Harden history lock windows and add in-process CLI runner foundation

[unbraind]

Summary

• harden history-redact, history-repair, and restore against read-then-lock TOCTOU windows by verifying history/item snapshots under lock before writing
• add an explicit runPmCli(argv) invocation seam and in-process test runner helper path for pm-7rlp, including a dedicated subprocess-vs-in-process parity integration test
• update pm tracker evidence in detail for pm-7rlp/pm-uer0, close stale completed items (pm-yf8t, pm-mf4j, pm-5k2w, pm-ash0, pm-0c9q), and backfill required closure metadata

Test plan

• node scripts/run-tests.mjs test -- tests/unit/history-activity-command.spec.ts tests/unit/history-repair-command.spec.ts tests/unit/restore-command.spec.ts --reporter=dot
• node scripts/run-tests.mjs test -- tests/integration/cli-inprocess-runner.integration.spec.ts tests/integration/release-readiness-runtime.spec.ts -t 'keeps subprocess and in-process runner behavior aligned for core flows|keeps Sentry startup lazy for fast CLI commands' --reporter=dot
• node scripts/release/run-gates.mjs --telemetry-mode required --max-sentry-critical 10 --max-sentry-high 20 --max-telemetry-error-rate 10 --json
• manual temp-directory reliability walkthrough covering init/create/update/history-redact/history-repair/restore/install/doctor/close/release
• node scripts/smoke-codex-plugin-mcp.mjs
• pm validate --check-resolution --check-history-drift --json
• pm health --check-only --brief --json
• node scripts/check-secrets.mjs
• node scripts/release/sentry-telemetry-gate.mjs --json --telemetry-mode required --max-critical 10 --max-high 20 --max-telemetry-error-rate 10 --max-telemetry-missing-error-rows 0

[sourcery-ai]

Sorry @unbraind, you have reached your weekly rate limit of 500000 diff characters.

Please try again later or upgrade to continue using Sourcery

[coderabbitai]

Warning

Review limit reached

@unbraind, we couldn't start this review because you've used your available PR reviews for now.

Your plan includes 1 review of capacity. Refill in 34 minutes and 51 seconds.

Your organization has run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After more review capacity refills, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than trial, open-source, and free plans. In all cases, review capacity refills continuously over time.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI (base), Organization UI (inherited)

Review profile: CHILL

Plan: Pro

Run ID: c2d314f2-9345-4390-8cb5-1f944e1057a0

📥 Commits

Reviewing files that changed from the base of the PR and between 505c1d0 and 09b7e3d.

📒 Files selected for processing (9)

• .agents/pm/chores/pm-7rlp.toon
• .agents/pm/chores/pm-uer0.toon
• .agents/pm/features/pm-rnpb.toon
• .agents/pm/history/pm-7rlp.jsonl
• .agents/pm/history/pm-rnpb.jsonl
• .agents/pm/history/pm-uer0.jsonl
• CHANGELOG.md
• src/cli/commands/history-repair.ts
• tests/helpers/cliRunner.ts

📝 Walkthrough

Walkthrough

This PR introduces in-process CLI test execution infrastructure by exporting a parameterized runPmCli() function and building test helpers to dynamically load and invoke it with captured output. Concurrently, it hardens read-then-lock TOCTOU patterns across history commands (history-redact, history-repair, restore) by snapshot-and-revalidate conflict detection.

Changes

In-process CLI runner foundation

Layer / File(s)	Summary
CLI entrypoint refactoring src/cli/main.ts, src/cli.ts	Export runPmCli(rawArgv) from main.ts; update cli.ts to dynamically import and await runPmCli(process.argv.slice(2)) for parameterized argv handling.
In-process test runner helper tests/helpers/cliRunner.ts	Add runInProcessDistCli() that dynamically imports the built CLI, captures stdout/stderr by patching write methods, invokes runPmCli(args), and restores process state; include output normalization and environment override helpers.
Test context integration tests/helpers/withTempPmPath.ts	Extend TempPmContext interface with runCliInProcess method; wire test context with runNodeCliInProcess wrapper for in-process CLI invocation with argument normalization and environment passthrough.
Integration parity test tests/integration/cli-inprocess-runner.integration.spec.ts	New test suite verifying CLI behavior parity between subprocess and in-process runners for create/list-open flows and error handling on invalid flags.

