bosun 0.40.9 → 0.40.10

package/.env.example

@@ -541,6 +541,9 @@ VOICE_DELEGATE_EXECUTOR=codex-sdk
 # BOSUN_TASK_CONTEXT_MAX_COMMENTS=8
 # BOSUN_TASK_CONTEXT_MAX_COMMENT_CHARS=1200
 # BOSUN_TASK_CONTEXT_MAX_ATTACHMENTS=20
+# Immediate cap for known high-volume git outputs in context cache.
+# Set to 0 to disable the cap entirely (default: 8000).
+# BOSUN_GIT_OUTPUT_MAX_CHARS=8000
 # Max upload size for task/chat attachments (MB)
 # BOSUN_ATTACHMENT_MAX_MB=25
 

package/README.md

@@ -149,26 +149,6 @@ Bosun enforces a strict quality pipeline in both local hooks and CI:
 - **Demo load smoke test** runs in `npm test` and blocks push if `site/index.html` or `site/ui/demo.html` fails to load required assets.
 - **Prepublish checks** validate package contents and release readiness.
 
-### Codebase annotation audit
-
-Use `bosun audit` to generate and validate repo-level annotations that help future agents navigate the codebase without extra runtime context:
-
-```bash
-# Coverage report for supported source files
-bosun audit scan
-
-# Add missing file summaries and risky-function warnings
-bosun audit generate
-bosun audit warn
-
-# Rebuild lean manifests and the file responsibility index
-bosun audit manifest
-bosun audit index
-bosun audit trim
-
-# CI-safe conformity gate
-bosun audit --ci
-```
 
 Notes:
 

package/agent/fleet-coordinator.mjs

@@ -33,6 +33,7 @@ import {
   selectCoordinator,
   getPresenceState,
 } from "../infra/presence.mjs";
+import { sanitizeGitEnv } from "../git/git-safety.mjs";
 
 const __dirname = dirname(fileURLToPath(import.meta.url));
 
@@ -57,11 +58,7 @@ function emitFleetEvent(eventType, eventData = {}, opts = {}) {
 // ── Repo Fingerprinting ──────────────────────────────────────────────────────
 
 function buildGitEnv() {
-  const env = { ...process.env };
-  delete env.GIT_DIR;
-  delete env.GIT_WORK_TREE;
-  delete env.GIT_INDEX_FILE;
-  return env;
+  return sanitizeGitEnv();
 }
 
 /**
@@ -857,4 +854,3 @@ export function formatFleetSummary() {
 
   return lines.join("\n");
 }
-

package/git/git-safety.mjs

@@ -1,14 +1,98 @@
 import { spawnSync } from "node:child_process";
 
+const STRIPPED_GIT_ENV_KEYS = [
+  "GIT_DIR",
+  "GIT_WORK_TREE",
+  "GIT_COMMON_DIR",
+  "GIT_INDEX_FILE",
+  "GIT_OBJECT_DIRECTORY",
+  "GIT_ALTERNATE_OBJECT_DIRECTORIES",
+  "GIT_NAMESPACE",
+  "GIT_PREFIX",
+  "GIT_SUPER_PREFIX",
+];
+
+const BLOCKED_TEST_GIT_IDENTITIES = new Set([
+  "test@example.com",
+  "bosun-tests@example.com",
+]);
+
+const TEST_FIXTURE_SENTINEL_PATHS = new Set([
+  ".github/agents/TaskPlanner.agent.md",
+]);
+
 function runGit(args, cwd, timeout = 15_000) {
   return spawnSync("git", args, {
     cwd,
     encoding: "utf8",
     timeout,
     shell: false,
+    env: sanitizeGitEnv(),
   });
 }
 
