NEW tests/unit/config-positional-value.spec.ts (8 tests, helper @100%)\n- tests/unit/config-command.spec.ts (+10 wiring tests)\n\nTESTS (all PASS): config-positional-value 8; config-command 36 (was 26, +10); helper coverage 100% stmts(22/22)/branch(18/18)/funcs(3/3)/lines. Broader: help-runtime 27 + completion 212-batch (163 across 4 files); release-readiness-runtime 32 (coverage-alignment + config gate green); contracts-command + mcp-dynamic-package-actions + claude-plugin-contract 34; structure-exports + bootstrap-args + cli.integration 114. tsc --noEmit (tsconfig.json) clean. docs-skills gate PASS. (packages untouched, tsconfig.packages.json not needed.)\n\nMANUAL SMOKE (pnpm build once; /tmp/cfgprobe, init --defaults): `config set telemetry-tracking off`->policy disabled changed:true; `... disabled`->changed:false; `... item-format toon`->format toon; `... governance-preset strict`->policy strict changed:true; `... definition-of-done \"Tests pass\"`->criteria [\"Tests pass\"]. `config set bogus-key foo`-> shortened 21-key error + underscore note. `config set context deep`-> not-routable hint (flags listed; error layer even auto-added suggested_retry). `config set telemetry-tracking off --policy enabled`-> conflict USAGE error. Back-compat `config set telemetry-tracking --policy enabled` and `config project set telemetry-tracking on` both work.\n\nCOORDINATOR TODOs (shared files I did NOT touch):\n1. CHANGELOG.md [Unreleased] (forbidden for me): add\n - 'pm config set <key> <value> now accepts the value as a positional argument, routed to the correct typed flag (--policy/--format/--criterion) by key; off/on/true/false map to disabled/enabled for boolean policy keys.'\n - 'Shortened the invalid config-key error to list canonical kebab keys only (underscore variants still accepted).'\n2. docs: COMMANDS.md/AGENT_GUIDE.md were left as-is (no existing `config set` detail there; CONFIGURATION.md is the canonical home and was updated). Optional to cross-link.\n3. completion.ts NOT changed (config values are not value-completed there; positional is free-form). No action required."}},{"op":"replace","path":"/metadata/updated_at","value":"2026-05-25T08:32:31.586Z"}],"before_hash":"a3d8bb5e47b5ca8fcf7bbfd938259efe9ff1af6cf7ea4f4bf2dcd24549e47fae","after_hash":"8120f35d915c615e187e178d78f40d73d9e4741f04eab613253b37f3b4cca647"} |
There was a problem hiding this comment.
Avoid direct edits to .agents/pm history files.
This PR includes direct changes under .agents/pm/history/*, which violates the repository rule for system-of-record files. Please move this update to the approved pm workflow/output path rather than committing manual edits here.
As per coding guidelines: .agents/pm/**: pm is the system of record. Do not edit .agents/pm files directly.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In @.agents/pm/history/pm-5k2w.jsonl around lines 59 - 61, The commit improperly
edits agent system-of-record JSON history entries (entries under metadata like
"op":"comment_add" and "metadata/updated_at") instead of producing the update
via the approved pm workflow output; revert/remove those direct edits to the
agent history (undo the patches that add/replace metadata/comments and
metadata/updated_at and any "op":"claim"/"op":"comment_add" changes), restore
the original .agents history content, and reapply your functional changes
through the proper pm workflow/output channel (generate the agent output
artifact or place the change into the designated pm workflow output path) so the
same content (the new positional-value helper, config wiring, tests, and docs)
is committed as regular repository files rather than edits to agent history;
ensure future updates do not modify the agent history directly.
Comment on lines
+32
to
+43
| {"ts":"2026-05-25T08:40:45.714Z","author":"codex-dedupe-agent","op":"claim","patch":[{"op":"replace","path":"/metadata/updated_at","value":"2026-05-25T08:40:45.714Z"},{"op":"add","path":"/metadata/assignee","value":"codex-dedupe-agent"}],"before_hash":"88041d949a4d778c3c8eb967b71bf21496823da2efe687f5427a09d6c7a95692","after_hash":"5e409ea83bcb3d7f3aed698f4e5ae212521f65472ef78ad73260ad926fbd9eb6"} | ||
| {"ts":"2026-05-25T08:40:47.751Z","author":"codex-dedupe-agent","op":"update","patch":[{"op":"replace","path":"/metadata/updated_at","value":"2026-05-25T08:40:47.751Z"},{"op":"replace","path":"/metadata/status","value":"in_progress"}],"before_hash":"5e409ea83bcb3d7f3aed698f4e5ae212521f65472ef78ad73260ad926fbd9eb6","after_hash":"1e1c1151f2f62ad86545115dc9a330f71cf41c3bf821a9e00ad94b64ac7a5103","message":"Bundling fresh Windows Nightly failure remediation into active release/config PR"} | ||
| {"ts":"2026-05-25T08:43:00.433Z","author":"codex-dedupe-agent","op":"comment_add","patch":[{"op":"add","path":"/metadata/comments/14","value":{"created_at":"2026-05-25T08:43:00.433Z","author":"codex-dedupe-agent","text":"Implementation note: folded fresh GitHub Nightly Windows failure into this PR after duplicate search found pm-7rlp as canonical CI/test reliability item. Fixing npm.cmd resolution for Windows packed-package tests, CRLF-tolerant generated runtime-loader drift checks, and executable release-pipeline import avoidance via a pure release-relevance helper."}},{"op":"replace","path":"/metadata/updated_at","value":"2026-05-25T08:43:00.433Z"}],"before_hash":"1e1c1151f2f62ad86545115dc9a330f71cf41c3bf821a9e00ad94b64ac7a5103","after_hash":"d2fdde8d07aab07dc3399da99f699a7ef388c2ea8f0dca1c3683f26463685125"} | ||
| {"ts":"2026-05-25T08:45:04.708Z","author":"codex-dedupe-agent","op":"files_add","patch":[{"op":"replace","path":"/metadata/files/1/note","value":"CRLF tolerant generated-loader drift check for Windows Nightly"},{"op":"replace","path":"/metadata/files/1/path","value":"scripts/gen-package-runtime-loaders.mjs"},{"op":"add","path":"/metadata/files/2","value":{"path":"scripts/release/release-relevance.mjs","scope":"project","note":"pure release relevance helper avoids executable import in tests"}},{"op":"add","path":"/metadata/files/3","value":{"path":"scripts/release/run-release-pipeline.mjs","scope":"project","note":"use pure release relevance helper"}},{"op":"add","path":"/metadata/files/4","value":{"path":"tests/integration/ci-workflow-contract.spec.ts","scope":"project","note":"lock CI dedupe contract and nightly full-suite boundary"}},{"op":"add","path":"/metadata/files/5","value":{"path":"tests/integration/cli.integration.spec.ts","scope":"project","note":"use npm.cmd on Windows packed-package test"}},{"op":"add","path":"/metadata/files/6","value":{"path":"tests/integration/release-automation-contract.spec.ts","scope":"project","note":"release relevance helper regression"}},{"op":"replace","path":"/metadata/updated_at","value":"2026-05-25T08:45:04.708Z"}],"before_hash":"d2fdde8d07aab07dc3399da99f699a7ef388c2ea8f0dca1c3683f26463685125","after_hash":"09b6f55545a12eabf776daae738b82778c289bfec5958ff14bd8b3b878493ecc"} | ||
| {"ts":"2026-05-25T08:45:22.032Z","author":"codex-dedupe-agent","op":"tests_add","patch":[{"op":"add","path":"/metadata/tests/2","value":{"command":"node scripts/run-tests.mjs test -- tests/integration/cli.integration.spec.ts tests/integration/release-automation-contract.spec.ts tests/unit/package-manifest.spec.ts tests/unit/check-secrets.spec.ts --reporter=dot","scope":"project","timeout_seconds":300,"note":"Windows Nightly regression coverage"}},{"op":"replace","path":"/metadata/updated_at","value":"2026-05-25T08:45:22.032Z"}],"before_hash":"09b6f55545a12eabf776daae738b82778c289bfec5958ff14bd8b3b878493ecc","after_hash":"e4d13fccdb029defa7af0cb132db27f9378a934373ac307528a5d1cb65a59c00"} | ||
| {"ts":"2026-05-25T08:56:50.667Z","author":"codex-dedupe-agent","op":"comment_add","patch":[{"op":"add","path":"/metadata/comments/15","value":{"created_at":"2026-05-25T08:56:50.667Z","author":"codex-dedupe-agent","text":"Verification evidence for Windows Nightly reliability slice: focused regression suite passed including package-manifest/check-secrets/release automation/CLI coverage; full release gate passed with coverage/static/security/package dogfood/compatibility/observability. The branch now uses npm.cmd on Windows for npm pack, CRLF-tolerant generated runtime loader checks, and a pure release-relevance helper to avoid importing executable release pipeline code in tests."}},{"op":"replace","path":"/metadata/updated_at","value":"2026-05-25T08:56:50.667Z"}],"before_hash":"e4d13fccdb029defa7af0cb132db27f9378a934373ac307528a5d1cb65a59c00","after_hash":"a123c08a27ded8d6051f9aedd302e3ca51e20dfdbffa302c6bbda5c4737e6f6c"} | ||
| {"ts":"2026-05-25T08:59:52.727Z","author":"codex-dedupe-agent","op":"files_add","patch":[{"op":"add","path":"/metadata/files/7","value":{"path":"tests/unit/check-secrets.spec.ts","scope":"project","note":"Secret scanner tests import plain library module"}},{"op":"replace","path":"/metadata/updated_at","value":"2026-05-25T08:59:52.727Z"}],"before_hash":"a123c08a27ded8d6051f9aedd302e3ca51e20dfdbffa302c6bbda5c4737e6f6c","after_hash":"6fcb249624a4b01e258e6131aba062657b1b43afa314919a2c34b0a192c1597e"} | ||
| {"ts":"2026-05-25T08:59:52.743Z","author":"codex-dedupe-agent","op":"files_add","patch":[{"op":"replace","path":"/metadata/files/7/note","value":"release relevance helper regression"},{"op":"replace","path":"/metadata/files/7/path","value":"tests/integration/release-automation-contract.spec.ts"},{"op":"replace","path":"/metadata/files/6/note","value":"use npm.cmd on Windows packed-package test"},{"op":"replace","path":"/metadata/files/6/path","value":"tests/integration/cli.integration.spec.ts"},{"op":"replace","path":"/metadata/files/5/note","value":"lock CI dedupe contract and nightly full-suite boundary"},{"op":"replace","path":"/metadata/files/5/path","value":"tests/integration/ci-workflow-contract.spec.ts"},{"op":"replace","path":"/metadata/files/4/note","value":"use pure release relevance helper"},{"op":"replace","path":"/metadata/files/4/path","value":"scripts/release/run-release-pipeline.mjs"},{"op":"replace","path":"/metadata/files/3/note","value":"pure release relevance helper avoids executable import in tests"},{"op":"replace","path":"/metadata/files/3/path","value":"scripts/release/release-relevance.mjs"},{"op":"replace","path":"/metadata/files/2/note","value":"CRLF tolerant generated-loader drift check for Windows Nightly"},{"op":"replace","path":"/metadata/files/2/path","value":"scripts/gen-package-runtime-loaders.mjs"},{"op":"replace","path":"/metadata/files/1/note","value":"Secret scanner executable now imports reusable library"},{"op":"replace","path":"/metadata/files/1/path","value":"scripts/check-secrets.mjs"},{"op":"add","path":"/metadata/files/8","value":{"path":"tests/unit/check-secrets.spec.ts","scope":"project","note":"Secret scanner tests import plain library module"}},{"op":"replace","path":"/metadata/updated_at","value":"2026-05-25T08:59:52.743Z"}],"before_hash":"6fcb249624a4b01e258e6131aba062657b1b43afa314919a2c34b0a192c1597e","after_hash":"b176ee7bc8c8dd08bfe3f25ecda9dcfecfcfe7acb090119954a0e5ec991e2719"} | ||
