fix(security): fix file_tools.py validate_path startswith bypass #7478 #11245

Closed

HAL9000 wants to merge 3 commits from fix-file-tools-path-validation into master

pull from: fix-file-tools-path-validation

merge into: cleveragents:master

cleveragents:master

cleveragents:fix/retry-policy-model-missing-fields

cleveragents:fix/plan-explain-rich-output-panels

cleveragents:fix/boundary-cost-budget-warning-re-trigger-7525

cleveragents:feat/plan-correction-8531

cleveragents:fix/1500-impl

cleveragents:fix/1422-docs

cleveragents:feat/issue-6369-actor-context-show

cleveragents:spec/resource-type-yaml-format-canonical-5622

cleveragents:fix/v370/tui-shell-async

cleveragents:bugfix/tui-actor-overlay-render-shadow

cleveragents:improvement/agent-arch-guard-clone-failure

cleveragents:feat/v3.6.0/scope-chain-assembler-integration

cleveragents:fix/action-archive-output-panels

cleveragents:feat/v3.6.0/context-policy-strategy-config

cleveragents:docs/add-example-audit-log-and-security

cleveragents:fix/invariant-service-action-scope-effective

cleveragents:feat/acms-cli-context-add

cleveragents:pr-fix-11196

cleveragents:security/relpath-containment-fallback

cleveragents:feat/invariant-enforcement-validation-pipeline

cleveragents:bugfix/session-export-format-flag

cleveragents:feature/issue-4748-actor-context-list-show-clear

cleveragents:fix/invariant-database-persistence

cleveragents:feat/v3.3.0-merge-conflict-detection

cleveragents:feature/extract-cleveractors-library

cleveragents:feature/9827-wrap-plan-status-json-envelope

cleveragents:pr/9234-hardening-bdd-tags

cleveragents:bugfix/m8-shell-safety-service-integration

cleveragents:test/ci-execution-time-optimize-benchmark-regression

cleveragents:docs/v360/align-depth-reduction-devcontainer

cleveragents:feat/v3.3.0-plan-correct-revert-append

cleveragents:feat/9088-a2a-message-send-stream

cleveragents:fix/plan-status-json-envelope

cleveragents:fix/issue-6500-actor-context-list-regex

cleveragents:fix/issue-6452-session-tell-output

cleveragents:fix/session-tell-stub-missing-panels-and-actor-execution

cleveragents:fix/a2a-plan-execute-full-lifecycle

cleveragents:fix/a2a-dispatch-not-found-error-response

cleveragents:fix/1469-impl

cleveragents:fix/concurrency-catalog-cache-lock-7590

cleveragents:issue-1-conversation-state

cleveragents:fix/validation-list-command

cleveragents:fix/invariant-set-merge-action-scope

cleveragents:pr-fix-7478-startswith-bypass

cleveragents:fix/v370/shell-safety-regex

cleveragents:fix/config-service-remove-undocumented-local-scope

cleveragents:feat/m8/tui-main-screen

cleveragents:fix-11175

cleveragents:feature/7926-persist-decision-dependencies

cleveragents:feature/issue-1923-missing-test-levels-core-module

cleveragents:task/ci-optimize-e2e-tests-execution-time

cleveragents:fix-8640-remove-positional-name

cleveragents:test/v3.8.0-ci-quality-execution-time

cleveragents:fix-sandbox-cache-invalidation

cleveragents:feature/m9-container-lifecycle

cleveragents:fix/invariant-scope-handling

cleveragents:feat/v3.6.0/semantic-context-strategy

cleveragents:pr_fix_8675_switch_project_command

cleveragents:feat/v3.6.0/ollama-mistral-providers

cleveragents:chore/ci-dockerfile-server-security-scan

cleveragents:feat/v3.4.0/acms-context-policy

cleveragents:bugfix/m3-invariant-service-thread-safety

cleveragents:fix/10592-pr-compliance

cleveragents:feat/v3.4.0-acms-budget-enforcement

cleveragents:fix/issue-11047-actor-add-remove-positional-name

cleveragents:feature/m9-a2a-jsonrpc

cleveragents:fix/issue-7604-a2a-event-queue-concurrency

cleveragents:docs/v3.8.0-api-and-module-guides

cleveragents:fix/1443-tier-defaults

cleveragents:fix/tui-bindings-block-cursor-navigation

cleveragents:bugfix/8660-move-namespace-filter-inside-lock

cleveragents:feature/9250-fix-a2a-session-close

cleveragents:pr/9817-plan-apply-json-envelope

cleveragents:feature/pr-9599-plan-correct-correction-engine

cleveragents:bugfix/report-number-of-actors

cleveragents:fix/validation-swap-8177

cleveragents:fix/11041-plan-tree-envelope

cleveragents:tdd/mcp-client-timer-cancel-race

cleveragents:fix/issue-10496-auto-debug-state-mutation

cleveragents:feat/issue-6350-conversation-content-pruning

cleveragents:fix/issue-10503-session-export-json-stdout

cleveragents:feat/issue-6361-shell-safety-service-tui

cleveragents:fix/quality-gates-click82-compat

cleveragents:pr_fix/8209

cleveragents:test/v3.6.0/a2a-rename-regression-tests

cleveragents:docs/session-4615-2026-04-08-cycle1

cleveragents:feat/acms-context-policy-configuration-schema

cleveragents:feat/v360/pluggable-scope-chain-api

cleveragents:fix/issue-6344-plan-execute-rich-output

cleveragents:spec/auto-arch-21-v350-autonomy-hardening

cleveragents:feature/m694-tui-materializer-a2a-integration-layer

cleveragents:feat/v360/cloud-resource-types

cleveragents:spec/checkpoint-trigger-names-and-config-key-fix

cleveragents:feat/tui-v370/tui-materializer

cleveragents:bugfix/m2-plan-explain-alternatives-format

cleveragents:feature/issue-10744-fix-tui-convert-permissionsscreen-from-static-widget-to-proper-textual-screen-subclass

cleveragents:feat/context-priority-strategy

cleveragents:fix/1444-access-type

cleveragents:pr/10589-tui-materializer

cleveragents:feat/v360/plugin-cli-discovery

cleveragents:feat/v3.6.0/adaptive-context-selector

cleveragents:feature/acp-a2a-rename-fix

cleveragents:feature/m39-timeline-day106-cycle2-2026-04-16

cleveragents:pr-fix-11012-pyyaml-upgrade

cleveragents:task/ci-centralize-tool-versions

cleveragents:fix/10496-auto-debug-node-state-mutation

cleveragents:fix/10480-validation-bypass-fix

cleveragents:fix/stdlib-transport-cleanup

cleveragents:pr-fix-10986

cleveragents:fix-pr-4211

cleveragents:fix/gemini-fallback-order-10906

cleveragents:pr-fix-10746

cleveragents:feature/issue-9442-fix-tui-correct-preset-cycling-keybinding-to-ctrl-tab-and-add-persona-tab-cycling

cleveragents:fix/gemini-fallback-order-fix-3

cleveragents:pr-9817-plan-apply-json

cleveragents:bugfix/m3.6.0-lsp-discovery-resource-exhaustion-dos

cleveragents:chore/test-infra-broad-exception-lint

cleveragents:feat/v3.6.0/cost-reporting-cli

cleveragents:test/v360/e2e-project-plan-correction

cleveragents:bugfix/validation-attach-named-option-format

cleveragents:bugfix/m3.6.0-ci-pipeline-flakiness-stabilization

cleveragents:m7-opencode-ruff

cleveragents:feature/issue-10746-fix-agents-graphs-plan-generation-validate-always-passes-for-code-longer-than-10-characters-making-llm-validation-ineffective

cleveragents:feat/issue-10921-a2a-http-transport

cleveragents:bugfix/m3-issue-9055

cleveragents:8660-move-namespace-filter-inside-lock

cleveragents:fix/issue-6331-invariant-add-scope

cleveragents:fix/cli-session-tell-format-flag

cleveragents:fix/9222-guard-integration-e2e-jobs

cleveragents:feature/auto-debug-nodes

cleveragents:fix/8179-remove-session-rollback-calls

cleveragents:feat/a2a-stdio-transport-fix-264

cleveragents:pr-fix-7801

cleveragents:fix-plan-status-envelope-11034

cleveragents:feat/v3.4.0-context-list-add-cli

cleveragents:feat/context-strategy-plugin-system

cleveragents:fix/tui-bindings-reload-settings

cleveragents:fix/pr-10027-acms-default-pipeline

cleveragents:feat/v3.6.0-context-strategy-protocol

cleveragents:feat/plan-correct-revert-append-modes

cleveragents:fix/uat-checkpoint-prune-test-isolation

cleveragents:fix/7527-sandbox-cache-invalidation

cleveragents:feature/issue-10820-chore-agents-fix-bug-hunt-pool-supervisor-tracking-prefix-auto-bug-pool-to-auto-bug-sup-complete-fix

cleveragents:feature/issue-3105-add-mandatory-labels-to-supervisor-tracking-issue-creation

cleveragents:feature/m6-sandbox-correction-invariant-docs

cleveragents:feature/issue-7957-bug-hunt-pool-supervisor-tracking-prefix

cleveragents:fix/v360/scope-chain-resolver-registration

cleveragents:feat/v370/tui-rebase-merge

cleveragents:feat/tui-v370/persona-registry

cleveragents:feat/v3.2.0-decision-recording-persistence

cleveragents:feat/v3.2.0-invariant-data-model-db-schema

cleveragents:feat/v370/tui-settings-sessions-screens

cleveragents:pr_fix/lsp-transport-subprocess-cleanup

cleveragents:fix/events-eventbus-unsubscribe

cleveragents:bugfix/m3-wf18-oom-sigkill

cleveragents:bugfix/m6-acms-path-matching-absolute

cleveragents:timeline/day-104-2026-04-14-auto-time-2

cleveragents:fix/v370/tui-session-persistence

cleveragents:agents/fix-10866-permissions-screen-to-textual-screen

cleveragents:feature/m7-timeline-day-106-update

cleveragents:bugfix/m6-gemini-fallback-order

cleveragents:fix/cleanup-service-sandbox-cache-invalidation

cleveragents:feat/acms-hot-storage-tier-lru-cache

cleveragents:bugfix/9558-plan-conflict-detection

cleveragents:bugfix/m3.6.0-lsp-transport-header-injection-ascii

cleveragents:feat/v370/tui-session-persistence

cleveragents:fix/invariant-service-thread-safety

cleveragents:pr-fix-7527-cache-invalidation

cleveragents:fix/pr-10890-shell-safety-integration

cleveragents:pr-fix-11170

cleveragents:fix/invariant-add-scope

cleveragents:pr-fix-8179-implementation

cleveragents:fix/concurrency-catalog-cache-lock-7590-cleandiff

cleveragents:fix/v360/resource-kind-field

cleveragents:fix/v370/tui-materializer-a2a

cleveragents:feat/v3.4.0-acms-storage-tiers

cleveragents:feat/ci-guard-llm-secrets

cleveragents:docs/add-showcase-cli-basics

cleveragents:fix/file-tools-startswith-bypass

cleveragents:fix-invalidate-sandbox-dirs-cache-after-purge-7527

cleveragents:feature/issue-5163-align-checkpoint-trigger-names

cleveragents:feature/m9-agent-card

cleveragents:cleveragents-pr-fix-11038

cleveragents:fix/actor-add-update-enforcement-fix

cleveragents:fix/10480-validate-logic-error

cleveragents:feat/v370/tui-web-mode

cleveragents:pr-fix-11002-validate-path-bypass

cleveragents:pr-fix-7478-validatepath

cleveragents:fix/isolate-checkpoint-prune-test

cleveragents:fix/issue-10813-strategize-decision-persistence

cleveragents:bugfix/9981-acms-indexing-optimize

cleveragents:feat/tui-v370/persona-registry-merge-v2

cleveragents:fix/plan-tree-color-format-ansi-output

cleveragents:auto-arch/spec-pr-10451-test-coverage

cleveragents:fix/10881-propagate-invariants-to-child-plans

cleveragents:bugfix/m7-audit-session-race

cleveragents:fix/sse-formatter-json-rpc-2.0

cleveragents:task/v3.8.0-ci-reusable-workflows

cleveragents:improvement/agent-ca-test-infra-improver-duplicate-avoidance

cleveragents:improvement/agent-label-compliance

cleveragents:feature/m9-timeline-day-99

cleveragents:docs/changelog-unreleased-cycle7

cleveragents:fix/issue-6316-session-list-json-empty-case

cleveragents:fix/issue-6425-tui-persona-cycling-keybinding

cleveragents:improvement/agent-evolution-pool-supervisor-pr-metadata

cleveragents:fix/project-switch-command

cleveragents:feat/v3.3.0-checkpoint-creation

cleveragents:fix/invariant-merge-action-scope

cleveragents:fix/tui-keybinding-preset-persona-cycling

cleveragents:auto-arch/spec-clarifications-cycle-1

cleveragents:feat/v360/plugin-architecture

cleveragents:feature/m39-auto-arch-23-minor-clarifications

cleveragents:feature/issue-4663-day-97-schedule-adherence-update

cleveragents:feature/issue-4221-docs-add-showcase-example-for-audit-log-and-security-commands

