Conversation
…templates, and CODEOWNERS
…ty baseline (#2) Establishes the Keiko Wave 1 foundation: a strict-TypeScript ESM npm package with a zero-runtime-dependency `keiko` CLI (documented exit codes 0/1/2) and a programmatic SDK exported from the package root, plus the full supply-chain-hardened CI baseline producing all seven required status checks (ci, actionlint, Verify pinned action SHAs, Analyze (actions), Analyze (javascript-typescript), Build/scan/SBOM/smoke, Review dependency diff). Every GitHub Action is pinned to a 40-hex commit SHA. Apache-2.0 licensed; ADR-0001 and ADR-0002 record the toolchain and CI/security decisions. Closes #2
…ates (#16) Bumps the npm-security group with 1 update in the / directory: [esbuild](https://github.com/evanw/esbuild). Removes `esbuild` Updates `vite` from 5.4.21 to 8.0.14 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v8.0.14/packages/vite) --- updated-dependencies: - dependency-name: esbuild dependency-version: dependency-type: indirect dependency-group: npm-security - dependency-name: vite dependency-version: 8.0.14 dependency-type: indirect dependency-group: npm-security ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Adds the Wave 1 model gateway under src/gateway/ with zero runtime dependencies: typed provider interfaces, a capability registry as the routing source, an OpenAI-compatible fetch adapter, env/file config with baseUrl validation and secret redaction, timeout/retry/circuit-breaker resilience, response normalization, first-class usage metadata, and keiko models list/validate. See ADR-0003. Resolves #3
Implements the Wave-1 scoped agent harness (ADR-0004): an explicit named state machine that owns control flow, hexagonal ports (ModelPort/ToolPort/EventSink/ IdSource), eight configurable safety limits with typed machine-readable failures, single-AbortController cancellation propagating to model and tool layers, a versioned structured HarnessEvent stream with redaction-aware reasoning traces, deterministic run ID + SHA-256 config fingerprint for replay, three bounded task types (generate-unit-tests, investigate-bug, explain-plan), and a typed session API on the SDK plus a `keiko run` dry-run CLI command. Zero new runtime deps; 193 tests; #6/#10/#13 present as typed seams only. Closes #4 Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Delivers ADR-0005: workspace detection, bounded file discovery with a two-tier deny+gitignore filter, a deterministic lexical context-pack assembler, and a read path with path-containment, symlink-escape, and size-cap checks. The `keiko context` CLI surfaces a dry-run summary. Address PR #29 review findings: - fix(discovery): measure sizeBytes with Buffer.byteLength (UTF-8 bytes, not UTF-16 code units) so multi-byte content is capped correctly - fix(discovery): throw PathDeniedError for denied reads so callers can distinguish deny from generic read failure - fix(retrieval): comparator returns 0 for equal paths (total order) - fix(context): reject non-integer --budget values such as "10kb" - fix(contextPack): count droppedForBudget only for budget-exhausted drops, not for unreadable/denied files - fix(fs): wrap nodeWorkspaceFs.exists() in try/catch to return false on EACCES rather than propagating (safe-boolean-probe contract) - docs(adr): set ADR-0005 status to Accepted in both ADR file and index Closes #5 Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…flow (#6) Wave-1 controlled tool surface (src/tools/**) implementing the #4 ToolPort seam: read_file, list_files, inspect_package_scripts, run_command, propose_patch, apply_patch — behind an enforceable, fail-closed execution boundary (ADR-0006). Security boundary: realpath/symlink containment on every read, write, and cwd; deny-by-default command allowlist with flag-aware subcommand parsing (no npm exec/-c shell reach); name-copied clean env with ephemeral subprocess HOME (no host credential exposure); output-size cap; timeout; AbortSignal process-group termination. Patch validation (boundary, deny, size/line/binary, conflict incl. delete pre-image), dry-run preview, fail-closed atomic apply with rollback. Wires the harness commandExecutions counter; broadens redact(); emits redacted command:executed / patch:applied audit events for the #10 ledger. Resolves all security-audit (2 High: symlink-write escape, allowlist bypass), Copilot (7), and verifier findings. CI + CodeQL green; 483 tests. Resolves #6