+export function sanitizeGitEnv(baseEnv = process.env, extraEnv = {}) {
+  const env = { ...baseEnv };
+  for (const key of STRIPPED_GIT_ENV_KEYS) {
+    delete env[key];
+  }
+  return { ...env, ...extraEnv };
+}
+
+function getGitConfig(cwd, key) {
+  const result = runGit(["config", "--get", key], cwd, 5_000);
+  if (result.status !== 0) return "";
+  return String(result.stdout || "").trim();
+}
+
+function listTrackedFiles(cwd, ref = "HEAD") {
+  const result = runGit(["ls-tree", "-r", "--name-only", ref], cwd, 30_000);
+  if (result.status !== 0) return null;
+  const out = String(result.stdout || "").trim();
+  return out ? out.split("\n").filter(Boolean) : [];
+}
+
+function collectBlockedIdentitySignals(cwd) {
+  const signals = [];
+  const envChecks = [
+    ["GIT_AUTHOR_EMAIL", process.env.GIT_AUTHOR_EMAIL],
+    ["GIT_COMMITTER_EMAIL", process.env.GIT_COMMITTER_EMAIL],
+    ["VE_GIT_AUTHOR_EMAIL", process.env.VE_GIT_AUTHOR_EMAIL],
+  ];
+  for (const [key, value] of envChecks) {
+    const email = String(value || "").trim().toLowerCase();
+    if (BLOCKED_TEST_GIT_IDENTITIES.has(email)) {
+      signals.push(`${key}=${email}`);
+    }
+  }
+
+  const configChecks = [
+    ["git config user.email", getGitConfig(cwd, "user.email")],
+    ["git config author.email", getGitConfig(cwd, "author.email")],
+    ["git config committer.email", getGitConfig(cwd, "committer.email")],
+  ];
+  for (const [label, value] of configChecks) {
+    const email = String(value || "").trim().toLowerCase();
+    if (BLOCKED_TEST_GIT_IDENTITIES.has(email)) {
+      signals.push(`${label}=${email}`);
+    }
+  }
+
+  return signals;
+}
+
+function detectKnownFixtureSignature(cwd) {
+  const trackedFiles = listTrackedFiles(cwd, "HEAD");
+  if (!trackedFiles) return null;
+  const sentinelHits = trackedFiles.filter((file) => TEST_FIXTURE_SENTINEL_PATHS.has(file));
+  if (sentinelHits.length === 0) return null;
+  if (trackedFiles.length > 10) return null;
+  return {
+    trackedFiles: trackedFiles.length,
+    sentinels: sentinelHits,
+  };
+}
+
 function countTrackedFiles(cwd, ref) {
   const result = runGit(["ls-tree", "-r", "--name-only", ref], cwd, 30_000);
   if (result.status !== 0) return null;
@@ -129,6 +213,18 @@ export function evaluateBranchSafetyForPush(worktreePath, opts = {}) {
   }
 
   const reasons = [];
+  const blockedIdentitySignals = collectBlockedIdentitySignals(worktreePath);
+  if (blockedIdentitySignals.length > 0) {
+    reasons.push(`blocked test git identity detected (${blockedIdentitySignals.join(", ")})`);
+  }
+
+  const fixtureSignature = detectKnownFixtureSignature(worktreePath);
+  if (fixtureSignature) {
+    reasons.push(
+      `HEAD matches known test fixture signature (${fixtureSignature.sentinels.join(", ")} in ${fixtureSignature.trackedFiles} tracked files)`,
+    );
+  }
+
   if (baseFiles >= 500 && headFiles <= Math.max(25, Math.floor(baseFiles * 0.15))) {
     reasons.push(`HEAD tracks only ${headFiles}/${baseFiles} files vs ${remoteRef}`);
   }

package/git/sdk-conflict-resolver.mjs

@@ -25,6 +25,7 @@ import { resolveCodexProfileRuntime } from "../shell/codex-model-profiles.mjs";
 import {
   evaluateBranchSafetyForPush,
   normalizeBaseBranch,
+  sanitizeGitEnv,
 } from "./git-safety.mjs";
 