cleveragents:feature/issue-4381-docs-api-and-module-guides

cleveragents:feature/issue-10846-optimize-benchmark-regression-test-suite

cleveragents:bugfix/m3-session-tell-format

cleveragents:bugfix/m3-eventbus-unsubscribe

cleveragents:bugfix/m6-session-delete-format-json-envelope

cleveragents:bugfix/m6-plan-execute-rich-output

cleveragents:feature/issue-4749-split-monolithic-specification

cleveragents:feat/jwt-token-refresh

cleveragents:feat/agent-card-discovery

cleveragents:feature/pr-10916-close-reactive-event-bus

cleveragents:feature/m9-v3.8.0-v3.9.0-documentation

cleveragents:fix/10934-preserve-strategy-decisions-json

cleveragents:test/uko-persistence-coverage

cleveragents:feature/1915-timezone-aware-datetime

cleveragents:fix-gemini-fallback-order-10906

cleveragents:feat/context-show-cli-commands

cleveragents:pr-fix-10593

cleveragents:fix/plan-lifecycle-prompt-decision

cleveragents:pr/9451-fix-tui-thinking-effort-presets

cleveragents:fix/issue-pr-11002

cleveragents:fix/1514-structured-panels

cleveragents:pr-8177-validation-fix

cleveragents:fix-pr-10975-path-matching-normalize

cleveragents:pr-fix-6722-prompt-symbol

cleveragents:pr_fix_8256

cleveragents:pr_fix_8179

cleveragents:fix/pr-11004-tui-token-extraction

cleveragents:fix/9250-session-id-validation-handle-session-close

cleveragents:add-plan-start-alias

cleveragents:pr/fix-9183-bdd-tags

cleveragents:fix/pr-11050-subprocess-cleanup

cleveragents:fix/pyyaml-security-upgrade

cleveragents:pr/11029-review-started-notification

cleveragents:feat/adr-049-layer-boundary-enforcement

cleveragents:fix-lsp-subprocess-cleanup-10597

cleveragents:bugfix/11077-security-escape-bypass

cleveragents:bugfix/10608-lsp-header-injection

cleveragents:bugfix/9608-three-way-merge-engine

cleveragents:fix/8284-warned-sessions-reset

cleveragents:bugfix/9673-acms-budget-enforcement

cleveragents:fix/trailing-comma-opencode-json

cleveragents:bugfix/context-remove-path-traversal-10924

cleveragents:feature-10887-eventbus-unsubscribe

cleveragents:bugfix/mcp-race-condition-start

cleveragents:feature/issue-10952-provider-integration-tests

cleveragents:feature/issue-1925-add-asv-tests-for-domain-module

cleveragents:bugfix/m8-tui-on-input-changed

cleveragents:feature/1928-add-test-coverage-for-tui-module

cleveragents:task/ci-actor-context-mgmt-test-optimization

cleveragents:bugfix/m8-suggestions-query-extraction

cleveragents:fix/v370/quality-gates-command-injection

cleveragents:fix/multi-scope-skill-discovery-9369

cleveragents:fix/issue-7524-invariant-service-thread-safety-v2

cleveragents:bugfix/m3-langgraph-disposables

cleveragents:pr1482

cleveragents:tdd/m8-tui-sqlite-session-persistence

cleveragents:feature/m6-4213-resource-skill-showcase

cleveragents:tdd/mN-registry-thread-safety

cleveragents:feat/v3.3.0-parallel-subplan-scheduler

cleveragents:refactor/auto-guard-1-cli-a2a-boundary

cleveragents:feat/v3.3.0-plan-rollback-cli

cleveragents:feat/context-semantic-chunking-strategy

cleveragents:feat/resources-extension-interface

cleveragents:feature/m9-langgraph-platform

cleveragents:bugfix/m5-validation-attach-output-format

cleveragents:fix/tui-permissions-screen-wrong-base-class

cleveragents:feature/m3111-milestone-based-pr-prioritization

cleveragents:feat/acms-index-data-model

cleveragents:feat/acms-cli-context-show-clear

cleveragents:feat/context-sliding-window-strategy

cleveragents:feat/acms-scope-resolution-context-inheritance

cleveragents:feat/acms-core-pipeline-components

cleveragents:tdd/issue-10413-dollar-prefix-shell-mode

cleveragents:ci/cache-helm-binary-auto-inf-1

cleveragents:fix/issue-10485-fallback-selector-budget-limits

cleveragents:bugfix/m8-set-active-persona-preset-reset

cleveragents:bugfix/mN-registry-thread-safety

cleveragents:docs/v360/cli-version-info-diagnostics

cleveragents:test/v3.6.0/advanced-context-strategies-tests

cleveragents:fix/issue-6464-resource-add-auto-discovery

cleveragents:docs/v360/repl-actor-run-showcase

cleveragents:feat/v360/openrouter-provider

cleveragents:fix/v360/context-strategy-unification

cleveragents:fix/v360/compute-actor-impact-exceptions

cleveragents:docs/v360/actor-removal-impact

cleveragents:bugfix/project-show-resource-name

cleveragents:feat/v3.6.0/context-relevance-scoring

cleveragents:feat/v3.6.0/safety-profile-enforcement

cleveragents:refactor/v360/unify-service-initialization

cleveragents:refactor/v360/unify-error-handling-cli

cleveragents:refactor/v360/unify-api-naming

cleveragents:fix/v360/lsp-path-traversal-file-reading

cleveragents:fix/v360/resource-type-cycle-detection

cleveragents:refactor/v360/audit-rename-acp-imports

cleveragents:bugfix/m3.6.0-lsp-server-dos-message-read-timeout

cleveragents:refactor/clarify-behave-robot-framework-roles

cleveragents:fix/v360/lsp-env-var-injection

cleveragents:fix/v360/plugin-state-executing

cleveragents:feat/v360/anthropic-gemini-backends

cleveragents:refactor/auto-guard-1-address-todo-fixme-comments

cleveragents:fix/v360/remove-acp-module

cleveragents:fix/v360/llm-trace-latency-type

cleveragents:fix/v360/lsp-runtime-instantiation

cleveragents:refactor/v360/decouple-cli-services

cleveragents:feat/v3.6.0/cost-tracker

cleveragents:test/v360/e2e-a2a-context-management

cleveragents:feat/v3.6.0-virtual-resource-types

cleveragents:feat/v360/cost-session-budget

cleveragents:bugfix/m3.6.0-lsp-transport-resource-leak

cleveragents:auto-docs-1-mkdocs-setup

cleveragents:fix/m2-acceptance-test

cleveragents:docs/auto-docs-8-a2a-rename-documentation

cleveragents:feat/v3.6.0-llm-provider-abstraction

cleveragents:perf/acms-large-project-indexing-optimization

cleveragents:docs/timeline-day-107-2026-04-17

cleveragents:improvement/agent-test-infra-health-spam-fix-v2

cleveragents:auto-time/timeline-update-2026-04-18

cleveragents:docs/v3.6.0-v3.7.0-updates

cleveragents:fix/issue-6319-project-context-set-output

cleveragents:feat/v3.3.0-three-way-merge-engine

cleveragents:fix-orchestrator-scaling-32-workers

cleveragents:docs/auto-docs-2-v320-v330-features

cleveragents:feat/pure-graph-bdd-coverage

cleveragents:fix/plan-apply-json-envelope

cleveragents:feat/v3.3.0-merge-strategy-config

cleveragents:fix/project-show-missing-panels

cleveragents:test/cli-lifecycle-e2e-full-plan-lifecycle

cleveragents:timeline/day-105-2026-04-15-auto-time-1-v2

cleveragents:controller-coverage-optimization

cleveragents:feat/v3.4.0-context-show-clear-cli

cleveragents:fix/plan-status-missing-output-panels

cleveragents:auto-inf-3-consolidate-behave-fixtures

cleveragents:fix/plan-artifacts-missing-validation-apply-summary

cleveragents:fix/plan-lifecycle-service-rollback-method

cleveragents:fix/plan-prompt-json-timing-started

cleveragents:timeline/day-104-2026-04-14-auto-time-1

cleveragents:docs/timeline-day-97

cleveragents:fix/context-analysis-agent-path-traversal

cleveragents:improvement/agent-pr-self-reviewer-blocking-vs-nonblocking

cleveragents:fix/agent-task-list-memory-leak

cleveragents:fix/1473-plan-cancel

cleveragents:auto-arch-14/spec-anonymous-tool-enforcement

cleveragents:fix/a2a-facade-optional-param-validation

cleveragents:docs/reference-glossary

cleveragents:fix/invariant-precedence-chain-action-scope

cleveragents:refactor/agent-configurable-limits-context-analysis-plan-generation

cleveragents:feat/v3.2.0-plan-tree-cli

cleveragents:feat/m6/devcontainer-clone-into-sandbox

cleveragents:spec/subplan-system-v3.3.0

cleveragents:test/plan-tree-correction-visual-tdd

cleveragents:fix/action-schema-argument-default-type-validation

cleveragents:ci-quiet-logs

cleveragents:fix/action-schema-env-var-exfiltration

cleveragents:fix/plan-tree-json-missing-decision-id

cleveragents:fix/auto-debug-agent-prompt-injection

cleveragents:feat/output-renderer-registry

cleveragents:fix/issue-9124-add-bdd-tags

cleveragents:test/cli-docstring-example-validation

cleveragents:refactor/add-return-type-get-services

cleveragents:feature/aws-cloud-handler-sdk

cleveragents:test/plan-correct-json-output-tdd

cleveragents:fix/plan-start-spec-alignment

cleveragents:issue-7502-fix-get-for-plan

cleveragents:bugfix/6879-cli-format-option

cleveragents:fix/7566-engine-cache-toctou-race

cleveragents:fix/7927-apply-phase-dod-gating

cleveragents:fix/actor-loader-list-actors-race-condition

cleveragents:fix/issue-7623-validation-pipeline-stdout

cleveragents:spec/add-deleted-at-field-to-project-delete

cleveragents:bugfix/m3-error-handling-fileconfig-unhandled-exception

cleveragents:feat/automation-profile-precedence-chain

cleveragents:fix/auto-rev-sup-tracking-prefix

cleveragents:feat/issue-6450-tui-escape-cascade

cleveragents:fix/config-get-output-missing-origin-panel-and-envelope

cleveragents:coverage-engine-master-port

cleveragents:improvement/agent-uat-tester-parallel-docs-pr-fix

cleveragents:fix/project-service-namespaced-project

cleveragents:fix/issue-6441-session-create-json-output

cleveragents:fix/tui-help-command-full-catalog-listing

cleveragents:fix/issue-6323-project-context-show-output

cleveragents:fix/issue-6457-json-envelope-messages-text

cleveragents:fix/issue-6322-resource-add-url-flag

cleveragents:fix/issue-6325-plan-explain-decision-id

cleveragents:fix/resource-removal-children-check-6886

cleveragents:controller-state-machine

cleveragents:fix/issue-6345-automation-profile-add-output

cleveragents:docs/2026-04-08-unreleased-changelog

cleveragents:spec/tui-clarifications-session-export-persona

cleveragents:docs/add-example-tool-and-validation-management

cleveragents:bugfix/backlog-resource-schema-missing-overlay-strategy

cleveragents:fix/action-argument-schema/misleading-error-message

cleveragents:fix/remove-executable-resource-type

cleveragents:fix/automation-profile-remove-rich-output-panel

cleveragents:fix/container-handler-module-missing

cleveragents:fix/format-output-rich-color-renderers

cleveragents:fix/type-safety-legacy-migrator-type-ignore

cleveragents:spec/update-sse-streaming-event-example

cleveragents:fix/acms-skeleton-compressor-signature

cleveragents:fix/skill-add-yaml-wrapper-key

cleveragents:fix/1476-tool-list-cols

cleveragents:bugfix/permissions-diff-mode-cycle

