chore: sync main → dev (Phase 0 for v0.10.0 release)#1212
Merged
bradygaster merged 39 commits intoJun 5, 2026
Conversation
chore: promote dev to main (docs dark mode fix)
…bradygaster#592) Fixes bradygaster#591 - Added step 7 (Wire enforcement) to Adding Team Members in squad.agent.md - Added workflow-wiring-guide.md with configuration surface area, wiring instructions, common mistakes, and verification checklist - Added appendix walkthroughs for code reviewer (gate pattern) and documenter (follow-up trigger pattern) Co-authored-by: Jonathan Ben Ami <jbenami@microsoft.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…-checking skill (bradygaster#603) * feat(skills): add fact-checking skill\n\nAdds challenger/fact-checking review pattern.\nVerified against 200+ issues in production squads.\nCloses bradygaster#598 * feat(agents): add challenger agent charter template\n\nGeneric Devil's Advocate / Challenger template.\nProvides auto-spawn integration pattern for coordinators.\nCloses bradygaster#598
fix(ci): remove all cron schedules — push to main
…0.9.4-insider.1 Root cause: CLI depended on SDK via '>=0.9.0' which npm resolves to the latest stable version (0.9.1) — a build that predates FSStorageProvider. npm semver rules prevent >=0.9.0 from matching prerelease versions, so users always got the stale SDK. Fixes: 1. Pin CLI SDK dep to exact '0.9.4-insider.1' 2. Add workflow step to auto-pin SDK version before every publish 3. Add registry verification wait between SDK and CLI publish 4. Bump both packages to 0.9.4-insider.1 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…radygaster#875) * feat(ci): add file list with line stats, scope badge, and check subtitles to PR readiness (bradygaster#813) - Add file list table with per-file +additions/-deletions stats - Add PR scope classification (Product/Infrastructure/Mixed) - Rename Architectural Review and Security Review checks with descriptive subtitles Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * ci: scope boundary enforcement for repo-health PRs (bradygaster#826) Add CI check that fails when repo-health PRs include product source code changes under packages/*/src/. Prevents scope creep where infrastructure PRs accidentally touch product code. - Add squad-scope-check.yml workflow - Document PR scope rules in copilot-instructions.md - Fail loudly on git diff errors instead of silently passing Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * ci: smart PR nudge for stale PRs (bradygaster#827) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * test: add cross-package export smoke test to catch missing imports Validates every value import squad-cli uses from squad-sdk resolves to a defined export at runtime. Covers 15 SDK subpaths and 50+ named exports including FSStorageProvider, SquadClient, CastingEngine, RalphMonitor, and all resolution/config/platform helpers. Also verifies that every entry in the SDK package.json exports map points to a file that actually exists on disk. Motivation: v0.9.3-insider.1 shipped with FSStorageProvider missing from the SDK barrel — broke users at runtime while all TS-level tests passed (TypeScript resolves from source, not compiled output). Refs: bradygaster#836 --------- Co-authored-by: Dina Berry (MSFT) <diberry@microsoft.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Co-authored-by: Copilot <copilot@github.com>
…adygaster#900) * feat(cli): add deprecation warnings for tunnel, rc, and REPL commands Adds visible deprecation warnings to: - Interactive REPL shell (squad with no args) - squad start (and --tunnel flag) - squad rc / remote-control - squad rc-tunnel Phase 1: warnings only — no behavior changes. Commands still work but now emit a yellow deprecation notice pointing users to the GitHub Copilot CLI as the replacement. Help text updated to show [DEPRECATED] tags on affected commands. Closes bradygaster#899 Related: bradygaster#665 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * chore: add changeset for tunnel/rc/REPL deprecation warnings Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * fix: shorten deprecation hint to fit 80-char UX gate Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Co-authored-by: Copilot <copilot@github.