 // ── Configuration ────────────────────────────────────────────────────────────
@@ -73,6 +74,7 @@ function gitExec(args, cwd, timeoutMs = 30_000) {
       stdio: ["ignore", "pipe", "pipe"],
       shell: false,
       timeout: timeoutMs,
+      env: sanitizeGitEnv(),
     });
 
     let stdout = "";

package/infra/monitor.mjs

@@ -14742,7 +14742,10 @@ injectMonitorFunctions({
   },
   triggerTaskPlanner,
 });
-if (telegramBotEnabled) {
+const portalWantsStart =
+  ["1", "true", "yes"].includes(String(process.env.TELEGRAM_MINIAPP_ENABLED || "").toLowerCase()) ||
+  Number(process.env.TELEGRAM_UI_PORT || "0") > 0;
+if (telegramBotEnabled || portalWantsStart) {
   runDetached("telegram-bot:start-startup", () =>
     startTelegramBot(getTelegramBotStartOptions()));
 

package/kanban/ve-orchestrator.ps1

@@ -734,6 +734,11 @@ function Ensure-GitIdentity {
     $email = Get-EnvFallback -Name "VE_GIT_AUTHOR_EMAIL"
     if (-not $email) { $email = Get-EnvFallback -Name "GIT_AUTHOR_EMAIL" }
 
+    $blockedEmails = @("test@example.com", "bosun-tests@example.com")
+    if ($email -and ($blockedEmails -contains $email.ToLowerInvariant())) {
+        throw "Refusing to configure test git identity in live orchestrator environment: $email"
+    }
+
     if ($name) {
         try { git config user.name $name | Out-Null } catch { }
         Set-EnvValue -Name "GIT_AUTHOR_NAME" -Value $name

package/kanban/vk-error-resolver.mjs

@@ -17,11 +17,15 @@
  * - Only resolves for successfully completed tasks
  */
 
-import { spawn, execSync } from "node:child_process";
+import { spawn, spawnSync, execSync } from "node:child_process";
 import { existsSync, mkdirSync, writeFileSync, readFileSync } from "node:fs";
 import { resolve } from "node:path";
 import { fileURLToPath } from "url";
 import { getWorktreeManager } from "../workspace/worktree-manager.mjs";
+import {
+  evaluateBranchSafetyForPush,
+  sanitizeGitEnv,
+} from "../git/git-safety.mjs";
 
 const __dirname = resolve(fileURLToPath(new URL(".", import.meta.url)));
 
@@ -65,6 +69,31 @@ function extractBranch(logLine) {
   return branchMatch ? branchMatch[0] : null;
 }
 
+function runGit(args, cwd, opts = {}) {
+  const result = spawnSync("git", args, {
+    cwd,
+    encoding: "utf8",
+    stdio: ["ignore", "pipe", "pipe"],
+    shell: false,
+    timeout: opts.timeout ?? 30_000,
+    env: sanitizeGitEnv(process.env, opts.env || {}),
+  });
+  if (result.status === 0) {
+    return String(result.stdout || "").trim();
+  }
+  const stderr = String(result.stderr || result.stdout || result.error?.message || "git command failed").trim();
+  throw new Error(stderr || "git command failed");
+}
+
+function assertPushSafe(worktreePath, branch) {
+  const safety = evaluateBranchSafetyForPush(worktreePath, { baseBranch: "main" });
+  if (!safety.safe) {
+    throw new Error(
+      `refusing git mutation on ${branch}: ${safety.reason || "branch safety check failed"}`,
+    );
+  }
+}
+
 // ── State Management ─────────────────────────────────────────────────────────
 
 class ResolutionState {
@@ -196,26 +225,22 @@ class UncommittedChangesResolver {
     }
 
     try {
+      assertPushSafe(worktreePath, branch);
+
       // Add uncommitted files
-      execSync("git add .", {
-        cwd: worktreePath,
-        stdio: "pipe",
-        env: { ...process.env, GIT_EDITOR: ":", GIT_MERGE_AUTOEDIT: "no" },
+      runGit(["add", "."], worktreePath, {
+        env: { GIT_EDITOR: ":", GIT_MERGE_AUTOEDIT: "no" },
       });
 
       // Commit changes
       const commitMsg = "chore(bosun): add uncommitted changes";
-      execSync(`git commit -m "${commitMsg}" --no-edit`, {
-        cwd: worktreePath,
-        stdio: "pipe",
-        env: { ...process.env, GIT_EDITOR: ":", GIT_MERGE_AUTOEDIT: "no" },
+      runGit(["commit", "-m", commitMsg, "--no-edit"], worktreePath, {
+        env: { GIT_EDITOR: ":", GIT_MERGE_AUTOEDIT: "no" },
       });
 