…evidence (#7) (#31) Adds `src/verification/**` — Keiko's verification orchestrator. It detects npm scripts, builds a verification plan, runs allowlisted commands through the unchanged #6 safe tool layer under per-command resource limits (wall-time, output-size, best-effort Linux memory via `/proc` VmRSS, documented no-network default), classifies each outcome (passed/failed/skipped/denied/timed-out/cancelled/resource-exceeded), supports targeted tests, honors harness cancellation, and produces redacted CLI / audit / Markdown summaries that are JSON-stable for the #10 audit ledger. Adds the `keiko verify` CLI subcommand and ADR-0007. Reuses the #6 `runCommand` boundary unchanged (no src/tools|harness|workspace|gateway edits); memory monitoring via a SpawnFn wrapper + ResourceMonitor seam. Zero new runtime dependencies. 554 tests (1 Linux-only `/proc` sampler skip). Reviewed: verifier APPROVED all 7 acceptance criteria; security-triage CLEARED (boundary unchanged, redaction layered in depth, no ReDoS/injection); Copilot's 3 findings resolved (page-size-independent VmRSS sampling + test import tidy). Resolves #7
Adds the unit-test generation workflow (src/workflows/unit-tests/**) plus the `keiko gen-tests` CLI and the `generateUnitTests` SDK entry. Composes the #5 workspace/context, #6 safe-patch, and #7 verification layers in a deterministic pipeline with a production-code guard, dry-run default, explicit apply mode, and a redacted workflow report + progress events. Design in ADR-0008. Verified: typecheck, lint, 626 tests pass (1 pre-existing skip); apply+verify integration test green; security triage clean; #3-#7 unchanged. Resolves #8
Implements the bug-investigation and regression-test workflow (ADR-0009): a deterministic pipeline that parses failure evidence, builds bounded context, proposes a root-cause hypothesis + minimal patch + regression-test strategy through the #6 safe-patch boundary, runs #7 verification, and emits a verified-vs-hypothesis report. Includes the keiko investigate CLI, SDK/root exports, fixtures, and tests. Composes #3-#7 unchanged. Security audit found and fixed a scope-guard ./-prefix bypass (C1) and a post-apply-cancel report inaccuracy (M1), both independently re-verified. Resolves #9 Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…action controls (#10) Implements the audit ledger / evidence-manifest layer (src/audit/**, ADR-0010): redacted, versioned, replay-stable evidence manifests persisted to a contained local store, an index/list API, retention controls, per-run usage/cost aggregation, and CLI (keiko run evidence-by-default + keiko evidence list/show) plus SDK integration. Composes the harness/gateway/verification/workspace layers unchanged (reuse-unchanged diff empty). Deep security audit: PASS (the one LOW, O_EXCL temp write, fixed); 5 Copilot findings addressed; all 8 acceptance criteria verified; 851 tests green; zero new runtime dependencies. Resolves #10 Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…#13) Delivers Keiko's Wave 1 professional UI: a locally hosted Next.js (App Router) + Tailwind application served by a hand-written local Node BFF that consumes the harness structured event stream. Architecture recorded in ADR-0011. - Six surfaces: workflow launch, live run view + cancel, patch review + gated apply, evidence browser + manifest detail, config/model inspector, home/nav. - Local Node `node:http` BFF (`src/ui/**`), 127.0.0.1-only, hash-based CSP, DNS-rebinding defense, path-traversal-safe static serving, eleven-route JSON + SSE contract, dry-run-first single gated write path, full secret redaction, and redacted evidence persistence for UI-initiated runs. - `keiko ui` launcher; UI assets packaged into `dist/`; new required `ui` CI job (build, lint, typecheck, jsdom + axe tests, `keiko ui` health smoke), offline. - WCAG 2.2 AA baseline with an axe-core CI gate. Zero new shipped runtime dependencies; the frozen core layers are unchanged (reuse-unchanged invariant). - Security audit (PASS), acceptance-criteria verification, WCAG audit, and the full Copilot review all addressed. Resolves #13 Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
#36) * docs: add ADR-0012 Wave 1 evaluation harness boundary (#11) Records the evaluation-layer decisions: src/evaluations/ module location, leaf dependency direction, typed-data fixture format, scripted-vs-live model provider seam, seven scoring dimensions, surface-parity structural blocker, versioned EvalScorecard output, keiko evaluate CLI, and Wave 1 Go/No-Go criteria. The Implementation Plan section doubles as the developer spec. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> * refactor: extract workflow→evidence mapping to src/audit/workflow-evidence.ts; reuse from ui (#11) C2 option (a): the pure workflow report→EvidenceManifest mapping moves to the audit layer so the evaluation harness and the UI BFF build it from one implementation, with no eval→ui dependency. src/ui/evidence.ts delegates the workflow path and keeps the explain-plan harness-usage fold local; its public surface is unchanged. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> * feat: evaluation core — types, scripted model, provider, scorer, runner, surface-parity, render (#11) src/evaluations/** per ADR-0012: types, scripted-model, model-provider, scorer, runner + runner-support, surface-parity, render, manifest-check, and the first unit-test fixtures. Composes generateUnitTests/investigateBug unchanged. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> * feat: evaluation fixtures + public barrel; resolve bug-report verification shape (#11) Six EvaluationFixtures (3 per workflow). unit-tests/happy-path and bug-investigation/ happy-path run in apply mode with a deterministic fake SpawnFn + recording writer so test-pass-rate and verification-completeness score real pass/fail offline (C5). The ScoringInput projection now reads the bug report's verified.verification as well as the unit-test verificationSummary. Barrel exports the full public surface. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> * feat: keiko evaluate CLI + SDK exports (#11) runEvaluateCli mirrors runGenTestsCli (injected CliIo + deps). Offline by default; --live fails closed (exit 1, names env vars) with no resolvable config. Wired into the runner dispatch + HELP_TEXT. Explicit named eval exports added to src/sdk and src/index. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> * docs: add Wave 1 pilot Go/No-Go criteria and known limitations (#11) Documents the offline machine-computable Go/No-Go thresholds, the opt-in live-model assessment path, how to read the EvalScorecard, and the harness's known limitations. Resolves the ADR-0012 forward reference. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> * test: evaluation scripted-model, scorer, fixture-loading, runner suites (#11) 161 deterministic offline tests covering the scripted ModelPort (replay, last-repeat, error, empty), all seven scoring dimensions + suite aggregation, fixture loading/materialization, and the end-to-end runner over all six fixtures (status, dimension outcomes, unsafe-action zero-writes, apply-mode verification, temp-dir cleanup). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> * fix: contain fixture materialization within temp root (#11) Adds a path-containment guard in materializeFixture: after computing abs = join(root, relPath), assert abs stays within root. A workspaceFiles key like ../../etc/x would previously escape the temp dir; now it throws a clear Error. Mirrors the #5/#6 realpath-contained ethos. Adds two focused tests: one for ../ traversal (must throw) and confirms existing nested-path tests still pass. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * fix: make evaluation runId unique per run to avoid evidence collisions (#11) The runId was static (eval-<kind>-<name>), so repeat runs collided in the #10 O_EXCL evidence store — the second write was silently dropped, causing audit-completeness to falsely pass. Now the runId is generated from the injectable idSource (default: crypto.randomUUID) so each run gets a unique key. Tests already inject a fixed idSource for determinism and required no assertion changes. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * fix: deep-redact live-mode evaluation scorecard output (#11) When mode === "live", apply createAuditRedactor + deepRedactStrings to the scorecard before JSON.stringify / file-write. Offline path is unchanged (static harness text, no model content). Also exports deepRedactStrings from the audit barrel to keep the import on the right layer boundary. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * fix: use real wall-clock for evaluatedAt in CLI runs (#11) The CLI passed no `now` to runEvaluationSuite so it fell back to the hard-coded FIXED_EVAL_EPOCH_MS (2023-11-14T22:13:20.000Z). Now the CLI default is Date.now, which injected deps.runner.now overrides (tests continue to inject a fixed clock for deterministic evaluatedAt). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * ci: offline evaluate smoke in build job (#11) Adds a run: step in build-scan-sbom-smoke after the Build step. Offline mode only (no --live, no API key needed); KEIKO_EVIDENCE_DIR isolates evidence writes to a temp dir. Mirrors the shape of existing smoke steps. No new GitHub Actions, no SHA changes. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * test: split scorer-dimensions suite under LOC limit (#11) scorer-dimensions.test.ts was 423 LOC (over the 400 limit). Split into two files: part 1 covers task-completion/patch-correctness/test-pass-rate/ verification-completeness (244 LOC); part 2 covers patch-size/audit- completeness/unsafe-action-rejection/scoreFixture shape (254 LOC). Every assertion is preserved. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * test: evaluation surface-parity (#11) Adds tests/evaluations/surface-parity.test.ts: asserts allPassed===true on the real codebase for all 6 structural checks (descriptor-inputs x2, cli-flags x2, sdk-exports, run-request-shape). Individual assertions cover descriptor required-inputs, CLI --help flag presence, SDK named-export types, and RunRequest field shape. Mutation-robust: each check exercises a specific structural invariant that would fail if the production code regressed. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * test: evaluation cli-evaluate (#11) Adds tests/evaluations/cli-evaluate.test.ts covering the runEvaluateCli seam: --help exit 0, offline run exit 0, --json valid JSON with schemaVersion:"1", unknown --suite exit 2, --suite+--fixture mutual- exclusion exit 2, unknown --fixture exit 2, single --fixture runs one fixture, --live with injected failing ConfigInvalidError factory exits 1 with config error on stderr and no scorecard/secret on stdout (fail-closed assertion), and --output writes a valid scorecard file. Uses injected in-memory store + fixed clock for determinism throughout. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * test: evaluation render (#11) Adds tests/evaluations/render.test.ts: pure function tests for renderEvalSummary covering fully-passing scorecard (PASS/GO/pilot-ready), a failing dimension (FAIL by name in dimension and fixture lines, NO-GO verdict), safetyGatePassed:false (safety gate notice, NO-GO, not "GO — pilot ready"), output structure (evaluatedAt, fixture name, counts), and no-API-key-shaped string in output on both pass and fail paths. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * test: finalize scorer-dimensions split (#11) Completes the split of the scorer dimension suite into two files, each under the 400 LOC limit, with all per-dimension assertions preserved. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> * test: satisfy lint rules in evaluation test suite (#11) Replace non-null assertions (!-postfix) with a must() helper that throws a descriptive error if ever undefined, keeping runtime semantics identical while satisfying @typescript-eslint/no-non-null-assertion. Add explicit return types on async run()/runAll()/offlineDeps() to satisfy @typescript-eslint/explicit-function-return-type. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * test: use dot notation in surface-parity assertions (#11) Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…#12) Brings Wave 1 documentation up to the full shipped product surface (CLI, SDK, local UI) and adds the customer pilot materials: pilot runbook, dedicated security and audit boundary reference, model capability guide for the customer portfolio, and npm package-surface guidance. Documentation-only change; no runtime code modified. All 12 Copilot review findings were verified against source and corrected (evidence-persistence scope, credential precedence, command surface, capability-metadata overrides). Closes #12
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 22.19.19 to 25.9.1. - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) --- updated-dependencies: - dependency-name: "@types/node" dependency-version: 25.9.1 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [eslint-config-prettier](https://github.com/prettier/eslint-config-prettier) from 9.1.2 to 10.1.8. - [Release notes](https://github.com/prettier/eslint-config-prettier/releases) - [Changelog](https://github.com/prettier/eslint-config-prettier/blob/main/CHANGELOG.md) - [Commits](https://github.com/prettier/eslint-config-prettier/commits/v10.1.8) --- updated-dependencies: - dependency-name: eslint-config-prettier dependency-version: 10.1.8 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.6.2 to 7.0.1. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@ea165f8...043fb46) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-version: 7.0.1 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
) Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 4.9.0 to 5.0.0. - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](actions/dependency-review-action@2031cfc...a1d282b) --- updated-dependencies: - dependency-name: actions/dependency-review-action dependency-version: 5.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [actions/checkout](https://github.com/actions/checkout) from 4.3.1 to 6.0.2. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@34e1148...de0fac2) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.2 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.36.0 to 4.36.0. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@03e4368...7211b7c) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.36.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 4.4.0 to 6.4.0. - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](actions/setup-node@49933ea...48b55a0) --- updated-dependencies: - dependency-name: actions/setup-node dependency-version: 6.4.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
