lastlight 0.1.15 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (478) hide show
  1. package/README.md +265 -118
  2. package/agent-context/rules.md +62 -9
  3. package/agent-context/security.md +69 -0
  4. package/config/default.yaml +89 -0
  5. package/deploy/.env.production.example +20 -2
  6. package/deploy/entrypoint.sh +16 -17
  7. package/deploy/native/README.md +160 -0
  8. package/deploy/native/install.sh +110 -0
  9. package/deploy/native/lastlight.env.example +95 -0
  10. package/deploy/native/lastlight.service +50 -0
  11. package/deploy/sandbox-entrypoint.sh +59 -42
  12. package/dist/admin/auth.d.ts +1 -1
  13. package/dist/admin/auth.js +3 -1
  14. package/dist/admin/auth.js.map +1 -1
  15. package/dist/admin/chat-session-reader.d.ts +11 -14
  16. package/dist/admin/chat-session-reader.js +27 -51
  17. package/dist/admin/chat-session-reader.js.map +1 -1
  18. package/dist/admin/docker.d.ts +37 -0
  19. package/dist/admin/docker.js +86 -1
  20. package/dist/admin/docker.js.map +1 -1
  21. package/dist/admin/index.js +38 -3
  22. package/dist/admin/index.js.map +1 -1
  23. package/dist/admin/log-search.test.d.ts +1 -0
  24. package/dist/admin/log-search.test.js +78 -0
  25. package/dist/admin/log-search.test.js.map +1 -0
  26. package/dist/admin/routes.d.ts +52 -3
  27. package/dist/admin/routes.js +780 -63
  28. package/dist/admin/routes.js.map +1 -1
  29. package/dist/admin/routes.test.js +680 -14
  30. package/dist/admin/routes.test.js.map +1 -1
  31. package/dist/admin/server-logs.test.d.ts +1 -0
  32. package/dist/admin/server-logs.test.js +58 -0
  33. package/dist/admin/server-logs.test.js.map +1 -0
  34. package/dist/admin/sessions.d.ts +26 -39
  35. package/dist/admin/sessions.js +86 -310
  36. package/dist/admin/sessions.js.map +1 -1
  37. package/dist/admin/sessions.test.d.ts +1 -0
  38. package/dist/admin/sessions.test.js +78 -0
  39. package/dist/admin/sessions.test.js.map +1 -0
  40. package/dist/admin/version.d.ts +15 -0
  41. package/dist/admin/version.js +73 -0
  42. package/dist/admin/version.js.map +1 -0
  43. package/dist/admin/version.test.d.ts +1 -0
  44. package/dist/admin/version.test.js +71 -0
  45. package/dist/admin/version.test.js.map +1 -0
  46. package/dist/cli-config.d.ts +55 -0
  47. package/dist/cli-config.js +119 -0
  48. package/dist/cli-config.js.map +1 -0
  49. package/dist/cli-config.test.d.ts +1 -0
  50. package/dist/cli-config.test.js +92 -0
  51. package/dist/cli-config.test.js.map +1 -0
  52. package/dist/cli-format.d.ts +19 -0
  53. package/dist/cli-format.js +107 -0
  54. package/dist/cli-format.js.map +1 -0
  55. package/dist/cli-server.d.ts +73 -0
  56. package/dist/cli-server.js +347 -0
  57. package/dist/cli-server.js.map +1 -0
  58. package/dist/cli-server.test.d.ts +1 -0
  59. package/dist/cli-server.test.js +38 -0
  60. package/dist/cli-server.test.js.map +1 -0
  61. package/dist/cli-timeline.d.ts +35 -0
  62. package/dist/cli-timeline.js +373 -0
  63. package/dist/cli-timeline.js.map +1 -0
  64. package/dist/cli-timeline.test.d.ts +1 -0
  65. package/dist/cli-timeline.test.js +104 -0
  66. package/dist/cli-timeline.test.js.map +1 -0
  67. package/dist/cli.d.ts +0 -19
  68. package/dist/cli.js +910 -194
  69. package/dist/cli.js.map +1 -1
  70. package/dist/config-overlay.test.d.ts +1 -0
  71. package/dist/config-overlay.test.js +112 -0
  72. package/dist/config-overlay.test.js.map +1 -0
  73. package/dist/config-resolve.d.ts +28 -0
  74. package/dist/config-resolve.js +47 -0
  75. package/dist/config-resolve.js.map +1 -0
  76. package/dist/config-resolve.test.d.ts +1 -0
  77. package/dist/config-resolve.test.js +68 -0
  78. package/dist/config-resolve.test.js.map +1 -0
  79. package/dist/config.d.ts +62 -49
  80. package/dist/config.js +452 -76
  81. package/dist/config.js.map +1 -1
  82. package/dist/config.test.js +201 -32
  83. package/dist/config.test.js.map +1 -1
  84. package/dist/connectors/github-webhook.js +83 -5
  85. package/dist/connectors/github-webhook.js.map +1 -1
  86. package/dist/connectors/github-webhook.test.d.ts +1 -0
  87. package/dist/connectors/github-webhook.test.js +156 -0
  88. package/dist/connectors/github-webhook.test.js.map +1 -0
  89. package/dist/connectors/messaging/session-manager.d.ts +18 -0
  90. package/dist/connectors/messaging/session-manager.js +83 -2
  91. package/dist/connectors/messaging/session-manager.js.map +1 -1
  92. package/dist/connectors/messaging/session-manager.test.d.ts +1 -0
  93. package/dist/connectors/messaging/session-manager.test.js +144 -0
  94. package/dist/connectors/messaging/session-manager.test.js.map +1 -0
  95. package/dist/connectors/slack/connector.d.ts +9 -0
  96. package/dist/connectors/slack/connector.js +15 -0
  97. package/dist/connectors/slack/connector.js.map +1 -1
  98. package/dist/connectors/slack/mrkdwn.js +81 -0
  99. package/dist/connectors/slack/mrkdwn.js.map +1 -1
  100. package/dist/connectors/slack/mrkdwn.test.js +49 -0
  101. package/dist/connectors/slack/mrkdwn.test.js.map +1 -1
  102. package/dist/connectors/types.d.ts +1 -1
  103. package/dist/cron/fanout.d.ts +33 -0
  104. package/dist/cron/fanout.js +55 -0
  105. package/dist/cron/fanout.js.map +1 -0
  106. package/dist/cron/fanout.test.d.ts +1 -0
  107. package/dist/cron/fanout.test.js +73 -0
  108. package/dist/cron/fanout.test.js.map +1 -0
  109. package/dist/cron/jobs.d.ts +5 -0
  110. package/dist/cron/jobs.js +10 -3
  111. package/dist/cron/jobs.js.map +1 -1
  112. package/dist/cron/scheduler.d.ts +12 -0
  113. package/dist/cron/scheduler.js +27 -1
  114. package/dist/cron/scheduler.js.map +1 -1
  115. package/dist/engine/agent-executor.d.ts +158 -0
  116. package/dist/engine/agent-executor.js +1140 -0
  117. package/dist/engine/agent-executor.js.map +1 -0
  118. package/dist/engine/agent-executor.test.d.ts +1 -0
  119. package/dist/engine/agent-executor.test.js +395 -0
  120. package/dist/engine/agent-executor.test.js.map +1 -0