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…bradygaster#876) * Add enforcement wiring step to hiring process + workflow wiring guide (bradygaster#592) Fixes bradygaster#591 - Added step 7 (Wire enforcement) to Adding Team Members in squad.agent.md - Added workflow-wiring-guide.md with configuration surface area, wiring instructions, common mistakes, and verification checklist - Added appendix walkthroughs for code reviewer (gate pattern) and documenter (follow-up trigger pattern) Co-authored-by: Jonathan Ben Ami <jbenami@microsoft.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * feat(agents): add Challenger / Devil's Advocate agent template + fact-checking skill (bradygaster#603) * feat(skills): add fact-checking skill\n\nAdds challenger/fact-checking review pattern.\nVerified against 200+ issues in production squads.\nCloses bradygaster#598 * feat(agents): add challenger agent charter template\n\nGeneric Devil's Advocate / Challenger template.\nProvides auto-spawn integration pattern for coordinators.\nCloses bradygaster#598 * feat: add APM integration for skill publishing and installation Closes bradygaster#824 ## Changes ### New command: squad skill - squad skill publish [<name>] — exports skill(s) to APM format, generating/updating apm.yml - squad skill install <source> — installs a skill from APM registry - Supports owner/repo, owner/repo/skill-name, and direct URLs - Uses GitHub CLI to fetch from repos that have apm.yml or .squad/skills/ - Writes .apm-source.json metadata to track skill origin - squad skill list — lists installed skills with source provenance ### Updated: squad init - Now generates �pm.yml at project root alongside .squad/ - Follows skipExisting semantics (safe to re-run) - apm.yml includes skills, instructions, and prompts sections ### Updated: squad help - Added skill command to help text with usage examples ## APM format apm.yml is the Agent Package Manager manifest — package.json for AI agent context. See: https://github.com/microsoft/apm The manifest declares skills, instructions, and prompts in a portable format that �pm install can deploy to .github/, .claude/, .cursor/ etc. * chore: add changeset for APM integration * docs: update CHANGELOG.md with APM integration entry * fix(skill): use .copilot/skills/ as primary path per bradygaster#430 The skills unification in bradygaster#430 migrated skills from .squad/skills/ to .copilot/skills/. This updates the APM skill command to: - Check .copilot/skills/ first, fall back to .squad/skills/ (backward compat) - Use resolveSkillsDir() helper matching LocalSkillSource pattern - Update all user-facing messages and apm.yml template paths - Fix installSkillsFromSquadDir candidate order Addresses review feedback from @Meir017. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * fix: align CHANGELOG.md with dev branch Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * fix: add missing fs import in init.ts Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Co-authored-by: joniba <joniba@users.noreply.github.com> Co-authored-by: Jonathan Ben Ami <jbenami@microsoft.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Co-authored-by: Copilot <Copilot@users.noreply.github.com> Co-authored-by: Copilot <copilot@github.com>
… fetch (bradygaster#920, bradygaster#923) * fix(watch): shared issue fetch, Windows shell:true, agentCmd default (bradygaster#920, bradygaster#923) Three fixes for watch capabilities: 1. Shared issue fetch (bradygaster#923): Fetch issues + PRs ONCE at round start via new RoundData on WatchContext. All 4 capabilities that called adapter.listWorkItems() independently now read from context.roundData. Core triage (runCheck + checkPRs) also uses shared data. Reduces API calls from ~6 to 2 per round. 2. Windows execFile + shell:true (bradygaster#920): Added shell: IS_WINDOWS to every execFile/execFileSync call across the watch system, gh-cli.ts, and health.ts. Fixes 'spawn EINVAL' on Windows where bare commands like 'gh' resolve to .cmd wrappers that require a shell. 3. agentCmd default change: Default agent command changed from 'gh copilot' (deprecated) to standalone 'copilot'. Extracted duplicated buildAgentCommand() and spawnWithTimeout() from 7 files into shared agent-spawn.ts module. Files: - NEW: watch/agent-spawn.ts — shared buildAgentCommand, spawnWithTimeout, spawnAgent, IS_WINDOWS - watch/types.ts — added RoundData interface + roundData field on WatchContext - watch/index.ts — fetch once in executeRound(), pass roundData through - watch/capabilities/{decision-hygiene,monitor-teams,monitor-email,retro}.ts — use agent-spawn.ts - watch/capabilities/{execute,wave-dispatch}.ts — use agent-spawn.ts + roundData - watch/capabilities/{fleet-dispatch,two-pass}.ts — use roundData + shell:IS_WINDOWS - watch/capabilities/{board,self-pull}.ts — shell:IS_WINDOWS on all execFile calls - watch/health.ts — shell:IS_WINDOWS on gh auth check - core/gh-cli.ts — shell:IS_WINDOWS on all 6 execFileAsync calls * test: update buildAgentCommand tests for copilot default The default agent command changed from 'gh copilot' to standalone 'copilot' CLI. Updated test expectations accordingly. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * chore: add changeset for watch Windows fixes Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * fix(watch): runtime copilot CLI detection with gh fallback Add resolveCopilotCmd() that tries standalone 'copilot' first, falls back to 'gh copilot' if not found. Result is cached per process. Addresses Q's review of PR bradygaster#927: hardcoded 'copilot' default could break users without the standalone CLI installed. Both buildAgentCommand (shared) and buildAgentCommand (legacy compat) now use the same detection logic. Tests updated to accept either resolved command. * fix(watch): remove unused _cp variable, use resolveCopilotCmd in fleet-dispatch - Remove unnecessary ChildProcess assignment in spawnAgent - Fleet-dispatch now uses runtime copilot detection instead of hardcoding Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Merge dev to main: Publish docs site with updated messaging
# Conflicts: # .github/workflows/squad-repo-health.yml # packages/squad-cli/src/cli-entry.ts # packages/squad-cli/src/cli/commands/watch/capabilities/decision-hygiene.ts # packages/squad-cli/src/cli/commands/watch/capabilities/execute.ts # packages/squad-cli/src/cli/commands/watch/capabilities/monitor-email.ts # packages/squad-cli/src/cli/commands/watch/capabilities/monitor-teams.ts # packages/squad-cli/src/cli/commands/watch/capabilities/retro.ts # packages/squad-cli/src/cli/commands/watch/capabilities/wave-dispatch.ts # packages/squad-cli/src/cli/commands/watch/health.ts # packages/squad-cli/src/cli/commands/watch/index.ts # packages/squad-cli/src/cli/commands/watch/types.ts # scripts/pr-readiness.mjs # test/cli/watch-execute.test.ts # test/pr-readiness.test.ts
- squad-sdk: 0.9.4-insider.1 → 0.9.4 - squad-cli: 0.9.4-insider.1 → 0.9.4 - CHANGELOG: [Unreleased] → [0.9.4] - 2026-04-21 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
The CHANGELOG Write Protection gate blocks non-approved authors. Leave CHANGELOG as-is from insider; the release workflow will stamp the version. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
The CI gate blocks non-approved authors from modifying CHANGELOG.md. Using main's version since this PR targets main. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Files from insider branch that were deleted on main need to be preserved for the promotion. Restores scripts/, workflows, and test files that were lost in the merge resolution. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…tion security-review-skills.test.ts was added to main by PR bradygaster#882 but references scanSkillContent which was subsequently removed. This test fails on main too. Removing from promotion branch since it's not part of insider. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
The test expected '-p' but agent-spawn.ts uses '--message' since insider. Aligns test assertion with the current implementation. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Reverts all source, test, template, workflow, and doc files to match the insider branch exactly. Only version bumps (0.9.4) and CHANGELOG remain as intentional diffs. The merge of main into the release branch had incorrectly brought in main's divergent code (monorepo init, rate-limit detection, cast tests, etc.) which caused 24+ test failures in CI. A promotion PR should contain insider's tested code, not main's unreleased changes. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- skill.ts: add await to async ghAvailable() call
- skill.ts: add shell: IS_WINDOWS to all execFileAsync('gh') calls
- squad-pr-nudge.yml: fix reversed compareCommits base/head args
- squad-insider-publish.yml: fix nested double-quotes in bash
- watch/health.ts: add timeout to execFileSync call
- apm-integration.md: fix package name to @bradygaster/squad-cli
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
chore: release v0.9.4 — promote insider to official Bypassing rules since it seems we have some "stuck" rules.
