Harden history lock-window reliability and repin release workflow action

[unbraind]

Summary

• repin softprops/action-gh-release to the current v3.0.0 commit and align the CI workflow contract assertion to unblock Dependabot/workflow reliability
• expand in-process runner parity coverage with concurrent run isolation checks and explicit process-global restoration assertions
• add lock-window conflict regression coverage for history-redact, history-repair, and restore, then record pm evidence updates (including closing pm-xk39) and regenerate CHANGELOG.md

Test plan

• node scripts/run-tests.mjs test -- tests/integration/ci-workflow-contract.spec.ts
• node scripts/run-tests.mjs test -- tests/integration/cli.integration.spec.ts tests/unit/package-manifest.spec.ts tests/unit/check-secrets.spec.ts tests/integration/release-automation-contract.spec.ts --reporter=dot
• node scripts/run-tests.mjs test -- tests/integration/cli-inprocess-runner.integration.spec.ts tests/integration/release-readiness-runtime.spec.ts -t 'keeps subprocess and in-process runner behavior aligned for core flows|keeps concurrent in-process runs isolated and restores globals|keeps Sentry startup lazy for fast CLI commands' --reporter=dot
• node scripts/run-tests.mjs test -- tests/unit/history-activity-command.spec.ts tests/unit/history-repair-command.spec.ts tests/unit/restore-command.spec.ts --reporter=dot
• node scripts/release/run-gates.mjs --telemetry-mode required --max-sentry-critical 10 --max-sentry-high 20 --max-telemetry-error-rate 10 --json
• manual temp-dir flow in isolated PM_PATH/PM_GLOBAL_PATH: init -> create -> update -> append sensitive literal -> history-redact -> tamper -> history-repair -> restore -> install npm:pm-changelog -> validate -> health
• node scripts/check-secrets.mjs
• pm health --check-only --brief --json
• pm validate --check-resolution --check-history-drift --json
• node scripts/release/sentry-telemetry-gate.mjs --json --telemetry-mode required --max-critical 10 --max-high 20 --max-telemetry-error-rate 10 --max-telemetry-missing-error-rows 0

[sourcery-ai]

Sorry @unbraind, you have reached your weekly rate limit of 500000 diff characters.

Please try again later or upgrade to continue using Sourcery

[coderabbitai]

Warning

Review limit reached

@unbraind, we couldn't start this review because you've used your available PR reviews for now.

Your plan includes 1 review of capacity. Refill in 42 minutes and 48 seconds.

Your organization has run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After more review capacity refills, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than trial, open-source, and free plans. In all cases, review capacity refills continuously over time.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI (base), Organization UI (inherited)

Review profile: CHILL

Plan: Pro

Run ID: 1c48cb8b-a43c-4acd-bd5a-5e01a8a06def

📥 Commits

Reviewing files that changed from the base of the PR and between 484f2b3 and f4cf8ad.

📒 Files selected for processing (3)

• .agents/pm/chores/pm-7rlp.toon
• .agents/pm/history/pm-7rlp.jsonl
• tests/integration/cli-inprocess-runner.integration.spec.ts

📝 Walkthrough

Walkthrough

The PR adds lock-window conflict detection tests for history operations (redact, repair, restore) and verifies in-process CLI runner concurrent isolation. It updates the release workflow action pin, adds a security changelog entry, and tracks the work via project metadata including issue closure and execution history.

Changes

Reliability, Integration, and Workflow Enhancements

Layer / File(s)	Summary
Lock-window conflict detection tests for history operations tests/unit/history-activity-command.spec.ts, tests/unit/history-repair-command.spec.ts, tests/unit/restore-command.spec.ts	Unit tests verify history-redact, history-repair, and restore commands detect item or history file mutations during lock acquisition and reject with EXIT_CODE.CONFLICT and specific retry messages; history files remain unchanged after failed operations.
In-process CLI runner isolation and global restoration tests/integration/cli-inprocess-runner.integration.spec.ts	Integration test runs two CLI commands concurrently via in-process runner, sets environment sentinel and custom working directory, and asserts both succeed, include created record, and restore process.cwd() and sentinel environment variable after execution.
Release workflow action pin and contract update .github/workflows/release.yml, tests/integration/ci-workflow-contract.spec.ts, .agents/pm/chores/pm-7rlp.toon	Softprops/action-gh-release pin is updated to a new commit SHA; integration contract test expectation and tracker evidence list are updated to match the new pin; test execution plan expanded for in-process parity and nightly coverage.
Project metadata and reliability work tracking .agents/pm/extensions/.managed-extensions.json, .agents/pm/features/pm-rnpb.toon, .agents/pm/history/pm-7rlp.jsonl, .agents/pm/history/pm-rnpb.jsonl, .agents/pm/history/pm-xk39.jsonl, .agents/pm/issues/pm-xk39.toon, CHANGELOG.md	Issue pm-xk39 closed with lock-window conflict regression test coverage and manual redaction/repair/restore flow verification; feature pm-rnpb and chore pm-7rlp updated with cross-item summaries and execution history; CHANGELOG adds audited history-stream redaction security entry.

Sequence Diagram(s)

sequenceDiagram
  participant TestRunner
  participant AcquireLock
  participant ItemFile
  participant HistoryFile
  participant HistoryCommand
  TestRunner->>HistoryCommand: run history operation
  HistoryCommand->>AcquireLock: request lock
  AcquireLock->>ItemFile: mutate (mocked)
  AcquireLock-->>HistoryCommand: lock acquired
  HistoryCommand->>ItemFile: detect mismatch
  HistoryCommand-->>TestRunner: EXIT_CODE.CONFLICT
  TestRunner->>TestRunner: verify no history changes
  TestRunner->>TestRunner: assert specific error message

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• unbraind/pm-cli#44: New lock-window conflict tests exercise history replay/repair behavior introduced in this PR.
• unbraind/pm-cli#50: CI chore/history evidence and workflow-contract test updates relate to CI runtime dedupe changes from this PR.
• unbraind/pm-cli#67: In-process CLI runner isolation tests extend the in-process runner foundation established in this PR.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main changes: hardening history lock-window reliability and repinning the release workflow action.
Description check	✅ Passed	The description clearly relates to the changeset, detailing the three main objectives and providing a comprehensive test plan with checked items.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Code Review

This pull request focuses on improving the reliability and integrity of history-related operations. Key changes include adding regression tests for conflict handling during the lock window for the history-redact, history-repair, and restore commands, as well as updating a CI action pin. Feedback suggests improving test hygiene by avoiding direct process.env mutation and enhancing the concurrency tests for the in-process runner to better verify state isolation given the runner's serialized execution model.

[gemini-code-assist]

Mutating process.env directly in a test can lead to side effects for other tests in the same process. While this specific sentinel key is likely unique, it is safer to use vi.stubEnv or save the original value and restore it in a finally block to ensure environment hygiene.

[gemini-code-assist]

The test uses Promise.all to verify isolation between 'concurrent' runs. However, as noted in the project evidence (toon comment 37), the in-process runner serializes invocations with a queue lock. This means the commands run sequentially rather than concurrently. While this verifies that state is restored between sequential runs, it doesn't actually test concurrency isolation. To make this test more robust, the second command should explicitly verify that it starts with a clean state (e.g., by checking its own cwd or env if the CLI exposed a command for that).

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.agents/pm/history/pm-7rlp.jsonl:
- Around line 61-68: You directly edited the agent history record pm-7rlp
(changes authored by codex-reliability-history-agent) under the agents metadata,
but these files must be changed only by the pm workflow; revert the manual edits
to that JSONL entry and re-create the intended metadata update by running the pm
workflow/commands (use the pm tool to claim/patch or files_add operations that
produce the same op entries such as "claim", "files_add", "tests_add",
"comment_add") so the system-of-record operations are recorded by pm rather than
committing direct edits.

In @.agents/pm/history/pm-rnpb.jsonl:
- Line 629: The change directly edits the system-of-record file
.agents/pm/history/pm-rnpb.jsonl (modifying metadata/comments/280 and
metadata/updated_at); undo the manual edits and re-generate this record using
the pm tooling/workflow that owns .agents/pm (do not commit direct edits).
Re-run the pm command or script that updates pm-rnpb.jsonl so it produces the
proper metadata (including the comment entry and updated_at value) and commit
the generated output instead of hand-editing metadata/comments/280 or
metadata/updated_at.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI (base), Organization UI (inherited)

Review profile: CHILL

Plan: Pro

Run ID: a0071cec-242b-44ed-ba2b-f1a55299852a

📥 Commits

Reviewing files that changed from the base of the PR and between c5538fb and 484f2b3.

📒 Files selected for processing (14)

• .agents/pm/chores/pm-7rlp.toon
• .agents/pm/extensions/.managed-extensions.json
• .agents/pm/features/pm-rnpb.toon
• .agents/pm/history/pm-7rlp.jsonl
• .agents/pm/history/pm-rnpb.jsonl
• .agents/pm/history/pm-xk39.jsonl
• .agents/pm/issues/pm-xk39.toon
• .github/workflows/release.yml
• CHANGELOG.md
• tests/integration/ci-workflow-contract.spec.ts
• tests/integration/cli-inprocess-runner.integration.spec.ts
• tests/unit/history-activity-command.spec.ts
• tests/unit/history-repair-command.spec.ts
• tests/unit/restore-command.spec.ts

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Do not commit direct changes under .agents/pm/**.

This PR includes direct modifications to .agents/pm/history/pm-7rlp.jsonl (Line 61 through Line 68). These changes should be produced via the pm workflow, not edited in-repo.

As per coding guidelines, .agents/pm/**: pm is the system of record. Do not edit .agents/pm files directly.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.agents/pm/history/pm-7rlp.jsonl around lines 61 - 68, You directly edited
the agent history record pm-7rlp (changes authored by
codex-reliability-history-agent) under the agents metadata, but these files must
be changed only by the pm workflow; revert the manual edits to that JSONL entry
and re-create the intended metadata update by running the pm workflow/commands
(use the pm tool to claim/patch or files_add operations that produce the same op
entries such as "claim", "files_add", "tests_add", "comment_add") so the
system-of-record operations are recorded by pm rather than committing direct
edits.

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Do not commit direct edits under .agents/pm/**; regenerate via pm tooling instead.

This change updates a system-of-record file directly, which violates the repository rule for .agents/pm/**. Please re-apply this update through the pm command/workflow that owns these records, then commit the generated output.

As per coding guidelines, “.agents/pm/**: pm is the system of record. Do not edit .agents/pm files directly.”

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.agents/pm/history/pm-rnpb.jsonl at line 629, The change directly edits the
system-of-record file .agents/pm/history/pm-rnpb.jsonl (modifying
metadata/comments/280 and metadata/updated_at); undo the manual edits and
re-generate this record using the pm tooling/workflow that owns .agents/pm (do
not commit direct edits). Re-run the pm command or script that updates
pm-rnpb.jsonl so it produces the proper metadata (including the comment entry
and updated_at value) and commit the generated output instead of hand-editing
metadata/comments/280 or metadata/updated_at.