  121. package/dist/engine/chat-runner.d.ts +123 -0
  122. package/dist/engine/chat-runner.js +379 -0
  123. package/dist/engine/chat-runner.js.map +1 -0
  124. package/dist/engine/chat-runner.test.d.ts +1 -0
  125. package/dist/engine/chat-runner.test.js +104 -0
  126. package/dist/engine/chat-runner.test.js.map +1 -0
  127. package/dist/engine/chat-skills.d.ts +45 -0
  128. package/dist/engine/chat-skills.js +184 -0
  129. package/dist/engine/chat-skills.js.map +1 -0
  130. package/dist/engine/chat-skills.test.d.ts +1 -0
  131. package/dist/engine/chat-skills.test.js +20 -0
  132. package/dist/engine/chat-skills.test.js.map +1 -0
  133. package/dist/engine/chat.d.ts +20 -23
  134. package/dist/engine/chat.js +251 -155
  135. package/dist/engine/chat.js.map +1 -1
  136. package/dist/engine/chat.test.d.ts +1 -0
  137. package/dist/engine/chat.test.js +42 -0
  138. package/dist/engine/chat.test.js.map +1 -0
  139. package/dist/engine/classifier.d.ts +35 -2
  140. package/dist/engine/classifier.js +170 -31
  141. package/dist/engine/classifier.js.map +1 -1
  142. package/dist/engine/classifier.test.d.ts +1 -0
  143. package/dist/engine/classifier.test.js +115 -0
  144. package/dist/engine/classifier.test.js.map +1 -0
  145. package/dist/engine/dispatcher.d.ts +60 -0
  146. package/dist/engine/dispatcher.js +601 -0
  147. package/dist/engine/dispatcher.js.map +1 -0
  148. package/dist/engine/dispatcher.test.d.ts +1 -0
  149. package/dist/engine/dispatcher.test.js +511 -0
  150. package/dist/engine/dispatcher.test.js.map +1 -0
  151. package/dist/engine/event-shim.d.ts +117 -0
  152. package/dist/engine/event-shim.js +435 -0
  153. package/dist/engine/event-shim.js.map +1 -0
  154. package/dist/engine/event-shim.test.d.ts +1 -0
  155. package/dist/engine/event-shim.test.js +194 -0
  156. package/dist/engine/event-shim.test.js.map +1 -0
  157. package/dist/engine/git-auth.d.ts +13 -17
  158. package/dist/engine/git-auth.js +99 -42
  159. package/dist/engine/git-auth.js.map +1 -1
  160. package/dist/engine/git-auth.test.d.ts +1 -0
  161. package/dist/engine/git-auth.test.js +117 -0
  162. package/dist/engine/git-auth.test.js.map +1 -0
  163. package/dist/engine/github-app-client.d.ts +7 -0
  164. package/dist/engine/github-app-client.js +16 -0
  165. package/dist/engine/github-app-client.js.map +1 -0
  166. package/dist/engine/github-app-client.test.d.ts +1 -0
  167. package/dist/engine/github-app-client.test.js +44 -0
  168. package/dist/engine/github-app-client.test.js.map +1 -0
  169. package/dist/engine/github-tools.d.ts +12 -0
  170. package/dist/engine/github-tools.js +261 -0
  171. package/dist/engine/github-tools.js.map +1 -0
  172. package/dist/engine/github.d.ts +1027 -43
  173. package/dist/engine/github.js +153 -14
  174. package/dist/engine/github.js.map +1 -1
  175. package/dist/engine/llm.d.ts +47 -0
  176. package/dist/engine/llm.js +221 -0
  177. package/dist/engine/llm.js.map +1 -0
  178. package/dist/engine/llm.test.d.ts +1 -0
  179. package/dist/engine/llm.test.js +189 -0
  180. package/dist/engine/llm.test.js.map +1 -0
  181. package/dist/engine/profiles.d.ts +249 -0
  182. package/dist/engine/profiles.js +42 -0
  183. package/dist/engine/profiles.js.map +1 -0
  184. package/dist/engine/router.d.ts +12 -6
  185. package/dist/engine/router.js +339 -81
  186. package/dist/engine/router.js.map +1 -1
  187. package/dist/engine/router.test.js +428 -78
  188. package/dist/engine/router.test.js.map +1 -1
  189. package/dist/engine/screen.d.ts +41 -0
  190. package/dist/engine/screen.js +93 -0
  191. package/dist/engine/screen.js.map +1 -0
  192. package/dist/engine/screen.test.d.ts +1 -0
  193. package/dist/engine/screen.test.js +82 -0
  194. package/dist/engine/screen.test.js.map +1 -0
  195. package/dist/index.js +377 -432
  196. package/dist/index.js.map +1 -1
  197. package/dist/managed-repos.d.ts +7 -9
  198. package/dist/managed-repos.js +12 -15
  199. package/dist/managed-repos.js.map +1 -1
  200. package/dist/managed-repos.test.js +24 -19
  201. package/dist/managed-repos.test.js.map +1 -1
  202. package/dist/notify/index.d.ts +15 -0
  203. package/dist/notify/index.js +6 -0
  204. package/dist/notify/index.js.map +1 -0
  205. package/dist/notify/model.d.ts +57 -0
  206. package/dist/notify/model.js +89 -0
  207. package/dist/notify/model.js.map +1 -0
  208. package/dist/notify/model.test.d.ts +1 -0
  209. package/dist/notify/model.test.js +109 -0
  210. package/dist/notify/model.test.js.map +1 -0
  211. package/dist/notify/notifier.d.ts +17 -0
  212. package/dist/notify/notifier.js +87 -0
  213. package/dist/notify/notifier.js.map +1 -0
  214. package/dist/notify/notifier.test.d.ts +1 -0
  215. package/dist/notify/notifier.test.js +100 -0
  216. package/dist/notify/notifier.test.js.map +1 -0
  217. package/dist/notify/render.d.ts +21 -0
  218. package/dist/notify/render.js +59 -0
  219. package/dist/notify/render.js.map +1 -0
  220. package/dist/notify/render.test.d.ts +1 -0
  221. package/dist/notify/render.test.js +65 -0
  222. package/dist/notify/render.test.js.map +1 -0
  223. package/dist/notify/transports/github.d.ts +26 -0
  224. package/dist/notify/transports/github.js +26 -0
  225. package/dist/notify/transports/github.js.map +1 -0
  226. package/dist/notify/transports/slack.d.ts +26 -0
  227. package/dist/notify/transports/slack.js +28 -0
  228. package/dist/notify/transports/slack.js.map +1 -0
  229. package/dist/notify/transports.test.d.ts +1 -0
  230. package/dist/notify/transports.test.js +71 -0
  231. package/dist/notify/transports.test.js.map +1 -0
  232. package/dist/notify/types.d.ts +95 -0
  233. package/dist/notify/types.js +16 -0
  234. package/dist/notify/types.js.map +1 -0
  235. package/dist/sandbox/docker-compose.test.d.ts +1 -0
  236. package/dist/sandbox/docker-compose.test.js +128 -0
  237. package/dist/sandbox/docker-compose.test.js.map +1 -0
  238. package/dist/sandbox/docker.d.ts +97 -9