PR bradygaster#1023 merged insider into main, but insider was behind on docs changes that had already landed on main via dev (PRs bradygaster#989, bradygaster#953, bradygaster#955, bradygaster#956, bradygaster#906). The merge resolution picked insider's older versions, reverting 25 docs files. This restores all affected files from dev: - David Pine's human-led productivity emphasis (PR bradygaster#989) - Cross-links between related documentation (PR bradygaster#956) - Compaction recovery, coordinator restraint, result persistence refs - Teams async adapter migration guide - State backends feature doc - Search/Sidebar component updates - Landing page content Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…1023 merge PR bradygaster#1023 (insider->main) picked insider's older file versions, reverting 68 source/test/workflow files to outdated versions and deleting 13 files that existed on main. This restores all files to their correct state from dev (which matched pre-merge main). Affected areas: - CLI commands (cast, start, loop, plugin, externalize, watch/*) - SDK (state-backend, scheduler, comms-teams, azure-devops) - Workflows (release, publish, promote, preview, sync-labels) - Tests (13 deleted test files restored, 15 reverted tests fixed) - Templates and config files Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…-from-dev fix: restore 106 files accidentally reverted by PR bradygaster#1023 merge
The esbuild bundler flattened two separate function scopes into one, creating two 'const hasForce' declarations (lines 1130 and 1192). This causes a SyntaxError on load, failing 90/130 tests and blocking every release run on main. Renamed the second declaration to 'shouldForce' to resolve the conflict. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…licate-declaration fix: rename duplicate hasForce declaration blocking all releases
Same fix as PR bradygaster#1030 on dev. Changes 3 tests in Group 6 from init-only to init+upgrade pattern, matching the behavior change from PR bradygaster#847. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
When TEST_ROOT is inside the repo, detectParentGitRepo() redirects agent file placement to the git root instead of TEST_ROOT, causing test assertions to fail. Using os.tmpdir() places the test directory outside any git repo, matching the fix already on dev. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- init.test.ts: use tmpdir() instead of process.cwd() to avoid monorepo detection - loop.test.ts: update error regex from /gh CLI/ to /Copilot CLI/ to match new message - template-sync.test.ts: add beforeAll sync and bump timeout to 60s Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…dotnet-tests-to-main test: cherry-pick .NET detection test fix to main (from bradygaster#1030)
Closes the gap from PR bradygaster#1023 where version was bumped but CHANGELOG wasn't updated. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
The release/0.9.4 merge (PR bradygaster#1023) bumped packages/*/package.json but missed the root. This caused squad-release.yml to fail on every push to main. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Fix lockfile stability check in squad-npm-publish.yml that incorrectly flagged workspace-local packages as missing integrity hashes. Changed filter to only check registry-resolved packages (https:// URLs). Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
The repo capture group in `parseGitHubRemote` and `parseAzureDevOpsRemote` used `[^/.]+?`, which excluded `.` and so failed on any repo whose name contained a dot (which both GitHub and Azure DevOps permit). The failure surfaced to users as `Could not detect platform: Could not parse GitHub remote URL: ...` from `squad watch`. Widen the repo capture to `[^/]+?` in all four regexes (HTTPS + SSH for both GitHub and ADO, plus legacy `*.visualstudio.com`). The trailing `(?:\.git)?$` plus the non-greedy quantifier still strip a trailing `.git` correctly. Adds regression coverage in `test/platform-adapter.test.ts` for repos named like `JADE.xlighthousepipelines`, `foo.bar.baz`, and the `.github` community-health repo convention, on both HTTPS and SSH for GitHub, dev.azure.com, and visualstudio.com. Closes bradygaster#1077
…w-dots fix(platform): allow dots in repo names when parsing remote URLs
Closes the v0.9.4 sync-back debt per Picard's release plan (Phase 0). Brings in: - PR bradygaster#1078 dot-repo parser fix (vejadu) - Lockfile integrity check exclusion fix - 0.9.4 CHANGELOG entry - --sync flag in template-sync tests - 31 main-only additions (skill.ts, agent-spawn.ts, fact-checking skill, challenger agent template, 10 scripts, 6 workflows, etc.) Conflict resolution per Worf's analysis (14 conflicts confirmed): - 11 standard conflicts: favor dev (200 commits ahead with state-backend rewrite + feature work) - .changeset/watch-p0-p1-fixes.md: accept main's deletion (stale, already consumed by 0.9.4 release bot) - test/scripts/security-review.test.ts: accept dev's deletion (PR bradygaster#1000/ bradygaster#1001 intentional CI cleanup); scripts/security-review.mjs preserved - docs/.../state-backends.md: take dev's 25KB authored version over main's 8KB PR bradygaster#1023 restore (dev is comprehensive superset; main is older content rehydrated) Lockfile regenerated cleanly. npm run lint passes. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Contributor
There was a problem hiding this comment.
Pull request overview
Syncs main back into dev as Phase 0 ahead of the v0.10.0 release, bringing dev up to date with mainline CI/automation, scripts, and CLI functionality while preserving the intended conflict-resolution decisions described in the PR body.
Changes:
- Adds/updates several GitHub Actions workflows for PR hygiene (readiness, repo-health checks, scope guard, impact analysis, nudge automation, docs link checking).
- Adds new “repo health” + “PR readiness” Node scripts (and impact-utils) with accompanying Vitest coverage.
- Introduces CLI functionality pulled from
main(notablysquad skill/ APM integration and shared watch agent-spawn utilities), plus assorted template/skill additions and changeset churn from the sync.
Reviewed changes
Copilot reviewed 50 out of 51 changed files in this pull request and generated 12 comments.
Show a summary per file
| File | Description |
|---|---|
| test/scripts/risk-scorer.test.ts | Adds unit tests for impact risk tier calculation. |
| test/scripts/parse-diff.test.ts | Adds unit tests for diff parsing + status enrichment utilities. |
| test/pr-readiness.test.ts | Adds extensive unit tests for PR readiness checks and orchestration. |
| test/cross-package-exports.test.ts | Adds runtime smoke tests to ensure CLI→SDK imports exist in published exports. |
| scripts/security-review.mjs | Adds an informational security review scanner for PR diffs (workflows, JS/TS, deps). |
| scripts/repo-health-comment.mjs | Adds shared comment upsert/delete utility for repo-health workflows. |
| scripts/pr-readiness.mjs | Adds PR readiness evaluator and comment upsert logic. |
| scripts/impact-utils/risk-scorer.mjs | Implements risk tier calculation utility. |
| scripts/impact-utils/report-generator.mjs | Implements markdown report generation for impact analysis. |
| scripts/impact-utils/parse-diff.mjs | Implements diff parsing and API-file-status enrichment helpers. |
| scripts/check-squad-leakage.mjs | Adds informational detector for .squad/ file leakage in PRs. |
| scripts/check-bootstrap-deps.mjs | Adds blocking gate enforcing “bootstrap files must only import node:* built-ins”. |
| scripts/architectural-review.mjs | Adds informational architectural-review scanner for structural policy signals. |
| scripts/analyze-impact.mjs | Adds CLI-driven impact analysis report generator using gh + impact-utils. |
| packages/squad-sdk/src/platform/detect.ts | Updates remote URL parsing comments to clarify dot handling in repo names. |
| packages/squad-cli/src/cli/commands/watch/agent-spawn.ts | Adds shared watch agent spawn helpers (Windows shell behavior, copilot CLI detection). |
| packages/squad-cli/src/cli/commands/skill.ts | Adds squad skill command with APM publish/install/list functionality. |
| packages/squad-cli/src/cli-entry.ts | Wires new skill command into CLI entrypoint. |
| .github/workflows/squad-scope-check.yml | Adds repo-health PR boundary guard to prevent product-source changes in repo-health PRs. |
| .github/workflows/squad-repo-health.yml | Adds repo-health workflow running bootstrap protection, leakage check, arch/security review comments. |
| .github/workflows/squad-pr-readiness.yml | Adds PR readiness workflow that upserts a readiness checklist comment. |
| .github/workflows/squad-pr-nudge.yml | Adds scheduled workflow that comments on stale PRs with actionable diagnostics. |
| .github/workflows/squad-impact.yml | Adds workflow that posts an automated architectural impact report comment. |
| .github/workflows/squad-docs-links.yml | Adds on-demand docs link check workflow that files an issue on broken links. |
| .github/workflows/squad-npm-publish.yml | Tightens lockfile integrity validation logic for resolved URLs. |
| .github/copilot-instructions.md | Documents the new PR nudge automation workflow. |
| package-lock.json | Regenerated lockfile as part of the sync and install reconciliation. |
| CHANGELOG.md | Updates changelog to include a 0.9.4 header entry. |