| {"ts":"2026-05-25T09:00:17.454Z","author":"codex-dedupe-agent","op":"comment_add","patch":[{"op":"add","path":"/metadata/comments/16","value":{"created_at":"2026-05-25T09:00:17.454Z","author":"codex-dedupe-agent","text":"Implementation note: split secret scanner reusable rules into scripts/check-secrets-lib.mjs so Vitest imports a plain library module on Windows while scripts/check-secrets.mjs remains the executable CLI wrapper. Focused verification passed: node scripts/run-tests.mjs test -- tests/unit/check-secrets.spec.ts tests/integration/release-automation-contract.spec.ts tests/integration/release-readiness-runtime.spec.ts -t 'keeps release-hardening scaffolding paths present|check-secrets|Auto Release' --reporter=dot (2 files passed, 1 skipped, 7 tests passed, 42 skipped) and node scripts/check-secrets.mjs reported no credential-like secrets."}},{"op":"replace","path":"/metadata/updated_at","value":"2026-05-25T09:00:17.454Z"}],"before_hash":"b176ee7bc8c8dd08bfe3f25ecda9dcfecfcfe7acb090119954a0e5ec991e2719","after_hash":"2d65c93d03b8b25e43df2ceb406285847c6817e71d1ec37818d6e5298d38e90e"} | ||
| {"ts":"2026-05-25T09:00:18.523Z","author":"codex-dedupe-agent","op":"files_add","patch":[{"op":"replace","path":"/metadata/files/8/note","value":"release relevance helper regression"},{"op":"replace","path":"/metadata/files/8/path","value":"tests/integration/release-automation-contract.spec.ts"},{"op":"replace","path":"/metadata/files/7/note","value":"use npm.cmd on Windows packed-package test"},{"op":"replace","path":"/metadata/files/7/path","value":"tests/integration/cli.integration.spec.ts"},{"op":"replace","path":"/metadata/files/6/note","value":"lock CI dedupe contract and nightly full-suite boundary"},{"op":"replace","path":"/metadata/files/6/path","value":"tests/integration/ci-workflow-contract.spec.ts"},{"op":"replace","path":"/metadata/files/5/note","value":"use pure release relevance helper"},{"op":"replace","path":"/metadata/files/5/path","value":"scripts/release/run-release-pipeline.mjs"},{"op":"replace","path":"/metadata/files/4/note","value":"pure release relevance helper avoids executable import in tests"},{"op":"replace","path":"/metadata/files/4/path","value":"scripts/release/release-relevance.mjs"},{"op":"replace","path":"/metadata/files/3/note","value":"CRLF tolerant generated-loader drift check for Windows Nightly"},{"op":"replace","path":"/metadata/files/3/path","value":"scripts/gen-package-runtime-loaders.mjs"},{"op":"replace","path":"/metadata/files/2/note","value":"Secret scanner executable now imports reusable library"},{"op":"replace","path":"/metadata/files/2/path","value":"scripts/check-secrets.mjs"},{"op":"replace","path":"/metadata/files/1/note","value":"Plain secret scanner library for Windows-safe Vitest imports"},{"op":"replace","path":"/metadata/files/1/path","value":"scripts/check-secrets-lib.mjs"},{"op":"add","path":"/metadata/files/9","value":{"path":"tests/unit/check-secrets.spec.ts","scope":"project","note":"Secret scanner tests import plain library module"}},{"op":"replace","path":"/metadata/updated_at","value":"2026-05-25T09:00:18.523Z"}],"before_hash":"2d65c93d03b8b25e43df2ceb406285847c6817e71d1ec37818d6e5298d38e90e","after_hash":"c4a997e65ef8ecfd048d4fa50438e61d18766965bc6c8d7ad8d89b0f5465bdd5"} | ||
| {"ts":"2026-05-25T09:05:22.456Z","author":"codex-dedupe-agent","op":"comment_add","patch":[{"op":"add","path":"/metadata/comments/17","value":{"created_at":"2026-05-25T09:05:22.456Z","author":"codex-dedupe-agent","text":"Verification evidence: full release gate re-run after Windows-focused scanner import fix passed. Relevant CI reliability coverage now includes npm.cmd use for Windows npm pack tests, CRLF-tolerant runtime loader checks, pure release relevance helper, and plain check-secrets library import for Vitest."}},{"op":"replace","path":"/metadata/updated_at","value":"2026-05-25T09:05:22.456Z"}],"before_hash":"c4a997e65ef8ecfd048d4fa50438e61d18766965bc6c8d7ad8d89b0f5465bdd5","after_hash":"7391455480b2717354b52e996812135841146f9403fdc4bd5e61a4a8f04bbce6"} | ||
| {"ts":"2026-05-25T09:06:22.310Z","author":"codex-dedupe-agent","op":"tests_add","patch":[{"op":"add","path":"/metadata/tests/3","value":{"command":"node scripts/run-tests.mjs test -- tests/unit/check-secrets.spec.ts tests/integration/release-automation-contract.spec.ts tests/integration/release-readiness-runtime.spec.ts -t 'keeps release-hardening scaffolding paths present|check-secrets|Auto Release' --reporter=dot","scope":"project","timeout_seconds":240}},{"op":"replace","path":"/metadata/updated_at","value":"2026-05-25T09:06:22.310Z"}],"before_hash":"7391455480b2717354b52e996812135841146f9403fdc4bd5e61a4a8f04bbce6","after_hash":"de64ee0b0c0e05d1821d89d34d505b5d3bfc89bc68003137b02b8b653f489a78"} |
There was a problem hiding this comment.
System-of-record metadata should not be edited directly in this PR.
These updates are committed directly in .agents/pm/history/pm-7rlp.jsonl. Please apply them through the pm system flow and keep direct file edits out of source changes.