cleveragents:fix/1429-node-ref

cleveragents:fix/1432-lsp

cleveragents:bugfix/1039-missing-validation-unit-tests-yaml

cleveragents:feature/audit-preserve-event-timestamp

cleveragents:feature/m8-tui-materializer

cleveragents:tdd/m4-automation-profile-di-bypass

cleveragents:fix/1441-ctrl-tab

cleveragents:feature/m9-entity-sync

cleveragents:feature/m9-team-collab

cleveragents:feature/m7-postgresql-backend

cleveragents:fix/issue-11189-config-actor-format

cleveragents:bugfix/m5-actor-options-ignored

cleveragents:fix-11004-tui-suggestions

cleveragents:fix/arg-swap-validation-attachment-8177

cleveragents:pr-fix/9663-hot-warm-cold-tier-reliability

cleveragents:pr_fix-11000-conflict-report

cleveragents:bugfix/m3.6.0-lsp-7044-subprocess-cleanup

cleveragents:fix/7478-file-ops-security-fix

cleveragents:impl-tui-materializer

cleveragents:test/hierarchical-plan-4phase-lifecycle

cleveragents:feature/security-fix-relpath-pr-11217

cleveragents:feature/m2-implementation-pool-supervisor-checklist

cleveragents:bugfix/m8-tui-input-live-refresh

cleveragents:feature/9126-fix-action-scope-invariant-merge

cleveragents:bugfix/m7-tool-calling-llm-options

cleveragents:fix-7478-startswith-bypass

cleveragents:bugfix/m3-cleanup-subprocess-on-failed-init

cleveragents:bugfix/m8-tui-anthropic-model-name

cleveragents:feat/integrate-cleveractors

cleveragents:feature/m8-tui-llm-dispatch

cleveragents:fix/auto_debug-partial-state

cleveragents:pr-9673-budget-enforcement

cleveragents:pr-9675

cleveragents:fix/issue-7478-inline-executor-startswith-bypass

cleveragents:feat/tui-tuimat-5326

cleveragents:fix-9675-context-show-clear

cleveragents:agents/final-working

cleveragents:fix/10356-eventbus-unsubscribe

cleveragents:11229-fix-acms-hot-max-tokens-regression-tests

cleveragents:pr-8701-invariant-model

cleveragents:pr-fix/10597-lsp-transport-cleanup

cleveragents:pr-fix-9608

cleveragents:dmpipeline-v2

cleveragents:pr-fix-10608-header-injection

cleveragents:pr-9827-fix

cleveragents:bugfix/7492-validation-attachment-argument-swap

cleveragents:pr-fix-11002

cleveragents:feat/v370/multi-session-tabs

cleveragents:fix-branch

cleveragents:AUTO-IMP/PR-10069-checklist

cleveragents:feature/m2-pr-compliance-checklist

cleveragents:feature/pr-10592-cloud-resource-types

cleveragents:fix-lsp-transport-cleanup

cleveragents:feature/context-strategy-protocol

cleveragents:refactor/v3.6.0-acp-to-a2a-rename

cleveragents:fix/context-cli-consolidation

cleveragents:fix/10608-lsp-header-injection

cleveragents:feat/acms-context-index

cleveragents:pr/fix-arg-swap-validation-attachment-8177

cleveragents:fix-cli-plan-status-envelope

cleveragents:pr/9981

cleveragents:pr/11153-auto-debug-fix

cleveragents:fix/validate_path_security

cleveragents:pr-fix-11177-status-check-native-expressions

cleveragents:bugfix/m6-validate-path-startswith

cleveragents:a2a-materializer-pr-fix

cleveragents:pr-fix-10608

cleveragents:bugfix/9250-a2a-session-id-validation-before-cleanup

cleveragents:pr-fix-11053

cleveragents:fix/a2a-handle-session-close-missing-session-id

cleveragents:fix/validation-attachment-arg-swap-8177

cleveragents:pr-fix-11196-invariant

cleveragents:bugfix/m5-fix-hot-max-tokens-tier

cleveragents:pr-fix-9675

cleveragents:perf-fix

cleveragents:pr-9608

cleveragents:feature/ten-way-merge-engine

cleveragents:pr-fix-branch

cleveragents:pr-11217

cleveragents:11101-three-way-merge-engine

cleveragents:fix/remove-silent-argument-swap

cleveragents:fix-pr-11000-structured-conflict-report

cleveragents:pr-fix-11053-session-id-validation

cleveragents:agents/fix-eventbus-unsubscribe

cleveragents:pr-10356

cleveragents:fix/invariant-action-scope

cleveragents:bugfix/issue-8395-sanitise-db-url

cleveragents:bugfix/m3-fix-action-scope-invariant-merge

cleveragents:pr-9671

cleveragents:feature/wire-missing-event-emitters

cleveragents:bugfix/m3.6.0-lsp-transport-post-spawn-cleanup

cleveragents:dmpipeline

cleveragents:bugfix/m5-acms-project-budget-override

cleveragents:fix/iterate-all-actors

cleveragents:pr/11217-fix-prefix-collision-bypass

cleveragents:fix/pr-11011-subprocess-cleanup

cleveragents:pr-11217-fix

cleveragents:pr-11217-relpath-fix

cleveragents:bugfix/m5-revert-acms-budget-assembler

cleveragents:fix/eventbus-unsubscribe

cleveragents:feature/pr-9981

cleveragents:fix/v3.7.0/actor-add-update-flag

cleveragents:agents/fix-invariant-persistence-8573

cleveragents:feat/tui-materializer-a2a

cleveragents:fix/tui-tui-materializer-a2a-event-queue

cleveragents:fix/unsubscribe-eventbus

cleveragents:pr-11153

cleveragents:feature/11201

cleveragents:pr-fix-11153-patched

cleveragents:pr-branch

cleveragents:fix/10813-strategy-decision-persistence

cleveragents:fix-pr-11145-status-check

cleveragents:pr-11053

cleveragents:pr-fix-10597-subprocess-cleanup

cleveragents:bugfix/mcp-infer-resource-slots-null-properties

cleveragents:pr-11166

cleveragents:pr-9675-fix

cleveragents:feat/structural-component-output-validation

cleveragents:pr-fix-9313

cleveragents:fix/pr-11042-rename-render

cleveragents:fix/action-scope-inmerge

cleveragents:fix/wf12-oom-sigkill

cleveragents:fix/wf18-container-clone-e2e

cleveragents:bugfix/m6-actor-overlay-render-shadow

cleveragents:bugfix/m7-plan-strategy-decisions-json

cleveragents:fix/10911-tui-suggestions-query-extraction

cleveragents:fix/lsp-transport-subprocess-cleanup

cleveragents:pr-fix-8177-validation

cleveragents:bugfix/m3-plan-status-json-envelope

cleveragents:fix/invariant-persistence-8573

cleveragents:pr-fix-11037

cleveragents:pr-11015-fix

cleveragents:pr_fix_11015

cleveragents:fix/m1-security-fix-startswith-bypass

cleveragents:fix/automation-profile-gates-lifecycle

cleveragents:fix-status-check-brittle-pipeline-11212

cleveragents:feat/pr-10590-dual-capability-strategies

cleveragents:feat/structural-output-validation

cleveragents:bugfix/m2-ci-status-check-resilience

cleveragents:feature/m3-plan-correction-data-model

cleveragents:pr-fix-10356-unsubscribe

cleveragents:pr-fix-11011

cleveragents:pr_fix/lsp-transport-header-injection-ascii

cleveragents:fix-pr-11002-startswith-bypass-7478

cleveragents:bugfix/acms-project-budget-override

cleveragents:fix/ci-status-check-resilience

cleveragents:bugfix/pr-fix-10597-cleanup-subprocess-on-init-failure

cleveragents:bugfix/sandbox-reexecute-cleanup

cleveragents:pr-fix-8701-invariant-model

cleveragents:fix/test-dotdot-traversal-assertion

cleveragents:fix/cleanup-stale-preserve-commits

cleveragents:fix/security-file-tools-path-traversal-7478

cleveragents:pr-11180-fix

cleveragents:fix-combined-format

cleveragents:fix-9131-invariant-propagation

cleveragents:fix/tui-actor-selection-overlay

cleveragents:pr-11201

cleveragents:merge/pr-11196-invariant-fix

cleveragents:pr/11165

cleveragents:temp-pr-11174

cleveragents:pr-fix-10356-unsubscribe-eventbus

cleveragents:pr-fix-11156-python313-deprecation

cleveragents:feature/pr-7801-fix-validate-path-security

cleveragents:fix/11039-render-refresh

cleveragents:fix/tui-actor-selection-render-rename

cleveragents:pr-fix-11089-session-close-validation

cleveragents:pr-fix/11089-session-close-validation

cleveragents:pr-fix-11182

cleveragents:bugfix/m3-rxpy-subject-close

cleveragents:test/restore-e2e-tests

cleveragents:feature/issue-pr-9271-hot-max-tokens

cleveragents:pr-fix-8177

cleveragents:bugfix/issue-8426-stdio-cleanup

cleveragents:feature/eventbus-unsubscribe

cleveragents:bugfix/m3-integrate-mcp-transport

cleveragents:fix/concurrent-stdout-restoration

cleveragents:PR-fix-wf18

cleveragents:feature/sandbox-cache-invalidation

cleveragents:fix/python-313-asyncio-deprecations

cleveragents:pr-11128

cleveragents:pr-11180

cleveragents:pr-11165

cleveragents:pr-practice

cleveragents:structural-output-validation

cleveragents:fix/status-check-native-expressions

cleveragents:feat/merge-conflict-detection

cleveragents:11036-fix-acms-hot-max-tokens

cleveragents:pr/11166

cleveragents:fix/ci-status-check-native-expressions

cleveragents:fix/11176-actor-selection-render

cleveragents:pr-fix-10597

cleveragents:feature/pr-compliance-pool-supervisor

cleveragents:pr-10590

cleveragents:fix/python313-asyncio-get-event-loop-deprecation

cleveragents:pr-fix-#11053-session-id-validation

cleveragents:pr-fix-11042-renamed-render

cleveragents:feat/v360/acp-to-a2a-rename

cleveragents:fix-arg-swap-validation-attachment-8177

cleveragents:fix/asyncio-get-event-loop-deprecation

cleveragents:fix_8395_pr

cleveragents:pr-fix-11153-auto-debug-mutation

cleveragents:pr/11051-thread-safety-invariant

cleveragents:fix-plan-status-json-envelope

cleveragents:bugfix/pr-11015-pool-supervisor-checklist

cleveragents:feature/fix-7478-validate-path

cleveragents:feature/plans-conflict-detection

cleveragents:pr-11141-cleanup-stale-commits-beyond-head

cleveragents:fix/pyyaml-vulnerability-upgrade

cleveragents:pr-fix-9244

cleveragents:bugfix/m3-invariant-propagation

cleveragents:feature/issue-10480-fix-validation-bypass

cleveragents:feature/m3-invariant-enforcement-validation-pipeline

cleveragents:feat/invariant-enforcement-strategize-phase

cleveragents:issue-10438-fix

cleveragents:fix/mcp-timer-race-10516

cleveragents:feat/agents-invariant-add-list-remove-commands

cleveragents:restore-e2e-cleanup

cleveragents:fix/issue-11120-cleanup-stale-preserve-artifacts

cleveragents:feature/fix-issue-11121-cleanup-stale-reinvoke

cleveragents:fix/issue-10480-plan-validation

cleveragents:feature/m5-tdd-quality-gate

cleveragents:bugfix/11121-fix-cleanup_stale-preserve-meaningful-changes

cleveragents:bugfix/acms-dual-strategy-capabilities-incompatible-fields

cleveragents:feature/benchmark-scheduled-workflow

cleveragents:feature/m8-tui-mainscreen

cleveragents:feat/v3.4.0/acms-project-indexer

cleveragents:fix/10932-preserve-strategy-decisions-json

cleveragents:fix/data-integrity-session-rollback-7489

cleveragents:fix/issue-6329-resource-remove-edge-table

cleveragents:fix/issue-7524-invariant-service-thread-safety

cleveragents:pr-10932-fix-plan-strategy-decisions

cleveragents:pr-fix-9244-pyyaml-upgrade

cleveragents:refactor/noxfile-parallel-test-architecture

cleveragents:task/ci-matrix-strategy-python-versions