  239. package/dist/sandbox/docker.js +192 -41
  240. package/dist/sandbox/docker.js.map +1 -1
  241. package/dist/sandbox/docker.test.d.ts +1 -0
  242. package/dist/sandbox/docker.test.js +137 -0
  243. package/dist/sandbox/docker.test.js.map +1 -0
  244. package/dist/sandbox/egress-allowlist.d.ts +69 -0
  245. package/dist/sandbox/egress-allowlist.js +164 -0
  246. package/dist/sandbox/egress-allowlist.js.map +1 -0
  247. package/dist/sandbox/egress-allowlist.test.d.ts +1 -0
  248. package/dist/sandbox/egress-allowlist.test.js +65 -0
  249. package/dist/sandbox/egress-allowlist.test.js.map +1 -0
  250. package/dist/sandbox/egress-firewall-config.d.ts +127 -0
  251. package/dist/sandbox/egress-firewall-config.js +434 -0
  252. package/dist/sandbox/egress-firewall-config.js.map +1 -0
  253. package/dist/sandbox/egress-firewall-config.test.d.ts +1 -0
  254. package/dist/sandbox/egress-firewall-config.test.js +244 -0
  255. package/dist/sandbox/egress-firewall-config.test.js.map +1 -0
  256. package/dist/sandbox/images.d.ts +23 -0
  257. package/dist/sandbox/images.js +55 -0
  258. package/dist/sandbox/images.js.map +1 -0
  259. package/dist/sandbox/index.d.ts +82 -3
  260. package/dist/sandbox/index.js +223 -93
  261. package/dist/sandbox/index.js.map +1 -1
  262. package/dist/sandbox/index.test.d.ts +1 -0
  263. package/dist/sandbox/index.test.js +157 -0
  264. package/dist/sandbox/index.test.js.map +1 -0
  265. package/dist/session-log.d.ts +63 -0
  266. package/dist/session-log.js +290 -0
  267. package/dist/session-log.js.map +1 -0
  268. package/dist/session-log.test.d.ts +1 -0
  269. package/dist/session-log.test.js +85 -0
  270. package/dist/session-log.test.js.map +1 -0
  271. package/dist/setup.d.ts +30 -1
  272. package/dist/setup.js +241 -25
  273. package/dist/setup.js.map +1 -1
  274. package/dist/setup.test.js +138 -6
  275. package/dist/setup.test.js.map +1 -1
  276. package/dist/state/approval-store.d.ts +86 -0
  277. package/dist/state/approval-store.js +140 -0
  278. package/dist/state/approval-store.js.map +1 -0
  279. package/dist/state/build-assets.d.ts +50 -0
  280. package/dist/state/build-assets.js +154 -0
  281. package/dist/state/build-assets.js.map +1 -0
  282. package/dist/state/build-assets.test.d.ts +1 -0
  283. package/dist/state/build-assets.test.js +106 -0
  284. package/dist/state/build-assets.test.js.map +1 -0
  285. package/dist/state/db.d.ts +65 -333
  286. package/dist/state/db.js +112 -835
  287. package/dist/state/db.js.map +1 -1
  288. package/dist/state/db.test.js +127 -91
  289. package/dist/state/db.test.js.map +1 -1
  290. package/dist/state/execution-store.d.ts +257 -0
  291. package/dist/state/execution-store.js +527 -0
  292. package/dist/state/execution-store.js.map +1 -0
  293. package/dist/state/migrate.d.ts +15 -0
  294. package/dist/state/migrate.js +175 -0
  295. package/dist/state/migrate.js.map +1 -0
  296. package/dist/state/workflow-run-store.d.ts +195 -0
  297. package/dist/state/workflow-run-store.js +363 -0
  298. package/dist/state/workflow-run-store.js.map +1 -0
  299. package/dist/state/workflow-run-store.test.d.ts +1 -0
  300. package/dist/state/workflow-run-store.test.js +264 -0
  301. package/dist/state/workflow-run-store.test.js.map +1 -0
  302. package/dist/telemetry/index.d.ts +38 -0
  303. package/dist/telemetry/index.js +253 -0
  304. package/dist/telemetry/index.js.map +1 -0
  305. package/dist/telemetry/index.test.d.ts +1 -0
  306. package/dist/telemetry/index.test.js +73 -0
  307. package/dist/telemetry/index.test.js.map +1 -0
  308. package/dist/telemetry/pi-events.d.ts +12 -0
  309. package/dist/telemetry/pi-events.js +134 -0
  310. package/dist/telemetry/pi-events.js.map +1 -0
  311. package/dist/telemetry/pi-events.test.d.ts +1 -0
  312. package/dist/telemetry/pi-events.test.js +69 -0
  313. package/dist/telemetry/pi-events.test.js.map +1 -0
  314. package/dist/workflows/dag.d.ts +13 -1
  315. package/dist/workflows/dag.js +7 -3
  316. package/dist/workflows/dag.js.map +1 -1
  317. package/dist/workflows/dag.test.js +22 -0
  318. package/dist/workflows/dag.test.js.map +1 -1
  319. package/dist/workflows/golden-build.test.d.ts +1 -0
  320. package/dist/workflows/golden-build.test.js +45 -0
  321. package/dist/workflows/golden-build.test.js.map +1 -0
  322. package/dist/workflows/loader-overlay.test.d.ts +1 -0
  323. package/dist/workflows/loader-overlay.test.js +101 -0
  324. package/dist/workflows/loader-overlay.test.js.map +1 -0
  325. package/dist/workflows/loader.d.ts +36 -11
  326. package/dist/workflows/loader.js +311 -87
  327. package/dist/workflows/loader.js.map +1 -1
  328. package/dist/workflows/loader.test.js +114 -10
  329. package/dist/workflows/loader.test.js.map +1 -1
  330. package/dist/workflows/loop-eval.js +2 -0
  331. package/dist/workflows/loop-eval.js.map +1 -1
  332. package/dist/workflows/loop-eval.test.js +14 -0
  333. package/dist/workflows/loop-eval.test.js.map +1 -1
  334. package/dist/workflows/phase-executor.d.ts +145 -0
  335. package/dist/workflows/phase-executor.js +691 -0
  336. package/dist/workflows/phase-executor.js.map +1 -0
  337. package/dist/workflows/phase-executor.test.d.ts +1 -0
  338. package/dist/workflows/phase-executor.test.js +434 -0
  339. package/dist/workflows/phase-executor.test.js.map +1 -0
  340. package/dist/workflows/phase-ref.d.ts +44 -0
  341. package/dist/workflows/phase-ref.js +78 -0
  342. package/dist/workflows/phase-ref.js.map +1 -0
  343. package/dist/workflows/phase-ref.test.d.ts +1 -0
  344. package/dist/workflows/phase-ref.test.js +24 -0
  345. package/dist/workflows/phase-ref.test.js.map +1 -0
  346. package/dist/workflows/resume.d.ts +5 -11
  347. package/dist/workflows/resume.js +88 -7
  348. package/dist/workflows/resume.js.map +1 -1
  349. package/dist/workflows/runner.d.ts +34 -27
  350. package/dist/workflows/runner.js +252 -930
  351. package/dist/workflows/runner.js.map +1 -1