As per coding guidelines: .agents/pm/**: pm is the system of record. Do not edit .agents/pm files directly.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In @.agents/pm/history/pm-7rlp.jsonl around lines 32 - 43, This PR illegally
edits system-of-record metadata in .agents/pm/history/pm-7rlp.jsonl (changes to
metadata/* such as metadata/updated_at, metadata/assignee, metadata/comments,
metadata/files, metadata/tests and the recorded op patches like
files_add/tests_add/comment_add). Revert all direct edits to
.agents/pm/history/pm-7rlp.jsonl (undo the added/modified metadata entries and
any op patches) so the file is unchanged in this branch, and instead apply the
intended updates through the pm system flow or CLI so that the pm service
generates these metadata mutations; ensure no other .agents/pm/** files are
modified in the commit.
Comment on lines
+1
to
+6
| {"ts":"2026-05-25T08:35:07.204Z","author":"claude-code-agent","op":"create","patch":[{"op":"add","path":"/metadata/id","value":"pm-mf4j"},{"op":"add","path":"/metadata/title","value":"Add pm config set positional value form and shorten the invalid config-key error"},{"op":"add","path":"/metadata/description","value":"Agent-UX polish (subset of pm-5k2w M5). (1) pm config set <key> <value> now accepts the value positionally and routes it to the correct typed flag (--policy/--format/--criterion) by key, with off/on/true/false -> disabled/enabled synonyms for boolean policy keys; the typed-flag forms still work and conflicting flag+positional is a clear error. (2) The invalid config-key error now lists only the ~21 canonical kebab keys plus '(underscore variants also accepted)' instead of all ~45 kebab+snake forms, cutting token cost for agents. Pure routing logic in src/core/config/positional-value.ts (100% covered); MCP+SDK contract parity added. Implemented by config-ux-subagent under pm-5k2w."},{"op":"add","path":"/metadata/type","value":"Chore"},{"op":"add","path":"/metadata/status","value":"open"},{"op":"add","path":"/metadata/priority","value":2},{"op":"add","path":"/metadata/tags","value":["agent-ux","cli","config","polish","token-efficiency"]},{"op":"add","path":"/metadata/created_at","value":"2026-05-25T08:35:07.204Z"},{"op":"add","path":"/metadata/updated_at","value":"2026-05-25T08:35:07.204Z"},{"op":"add","path":"/metadata/author","value":"claude-code-agent"},{"op":"add","path":"/metadata/parent","value":"pm-5k2w"}],"before_hash":"3cc22dff72be7b14824654a7a64ea62b04799939b2fee54c1b5f52ca60bf6df0","after_hash":"3d95132bb4aeee166cdb116187b2ea67560567e340dbe063abeb3f3522c8bc6a","message":""} | ||
| {"ts":"2026-05-25T08:35:17.481Z","author":"claude-code-agent","op":"claim","patch":[{"op":"replace","path":"/metadata/updated_at","value":"2026-05-25T08:35:17.481Z"},{"op":"add","path":"/metadata/assignee","value":"claude-code-agent"}],"before_hash":"3d95132bb4aeee166cdb116187b2ea67560567e340dbe063abeb3f3522c8bc6a","after_hash":"6f65f73f102b6af090c81ef3eb71b3f373242a3257f7a41c2bf6a62bf0484353"} | ||
| {"ts":"2026-05-25T08:40:57.999Z","author":"codex-gh-triage","op":"comment_add","patch":[{"op":"replace","path":"/metadata/updated_at","value":"2026-05-25T08:40:57.999Z"},{"op":"add","path":"/metadata/comments","value":[{"created_at":"2026-05-25T08:40:57.999Z","author":"codex-gh-triage","text":"GitHub/dependency/security triage addendum 2026-05-25: no GitHub issue/PR/dependency/security blocker found for the config UX work. Open repo issues=0, open PRs=0, current branch has no remote branch/PR yet, pnpm audit/outdated/security:scan are clean. Only relevant caution is shared branch CI: latest Nightly run 26390994985 fails on Windows Node 20 from existing test/runtime-loader issues unrelated to config UX; ensure config-focused tests plus the broader branch gate run before PR."}]}],"before_hash":"6f65f73f102b6af090c81ef3eb71b3f373242a3257f7a41c2bf6a62bf0484353","after_hash":"97b10c4869ff8beff3a187cf242e55307234b4bbe1c8adf5c102afa783525989"} | ||
| {"ts":"2026-05-25T08:41:02.456Z","author":"codex-impl-review","op":"comment_add","patch":[{"op":"add","path":"/metadata/comments/1","value":{"created_at":"2026-05-25T08:41:02.456Z","author":"codex-impl-review","text":"Implementation-review evidence: reviewed current uncommitted config positional-value, SDK/MCP contract, docs, and tests diff only. Focused tests passed (3 files, 55 tests) and manual temp PM_PATH smoke passed for config set telemetry-tracking off, config project set item-format toon, and config set definition-of-done. Finding/test gap: automated coverage exercises the pure router/runConfig path, but not the commander shorthand or MCP pm_run value path; add regression coverage for config set <key> <value> through the CLI entrypoint and MCP config action."}},{"op":"replace","path":"/metadata/updated_at","value":"2026-05-25T08:41:02.456Z"}],"before_hash":"97b10c4869ff8beff3a187cf242e55307234b4bbe1c8adf5c102afa783525989","after_hash":"05234129be61d7a8410ff49139604c521c1c27bb03b6198ee6deedca96ea9f6d"} | ||
| {"ts":"2026-05-25T08:43:00.519Z","author":"codex-dedupe-agent","op":"comment_add","patch":[{"op":"add","path":"/metadata/comments/2","value":{"created_at":"2026-05-25T08:43:00.519Z","author":"codex-dedupe-agent","text":"Implementation note: addressed implementation-review sub-agent gap by adding real CLI parser coverage for config set <key> <value> and MCP pm_run config value coverage in addition to pure helper/runConfig unit coverage."}},{"op":"replace","path":"/metadata/updated_at","value":"2026-05-25T08:43:00.519Z"}],"before_hash":"05234129be61d7a8410ff49139604c521c1c27bb03b6198ee6deedca96ea9f6d","after_hash":"6664d83d06e5472f7b2250f31fe95b581f2a957feaada898c278f0fb2616e744"} | ||
| {"ts":"2026-05-25T08:56:50.675Z","author":"codex-dedupe-agent","op":"comment_add","patch":[{"op":"add","path":"/metadata/comments/3","value":{"created_at":"2026-05-25T08:56:50.675Z","author":"codex-dedupe-agent","text":"Coordinator verification: config positional value work now has pure helper, runConfig, real CLI parser, and MCP pm_run coverage. Manual temp config smoke passed the intended positional flows plus shortened invalid-key error. Full release gate passed after test split."}},{"op":"replace","path":"/metadata/updated_at","value":"2026-05-25T08:56:50.675Z"}],"before_hash":"6664d83d06e5472f7b2250f31fe95b581f2a957feaada898c278f0fb2616e744","after_hash":"22d0cf9f0cae0ef8f309b6dc1813ec200f075bc595bfae62eccebab22d1ef0ac"} |
There was a problem hiding this comment.
Do not add new .agents/pm history artifacts via direct file changes.
This new history file is being introduced directly under .agents/pm/history/. It should be produced/updated only through the pm system-of-record mechanism, not committed as manual file edits.
As per coding guidelines: .agents/pm/**: pm is the system of record. Do not edit .agents/pm files directly.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In @.agents/pm/history/pm-mf4j.jsonl around lines 1 - 6, A history artifact
under .agents/pm/history (metadata.id "pm-mf4j") was added directly; remove this
manual change and produce the record through the pm system-of-record instead.
Revert/delete the .agents/pm/history/pm-mf4j.jsonl addition from the
commit/branch, then run the pm workflow/CLI that creates or updates the metadata
(the same command your CI/pm tooling uses) so the history entry is authored by
pm; ensure no other direct edits to .agents/pm/** remain before pushing. If
needed, add a short commit message noting the revert and that the artifact will
be generated by pm.
Comment on lines
+1
to
+9
| {"ts":"2026-05-25T08:18:53.175Z","author":"claude-code-agent","op":"create","patch":[{"op":"add","path":"/metadata/id","value":"pm-yf8t"},{"op":"add","path":"/metadata/title","value":"Auto Release fails: pipeline runs dist/cli.js for pm-changelog before any build step"},{"op":"add","path":"/metadata/description","value":"The Auto Release workflow (.github/workflows/auto-release.yml) installs deps then immediately runs scripts/release/run-release-pipeline.mjs, which (after the pm-changelog integration in commits b219aeed/4345920c) calls 'node dist/cli.js install npm:pm-changelog --project' and 'node dist/cli.js changelog generate ...' before any build runs. dist/cli.js does not exist at that point (runReleaseGates builds, but that runs AFTER the changelog step), so the run fails with 'Cannot find module .../dist/cli.js'. Daily auto-release has failed since 2026-05-24 (runs 26353906615, 26387640606). Other workflows (ci.yml:73, nightly.yml:80, release.yml) all run 'pnpm build' first; auto-release.yml is the only one missing it. Fix: add a Build step to auto-release.yml before the pipeline, and add a regression contract test asserting the build precedes the pipeline invocation. pm-changelog package itself is fine (v2026.5.24-15; local changelog:pm:check passes, 825 items, unchanged)."},{"op":"add","path":"/metadata/type","value":"Issue"},{"op":"add","path":"/metadata/status","value":"open"},{"op":"add","path":"/metadata/priority","value":1},{"op":"add","path":"/metadata/tags","value":["pm-changelog"]},{"op":"add","path":"/metadata/created_at","value":"2026-05-25T08:18:53.175Z"},{"op":"add","path":"/metadata/updated_at","value":"2026-05-25T08:18:53.175Z"},{"op":"add","path":"/metadata/author","value":"claude-code-agent"},{"op":"add","path":"/metadata/parent","value":"pm-rnpb"}],"before_hash":"3cc22dff72be7b14824654a7a64ea62b04799939b2fee54c1b5f52ca60bf6df0","after_hash":"ea536bbca4313e266df082a7328c4e0ad8b175d8796b00126f08e3cf2f044f10","message":""} | ||
| {"ts":"2026-05-25T08:19:02.519Z","author":"claude-code-agent","op":"update","patch":[{"op":"replace","path":"/metadata/updated_at","value":"2026-05-25T08:19:02.519Z"},{"op":"replace","path":"/metadata/tags/0","value":"changelog"},{"op":"add","path":"/metadata/tags/1","value":"ci"},{"op":"add","path":"/metadata/tags/2","value":"pm-changelog"},{"op":"add","path":"/metadata/tags/3","value":"release"},{"op":"add","path":"/metadata/tags/4","value":"reliability"}],"before_hash":"ea536bbca4313e266df082a7328c4e0ad8b175d8796b00126f08e3cf2f044f10","after_hash":"527ba3b95a6a1616670c4bf4fdfddaefe7878203b837e164c8aaebb2b3b5944c"} | ||
| {"ts":"2026-05-25T08:19:04.826Z","author":"claude-code-agent","op":"claim","patch":[{"op":"replace","path":"/metadata/updated_at","value":"2026-05-25T08:19:04.826Z"},{"op":"add","path":"/metadata/assignee","value":"claude-code-agent"}],"before_hash":"527ba3b95a6a1616670c4bf4fdfddaefe7878203b837e164c8aaebb2b3b5944c","after_hash":"e32ff7711e3d23a8be24f94cbcc50013062bfecee1fcedf8b80778e2232d4148"} | ||
| {"ts":"2026-05-25T08:20:11.943Z","author":"release-ci-subagent","op":"comment_add","patch":[{"op":"replace","path":"/metadata/updated_at","value":"2026-05-25T08:20:11.943Z"},{"op":"add","path":"/metadata/comments","value":[{"created_at":"2026-05-25T08:20:11.943Z","author":"release-ci-subagent","text":"release-ci-subagent START: Plan = (1) add a 'Build' step (run: pnpm build) to .github/workflows/auto-release.yml between 'Install dependencies' and 'Run auto release pipeline' so dist/cli.js exists before run-release-pipeline.mjs calls it for pm-changelog generation; (2) add a regression contract test in tests/integration/release-automation-contract.spec.ts asserting auto-release.yml contains 'pnpm build' AND that its indexOf precedes run-release-pipeline.mjs; (3) run the contract spec. Not touching CHANGELOG.md, config.ts, or run-release-pipeline.mjs."}]}],"before_hash":"e32ff7711e3d23a8be24f94cbcc50013062bfecee1fcedf8b80778e2232d4148","after_hash":"d97c5c2419ae2defd31a37ae011e6384f050ba8bc8d938c8edd53aa483ebe97a"} | ||
| {"ts":"2026-05-25T08:20:41.641Z","author":"release-ci-subagent","op":"comment_add","patch":[{"op":"add","path":"/metadata/comments/1","value":{"created_at":"2026-05-25T08:20:41.641Z","author":"release-ci-subagent","text":"release-ci-subagent DONE.\n\nFILES CHANGED (2):\n1) .github/workflows/auto-release.yml -- inserted a new step between 'Install dependencies' and 'Run auto release pipeline':\n - name: Build\n run: pnpm build\n This builds dist/cli.js so the release pipeline (run-release-pipeline.mjs lines ~284-302) can call 'dist/cli.js install npm:pm-changelog --project' and 'dist/cli.js changelog generate' without Cannot-find-module errors. Verified step order is now Install dependencies -> Build -> Run auto release pipeline; YAML parses cleanly.\n\n2) tests/integration/release-automation-contract.spec.ts -- added regression test 'builds dist before the auto-release pipeline consumes dist/cli.js' (placed right after the existing auto-release workflow contract test). It reads auto-release.yml, asserts it contains 'pnpm build', and asserts indexOf('pnpm build') < indexOf('scripts/release/run-release-pipeline.mjs') so the build always precedes the pipeline. Matches existing indexOf style in the file.\n\nTESTS RUN:\n node scripts/run-tests.mjs test -- tests/integration/release-automation-contract.spec.ts\n => 1 file passed, 11 tests passed (was 10, +1 new). Build runs first then tests; all green.\n\nNOT TOUCHED (per constraints): CHANGELOG.md, src/cli/commands/config.ts (other agent), scripts/release/run-release-pipeline.mjs (workflow-only fix is sufficient; pipeline assumes dist/cli.js exists, which is the correct contract for a release job).\n\nCOORDINATOR TODO:\n - Add CHANGELOG.md [Unreleased] line, e.g. under Fixed:\n 'Fixed daily Auto Release workflow failing since 2026-05-24 by adding the missing pnpm build step before the release pipeline, so dist/cli.js exists when pm-changelog generation runs (pm-yf8t).'\n - Do NOT close pm-yf8t until PR merges (per instructions)."}},{"op":"replace","path":"/metadata/updated_at","value":"2026-05-25T08:20:41.641Z"}],"before_hash":"d97c5c2419ae2defd31a37ae011e6384f050ba8bc8d938c8edd53aa483ebe97a","after_hash":"3bb498b25f414e9ac0abe5beabdabce8cba33fa73f28482dee47a66d56cdda9b"} | ||
| {"ts":"2026-05-25T08:35:03.636Z","author":"claude-code-agent","op":"update","patch":[{"op":"replace","path":"/metadata/updated_at","value":"2026-05-25T08:35:03.636Z"},{"op":"replace","path":"/metadata/title","value":"Fix Auto Release failure: build dist before pm-changelog generation runs"}],"before_hash":"3bb498b25f414e9ac0abe5beabdabce8cba33fa73f28482dee47a66d56cdda9b","after_hash":"50d5ed1e82160a1e96c2dcc51b37338909cc16e154cf49069e96045f1b647c5c"} | ||
| {"ts":"2026-05-25T08:40:50.850Z","author":"codex-gh-triage","op":"comment_add","patch":[{"op":"add","path":"/metadata/comments/2","value":{"created_at":"2026-05-25T08:40:50.850Z","author":"codex-gh-triage","text":"GitHub triage addendum 2026-05-25: latest Auto Release failure confirmed in gh run 26387640606 on main c036f238. Job installs dependencies, does not run build, then run-release-pipeline prints v2026.5.25 and fails at node dist/cli.js install npm:pm-changelog --project with MODULE_NOT_FOUND for dist/cli.js. This matches the item description; recommended fix remains adding pnpm build before the pipeline and keeping the workflow-order regression test."}},{"op":"replace","path":"/metadata/updated_at","value":"2026-05-25T08:40:50.850Z"}],"before_hash":"50d5ed1e82160a1e96c2dcc51b37338909cc16e154cf49069e96045f1b647c5c","after_hash":"ba53400e3e09929ff85f3299219e236f656a5e2450570fa80449110a0fc385c2"} | ||
| {"ts":"2026-05-25T08:41:02.478Z","author":"codex-impl-review","op":"comment_add","patch":[{"op":"add","path":"/metadata/comments/3","value":{"created_at":"2026-05-25T08:41:02.478Z","author":"codex-impl-review","text":"Implementation-review evidence: reviewed current uncommitted auto-release diff only. .github/workflows/auto-release.yml now runs pnpm build before scripts/release/run-release-pipeline.mjs; release-automation contract covers that order. Verified with node scripts/run-tests.mjs test -- tests/unit/config-positional-value.spec.ts tests/unit/config-command.spec.ts tests/integration/release-automation-contract.spec.ts (3 files, 55 tests passed). No blocking auto-release findings."}},{"op":"replace","path":"/metadata/updated_at","value":"2026-05-25T08:41:02.478Z"}],"before_hash":"ba53400e3e09929ff85f3299219e236f656a5e2450570fa80449110a0fc385c2","after_hash":"45953ec7b5311a9b31c4c4159089ffbf3a1a7442305afa978d88d5b27c61aa84"} | ||
| {"ts":"2026-05-25T08:56:50.697Z","author":"codex-dedupe-agent","op":"comment_add","patch":[{"op":"add","path":"/metadata/comments/4","value":{"created_at":"2026-05-25T08:56:50.697Z","author":"codex-dedupe-agent","text":"Coordinator verification: auto-release build ordering fix is bundled in this PR. Regression test covers pnpm build before run-release-pipeline; full release gate passed after the branch changes. pm-changelog latest installed as 2026.5.24-15 and CHANGELOG.md check is unchanged."}},{"op":"replace","path":"/metadata/updated_at","value":"2026-05-25T08:56:50.697Z"}],"before_hash":"45953ec7b5311a9b31c4c4159089ffbf3a1a7442305afa978d88d5b27c61aa84","after_hash":"44dfe0260c664b4240c8630f35dca64e12e9f52ed7c3a6684b68c9e973b34a01"} |
There was a problem hiding this comment.
Avoid direct edits to .agents/pm system-of-record files.
This file is directly modified under .agents/pm/**, which violates repository policy for PM system-of-record data handling. Route this change through the PM-managed workflow instead of committing direct edits here.
As per coding guidelines, .agents/pm/**: pm is the system of record. Do not edit .agents/pm files directly.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In @.agents/pm/history/pm-yf8t.jsonl around lines 1 - 9, The PR modified a PM
system-of-record file (.agents/pm/history/pm-yf8t.jsonl); revert this direct
edit and instead apply the change through the PM-managed workflow: remove the
commit that adds/updates metadata entries for "pm-yf8t" (fields under /metadata
such as id/title/description/assignee/comments), then open the appropriate PM
workflow or ticketing interface to record the issue (create the pm-yf8t record
via the PM service) so the system-of-record is updated correctly; ensure the
auto-release workflow fix (adding a Build step and the regression test) remains
in your branch but not recorded by directly editing .agents/pm files.
Comment on lines
+1
to
+19
| id: pm-yf8t | ||
| title: "Fix Auto Release failure: build dist before pm-changelog generation runs" | ||
| description: "The Auto Release workflow (.github/workflows/auto-release.yml) installs deps then immediately runs scripts/release/run-release-pipeline.mjs, which (after the pm-changelog integration in commits b219aeed/4345920c) calls 'node dist/cli.js install npm:pm-changelog --project' and 'node dist/cli.js changelog generate ...' before any build runs. dist/cli.js does not exist at that point (runReleaseGates builds, but that runs AFTER the changelog step), so the run fails with 'Cannot find module .../dist/cli.js'. Daily auto-release has failed since 2026-05-24 (runs 26353906615, 26387640606). Other workflows (ci.yml:73, nightly.yml:80, release.yml) all run 'pnpm build' first; auto-release.yml is the only one missing it. Fix: add a Build step to auto-release.yml before the pipeline, and add a regression contract test asserting the build precedes the pipeline invocation. pm-changelog package itself is fine (v2026.5.24-15; local changelog:pm:check passes, 825 items, unchanged)." | ||
| type: Issue | ||
| status: open | ||
| priority: 1 | ||
| tags[5]: changelog,ci,pm-changelog,release,reliability | ||
| created_at: "2026-05-25T08:18:53.175Z" | ||
| updated_at: "2026-05-25T08:56:50.697Z" | ||
| assignee: claude-code-agent | ||
| author: claude-code-agent | ||
| parent: pm-rnpb | ||
| comments[5]{created_at,author,text}: | ||
| "2026-05-25T08:20:11.943Z",release-ci-subagent,"release-ci-subagent START: Plan = (1) add a 'Build' step (run: pnpm build) to .github/workflows/auto-release.yml between 'Install dependencies' and 'Run auto release pipeline' so dist/cli.js exists before run-release-pipeline.mjs calls it for pm-changelog generation; (2) add a regression contract test in tests/integration/release-automation-contract.spec.ts asserting auto-release.yml contains 'pnpm build' AND that its indexOf precedes run-release-pipeline.mjs; (3) run the contract spec. Not touching CHANGELOG.md, config.ts, or run-release-pipeline.mjs." | ||
| "2026-05-25T08:20:41.641Z",release-ci-subagent,"release-ci-subagent DONE.\n\nFILES CHANGED (2):\n1) .github/workflows/auto-release.yml -- inserted a new step between 'Install dependencies' and 'Run auto release pipeline':\n - name: Build\n run: pnpm build\n This builds dist/cli.js so the release pipeline (run-release-pipeline.mjs lines ~284-302) can call 'dist/cli.js install npm:pm-changelog --project' and 'dist/cli.js changelog generate' without Cannot-find-module errors. Verified step order is now Install dependencies -> Build -> Run auto release pipeline; YAML parses cleanly.\n\n2) tests/integration/release-automation-contract.spec.ts -- added regression test 'builds dist before the auto-release pipeline consumes dist/cli.js' (placed right after the existing auto-release workflow contract test). It reads auto-release.yml, asserts it contains 'pnpm build', and asserts indexOf('pnpm build') < indexOf('scripts/release/run-release-pipeline.mjs') so the build always precedes the pipeline. Matches existing indexOf style in the file.\n\nTESTS RUN:\n node scripts/run-tests.mjs test -- tests/integration/release-automation-contract.spec.ts\n => 1 file passed, 11 tests passed (was 10, +1 new). Build runs first then tests; all green.\n\nNOT TOUCHED (per constraints): CHANGELOG.md, src/cli/commands/config.ts (other agent), scripts/release/run-release-pipeline.mjs (workflow-only fix is sufficient; pipeline assumes dist/cli.js exists, which is the correct contract for a release job).\n\nCOORDINATOR TODO:\n - Add CHANGELOG.md [Unreleased] line, e.g. under Fixed:\n 'Fixed daily Auto Release workflow failing since 2026-05-24 by adding the missing pnpm build step before the release pipeline, so dist/cli.js exists when pm-changelog generation runs (pm-yf8t).'\n - Do NOT close pm-yf8t until PR merges (per instructions)." | ||
| "2026-05-25T08:40:50.850Z",codex-gh-triage,"GitHub triage addendum 2026-05-25: latest Auto Release failure confirmed in gh run 26387640606 on main c036f238. Job installs dependencies, does not run build, then run-release-pipeline prints v2026.5.25 and fails at node dist/cli.js install npm:pm-changelog --project with MODULE_NOT_FOUND for dist/cli.js. This matches the item description; recommended fix remains adding pnpm build before the pipeline and keeping the workflow-order regression test." | ||
| "2026-05-25T08:41:02.478Z",codex-impl-review,"Implementation-review evidence: reviewed current uncommitted auto-release diff only. .github/workflows/auto-release.yml now runs pnpm build before scripts/release/run-release-pipeline.mjs; release-automation contract covers that order. Verified with node scripts/run-tests.mjs test -- tests/unit/config-positional-value.spec.ts tests/unit/config-command.spec.ts tests/integration/release-automation-contract.spec.ts (3 files, 55 tests passed). No blocking auto-release findings." | ||
| "2026-05-25T08:56:50.697Z",codex-dedupe-agent,"Coordinator verification: auto-release build ordering fix is bundled in this PR. Regression test covers pnpm build before run-release-pipeline; full release gate passed after the branch changes. pm-changelog latest installed as 2026.5.24-15 and CHANGELOG.md check is unchanged." | ||
| body: "" |
There was a problem hiding this comment.
Do not commit direct changes to .agents/pm/issues records.
This new .agents/pm/issues record is a direct edit in the PM system-of-record path. Please move this through the PM-authoritative update path instead of source edits in the PR.
As per coding guidelines, .agents/pm/**: pm is the system of record. Do not edit .agents/pm files directly.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In @.agents/pm/issues/pm-yf8t.toon around lines 1 - 19, The file
.agents/pm/issues/pm-yf8t.toon was edited directly (system-of-record), which
violates the guideline that .agents/pm is managed by PM tooling; revert any
direct edits to that file and instead submit the change via the PM-authoritative
update path (e.g., update the PM issue through the PM UI/API or follow the
documented PM change workflow) so the record is updated properly; keep the
actual repo fixes in the codebase (the intended changes belong in
.github/workflows/auto-release.yml — add the "Build" step running "pnpm build"
before the "Run auto release pipeline" step — and the regression spec
tests/integration/release-automation-contract.spec.ts that assert the build
precedes scripts/release/run-release-pipeline.mjs), but do not commit or modify
.agents/pm/issues/pm-yf8t.toon directly.
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: f90746fe92
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
Comment on lines
+885
to
+886
| if (options.format !== undefined && options.format !== routed.value) { | ||
| throw new PmCliError( |
There was a problem hiding this comment.
The conflict guard for positional config set compares raw strings (options.format !== routed.value and similarly for options.policy), which rejects logically equivalent inputs that are accepted elsewhere. For example, pm config set item-format toon --format TOON or pm config set telemetry-tracking off --policy DISABLED now fail even though normalizeItemFormat/policy normalizers are case-insensitive. This creates a false usage error only when both forms are provided; compare normalized forms (or run the existing normalizers first) before deciding it is a conflict.
Useful? React with 👍 / 👎.
Normalize explicit config flags before comparing them with positional values so equivalent forms do not fail conflict checks. Simplify the secret scanner wrapper import and precompute line starts for scanner findings. Verification: focused config/MCP/scanner suite passed with 58 tests, node scripts/check-secrets.mjs passed, and git diff --check passed.
Owner
Author
|
Review feedback addressed in 5382c0b: normalized explicit-vs-positional config conflict checks, simplified the secret scanner wrapper import, and precomputed line starts in the scanner library. CodeRabbit's .agents/pm history comments are false positives for this repository: every .agents/pm mutation in this PR was generated through pm CLI commands and verified with pm validate/history drift checks. Local verification after the review fix: focused config/MCP/scanner suite passed (5 files, 58 tests), node scripts/check-secrets.mjs passed, and git diff --check passed. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
dist/before thepm-changelogrelease pipeline runs.pm config set <key> <value>routing for formats, criteria, and policies across CLI parsing, MCPpm_run, and SDK contracts, with shorter invalid-key guidance.npm.cmdfor npm pack tests, CRLF-tolerant generated runtime-loader checks, executable release-pipeline import avoidance, and a plain secret-scanner library for Vitest imports.pm Items
pm-rnpbparent active-work umbrellapm-yf8tAuto Release missingdist/cli.jspm-mf4jconfig positional value UXpm-7rlpWindows Nightly / CI reliability sliceVerification
node scripts/run-tests.mjs test -- tests/unit/config-positional-value.spec.ts tests/unit/config-command.spec.ts tests/integration/config-positional-cli.integration.spec.ts tests/integration/mcp-dynamic-package-actions.spec.ts tests/integration/release-automation-contract.spec.ts tests/unit/package-manifest.spec.ts tests/unit/check-secrets.spec.ts --reporter=dotdist/cli.js: init,config set telemetry-tracking off,config project set item-format toon,config set definition-of-done, shortened bogus-key error.PM_DOGFOOD_SEMANTIC=1 node scripts/dogfood-package-first.mjspnpm changelog:pm:checkwithpm-changelog2026.5.24-15;CHANGELOG.mdunchanged.node scripts/release/run-gates.mjs --telemetry-mode required --max-sentry-critical 10 --max-sentry-high 20 --max-telemetry-error-rate 10 --json: passed with 117 files / 1761 tests / 100% coverage, secret scan, package dogfood, compatibility, Sentry critical=0 high=4, telemetry finish_error_rate_pct=2.48.pm health --check-only --brief --jsonpm validate --check-resolution --check-history-drift --jsonNote: native
git pushrepeatedly failed with GitHub receive-pack HTTP 500 responses for new objects, so this branch was published withgh apiGit Data endpoints using the same local tree and commit message.