cleveragents:feat/v3.3.0-plan-rollback

cleveragents:feature/issue-10755-redirect-rich-panels-to-stderr

cleveragents:pr10871

cleveragents:pr-fix-10901

cleveragents:ci/optimize-benchmarks-regression

cleveragents:fix/tui-extract-at-token-suggestions

cleveragents:feature/m5-add-repo-indexing-showcase

cleveragents:PR-10910-a2a-json-rpc-routing

cleveragents:feature/milestone-based-pr-prioritization

cleveragents:auto-time-3-day106-cycle2

cleveragents:timeline/day-106-cycle2-2026-04-16-auto-time-3

cleveragents:pr/fix-10842

cleveragents:pr-10886

cleveragents:fix/session-delete-json-envelope

cleveragents:pr-10851

cleveragents:pr-10876

cleveragents:fix/gemini-fallback-order

cleveragents:pr/fix/mcp-client-start-race-condition

cleveragents:feat/three-way-merge-engine-9608

cleveragents:pr/9673

cleveragents:fix/1469-plan-execute-structured-panels

cleveragents:fix/actor-provider-validation

cleveragents:implement-pr-9442

cleveragents:cleveragents-push-23420b48

cleveragents:fix/validation-repo-silent-swap

cleveragents:fix/startswith-bypass-7478

cleveragents:fix/invariant-thread-safety

cleveragents:fix-thread-safety-invariant-service

cleveragents:docs/milestone-plan-navigation

cleveragents:feature/implementor-notification-11032

cleveragents:pr9452

cleveragents:pr/fix-9601

cleveragents:pr-8667

cleveragents:fix/10954-security-scan-dockerfile

cleveragents:bugfix/9183-bdd-tag-enforcement

cleveragents:fix/7566-engine_cache-toctou-race

cleveragents:fix/plan-tree-json-output-envelope

cleveragents:pr-9313-fix

cleveragents:bugfix/9244-pyyaml-security-upgrade

cleveragents:test/domain-asv-benchmarks

cleveragents:pr-fix-10958-async-cleanup-tests

cleveragents:fix/action-list-table-columns

cleveragents:fix/issue-7478-validate-path-startswith-bypass

cleveragents:pr-fix-ci-11000

cleveragents:fix/agent-skill-multi-scope-discovery

cleveragents:pr-fix-10982

cleveragents:pr-fix-10937-close-reactive-eventbus

cleveragents:pr-fix-7478-path-traversal

cleveragents:feature/benchmark-scheduled-workflow-fix

cleveragents:pr-9183-add-bdd-tags

cleveragents:fix-plan-status-panels

cleveragents:fix-pr-11037

cleveragents:feat/v3.6.0-database-resource-types

cleveragents:pr-10591-checkout

cleveragents:pr-10979

cleveragents:fix/invariant-thread-safety-8209

cleveragents:fix/10597-lsp-proc-cleanup

cleveragents:fix/plan/tree-envelope-9313

cleveragents:fix-6568-push

cleveragents:pr/11044

cleveragents:feature/m6-reduce-redundant-ci-status-reporting

cleveragents:fix/ca-test-infra-improver-health-spam

cleveragents:agents/pr-6628-fix

cleveragents:auto-time-1-day107-cycle

cleveragents:fix/issue-11047-actor-add-rename-from-config

cleveragents:pr-6741

cleveragents:fix/8675-project-switch

cleveragents:pr-fix-1485-updates

cleveragents:pr/6723-fix-session-create-json

cleveragents:improvement/agent-bug-hunt-pool-supervisor-tracking-prefix-complete

cleveragents:fix/pr-6695-session-list-empty-json

cleveragents:pr-9663-fix

cleveragents:docs/add-example-resource-and-skill-management

cleveragents:feature/m39-cli-basics-showcase

cleveragents:fix/gemini-fallback-order-fix-2

cleveragents:fix/validation-list-command-clean

cleveragents:fix-pr7957-complete-tracking-prefix

cleveragents:pr-7922-fix-lint

cleveragents:feature/pr-8304-container-clone-into

cleveragents:fix-pyyaml-11012

cleveragents:pr-fix-9461

cleveragents:pr/8685-correction-data-model-persistence

cleveragents:bugfix/lsp-stdio-transport-cleanup-10597

cleveragents:pr-8660

cleveragents:feat-scope-chain-resolution

cleveragents:chore/pyyaml-upgrade

cleveragents:fix/issue-7478-file-tools-validate-path

cleveragents:pr-fix-9442-tui-ctrltab

cleveragents:spec/update-cycle8-validation-gate-empty-run-guard

cleveragents:fix/tui-sqlite-session-persistence-10648

cleveragents:fix/8661-plan-start-alias

cleveragents:fix-10649

cleveragents:pr-fix-cache-init

cleveragents:pr9407-timeline

cleveragents:feat/tui-prompt-symbol

cleveragents:pr_fix_9407-plan-alternatives-structured

cleveragents:bugfix/8179-remove-session-rollback-calls

cleveragents:pr-9246

cleveragents:pr-fix-10635-fixed

cleveragents:pr-10069

cleveragents:pr/fix-9313

cleveragents:pr-10643

cleveragents:invariant-pr-8684-fix

cleveragents:pr-fix-6676-resource-remove-edge-table

cleveragents:fix/acms-consolidate-strategycapabilities

cleveragents:pr-fix-8661

cleveragents:fix/9250-validate-session-id-before-cleanup

cleveragents:bugfix/m6-file-tools-validate-path-bypass

cleveragents:bugfix/m3-shell-safety-service-tui

cleveragents:pr-8684-persist-invariants

cleveragents:pr-8209-fix

cleveragents:bugfix/8177-remove-silent-argument-swap

cleveragents:fix/plan-apply-rich-output-panels

cleveragents:pr-fix-11012

cleveragents:pr-fix-8667

cleveragents:pr/fix/11012-pyinsec

cleveragents:pr-fix-9407

cleveragents:pr-8853

cleveragents:bugfix/m3-evlv-9824-implementation-pool-compliance-checklist

cleveragents:pr/10069

cleveragents:docs/pr-creator-state-priority-labels

cleveragents:test/core-asv-benchmarks

cleveragents:pr-fix-10995

cleveragents:refactor/v3.6.0-acp-to-a2a-rename-push

cleveragents:pr-9663

cleveragents:pr-fix-work

cleveragents:pr-8304

cleveragents:pr_fix_1514_v2

cleveragents:timeline-update-2026-04-19

cleveragents:pr-fix-9313-plan-tree-envelope

cleveragents:pr/11004-fix-tui-suggestions-query-extraction

cleveragents:pr-fix-9817

cleveragents:feat/9558-plan-conflict-detection

cleveragents:docs/timeline-day-101

cleveragents:fix/v360/plugin-loader-security

cleveragents:feat/acms-context-policy-fix-9671

cleveragents:pr-fix-9460

cleveragents:pr/9671

cleveragents:pr-fix-9671

cleveragents:pr-10592-fix

cleveragents:fix/issue-7478-file-path-validation

cleveragents:feat/pr-10590-context-strategy-fix

cleveragents:bugfix/pr-9183-bdd-tags

cleveragents:feat/acms-context-show-clear-cli

cleveragents:fix/invariant-add-scope-required

cleveragents:pr-fix-10590-context-strategy

cleveragents:pr-fix-10590-local

cleveragents:pr-8662-fix

cleveragents:pr/1485

cleveragents:pr/9460-project-show-invariants-validations

cleveragents:pr-11013

cleveragents:fix-1469-impl

cleveragents:pr-8257

cleveragents:pr-3329

cleveragents:feat/v3.2.0-decision-recording-strategize

cleveragents:fix/strategize-full-context-snapshots

cleveragents:clone-verify-test

cleveragents:AUTO-IMP/PR-9672-context-list-add

cleveragents:AUTO-IMP/PR-9663-storage-tiers

cleveragents:AUTO-IMP/PR-10583-a2a-rename

cleveragents:fix-check-same-thread-migration-runner

cleveragents:d2188407

cleveragents:fix/a2a-handle-session-close-missing-session-id-pr-9250

cleveragents:pr-fix-8179

cleveragents:bugfix/m6-devcontainer-autodiscovery-wiring

cleveragents:bugfix/m5-event-bus-exception-swallow

cleveragents:pr/3458

cleveragents:acms-parallel-indexing-fix

cleveragents:acms-parallel-indexing

cleveragents:pr-fix-10958

cleveragents:fix/lsp-context-enrichment-acms-wiring

cleveragents:fix/cli-remove-positional-name-from-actor-add

cleveragents:fix/acms-context-cli

cleveragents:bugfix/m6-session-create-suppress-exception-logging

cleveragents:fix-10957

cleveragents:fix/6726-tui-persona-cycling-keybinding

cleveragents:feat/plan-rollback-cli-checkpoint-restore

cleveragents:pr-8661-plan-start-alias

cleveragents:pr/1486/resource-handler-return-type

cleveragents:feature/8667-add-validation-list-command

cleveragents:fix/actor-add-positional-name

cleveragents:improvement/agent-pr-review-pool-supervisor-tracking-prefix-complete

cleveragents:pr/fix/actor-loader-list-actors-race-condition

cleveragents:bugfix/m4-lsp-context-enrichment-acms-wiring

cleveragents:bugfix/m-error-suppression-reactive-registry-adapter-v2

cleveragents:fix/7501-plan-repository-success-derivation

cleveragents:pr-10492

cleveragents:pr-8225

cleveragents:docs/fix-automation-profile-default-supervised

cleveragents:pr-9229-path-traversal-fix

cleveragents:pr-10975

cleveragents:pr/1486/fix-resource-handler-return-type

cleveragents:pr-9257-fix

cleveragents:fix/validation-list-command-fixed

cleveragents:fix-executable-resource

cleveragents:pr-8179

cleveragents:spec/auto-arch-24-a2a-boundary-enforcement-adr

cleveragents:pr/10988/head

cleveragents:pr-fix-9407-plan-explain-structured-alternatives

cleveragents:pr_9454

cleveragents:feat/agent-switch-cmd

cleveragents:pr-9329

cleveragents:8661-plan-start-alias

cleveragents:feat/acms-context-analysis-summaries

cleveragents:fix/invariant-add-repeatable-plan-action

cleveragents:tdd/m6-session-create-suppress-exception

cleveragents:test-push-check-only

cleveragents:pr-10889

cleveragents:pr-10889-fix

cleveragents:pr/10879-benchmark-caching-parallelism

cleveragents:fix/bug-hunt-supervisor-tracking-prefix

cleveragents:fix/issue-6491-actor-remove-format-option

cleveragents:auto-discovered-stale-conflicts-review-task

cleveragents:fix/issue-9169

cleveragents:improvement/reduce-redundant-ci-status-reporting

cleveragents:feat/v3.4.0-acms-index-data-model-traversal

cleveragents:bugfix/m3-sqlite-check-same-thread

cleveragents:bugfix/m3-evlv-implementation-pool-compliance-checklist

cleveragents:docs/quickstart-guide

cleveragents:fix/1431-subgraph

cleveragents:bugfix/7529-a2a-terminal-phase-guard

cleveragents:bugfix/m3-bdd-feature-file-tags

cleveragents:ci/v360/isolate-slow-e2e-tests

cleveragents:feature/m3-consolidate-documentation

cleveragents:feature/m7-user-driven-review-agent

cleveragents:feature/m9-a2a-http

cleveragents:fix/1423-refactor

cleveragents:fix/tui-mainscreen-3state-sidebar-adr044

cleveragents:testbed/m9-hello

cleveragents:docs/add-label-verification-to-new-issue-creator

cleveragents:bugfix/m3-database-migration-runner-check-same-thread

cleveragents:feature/m4-plan-correction-revert

cleveragents:improvement/agent-architecture-pool-supervisor-milestone-assignment

cleveragents:feature/m9-changelog-unreleased-cycle7

cleveragents:fix/issue-10512-mcptooladapter-rlock

cleveragents:fix/data-integrity-llm-trace-repository-7505

cleveragents:agents/auto-working-new

cleveragents:fix/resource-removal-guard-linked-children

cleveragents:fix/1468-impl

cleveragents:feature/issue-4381-docs-add-invariantreconciliationactor-api-docs-devcontainer-discovery-module-guide-and-mkdocs-nav

cleveragents:fix/7619-git-tools-base-env-toctou

cleveragents:pr-fix-8661-updates

cleveragents:feature/issue-2798-chore-agents-improve-ca-test-infra-improver-strengthen-duplicate-avoidance

cleveragents:bugfix/m3-migration-runner-check-same-thread

cleveragents:feature/issue-10952-fix-database-migration-runner-check-same-thread

cleveragents:fix/dependency-security-aiohttp-cves

cleveragents:fix/security-b608-sql-fstring-migration-plan-phases

cleveragents:fix/cli-legacy-removal

cleveragents:bugfix/m3-langgraph-execute-state-bypass

cleveragents:feat/issue-6370-actor-context-clear

cleveragents:bugfix/m3-actor-run-response

cleveragents:fix/tui-auto-generate-presets-actor-schema

cleveragents:feature/issue-1917-optimize-robot-actor-context-management-tests

cleveragents:feature/issue-10803-fix-nox-sessions-use-uv-sync-frozen

cleveragents:bugfix/m3-output-plan-results

cleveragents:pr/9912-fix

cleveragents:bugfix/executor-error-details-overwrite-mini-max

cleveragents:fix-10866-permissions-screen

cleveragents:fix-pr-10852

cleveragents:fix/10922-conversation-state-mgmt

cleveragents:pr-check

cleveragents:bugfix/10931-preserve-strategy-decisions-json

cleveragents:fix/10903-nox-showcase-docs

cleveragents:pr/10885-pyyaml-upgrade

cleveragents:pr-fix-10931

cleveragents:bugfix/executor-error-details-overwrite-qwen

cleveragents:fix-pr-1107-asgi-uvicorn

cleveragents:fix-9912-branch

cleveragents:bugfix/10821-fix-tui-keybinding

cleveragents:fix/redaction-pattern-exception-handling

cleveragents:feature/spec-timeline-6003

cleveragents:feature/spec-timeline-6008

cleveragents:feature/issue-4746-update-spec-agents-diagnostics-all-9-providers

cleveragents:feat/v3.6.0/gemini-provider

cleveragents:pr/8194

cleveragents:tdd/prompt-input-textarea

cleveragents:fix/lsp-transport-security

cleveragents:temp-squash

cleveragents:feat/690-jsonrpc-routing

cleveragents:feat/v3.6.0-anthropic-gemini-backends

cleveragents:build/agents-system-rewrite

cleveragents:feature/issue-10826-docs-spec-align-checkpoint-trigger-names-and-config-key-path-with-implementation

cleveragents:feature/issue-10794-feat-a2a-implement-a2a-http-transport-for-server-mode

cleveragents:fix/tui-preset-cycling

cleveragents:pr-10820

cleveragents:feature/696-implement-a2a-http-transport-for-server-mode

cleveragents:feature/issue-10792-feat-server-langgraph-platform-remotegraph-integration

cleveragents:feature/issue-1486-fix-v3-7-0-resourcehandler-return-type-1444

cleveragents:feature/issue-1488-fix-v3-7-0-resolve-issue-1432

cleveragents:bugfix/m1-plan-execute-sandbox-root

cleveragents:feature/issue-10858-devops-run-linter

cleveragents:docs/milestone-v3.6.0-v3.7.0

cleveragents:feature/issue-10835-add-milestone-based-pr-prioritization

cleveragents:pr-8701-head

cleveragents:feature/m7-actor-management-showcase-metadata

cleveragents:feat/context-dynamic-budget-allocation

cleveragents:feat/acms-semantic-chunking-context-strategy

cleveragents:feat/v360/pluggable-scope-chain-api-v2

cleveragents:docs/v360/actor-management-showcase

cleveragents:fix/pr-10755

cleveragents:feat/v3.6.0/pluggable-scope-chain

cleveragents:feature/m3-timeline-day97-update

cleveragents:feature/m4652-module-guides

cleveragents:feature/m5-extend-agents-diagnostics-example

cleveragents:feature/m5832-add-unreleased-changelog-entries

cleveragents:docs/add-repo-indexing-showcase

cleveragents:feature/issue-8225-validation-gate-empty-summary

cleveragents:bugfix/m8179-fix-data-integrity-remove-session-rollback-calls-from-projectrepository