  352. package/dist/workflows/runner.test.js +346 -35
  353. package/dist/workflows/runner.test.js.map +1 -1
  354. package/dist/workflows/schema.d.ts +52 -10
  355. package/dist/workflows/schema.js +147 -7
  356. package/dist/workflows/schema.js.map +1 -1
  357. package/dist/workflows/simple.d.ts +67 -3
  358. package/dist/workflows/simple.js +248 -87
  359. package/dist/workflows/simple.js.map +1 -1
  360. package/dist/workflows/simple.test.d.ts +1 -0
  361. package/dist/workflows/simple.test.js +107 -0
  362. package/dist/workflows/simple.test.js.map +1 -0
  363. package/dist/workflows/templates.d.ts +29 -0
  364. package/dist/workflows/templates.js +42 -4
  365. package/dist/workflows/templates.js.map +1 -1
  366. package/dist/workflows/templates.test.js +103 -0
  367. package/dist/workflows/templates.test.js.map +1 -1
  368. package/dist/workflows/triggers.d.ts +21 -0
  369. package/dist/workflows/triggers.js +44 -0
  370. package/dist/workflows/triggers.js.map +1 -0
  371. package/dist/workflows/verdict.d.ts +19 -0
  372. package/dist/workflows/verdict.js +30 -0
  373. package/dist/workflows/verdict.js.map +1 -0
  374. package/dist/workflows/verdict.test.d.ts +1 -0
  375. package/dist/workflows/verdict.test.js +44 -0
  376. package/dist/workflows/verdict.test.js.map +1 -0
  377. package/dist/worktree/manager.d.ts +1 -1
  378. package/dist/worktree/manager.js +14 -14
  379. package/dist/worktree/manager.js.map +1 -1
  380. package/dist/worktree/manager.test.d.ts +1 -0
  381. package/dist/worktree/manager.test.js +87 -0
  382. package/dist/worktree/manager.test.js.map +1 -0
  383. package/docker-compose.yml +206 -5
  384. package/package.json +17 -7
  385. package/sandbox.Dockerfile +97 -18
  386. package/skills/README.md +40 -0
  387. package/skills/browser-qa/SKILL.md +193 -0
  388. package/skills/browser-qa/scripts/agent-browser.mjs +380 -0
  389. package/skills/building/SKILL.md +95 -0
  390. package/skills/chat/SKILL.md +30 -11
  391. package/skills/code-review/SKILL.md +59 -0
  392. package/skills/debug-production/SKILL.md +108 -0
  393. package/skills/demo/SKILL.md +194 -0
  394. package/skills/demo/scripts/compose-demo.sh +205 -0
  395. package/skills/issue-answer/SKILL.md +90 -0
  396. package/skills/issue-comment/SKILL.md +38 -24
  397. package/skills/issue-triage/SKILL.md +103 -37
  398. package/skills/issue-triage/references/AGENT-BRIEF.md +61 -0
  399. package/skills/pr-comment/SKILL.md +64 -0
  400. package/skills/pr-review/SKILL.md +65 -49
  401. package/skills/qa-test/SKILL.md +97 -0
  402. package/skills/repo-health/SKILL.md +48 -45
  403. package/skills/security-feedback/SKILL.md +173 -0
  404. package/skills/security-feedback/references/templates.md +77 -0
  405. package/skills/security-review/SKILL.md +213 -0
  406. package/skills/security-review/references/issue-format.md +302 -0
  407. package/skills/verify/SKILL.md +118 -0
  408. package/workflows/answer.yaml +37 -0
  409. package/workflows/build.yaml +32 -22
  410. package/workflows/cron-security.yaml +6 -0
  411. package/workflows/demo.yaml +55 -0
  412. package/workflows/explore.yaml +9 -0
  413. package/workflows/pr-comment.yaml +16 -0
  414. package/workflows/pr-fix.yaml +3 -0
  415. package/workflows/pr-review.yaml +4 -1
  416. package/workflows/prompts/answer.md +67 -0
  417. package/workflows/prompts/architect.md +24 -7
  418. package/workflows/prompts/demo.md +100 -0
  419. package/workflows/prompts/executor.md +29 -20
  420. package/workflows/prompts/explore-ask.md +51 -22
  421. package/workflows/prompts/explore-publish.md +2 -2
  422. package/workflows/prompts/explore-read.md +24 -10
  423. package/workflows/prompts/explore-synthesize.md +15 -8
  424. package/workflows/prompts/fix.md +9 -10
  425. package/workflows/prompts/guardrails.md +26 -8
  426. package/workflows/prompts/pr-fix.md +6 -7
  427. package/workflows/prompts/pr.md +11 -10
  428. package/workflows/prompts/qa-browser.md +95 -0
  429. package/workflows/prompts/qa-synth.md +44 -0
  430. package/workflows/prompts/qa-test.md +60 -0
  431. package/workflows/prompts/re-reviewer.md +8 -9
  432. package/workflows/prompts/reviewer.md +10 -9
  433. package/workflows/prompts/verify-browser.md +93 -0
  434. package/workflows/prompts/verify-synth.md +44 -0
  435. package/workflows/prompts/verify.md +63 -0
  436. package/workflows/qa-test.yaml +87 -0
  437. package/workflows/security-feedback.yaml +25 -0
  438. package/workflows/security-review.yaml +29 -0
  439. package/workflows/verify.yaml +85 -0
  440. package/deploy/mcp-config.tmpl.json +0 -14
  441. package/dist/cron/rate-limits.d.ts +0 -26
  442. package/dist/cron/rate-limits.js +0 -193
  443. package/dist/cron/rate-limits.js.map +0 -1
  444. package/dist/engine/executor.d.ts +0 -75
  445. package/dist/engine/executor.js +0 -292
  446. package/dist/engine/executor.js.map +0 -1
  447. package/mcp-github-app/package.json +0 -18
  448. package/mcp-github-app/src/auth.js +0 -66
  449. package/mcp-github-app/src/github.js +0 -371
  450. package/mcp-github-app/src/index.js +0 -534
  451. package/skills/devops/webhook-subscriptions/SKILL.md +0 -180
  452. package/skills/github/DESCRIPTION.md +0 -3
  453. package/skills/github/codebase-inspection/SKILL.md +0 -115
  454. package/skills/github/github-auth/SKILL.md +0 -54
  455. package/skills/github/github-auth/scripts/gh-env.sh +0 -66
  456. package/skills/github/github-code-review/SKILL.md +0 -480
  457. package/skills/github/github-code-review/references/review-output-template.md +0 -74
  458. package/skills/github/github-issues/SKILL.md +0 -369
  459. package/skills/github/github-issues/templates/bug-report.md +0 -35
  460. package/skills/github/github-issues/templates/feature-request.md +0 -31
  461. package/skills/github/github-pr-workflow/SKILL.md +0 -395
  462. package/skills/github/github-pr-workflow/references/ci-troubleshooting.md +0 -183
  463. package/skills/github/github-pr-workflow/references/conventional-commits.md +0 -71
