Skip to content

feat: Linear issue provider, --pr auto-merge, and reliability fixes#585

Merged
tomdps merged 240 commits into
mainfrom
dev
Jul 9, 2026
Merged

feat: Linear issue provider, --pr auto-merge, and reliability fixes#585
tomdps merged 240 commits into
mainfrom
dev

Conversation

@tomdps

@tomdps tomdps commented Jul 9, 2026

Copy link
Copy Markdown
Collaborator

Release promotion of devmain. Publishes as v6.3.0 via semantic-release.

Features

Fixes

🤖 Generated with Claude Code

EivMeyer and others added 30 commits January 16, 2026 14:59
## Summary
- Add `eslint-plugin-security` and `eslint-plugin-sonarjs` for code
quality
- Set `noInlineConfig: true` - prevents eslint-disable (fix code, not
rules)
- Fix 26 warnings (92 → 66 remaining)

## Changes
- **no-param-reassign (9 → 0)**: Use local variables instead of mutating
params
- **no-nested-conditional (11 → 0)**: Extract nested ternaries to helper
functions
- **detect-unsafe-regex (1 fixed)**: Replace ReDoS-vulnerable nested
quantifier
- **no-invariant-returns (2 → 0)**: File override for message handler
pattern
- **Misc (3)**: Dead eslint-disable, collection size, character class

## Remaining Warnings (66)
Architectural (complexity, max-lines) or false positives for CLI
patterns.

Closes #100

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
## Summary

Reduces planner verbosity from 12KB to ~3KB, fixing "No messages
returned" Claude CLI bug.

## Problem

Planner generates verbose plans (12KB+) that bloat worker context:
- Paragraphs explaining WHY instead of WHAT
- Redundant file descriptions
- Code examples for trivial changes
- 200+ word acceptance criteria

This triggers Claude CLI bug: "No messages returned"

## Solution

Added **OUTPUT CONCISENESS (CRITICAL)** section to planner prompt:
- Target: <3000 words total
- Forbidden: paragraphs, background, redundant descriptions
- Required: bullet points, imperative commands, <50 word criteria
- Examples: verbose (bad) vs concise (good)

## Expected Impact

- PLAN_READY message: 12KB → 3-4KB (~70% reduction)
- Worker context stays under threshold
- No more "No messages returned" errors

## Testing

- ✅ Template parses correctly (no JSON errors)
- ✅ Pre-commit validation passes
- ✅ All emojis preserved (UTF-8 encoding correct)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

---------

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
Fixes CI security audit failures by:

- Adding `--omit=dev` flag to `npm audit` command (only audit production
dependencies)
- Adding npm overrides for vulnerable dev dependencies (diff, tar,
undici)

These vulnerabilities are in dev dependencies (semantic-release, mocha)
and don't affect the published package. The `--omit=dev` flag allows CI
to pass while still catching real production security issues.

Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
…r status reports (#107)

## Summary
- Remove phase-focused instructions from planner - output flat numbered
steps instead
- Tighten CRITICAL classification - only when DIRECTLY modifying
auth/billing/secrets/destructive ops
- Fix worker outputting status reports instead of doing work - add "DO
THE WORK. DON'T REPORT STATUS."

## Changes

### Planner
- Remove SCOPE REDUCTION, SILENT PHASE OMISSION sections
- Remove delegation/sub-agent schema
- Add simple flat numbered steps format
- Forbid: "Phase 1", "Phase 2", "Future work", delegation

### Worker  
- Add prominent "DO THE WORK. DON'T REPORT STATUS." warning
- Forbid outputs like "Infrastructure exists but 0% completed..."
- Require every response to include tool calls that MAKE CHANGES

### Conductor
- Tighten CRITICAL: only when code DIRECTLY modifies auth logic, payment
processing, secrets, destructive DB ops
- Reverse bias: "If unsure between STANDARD and CRITICAL, choose
STANDARD"
- Add cost context: CRITICAL uses Opus + 4 validators = expensive
- Add NOT CRITICAL examples: refactoring, types, tests, code
organization

## Test plan
- [x] JSON syntax valid
- [x] All tests pass
- [ ] Test planner produces flat steps (manual)
- [ ] Test conductor classifies refactors as STANDARD (manual)
- [ ] Test worker executes instead of reporting (manual)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
## Problem

The adversarial-tester validator caused 21-minute Claude API calls that
ended with `No messages returned` errors when validating large
implementations (197+ routes).