cleveragents:fix/plan-lifecycle-root-decision-type

cleveragents:bugfix/cancel-worktree-cleanup

cleveragents:pr-10586

cleveragents:pr-9215

cleveragents:feat/issue-6357-tui-loading-states

cleveragents:temp-bug2-combined

cleveragents:docs/consolidated-all-documentation

cleveragents:bugfix/m6-sandbox-reexecute-cleanup

cleveragents:fix/issue-9963-memory-service-timestamp-guards

cleveragents:docs/context-management-deep-dive-v2

cleveragents:docs/context-management-deep-dive

cleveragents:docs/agent-development-guide

cleveragents:feature/10008-file-level-correction-diff

cleveragents:docs/a2a-protocol-guide

cleveragents:docs/tui-user-guide-keybindings

cleveragents:fix/plan-generation-validate-logic

cleveragents:bugfix/issue-10408-dollar-prefix-shell-mode

cleveragents:test/issue-10500-persona-state-reset-tdd

cleveragents:docs/getting-started-tutorial

cleveragents:test/tdd-session-create-suppress-exception

cleveragents:docs/error-codes-guide

cleveragents:docs/common-tasks-recipes-guide

cleveragents:test/migration-runner-sqlite-threading

cleveragents:docs/configuration-reference

cleveragents:pr-10678

cleveragents:pr-10681

cleveragents:test/issue-10510-mcptooladapter-rlock-tdd

cleveragents:feature/tui-screens-directory

cleveragents:fix/issue-10511-suppress-runtimeerror

cleveragents:pr-10676

cleveragents:fix/tui-block-cursor-bindings

cleveragents:pr-10680

cleveragents:test/issue-10502-session-export-json-tdd

cleveragents:fix/issue-10507-sqlite-check-same-thread

cleveragents:docs/installation-setup

cleveragents:test/v3.6.0/scope-chain-integration-tests

cleveragents:fix/v370/loading-throbber-restore

cleveragents:feat/v370/tui-complete-squashed

cleveragents:feat/v3.6.0/budget-enforcement

cleveragents:auto-arch-1-spec-module-definitions

cleveragents:auto-time/timeline-update-2026-04-18-c3

cleveragents:auto-docs-2/add-changelog-contributing

cleveragents:auto-time/timeline-update-2026-04-18-c2

cleveragents:auto-docs-1/fix-mkdocs-nav-and-links

cleveragents:pr-5968

cleveragents:improvement/agent-bug-hunt-pool-supervisor-tracking-prefix

cleveragents:auto-time/update-2026-04-17

cleveragents:auto-docs-3-v340-v350

cleveragents:docs/timeline-update-2026-04-15

cleveragents:auto-docs/initial-documentation-assessment

cleveragents:feature/m1-initial-documentation

cleveragents:bugfix/m4-plan-diff-correction-stub

cleveragents:pr-9247

cleveragents:docs/timeline-update-2026-04-17

cleveragents:timeline/day-106-2026-04-17-auto-time-1

cleveragents:timeline/day-106-2026-04-16-auto-time-1-v2

cleveragents:spec/auto-arch-23-minor-clarifications

cleveragents:timeline/day-106-2026-04-16-auto-time-2

cleveragents:docs/auto-docs-2-v380-v390

cleveragents:bugfix/m3-actor-add-v3-schema-validation

cleveragents:timeline/day-106-2026-04-16-auto-time-1

cleveragents:auto-docs/changelog-architecture-readme

cleveragents:chore/timeline-day-105-2026-04-15

cleveragents:docs/timeline-update-2026-04-15-auto-time-1

cleveragents:timeline/day-105-2026-04-15-auto-time-1

cleveragents:benchmark-ci

cleveragents:fix/plan-phase-migration-raw-sql-root-plan-id

cleveragents:auto-arch-12/spec-acms-context-tier-hydrator

cleveragents:timeline/day-106-2026-04-15-auto-time-1

cleveragents:feat/invariant-enforcement-strategize

cleveragents:feat/plan-tree-decision-rendering

cleveragents:docs/auto-docs-4-fix-conflicts

cleveragents:docs/auto-docs-1-milestone-docs-v3.0.0-v3.1.0

cleveragents:feat/v3.4.0-acms-lifecycle-policy

cleveragents:pr-9220

cleveragents:pr-9214

cleveragents:feat/v3.3.0-subplan-status-tracking

cleveragents:uat/checkpoint-rollback-merge-tests

cleveragents:fix/pr-review-pool-supervisor-prefix-mismatch

cleveragents:feat/v3.3.0-spawn-subplan-step

cleveragents:auto-time-1-day103-cycle1-session6

cleveragents:feat/v3.8.0-agent-card-endpoint

cleveragents:docs/auto-docs-cycle-24-showcase-nav

cleveragents:fix/issue-7663-docs-writer-missing

cleveragents:auto-time-1-day103-cycle2

cleveragents:docs/timeline-day-104-auto-time-1

cleveragents:auto-arch-16/spec-xml-prompt-injection-mitigation

cleveragents:bugfix/m4-invariant-persistence

cleveragents:uat-a2a-facade-tests-v350

cleveragents:bugfix/m3-behave-parallel-failed-chunk-logs

cleveragents:bugfix/7664-automation-tracking-label-requirements

cleveragents:docs/auto-time-1-timeline-update-2026-04-14

cleveragents:docs/auto-docs-1-milestone-v3-updates

cleveragents:docs/action-config-schema-api

cleveragents:fix/bug-hunt-supervisor-nonexistent-file-preflight

cleveragents:docs/validation-gate-empty-run-guard

cleveragents:auto-arch-15/spec-retry-policy-canonical-fields

cleveragents:docs/lockservice-advisory-locking

cleveragents:docs/changelog-plan-fix-4197

cleveragents:spec/milestone-plan-section

cleveragents:docs/update-changelog-recent-features

cleveragents:fix/test-infra-remove-redundant-python-variable-robot-files

cleveragents:timeline/day-104-2026-04-14-cycle2

cleveragents:fix/bdd-feature-file-tags

cleveragents:auto-arch-13/spec-default-automation-profile

cleveragents:docs/auto-docs-cycle-1-2026-04-12

cleveragents:docs/cycle-1-git-worktree-sandbox

cleveragents:spec/architecture-critical-gap-fixes

cleveragents:docs/timeline-day-104-auto-time-2

cleveragents:auto-arch-1/add-v380-v390-milestone-plan

cleveragents:docs/developer-setup-guide

cleveragents:fix/auto-profile-spec-prose-description

cleveragents:auto-arch-10/spec-tui-a2a-integration-layer

cleveragents:spec/resource-event-types-clarification

cleveragents:auto-docs-4/changelog-and-observability

cleveragents:auto-arch-4/adr-049-layered-boundary-enforcement

cleveragents:docs/a2a-protocol-autonomy-hardening

cleveragents:auto-arch-9/spec-v3.8.0-milestone-plan

cleveragents:docs/auto-docs-3-reference-index

cleveragents:auto-arch-7/spec-apply-git-worktree

cleveragents:docs/timeline-day104-cycle1-auto-time-4

cleveragents:docs/auto-docs-cycle-1-changelog-updates

cleveragents:auto-arch-6/adr-049-spec-restructuring

cleveragents:docs/auto-docs-1-v340-acms-context-management

cleveragents:docs/auto-docs-1-v320-v330-cli-reference

cleveragents:auto-arch-5/v3.9.0-milestone-plan

cleveragents:test/create-scripts

cleveragents:auto-time-1-day104

cleveragents:timeline/day-104-2026-04-14

cleveragents:docs/auto-time-4-day103-cycle5

cleveragents:auto-time-3-day103-cycle4

cleveragents:auto-docs-5-architecture-overview

cleveragents:spec/three-way-merge-strategy-v3.3.0

cleveragents:spec/checkpoint-system-v3.3.0

cleveragents:auto-docs-4-api-docs-update

cleveragents:auto-docs-1-changelog-expansion

cleveragents:spec/invariant-management-system-v3.2.0

cleveragents:pr-8289

cleveragents:spec/plan-correction-engine-v3.2.0

cleveragents:spec/layered-architecture-boundary-policy

cleveragents:spec/tui-materializer-a2a-integration-v3.7.0

cleveragents:spec/decision-recording-system-v3.2.0

cleveragents:docs/auto-docs-1-milestone-overview

cleveragents:pr-7484

cleveragents:pr-4212

cleveragents:auto-arch-3/v3.8.0-milestone-plan

cleveragents:auto-docs-6/troubleshooting-and-config

cleveragents:auto-time-1-day103-session5

cleveragents:auto-docs-5/contributor-guide-and-readme

cleveragents:docs/plan-tree-ulid-examples

cleveragents:docs/m3-spec-clarify-path-datetime-plugin-contracts

cleveragents:docs/auto-docs-cycle-10-diagnostics-ref

cleveragents:auto-docs-3/user-guide-and-architecture

cleveragents:docs/cycle-7-changelog-update

cleveragents:spec/reconciliation-failure-behavior

cleveragents:auto-docs-2/api-documentation

cleveragents:auto-arch-2/adr-053-repositories-decomposition

cleveragents:auto-docs-1/release-notes-v3.0-v3.1

cleveragents:spec/update-validation-attach-project-delete

cleveragents:spec/architecture-cycle2-impl-clarifications

cleveragents:auto-arch-1/adr-049-052-violations

cleveragents:auto-time-1-day103

cleveragents:docs/auto-docs-cycle-13-updates

cleveragents:docs/timeline-day-102-auto-time

cleveragents:timeline/day-103-2026-04-13

cleveragents:spec/arch-invariant-cli-completeness

cleveragents:spec/update-cycle1-validation-attach-project-delete

cleveragents:docs/add-session-management-showcase

cleveragents:spec/arch-sandbox-path-correction-cycle9

cleveragents:spec/architecture-v380-milestone-plan

cleveragents:docs/auto-docs-cycle-12-updates

cleveragents:docs/cycle-1-validation-gate-fix

cleveragents:docs/auto-docs-cycle-2-2026-04-10

cleveragents:spec/architecture-cycle-25-new-features

cleveragents:docs/timeline-day-102-2026-04-12

cleveragents:docs/cycle-2-git-worktree-acms-hydrator

cleveragents:spec/arch-sandbox-cleanup-discovery

cleveragents:docs/timeline-day96-2026-04-08

cleveragents:docs/auto-docs-cycle-11

cleveragents:spec/fix-sandbox-strategy-protocol-name

cleveragents:spec/arch-acms-tier-hydration

cleveragents:fix/v3.4.0/context-settings-defaults

cleveragents:docs/add-example-repl-and-actor-run

cleveragents:docs/auto-docs-cycle-10-updates

cleveragents:docs/session-4-2026-04-08-updates

cleveragents:docs/showcase-all-examples-consolidated

cleveragents:docs/acms-context-hydrator-cycle2

cleveragents:docs/add-example-output-format-flags

cleveragents:spec/arch-failfast-cancel-semantics

cleveragents:timeline/day-101-2026-04-11

cleveragents:docs/timeline-day99-2026-04-09-v2

cleveragents:docs/auto-docs-cycle-2-worktree-acms

cleveragents:spec/architecture-v3.8.0-milestone-plan

cleveragents:docs/api-lsp-acms-reference

cleveragents:improvement/agent-bug-hunt-pool-supervisor-yaml-syntax-fix

cleveragents:spec/project-delete-deleted-at-field

cleveragents:spec/architecture-provider-registry-tui-materializer

cleveragents:spec/document-reconciliation-blocked-error-5942

cleveragents:fix/issue-7482-git-log-injection

cleveragents:spec/devcontainer-auto-discovery-schema

cleveragents:docs/update-module-guides-2026-04-10

cleveragents:timeline/day-100-2026-04-10-auto-time-cycle1

cleveragents:timeline/day-99-2026-04-09-auto-time-v2

cleveragents:docs/cycle-3-module-guides

cleveragents:timeline/day-99-2026-04-09-auto-time

cleveragents:pr-4226

cleveragents:spec/additional-llm-providers-gemini-groq-cohere-together-ollama-mistral

cleveragents:spec/document-context-tier-hydrator-6175

cleveragents:docs/timeline-day99-2026-04-09

cleveragents:spec/invariant-cli-clarifications

cleveragents:docs/add-example-project-init-and-context-management

cleveragents:spec/reconciliation-blocked-error-documentation

cleveragents:spec/fix-invariant-precedence-reference-5861

cleveragents:spec/fix-plan-correct-accepts-plan-id-5558

cleveragents:spec/fix-validation-attach-synopsis-5328

cleveragents:docs/timeline-day-99-cycle-1

cleveragents:docs/timeline-day-99-cycle-2

cleveragents:fix/actor-context-list-regex-arg

cleveragents:docs/timeline-day-99-cycle-3

cleveragents:spec/arch-security-mode-init

cleveragents:docs/auto-docs-cycle-9-updates

cleveragents:fix-resource-fix-resource-remove-to-check-correct-edge-table

cleveragents:feat/issue-6434-tui-env-var-expansion

cleveragents:fix/issue-6321-plan-prompt-timing-field

cleveragents:feat/issue-6348-sessions-screen

cleveragents:spec/plan-show-command

cleveragents:temp

cleveragents:feat/harden-label-restrictions-1775753628

cleveragents:spec/invariant-reconciliation-failure-behavior

cleveragents:spec/add-reconciliation-failure-behavior-5942

cleveragents:spec/architecture-corrections-cycle3

cleveragents:spec/fix-ai-provider-interface-5801

cleveragents:spec/azure-api-version-default-update

cleveragents:docs/auto-docs-writer-cycle1-labels

cleveragents:spec/fix-resource-type-yaml-format-5622

cleveragents:spec/add-plan-revert-resume-commands-5574

cleveragents:docs/auto-docs-cycle-1-2026-04-09

cleveragents:spec/plan-correct-plan-id-or-decision-id-5558

cleveragents:spec/fix-subgraph-node-actor-ref-field-5427

cleveragents:issue/5284-master-ci-fix

cleveragents:timeline/day-99-2026-04-09-v2

cleveragents:merge-me

cleveragents:docs/session-3377-initial-docs-update

cleveragents:fix/llm-provider-subpackage-exports

cleveragents:spec/arce-acronym-and-tui-keybinding-fixes

cleveragents:spec/architecture-corrections-cycle2

cleveragents:spec/architecture-corrections-cycle1

cleveragents:docs/cycle-1-updates

cleveragents:docs/session-4940-2026-04-08-cycle1

cleveragents:spec/architecture-milestone-plan-v3.2-v3.7

cleveragents:docs/session-4743-2026-04-08-cycle1

cleveragents:docs/timeline-day-98

cleveragents:docs/timeline-day98-2026-04-08-v2

cleveragents:docs/add-example-action-and-plan-management

cleveragents:docs/session-2026-04-06-updates

cleveragents:docs/ca-docs-writer-v3.8.1-2026-04-05

cleveragents:improvement/agent-arch-guard-clone-failure-handling

cleveragents:fix-tdd-invert-non-assertion-exceptions

cleveragents:bugfix/3472-fix-tdd-inversion-logic

cleveragents:bugfix/989-fix-persistence-json-decode-error

cleveragents:improvement/agent-supervisor-tracking-labels-v2

cleveragents:docs/timeline-day95-v2

cleveragents:docs/timeline-day95-final

cleveragents:docs/update-lsp-api-and-changelog

cleveragents:fix/lsp-resource-handler-module-missing

cleveragents:docs/timeline-day95-final-2026-04-05

cleveragents:fix/a2a-plan-correct-rollback-wiring

cleveragents:docs/add-lsp-api-and-changelog-2026-04-05

cleveragents:fix/tool-registry-validation-type-discriminator

cleveragents:docs/v3.7.0-documentation-update

cleveragents:docs/ca-docs-writer-2026-04-05-cycle2

cleveragents:docs/unreleased-feature-docs

cleveragents:fix/concurrency-cost-tracker-record-usage-race-condition

cleveragents:improvement/agent-ca-test-infra-improver-failure-handling

cleveragents:docs/update-changelog-mcp-plan-ci-2026-04-05

cleveragents:improvement/agent-pr-reviewer-milestone-prioritization

cleveragents:docs/timeline-day95-refresh-2026-04-05

cleveragents:improvement/agent-mandatory-labels-tracking-issues

cleveragents:docs/api-domain-providers-changelog-2026-04-05

cleveragents:docs/ca-docs-writer-2026-04-05

cleveragents:docs/timeline-day95-refresh

cleveragents:fix/skill-add-include-validation

cleveragents:docs/timeline-day-95-2026-04-05-update3

cleveragents:docs/timeline-day-95-2026-04-05-update2

cleveragents:docs/ci-incident-runbook-2597

cleveragents:improvement/agent-ca-test-infra-improver-worker-api-mode

cleveragents:docs/shell-safety-api-and-readme-highlights

cleveragents:docs/timeline-day-55-2026-04-04-v2

cleveragents:docs/timeline-day-55-2026-04-04

cleveragents:docs/timeline-day54-update3

cleveragents:improvement/agent-ca-test-infra-improver-fixes

cleveragents:spec/restructure-monolithic-to-split

cleveragents:docs/timeline-day54-update-v2

cleveragents:docs/timeline-day54-update

cleveragents:fix-agents

cleveragents:docs/shell-safety-and-domain-base-model

cleveragents:fix/1452-impl

cleveragents:fix/1425-test

cleveragents:fix/1426-config

cleveragents:fix/1421-perf

cleveragents:fix/1424-impl

cleveragents:test/int-wf16-devcontainer

cleveragents:feature/m8-tui-persona-export

cleveragents:feature/m7-post-resource-equivalence

cleveragents:test/e2e-m4-acceptance

cleveragents:feature/m6-tantivy-backend

cleveragents:feature/m6-estimation

cleveragents:feature/m6-estimation-report-model

cleveragents:feature/observability-prometheus-audit

cleveragents:feat/server-auth-namespace

cleveragents:feature/m8-session-editing

cleveragents:feature/llm-actor-subplan-wiring

cleveragents:feature/m8-tui-first-run-actor-selection

cleveragents:feature/m8-tui-conversation-block-catalog

cleveragents:feature/m8-tui-settings-screen

cleveragents:feature/m7-e2e-porting

cleveragents:feature/m6-estimation-historical-stats

cleveragents:feature/m8-tui-persona-export-import

cleveragents:feature/m8-tui-sessions-screen

cleveragents:feature/m7-graph-backend

cleveragents:feature/m8-tui-block-context-menu

cleveragents:feature/m8-tui-tool-call-expand

cleveragents:feature/m4-missing-builtin-tools

cleveragents:docs/v3.7.0-release-docs

cleveragents:feature/m8-tui-session-export

cleveragents:test/e2e-wf15-disaster-recovery

cleveragents:test/e2e-wf03-refactoring

cleveragents:test/e2e-m3-acceptance

cleveragents:feature/m8-tui-prompt-history

cleveragents:feature/m8-tui-actor-thought-block-rendering

cleveragents:bugfix/m6-build-hierarchy-child-ids

cleveragents:feature/resource-inheritance-wiring

cleveragents:test/e2e-wf09-session

cleveragents:test/e2e-wf06-doc-generation

cleveragents:test/e2e-wf08-cloud-infra

cleveragents:test/e2e-wf02-test-generation

cleveragents:test/e2e-wf13-custom-profile

cleveragents:test/e2e-wf11-graph-actor

cleveragents:test/e2e-wf01-hello-world

cleveragents:test/int-wf17-explicit-container

cleveragents:test/int-wf12-hierarchical

cleveragents:test/int-wf15-disaster-recovery

cleveragents:test/int-wf13-custom-profile

cleveragents:test/int-wf03-refactoring

cleveragents:test/int-wf11-graph-actor

cleveragents:test/int-wf10-batch

cleveragents:test/int-wf09-session

cleveragents:feature/m3-tdd-issue-consistency-gate

cleveragents:feature/m3-invariant-enforcement-strategize

cleveragents:test/int-wf18-container-clone

cleveragents:test/int-wf01-hello-world

cleveragents:feature/m6-diagnostic-dashboard-health-categories

cleveragents:feature/m6-cli-polish

cleveragents:fix/e2e-db-isolation

cleveragents:feature/m7-post-tui

cleveragents:feature/m9-asgi-endpoint

cleveragents:feature/m7-post-server

cleveragents:tdd/m7-audit-session-race

cleveragents:tdd/m3-skill-add-regression

cleveragents:feature/m9-remote-repos

cleveragents:feature/fs-mount-file-types

cleveragents:tdd/container-resolve-crash

cleveragents:test/e2e-m1-acceptance

cleveragents:test/e2e-m2-acceptance

cleveragents:eugen.thaci-patch-3

cleveragents:eugen.thaci-patch-2

cleveragents:eugen.thaci-patch-1

cleveragents:aditya-fix-latest

cleveragents:feature/m4-secret-masking-llm-context

cleveragents:aditya-fix

cleveragents:refactor/m3-replace-mktemp

cleveragents:refactor/m3-remove-unittest-mock-integration

cleveragents:refactor/m3-remove-robot-mock-imports

cleveragents:refactor/m3-remove-mock-llm-integration

cleveragents:docs/improved-menu-adr

cleveragents:feature/m7-post-auth

cleveragents:feature/m3-fix-resource-bootstrap

cleveragents:feature/post-safety-profile-tests

cleveragents:integration/batch-2026-03-02

cleveragents:feat/slipcover

cleveragents:docs/safety-profile-spec-composition

cleveragents:integrate/freemo-batch-1

cleveragents:feature/m4-error-recovery

cleveragents:feature/m4-security-template

cleveragents:feature/m3-validation-pipeline

cleveragents:develop-aditya-2

cleveragents:feature/m3-diff-review

cleveragents:feature/m3-validation-apply

cleveragents:feature/m6-acp-stubs

cleveragents:feature/m4-correction-flows

cleveragents:feature/m1-plan-execute-runtime

cleveragents:feature/m4-security-exceptions

cleveragents:feature/m4-definition-of-done

cleveragents:feature/m4-correction-model

cleveragents:feature/m1-apply-pipeline

cleveragents:feature/m5-automation-profiles

cleveragents:feature/m2-lsp-stubs

cleveragents:feature/m3-invariants

cleveragents:feature/m1-actor-runtime

cleveragents:feature/docs-v2-restore

cleveragents:feature/m6-perf-scale

cleveragents:feature/m6-validation-edge

cleveragents:feature/m3-session-cli

cleveragents:feature/m1-persistence-tests-robot

cleveragents:feature/m3-config-cli

cleveragents:feature/m1-cli-tests-robot

cleveragents:feature/m5-subplan-tests

cleveragents:feature/m6-review-playbook

cleveragents:feature/aditya-m3-actor-loader

cleveragents:feature/m3-skill-protocol

cleveragents:feature/m4-automation-legacy-cleanup

cleveragents:feature/m3-change-model

cleveragents:feature/m3-skill-git

cleveragents:feature/m3-skill-registry

cleveragents:feature/m4-security-eval

cleveragents:fix/robot-tests

cleveragents:feature/m3-actor-registry

cleveragents:feature/m3-tool-cli

cleveragents:feature/m4-automation-profiles-cli

cleveragents:feature/m2-resource-cli-extensions

cleveragents:feature/m3-actor-loader

cleveragents:feature/m3-tool-domain-robot

cleveragents:feature/m3-skill-domain-robot

cleveragents:feature/m3-skill-cli

cleveragents:feature/m1-resource-db-robot-tests

cleveragents:feature/m3-session-domain-robot

cleveragents:feature/m1-persistence-tests

cleveragents:feature/m1-cli-tests

cleveragents:ten-branches-backup

cleveragents:feature/m3-skill-schema

cleveragents:feature/m3-session-persistence

cleveragents:feature/automation-profiles-and-resource-dag

cleveragents:feature/m1-plan-repo

cleveragents:feature/m1-db-plan-phase-rebaseline

cleveragents:feat/B4-sandbox

cleveragents:feat/B2-cli-wiring

cleveragents:feat/B5-project-persistence

cleveragents:feat/B1-project-data-models

cleveragents:feat/b1-data-models

cleveragents:feat-repo-manager-and-sourcegraph-support

cleveragents:feat/actor-schema

cleveragents:fix/component-isolation-security-fix

cleveragents:feat/ontology-agent

cleveragents:fix/error-handling-security-fix

cleveragents:fix/concurrency-security-fix

cleveragents:fix/serialization-security-fix

cleveragents:fix/server-side-request-forgery-security-fix

cleveragents:fix/file-system-security

cleveragents:fix/template-injection-fix

cleveragents:fix/data-injection-fix

cleveragents:tests/unit-tests

cleveragents:latest/poetry-generator

cleveragents:poetry-generator

cleveragents:config/contract-metadata-extractor

cleveragents:docs/readme-yaml-syntax

cleveragents:config/memory-yaml

cleveragents:fix/double-response

cleveragents:brent-additions

cleveragents:intel_2_demo

Conversation 5 Commits 3 Files changed 2 +177

HAL9000 commented 2026-05-18 12:46:02 +00:00

Owner

Copy link

Summary

This PR fixes a critical path traversal vulnerability in the validate_path function of file_tools.py.

Vulnerability

The original validate_path implementation relied on pathlib's / join operator followed by .resolve() and .relative_to() checks. This has a well-known bypass: when an absolute path is passed to pathlib's / operator, it completely discards the base path.

Example:

Path("/sandbox") / "/etc/passwd"  # returns PosixPath("/etc/passwd") - sandbox is DISCARDED!

Fix

Added defensive pre-validation on the raw input string:

1. Empty path rejection - validates non-empty input before any pathlib operations
2. Absolute path rejection - detects / or \ prefixed paths and rejects them early, preventing sandbox bypass
3. Component-walk traversal detection - walks through each path component individually, checking that no intermediate step (including .. handling) escapes outside the sandbox root

Files Changed

• src/cleveragents/tool/builtins/file_tools.py - Enhanced validate_path with pre-validation
• tests/test_file_tools_security.py - New comprehensive security test suite (14 test methods)

Closes #7478

## Summary This PR fixes a critical path traversal vulnerability in the `validate_path` function of `file_tools.py`. ## Vulnerability The original `validate_path` implementation relied on pathlib's `/` join operator followed by `.resolve()` and `.relative_to()` checks. This has a well-known bypass: when an absolute path is passed to pathlib's `/` operator, it completely discards the base path. Example: ```python Path("/sandbox") / "/etc/passwd" # returns PosixPath("/etc/passwd") - sandbox is DISCARDED! ``` ## Fix Added defensive pre-validation on the raw input string: 1. **Empty path rejection** - validates non-empty input before any pathlib operations 2. **Absolute path rejection** - detects `/` or `\` prefixed paths and rejects them early, preventing sandbox bypass 3. **Component-walk traversal detection** - walks through each path component individually, checking that no intermediate step (including `..` handling) escapes outside the sandbox root ## Files Changed - `src/cleveragents/tool/builtins/file_tools.py` - Enhanced validate_path with pre-validation - `tests/test_file_tools_security.py` - New comprehensive security test suite (14 test methods) Closes #7478

HAL9000 added 1 commit 2026-05-18 12:46:03 +00:00

fix: secure path validation in file_tools.py and add security tests 93a5784ddb

HAL9000 added the

controller-managed

label 2026-05-28 03:48:47 +00:00

HAL9000 added 1 commit 2026-05-28 03:50:41 +00:00

chore: re-trigger CI [controller] c7a77ac409

HAL9000 added the

Priority

Critical

Type

Bug

labels 2026-05-28 03:51:08 +00:00

HAL9000 added this to the v3.5.0 milestone 2026-05-28 03:51:14 +00:00

HAL9000 force-pushed fix-file-tools-path-validation from c7a77ac409 to 31c714bfdc 2026-05-28 04:06:20 +00:00 Compare

HAL9000 added 1 commit 2026-05-28 04:25:33 +00:00

fix(lint): replace EN DASH with hyphen-minus in comment; apply ruff format d646288142

HAL9000 commented 2026-05-28 11:07:09 +00:00

Author

Owner

Copy link

[CONTROLLER-DEFER:Gate 1:linked_issue_closed]

This PR has been deferred for re-evaluation. The controller has stepped back
from processing it. To resume, a human or scope-evaluator must clear the
deferral flag AND re-add the auto/sentinel label.

Decision:

• Gate: Gate 1
• Reason category: linked_issue_closed
• Canonical: #-
• LLM confidence: deterministic
• LLM reasoning: Linked issue(s) [7478] already closed; no LLM call needed.

To clear the deferral (SQL):
UPDATE workflows SET deferred_reason=NULL,
deferred_at=NULL,
deferred_target_workflow_id=NULL
WHERE workflow_id = 9;

INSERT INTO controller_events
  (workflow_id, ts, event_type, payload, cause, forgejo_write_pending, replay_attempts)
VALUES (9, datetime('now'), 'deferral_cleared',
        json_object('cleared_by', 'operator', 'reason', '<your reason>'),
        'operator', 0, 0);

Audit ID: 1329

---

Automated by the CleverAgents controller pipeline.
Identity: HAL9000 (pipeline action)

[CONTROLLER-DEFER:Gate 1:linked_issue_closed] This PR has been deferred for re-evaluation. The controller has stepped back from processing it. To resume, a human or scope-evaluator must clear the deferral flag AND re-add the auto/sentinel label. Decision: - Gate: Gate 1 - Reason category: linked_issue_closed - Canonical: #- - LLM confidence: deterministic - LLM reasoning: Linked issue(s) [7478] already closed; no LLM call needed. To clear the deferral (SQL): UPDATE workflows SET deferred_reason=NULL, deferred_at=NULL, deferred_target_workflow_id=NULL WHERE workflow_id = 9; INSERT INTO controller_events (workflow_id, ts, event_type, payload, cause, forgejo_write_pending, replay_attempts) VALUES (9, datetime('now'), 'deferral_cleared', json_object('cleared_by', 'operator', 'reason', '<your reason>'), 'operator', 0, 0); Audit ID: 1329 --- Automated by the CleverAgents controller pipeline. Identity: HAL9000 (pipeline action) <!-- controller:fingerprint:38a2e567a0026e65 -->

HAL9000 added the

auto/needs-reevaluation

State

Paused

labels 2026-05-28 11:07:10 +00:00

HAL9000 commented 2026-05-31 16:07:54 +00:00

Author

Owner

Copy link

event occurred 2026-05-28T04:05:28.752775+00:00

📋 Estimate: tier 1.

The lint failure is a single trivial character fix (en dash → hyphen in a comment at file_tools.py:94). However, the unit_tests and integration_tests failures (actor_run_signature, plan_service_coverage, tdd_memory_service_entity_persistence) are in completely unrelated feature areas and appear to be pre-existing or flaky — the implementer must verify these are not regressions introduced by this PR before dismissing them. The PR itself adds a security fix (+178/-0 lines across 2 files: the patched file_tools.py and a new 14-method test suite), which involves non-trivial logic (component-walk traversal detection). Multi-file scope with test additions and the need to cross-reference unrelated CI failures to confirm they are pre-existing makes this standard tier-1 work.

*event occurred 2026-05-28T04:05:28.752775+00:00* **📋 Estimate: tier 1.** The lint failure is a single trivial character fix (en dash → hyphen in a comment at file_tools.py:94). However, the unit_tests and integration_tests failures (actor_run_signature, plan_service_coverage, tdd_memory_service_entity_persistence) are in completely unrelated feature areas and appear to be pre-existing or flaky — the implementer must verify these are not regressions introduced by this PR before dismissing them. The PR itself adds a security fix (+178/-0 lines across 2 files: the patched file_tools.py and a new 14-method test suite), which involves non-trivial logic (component-walk traversal detection). Multi-file scope with test additions and the need to cross-reference unrelated CI failures to confirm they are pre-existing makes this standard tier-1 work. <!-- controller:fingerprint:8d1380cf3ba094e9 -->

HAL9000 commented 2026-05-31 16:07:56 +00:00

Author

Owner

Copy link

(attempt #2, tier 1)

event occurred 2026-05-28T04:06:29.006024+00:00

🔧 Implementer attempt — rebased.

Pushed 1 commit: 31c714b.