       // Push to remote
-      execSync(`git push origin ${branch}`, {
-        cwd: worktreePath,
-        stdio: "pipe",
-      });
+      assertPushSafe(worktreePath, branch);
+      runGit(["push", "origin", branch], worktreePath);
 
       console.log(
         `[vk-error-resolver] ✓ Resolved uncommitted changes on ${branch}`,
@@ -255,28 +280,19 @@ class PushFailureResolver {
 
     try {
       // Fetch latest from remote
-      execSync(`git fetch origin ${branch}`, {
-        cwd: worktreePath,
-        stdio: "pipe",
-      });
+      assertPushSafe(worktreePath, branch);
+      runGit(["fetch", "origin", branch], worktreePath);
 
       // Check if behind
-      const behind = execSync(`git rev-list --count HEAD..origin/${branch}`, {
-        cwd: worktreePath,
-        encoding: "utf8",
-      }).trim();
+      const behind = runGit(["rev-list", "--count", `HEAD..origin/${branch}`], worktreePath);
 
       if (parseInt(behind) > 0) {
         // Rebase and retry push
-        execSync(`git rebase origin/${branch}`, {
-          cwd: worktreePath,
-          stdio: "pipe",
-          env: { ...process.env, GIT_EDITOR: ":", GIT_MERGE_AUTOEDIT: "no" },
-        });
-        execSync(`git push origin ${branch} --force-with-lease`, {
-          cwd: worktreePath,
-          stdio: "pipe",
+        runGit(["rebase", `origin/${branch}`], worktreePath, {
+          env: { GIT_EDITOR: ":", GIT_MERGE_AUTOEDIT: "no" },
         });
+        assertPushSafe(worktreePath, branch);
+        runGit(["push", "origin", branch, "--force-with-lease"], worktreePath);
 
         console.log(
           `[vk-error-resolver] ✓ Resolved push failure on ${branch} (rebased)`,
@@ -286,10 +302,8 @@ class PushFailureResolver {
       }
 
       // Try force push as last resort
-      execSync(`git push origin ${branch} --force-with-lease`, {
-        cwd: worktreePath,
-        stdio: "pipe",
-      });
+      assertPushSafe(worktreePath, branch);
+      runGit(["push", "origin", branch, "--force-with-lease"], worktreePath);
 
       console.log(
         `[vk-error-resolver] ✓ Resolved push failure on ${branch} (force-pushed)`,
@@ -345,22 +359,12 @@ class CIRetriggerResolver {
         }
 
         try {
-          execSync(
-            'git commit --allow-empty -m "chore: trigger CI" --no-edit',
-            {
-              cwd: worktreePath,
-              stdio: "pipe",
-              env: {
-                ...process.env,
-                GIT_EDITOR: ":",
-                GIT_MERGE_AUTOEDIT: "no",
-              },
-            },
-          );
-          execSync(`git push origin ${branch}`, {
-            cwd: worktreePath,
-            stdio: "pipe",
+          assertPushSafe(worktreePath, branch);
+          runGit(["commit", "--allow-empty", "-m", "chore: trigger CI", "--no-edit"], worktreePath, {
+            env: { GIT_EDITOR: ":", GIT_MERGE_AUTOEDIT: "no" },
           });
+          assertPushSafe(worktreePath, branch);
+          runGit(["push", "origin", branch], worktreePath);
 
           console.log(`[vk-error-resolver] ✓ Triggered CI for PR #${prNumber}`);
           this.stateManager.clearSignature(signature);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "bosun",
-  "version": "0.40.9",
+  "version": "0.40.10",
   "description": "Bosun Autonomous Engineering — manages AI agent executors with failover, extremely powerful workflow builder, and a massive amount of included default workflow templates for autonomous engineering, creates PRs via Vibe-Kanban API, and sends Telegram notifications. Supports N executors with weighted distribution, multi-repo projects, and auto-setup.",
   "type": "module",
   "license": "Apache-2.0",
@@ -350,4 +350,3 @@
     "gaxios": "7.1.4"
   }
 }
-