Lock-window TOCTOU conflict detection

Layer / File(s)	Summary
history-redact command hardening src/cli/commands/history-redact.ts	Snapshot history stream before lock; re-read and compare under lock to detect concurrent mutations; throw conflict error if history or item changed while waiting; adjust rollback to restore pre-lock state.
history-repair command hardening src/cli/commands/history-repair.ts	Capture pre-lock snapshots of history and item raw content; re-locate, re-load, and re-verify both under lock; throw conflict error on mismatch; adjust error recovery rollback logic.
restore command hardening src/cli/commands/restore.ts	Add pre-lock snapshots of history and item state; re-read and compare under lock; throw conflict error if changed; re-resolve item under lock and initialize resolved state from locked read (with replay fallback).
Conflict regression test coverage tests/unit/history-activity-command.spec.ts, tests/unit/history-repair-command.spec.ts, tests/unit/restore-command.spec.ts	New unit tests spy on lock acquisition, mutate state before lock proceeds, and verify commands reject with conflict error; update Vitest imports to include vi for mocking/spying.

Sequence Diagram(s)

sequenceDiagram
  participant srcCli as src/cli.ts
  participant srcCliMain as src/cli/main.ts
  participant distCli as dist/cli/main.js
  participant subprocess as subprocess runner
  participant inprocess as in-process runner
  
  srcCli->>srcCliMain: dynamic import & await runPmCli(argv)
  activate srcCliMain
  srcCliMain->>srcCliMain: bootstrap, register extensions, parse command
  srcCliMain->>srcCliMain: execute command (history-redact, restore, etc.)
  deactivate srcCliMain
  
  subprocess->>distCli: spawn child process, import normally
  inprocess->>distCli: dynamic import (cache-busted), call runPmCli(args)
  subprocess-->>subprocess: capture stdout/stderr via subprocess streams
  inprocess-->>inprocess: capture stdout/stderr via write() patching
  
  Note over subprocess,inprocess: Both runners verify command exit code & output match

Loading

sequenceDiagram
  participant command as history-redact/repair/restore
  participant store as item store
  participant lock as lock acquisition
  participant disk as disk file
  
  command->>disk: snapshot history & item state (before lock)
  command->>lock: acquire lock
  activate lock
  command->>disk: re-read history & item state (under lock)
  command->>command: compare pre-lock vs. under-lock snapshots
  alt state changed while waiting
    command->>command: throw CONFLICT error
  else state unchanged
    command->>disk: perform write operation
    command->>command: commit
  end
  deactivate lock

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• unbraind/pm-cli#44: Directly related history-repair audit and re-anchor work touching the same command flow.
• unbraind/pm-cli#54: Related CLI execution and module-loading refactoring in src/cli/main.ts.
• unbraind/pm-cli#48: Related CLI bootstrap changes in src/cli.ts around dynamic import and compile-cache enablement.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately summarizes the main changes: hardening history lock windows and adding an in-process CLI runner foundation.
Description check	✅ Passed	The description provides meaningful detail about changes to history command handling, CLI runner infrastructure, and tracker evidence updates, all related to the changeset.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 6

🧹 Nitpick comments (1)

tests/integration/cli-inprocess-runner.integration.spec.ts (1)

26-30: ⚡ Quick win

Tighten invalid-flag parity check by asserting subprocess stderr too.

Right now this branch only checks the in-process output contains --bogus-flag. Add the same assertion for subprocess output so parity failures are caught symmetrically.

✅ Minimal test hardening

       const subprocessUsage = context.runCli(["list-open", "--bogus-flag"]);
       const inProcessUsage = await context.runCliInProcess(["list-open", "--bogus-flag"]);
       expect(inProcessUsage.code).toBe(subprocessUsage.code);
+      expect(subprocessUsage.stderr).toContain("--bogus-flag");
       expect(inProcessUsage.stderr).toContain("--bogus-flag");