**Incident:** Cluster `rushing-sphinx-39` crashed at 15:41:57 with:
```
Error: No messages returned
    at aAB (/$bunfs/root/claude:5327:813)
```

**Root cause:** Prompt too large for Claude API context window.

## Solution

Removed adversarial-tester agent definition from full-workflow.json
(lines 580-705).

**New validator lineup:**
- validator-requirements (always)
- validator-code (validator_count >= 2)
- validator-security (validator_count >= 3)
- validator-tester (validator_count >= 4)

**With default validator_count=2:**
- 4 agents total: planner, worker, validator-requirements,
validator-code
- Down from 5 agents (removed adversarial-tester)

## Verification

- ✅ Template validation passed
- ✅ JSON structure valid
- ✅ All 6 remaining agents present
- ✅ Pre-commit hooks passed (prettier, typecheck, template validation)
Add single-session execution scope constraint to planner
Branch protection requires PRs, but semantic-release git plugin pushes
directly. Remove it - npm publish and GitHub release still work.

---------

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
Co-authored-by: Eivind Meyer <eivind.meyer@ksat.no>
Co-authored-by: Michael Eichelbeck <141341133+mkceichelbeck@users.noreply.github.com>
Co-authored-by: tomdps <tom.dupuis24@gmail.com>
Co-authored-by: tomdps <60640908+tomdps@users.noreply.github.com>
Co-authored-by: Michael Eichelbeck <michael.eichelbeck.ext@wtsde.onmicrosoft.de>
…rt (#116)

Updates the README announcement to highlight:
- OpenCode CLI support
- Multi-platform issue backends (GitHub, GitLab, Jira, Azure DevOps)
Removes 'mix providers in multi-agent workflows' claim - technically
supported but not practically used or tested.
Resolves conflicts between main and dev, keeps fixed provider claim

---------

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
Co-authored-by: Eivind Meyer <eivind.meyer@ksat.no>
Co-authored-by: Michael Eichelbeck <141341133+mkceichelbeck@users.noreply.github.com>
Co-authored-by: tomdps <tom.dupuis24@gmail.com>
Co-authored-by: tomdps <60640908+tomdps@users.noreply.github.com>
Co-authored-by: Michael Eichelbeck <michael.eichelbeck.ext@wtsde.onmicrosoft.de>
## Summary
- add context metrics helper and emit JSON metrics with truncation
tracking
- refactor context builder to compute section breakdowns without
changing prompt output
- add unit + integration tests for context metrics and ledger emission

## Testing
- npm run lint (warnings only, existing)
- npm run typecheck
- npm run test:all (fails in this environment: existing suite failures +
env issues; ran before fixing the new integration test)
- npx mocha --no-config tests/integration/context-metrics.test.js
--timeout 180000
Closes #128.

## Summary
- Implement context source selection semantics (latest/oldest/all) with
amount/limit handling and updated validation.
- Apply the same selection logic to sub-cluster parent topic selection
and templates.
- Fix PR-mode completion for git-pusher, output extraction, and
orchestrator storage dir handling.
- Avoid blessed-contrib picture widget import in TUI layouts to prevent
Node 20 MemoryReadableStream crash.
- Add/adjust tests for new selection behavior and template expectations.

## Testing
- npm test
- npm run lint (warnings only)
## Summary
- replace legacy truncation with context pack budgeting
- add pack metrics + priority/compact validation
- update templates and add tests for pack behavior

## Testing
- npm run lint
- npm run test:all

Fixes #131
## Summary
- add state snapshot builder and publisher with durable STATE_SNAPSHOT
updates
- wire snapshotter into orchestrator start/load/resume and stop/kill
paths
- update base templates/context validation and add tests

## Testing
- npm run lint
- npm run test:all
## Summary
- document context selection, packs, state snapshot, and metrics with
Mermaid diagrams
- align contextStrategy sources to explicit latest semantics and add
STATE_SNAPSHOT for debug investigator
- update contributor example and link new docs