  464. package/skills/github/github-pr-workflow/templates/pr-body-bugfix.md +0 -35
  465. package/skills/github/github-pr-workflow/templates/pr-body-feature.md +0 -33
  466. package/skills/github/github-repo-management/SKILL.md +0 -515
  467. package/skills/github/github-repo-management/references/github-api-cheatsheet.md +0 -161
  468. package/skills/github-orchestrator/SKILL.md +0 -103
  469. package/skills/mcp/DESCRIPTION.md +0 -3
  470. package/skills/mcp/mcporter/SKILL.md +0 -122
  471. package/skills/mcp/native-mcp/SKILL.md +0 -356
  472. package/skills/software-development/architect/SKILL.md +0 -154
  473. package/skills/software-development/assure-guardrails/SKILL.md +0 -239
  474. package/skills/software-development/plan/SKILL.md +0 -64
  475. package/skills/software-development/requesting-code-review/SKILL.md +0 -291
  476. package/skills/software-development/subagent-driven-development/SKILL.md +0 -433
  477. package/skills/software-development/systematic-debugging/SKILL.md +0 -366
  478. package/skills/software-development/test-driven-development/SKILL.md +0 -342
@@ -0,0 +1,95 @@
1
+ ---
2
+ name: building
3
+ description: Install dependencies and run the test/lint/typecheck gate for a change inside the sandbox — package-manager detection, install-first, and (when implementing) TDD discipline. Use when implementing, fixing, or verifying code in a pre-cloned repo.
4
+ version: 1.0.0
5
+ tags: [build, test, sandbox]
6
+ ---
7
+
8
+ # Building
9
+
10
+ How to install, build, test, and gate a change in the sandbox. The same
11
+ discipline whether you're implementing a feature, fixing review feedback, or
12
+ verifying someone else's PR.
13
+
14
+ ## Workspace & git
15
+
16
+ The harness pre-cloned the repo; your cwd is the repo root (or a `<repo>/`
17
+ subdirectory — check with `ls -la`). Git is configured for clone/push/pull/fetch.
18
+ If auth fails after ~1 hour, call the `github_refresh_git_auth` MCP tool. Suppress
19
+ noise where it helps: `git clone --quiet`, `git push --quiet`, `CI=true`.
20
+
21
+ ## Install-first
22
+
23
+ `node_modules` (and any other dependency dir) is **always** absent on arrival —
24
+ by design, not a blocker. **Installing is the first step, not a reason to skip
25
+ verification.** Detect the package manager from the lockfile and use the
26
+ frozen/CI variant:
27
+
28
+ - `package-lock.json` → `npm ci`
29
+ - `pnpm-lock.yaml` → `corepack pnpm install --frozen-lockfile`
30
+ - `yarn.lock` → `corepack yarn install --frozen-lockfile`
31
+
32
+ Node is available via `fnm` + `corepack`; the egress allowlist permits the public
33
+ package registries, so install works. For a monorepo, install at the root, then
34
+ operate on the changed package. For non-Node repos, use the ecosystem's
35
+ equivalent (`pip install`, `cargo build`, `go mod download`, …) read from the
36
+ project's manifest.
37
+
38
+ The **only** acceptable "couldn't verify" is when the install or build command
39
+ *itself* fails — quote the exact command and error, and scope your work to what
40
+ you could check. Never cite "deps aren't installed" as the reason: you install them.
41
+
42
+ **If the repo's only test path needs an external service that won't run in the
43
+ sandbox** (a live database, a cloud API, a running daemon), do **not** report
44
+ that verification "could not run." Add a focused unit or CLI test project that
45
+ exercises your change against in-memory fixtures or fakes, run *that*, and paste
46
+ its output. A change you couldn't execute even once is unverified — building a
47
+ runnable path is part of the work, not an optional extra.
48
+
49
+ ## The gate
50
+
51
+ While iterating, run **only the tests covering the files you touched** — not the
52
+ whole suite on every edit. Then, **once before committing or claiming done, run
53
+ the full gate and require all of it to pass:**
54
+
55
+ 1. Full test command — zero failures.
56
+ 2. Lint command (if present) — fix all errors.
57
+ 3. Typecheck command (if present) — fix all errors.
58
+
59
+ If any step fails, fix it and re-run only what failed until clean. Do not commit
60
+ or report done until the full suite, lint, and typecheck all pass. Cite the
61
+ actual command output — static reasoning is not verification.
62
+
63
+ ## TDD (when implementing)
64
+
65
+ When you are *writing* code (not just verifying a PR): write the **failing test
66
+ first**, watch it go red, then implement until it goes green, then refactor.
67
+ Test behaviour through the public interface, not implementation details. The red
68
+ test is the proof the test can fail — a test that was never red proves nothing.
69
+
70
+ ## Decomposition budget (when implementing)
71
+
72
+ The gate passing is necessary, not sufficient — a green test does not excuse an
73
+ unmaintainable function. Before you commit, decompose:
74
+
75
+ - Keep each function under **roughly 15 cyclomatic complexity** (branches +
76
+ loops + boolean operators). If you're past that, extract helpers.
77
+ - One function = one responsibility. A function that **parses, validates, and
78
+ emits is three functions** — split it before committing, not "later."
79
+ - The refactor step of red-green-refactor is where this happens. Don't skip it
80
+ because the tests already pass.
81
+
82
+ ## Type safety — no compiler-silencing assertions
83
+
84
+ The gate requires `tsc` (or the project's typechecker) to pass — but passing it
85
+ by *suppressing* it is a regression, not a fix. **Never** use `as any`, an
86
+ unchecked `as`-cast, `@ts-ignore`/`@ts-expect-error`, `# type: ignore`, or the
87
+ equivalent to:
88
+
89
+ - silence a compiler error instead of fixing the underlying type, or
90
+ - bypass a validator/guard the same code path defines (e.g. casting past a Zod
91
+ schema, a runtime type guard, or a parse function so the value skips the very
92
+ check that file exists to enforce).