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@tests/integration/cli-inprocess-runner.integration.spec.ts` around lines 26 -
30, The test checks that inProcessUsage.stderr contains "--bogus-flag" but
doesn't assert the same for subprocessUsage, allowing asymmetric parity; update
the test that uses context.runCli([...]) and context.runCliInProcess([...]) to
also assert that subprocessUsage.stderr contains "--bogus-flag" (mirror the
inProcess assertion) so both subprocessUsage and inProcessUsage stderr outputs
are compared for the invalid-flag case.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.agents/pm/chores/pm-ash0.toon:
- Around line 5-24: The PR edited pm tracker artifacts directly (the pm system
of record) instead of using the pm workflow; revert the manual edits to the
tracker artifacts and reapply the naming migration through the pm system
workflow so generated artifacts are produced and committed by that flow; run the
pm workflow/CLI to rename plugin IDs to pm-claude/pm-codex, MCP identity to
pm-mcp and packages to `@unbrained/pm-`*, regenerate plugin metadata (plugin.json)
and MCP server artifacts, then rerun the smoke and test suite to confirm
acceptance criteria and commit only the generated outputs.

In @.agents/pm/history/pm-0c9q.jsonl:
- Around line 90-95: The patch illegally mutates PM tracker JSON fields
(adds/replaces keys like metadata.assignee, metadata.status,
metadata.close_reason and other metadata entries) directly in the repository;
revert those direct edits and instead perform the closure/update via the
authoritative pm workflow/tooling (open or update the PM record through the pm
workflow UI or API) so that metadata changes (assignee, status, resolution,
expected_result, actual_result) are applied through the system-of-record rather
than committing edits to the JSON history file.

In @.agents/pm/history/pm-rnpb.jsonl:
- Around line 621-622: Revert the manual additions to the history JSON (the
inserted metadata.comments entries 273 and 274 with timestamps
2026-05-25T10:08:53.523Z and 2026-05-25T10:19:49.187Z) so the file no longer
contains hand-edited records, and regenerate or add those records using the
official pm workflow/tool (run the pm workflow that appends to the history
stream) instead of editing metadata/comments directly; ensure future changes to
the history stream are produced by the pm system-of-record process, not by
committing edits to the history JSON.

In @.agents/pm/history/pm-uer0.jsonl:
- Around line 2-13: Revert the direct edits made to the PM system-of-record file
.agents/pm/history/pm-uer0.jsonl (the added/modified metadata entries like
metadata.assignee, metadata.status, metadata/files, metadata/comments, etc.) and
restore the file to its canonical state (undo the commit or fetch the version
from main/master); then re-apply any required changes through the sanctioned PM
workflow/tooling (create the claim/update via the PM system so metadata updates
appear through the proper API rather than direct file edits).

In `@tests/helpers/cliRunner.ts`:
- Around line 123-143: The global stream monkey-patch in the cli runner replaces
process.stdout.write and process.stderr.write (see the anonymous write wrappers
that use chunkToString and append to stdout/stderr) and must be serialized to
avoid races; implement a module-level mutex/queue so only one in-process capture
runs at a time: before replacing the writers acquire the lock (enqueue), perform
the patching and test invocation, then restore the original writers and release
the lock (dequeue); ensure the lock protects both stdout and stderr patches and
that the original writer references are stored and restored even on exceptions
so stdout/stderr and chunkToString behavior remain consistent.
- Around line 117-177: The finally block must not perform control flow or
construct/return the result; move the global state mutations (setting
process.argv, process.exitCode, process.chdir(options.cwd), overriding
process.stdout.write/process.stderr.write using
previousStdoutWrite/previousStderrWrite) into the protected try block before
calling loaded.runPmCli(args), ensure capturedError is set in the catch, and
restrict finally to only restore globals (reset writes, process.argv,
process.exitCode, cwd, restoreEnv). After the try/catch/finally sequence, build
and return the DirectCliRunResult (including JSON parse for options.expectJson)
so no return occurs inside finally and setup failures still get restored.

---

Nitpick comments:
In `@tests/integration/cli-inprocess-runner.integration.spec.ts`:
- Around line 26-30: The test checks that inProcessUsage.stderr contains
"--bogus-flag" but doesn't assert the same for subprocessUsage, allowing
asymmetric parity; update the test that uses context.runCli([...]) and
context.runCliInProcess([...]) to also assert that subprocessUsage.stderr
contains "--bogus-flag" (mirror the inProcess assertion) so both subprocessUsage
and inProcessUsage stderr outputs are compared for the invalid-flag case.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI (base), Organization UI (inherited)

Review profile: CHILL

Plan: Pro

Run ID: 30422769-d7e6-4ee4-a9c9-ddc96b59e159

📥 Commits

Reviewing files that changed from the base of the PR and between ae3d884 and 505c1d0.

