- Create vault-resolver.js: URI parser, auth chain (env → file → AppRole), in-memory caching
- Add resolveConfigValueAsync() to pi-coding-agent for lazy vault URI resolution
- Integrate vault credential resolution into auth-storage credential loading path
- Add doctor check (checkVaultHealth) for vault setup validation at startup
- Document vault setup, auth methods, examples, troubleshooting in preferences-reference.md
- Add comprehensive test suite (18 tests) for vault URI parsing, auth, caching, fallback
Auth Chain:
1. VAULT_TOKEN env var (simplest for local dev)
2. ~/.vault-token file (recommended for local dev)
3. VAULT_ROLE_ID + VAULT_SECRET_ID env vars (AppRole for CI/CD)
Fail-open behavior: If vault unavailable, falls back to plaintext URIs to allow continued operation.
URI Format: vault://secret/path/to/secret#fieldname
Example: ANTHROPIC_API_KEY=vault://secret/anthropic/prod#api_key
Tests: parseVaultUri, isVaultUri, resolveSecret, caching, edge cases all passing (18/18).
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- Rename tests to match actual behavior: degrades_silently / degrades_to_no_op
- Remove incorrect status-bar routing assertions from setWidget tests
- Add federated-memory module with test
When offset or limit are specified, use Node.js readline streaming instead of
loading the entire file into memory. This fixes the truncation issue for large
files (>50KB) where the read tool would return truncated content even when
requesting a small slice.
- Add readLinesStreamed() for memory-efficient line reading
- Add countLines() for total line count without full read
- Use streaming path when offset !== undefined || limit !== undefined
- Keep existing full-file read path when no offset/limit specified
- Add tests for streaming behavior with large files
Fixes the long-standing issue where reading large files like src/headless.ts
(~50KB) with offset/limit would still hit truncation limits.
- gap-audit prompt detection: Add DYNAMICALLY_LOADED_PROMPTS set for prompts
loaded through wrappers (research-slice, plan-slice, execute-task, etc.)
and detect loadPrompt calls with comma-separated args (#sf-moobj36l-ewu7js)
- gap-audit command detection: Detect exact match, prefix match, and
switch/case patterns for command dispatch (#sf-moobj36o-n8b7g9)
- empty task summary: Add isValidTaskSummary() to require non-empty content
with frontmatter or H1 before reconciliation marks task complete
(#sf-moobj36o-6rxy6e)
- journal write failures: Emit bounded health warning to .write-failures.jsonl
on journal write failure with per-session dedup (#sf-moobj36p-ikq3b2)
- resource sync manifest divergence: Add verifyManifestFilesExist() to check
all manifest-listed files exist on disk after hash match (#sf-moody5qi-8gbwp2)
- self-feedback markdown stale: Regenerate SELF-FEEDBACK.md from jsonl on
markResolved with resolved entries section (#sf-moobj36p-rlo95i)
- self-feedback context bloat: Cap entries to 20 max, 4000 chars, inject
compact summaries only with pointer to jsonl for full evidence
(#sf-moobj36p-ko6snt)
- hook-emitter types: Replace unknown with EventResult discriminated union,
implement emitExtensionEvent call with fallback warning when _pi missing
(#sf-moobmhwt-bxejb6, #sf-moobmhx4-gk9g83)
- export visualizer types: Add VisualizerExportData interface with proper
PhaseAggregate/SliceAggregate/ModelAggregate/ProjectTotals types
replacing any (#sf-moobmhx0-ow5fhy)
- native-edit-bridge: Already resolved (artifact removed from repo)
(#sf-moobj36q-z4id3u)
Three production gaps Codex's adversarial review flagged are now closed:
1. Real legacy-vs-UOK parity diff (per turn, per plane):
- parity-diff-capture.ts captures plan / graph / model-policy /
audit-envelope / gitops decisions for both paths and emits
ParityDiffEvent records to .sf/runtime/uok-parity.jsonl.
- parity-report.ts aggregates divergencesByPlane, populates
criticalMismatches with real divergence summaries, and tracks
enterEvents / exitEvents / missingExitEvents for symmetry.
2. Exit-event symmetry:
- sessionId / turnId now flow through enter+exit parity events.
- writeParityHeartbeat lets kernel/loop-adapter emit best-effort
diagnostics on plane failure paths so missing-exit gaps shrink.
3. Commit-gating on divergence or missing-exit:
- resolveParitySafeGitAction (in uok/gitops.ts) reads the parity
report and downgrades turn_action to status-only when divergence
count > 0 or missing-exit count > 0 — UOK can no longer commit
on top of unverified state.
- auto-post-unit.ts now resolves a configuredTurnAction from UOK
flags then asks the parity gate for the safe action; the gate's
decision is what flows to the actual git op.
- new test: tests/uok-gitops-commit-gate.test.ts.
- existing gitops-wiring assertion updated for the renamed
configuredTurnAction (semantic preserved).
Tests: 53/53 UOK pass.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Since Node >= 24 is the minimum engine, remove the better-sqlite3 fallback
chain from sf-db.ts, unit-ownership.ts, and cli-stats.ts. Use DatabaseSync
from node:sqlite directly. Also replace the `glob` npm package with built-in
node:fs/promises.glob and node:fs.globSync in pi-coding-agent LSP utils.
- Remove createRequire boilerplate and suppressSqliteWarning helper
- Simplify loadProvider() and openRawDb()
- Net -177 lines of fallback/middleware code
💘 Generated with Crush
Assisted-by: GLM-5.1 via Crush <crush@charm.land>
- Convert remaining node:test → vitest imports in packages/* and studio/*
- Fix mock.callCount() → mock.callCount property access for vitest compat
- Fix mock.calls[N].arguments → mock.calls[N] for vitest compat
- Update tsconfig.extensions.json to exclude test files from tsc
- Harden migrate-to-vitest-all.mjs regex for single quotes and optional semicolons