## Testing
- npm run lint (warnings only)
- npm run test:all
- npm run validate:templates
- npm run typecheck (pre-commit hook)
## Summary
- only apply provider override when explicitly set (CLI flag/env)
- add unit test covering provider override resolution

## Testing
- npx mocha tests/unit/cli-provider-override.test.js

Fixes #140
## Summary
- detect platform-mismatch CANNOT_VALIDATE results and retry validators
in docker isolation
- skip platform-mismatch reasons when validator runs in docker
- add platform mismatch detection tests

## Testing
- npm run lint
- npm run test

Fixes #142
)

## Summary
- Bump codex provider reasoning effort levels for better quality on
complex tasks
- level1: low → medium
- level2: medium → high  
- level3: high → xhigh

The `xhigh` reasoning effort allows the model to think longer for better
answers on complex tasks.

## Test plan
- [x] Existing tests pass (reasoning effort validation allows all four
values)
- [ ] Manual test with `zeroshot run --provider codex` to verify xhigh
is passed correctly

🤖 Generated with [Claude Code](https://claude.com/claude-code)

---------

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
## Summary
- fail fast on Windows in preflight with clear guidance
- document Windows deferral rationale in README

## Testing
- npm run typecheck
- npm run validate:templates
- npm run lint (warnings only)
## Summary\n- load persisted clusters before CLI resume fallback to
task\n- add unit test to guard resume loading\n\n## Testing\n- npx mocha
tests/unit/cli-resume-loads-clusters.test.js\n\nFixes #103
## Summary\n- detect "No messages returned" from Claude CLI in task
watchers, terminate the child, and mark the task failed\n- surface the
error in agent error context and grant a one-time retry for this
transient failure\n- add unit coverage for fatal error detection\n\n##
Testing\n- `npx mocha tests/unit/claude-fatal-error-detection.test.js`
(failed: mocha picked up the full suite due to .mocharc; failures
include missing better-sqlite3 and existing test failures in this
environment)
Adds PRD and multi-stage implementation plan for the Ink-based Zeroshot
TUI replacement.

Docs:
- docs/tui-v2/PRD.md
- docs/tui-v2/IMPLEMENTATION_PLAN.md
## Summary\n- log detailed diagnostics when Claude CLI returns "No
messages returned"\n- include latest Claude debug file path + tail,
status output tail, and task metadata\n\n## Testing\n- pre-commit hooks
(eslint/prettier, typecheck, template validation)\n- pre-push lint +
typecheck
…160)

## Summary

The `validator-requirements` agent was crashing with
`error_max_structured_output_retries` because its JSON schema was too
complex for Claude CLI's `--json-schema` structured output feature.

**Root cause:** The nested `criteriaResults` array (objects with nested
`evidence` object and enum constraints) was too hard for the model to
produce reliably. After 5 internal retries, the CLI threw the error.

**Fix:** Make `criteriaResults` optional (removed from `required` array)
in both:
- `full-workflow.json`
- `quick-validation.json`

This means:
- `approved` and `summary` are still required (model produces these
correctly)
- `criteriaResults` becomes best-effort (produced when model can,
gracefully omitted when not)
- Downstream consumers already handle missing/partial `criteriaResults`

Fixes #159

## Test plan
- [x] Validated templates pass (`npm run validate:templates`)
- [ ] Re-run a STANDARD task to verify validator-requirements completes
without crashing

---
🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
## Summary
- Provider-level retryable error detection (Anthropic, OpenAI, Google)
- Orchestrator robustness improvements with proper error propagation
- Agent lifecycle improvements with better state management
- TUI renderer enhancements for error visibility
- Settings handling improvements

## Test plan
- [x] Unit tests for provider retryable errors
- [x] Orchestrator tests for error scenarios

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
## Summary
- avoid treating "Task not found"/"Process terminated" substrings inside
JSON logs as fatal
- only treat standalone fatal lines as no-output
- add output-extraction unit tests for fatal-string handling

## Testing
- npm test

Fixes #165
EivMeyer and others added 18 commits July 8, 2026 21:03
…nt from runtime output (#554)

Closes #545

Co-authored-by: Eivind <eivindcovibes.ai@Eivinds-MacBook-Pro.local>
…oid shell-quoting breakage (#555)

Closes #546

Co-authored-by: Eivind <eivindcovibes.ai@Eivinds-MacBook-Pro.local>
…rowing (#162) (#558)

## Problem
`zeroshot logs <cluster>` crashed with `Level "level1" is below minLevel
"level3" for provider "claude"` when the claude provider was clamped to
a single level (min=max=level3). Stock templates pin agents at
level1/level2, and read-only commands resolve model specs for display,
so the guardrail turned into a hard crash.