📒 Files selected for processing (27)

• .agents/pm/chores/pm-5k2w.toon
• .agents/pm/chores/pm-7rlp.toon
• .agents/pm/chores/pm-ash0.toon
• .agents/pm/chores/pm-mf4j.toon
• .agents/pm/chores/pm-uer0.toon
• .agents/pm/features/pm-rnpb.toon
• .agents/pm/history/pm-0c9q.jsonl
• .agents/pm/history/pm-5k2w.jsonl
• .agents/pm/history/pm-7rlp.jsonl
• .agents/pm/history/pm-ash0.jsonl
• .agents/pm/history/pm-mf4j.jsonl
• .agents/pm/history/pm-rnpb.jsonl
• .agents/pm/history/pm-uer0.jsonl
• .agents/pm/history/pm-yf8t.jsonl
• .agents/pm/issues/pm-yf8t.toon
• .agents/pm/tasks/pm-0c9q.toon
• src/cli.ts
• src/cli/commands/history-redact.ts
• src/cli/commands/history-repair.ts
• src/cli/commands/restore.ts
• src/cli/main.ts
• tests/helpers/cliRunner.ts
• tests/helpers/withTempPmPath.ts
• tests/integration/cli-inprocess-runner.integration.spec.ts
• tests/unit/history-activity-command.spec.ts
• tests/unit/history-repair-command.spec.ts
• tests/unit/restore-command.spec.ts

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Do not directly modify .agents/pm tracker artifacts.

These are direct edits under .agents/pm/**, which violates repository workflow policy. Please apply updates through the pm system workflow and commit generated artifacts from that flow instead of hand-editing these files.

As per coding guidelines, .agents/pm/**: pm is the system of record. Do not edit .agents/pm files directly.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.agents/pm/chores/pm-ash0.toon around lines 5 - 24, The PR edited pm tracker
artifacts directly (the pm system of record) instead of using the pm workflow;
revert the manual edits to the tracker artifacts and reapply the naming
migration through the pm system workflow so generated artifacts are produced and
committed by that flow; run the pm workflow/CLI to rename plugin IDs to
pm-claude/pm-codex, MCP identity to pm-mcp and packages to `@unbrained/pm-`*,
regenerate plugin metadata (plugin.json) and MCP server artifacts, then rerun
the smoke and test suite to confirm acceptance criteria and commit only the
generated outputs.

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Do not directly modify tracker system-of-record files under .agents/pm/**.

These updates directly edit .agents/pm/history/pm-0c9q.jsonl, which violates the repository process rule for PM records. Please route these mutations through the pm workflow instead of file edits.

As per coding guidelines, .agents/pm/**: pm is the system of record. Do not edit .agents/pm files directly.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.agents/pm/history/pm-0c9q.jsonl around lines 90 - 95, The patch illegally
mutates PM tracker JSON fields (adds/replaces keys like metadata.assignee,
metadata.status, metadata.close_reason and other metadata entries) directly in
the repository; revert those direct edits and instead perform the closure/update
via the authoritative pm workflow/tooling (open or update the PM record through
the pm workflow UI or API) so that metadata changes (assignee, status,
resolution, expected_result, actual_result) are applied through the
system-of-record rather than committing edits to the JSON history file.

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Avoid direct edits under .agents/pm history files.

Line 621 and Line 622 add records directly in .agents/pm/history/pm-rnpb.jsonl. These updates should be produced via pm workflows, not hand-edited in PR diffs.

As per coding guidelines, .agents/pm/**: pm is the system of record. Do not edit .agents/pm files directly.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.agents/pm/history/pm-rnpb.jsonl around lines 621 - 622, Revert the manual
additions to the history JSON (the inserted metadata.comments entries 273 and
274 with timestamps 2026-05-25T10:08:53.523Z and 2026-05-25T10:19:49.187Z) so
the file no longer contains hand-edited records, and regenerate or add those
records using the official pm workflow/tool (run the pm workflow that appends to
the history stream) instead of editing metadata/comments directly; ensure future
changes to the history stream are produced by the pm system-of-record process,
not by committing edits to the history JSON.