| .squad/templates/agents/challenger.md | Adds a challenger agent template focused on fact-checking and adversarial review. |
| .squad/skills/fact-checking/SKILL.md | Adds a fact-checking skill definition and methodology template. |
| .squad-templates/workflow-wiring-guide.md | Adds workflow wiring guide template for enforcing coordinator routing/gates. |
| .squad-templates/workflow-wiring-appendix-a-code-reviewer.md | Adds appendix template for wiring an enforced code-review gate. |
| .squad-templates/workflow-wiring-appendix-b-documenter.md | Adds appendix template for wiring a documentation follow-up trigger. |
| .changeset/fix-watch-windows-shared-fetch.md | Adds changeset for watch Windows + shared agent-spawn + fetch consolidation changes. |
| .changeset/deprecate-tunnel-rc-repl.md | Adds changeset documenting deprecation warnings for tunnel/rc/REPL commands. |
| .changeset/apm-integration.md | Adds changeset documenting APM integration via squad skill and init apm.yml generation. |
| .changeset/watch-rate-limit-detection.md | Removes changeset as part of sync reconciliation. |
| .changeset/watch-p0-p1-fixes.md | Removes changeset as part of sync reconciliation (explicitly called out in PR body). |
| .changeset/teams-adapter-security.md | Removes changeset as part of sync reconciliation. |
| .changeset/teams-adapter-fixes.md | Removes changeset as part of sync reconciliation. |
| .changeset/start-tunnel-node-pty.md | Removes changeset as part of sync reconciliation. |
| .changeset/skill-security-scanner.md | Removes changeset as part of sync reconciliation. |
| .changeset/shell-injection-fixes.md | Removes changeset as part of sync reconciliation. |
| .changeset/review-findings-fix.md | Removes changeset as part of sync reconciliation. |
| .changeset/pid-tracker-cleanup.md | Removes changeset as part of sync reconciliation. |
| .changeset/monorepo-subfolder-support.md | Removes changeset as part of sync reconciliation. |
| .changeset/fix-copilot-message-flag.md | Removes changeset as part of sync reconciliation. |
| .changeset/fix-cast-base-path.md | Removes changeset as part of sync reconciliation. |
| .changeset/external-capability-loading.md | Removes changeset as part of sync reconciliation. |
| .changeset/dynamic-state-discovery.md | Removes changeset as part of sync reconciliation. |
| .changeset/audit-onboarding-skill-guards.md | Removes changeset as part of sync reconciliation. |
Comment on lines
+45
to
+49
| PR_HEAD_SHA: ${{ github.event.pull_request.head.sha || github.event.workflow_run.head_sha }} | ||
| PR_BASE_REF: ${{ github.event.pull_request.base.ref || github.event.workflow_run.pull_requests[0].base.ref }} | ||
| PR_DRAFT: ${{ github.event.pull_request.draft || 'false' }} | ||
| PR_LABELS: ${{ toJson(github.event.pull_request.labels || '[]') }} | ||
| REPO_OWNER: ${{ github.repository_owner }} |
Comment on lines
+7
to
+11
| permissions: | ||
| contents: read | ||
| pull-requests: write | ||
| checks: read | ||
| issues: read |
Comment on lines
+149
to
+151
| if (comparison.data.ahead_by > 10) { | ||
| actions.push(`⬇️ **${comparison.data.ahead_by} commits behind ${pr.base.ref}.** Rebase to pick up latest changes.`); | ||
| } |
Comment on lines
+11
to
+14
| permissions: | ||
| contents: read | ||
| pull-requests: write | ||
|
|
Comment on lines
+11
to
+14
| permissions: | ||
| contents: read | ||
| pull-requests: write | ||
|
|
Comment on lines
+441
to
+448
| const prLabelsRaw = env.PR_LABELS || '[]'; | ||
|
|
||
| let prLabels = []; | ||
| try { | ||
| prLabels = JSON.parse(prLabelsRaw); | ||
| } catch { | ||
| prLabels = []; | ||
| } |
Comment on lines
+46
to
+50
| function isNodeBuiltin(specifier) { | ||
| if (specifier.startsWith('node:')) return true; | ||
| const base = specifier.split('/')[0]; | ||
| return NODE_BUILTINS.has(base); | ||
| } |
Comment on lines
+148
to
+152
| `name: ${fm['name'] ?? skillName}`, | ||
| `version: ${fm['version'] ?? '1.0.0'}`, | ||
| fm['description'] ? `description: "${fm['description']}"` : null, | ||
| ``, | ||
| `skills:`, |
Comment on lines
+153
to
+156