93
+
94
+ If the types genuinely can't express something, narrow with a real type guard or
95
+ fix the type — don't assert your way past it.
@@ -1,17 +1,36 @@
1
+ ---
2
+ name: chat
3
+ description: Conversational assistant for messaging-platform threads (Slack, Discord). Answer questions about repos, PRs, and issues, explain code, and guide users to natural-language triggers (e.g. "build owner/repo#N", "triage owner/repo", "review PRs on owner/repo", "status").
4
+ ---
5
+
1
6
  # Chat
2
7
 
3
- Conversational assistant for messaging platforms (Slack, Discord, etc.).
8
+ You are answering in a messaging thread (Slack, Discord). The conversation is
9
+ the job — answer the question that was asked, don't expand it into a report.
10
+
11
+ ## What you do
12
+
13
+ - Answer questions about repositories, issues, pull requests, and code.
14
+ - Explain how the bot's workflows behave.
15
+ - Report status on running work when asked.
16
+
17
+ ## What you don't do
18
+
19
+ Chat is **read-and-explain only**. You don't review PRs, triage issues, run
20
+ builds, or change anything. When the user wants an *action*, name the
21
+ natural-language trigger and stop:
4
22
 
5
- ## Behavior
23
+ - code changes → `build owner/repo#N`
24
+ - issue triage → `triage owner/repo`
25
+ - PR review → `review PRs on owner/repo`
26
+ - security scan → `security review owner/repo`
27
+ - running-task status → `status`
6
28
 
7
- - Answer questions about repositories, issues, and pull requests
8
- - Explain code and development workflows
9
- - Provide status on running tasks when asked
10
- - Suggest commands for actions: `/build`, `/triage`, `/review`, `/status`
29
+ Phrase triggers as natural language never with a leading `/`, which Slack
30
+ intercepts before it reaches Last Light.
11
31
 
12
- ## Guidelines
32
+ ## Style
13
33
 
14
- - Keep responses concise — messaging platforms have limited rendering
15
- - Use markdown sparingly (bold for emphasis, code blocks for code)
16
- - Be direct and actionable
17
- - If the user wants to trigger an action, guide them to the appropriate slash command
34
+ - Concise — messaging panes are narrow. A few sentences beats a wall of text.
35
+ - Markdown sparingly: bold for emphasis, fenced blocks for code.
36
+ - Lead with the answer. Cite `path:line` when pointing at code.
@@ -0,0 +1,59 @@
1
+ ---
2
+ name: code-review
3
+ description: The shared rubric for reviewing a code change — finding tiers (Critical/Important/Suggestions/Nits) and what to check (correctness, security, edge cases, regression risk, test coverage). Use when reviewing a PR or a branch diff.
4
+ version: 1.0.0
5
+ tags: [review, code-quality]
6
+ ---
7
+
8
+ # Code Review
9
+
10
+ The shared rubric for assessing a code change. Used both by a PR review and by
11
+ the build cycle's branch-diff reviewer — the *procedure* differs (where the diff
12
+ comes from, how the verdict is recorded), but the rubric below is the same.
13
+
14
+ Review the change **in full context** — read each changed file, not just the
15
+ hunk. For a large change (>300 lines or >5 files): trace data flow through
16
+ modified functions, check callers of anything whose signature or behaviour
17
+ changed for regression risk, and check that tests cover the actual risk areas,
18
+ not just the happy path.
19
+
20
+ ## Finding tiers
21
+
22
+ Categorise every finding into exactly one tier:
23
+
24
+ - **Critical** — security issues, data loss, breaking changes, silent
25
+ data-dropping (see Correctness below). Blocks merge.
26
+ - **Important** — missing tests, performance problems, type errors, **avoidable
27
+ duplication**, **excessive complexity**, **compiler-silencing assertions**.
28
+ Should fix.
29
+ - **Suggestions** — clarity, naming, minor DRY tidy-ups. Nice to have.
30
+ - **Nits** — style, formatting. Optional.
31
+
32
+ ## What to check
33
+
34
+ - **Correctness** — does it do what it claims? Logic errors, off-by-one, wrong
35
+ conditions, mishandled async. **A silent default or a dropped output for an
36
+ input the code doesn't support is a correctness bug, not graceful handling** —
37
+ flag any unsupported case that is silently defaulted, skipped, or omitted
38
+ instead of warned-and-skipped or warned-and-surfaced.
39
+ - **Edge cases** — empty/null inputs, boundaries, error paths, concurrency.
40
+ - **Security** — injection, auth/authorization, secret handling, untrusted input.
41
+ - **Complexity** — flag functions past ~15 cyclomatic complexity or that mix
42
+ parse/validate/emit responsibilities; ask for helper extraction. This is an
43
+ **Important** finding, not a nit.
44
+ - **Duplication** — flag avoidable duplicated logic (two or more clone groups of
45
+ the same code/branching). DRY is **should-fix** here, not merely "nice to have."
46
+ - **Type safety** — flag `as any`, unchecked `as`-casts, or `@ts-ignore` used to
47
+ silence the compiler or to bypass a validator the same code path defines.
48
+ - **Regression risk** — existing callers of changed functions; behaviour changes
49
+ that ripple.
50
+ - **Test coverage** — do the tests exercise the real risk, or just the happy path?
51
+ - **Fit** — does it match the codebase's existing patterns and conventions?
52
+
53
+ ## Calibration
54
+
55
+ - Don't nitpick generated files (lockfiles, compiled assets).
56
+ - Don't repeat what linters/CI already catch.
57
+ - Don't block over style preferences alone.
58
+ - Read the room: if a human reviewer already approved, lower the bar for blocking
59
+ — prefer a comment over requesting changes on non-critical findings.
@@ -0,0 +1,108 @@
1
+ ---
2
+ name: debug-production
3
+ description: Debug a running Last Light instance (usually production) via the `lastlight` CLI instead of SSH. Use when investigating a failed/stuck workflow, a bad agent run, a phase error, or "why didn't the bot do X" — anything that previously meant SSHing in to read SQLite or session logs.
4
+ version: 1.0.0
5
+ tags: [ops, debugging, cli]
6
+ ---
7
+
8
+ # Debug a Last Light instance via the CLI
9
+
10
+ Read a running instance's state over its admin API with the `lastlight` CLI —
11
+ no SSH, no poking SQLite or jsonl files on the box. Every command takes
12
+ `--json` for machine-parseable output; prefer it when you need to extract
13
+ fields.
