npm - bosun - Versions diffs - 0.40.9 → 0.40.11 - Mend

bosun 0.40.9 → 0.40.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (45) hide show

package/.env.example +3 -0
package/README.md +0 -20
package/agent/agent-work-analyzer.mjs +32 -9
package/agent/fleet-coordinator.mjs +2 -6
package/cli.mjs +17 -0
package/git/git-safety.mjs +96 -0
package/git/sdk-conflict-resolver.mjs +2 -0
package/infra/library-manager.mjs +289 -70
package/infra/monitor.mjs +382 -46
package/kanban/kanban-adapter.mjs +29 -0
package/kanban/ve-orchestrator.ps1 +5 -0
package/kanban/vk-error-resolver.mjs +52 -48
package/package.json +2 -3
package/server/ui-server.mjs +174 -33
package/setup.mjs +5 -0
package/task/task-claims.mjs +99 -36
package/task/task-cli.mjs +522 -2
package/task/task-executor.mjs +795 -50
package/task/task-store.mjs +88 -4
package/telegram/telegram-bot.mjs +155 -54
package/ui/app.js +16 -1
package/ui/components/chat-view.js +7 -2
package/ui/components/kanban-board.js +19 -10
package/ui/components/session-list.js +82 -27
package/ui/demo-defaults.js +555 -91
package/ui/modules/session-api.js +1 -1
package/ui/modules/state.js +6 -6
package/ui/styles/components.css +170 -7
package/ui/tabs/agents.js +247 -87
package/ui/tabs/dashboard.js +399 -40
package/ui/tabs/library.js +69 -6
package/ui/tabs/tasks.js +255 -20
package/ui/tabs/workflow-canvas-utils.mjs +182 -0
package/ui/tabs/workflows.js +762 -218
package/workflow/workflow-engine.mjs +132 -16
package/workflow/workflow-nodes.mjs +467 -64
package/workflow/workflow-templates.mjs +85 -1
package/workflow-templates/agents.mjs +3 -2
package/workflow-templates/github.mjs +3 -1
package/workflow-templates/reliability.mjs +23 -12
package/workflow-templates/task-batch.mjs +17 -3
package/workflow-templates/task-lifecycle.mjs +84 -13
package/workspace/context-cache.mjs +113 -4
package/workspace/workspace-manager.mjs +6 -1
package/workspace/worktree-manager.mjs +5 -4

package/.env.example CHANGED Viewed

@@ -541,6 +541,9 @@ VOICE_DELEGATE_EXECUTOR=codex-sdk
 # BOSUN_TASK_CONTEXT_MAX_COMMENTS=8
 # BOSUN_TASK_CONTEXT_MAX_COMMENT_CHARS=1200
 # BOSUN_TASK_CONTEXT_MAX_ATTACHMENTS=20
+# Immediate cap for known high-volume git outputs in context cache.
+# Set to 0 to disable the cap entirely (default: 8000).
+# BOSUN_GIT_OUTPUT_MAX_CHARS=8000
 # Max upload size for task/chat attachments (MB)
 # BOSUN_ATTACHMENT_MAX_MB=25

package/README.md CHANGED Viewed

@@ -149,26 +149,6 @@ Bosun enforces a strict quality pipeline in both local hooks and CI:
 - **Demo load smoke test** runs in `npm test` and blocks push if `site/index.html` or `site/ui/demo.html` fails to load required assets.
 - **Prepublish checks** validate package contents and release readiness.
-### Codebase annotation audit
-Use `bosun audit` to generate and validate repo-level annotations that help future agents navigate the codebase without extra runtime context:
-```bash
-# Coverage report for supported source files
-bosun audit scan
-# Add missing file summaries and risky-function warnings
-bosun audit generate
-bosun audit warn
-# Rebuild lean manifests and the file responsibility index
-bosun audit manifest
-bosun audit index
-bosun audit trim
-# CI-safe conformity gate
-bosun audit --ci
-```
 Notes:

package/agent/agent-work-analyzer.mjs CHANGED Viewed

@@ -69,9 +69,25 @@ const ALERT_COOLDOWN_RETENTION_MS = Math.max(
   FAILED_SESSION_TRANSIENT_ALERT_MIN_COOLDOWN_MS * 3,
   3 * 60 * 60 * 1000,
 ); // keep cooldown history bounded
+const ALERT_COOLDOWN_REPLAY_MIN_BYTES = 256 * 1024;
+const ALERT_COOLDOWN_REPLAY_DEFAULT_MAX_BYTES = 8 * 1024 * 1024;
+const ALERT_COOLDOWN_REPLAY_MAX_CAP_BYTES = 64 * 1024 * 1024;
+function normalizeReplayMaxBytes(value) {
+  const parsed = Number(value);
+  if (!Number.isFinite(parsed) || parsed <= 0) {
+    return ALERT_COOLDOWN_REPLAY_DEFAULT_MAX_BYTES;
+  }
+  const rounded = Math.floor(parsed);
+  return Math.min(
+    ALERT_COOLDOWN_REPLAY_MAX_CAP_BYTES,
+    Math.max(ALERT_COOLDOWN_REPLAY_MIN_BYTES, rounded),
+  );
+}
 const ALERT_COOLDOWN_REPLAY_MAX_BYTES = Math.max(
-  256 * 1024,
-  Number(process.env.AGENT_ALERT_COOLDOWN_REPLAY_MAX_BYTES || 2 * 1024 * 1024) || 2 * 1024 * 1024,
+  ALERT_COOLDOWN_REPLAY_MIN_BYTES,
+  normalizeReplayMaxBytes(process.env.AGENT_ALERT_COOLDOWN_REPLAY_MAX_BYTES),
 );
 function getAlertCooldownMs(alert) {
@@ -367,15 +383,19 @@ async function processLogFile(startPosition) {
  * @param {Object} event - Parsed JSONL event
  */
 async function analyzeEvent(event) {
-  const { attempt_id, event_type, timestamp } = event;
+  const { event_type, timestamp } = event;
+  const attemptId = String(event?.attempt_id || "").trim();
+  if (!attemptId) {
+    return;
+  }
   const parsedTs = Date.parse(timestamp);
   const eventTime = Number.isFinite(parsedTs) ? parsedTs : Date.now();
   const eventIso = new Date(eventTime).toISOString();
   // Initialize session state if needed
-  if (!activeSessions.has(attempt_id)) {
-    activeSessions.set(attempt_id, {
-      attempt_id,
+  if (!activeSessions.has(attemptId)) {
+    activeSessions.set(attemptId, {
+      attempt_id: attemptId,
       errors: [],
       toolCalls: [],
       lastActivity: eventIso,
@@ -385,7 +405,7 @@ async function analyzeEvent(event) {
     });
   }
-  const session = activeSessions.get(attempt_id);
+  const session = activeSessions.get(attemptId);
   session.lastActivity = eventIso;
   // Route to specific analyzers
@@ -401,7 +421,7 @@ async function analyzeEvent(event) {
       break;
     case "session_end":
       await analyzeSessionEnd(session, event);
-      activeSessions.delete(attempt_id);
+      activeSessions.delete(attemptId);
       break;
   }
@@ -647,7 +667,10 @@ async function emitAlert(alert) {
     ...alert,
   };
-  console.error(`[ALERT] ${alert.type}: ${alert.attempt_id}`);
+  const alertScope = String(
+    alert?.attempt_id || alert?.task_id || alert?.executor || "unknown",
+  );
+  console.error(`[ALERT] ${alert.type}: ${alertScope}`);
   // Append to alerts log
   try {

package/agent/fleet-coordinator.mjs CHANGED Viewed

@@ -33,6 +33,7 @@ import {
   selectCoordinator,
   getPresenceState,
 } from "../infra/presence.mjs";
+import { sanitizeGitEnv } from "../git/git-safety.mjs";
 const __dirname = dirname(fileURLToPath(import.meta.url));
@@ -57,11 +58,7 @@ function emitFleetEvent(eventType, eventData = {}, opts = {}) {
 // ── Repo Fingerprinting ──────────────────────────────────────────────────────
 function buildGitEnv() {
-  const env = { ...process.env };
-  delete env.GIT_DIR;
-  delete env.GIT_WORK_TREE;
-  delete env.GIT_INDEX_FILE;
-  return env;
+  return sanitizeGitEnv();
 }
 /**
@@ -857,4 +854,3 @@ export function formatFleetSummary() {
   return lines.join("\n");
 }

package/cli.mjs CHANGED Viewed

@@ -76,6 +76,7 @@ function showHelp() {
     bosun [options]
   COMMANDS
+    audit <command> [options]   Codebase annotation audit workflows (scan/generate/warn/manifest/index/trim/conformity/migrate)
     --setup                     Launch the web-based setup wizard (default)
     --setup-terminal            Run the legacy terminal setup wizard
     --where                     Show the resolved bosun config directory
@@ -1237,6 +1238,22 @@ async function main() {
     process.exit(0);
   }
+  // Handle 'audit' subcommand before --help so command-specific help works.
+  const auditFlagIndex = args.indexOf("--audit");
+  const auditCommandIndex =
+    args[0] === "audit"
+      ? 0
+      : args[0]?.startsWith("--")
+        ? args.indexOf("audit")
+        : -1;
+  if (auditCommandIndex >= 0 || auditFlagIndex >= 0) {
+    const { runAuditCli } = await import("./lib/codebase-audit.mjs");
+    const commandStartIndex = auditCommandIndex >= 0 ? auditCommandIndex : auditFlagIndex;
+    const auditArgs = args.slice(commandStartIndex + 1);
+    const result = await runAuditCli(auditArgs);
+    process.exit(Number.isInteger(result?.exitCode) ? result.exitCode : 0);
+  }
   // Handle --help
   if (args.includes("--help") || args.includes("-h")) {
     showHelp();