package/server/ui-server.mjs

@@ -12598,7 +12598,7 @@ async function handleApi(req, res, url) {
       const engine = wfCtx.engine;
       const rawLimit = Number(url.searchParams.get("limit"));
       const limit = Number.isFinite(rawLimit) && rawLimit > 0
-        ? Math.min(rawLimit, 500)
+        ? Math.min(rawLimit, 5000)
         : 200;
       const runs = engine.getRunHistory ? engine.getRunHistory(null, limit) : [];
       jsonResponse(res, 200, { ok: true, runs });
@@ -12772,7 +12772,7 @@ async function handleApi(req, res, url) {
       if (action === "runs") {
         const rawLimit = Number(url.searchParams.get("limit"));
         const limit = Number.isFinite(rawLimit) && rawLimit > 0
-          ? Math.min(rawLimit, 500)
+          ? Math.min(rawLimit, 5000)
           : 200;
         const runs = engine.getRunHistory ? engine.getRunHistory(workflowId, limit) : [];
         jsonResponse(res, 200, { ok: true, runs });
@@ -16514,3 +16514,4 @@ export { getLocalLanIp };
 
 
 
+

package/setup.mjs

@@ -980,6 +980,11 @@ function getGitHubAuthScopes(cwd) {
       encoding: "utf8",
       cwd: cwd || process.cwd(),
       stdio: ["ignore", "pipe", "pipe"],
+      timeout: 3000,
+      env: {
+        ...process.env,
+        GH_PROMPT_DISABLED: "1",
+      },
     });
     const line = String(output || "")
       .split(/\r?\n/)

package/task/task-executor.mjs

@@ -83,7 +83,11 @@ import {
   formatComplexityDecision,
   normalizeExecutorKey,
 } from "./task-complexity.mjs";
-import { evaluateBranchSafetyForPush, normalizeBaseBranch } from "../git/git-safety.mjs";
+import {
+  evaluateBranchSafetyForPush,
+  normalizeBaseBranch,
+  sanitizeGitEnv,
+} from "../git/git-safety.mjs";
 import {
   loadHooks,
   registerBuiltinHooks,
@@ -960,6 +964,7 @@ function ensureBaseBranchAvailable(repoRoot, baseBranch, defaultTargetBranch) {
     cwd: repoRoot,
     encoding: "utf8",
     timeout: 5000,
+    env: sanitizeGitEnv(),
   });
   if (localCheck.status === 0) {
     return branch;
@@ -971,6 +976,7 @@ function ensureBaseBranchAvailable(repoRoot, baseBranch, defaultTargetBranch) {
     cwd: repoRoot,
     encoding: "utf8",
     timeout: 8000,
+    env: sanitizeGitEnv(),
   });
   remoteExists = remoteLocalCheck.status === 0;
   if (!remoteExists) {
@@ -979,11 +985,13 @@ function ensureBaseBranchAvailable(repoRoot, baseBranch, defaultTargetBranch) {
         cwd: repoRoot,
         encoding: "utf8",
         timeout: 15000,
+        env: sanitizeGitEnv(),
       });
       const refreshedCheck = spawnSync("git", ["show-ref", "--verify", remoteHeadRef], {
         cwd: repoRoot,
         encoding: "utf8",
         timeout: 8000,
+        env: sanitizeGitEnv(),
       });
       remoteExists = refreshedCheck.status === 0;
     } catch {
@@ -996,6 +1004,7 @@ function ensureBaseBranchAvailable(repoRoot, baseBranch, defaultTargetBranch) {
       cwd: repoRoot,
       encoding: "utf8",
       timeout: 8000,
+      env: sanitizeGitEnv(),
     });
     return branch;
   }
@@ -1006,6 +1015,7 @@ function ensureBaseBranchAvailable(repoRoot, baseBranch, defaultTargetBranch) {
       cwd: repoRoot,
       encoding: "utf8",
       timeout: 15000,
+      env: sanitizeGitEnv(),
     });
   } catch {
     /* best-effort */
@@ -1014,7 +1024,7 @@ function ensureBaseBranchAvailable(repoRoot, baseBranch, defaultTargetBranch) {
   const createRes = spawnSync(
     "git",
     ["branch", branch, fallbackNorm.remoteRef],
-    { cwd: repoRoot, encoding: "utf8", timeout: 8000 },
+    { cwd: repoRoot, encoding: "utf8", timeout: 8000, env: sanitizeGitEnv() },
   );
   if (createRes.status !== 0) {
     const stderr = (createRes.stderr || "").trim();
@@ -1028,6 +1038,7 @@ function ensureBaseBranchAvailable(repoRoot, baseBranch, defaultTargetBranch) {
     cwd: repoRoot,
     encoding: "utf8",
     timeout: 30_000,
+    env: sanitizeGitEnv(),
   });
   return branch;
 }