14
+
15
+ ## 0. Connect
16
+
17
+ The CLI talks to whatever instance you logged into (saved in
18
+ `~/.lastlight/config.json`). Confirm you're pointed at the right one and the
19
+ token is valid:
20
+
21
+ ```bash
22
+ lastlight status # instance URL, server health, token validity
23
+ ```
24
+
25
+ If the token is missing/expired, authenticate (the prod instance URL lives in
26
+ local agent memory — see the "Last Light production server" note):
27
+
28
+ ```bash
29
+ lastlight login https://<instance> # browser handoff (password/Slack/GitHub)
30
+ lastlight login https://<instance> --password # headless fallback
31
+ ```
32
+
33
+ For one-off targeting without saving, pass `--url` / `--token` on any command,
34
+ or set `LASTLIGHT_URL` / `LASTLIGHT_TOKEN` (env wins over the saved config).
35
+
36
+ ## 1. Find the broken run
37
+
38
+ ```bash
39
+ lastlight workflow list --status failed # recent failures
40
+ lastlight workflow list --status active # running + paused now
41
+ lastlight workflow list --workflow pr-review --limit 50
42
+ ```
43
+
44
+ Copy the run `ID` from the table.
45
+
46
+ ## 2. Inspect the run's phases
47
+
48
+ ```bash
49
+ lastlight workflow log <run-id> # run header + per-phase table (✓/✗, duration, session id, error)
50
+ lastlight workflow log <run-id> --follow # then tail the current phase live
51
+ ```
52
+
53
+ The phase table shows which phase failed, its error snippet, and the `SESSION`
54
+ id you need for the transcript.
55
+
56
+ ## 3. Read / tail the agent transcript
57
+
58
+ ```bash
59
+ lastlight session list # recent sandbox sessions (TYPE, MODEL, LIVE)
60
+ lastlight session log <session-id> # full transcript
61
+ lastlight session log <session-id> --follow # live tail (SSE) of an in-flight phase
62
+ ```
63
+
64
+ ## 4. Search across runs
65
+
66
+ ```bash
67
+ lastlight logs search "ECONNREFUSED" # errors ledger (default)
68
+ lastlight logs search "rate limit" --scope all # errors + transcript content
69
+ lastlight logs search "could not clone" --scope messages --limit 20
70
+ ```
71
+
72
+ `--scope errors` (default) matches the executions ledger (error/skill/repo);
73
+ `messages` greps recent session transcripts; `all` does both.
74
+
75
+ ## 5. Raw server / docker logs
76
+
77
+ When the workflow + session views aren't enough — a crash before any session
78
+ was written, a sidecar misbehaving, harness boot errors — read the actual
79
+ container logs (`docker logs`) over the API:
80
+
81
+ ```bash
82
+ lastlight server list # the lastlight-* containers + status
83
+ lastlight server logs # the agent harness (default), last 200 lines
84
+ lastlight server logs --tail 500 --since 10m
85
+ lastlight server logs --follow # live tail (Ctrl-C to stop)
86
+ lastlight server logs coredns-strict # a specific sidecar by service or container name
87
+ ```
88
+
89
+ ## 6. Approvals & health
90
+
91
+ ```bash
92
+ lastlight approvals list # paused gates waiting on a human
93
+ lastlight approvals approve <id> --reason "looks good"
94
+ lastlight approvals reject <id> --reason "wrong approach"
95
+
96
+ lastlight stats # totals + per-skill success/fail
97
+ lastlight stats --daily 14 # last 14 days of cost/tokens
98
+ ```
99
+
100
+ ## Tips
101
+
102
+ - Add `--json` to any command to pipe into `jq` (e.g.
103
+ `lastlight workflow list --status failed --json | jq -r '.workflowRuns[].id'`).
104
+ - Triage flow: `workflow list --status failed` → `workflow log <id>` → grab the
105
+ failed phase's session → `session log <session-id>` → if it's a recurring
106
+ symptom, `logs search "<error text>"` to see how often it happens.
107
+ - These are read-only except `approvals approve/reject` and the trigger
108
+ commands (`build`/`triage`/`review`/…) — debugging never mutates the box.
@@ -0,0 +1,194 @@
1
+ ---
2
+ name: demo
3
+ description: Record a short demo VIDEO of a PR or feature — drive the repo's web UI in a real headless browser, capture the session, and composite a titled, size-capped mp4 with ffmpeg. Use on the docker QA image when the deliverable is a playable demo clip (single walkthrough or before/after comparison), not a text/screenshot report.
4
+ version: 1.0.0
5
+ tags: [demo, video, browser, ffmpeg, evidence]
6
+ ---
7
+
8
+ # Demo
9
+
10
+ Turn a PR or feature into a short, polished **demo video**: drive the repo's
11
+ web UI in a real headless Chromium, screen-record the session, and composite a
12
+ titled, size-capped **mp4** the maintainer can watch inline.
13
+
14
+ This is the **video** sibling of `browser-qa` (screenshots) and `verify`/
15
+ `qa-test` (text evidence). It only works on the `lastlight-sandbox-qa:latest`
16
+ docker image, which bakes in Playwright + Chromium **and ffmpeg**. You have
17
+ bash + file tools but **no vision** — you reason over the driver's JSON stdout
18
+ and the ffprobe summary; you never "see" the video.
19
+
20
+ Compositing is **ffmpeg only** — there is no Remotion / cinematic-effects
21
+ pipeline. You get a title card, optional before/after side-by-side, trim/speed,
22
+ and a size cap. That's the deliverable: a clear, honest walkthrough, not a
23
+ marketing reel.
24
+
25
+ This skill uses **browser-qa** (the headless driver) and **building** (install
26
+ + start the dev-server).
27
+
28
+ ## When this applies
29
+
30
+ A phase on the docker QA image whose target is a **web app** the repo serves on
31
+ `localhost`, where a *moving* demonstration adds value over a screenshot. For a
32
+ CLI, a curl-able API, or pure pass/fail evidence, use `qa-test`/`verify`. For
33
+ static screenshot evidence, use `browser-qa`. Don't record a video you don't
34
+ need.
35
+
36
+ ## FIRST — probe for a browser
37
+
38
+ The browser driver lives in the **browser-qa** skill bundle at
39
+ `<browser-qa-dir>/scripts/agent-browser.mjs`, and this skill's compositor at
40
+ `<demo-dir>/scripts/compose-demo.sh`. Resolve both `<…-dir>` paths from the
41
+ available-skills catalogue (it gives each skill's absolute staged path); do not
42
+ assume a relative path from `$PWD` — your cwd is the checked-out repo, the
43
+ bundles are siblings.
44
+
45
+ Run the runtime probe before anything else:
46
+
47
+ ```bash
48
+ node <browser-qa-dir>/scripts/agent-browser.mjs doctor
49
+ ```
50
+
51
+ - Exit 0 with `{"ok":true,...}` → proceed.
52
+ - Exit non-zero (lean image / gondolin / no Chromium) → **DO NOT attempt a demo.**
53
+ Report that the demo path was unavailable on this host and stop. (The workflow
54
+ gates this phase to the QA image, so this should be rare — but never fake a
55
+ recording.)