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Do not modify .agents/pm history files directly.

This PR directly edits .agents/pm/history/pm-uer0.jsonl (Line 2–Line 13), which violates repository policy for PM system-of-record artifacts. Please apply these updates through the sanctioned PM workflow/tooling instead of direct file edits.

As per coding guidelines, .agents/pm/**: "pm is the system of record. Do not edit .agents/pm files directly."

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.agents/pm/history/pm-uer0.jsonl around lines 2 - 13, Revert the direct
edits made to the PM system-of-record file .agents/pm/history/pm-uer0.jsonl (the
added/modified metadata entries like metadata.assignee, metadata.status,
metadata/files, metadata/comments, etc.) and restore the file to its canonical
state (undo the commit or fetch the version from main/master); then re-apply any
required changes through the sanctioned PM workflow/tooling (create the
claim/update via the PM system so metadata updates appear through the proper API
rather than direct file edits).

[chatgpt-codex-connector]

💡 Codex Review

pm-cli/src/cli/main.ts

Line 1548 in 505c1d0

await registerCoreCommandFamilies(program, registrationSelection);

Reinitialize command registration per runPmCli call

Because runPmCli is now exported and callable, invoking it more than once in the same process reuses the module-level program and calls registerCoreCommandFamilies again without clearing prior command registrations. This can trigger duplicate-command registration failures on subsequent calls, which breaks the new in-process invocation seam for long-lived hosts that import once and execute multiple CLI commands.

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

Capture pre-lock history snapshot before parsing entries

Move the historyRawBeforeLock read so it happens before readHistoryEntries. In the current order, if another writer updates subject.historyPath after entries are parsed but before historyRawBeforeLock is captured, rewrittenEntries are computed from stale content while the later under-lock equality check still passes against the newer raw snapshot, allowing history-repair to overwrite concurrent changes without raising the intended conflict.

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

Wrap cwd switch in runner restoration guard

In runInProcessDistCli, process.argv, process.exitCode, and environment overrides are applied before process.chdir(options.cwd), but the try/finally restoration block starts later. If options.cwd is invalid (or chdir otherwise throws), the function exits before restoration, leaking modified global process state into later tests and causing cascading failures.

Useful? React with 👍 / 👎.

[gemini-code-assist]

Code Review

This pull request bundles several reliability and UX improvements, including hardening history commands against TOCTOU race conditions, fixing build ordering in the auto-release workflow, and introducing an in-process CLI runner for testing. Feedback identified critical issues in the new test runner's global state management, specifically that the environment override logic is destructive and that global mutations of the working directory and standard output streams prevent safe parallel execution.

[gemini-code-assist]

The applyEnvOverride implementation is destructive to process.env. By iterating over a union of all existing keys and the override keys, and deleting any key from process.env that is not present in the override object (next === undefined), it effectively wipes out essential environment variables like PATH, HOME, USER, etc., unless they are explicitly included in the override. This will likely cause failures in CLI commands that rely on these standard variables.

References

1. Defensive programming: ensure that invalid inputs or states are safely handled in all cases. Wiping out the global environment is an unsafe state for a CLI tool.

[gemini-code-assist]

Overriding process.stdout.write globally is a significant side effect that prevents tests using this helper from running in parallel. While the PR description acknowledges this risk, the helper itself does not enforce serial execution. If multiple tests invoke runInProcessDistCli concurrently, their output will be interleaved and captured incorrectly by all active runners.

References

1. Identify performance bottlenecks and avoid unnecessary race conditions. Global side effects in a test runner lead to flaky tests when parallelized.

[gemini-code-assist]

Using process.chdir is a global side effect that affects the entire process. Similar to the environment and output overrides, this makes the helper unsafe for parallel test execution. Any other test running in the same process will have its working directory changed unexpectedly.

References

1. Ensure that invalid inputs or states are safely handled. Global state mutation without isolation is an unsafe pattern for unit/integration tests.