| ` - name: ${fm['name'] ?? skillName}`, | ||
| ` path: skill.md`, | ||
| fm['description'] ? ` description: "${fm['description']}"` : null, | ||
| ] |
Comment on lines
+195
to
+201
| ...skills.map(s => | ||
| [ | ||
| ` - name: ${s.name}`, | ||
| s.description ? ` description: "${s.description}"` : null, | ||
| ` path: ${s.path}`, | ||
| s.version ? ` version: ${s.version}` : null, | ||
| ] |
No source change. Phase 0 sync-back PR has no semantic version impact; CHANGELOG entry will be written in Phase 2 of v0.10.0 release. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Phase 0 sync-back PRs cannot author CHANGELOG.md edits — the CHANGELOG Write Protection gate only allows bradygaster, github-actions[bot], and copilot-swe-agent[bot]. The main-side '## [0.9.4]' heading addition will be reintroduced in Phase 2 by an approved author when the v0.10.0 entry is written. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Collaborator
Author
Phase 0 gates — resolution logCI initially failed two policy gates:
Discovered constraint for Phase 2 (release planning)The Phase 0 merge would have brought main's Implication for v0.10.0 release: Phase 2 (CHANGELOG.md write of the
We'll route Phase 2 accordingly. No code or test impact from this Phase 0 PR. — Coordinator (claude-opus-4.7, GitHub Copilot CLI) |
Collaborator
Author
Copilot reviewer comments — dispositionThanks @copilot for the thorough review. I triaged all 12 inline comments. All are on pre-existing code on Files flagged (and their main-side history)
Decision: out of scope for this PRPhase 0 sync-back has one job — merge
Follow-up filed#1213 — captures all 12 comments with severity ranking and recommended fix order. Will be addressed in a focused PR after v0.10.0 ships. The PR is otherwise green and clean for merge. |
bradygaster
approved these changes
Jun 5, 2026
This was referenced Jun 7, 2026
Merged
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Phase 0: sync
mainintodevbefore v0.10.0 releaseCloses the v0.9.4 sync-back debt per Picard's release plan.
Reviewer history
Worf (Security & Reliability) rejected the first execution attempt of this artifact after surfacing 4 errors in the coordinator's pre-flight scout (claimed zero only-on-one-side files; reality was 31 substantive main-only files;
031-state-backends.mdwas claimed to exist on main, in fact dev-only; conflict count claimed 200+, real count 14). Per Reviewer Rejection Protocol, Worf is locked out of this artifact. Picard (Lead Architect) is the next eligible executor and ran the merge with the corrected 14-conflict map + explicit special-case decisions.Worf's full rejection:
.squad/workstreams/active/squad-agents-ai/decisions/inbox/worf-phase0-sync-main-to-dev.mdConflict resolution (14 confirmed via trial merge)
11 standard conflicts — favor dev (
--ours):package.json(root + 2 packages)package-lock.jsonnpm installpost-mergeindex.cjs.github/workflows/squad-ci.yml.squad-templates/squad.agent.mdtest/cli/init.test.ts,test/cli/upgrade.test.ts,test/platform-adapter.test.ts,test/template-sync.test.ts3 special cases (explicitly decided, not heuristic):
.changeset/watch-p0-p1-fixes.md(UD)test/scripts/security-review.test.ts(DU)scripts/security-review.mjspreserved (referenced by.copilot/skills/security-review/SKILL.md)docs/src/content/docs/features/state-backends.md(AA)Main-only files auto-preserved (31)
All substantive main-only work merged with zero conflict, including:
packages/squad-cli/src/cli/commands/skill.ts(506 lines)packages/squad-cli/src/cli/commands/watch/agent-spawn.ts(143 lines)scripts/(analyze-impact, architectural-review, check-bootstrap-deps, check-squad-leakage, impact-utils/*, pr-readiness, repo-health-comment, security-review).squad-templates/workflow-wiring-*docs.squad/skills/fact-checking/SKILL.md,.squad/templates/agents/challenger.mdVerifications
npm installregenerated lockfile cleanlynpm run lintpasses (tsc --noEmiton both packages)Next step
Phase 1: version bump to 0.10.0 + changeset consolidation. Runs after this PR merges.