package/telegram/telegram-bot.mjs

@@ -11136,34 +11136,16 @@ function stopBatchFlushLoop() {
  */
 export async function startTelegramBot(options = {}) {
   refreshTelegramConfigFromEnv();
-  if (!telegramToken || !telegramChatId) {
-    console.warn(
-      "[telegram-bot] disabled (missing TELEGRAM_BOT_TOKEN or TELEGRAM_CHAT_ID)",
-    );
-    return;
-  }
-
-  // Initialize the primary agent context
-  await initPrimaryAgent();
-
-  // Probe Telegram API connectivity before startup registration
-  const reachable = await probeTelegramConnectivity();
-  if (reachable) {
-    await registerBotCommands();
-  } else {
-    console.warn(
-      "[telegram-bot] Telegram API unreachable at startup — command registration deferred",
-    );
-  }
 
-  // Start Telegram UI server (Mini App) when configured.
+  // Start Telegram UI server (Mini App / Portal) when configured.
   // Portal startup is independent of Telegram polling state — it must always
   // run when TELEGRAM_UI_PORT or TELEGRAM_MINIAPP_ENABLED is set, even when
-  // polling is suppressed by a 409 conflict cooldown or another poll owner.
+  // no Telegram bot token is configured (local-only portal mode).
   const miniAppEnabled = ["1", "true", "yes"].includes(
     String(process.env.TELEGRAM_MINIAPP_ENABLED || "").toLowerCase(),
   );
   const miniAppPort = Number(process.env.TELEGRAM_UI_PORT || "0");
+  const hasTelegram = !!(telegramToken && telegramChatId);
 
   if (miniAppEnabled || miniAppPort > 0) {
     const restartReason = String(
@@ -11198,6 +11180,35 @@ export async function startTelegramBot(options = {}) {
         },
       });
       syncUiUrlsFromServer();
+    } catch (err) {
+      console.warn(`[telegram-bot] UI server start failed: ${err.message}`);
+    }
+  }
+
+  if (!hasTelegram) {
+    console.warn(
+      "[telegram-bot] Telegram polling disabled (missing TELEGRAM_BOT_TOKEN or TELEGRAM_CHAT_ID)" +
+      (miniAppEnabled || miniAppPort > 0 ? " — portal UI is still active" : ""),
+    );
+    return;
+  }
+
+  // Initialize the primary agent context
+  await initPrimaryAgent();
+
+  // Probe Telegram API connectivity before startup registration
+  const reachable = await probeTelegramConnectivity();
+  if (reachable) {
+    await registerBotCommands();
+  } else {
+    console.warn(
+      "[telegram-bot] Telegram API unreachable at startup — command registration deferred",
+    );
+  }
+
+  // Wire up Telegram-specific UI integrations (menu button, firewall alerts)
+  if (miniAppEnabled || miniAppPort > 0) {
+    try {
       if (reachable && telegramWebAppUrl) {
         const updated = await setWebAppMenuButton(telegramWebAppUrl);
         if (updated) {
@@ -11269,7 +11280,7 @@ export async function startTelegramBot(options = {}) {
         }
       }
     } catch (err) {
-      console.warn(`[telegram-bot] UI server start failed: ${err.message}`);
+      console.warn(`[telegram-bot] UI Telegram integration failed: ${err.message}`);
       if (reachable) {
         await clearWebAppMenuButton();
         lastMenuButtonUrl = null;