## Root cause
`base-provider.js#validateLevel` **threw** when a template-pinned level
fell outside [minLevel, maxLevel]. But those are the user's
floor/ceiling cost guardrails, not hard constraints.

## Fix
Clamp an out-of-range level into [minLevel, maxLevel] (below floor →
minLevel, above ceiling → maxLevel). Invalid level keys and minLevel >
maxLevel still throw. Left config-validator strict (it validates
user-entered settings coherence).

## Tests
New `tests/provider-level-clamp.test.js` (6 cases). Adjacent settings
suites pass; lint clean.

Closes #162

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-authored-by: Eivind <eivindcovibes.ai@Eivinds-MacBook-Pro.local>
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
…may no-op, leaving ports bound) (#560)

Closes #551

Co-authored-by: Eivind <eivindcovibes.ai@Eivinds-MacBook-Pro.local>
…rd null-issue crash, add tests (hardening #548) (#561)

Closes #557

Co-authored-by: Eivind <eivindcovibes.ai@Eivinds-MacBook-Pro.local>
…ws (fix: windowsHide: true) (#562)

Closes #459

Co-authored-by: Eivind <eivindcovibes.ai@Eivinds-MacBook-Pro.local>
#563)

Closes #157

Co-authored-by: Eivind <eivindcovibes.ai@Eivinds-MacBook-Pro.local>
…ng catalog on every commit (#569)

Closes #566

Co-authored-by: Eivind <eivindcovibes.ai@Eivinds-MacBook-Pro.local>
…` and `status`, not just the launch line (#570)

Closes #565

Co-authored-by: Eivind <eivindcovibes.ai@Eivinds-MacBook-Pro.local>
…a phantom `failed` cluster (#572)

Closes #564

Co-authored-by: Eivind <eivindcovibes.ai@Eivinds-MacBook-Pro.local>
… clusters (phantom failed/msgs=0, WAL read race) (#573)

Closes #556

Co-authored-by: Eivind <eivindcovibes.ai@Eivinds-MacBook-Pro.local>
Closes #452

---------

Co-authored-by: Eivind <eivindcovibes.ai@Eivinds-MacBook-Pro.local>
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
…ovision into runs), auto-prefer when sole tracker, auto linearTeam (#574)

Closes #571

Co-authored-by: Eivind <eivindcovibes.ai@Eivinds-MacBook-Pro.local>
…RunInput has no linear.app pattern (duplicates provider detection) (#577)

Closes #575

Co-authored-by: Eivind <eivindcovibes.ai@Eivinds-MacBook-Pro.local>
Fixes #567\n\n- Select recent printable history messages before applying
the logs limit.\n- Render replayed agent output result events and raw
printable fallback lines.\n- Add regression coverage for noisy tails and
historical Codex AGENT_OUTPUT.

Co-authored-by: Zeroshot Agent <agent@covibes.ai>
…, drop dead ZEROSHOT_MERGE, doc server-side auto-merge (#580)

Closes #579

Co-authored-by: Eivind <eivindcovibes.ai@Eivinds-MacBook-Pro.local>
Fix review-mode PR safety and package the hook scripts that isolated
agents need at runtime.

Problem:
- `--pr` review mode had tests for prompt text, but not enough
release-grade coverage around repo `github.autoMerge=true`, over-eager
agent output, and package contents.
- `npm pack --dry-run` exposed a real packaging/runtime mismatch:
runtime copied hooks from `hooks/`, while the tracked scripts live in
`cluster-hooks/`, so packaged installs could miss the AskUserQuestion
and dangerous-git hook scripts.