_(attempt #2, tier 1)_ *event occurred 2026-05-28T04:06:29.006024+00:00* **🔧 Implementer attempt — `rebased`.** Pushed 1 commit: `31c714b`. <!-- controller:fingerprint:3ed8b00edfed81a6 -->

HAL9000 commented 2026-05-31 16:08:03 +00:00

Author

Owner

Copy link

(attempt #3, tier 1)

event occurred 2026-05-28T04:25:44.153154+00:00

🔧 Implementer attempt — resolved.

Pushed 1 commit: d646288.

Files touched: src/cleveragents/tool/builtins/file_tools.py, tests/test_file_tools_security.py.

_(attempt #3, tier 1)_ *event occurred 2026-05-28T04:25:44.153154+00:00* **🔧 Implementer attempt — `resolved`.** Pushed 1 commit: `d646288`. Files touched: `src/cleveragents/tool/builtins/file_tools.py`, `tests/test_file_tools_security.py`. <!-- controller:fingerprint:9ccf998b9dc88ee7 -->

HAL9000 referenced this pull request 2026-06-10 15:01:32 +00:00

fix(security): fix file_tools.py validate_path startswith bypass #7478 #11056

HAL9000 commented 2026-06-18 11:26:31 +00:00

Author

Owner

Copy link

Closing as resolved: linked issue #7478 (validate_path startswith bypass) is closed — the fix has already merged via another PR. This PR was parked in the controller's deferred queue (grooming linked_issue_closed) and is redundant. If it contains distinct unmerged value, reopen and relink to an open issue.

Closing as resolved: linked issue #7478 (validate_path `startswith` bypass) is closed — the fix has already merged via another PR. This PR was parked in the controller's deferred queue (grooming `linked_issue_closed`) and is redundant. If it contains distinct unmerged value, reopen and relink to an open issue.

HAL9000 2026-06-18 11:26:32 +00:00

• closed this pull request
• removed the
  State
  Paused
  label

All checks were successful

Hide all checks

CI / push-validation (pull_request) Successful in 34s

Details

CI / helm (pull_request) Successful in 37s

Details

CI / build (pull_request) Successful in 48s

Required

Details

CI / lint (pull_request) Successful in 1m8s

Required

Details

CI / typecheck (pull_request) Successful in 1m14s

Required

Details

CI / quality (pull_request) Successful in 1m7s

Required

Details

CI / security (pull_request) Successful in 1m15s

Required

Details

CI / integration_tests (pull_request) Successful in 3m7s

Required

Details

CI / unit_tests (pull_request) Successful in 4m54s

Required

Details

CI / docker (pull_request) Successful in 1m26s

Required

Details

CI / coverage (pull_request) Successful in 11m59s

Required

Details

CI / status-check (pull_request) Successful in 3s

Details

Pull request closed

Please reopen this pull request to perform a merge.

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels   

auto/needs-reevaluation

Controller deferred this PR; awaiting Phase 6+ scope-evaluator or operator re-enablement.

  

controller-managed

Auto-agents controller manages this PR/issue (see tools/controller/deploy/RUNBOOK.md). Remove this label to abandon controller management.

  

overdue

  

auto/blocked-by-deps

PR blocked by an open issue dependency. Operator must close the dep (or remove the dependency link) before the merge driver can act. Auto-cleared by merge_drive when no open deps remain.

  

auto/ci-timeout

Most recent merge cycle hit CI timeout. Driver excludes this PR while last merge_cycle row is < 30 min old; label persists thereafter as visible history.

  

auto/claimed-implementer

Currently being processed by an implementer worker.

  

auto/claimed-merge

Currently being processed by the merge driver.

  

auto/claimed-reviewer

Currently being processed by a reviewer worker.

  

auto/driver-down

Merge driver heartbeat stale; pipeline halted. Closed automatically on next clean tick.

  

auto/invariant-violation

Detected master commit violating the strict merge invariant. Tracked as an issue (not a PR label); kept here for label completeness.

  

auto/last-attempt-tier-0

In-cycle escalation: most recent attempt ran at the Tier 0 slot (`tier-0`). Slot's model defined in .opencode/models/tiers.yaml.

  

auto/last-attempt-tier-1

In-cycle escalation: most recent attempt ran at the Tier 1 slot (`tier-1`). Slot's model defined in .opencode/models/tiers.yaml.

  

auto/last-attempt-tier-2

In-cycle escalation: most recent attempt ran at the Tier 2 slot (`tier-2`). Slot's model defined in .opencode/models/tiers.yaml. Gated behind IMPLEMENTER_ESCALATION_TIER2_ENABLED.

  

auto/last-attempt-tier-min

In-cycle escalation: most recent attempt ran at the Tier -1 slot (`tier-min`). Slot's model defined in .opencode/models/tiers.yaml. Suffix is ``-min`` (not ``--1``) so the Forgejo UI reads naturally.

  

Automation Tracking

Tracking issues used by the AI Automation system for agents to communicate and report.

  

auto/needs-conflict-resolution

Rebase conflict needs LLM conflict-resolver.

  

auto/needs-implementer

Failing CI needs implementer attention.

  

auto/postmortem

Documenting a driver incident or rollback.

  

auto/ready-to-merge

Reviewer has APPROVED this PR and no later REQUEST_CHANGES is outstanding. The merge driver requires this label to even consider a PR for merging. Set by the reviewer worker on APPROVE; cleared on REQUEST_CHANGES.

  

auto/restart-throttled

Train repeatedly lost master-tempo races. Driver excludes via merge_cycle until cooldown elapses; label persists as visible history.

  

auto/revert

Revert PR backing out an invariant violation. Fast-tracked through the merge driver.

  

auto/sentinel

Sentinel PR duplicated from upstream into a personal fork by tools/duplicate_prs_to_fork.py for pipeline testing. Lives only in the fork; the canonical pipeline never sees it.

  

auto/stale-inactivity

No implementer activity for N days. Flagged for human review. Auto-cleared on next push to head branch.

  

auto/unstable

Repeatedly fails on current master (>= 3 ci-fail-on-rebased-sha releases in 12 h). Excluded from driver until human triage.

  

Blocked

A ticket in a blocked state and unable to complete until some other task is completed first.

  

Bounty

$100

A bounty of $100 for any open-source contributor who provides a MR that solves this issue

  

Bounty

$1000

A bounty of $1000 for any open-source contributor who provides a MR that solves this issue

  

Bounty

$10000

A bounty of $10000 for any open-source contributor who provides a MR that solves this issue

  

Bounty

$20

A bounty of $20 for any open-source contributor who provides a MR that solves this issue

  

Bounty

$2000

A bounty of $2000 for any open-source contributor who provides a MR that solves this issue

  

Bounty

$250

A bounty of $250 for any open-source contributor who provides a MR that solves this issue

  

Bounty

$50

A bounty of $50 for any open-source contributor who provides a MR that solves this issue

  

Bounty

$500

A bounty of $500 for any open-source contributor who provides a MR that solves this issue

  

Bounty

$5000

A bounty of $5000 for any open-source contributor who provides a MR that solves this issue

  

Bounty

$750

A bounty of $750 for any open-source contributor who provides a MR that solves this issue

  

MoSCoW

Could have

Could have feature in order to satisfy the epic/legendary.

  

MoSCoW

Must have

Must have feature in order to satisfy the epic/legendary.

  

MoSCoW

Should have

Should have feature in order to satisfy the epic/legendary.

  

Needs Feedback

There are questions in the ticket that can not be completed until the project owner provides clarity.

  

Points

1

1 man-hours worth of work for an expert with no learning curve.

  

Points

13

13 man-hours worth of work for an expert with no learning curve.

  

Points

2

2 man-hours worth of work for an expert with no learning curve.

  

Points

21

21 man-hours worth of work for an expert with no learning curve.

  

Points

3

3 man-hours worth of work for an expert with no learning curve.

  

Points

34

34 man-hours worth of work for an expert with no learning curve.

  

Points

5

5 man-hours worth of work for an expert with no learning curve.

  

Points

55

55 man-hours worth of work for an expert with no learning curve.

  

Points

8

8 man-hours worth of work for an expert with no learning curve.

  

Points

88

88 man-hours worth of work for an expert with no learning curve.

  

Priority

Backlog

This ticket has backlogged priority and is not to be worked on yet

  

Priority

CI Blocker

Critical priority issue that blocks CI/CD pipeline and prevents PR merges

  

Priority

Critical

The priority is critical

  

Priority

High

The priority is high

  

Priority

Low

The priority is low

  

Priority

Medium

The priority is medium

  

Signed-off: Owner

When an epic or legendary is in review it must be signed off by owner, tech lead, and scrum master before being marked as completed.

  

Signed-off: Scrum Master

When an epic or legendary is in review it must be signed off by owner, tech lead, and scrum master before being marked as completed.

  

Signed-off: Tech Lead

When an epic or legendary is in review it must be signed off by owner, tech lead, and scrum master before being marked as completed.

  

Spike

A ticket for learning a tool or technology that is needed to be able to do future planning and design.

  

State

Completed

The ticket has been fully implemented, completed, and merged with the source code. This label should only be applied once a ticket is closed.

  

State

Duplicate

A ticket that represents the same content as an existing ticket.

  

State

In Progress

A ticket that is actively being developed.

  

State

In Review

A ticket that has had some code completed to implement but is waiting to pass peer review and is not yet merged in.

  

State

Paused

This ticket's work started but wasn't finished. It's on hold (likely in a feature branch) and will be resumed later, either due to a blocker or a delay.

  

State

Unverified

All new tickets start in this state. A developer may set it to show the ticket is unverified. This means we haven't agreed to work on it. It will either move to a verified state or be closed as wontdo.

  

State

Verified

The issue has been verified by a developer as legitimate. It will be worked on and verified tickets are now considered part of the backlog.

  

State

Wont Do

This ticket has been decided it wont be done. This may mean the bug has been determined to not be real (cant verify) or the feature is one we have decided we dont want to adopt.

  

Type

Automation

Any edits or discussion about the AI automated coding system.

  

Type

Bug

Something that doesnt work as intended.

  

Type

Discussion

Anytime a ticket represents a discussion about a subject and doesnt fall into one of the other categories.

  

Type

Documentation

An error or improvement needed in the documentation.

  

Type

Epic

Any first tier epic. That is, an epic which contains only issues as children and will not have sub-epics.

  

Type

Feature

Some new functionality not present.

  

Type

Legendary

A type of Epic which will contain other Epics.

  

Type

Refactor

A code change that restructures existing code without changing its external behavior.

  

Type

Support

Someone needs help using the project.

  

Type

Task

A generic task that doesnt fit into the other type categories.

  

Type

Testing

Work exclusively focusing on fixing or expanding testing.

No labels

auto/needs-reevaluation

controller-managed

overdue

auto/blocked-by-deps

auto/ci-timeout

auto/claimed-implementer

auto/claimed-merge

auto/claimed-reviewer

auto/driver-down

auto/invariant-violation

auto/last-attempt-tier-0

auto/last-attempt-tier-1

auto/last-attempt-tier-2

auto/last-attempt-tier-min

Automation Tracking

auto/needs-conflict-resolution

auto/needs-implementer

auto/postmortem

auto/ready-to-merge

auto/restart-throttled

auto/revert

auto/sentinel

auto/stale-inactivity

auto/unstable

Blocked

Bounty

$100

Bounty

$1000

Bounty

$10000

Bounty

$20

Bounty

$2000

Bounty

$250

Bounty

$50

Bounty

$500

Bounty

$5000

Bounty

$750

MoSCoW

Could have

MoSCoW

Must have

MoSCoW

Should have

Needs Feedback

Points

1

Points

13

Points

2

Points

21

Points

3

Points

34

Points

5

Points

55

Points

8

Points

88

Priority

Backlog

Priority

CI Blocker

Priority

Critical

Priority

High

Priority

Low

Priority

Medium

Signed-off: Owner

Signed-off: Scrum Master

Signed-off: Tech Lead

Spike

State

Completed

State

Duplicate

State

In Progress

State

In Review

State

Paused

State

Unverified

State

Verified

State

Wont Do

Type

Automation

Type

Bug

Type

Discussion

Type

Documentation

Type

Epic

Type

Feature

Type

Legendary

Type

Refactor

Type

Support

Type

Task

Type

Testing

Milestone

Clear milestone

No items

No milestone

v3.5.0

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

cleveragents/cleveragents-core!11245

No description provided.