package/git/git-safety.mjs CHANGED Viewed

@@ -1,14 +1,98 @@
 import { spawnSync } from "node:child_process";
+const STRIPPED_GIT_ENV_KEYS = [
+  "GIT_DIR",
+  "GIT_WORK_TREE",
+  "GIT_COMMON_DIR",
+  "GIT_INDEX_FILE",
+  "GIT_OBJECT_DIRECTORY",
+  "GIT_ALTERNATE_OBJECT_DIRECTORIES",
+  "GIT_NAMESPACE",
+  "GIT_PREFIX",
+  "GIT_SUPER_PREFIX",
+];
+const BLOCKED_TEST_GIT_IDENTITIES = new Set([
+  "test@example.com",
+  "bosun-tests@example.com",
+]);
+const TEST_FIXTURE_SENTINEL_PATHS = new Set([
+  ".github/agents/TaskPlanner.agent.md",
+]);
 function runGit(args, cwd, timeout = 15_000) {
   return spawnSync("git", args, {
     cwd,
     encoding: "utf8",
     timeout,
     shell: false,
+    env: sanitizeGitEnv(),
   });
 }
+export function sanitizeGitEnv(baseEnv = process.env, extraEnv = {}) {
+  const env = { ...baseEnv };
+  for (const key of STRIPPED_GIT_ENV_KEYS) {
+    delete env[key];
+  }
+  return { ...env, ...extraEnv };
+}
+function getGitConfig(cwd, key) {
+  const result = runGit(["config", "--get", key], cwd, 5_000);
+  if (result.status !== 0) return "";
+  return String(result.stdout || "").trim();
+}
+function listTrackedFiles(cwd, ref = "HEAD") {
+  const result = runGit(["ls-tree", "-r", "--name-only", ref], cwd, 30_000);
+  if (result.status !== 0) return null;
+  const out = String(result.stdout || "").trim();
+  return out ? out.split("\n").filter(Boolean) : [];
+}
+function collectBlockedIdentitySignals(cwd) {
+  const signals = [];
+  const envChecks = [
+    ["GIT_AUTHOR_EMAIL", process.env.GIT_AUTHOR_EMAIL],
+    ["GIT_COMMITTER_EMAIL", process.env.GIT_COMMITTER_EMAIL],
+    ["VE_GIT_AUTHOR_EMAIL", process.env.VE_GIT_AUTHOR_EMAIL],
+  ];
+  for (const [key, value] of envChecks) {
+    const email = String(value || "").trim().toLowerCase();
+    if (BLOCKED_TEST_GIT_IDENTITIES.has(email)) {
+      signals.push(`${key}=${email}`);
+    }
+  }
+  const configChecks = [
+    ["git config user.email", getGitConfig(cwd, "user.email")],
+    ["git config author.email", getGitConfig(cwd, "author.email")],
+    ["git config committer.email", getGitConfig(cwd, "committer.email")],
+  ];
+  for (const [label, value] of configChecks) {
+    const email = String(value || "").trim().toLowerCase();
+    if (BLOCKED_TEST_GIT_IDENTITIES.has(email)) {
+      signals.push(`${label}=${email}`);
+    }
+  }
+  return signals;
+}
+function detectKnownFixtureSignature(cwd) {
+  const trackedFiles = listTrackedFiles(cwd, "HEAD");
+  if (!trackedFiles) return null;
+  const sentinelHits = trackedFiles.filter((file) => TEST_FIXTURE_SENTINEL_PATHS.has(file));
+  if (sentinelHits.length === 0) return null;
+  if (trackedFiles.length > 10) return null;
+  return {
+    trackedFiles: trackedFiles.length,
+    sentinels: sentinelHits,
+  };
+}
 function countTrackedFiles(cwd, ref) {
   const result = runGit(["ls-tree", "-r", "--name-only", ref], cwd, 30_000);
   if (result.status !== 0) return null;
@@ -129,6 +213,18 @@ export function evaluateBranchSafetyForPush(worktreePath, opts = {}) {
   }
   const reasons = [];
+  const blockedIdentitySignals = collectBlockedIdentitySignals(worktreePath);
+  if (blockedIdentitySignals.length > 0) {
+    reasons.push(`blocked test git identity detected (${blockedIdentitySignals.join(", ")})`);
+  }
+  const fixtureSignature = detectKnownFixtureSignature(worktreePath);
+  if (fixtureSignature) {
+    reasons.push(
+      `HEAD matches known test fixture signature (${fixtureSignature.sentinels.join(", ")} in ${fixtureSignature.trackedFiles} tracked files)`,
+    );
+  }
   if (baseFiles >= 500 && headFiles <= Math.max(25, Math.floor(baseFiles * 0.15))) {
     reasons.push(`HEAD tracks only ${headFiles}/${baseFiles} files vs ${remoteRef}`);
   }

package/git/sdk-conflict-resolver.mjs CHANGED Viewed

@@ -25,6 +25,7 @@ import { resolveCodexProfileRuntime } from "../shell/codex-model-profiles.mjs";
 import {
   evaluateBranchSafetyForPush,
   normalizeBaseBranch,
+  sanitizeGitEnv,
 } from "./git-safety.mjs";
 // ── Configuration ────────────────────────────────────────────────────────────
@@ -73,6 +74,7 @@ function gitExec(args, cwd, timeoutMs = 30_000) {
       stdio: ["ignore", "pipe", "pipe"],
       shell: false,
       timeout: timeoutMs,
+      env: sanitizeGitEnv(),
     });
     let stdout = "";