56
+
57
+ ## Understand what to prove
58
+
59
+ Read the PR (description, diff, linked issue) from the context the prompt gives
60
+ you. For each change, ask: *what could a viewer confuse this with?* Design the
61
+ demo so the viewer sees something that **only happens if the feature works as
62
+ claimed** — both states (before/after, input/result) must appear on screen.
63
+
64
+ State your **commitments** up front, then honour them:
65
+
66
+ - **Layout** — `single` (default: a new feature, a fix proof, a walkthrough) or
67
+ `side-by-side` (only when the story is fundamentally a comparison: regression
68
+ fixed, behaviour-preserving refactor). Never fabricate a "before" to justify
69
+ side-by-side.
70
+ - **Speed** — target a watchable length; speed up dead time rather than leaving
71
+ it. 30–60s is a good single-feature target.
72
+
73
+ ## Build and run the app
74
+
75
+ Follow the **building** skill to install dependencies, then start the repo's
76
+ dev-server **in the background** and poll with `curl` until it answers on
77
+ `localhost:PORT`. Note the port — you pass it as `--base-url`.
78
+
79
+ ## Capture the session
80
+
81
+ Author a `flow.json` (same shape as **browser-qa**) that scripts the
82
+ interaction as a *director*, not an operator:
83
+
84
+ - **Record the baseline first** — the starting state is act one.
85
+ - **Hold after state changes** — add a `waitFor`/short pause so text is readable.
86
+ - **Verify between steps** — `waitFor` the expected element before the next
87
+ action; don't blindly fire keys into an unsettled page.
88
+
89
+ Record the session by passing `--record-dir`:
90
+
91
+ ```bash
92
+ node <browser-qa-dir>/scripts/agent-browser.mjs run flow.json \
93
+ --base-url http://localhost:PORT \
94
+ --record-dir /tmp/demo-cap
95
+ # → writes /tmp/demo-cap/session.webm, reports {"video":"…/session.webm", …}
96
+ ```
97
+
98
+ Pick the viewport to match the layout so the clip isn't letterboxed:
99
+ `1280x720` for `single`; `~960x1000` per panel for `side-by-side` (set it in the
100
+ flow's `viewport`).
101
+
102
+ **Before/after comparison:** check out and run each branch in turn (the
103
+ `building` skill), recording the **same** scripted interaction against each —
104
+ `session-before.webm` (base branch) and `session-after.webm` (PR head). Only the
105
+ behaviour should differ.
106
+
107
+ ## Compose the video
108
+
109
+ Composite the raw recording(s) into the final mp4 with the bundled wrapper:
110
+
111
+ ```bash
112
+ # Single walkthrough
113
+ <demo-dir>/scripts/compose-demo.sh \
114
+ --output <artifact-dir>/demo.mp4 \
115
+ --title "PR #42 — Add dark mode toggle" \
116
+ --subtitle "Toggling persists the theme across reloads" \
117
+ --layout single --speed 1.5 --target-size-mb 5 \
118
+ /tmp/demo-cap/session.webm
119
+
120
+ # Before/after comparison
121
+ <demo-dir>/scripts/compose-demo.sh \
122
+ --output <artifact-dir>/demo.mp4 \
123
+ --title "PR #51 — Fix flicker on load" \
124
+ --layout side-by-side --labels "BEFORE (main)" "AFTER (PR)" \
125
+ --target-size-mb 5 \
126
+ /tmp/before/session-before.webm /tmp/after/session-after.webm
127
+ ```
128
+
129
+ Flags: `--title` (required, on the card), `--subtitle`, `--layout
130
+ single|side-by-side`, `--labels A B` (side-by-side), `--speed N`, `--trim
131
+ START:END` (seconds, single layout), `--target-size-mb` (default 5),
132
+ `--width/--height` (default 1280×720), `--title-secs`. The script normalizes,
133
+ lays out, adds the title card, and does a **two-pass** encode to land under the
134
+ size cap (`+faststart`, `yuv420p`). It prints a JSON summary line:
135
+ `{"output":"…","resolution":"1280x720","duration":"38.4","size_mb":3.1}`.
136
+
137
+ ## Guardrails — self-check before reporting
138
+
139
+ Confirm the output with `ffprobe` (the script's summary already reports these):
140
+
141
+ - **Resolution** matches the requested size (default 1920-free 1280×720).
142
+ - **Duration** is sane — not 0s, within a watchable band (~15–90s).
143
+ - **Size ≤ 5 MB** so GitHub embeds it inline (25 MB hard limit). If over, re-run
144
+ with a lower `--target-size-mb` or a higher `--speed`.
145
+
146
+ If the recording is too short to be meaningful (a couple of seconds), go back
147
+ and add interaction steps — don't ship a clip that proves nothing.
148
+
149
+ ## Output location
150
+
151
+ Write `demo.mp4` into the **artifact directory the prompt provides** (the run's
152
+ `.lastlight/<issueKey>/` dir, referenced by the template variable the prompt
153
+ passes). The harness harvests it into the dashboard Artifacts view, and the
154
+ public artifact URL makes it playable inline on GitHub. Do **not** commit the
155
+ mp4 into the repo, and do **not** post it yourself — the workflow embeds it.
156
+
157
+ Video delivery requires **server-mode build-assets**. If the mp4 can't be
158
+ persisted (no artifact dir provided, or repo-mode), say so in the report and
159
+ describe what the demo showed instead.
160
+
161
+ ## Evidence rules
162
+
163
+ Mirror `verify`/`browser-qa` — you are demonstrating real behaviour, not selling
164
+ it:
165
+
166
+ - **Never fake it.** Don't edit the code under test to force a nicer demo, and
167
+ don't stage a result the feature didn't actually produce.
168
+ - **Show the disambiguating moment** — the thing that only happens if the change
169
+ works. Off-camera claims don't count.
170
+ - If something doesn't work, the honest demo shows that — report it; don't trim
171
+ the failure out and call it a success.
172
+
173
+ ## Report
174
+
175
+ Produce your report as your **final message** — the workflow posts it (don't
176
+ comment yourself). Keep it short:
177
+
178
+ ```
179
+ ## Demo: <target>
180
+
181
+ **Environment:** <branch / commit, package manager, how served, Chromium version>
182
+
183
+ <one or two sentences: what the video demonstrates and the key moment to watch>
184
+
185
+ - **Layout:** single | side-by-side
186
+ - **Video:** demo.mp4 (<resolution>, <duration>s, <size>MB)
187
+
188
+ ### Not covered
189
+ <one line: anything the demo doesn't show, and why>
190
+ ```
191
+
192
+ The workflow embeds the playable video from the artifact store; reference it as
193
+ `demo.mp4`. If the browser or compositor was unavailable, say so plainly instead
194
+ of pretending a clip exists.