Approach:
- Treat a merged PR as a verification failure when `autoMerge=false`;
review mode means the PR must be left open for human review.
- Copy hook scripts from `cluster-hooks/` and publish that directory in
the npm package.
- Add package smoke, stdin process-boundary, Keychain overlay, PR-mode
precedence, and hook verification coverage.

Verification:
- `npm test` → 1390 passing, 16 pending; known better-sqlite3 cleanup
crash ignored by the repo test wrapper.
- `npm run check:agent-cli-provider:ci` → 58 passing.
- `npm run lint` → 0 errors, existing warnings only.
- Packed tarball install smoke: installed from `npm pack` into a temp
prefix, ran `zeroshot --help`, `zeroshot run --help`, and verified the
PATH warning export line.
- macOS Keychain smoke: materialized Claude OAuth credentials into a
temp isolated config with mode `600` without printing secrets.

---------

Co-authored-by: Eivind <eivindcovibes.ai@Eivinds-MacBook-Pro.local>
Problem
Worktree cleanup previously deleted host Compose volumes when a repo
pinned the Compose project name. The fix is merged, but the completed
--pr/--ship cleanup path should directly prove it will not touch
pinned/shared projects.

Approach
Add direct IsolationManager.removeWorktree() coverage for the two
shared-project cases: top-level compose name and COMPOSE_PROJECT_NAME.
Refresh the test header so the data-loss safety contract is explicit for
future maintainers.

Verification
<details><summary>Focused test output</summary>

npm test -- tests/compose-utils.test.js
tests/worktree-compose-cleanup.test.js

17 passing

</details>

Push hook also ran lint and typecheck. Lint reported existing warnings
only.

Co-authored-by: Eivind <eivindcovibes.ai@Eivinds-MacBook-Pro.local>
@tomdps
tomdps enabled auto-merge July 9, 2026 01:52
tomdps and others added 2 commits July 9, 2026 01:58
Merges `main` (v6.2.0) back into `dev` to resolve the divergence created
by squash-merge release promotions, unblocking the release PR #585.

Conflict resolution (all in favor of dev, which is a content superset of
main):
- `README.md`: kept dev's unified README rewrite (#535#537), which
already documents cmdproof and quality gates in condensed form
- `cli/index.js`: kept dev's PATH-check feature (#552)
- `src/orchestrator.js`: dropped a duplicated cmdproof block the
auto-merge introduced (took dev's version verbatim)

The resulting tree is byte-identical to current `dev` — this merge
changes no content, only graph ancestry. Lint passes (0 errors) and the
full test suite passes locally (1392 tests).

🤖 Generated with [Claude Code](https://claude.com/claude-code)

---------

Co-authored-by: Eivind Meyer <eiv.meyer@gmail.com>
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
Co-authored-by: Eivind Meyer <eivind.meyer@ksat.no>
Co-authored-by: Michael Eichelbeck <141341133+mkceichelbeck@users.noreply.github.com>
Co-authored-by: Michael Eichelbeck <michael.eichelbeck.ext@wtsde.onmicrosoft.de>
Co-authored-by: Ubuntu <ubuntu@ip-172-31-38-53.eu-north-1.compute.internal>
Co-authored-by: Eivind <eivind@covibes.ai>
Co-authored-by: CI Test <ci-test@covibes.ai>
Co-authored-by: Codex <codex@example.com>
Co-authored-by: Atharv Singh <132380045+atharvwasthere@users.noreply.github.com>
Merge origin/main (v6.2.0) into dev with dev's tree taken verbatim
(dev is a content superset of main; PR #586 synced content but was
squashed, losing ancestry). This commit changes no content - it only
records main as an ancestor of dev so release PRs compute a clean
merge-base.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
chore(release): restore main ancestry into dev
Comment on lines +141 to +144
headers: {
'Content-Type': 'application/json',
Authorization: apiKey,
},
@tomdps
tomdps added this pull request to the merge queue Jul 9, 2026
Merged via the queue into main with commit bfe4bc2 Jul 9, 2026
12 checks passed
@github-actions

github-actions Bot commented Jul 9, 2026

Copy link
Copy Markdown

🎉 This PR is included in version 6.3.0 🎉

The release is available on:

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

6 participants