…tions/setup-node-6.4.0 ci(deps): bump actions/setup-node from 4.4.0 to 6.4.0
Bumps [typescript](https://github.com/microsoft/TypeScript) from 5.9.3 to 6.0.3. - [Release notes](https://github.com/microsoft/TypeScript/releases) - [Commits](microsoft/TypeScript@v5.9.3...v6.0.3) --- updated-dependencies: - dependency-name: typescript dependency-version: 6.0.3 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
…script-6.0.3 deps(deps-dev): bump typescript from 5.9.3 to 6.0.3
…nt-10.4.0 deps(deps-dev): bump eslint from 9.39.4 to 10.4.0
…esting-library/user-event-14.6.1 ui-deps(deps-dev): bump @testing-library/user-event from 14.5.2 to 14.6.1 in /ui
Bumps [@testing-library/dom](https://github.com/testing-library/dom-testing-library) from 10.4.0 to 10.4.1. - [Release notes](https://github.com/testing-library/dom-testing-library/releases) - [Changelog](https://github.com/testing-library/dom-testing-library/blob/main/CHANGELOG.md) - [Commits](testing-library/dom-testing-library@v10.4.0...v10.4.1) --- updated-dependencies: - dependency-name: "@testing-library/dom" dependency-version: 10.4.1 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
…esting-library/dom-10.4.1 ui-deps(deps-dev): bump @testing-library/dom from 10.4.0 to 10.4.1 in /ui
Bumps [jsdom](https://github.com/jsdom/jsdom) from 25.0.1 to 29.1.1. - [Release notes](https://github.com/jsdom/jsdom/releases) - [Commits](jsdom/jsdom@v25.0.1...v29.1.1) --- updated-dependencies: - dependency-name: jsdom dependency-version: 29.1.1 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
…sdom-29.1.1 ui-deps(deps-dev): bump jsdom from 25.0.1 to 29.1.1 in /ui
Bumps [axe-core](https://github.com/dequelabs/axe-core) from 4.10.2 to 4.11.4. - [Release notes](https://github.com/dequelabs/axe-core/releases) - [Changelog](https://github.com/dequelabs/axe-core/blob/develop/CHANGELOG.md) - [Commits](dequelabs/axe-core@v4.10.2...v4.11.4) --- updated-dependencies: - dependency-name: axe-core dependency-version: 4.11.4 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
…xe-core-4.11.4 ui-deps(deps-dev): bump axe-core from 4.10.2 to 4.11.4 in /ui
Bumps [@testing-library/jest-dom](https://github.com/testing-library/jest-dom) from 6.6.3 to 6.9.1. - [Release notes](https://github.com/testing-library/jest-dom/releases) - [Changelog](https://github.com/testing-library/jest-dom/blob/main/CHANGELOG.md) - [Commits](testing-library/jest-dom@v6.6.3...v6.9.1) --- updated-dependencies: - dependency-name: "@testing-library/jest-dom" dependency-version: 6.9.1 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
…esting-library/jest-dom-6.9.1 ui-deps(deps-dev): bump @testing-library/jest-dom from 6.6.3 to 6.9.1 in /ui
* restore the canonical Apache-2.0 license text * ship NOTICE and TRADEMARKS.md in the npm package surface * document attribution, trademark policy, and package-surface checks
* document pre-1.0 supported versions * route vulnerability reports through GitHub Security Advisories * define response and disclosure expectations
…ore + ADR-0016 (#75) * feat(ui-bff): enforce deny list and honor .gitignore in /api/files (#75) Wires src/workspace/ignore.ts into src/ui/files.ts so /api/files/tree and /api/files/preview honor the always-on deny patterns (.env, *.pem, id_rsa, node_modules, .git, …; .env.example exception preserved) and apply best-effort .gitignore noise reduction in tree listings only. Preview remains accessible for ignored-but-not-denied paths. * feat(ui): generic safety message for denied file previews (#75) When the BFF returns 403 DENIED, FilePreview now renders a generic 'excluded from the read surface for safety' message with role="alert" instead of the raw error body. The matched server-side deny pattern and the requested path never reach the user, which preserves the safety invariant that the deny list cannot be probed via error text. * docs(adr): ADR-0016 deeper files explorer BFF surface (#75) Documents the /api/files/* route family added in #67 and the deny-list / .gitignore wiring added in #75: separate-from /api/workspace; always-on isDenied on tree and preview; best-effort .gitignore on tree listings only; generic-message DENIED responses that never leak the matched pattern or path; path-containment is duplicated with src/workspace/ and tracked as a follow-up. Closes #75 * style(ui): add .fpv-state and .fpv-error styling for denied-preview alert (#75) Adds the missing CSS for the alert classes introduced by 5c80e83 so the denied-preview message is visually distinct (padded inset, danger tint), addressing the a11y audit. Loading state ("Loading preview…") which also uses .fpv-state benefits the same way. Theme tokens only; no new colours. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * fix(ui-bff): deny check before realpath; hide path in denied preview header (#75) Three Copilot review findings addressed: 1. files.ts:382 / :547 — Deny check was AFTER resolveInsideRoot's realpath, so a denied path that did not exist returned 404 NOT_FOUND while an existing denied path returned 403 DENIED. Callers could probe for deny-listed file existence under a root via the status-code difference. Moved the deny check into resolveInsideRoot immediately after lexical normalisation, BEFORE realpath. Removed the now-redundant duplicate checks at the readFilesTree and readFilesPreview call sites. 2. FilePreview.tsx:131 — When the BFF returned 403 DENIED the alert was generic, but the header above it still rendered the requested path (visible text + title attribute), contradicting the PR's no-leakage claim. The header now renders "Hidden file" with no path or extension when error.denied is true. Added two regression tests: - tests/ui/files.test.ts pins 403 DENIED for non-existent denied paths (preview + tree + nested deny segment) — proves the existence probe is closed. - FilesWidget.test.tsx asserts the entire rendered tree (including innerHTML for title/aria attributes) does not contain the requested path when the preview is denied. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…PTY (#78) Replace unbounded PTY (node-pty + xterm) with bounded permitted-command execution surface composing src/tools/exec.ts runCommand unchanged. ADR-0018 documents the trust boundary: project-scoped two-tier cwd containment, read-only allowlist (ls/cat/head/tail/wc/find/grep/tree/git read-only/node --version/npm read-only/pwd/echo), four typed terminal:* SSE events, terminal-execution evidence per invocation (counts only). Five new /api/terminal/* routes (CSRF-guarded state changers). Subtractive: node-pty + @xterm/* removed. Closes #78
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 22.19.19 to 25.9.1. - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) --- updated-dependencies: - dependency-name: "@types/node" dependency-version: 25.9.1 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 7.3.3 to 8.0.16. - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v8.0.16/packages/vite) --- updated-dependencies: - dependency-name: vite dependency-version: 8.0.15 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Oliver Scharkowski <59687448+oscharko@users.noreply.github.com>
Bumps [jest-axe](https://github.com/nickcolley/jest-axe) from 9.0.0 to 10.0.0. - [Release notes](https://github.com/nickcolley/jest-axe/releases) - [Changelog](https://github.com/NickColley/jest-axe/blob/main/CHANGELOG.md) - [Commits](NickColley/jest-axe@v9.0.0...v10.0.0) --- updated-dependencies: - dependency-name: jest-axe dependency-version: 10.0.0 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Oliver Scharkowski <59687448+oscharko@users.noreply.github.com>
Harden live agent model capability registration, model picker filtering, and patch parsing/validation for production-near Azure model runs.
Harden the Review widget evidence navigation, run-state messaging, diff parsing, accessibility semantics, and bounded diff rendering.
Harden terminal command policy, request correlation, fail-closed evidence persistence, and terminal evidence manifest semantics.
Normalize file-selected agent launcher paths, prefill workflow inputs from the active file, and expose only configured model providers through the UI models endpoint.
Prepare Keiko for the 0.1.0-beta.0 beta release under @oscharko-dev/keiko, consolidate release documentation, remove stale artifacts/dead code, and preserve the sqlite re-exec helper signature after Copilot review.
24 tasks
Emit the GitHub Actions status required by main branch protection when protected dev is checked.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Merge protected
devintomainfor the Keiko0.1.0-beta.0beta release.Refs: #115. This PR promotes the reviewed and merged beta release state from
devtomainwhile preserving the exactdevtree, including executable file modes.Scope
devtree tomainfor release publication.devstate.Product Impact
Verification
Required:
Local verification:
Select only what applies:
pnpm run release:checkor an explicit rationale.Not applicable rationale:
pnpm run release:check; release verification for chore: prepare 0.1.0-beta.0 release #115 usednpm run prepackandnpm pack --dry-run --ignore-scripts --json.Review And Closure
Resolves #<issue_number>only when this PR should close the issue.Risk Notes
The direct
dev -> maincomparison includes olderdevhistory. Some historical commits are unsigned, but the targetmainupdate should be a GitHub-generated signed squash commit after checks and review settle; this preserves the exact protecteddevtree for release publication.