Skip to content

fix: address Claude review findings#247

Merged
ScriptedAlchemy merged 5 commits into
masterfrom
codex/claude-findings-fixes
Jul 3, 2026
Merged

fix: address Claude review findings#247
ScriptedAlchemy merged 5 commits into
masterfrom
codex/claude-findings-fixes

Conversation

@ScriptedAlchemy

Copy link
Copy Markdown
Owner

Summary

  • harden automation job loading, locking, webhook delivery, and forward-compatible job config round-trips
  • fix daemon/project routing propagation across proxy/hook connections and stale route invalidation
  • make managed skill exports, prompt cleanup, memory digest lifecycle, and host writes safer/atomic
  • preserve unknown user config keys, tighten LCM recent-session evidence/replay behavior, and harden dashboard/LSP partial-refresh handling

Claude findings covered

Extra transcript check

Tests

  • cargo fmt --check
  • git diff --check
  • scripts/check-conventional-commits.sh origin/master..HEAD
  • cargo clippy --workspace --all-targets --locked -- -D warnings
  • cargo test -q --test agent_suite
  • cargo test -q --test automation_runner_test jobs
  • cargo test -q --test dashboard_api_test automation_jobs
  • cargo test -q --test session_suite recent_sessions
  • cargo test -q --test hooks_lsp_suite lsp_code_diagnostics_test
  • cargo test -q --test agent_suite memory_digest_test::
  • cargo test -q --test mcp_suite mcp_handler_test::memory_fact_store_mutations_refresh_recorded_digest_exports -- --exact
  • cargo test -q --test agent_suite skill_targets_test
  • cargo test -q --test automation_runner_test session_reflector
  • cargo test -q shared_route
  • cargo test -q --features test-transport --test mcp_suite hook_event_workspace_context_routes_followup_graph_reads
  • cargo test -q --test core_cli_suite user_config
  • (cd dashboard && npm run test:dom -- settings-panel-patches)

TraceDecay transcript recall used to validate the missed-finding sweep.

@changeset-bot

changeset-bot Bot commented Jul 3, 2026

Copy link
Copy Markdown

⚠️ No Changeset found

Latest commit: dd51572

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@chatgpt-codex-connector

Copy link
Copy Markdown

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.
To continue using code reviews, add credits to your account and enable them for code reviews in your settings.

@ScriptedAlchemy ScriptedAlchemy force-pushed the codex/claude-findings-fixes branch 4 times, most recently from cc2b905 to e846ec7 Compare July 3, 2026 08:20
is_disallowed_webhook_ipv6 only checked native IPv6 ranges, so the
cloud-metadata IP and loopback/private ranges were reachable via the
IPv6 literal form (::ffff:169.254.169.254, ::127.0.0.1, 6to4/Teredo).
Decode any embedded IPv4 and run the v4 filter on it.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
@ScriptedAlchemy ScriptedAlchemy force-pushed the codex/claude-findings-fixes branch from e846ec7 to f9147ae Compare July 3, 2026 08:28
ScriptedAlchemy and others added 3 commits July 3, 2026 16:29
collect_document_diagnostics dropped every diagnostic in a batch whenever
diagnostics_by_uri.len() < uri_to_document.len(). For LSP servers that only
publish diagnostics for files WITH problems (never an empty publish for clean
files), any batch containing a clean file failed as a timeout and discarded the
real diagnostics for the dirty files.

Only treat the batch as a genuine timeout when NOTHING arrived (preserving the
#237 behavior that a real timeout is not recorded as a complete refresh);
otherwise return the diagnostics that were published. Documents the
empty-publish assumption inline.

Tests: reworked stdio_client_fails_when_a_document_never_publishes_diagnostics
into stdio_client_returns_diagnostics_for_suppress_empty_servers (asserts the
responding file's diagnostics survive) and added
stdio_client_fails_when_no_document_publishes_diagnostics to lock in the
zero-publish timeout.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
swap_overlay_dirs restored the backup on a failed fs::rename(stage_root,
overlay_root) but never removed stage_root, orphaning a
.tracedecay-managed.tmp-<pid>-<nonce> directory that accumulated on every
retry. Remove the staged directory in the error branch, and log a warning if
the backup-restore rename also fails so the user knows content remains at the
backup path.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
remove_marked_block_for_target fell back to deleting the legacy unslugged
managed-skills block whenever a target's own slugged block was absent. On a
shared AGENTS.md mid-migration (one host slugged, another still legacy-
unslugged), uninstalling the first host would delete the legacy block belonging
to the second host.

Only apply the legacy fallback when NO other target's slugged block is present
in the file, so the legacy block can be safely assumed to be this target's. The
remove-all path still removes the legacy block explicitly.

Tests: added uninstall_preserves_legacy_block_on_shared_file_mid_migration,
uninstall_removes_own_slugged_block_on_shared_file, and
uninstall_removes_legacy_block_when_no_slugged_blocks_remain.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
@ScriptedAlchemy ScriptedAlchemy merged commit 85de4da into master Jul 3, 2026
16 checks passed
@ScriptedAlchemy ScriptedAlchemy deleted the codex/claude-findings-fixes branch July 4, 2026 01:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant