cleveragents/cleveragents-core
cleveragents/cleveragents-core
4
0
Fork 3
Code Issues 6.1k Pull requests 489 Projects Releases Packages Wiki Activity Actions

BUG-HUNT: [security] PromptSanitizer applies HTML escaping AFTER injection pattern check — bypass possible via HTML-encoded injection payloads #7408

New issue
Open
opened 2026-04-10 19:05:27 +00:00 by HAL9000 · 0 comments
HAL9000 commented 2026-04-10 19:05:27 +00:00
Owner
Copy link

Bug Report: Security — Injection Detection Order in PromptSanitizer

Severity Assessment

  • Impact: An attacker can craft an HTML-encoded prompt injection payload that bypasses the injection pattern detector. The sanitized output fed to the LLM will then contain the decoded injection after the LLM processes the HTML entities.
  • Likelihood: Low–Medium — requires attacker to control user input AND the LLM must "decode" HTML entities in its context, which some models do
  • Priority: High (security)

Location

  • File: src/cleveragents/application/services/prompt_sanitizer.py
  • Function: PromptSanitizer.sanitize_user_input()
  • Lines: 83–112

Description

The injection check is performed on the pre-HTML-escaping text, which the docstring explicitly states is intentional ("check for injection patterns BEFORE HTML escaping so that patterns like <|im_start|> are detected on the raw text"). However, this creates an incomplete defense:

The order is:

  1. Strip control characters ✓
  2. Check injection patterns on raw text ← misses encoded variants
  3. Escape HTML entities

A payload like &#x59;ou are now a will pass step 2 (not matching you\s+are\s+now\s+a), and after HTML escaping (step 3), the string becomes &amp;#x59;ou are now a which is still not dangerous. However, a payload like:

  • IGNORE ALL previous instructions → caught ✓
  • IGNORE&#x20;ALL&#x20;previous&#x20;instructions → NOT caught (HTML entities between words bypass the regex)

Even more critically, since wrap_user_content() is called AFTER sanitization, an attacker who can slip past the regex (e.g., using Unicode homoglyphs or zero-width joiners that aren't stripped) can embed injection content within the boundary markers.

Evidence

# src/cleveragents/application/services/prompt_sanitizer.py, lines 88–112

# Step 2: check for injection patterns BEFORE HTML escaping
# so that patterns like <|im_start|> are detected on the raw text.
for pattern_name, pattern_re in self._INJECTION_PATTERNS:
    match = pattern_re.search(working)  # working = raw text, no HTML encoding yet
    if match:
        raise PromptInjectionDetected(...)

# Step 3: escape HTML entities
working = html.escape(working, quote=True)

The _INJECTION_PATTERNS include re.IGNORECASE but don't handle:

  • Unicode lookalike characters (e.g., "іgnore" with Cyrillic "і")
  • HTML numeric character references embedded in the text
  • Zero-width joiners/non-joiners between words

Expected Behavior

The sanitizer should perform injection pattern detection that is robust against Unicode normalization and encoded variants, or clearly document that it only defends against naive injection and relies on other mechanisms for sophisticated attacks.

Actual Behavior

The injection pattern detector can be bypassed using Unicode homoglyphs or partially encoded content, as the regex operates on raw strings without Unicode normalization.

Suggested Fix

  1. Apply Unicode normalization (NFKC) before pattern detection to collapse lookalikes
  2. Also scan the post-HTML-escape result for encoded injection patterns
  3. Add patterns for common encoding bypasses (HTML entities, URL encoding)
  4. Document clearly that this is a defense-in-depth measure, not a complete defense

Category

security

TDD Note

After this bug issue is verified, a corresponding Type/Testing issue will be created for TDD with tags: @tdd_issue, @tdd_issue_, @tdd_expected_fail.

Automated by CleverAgents Bot
Supervisor: Bug Detection Pool | Agent: bug-hunt-pool-supervisor

## Bug Report: Security — Injection Detection Order in PromptSanitizer ### Severity Assessment - **Impact**: An attacker can craft an HTML-encoded prompt injection payload that bypasses the injection pattern detector. The sanitized output fed to the LLM will then contain the decoded injection after the LLM processes the HTML entities. - **Likelihood**: Low–Medium — requires attacker to control user input AND the LLM must "decode" HTML entities in its context, which some models do - **Priority**: High (security) ### Location - **File**: `src/cleveragents/application/services/prompt_sanitizer.py` - **Function**: `PromptSanitizer.sanitize_user_input()` - **Lines**: 83–112 ### Description The injection check is performed on the **pre-HTML-escaping** text, which the docstring explicitly states is intentional ("check for injection patterns BEFORE HTML escaping so that patterns like `<|im_start|>` are detected on the raw text"). However, this creates an incomplete defense: The order is: 1. Strip control characters ✓ 2. **Check injection patterns on raw text** ← misses encoded variants 3. Escape HTML entities A payload like `&#x59;ou are now a` will pass step 2 (not matching `you\s+are\s+now\s+a`), and after HTML escaping (step 3), the string becomes `&amp;#x59;ou are now a` which is still not dangerous. However, a payload like: - `IGNORE ALL previous instructions` → caught ✓ - `IGNORE&#x20;ALL&#x20;previous&#x20;instructions` → NOT caught (HTML entities between words bypass the regex) Even more critically, since `wrap_user_content()` is called AFTER sanitization, an attacker who can slip past the regex (e.g., using Unicode homoglyphs or zero-width joiners that aren't stripped) can embed injection content within the boundary markers. ### Evidence ```python # src/cleveragents/application/services/prompt_sanitizer.py, lines 88–112 # Step 2: check for injection patterns BEFORE HTML escaping # so that patterns like <|im_start|> are detected on the raw text. for pattern_name, pattern_re in self._INJECTION_PATTERNS: match = pattern_re.search(working) # working = raw text, no HTML encoding yet if match: raise PromptInjectionDetected(...) # Step 3: escape HTML entities working = html.escape(working, quote=True) ``` The `_INJECTION_PATTERNS` include `re.IGNORECASE` but don't handle: - Unicode lookalike characters (e.g., "іgnore" with Cyrillic "і") - HTML numeric character references embedded in the text - Zero-width joiners/non-joiners between words ### Expected Behavior The sanitizer should perform injection pattern detection that is robust against Unicode normalization and encoded variants, or clearly document that it only defends against naive injection and relies on other mechanisms for sophisticated attacks. ### Actual Behavior The injection pattern detector can be bypassed using Unicode homoglyphs or partially encoded content, as the regex operates on raw strings without Unicode normalization. ### Suggested Fix 1. Apply Unicode normalization (NFKC) before pattern detection to collapse lookalikes 2. Also scan the post-HTML-escape result for encoded injection patterns 3. Add patterns for common encoding bypasses (HTML entities, URL encoding) 4. Document clearly that this is a defense-in-depth measure, not a complete defense ### Category security ### TDD Note After this bug issue is verified, a corresponding Type/Testing issue will be created for TDD with tags: @tdd_issue, @tdd_issue_<this-issue-number>, @tdd_expected_fail. --- **Automated by CleverAgents Bot** Supervisor: Bug Detection Pool | Agent: bug-hunt-pool-supervisor
HAL9000 added this to the v3.5.0 milestone 2026-04-10 19:34:04 +00:00
HAL9000 self-assigned this 2026-04-11 03:21:09 +00:00
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
fix/config-service-remove-undocumented-local-scope
bugfix/validation-attach-named-option-format
docs/add-example-tool-and-validation-management
bugfix/project-show-resource-name
bugfix/backlog-resource-schema-missing-overlay-strategy
fix/action-argument-schema/misleading-error-message
fix/remove-executable-resource-type
fix/config-get-output-missing-origin-panel-and-envelope
fix/tui-help-command-full-catalog-listing
fix/a2a-plan-execute-full-lifecycle
fix/invariant-service-action-scope-effective
fix/plan-explain-rich-output-panels
fix/a2a-dispatch-not-found-error-response
fix/project-service-namespaced-project
fix/automation-profile-remove-rich-output-panel
fix/container-handler-module-missing
fix/format-output-rich-color-renderers
fix/type-safety-legacy-migrator-type-ignore
spec/update-sse-streaming-event-example
fix/acms-skeleton-compressor-signature
controller-state-machine
fix/skill-add-yaml-wrapper-key
fix/1476-tool-list-cols
bugfix/permissions-diff-mode-cycle
fix/1444-access-type
fix/1429-node-ref
fix/1443-tier-defaults
bugfix/session-export-format-flag
feature/aws-cloud-handler-sdk
feat/output-renderer-registry
fix/1432-lsp
bugfix/1039-missing-validation-unit-tests-yaml
feature/audit-preserve-event-timestamp
feature/m8-tui-materializer
tdd/m4-automation-profile-di-bypass
bugfix/m7-audit-session-race
fix/1441-ctrl-tab
feature/m9-entity-sync
feature/extract-cleveractors-library
feature/m9-agent-card
feature/m9-team-collab
feature/m7-postgresql-backend
feature/m9-container-lifecycle
fix/issue-11189-config-actor-format
bugfix/m5-actor-options-ignored
fix-11004-tui-suggestions
feature/9827-wrap-plan-status-json-envelope
fix/arg-swap-validation-attachment-8177
pr-fix/9663-hot-warm-cold-tier-reliability
pr_fix-11000-conflict-report
bugfix/m3.6.0-lsp-7044-subprocess-cleanup
fix/7478-file-ops-security-fix
impl-tui-materializer
test/hierarchical-plan-4phase-lifecycle
feature/security-fix-relpath-pr-11217
feature/m2-implementation-pool-supervisor-checklist
fix-file-tools-path-validation
bugfix/m8-tui-input-live-refresh
feature/9126-fix-action-scope-invariant-merge
bugfix/m7-tool-calling-llm-options
fix-7478-startswith-bypass
bugfix/m3-cleanup-subprocess-on-failed-init
bugfix/m8-tui-anthropic-model-name
feat/integrate-cleveractors
feature/m8-tui-llm-dispatch
bugfix/m3.6.0-lsp-transport-header-injection-ascii
fix-11175
fix/auto_debug-partial-state
fix/issue-9124-add-bdd-tags
pr-9673-budget-enforcement
fix/actor-loader-list-actors-race-condition
pr-9675
feat/v3.3.0-three-way-merge-engine
fix/issue-7478-inline-executor-startswith-bypass
fix/plan-apply-json-envelope
feat/v3.4.0-acms-storage-tiers
feat/tui-tuimat-5326
fix-9675-context-show-clear
agents/final-working
feat/v3.4.0-context-show-clear-cli
fix/10356-eventbus-unsubscribe
11229-fix-acms-hot-max-tokens-regression-tests
pr-fix-7801
pr-8701-invariant-model
pr-fix/10597-lsp-transport-cleanup
bugfix/m3.6.0-lsp-transport-resource-leak
bugfix/9558-plan-conflict-detection
pr-fix-9608
feat/v3.3.0-plan-correct-revert-append
dmpipeline-v2
pr-fix-10608-header-injection
pr-9827-fix
bugfix/7492-validation-attachment-argument-swap
pr-fix-11002
feat/v3.4.0-context-list-add-cli
fix/plan-status-json-envelope
feat/v370/multi-session-tabs
fix-branch
fix/project-show-missing-panels
AUTO-IMP/PR-10069-checklist
feature/m2-pr-compliance-checklist
feature/pr-10592-cloud-resource-types
fix-lsp-transport-cleanup
feat/v360/cloud-resource-types
feature/context-strategy-protocol
refactor/v3.6.0-acp-to-a2a-rename
fix/context-cli-consolidation
fix/10608-lsp-header-injection
feat/acms-context-index
fix/plan-status-missing-output-panels
pr/fix-arg-swap-validation-attachment-8177
feature/issue-4748-actor-context-list-show-clear
fix-cli-plan-status-envelope
fix/plan-tree-color-format-ansi-output
pr/9981
pr/11153-auto-debug-fix
pr/10589-tui-materializer
fix/validate_path_security
pr-fix-11177-status-check-native-expressions
bugfix/m6-validate-path-startswith
security/relpath-containment-fallback
a2a-materializer-pr-fix
pr-fix-10608
bugfix/9250-a2a-session-id-validation-before-cleanup
pr-fix-11053
fix/10496-auto-debug-node-state-mutation
feat/tui-v370/tui-materializer
fix/a2a-handle-session-close-missing-session-id
fix/validation-attachment-arg-swap-8177
pr-fix-11196-invariant
feat/v3.4.0-acms-budget-enforcement
pr-fix-11196
bugfix/m5-fix-hot-max-tokens-tier
pr-fix-9675
perf/acms-large-project-indexing-optimization
perf-fix
pr-9608
feature/ten-way-merge-engine
pr-fix-branch
pr-11217
bugfix/9608-three-way-merge-engine
11101-three-way-merge-engine
feat/v3.4.0/acms-context-policy
fix/remove-silent-argument-swap
fix-pr-11000-structured-conflict-report
pr-fix-11053-session-id-validation
agents/fix-eventbus-unsubscribe
pr-10356
fix/invariant-action-scope
bugfix/issue-8395-sanitise-db-url
bugfix/m3-fix-action-scope-invariant-merge
pr-9671
feature/wire-missing-event-emitters
bugfix/m3.6.0-lsp-transport-post-spawn-cleanup
dmpipeline
bugfix/m5-acms-project-budget-override
fix/iterate-all-actors
pr/11217-fix-prefix-collision-bypass
fix/pr-11011-subprocess-cleanup
pr-11217-fix
pr-11217-relpath-fix
feat/v3.6.0-context-strategy-protocol
bugfix/tui-actor-overlay-render-shadow
bugfix/m5-revert-acms-budget-assembler
fix/eventbus-unsubscribe
feature/pr-9981
fix/v3.7.0/actor-add-update-flag
agents/fix-invariant-persistence-8573
fix/invariant-database-persistence
feat/tui-materializer-a2a
fix/tui-tui-materializer-a2a-event-queue
fix/unsubscribe-eventbus
pr-11153
feature/11201
pr-fix-11153-patched
pr-branch
fix/10813-strategy-decision-persistence
fix-pr-11145-status-check
pr-11053
pr-fix-10597-subprocess-cleanup
bugfix/mcp-infer-resource-slots-null-properties
pr-11166
pr-9675-fix
feat/structural-component-output-validation
fix/invariant-service-thread-safety
pr-fix-8179-implementation
pr-fix-9313
cleveragents-pr-fix-11038
fix/m2-acceptance-test
fix/pr-11042-rename-render
fix/action-scope-inmerge
fix/wf12-oom-sigkill
fix/wf18-container-clone-e2e
tdd/mcp-client-timer-cancel-race
feature/auto-debug-nodes
feat/v3.2.0-decision-recording-persistence
bugfix/m6-actor-overlay-render-shadow
bugfix/m7-plan-strategy-decisions-json
fix/10911-tui-suggestions-query-extraction
fix/lsp-transport-subprocess-cleanup
pr-fix-8177-validation
bugfix/m3-plan-status-json-envelope
fix/invariant-persistence-8573
pr-fix-11037
pr-11015-fix
pr_fix_11015
fix/m1-security-fix-startswith-bypass
fix/automation-profile-gates-lifecycle
fix-status-check-brittle-pipeline-11212
feat/pr-10590-dual-capability-strategies
feat/structural-output-validation
bugfix/m2-ci-status-check-resilience
fix-sandbox-cache-invalidation
feature/acp-a2a-rename-fix
feature/m3-plan-correction-data-model
pr-fix-10356-unsubscribe
pr-fix-11011
pr_fix/lsp-transport-header-injection-ascii
fix-pr-11002-startswith-bypass-7478
bugfix/acms-project-budget-override
fix/ci-status-check-resilience
bugfix/pr-fix-10597-cleanup-subprocess-on-init-failure
bugfix/sandbox-reexecute-cleanup
pr-fix-8701-invariant-model
fix/test-dotdot-traversal-assertion
fix/cleanup-stale-preserve-commits
fix/10592-pr-compliance
fix/security-file-tools-path-traversal-7478
pr-11180-fix
fix-combined-format
fix-9131-invariant-propagation
fix/tui-actor-selection-overlay
pr-11201
merge/pr-11196-invariant-fix
fix/issue-10813-strategize-decision-persistence
pr-fix-11170
pr/11165
temp-pr-11174
feat/invariant-enforcement-validation-pipeline
pr-fix-10356-unsubscribe-eventbus
pr-fix-11156-python313-deprecation
feature/pr-7801-fix-validate-path-security
fix/11039-render-refresh
fix/tui-actor-selection-render-rename
pr-fix-11089-session-close-validation
pr-fix/11089-session-close-validation
pr-fix-11182
feature/7926-persist-decision-dependencies
bugfix/m3-rxpy-subject-close
test/restore-e2e-tests
feature/m694-tui-materializer-a2a-integration-layer
feature/issue-pr-9271-hot-max-tokens
pr-fix-8177
test/v360/e2e-project-plan-correction
bugfix/issue-8426-stdio-cleanup
feature/eventbus-unsubscribe
bugfix/m3-integrate-mcp-transport
fix/concurrent-stdout-restoration
feat/a2a-stdio-transport-fix-264
PR-fix-wf18
feature/sandbox-cache-invalidation
fix/issue-10496-auto-debug-state-mutation
fix/python-313-asyncio-deprecations
pr-11128
pr-11180
pr-11165
pr-practice
structural-output-validation
fix/status-check-native-expressions
feat/merge-conflict-detection
11036-fix-acms-hot-max-tokens
pr/11166
fix/ci-status-check-native-expressions
fix/stdlib-transport-cleanup
fix/11176-actor-selection-render
pr-fix-10597
feature/pr-compliance-pool-supervisor
fix/actor-add-update-enforcement-fix
pr_fix/8209
pr-10590
fix/python313-asyncio-get-event-loop-deprecation
pr-fix-#11053-session-id-validation
pr-fix-11042-renamed-render
feat/v360/acp-to-a2a-rename
fix-arg-swap-validation-attachment-8177
fix/asyncio-get-event-loop-deprecation
fix_8395_pr
pr-fix-11153-auto-debug-mutation
pr/11051-thread-safety-invariant
fix-plan-status-json-envelope
bugfix/pr-11015-pool-supervisor-checklist
feature/fix-7478-validate-path
feature/plans-conflict-detection
pr-11141-cleanup-stale-commits-beyond-head
fix/pyyaml-vulnerability-upgrade
pr-fix-9244
bugfix/m3-invariant-propagation
feature/issue-10480-fix-validation-bypass
feature/m3-invariant-enforcement-validation-pipeline
feat/invariant-enforcement-strategize-phase
bugfix/mcp-race-condition-start
fix/action-schema-argument-default-type-validation
issue-10438-fix
fix/mcp-timer-race-10516
fix/10480-validation-bypass-fix
fix/cli-session-tell-format-flag
feat/agents-invariant-add-list-remove-commands
restore-e2e-cleanup
fix/events-eventbus-unsubscribe
fix/issue-11120-cleanup-stale-preserve-artifacts
feature/fix-issue-11121-cleanup-stale-reinvoke
fix/issue-10480-plan-validation
feature/m5-tdd-quality-gate
bugfix/11121-fix-cleanup_stale-preserve-meaningful-changes
bugfix/m8-set-active-persona-preset-reset
feat/context-priority-strategy
feature/issue-4381-docs-api-and-module-guides
m7-opencode-ruff
bugfix/m3-wf18-oom-sigkill
bugfix/acms-dual-strategy-capabilities-incompatible-fields
feature/benchmark-scheduled-workflow
feature/m8-tui-mainscreen
feat/v3.4.0/acms-project-indexer
fix/10932-preserve-strategy-decisions-json
fix/data-integrity-session-rollback-7489
fix/issue-6329-resource-remove-edge-table
fix/issue-7524-invariant-service-thread-safety
pr-10932-fix-plan-strategy-decisions
pr-fix-9244-pyyaml-upgrade
refactor/noxfile-parallel-test-architecture
task/ci-matrix-strategy-python-versions
bugfix/m3.6.0-ci-pipeline-flakiness-stabilization
feat/v3.3.0-plan-rollback
refactor/auto-guard-1-cli-a2a-boundary
feature/issue-10755-redirect-rich-panels-to-stderr
pr10871
fix/10881-propagate-invariants-to-child-plans
feat/resources-extension-interface
pr-fix-10901
ci/optimize-benchmarks-regression
fix/tui-extract-at-token-suggestions
feat/acms-index-data-model
feature-10887-eventbus-unsubscribe
feature/m5-add-repo-indexing-showcase
PR-10910-a2a-json-rpc-routing
feature/milestone-based-pr-prioritization
bugfix/m3-issue-9055
auto-time-3-day106-cycle2
feature/m39-timeline-day106-cycle2-2026-04-16
timeline/day-106-cycle2-2026-04-16-auto-time-3
feat/issue-10921-a2a-http-transport
pr/fix-10842
feature/issue-10746-fix-agents-graphs-plan-generation-validate-always-passes-for-code-longer-than-10-characters-making-llm-validation-ineffective
agents/fix-10866-permissions-screen-to-textual-screen
pr-10886
bugfix/m3-session-tell-format
fix/pr-10890-shell-safety-integration
fix/session-delete-json-envelope
pr-10851
test/v3.8.0-ci-quality-execution-time
feature/m7-timeline-day-106-update
bugfix/context-remove-path-traversal-10924
pr-10876
fix/gemini-fallback-order
fix/trailing-comma-opencode-json
pr/fix/mcp-client-start-race-condition
fix/project-switch-command
fix-pr-4211
feat/three-way-merge-engine-9608
pr/9673
fix/1469-plan-execute-structured-panels
fix/actor-provider-validation
implement-pr-9442
cleveragents-push-23420b48
fix/validation-repo-silent-swap
feat/context-strategy-plugin-system
fix/startswith-bypass-7478
fix-plan-status-envelope-11034
fix/invariant-thread-safety
fix-thread-safety-invariant-service
fix/8284-warned-sessions-reset
docs/milestone-plan-navigation
feat/v3.3.0-checkpoint-creation
feature/implementor-notification-11032
task/ci-optimize-e2e-tests-execution-time
feature/pr-9599-plan-correct-correction-engine
pr-fix-10593
pr9452
fix/isolate-checkpoint-prune-test
pr/fix-9601
pr/9234-hardening-bdd-tags
bugfix/9673-acms-budget-enforcement
pr-8667
auto-arch/spec-pr-10451-test-coverage
fix/10954-security-scan-dockerfile
bugfix/9183-bdd-tag-enforcement
fix/7566-engine_cache-toctou-race
fix/10934-preserve-strategy-decisions-json
bugfix/10608-lsp-header-injection
bugfix/9981-acms-indexing-optimize
bugfix/11077-security-escape-bypass
fix/auto-rev-sup-tracking-prefix
fix-lsp-subprocess-cleanup-10597
improvement/agent-evolution-pool-supervisor-pr-metadata
fix/plan-tree-json-output-envelope
pr-9313-fix
bugfix/9244-pyyaml-security-upgrade
feature/issue-1925-add-asv-tests-for-domain-module
test/domain-asv-benchmarks
feature/9250-fix-a2a-session-close
fix/pr-10027-acms-default-pipeline
bugfix/m2-plan-explain-alternatives-format
fix-invalidate-sandbox-dirs-cache-after-purge-7527
pr-fix-10958-async-cleanup-tests
feat/adr-049-layer-boundary-enforcement
fix/action-list-table-columns
fix/issue-7478-validate-path-startswith-bypass
pr-fix-ci-11000
fix/agent-skill-multi-scope-discovery
pr_fix_8675_switch_project_command
feat/m6/devcontainer-clone-into-sandbox
fix/tui-keybinding-preset-persona-cycling
pr-fix-10982
bugfix/m3-invariant-service-thread-safety
pr-fix-10937-close-reactive-eventbus
pr-fix-7478-path-traversal
feature/benchmark-scheduled-workflow-fix
pr-9183-add-bdd-tags
pr/11029-review-started-notification
fix/pyyaml-security-upgrade
fix-plan-status-panels
fix-pr-11037
feat/v3.6.0-database-resource-types
pr-10591-checkout
pr-10979
fix/invariant-thread-safety-8209
pr-fix-11002-validate-path-bypass
fix/10597-lsp-proc-cleanup
fix/plan/tree-envelope-9313
fix-6568-push
fix/issue-6425-tui-persona-cycling-keybinding
pr/11044
feature/m6-reduce-redundant-ci-status-reporting
fix/11041-plan-tree-envelope
fix/ca-test-infra-improver-health-spam
agents/pr-6628-fix
docs/add-showcase-cli-basics
auto-time-1-day107-cycle
improvement/agent-uat-tester-parallel-docs-pr-fix
fix/issue-11047-actor-add-rename-from-config
fix/pr-11050-subprocess-cleanup
pr-6741
ci/cache-helm-binary-auto-inf-1
fix/8675-project-switch
fix/7527-sandbox-cache-invalidation
fix/issue-6319-project-context-set-output
pr/fix-9183-bdd-tags
fix/issue-6325-plan-explain-decision-id
fix/1422-docs
pr-fix-1485-updates
spec/subplan-system-v3.3.0
pr/6723-fix-session-create-json
improvement/agent-bug-hunt-pool-supervisor-tracking-prefix-complete
fix/pr-6695-session-list-empty-json
fix/file-tools-startswith-bypass
pr_fix_8256
pr-9663-fix
docs/add-example-resource-and-skill-management
feature/m39-cli-basics-showcase
pr-fix-7478-startswith-bypass
fix/issue-11047-actor-add-remove-positional-name
fix/gemini-fallback-order-fix-3
pr_fix_8179
fix/gemini-fallback-order-fix-2
fix/validation-list-command
fix/validation-list-command-clean
fix-pr7957-complete-tracking-prefix
pr-7922-fix-lint
fix/validation-swap-8177
add-plan-start-alias
feature/pr-8304-container-clone-into
fix-pyyaml-11012
pr-fix-9461
fix/pr-11004-tui-token-extraction
fix/invariant-scope-handling
feat/plan-correction-8531
pr/8685-correction-data-model-persistence
bugfix/lsp-stdio-transport-cleanup-10597
pr-8660
feat-scope-chain-resolution
chore/pyyaml-upgrade
fix/9250-session-id-validation-handle-session-close
fix/issue-7478-file-tools-validate-path
pr-fix-9442-tui-ctrltab
spec/update-cycle8-validation-gate-empty-run-guard
fix/tui-sqlite-session-persistence-10648
fix/8661-plan-start-alias
fix-10649
refactor/add-return-type-get-services
pr-fix-cache-init
pr9407-timeline
feat/tui-prompt-symbol
pr_fix_9407-plan-alternatives-structured
feat/automation-profile-precedence-chain
bugfix/8179-remove-session-rollback-calls
feat/v360/pluggable-scope-chain-api
pr-9246
refactor/agent-configurable-limits-context-analysis-plan-generation
fix/issue-6452-session-tell-output
fix/v370/quality-gates-command-injection
pr-fix-10635-fixed
pr-10069
pr/fix-9313
pr-10643
invariant-pr-8684-fix
pr-fix-6676-resource-remove-edge-table
refactor/v360/audit-rename-acp-imports
fix/issue-7623-validation-pipeline-stdout
fix/acms-consolidate-strategycapabilities
fix/issue-7604-a2a-event-queue-concurrency
pr-fix-8661
auto-arch/spec-clarifications-cycle-1
feat/pure-graph-bdd-coverage
fix/9250-validate-session-id-before-cleanup
feature/issue-9442-fix-tui-correct-preset-cycling-keybinding-to-ctrl-tab-and-add-persona-tab-cycling
bugfix/m6-file-tools-validate-path-bypass
fix/invariant-add-scope
bugfix/m3-shell-safety-service-tui
pr-8684-persist-invariants
pr-8209-fix
docs/v360/repl-actor-run-showcase
feat/v360/cost-session-budget
bugfix/8177-remove-silent-argument-swap
fix/plan-apply-rich-output-panels
pr-fix-11012
pr-fix-11012-pyyaml-upgrade
pr-fix-8667
pr/fix/11012-pyinsec
pr-fix-9407
pr-8853
test/cli-lifecycle-e2e-full-plan-lifecycle
bugfix/m3-evlv-9824-implementation-pool-compliance-checklist
pr/10069
docs/pr-creator-state-priority-labels
fix/1514-structured-panels
test/core-asv-benchmarks
fix-8640-remove-positional-name
pr-fix-10995
refactor/v3.6.0-acp-to-a2a-rename-push
pr-9663
bugfix/m3.6.0-lsp-discovery-resource-exhaustion-dos
8660-move-namespace-filter-inside-lock
pr-fix-work
test/plan-correct-json-output-tdd
pr-8304
feat/v3.2.0-invariant-data-model-db-schema
pr_fix_1514_v2
timeline-update-2026-04-19
pr-fix-9313-plan-tree-envelope
test/v3.6.0/advanced-context-strategies-tests
pr/11004-fix-tui-suggestions-query-extraction
pr-fix-9817
feat/9558-plan-conflict-detection
docs/timeline-day-101
fix/v360/plugin-loader-security
feat/acms-context-policy-fix-9671
pr-9817-plan-apply-json
pr-fix-9460
pr-fix-6722-prompt-symbol
pr/9671
pr-fix-9671
pr-10592-fix
fix/issue-7478-file-path-validation
pr-fix-7478-validatepath
feat/pr-10590-context-strategy-fix
bugfix/m6-acms-path-matching-absolute
bugfix/pr-9183-bdd-tags
fix-pr-10975-path-matching-normalize
pr_fix/lsp-transport-subprocess-cleanup
pr-8177-validation-fix
feat/acms-context-show-clear-cli
feat/v360/plugin-architecture
fix/invariant-add-scope-required
pr-fix-10590-context-strategy
pr-fix-10590-local
pr-8662-fix
pr/1485
bugfix/8660-move-namespace-filter-inside-lock
pr/9460-project-show-invariants-validations
pr-11013
fix-1469-impl
fix/1469-impl
fix/cleanup-service-sandbox-cache-invalidation
pr-8257
pr-3329
feat/v3.2.0-decision-recording-strategize
fix/strategize-full-context-snapshots
clone-verify-test
fix/issue-6316-session-list-json-empty-case
AUTO-IMP/PR-9672-context-list-add
AUTO-IMP/PR-9663-storage-tiers
fix/issue-pr-11002
fix/plan-lifecycle-prompt-decision
fix/gemini-fallback-order-10906
AUTO-IMP/PR-10583-a2a-rename
fix-check-same-thread-migration-runner
d2188407
fix/a2a-handle-session-close-missing-session-id-pr-9250
fix/invariant-merge-action-scope
pr-fix-8179
bugfix/report-number-of-actors
bugfix/m6-devcontainer-autodiscovery-wiring
fix-gemini-fallback-order-10906
bugfix/m5-event-bus-exception-swallow
pr/3458
acms-parallel-indexing-fix
bugfix/m3-error-handling-fileconfig-unhandled-exception
acms-parallel-indexing
fix/resource-removal-children-check-6886
pr/9451-fix-tui-thinking-effort-presets
pr-fix-10958
fix/8179-remove-session-rollback-calls
pr/9817-plan-apply-json-envelope
fix/lsp-context-enrichment-acms-wiring
fix/cli-remove-positional-name-from-actor-add
fix/acms-context-cli
fix/tui-permissions-screen-wrong-base-class
bugfix/m6-session-create-suppress-exception-logging
fix/plan-tree-json-missing-decision-id
fix/plan-start-spec-alignment
fix-10957
fix/6726-tui-persona-cycling-keybinding
feat/plan-rollback-cli-checkpoint-restore
pr-8661-plan-start-alias
pr/1486/resource-handler-return-type
feature/8667-add-validation-list-command
auto-docs-1-mkdocs-setup
fix/actor-add-positional-name
feat/v3.3.0-merge-strategy-config
fix/invariant-precedence-chain-action-scope
improvement/agent-pr-review-pool-supervisor-tracking-prefix-complete
pr/fix/actor-loader-list-actors-race-condition
bugfix/m4-lsp-context-enrichment-acms-wiring
docs/auto-docs-2-v320-v330-features
bugfix/m-error-suppression-reactive-registry-adapter-v2
fix/7501-plan-repository-success-derivation
pr-10492
pr-8225
fix/plan-artifacts-missing-validation-apply-summary
feature/m9-v3.8.0-v3.9.0-documentation
docs/fix-automation-profile-default-supervised
fix/context-analysis-agent-path-traversal
pr-9229-path-traversal-fix
pr-10975
pr-fix-10986
pr/1486/fix-resource-handler-return-type
feat/m8/tui-main-screen
pr-9257-fix
fix/9222-guard-integration-e2e-jobs
refactor/clarify-behave-robot-framework-roles
docs/reference-glossary
feat/9088-a2a-message-send-stream
bugfix/m6-gemini-fallback-order
fix/validation-list-command-fixed
fix-executable-resource
test/plan-tree-correction-visual-tdd
auto-time/timeline-update-2026-04-18
pr-8179
spec/auto-arch-24-a2a-boundary-enforcement-adr
pr/10988/head
fix/7566-engine-cache-toctou-race
feat/v3.6.0-llm-provider-abstraction
fix/concurrency-catalog-cache-lock-7590-cleandiff
chore/test-infra-broad-exception-lint
issue-7502-fix-get-for-plan
fix/1500-impl
feat/context-show-cli-commands
pr-fix-7527-cache-invalidation
pr-fix-9407-plan-explain-structured-alternatives
fix/multi-scope-skill-discovery-9369
pr_9454
feat/agent-switch-cmd
pr-9329
8661-plan-start-alias
feat/acms-context-analysis-summaries
fix/invariant-add-repeatable-plan-action
tdd/m6-session-create-suppress-exception
test-push-check-only
pr-10889
pr-10889-fix
feature/issue-10952-provider-integration-tests
pr/10879-benchmark-caching-parallelism
bugfix/m3-eventbus-unsubscribe
spec/add-deleted-at-field-to-project-delete
fix/issue-6500-actor-context-list-regex
tdd/m8-tui-sqlite-session-persistence
fix/issue-6464-resource-add-auto-discovery
fix/bug-hunt-supervisor-tracking-prefix
feat/v3.2.0-plan-tree-cli
fix/issue-6491-actor-remove-format-option
fix/issue-6457-json-envelope-messages-text
improvement/agent-ca-test-infra-improver-duplicate-avoidance
fix/boundary-cost-budget-warning-re-trigger-7525
bugfix/6879-cli-format-option
feat/jwt-token-refresh
auto-discovered-stale-conflicts-review-task
docs/add-example-audit-log-and-security
docs/v3.8.0-api-and-module-guides
fix/issue-9169
improvement/reduce-redundant-ci-status-reporting
feat/v3.4.0-acms-index-data-model-traversal
bugfix/m3-sqlite-check-same-thread
issue-1-conversation-state
bugfix/m3-evlv-implementation-pool-compliance-checklist
feature/m9-a2a-jsonrpc
bugfix/m6-plan-execute-rich-output
fix/uat-checkpoint-prune-test-isolation
feature/issue-4749-split-monolithic-specification
bugfix/m8-suggestions-query-extraction
bugfix/m6-session-delete-format-json-envelope
bugfix/m3-langgraph-disposables
timeline/day-104-2026-04-14-auto-time-2
docs/quickstart-guide
fix/plan-prompt-json-timing-started
feat/v3.6.0-virtual-resource-types
feat/tui-v370/persona-registry
fix/1431-subgraph
bugfix/7529-a2a-terminal-phase-guard
bugfix/m3-bdd-feature-file-tags
ci/v360/isolate-slow-e2e-tests
feature/m3-consolidate-documentation
feature/m7-user-driven-review-agent
feature/m9-a2a-http
fix/1423-refactor
fix/tui-mainscreen-3state-sidebar-adr044
task/v3.8.0-ci-reusable-workflows
testbed/m9-hello
docs/add-label-verification-to-new-issue-creator
bugfix/m3-database-migration-runner-check-same-thread
feature/m4-plan-correction-revert
improvement/agent-architecture-pool-supervisor-milestone-assignment
docs/changelog-unreleased-cycle7
feature/m9-changelog-unreleased-cycle7
fix/issue-10512-mcptooladapter-rlock
fix/data-integrity-llm-trace-repository-7505
agents/auto-working-new
fix/resource-removal-guard-linked-children
fix/1468-impl
feature/1915-timezone-aware-datetime
feature/issue-4381-docs-add-invariantreconciliationactor-api-docs-devcontainer-discovery-module-guide-and-mkdocs-nav
task/ci-actor-context-mgmt-test-optimization
fix/7619-git-tools-base-env-toctou
pr-fix-8661-updates
feature/issue-2798-chore-agents-improve-ca-test-infra-improver-strengthen-duplicate-avoidance
bugfix/m3-migration-runner-check-same-thread
feature/issue-10952-fix-database-migration-runner-check-same-thread
fix/dependency-security-aiohttp-cves
test/uko-persistence-coverage
fix/security-b608-sql-fstring-migration-plan-phases
fix/cli-legacy-removal
feature/m39-auto-arch-23-minor-clarifications
bugfix/m3-langgraph-execute-state-bypass
feat/issue-6370-actor-context-clear
feat/acms-hot-storage-tier-lru-cache
feature/m3111-milestone-based-pr-prioritization
bugfix/m3-actor-run-response
fix/issue-7524-invariant-service-thread-safety-v2
pr-fix-10746
fix/tui-auto-generate-presets-actor-schema
feat/agent-card-discovery
feature/pr-10916-close-reactive-event-bus
feature/issue-1917-optimize-robot-actor-context-management-tests
feature/issue-10803-fix-nox-sessions-use-uv-sync-frozen
feature/issue-1923-missing-test-levels-core-module
feature/1928-add-test-coverage-for-tui-module
chore/ci-dockerfile-server-security-scan
task/ci-centralize-tool-versions
feature/m9-langgraph-platform
bugfix/m5-validation-attach-output-format
test/ci-execution-time-optimize-benchmark-regression
feature/issue-3105-add-mandatory-labels-to-supervisor-tracking-issue-creation
feat/acms-context-policy-configuration-schema
feat/context-sliding-window-strategy
feature/issue-5163-align-checkpoint-trigger-names
feature/issue-4221-docs-add-showcase-example-for-audit-log-and-security-commands
bugfix/m3-output-plan-results
fix/action-archive-output-panels
pr/9912-fix
fix/concurrency-catalog-cache-lock-7590
bugfix/executor-error-details-overwrite-mini-max
fix-10866-permissions-screen
feature/issue-7957-bug-hunt-pool-supervisor-tracking-prefix
fix-pr-10852
fix/10922-conversation-state-mgmt
pr-check
bugfix/10931-preserve-strategy-decisions-json
fix/10903-nox-showcase-docs
pr/10885-pyyaml-upgrade
pr-fix-10931
bugfix/executor-error-details-overwrite-qwen
fix-orchestrator-scaling-32-workers
fix-pr-1107-asgi-uvicorn
feature/m9-timeline-day-99
feat/issue-6369-actor-context-show
improvement/agent-label-compliance
fix-9912-branch
bugfix/10821-fix-tui-keybinding
feat/issue-6450-tui-escape-cascade
bugfix/m8-shell-safety-service-integration
fix/redaction-pattern-exception-handling
bugfix/m8-tui-on-input-changed
fix/action-schema-env-var-exfiltration
feature/spec-timeline-6003
feature/spec-timeline-6008
feature/issue-4746-update-spec-agents-diagnostics-all-9-providers
feat/v3.6.0/gemini-provider
pr/8194
tdd/prompt-input-textarea
feat/v3.6.0/cost-reporting-cli
fix/lsp-transport-security
feat/v3.6.0/semantic-context-strategy
feature/issue-10820-chore-agents-fix-bug-hunt-pool-supervisor-tracking-prefix-auto-bug-pool-to-auto-bug-sup-complete-fix
tdd/mN-registry-thread-safety
fix/v360/remove-acp-module
temp-squash
fix/v360/lsp-runtime-instantiation
feat/690-jsonrpc-routing
feat/v3.6.0-anthropic-gemini-backends
build/agents-system-rewrite
feat/v3.3.0-plan-rollback-cli
feat/v3.3.0-parallel-subplan-scheduler
feature/issue-10846-optimize-benchmark-regression-test-suite
feature/issue-10826-docs-spec-align-checkpoint-trigger-names-and-config-key-path-with-implementation
feature/issue-10744-fix-tui-convert-permissionsscreen-from-static-widget-to-proper-textual-screen-subclass
feature/issue-10794-feat-a2a-implement-a2a-http-transport-for-server-mode
fix/tui-preset-cycling
pr-10820
feature/696-implement-a2a-http-transport-for-server-mode
feature/issue-10792-feat-server-langgraph-platform-remotegraph-integration
feature/issue-1486-fix-v3-7-0-resourcehandler-return-type-1444
feature/issue-1488-fix-v3-7-0-resolve-issue-1432
bugfix/m1-plan-execute-sandbox-root
feature/issue-4663-day-97-schedule-adherence-update
feature/issue-10858-devops-run-linter
docs/milestone-v3.6.0-v3.7.0
feature/issue-10835-add-milestone-based-pr-prioritization
pr-8701-head
fix/7927-apply-phase-dod-gating
fix/sse-formatter-json-rpc-2.0
feat/v3.6.0/scope-chain-assembler-integration
fix/tui-bindings-block-cursor-navigation
fix/v360/compute-actor-impact-exceptions
feat/v360/openrouter-provider
docs/v360/cli-version-info-diagnostics
feat/context-semantic-chunking-strategy
feat/acms-cli-context-show-clear
feature/m7-actor-management-showcase-metadata
feature/m6-4213-resource-skill-showcase
feat/v360/anthropic-gemini-backends
feat/v3.6.0/safety-profile-enforcement
feat/context-dynamic-budget-allocation
refactor/v360/unify-error-handling-cli
fix/v370/tui-materializer-a2a
fix/auto-debug-agent-prompt-injection
refactor/v360/unify-api-naming
test/cli-docstring-example-validation
fix/v360/resource-kind-field
feat/v3.6.0/context-relevance-scoring
fix/v360/plugin-state-executing
fix/v360/lsp-path-traversal-file-reading
feat/acms-semantic-chunking-context-strategy
refactor/v360/unify-service-initialization
bugfix/m3.6.0-lsp-server-dos-message-read-timeout
feat/v360/pluggable-scope-chain-api-v2
docs/v360/actor-management-showcase
docs/v360/actor-removal-impact
docs/v360/align-depth-reduction-devcontainer
tdd/issue-10413-dollar-prefix-shell-mode
fix/issue-10503-session-export-json-stdout
fix/pr-10755
feat/v370/tui-web-mode
feat/v360/plugin-cli-discovery
fix/v360/llm-trace-latency-type
feat/v3.6.0/ollama-mistral-providers
feat/v3.6.0/adaptive-context-selector
feat/tui-v370/persona-registry-merge-v2
feat/v3.6.0/cost-tracker
fix/v360/resource-type-cycle-detection
refactor/auto-guard-1-address-todo-fixme-comments
feat/v3.6.0/pluggable-scope-chain
fix/v360/scope-chain-resolver-registration
test/v360/e2e-a2a-context-management
fix/v360/lsp-env-var-injection
feature/m6-sandbox-correction-invariant-docs
feature/m3-timeline-day97-update
fix/10480-validate-logic-error
feat/acms-cli-context-add
feat/acms-core-pipeline-components
feature/m4652-module-guides
feature/m5-extend-agents-diagnostics-example
feature/m5832-add-unreleased-changelog-entries
docs/add-repo-indexing-showcase
improvement/agent-pr-self-reviewer-blocking-vs-nonblocking
feature/issue-8225-validation-gate-empty-summary
spec/resource-type-yaml-format-canonical-5622
bugfix/m8179-fix-data-integrity-remove-session-rollback-calls-from-projectrepository
feat/v3.6.0/context-policy-strategy-config
test/v3.6.0/a2a-rename-regression-tests
fix/plan-lifecycle-root-decision-type
bugfix/cancel-worktree-cleanup
pr-10586
pr-9215
feat/issue-6357-tui-loading-states
temp-bug2-combined
timeline/day-105-2026-04-15-auto-time-1-v2
docs/consolidated-all-documentation
bugfix/m6-sandbox-reexecute-cleanup
fix/issue-9963-memory-service-timestamp-guards
docs/context-management-deep-dive-v2
docs/context-management-deep-dive
docs/agent-development-guide
feature/10008-file-level-correction-diff
feat/acms-scope-resolution-context-inheritance
docs/a2a-protocol-guide
fix/tui-bindings-reload-settings
docs/tui-user-guide-keybindings
fix/plan-generation-validate-logic
bugfix/issue-10408-dollar-prefix-shell-mode
test/issue-10500-persona-state-reset-tdd
docs/getting-started-tutorial
test/tdd-session-create-suppress-exception
fix/issue-10485-fallback-selector-budget-limits
docs/error-codes-guide
docs/common-tasks-recipes-guide
bugfix/mN-registry-thread-safety
test/migration-runner-sqlite-threading
docs/configuration-reference
pr-10678
pr-10681
test/issue-10510-mcptooladapter-rlock-tdd
feature/tui-screens-directory
fix/issue-10511-suppress-runtimeerror
pr-10676
fix/tui-block-cursor-bindings
pr-10680
test/issue-10502-session-export-json-tdd
fix/issue-10507-sqlite-check-same-thread
docs/installation-setup
test/v3.6.0/scope-chain-integration-tests
fix/v370/loading-throbber-restore
feat/v370/tui-settings-sessions-screens
fix/v370/tui-session-persistence
fix/v360/context-strategy-unification
fix/v370/shell-safety-regex
feat/v370/tui-rebase-merge
feat/v370/tui-complete-squashed
fix/v370/tui-shell-async
feat/v3.6.0/budget-enforcement
refactor/v360/decouple-cli-services
feat/v370/tui-session-persistence
auto-arch-1-spec-module-definitions
docs/v3.6.0-v3.7.0-updates
auto-time/timeline-update-2026-04-18-c3
auto-docs-2/add-changelog-contributing
auto-time/timeline-update-2026-04-18-c2
auto-docs-1/fix-mkdocs-nav-and-links
pr-5968
docs/timeline-day-107-2026-04-17
fix/issue-6323-project-context-show-output
improvement/agent-bug-hunt-pool-supervisor-tracking-prefix
auto-time/update-2026-04-17
docs/auto-docs-8-a2a-rename-documentation
auto-docs-3-v340-v350
docs/timeline-update-2026-04-15
auto-docs/initial-documentation-assessment
feature/m1-initial-documentation
fix/agent-task-list-memory-leak
bugfix/m4-plan-diff-correction-stub
pr-9247
docs/timeline-update-2026-04-17
timeline/day-106-2026-04-17-auto-time-1
fix/quality-gates-click82-compat
auto-arch-14/spec-anonymous-tool-enforcement
fix/issue-6441-session-create-json-output
fix/issue-6331-invariant-add-scope
timeline/day-106-2026-04-16-auto-time-1-v2
spec/auto-arch-23-minor-clarifications
timeline/day-106-2026-04-16-auto-time-2
docs/auto-docs-2-v380-v390
timeline/day-104-2026-04-14-auto-time-1
bugfix/m3-actor-add-v3-schema-validation
timeline/day-106-2026-04-16-auto-time-1
auto-docs/changelog-architecture-readme
spec/auto-arch-21-v350-autonomy-hardening
chore/timeline-day-105-2026-04-15
docs/timeline-update-2026-04-15-auto-time-1
timeline/day-105-2026-04-15-auto-time-1
benchmark-ci
fix/plan-phase-migration-raw-sql-root-plan-id
auto-arch-12/spec-acms-context-tier-hydrator
timeline/day-106-2026-04-15-auto-time-1
feat/invariant-enforcement-strategize
feat/plan-tree-decision-rendering
feat/plan-correct-revert-append-modes
docs/auto-docs-4-fix-conflicts
docs/auto-docs-1-milestone-docs-v3.0.0-v3.1.0
feat/v3.4.0-acms-lifecycle-policy
pr-9220
fix/a2a-facade-optional-param-validation
feat/ci-guard-llm-secrets
pr-9214
feat/v3.3.0-subplan-status-tracking
feat/v3.3.0-merge-conflict-detection
uat/checkpoint-rollback-merge-tests
fix/pr-review-pool-supervisor-prefix-mismatch
feat/v3.3.0-spawn-subplan-step
auto-time-1-day103-cycle1-session6
feat/v3.8.0-agent-card-endpoint
docs/auto-docs-cycle-24-showcase-nav
auto-inf-3-consolidate-behave-fixtures
fix/issue-7663-docs-writer-missing
auto-time-1-day103-cycle2
docs/timeline-day-104-auto-time-1
auto-arch-16/spec-xml-prompt-injection-mitigation
bugfix/m4-invariant-persistence
uat-a2a-facade-tests-v350
bugfix/m3-behave-parallel-failed-chunk-logs
bugfix/7664-automation-tracking-label-requirements
docs/auto-time-1-timeline-update-2026-04-14
docs/auto-docs-1-milestone-v3-updates
fix/issue-6344-plan-execute-rich-output
docs/action-config-schema-api
fix/bug-hunt-supervisor-nonexistent-file-preflight
fix/retry-policy-model-missing-fields
docs/validation-gate-empty-run-guard
auto-arch-15/spec-retry-policy-canonical-fields
docs/lockservice-advisory-locking
docs/changelog-plan-fix-4197
spec/milestone-plan-section
docs/update-changelog-recent-features
fix/test-infra-remove-redundant-python-variable-robot-files
timeline/day-104-2026-04-14-cycle2
fix/bdd-feature-file-tags
auto-arch-13/spec-default-automation-profile
docs/auto-docs-cycle-1-2026-04-12
docs/cycle-1-git-worktree-sandbox
spec/architecture-critical-gap-fixes
docs/timeline-day-104-auto-time-2
auto-arch-1/add-v380-v390-milestone-plan
docs/developer-setup-guide
fix/auto-profile-spec-prose-description
auto-arch-10/spec-tui-a2a-integration-layer
spec/resource-event-types-clarification
auto-docs-4/changelog-and-observability
auto-arch-4/adr-049-layered-boundary-enforcement
docs/a2a-protocol-autonomy-hardening
auto-arch-9/spec-v3.8.0-milestone-plan
docs/auto-docs-3-reference-index
auto-arch-7/spec-apply-git-worktree
docs/timeline-day104-cycle1-auto-time-4
docs/auto-docs-cycle-1-changelog-updates
auto-arch-6/adr-049-spec-restructuring
docs/auto-docs-1-v340-acms-context-management
docs/auto-docs-1-v320-v330-cli-reference
auto-arch-5/v3.9.0-milestone-plan
test/create-scripts
auto-time-1-day104
timeline/day-104-2026-04-14
docs/auto-time-4-day103-cycle5
auto-time-3-day103-cycle4
auto-docs-5-architecture-overview
spec/three-way-merge-strategy-v3.3.0
spec/checkpoint-system-v3.3.0
auto-docs-4-api-docs-update
auto-docs-1-changelog-expansion
spec/invariant-management-system-v3.2.0
pr-8289
spec/plan-correction-engine-v3.2.0
spec/layered-architecture-boundary-policy
spec/tui-materializer-a2a-integration-v3.7.0
spec/decision-recording-system-v3.2.0
docs/auto-docs-1-milestone-overview
pr-7484
pr-4212
auto-arch-3/v3.8.0-milestone-plan
auto-docs-6/troubleshooting-and-config
auto-time-1-day103-session5
auto-docs-5/contributor-guide-and-readme
docs/plan-tree-ulid-examples
docs/m3-spec-clarify-path-datetime-plugin-contracts
docs/auto-docs-cycle-10-diagnostics-ref
auto-docs-3/user-guide-and-architecture
docs/cycle-7-changelog-update
spec/reconciliation-failure-behavior
auto-docs-2/api-documentation
auto-arch-2/adr-053-repositories-decomposition
auto-docs-1/release-notes-v3.0-v3.1
spec/update-validation-attach-project-delete
spec/architecture-cycle2-impl-clarifications
auto-arch-1/adr-049-052-violations
auto-time-1-day103
docs/auto-docs-cycle-13-updates
docs/timeline-day-102-auto-time
timeline/day-103-2026-04-13
spec/arch-invariant-cli-completeness
spec/update-cycle1-validation-attach-project-delete
docs/add-session-management-showcase
spec/arch-sandbox-path-correction-cycle9
spec/architecture-v380-milestone-plan
docs/auto-docs-cycle-12-updates
docs/cycle-1-validation-gate-fix
docs/2026-04-08-unreleased-changelog
docs/auto-docs-cycle-2-2026-04-10
docs/session-4615-2026-04-08-cycle1
feat/issue-6361-shell-safety-service-tui
spec/architecture-cycle-25-new-features
fix/issue-6345-automation-profile-add-output
docs/timeline-day-102-2026-04-12
docs/cycle-2-git-worktree-acms-hydrator
spec/arch-sandbox-cleanup-discovery
docs/timeline-day96-2026-04-08
docs/auto-docs-cycle-11
spec/fix-sandbox-strategy-protocol-name
spec/arch-acms-tier-hydration
fix/v3.4.0/context-settings-defaults
docs/add-example-repl-and-actor-run
docs/auto-docs-cycle-10-updates
docs/session-4-2026-04-08-updates
docs/showcase-all-examples-consolidated
docs/timeline-day-97
docs/acms-context-hydrator-cycle2
docs/add-example-output-format-flags
spec/arch-failfast-cancel-semantics
timeline/day-101-2026-04-11
docs/timeline-day99-2026-04-09-v2
docs/auto-docs-cycle-2-worktree-acms
spec/architecture-v3.8.0-milestone-plan
docs/api-lsp-acms-reference
improvement/agent-bug-hunt-pool-supervisor-yaml-syntax-fix
spec/project-delete-deleted-at-field
spec/architecture-provider-registry-tui-materializer
spec/document-reconciliation-blocked-error-5942
fix/issue-7482-git-log-injection
spec/devcontainer-auto-discovery-schema
feat/issue-6350-conversation-content-pruning
docs/update-module-guides-2026-04-10
timeline/day-100-2026-04-10-auto-time-cycle1
timeline/day-99-2026-04-09-auto-time-v2
docs/cycle-3-module-guides
timeline/day-99-2026-04-09-auto-time
pr-4226
spec/additional-llm-providers-gemini-groq-cohere-together-ollama-mistral
spec/document-context-tier-hydrator-6175
docs/timeline-day99-2026-04-09
spec/invariant-cli-clarifications
docs/add-example-project-init-and-context-management
spec/reconciliation-blocked-error-documentation
spec/fix-invariant-precedence-reference-5861
spec/fix-plan-correct-accepts-plan-id-5558
spec/fix-validation-attach-synopsis-5328
docs/timeline-day-99-cycle-1
docs/timeline-day-99-cycle-2
fix/actor-context-list-regex-arg
docs/timeline-day-99-cycle-3
spec/arch-security-mode-init
docs/auto-docs-cycle-9-updates
fix-resource-fix-resource-remove-to-check-correct-edge-table
feat/issue-6434-tui-env-var-expansion
fix/issue-6321-plan-prompt-timing-field
fix/issue-6322-resource-add-url-flag
feat/issue-6348-sessions-screen
spec/plan-show-command
temp
feat/harden-label-restrictions-1775753628
spec/invariant-reconciliation-failure-behavior
spec/add-reconciliation-failure-behavior-5942
spec/architecture-corrections-cycle3
spec/checkpoint-trigger-names-and-config-key-fix
spec/fix-ai-provider-interface-5801
spec/azure-api-version-default-update
docs/auto-docs-writer-cycle1-labels
spec/fix-resource-type-yaml-format-5622
spec/add-plan-revert-resume-commands-5574
docs/auto-docs-cycle-1-2026-04-09
spec/plan-correct-plan-id-or-decision-id-5558
spec/fix-subgraph-node-actor-ref-field-5427
issue/5284-master-ci-fix
timeline/day-99-2026-04-09-v2
merge-me
docs/session-3377-initial-docs-update
fix/llm-provider-subpackage-exports
spec/arce-acronym-and-tui-keybinding-fixes
spec/architecture-corrections-cycle2
spec/architecture-corrections-cycle1
docs/cycle-1-updates
spec/tui-clarifications-session-export-persona
docs/session-4940-2026-04-08-cycle1
spec/architecture-milestone-plan-v3.2-v3.7
docs/session-4743-2026-04-08-cycle1
docs/timeline-day-98
fix/plan-lifecycle-service-rollback-method
docs/timeline-day98-2026-04-08-v2
docs/add-example-action-and-plan-management
docs/session-2026-04-06-updates
docs/ca-docs-writer-v3.8.1-2026-04-05
fix/session-tell-stub-missing-panels-and-actor-execution
improvement/agent-arch-guard-clone-failure-handling
improvement/agent-test-infra-health-spam-fix-v2
fix-tdd-invert-non-assertion-exceptions
improvement/agent-arch-guard-clone-failure
bugfix/3472-fix-tdd-inversion-logic
bugfix/989-fix-persistence-json-decode-error
improvement/agent-supervisor-tracking-labels-v2
docs/timeline-day95-v2
docs/timeline-day95-final
docs/update-lsp-api-and-changelog
fix/lsp-resource-handler-module-missing
docs/timeline-day95-final-2026-04-05
fix/a2a-plan-correct-rollback-wiring
docs/add-lsp-api-and-changelog-2026-04-05
fix/tool-registry-validation-type-discriminator
docs/v3.7.0-documentation-update
docs/ca-docs-writer-2026-04-05-cycle2
fix/invariant-set-merge-action-scope
docs/unreleased-feature-docs
fix/concurrency-cost-tracker-record-usage-race-condition
improvement/agent-ca-test-infra-improver-failure-handling
docs/update-changelog-mcp-plan-ci-2026-04-05
improvement/agent-pr-reviewer-milestone-prioritization
docs/timeline-day95-refresh-2026-04-05
improvement/agent-mandatory-labels-tracking-issues
docs/api-domain-providers-changelog-2026-04-05
docs/ca-docs-writer-2026-04-05
docs/timeline-day95-refresh
fix/skill-add-include-validation
docs/timeline-day-95-2026-04-05-update3
docs/timeline-day-95-2026-04-05-update2
docs/ci-incident-runbook-2597
improvement/agent-ca-test-infra-improver-worker-api-mode
docs/shell-safety-api-and-readme-highlights
docs/timeline-day-55-2026-04-04-v2
docs/timeline-day-55-2026-04-04
docs/timeline-day54-update3
improvement/agent-ca-test-infra-improver-fixes
spec/restructure-monolithic-to-split
docs/timeline-day54-update-v2
docs/timeline-day54-update
fix-agents
docs/shell-safety-and-domain-base-model
fix/1452-impl
fix/1473-plan-cancel
fix/1425-test
fix/1426-config
fix/1421-perf
fix/1424-impl
test/int-wf16-devcontainer
feature/m8-tui-persona-export
feature/m7-post-resource-equivalence
test/e2e-m4-acceptance
feature/m6-tantivy-backend
feature/m6-estimation
feature/m6-estimation-report-model
feature/observability-prometheus-audit
feat/server-auth-namespace
feature/m8-session-editing
feature/llm-actor-subplan-wiring
feature/m8-tui-first-run-actor-selection
feature/m8-tui-conversation-block-catalog
feature/m8-tui-settings-screen
feature/m7-e2e-porting
feature/m6-estimation-historical-stats
feature/m8-tui-persona-export-import
feature/m8-tui-sessions-screen
feature/m7-graph-backend
feature/m8-tui-block-context-menu
feature/m8-tui-tool-call-expand
feature/m4-missing-builtin-tools
docs/v3.7.0-release-docs
feature/m8-tui-session-export
test/e2e-wf15-disaster-recovery
test/e2e-wf03-refactoring
test/e2e-m3-acceptance
feature/m8-tui-prompt-history
feature/m8-tui-actor-thought-block-rendering
bugfix/m6-build-hierarchy-child-ids
feature/resource-inheritance-wiring
test/e2e-wf09-session
test/e2e-wf06-doc-generation
test/e2e-wf08-cloud-infra
test/e2e-wf02-test-generation
test/e2e-wf13-custom-profile
test/e2e-wf11-graph-actor
test/e2e-wf01-hello-world
test/int-wf17-explicit-container
test/int-wf12-hierarchical
test/int-wf15-disaster-recovery
test/int-wf13-custom-profile
test/int-wf03-refactoring
test/int-wf11-graph-actor
test/int-wf10-batch
test/int-wf09-session
feature/m3-tdd-issue-consistency-gate
feature/m3-invariant-enforcement-strategize
test/int-wf18-container-clone
test/int-wf01-hello-world
feature/m6-diagnostic-dashboard-health-categories
feature/m6-cli-polish
fix/e2e-db-isolation
feature/m7-post-tui
feature/m9-asgi-endpoint
feature/m7-post-server
tdd/m7-audit-session-race
tdd/m3-skill-add-regression
feature/m9-remote-repos
feature/fs-mount-file-types
tdd/container-resolve-crash
test/e2e-m1-acceptance
test/e2e-m2-acceptance
eugen.thaci-patch-3
eugen.thaci-patch-2
eugen.thaci-patch-1
aditya-fix-latest
feature/m4-secret-masking-llm-context
aditya-fix
refactor/m3-replace-mktemp
refactor/m3-remove-unittest-mock-integration
refactor/m3-remove-robot-mock-imports
refactor/m3-remove-mock-llm-integration
docs/improved-menu-adr
feature/m7-post-auth
feature/m3-fix-resource-bootstrap
feature/post-safety-profile-tests
integration/batch-2026-03-02
feat/slipcover
docs/safety-profile-spec-composition
integrate/freemo-batch-1
feature/m4-error-recovery
feature/m4-security-template
feature/m3-validation-pipeline
develop-aditya-2
feature/m3-diff-review
feature/m3-validation-apply
feature/m6-acp-stubs
feature/m4-correction-flows
feature/m1-plan-execute-runtime
feature/m4-security-exceptions
feature/m4-definition-of-done
feature/m4-correction-model
feature/m1-apply-pipeline
feature/m5-automation-profiles
feature/m2-lsp-stubs
feature/m3-invariants
feature/m1-actor-runtime
feature/docs-v2-restore
feature/m6-perf-scale
feature/m6-validation-edge
feature/m3-session-cli
feature/m1-persistence-tests-robot
feature/m3-config-cli
feature/m1-cli-tests-robot
feature/m5-subplan-tests
feature/m6-review-playbook
feature/aditya-m3-actor-loader
feature/m3-skill-protocol
feature/m4-automation-legacy-cleanup
feature/m3-change-model
feature/m3-skill-git
feature/m3-skill-registry
feature/m4-security-eval
fix/robot-tests
feature/m3-actor-registry
feature/m3-tool-cli
feature/m4-automation-profiles-cli
feature/m2-resource-cli-extensions
feature/m3-actor-loader
feature/m3-tool-domain-robot
feature/m3-skill-domain-robot
feature/m3-skill-cli
feature/m1-resource-db-robot-tests
feature/m3-session-domain-robot
feature/m1-persistence-tests
feature/m1-cli-tests
ten-branches-backup
feature/m3-skill-schema
feature/m3-session-persistence
feature/automation-profiles-and-resource-dag
feature/m1-plan-repo
feature/m1-db-plan-phase-rebaseline
feat/B4-sandbox
feat/B2-cli-wiring
feat/B5-project-persistence
feat/B1-project-data-models
feat/b1-data-models
feat-repo-manager-and-sourcegraph-support
feat/actor-schema
fix/component-isolation-security-fix
feat/ontology-agent
fix/error-handling-security-fix
fix/concurrency-security-fix
fix/serialization-security-fix
fix/server-side-request-forgery-security-fix
fix/file-system-security
fix/template-injection-fix
fix/data-injection-fix
tests/unit-tests
latest/poetry-generator
poetry-generator
config/contract-metadata-extractor
docs/readme-yaml-syntax
config/memory-yaml
fix/double-response
brent-additions
intel_2_demo
auto-working-v6
auto-working-v5
auto-working-v4
auto-before-rewrite-v0
auto-working-v3
auto-working-v2
auto-working-v1
v3.1.0
v3.0.0
v2.0.0
Labels
Clear labels   
auto/needs-reevaluation
Controller deferred this PR; awaiting Phase 6+ scope-evaluator or operator re-enablement.

  
controller-managed
Auto-agents controller manages this PR/issue (see tools/controller/deploy/RUNBOOK.md). Remove this label to abandon controller management.

  
auto/blocked-by-deps
PR blocked by an open issue dependency. Operator must close the dep (or remove the dependency link) before the merge driver can act. Auto-cleared by merge_drive when no open deps remain.

  
auto/ci-timeout
Most recent merge cycle hit CI timeout. Driver excludes this PR while last merge_cycle row is < 30 min old; label persists thereafter as visible history.

  
auto/claimed-implementer
Currently being processed by an implementer worker.

  
auto/claimed-merge
Currently being processed by the merge driver.

  
auto/claimed-reviewer
Currently being processed by a reviewer worker.

  
auto/driver-down
Merge driver heartbeat stale; pipeline halted. Closed automatically on next clean tick.

  
auto/invariant-violation
Detected master commit violating the strict merge invariant. Tracked as an issue (not a PR label); kept here for label completeness.

  
auto/last-attempt-tier-0
In-cycle escalation: most recent attempt ran at the Tier 0 slot (`tier-0`). Slot's model defined in .opencode/models/tiers.yaml.

  
auto/last-attempt-tier-1
In-cycle escalation: most recent attempt ran at the Tier 1 slot (`tier-1`). Slot's model defined in .opencode/models/tiers.yaml.

  
auto/last-attempt-tier-2
In-cycle escalation: most recent attempt ran at the Tier 2 slot (`tier-2`). Slot's model defined in .opencode/models/tiers.yaml. Gated behind IMPLEMENTER_ESCALATION_TIER2_ENABLED.

  
auto/last-attempt-tier-min
In-cycle escalation: most recent attempt ran at the Tier -1 slot (`tier-min`). Slot's model defined in .opencode/models/tiers.yaml. Suffix is ``-min`` (not ``--1``) so the Forgejo UI reads naturally.

  
Automation Tracking
Tracking issues used by the AI Automation system for agents to communicate and report.

  
auto/needs-conflict-resolution
Rebase conflict needs LLM conflict-resolver.

  
auto/needs-implementer
Failing CI needs implementer attention.

  
auto/postmortem
Documenting a driver incident or rollback.

  
auto/ready-to-merge
Reviewer has APPROVED this PR and no later REQUEST_CHANGES is outstanding. The merge driver requires this label to even consider a PR for merging. Set by the reviewer worker on APPROVE; cleared on REQUEST_CHANGES.

  
auto/restart-throttled
Train repeatedly lost master-tempo races. Driver excludes via merge_cycle until cooldown elapses; label persists as visible history.

  
auto/revert
Revert PR backing out an invariant violation. Fast-tracked through the merge driver.

  
auto/sentinel
Sentinel PR duplicated from upstream into a personal fork by tools/duplicate_prs_to_fork.py for pipeline testing. Lives only in the fork; the canonical pipeline never sees it.

  
auto/stale-inactivity
No implementer activity for N days. Flagged for human review. Auto-cleared on next push to head branch.

  
auto/unstable
Repeatedly fails on current master (>= 3 ci-fail-on-rebased-sha releases in 12 h). Excluded from driver until human triage.

  
Blocked
A ticket in a blocked state and unable to complete until some other task is completed first.

  
Bounty
$100
 A bounty of $100 for any open-source contributor who provides a MR that solves this issue

  
Bounty
$1000
 A bounty of $1000 for any open-source contributor who provides a MR that solves this issue

  
Bounty
$10000
 A bounty of $10000 for any open-source contributor who provides a MR that solves this issue

  
Bounty
$20
 A bounty of $20 for any open-source contributor who provides a MR that solves this issue

  
Bounty
$2000
 A bounty of $2000 for any open-source contributor who provides a MR that solves this issue

  
Bounty
$250
 A bounty of $250 for any open-source contributor who provides a MR that solves this issue

  
Bounty
$50
 A bounty of $50 for any open-source contributor who provides a MR that solves this issue

  
Bounty
$500
 A bounty of $500 for any open-source contributor who provides a MR that solves this issue

  
Bounty
$5000
 A bounty of $5000 for any open-source contributor who provides a MR that solves this issue

  
Bounty
$750
 A bounty of $750 for any open-source contributor who provides a MR that solves this issue

  
MoSCoW
Could have
 Could have feature in order to satisfy the epic/legendary.

  
MoSCoW
Must have
 Must have feature in order to satisfy the epic/legendary.

  
MoSCoW
Should have
 Should have feature in order to satisfy the epic/legendary.

  
Needs Feedback
There are questions in the ticket that can not be completed until the project owner provides clarity.

  
Points
1
 1 man-hours worth of work for an expert with no learning curve.

  
Points
13
 13 man-hours worth of work for an expert with no learning curve.

  
Points
2
 2 man-hours worth of work for an expert with no learning curve.

  
Points
21
 21 man-hours worth of work for an expert with no learning curve.

  
Points
3
 3 man-hours worth of work for an expert with no learning curve.

  
Points
34
 34 man-hours worth of work for an expert with no learning curve.

  
Points
5
 5 man-hours worth of work for an expert with no learning curve.

  
Points
55
 55 man-hours worth of work for an expert with no learning curve.

  
Points
8
 8 man-hours worth of work for an expert with no learning curve.

  
Points
88
 88 man-hours worth of work for an expert with no learning curve.

  
Priority
Backlog
 This ticket has backlogged priority and is not to be worked on yet

  
Priority
CI Blocker
 Critical priority issue that blocks CI/CD pipeline and prevents PR merges

  
Priority
Critical
 The priority is critical

  
Priority
High
 The priority is high

  
Priority
Low
 The priority is low

  
Priority
Medium
 The priority is medium

  
Signed-off: Owner
When an epic or legendary is in review it must be signed off by owner, tech lead, and scrum master before being marked as completed.

  
Signed-off: Scrum Master
When an epic or legendary is in review it must be signed off by owner, tech lead, and scrum master before being marked as completed.

  
Signed-off: Tech Lead
When an epic or legendary is in review it must be signed off by owner, tech lead, and scrum master before being marked as completed.

  
Spike
A ticket for learning a tool or technology that is needed to be able to do future planning and design.

  
State
Completed
 The ticket has been fully implemented, completed, and merged with the source code. This label should only be applied once a ticket is closed.

  
State
Duplicate
 A ticket that represents the same content as an existing ticket.

  
State
In Progress
 A ticket that is actively being developed.

  
State
In Review
 A ticket that has had some code completed to implement but is waiting to pass peer review and is not yet merged in.

  
State
Paused
 This ticket's work started but wasn't finished. It's on hold (likely in a feature branch) and will be resumed later, either due to a blocker or a delay.

  
State
Unverified
 All new tickets start in this state. A developer may set it to show the ticket is unverified. This means we haven't agreed to work on it. It will either move to a verified state or be closed as wontdo.

  
State
Verified
 The issue has been verified by a developer as legitimate. It will be worked on and verified tickets are now considered part of the backlog.

  
State
Wont Do
 This ticket has been decided it wont be done. This may mean the bug has been determined to not be real (cant verify) or the feature is one we have decided we dont want to adopt.

  
Type
Automation
 Any edits or discussion about the AI automated coding system.

  
Type
Bug
 Something that doesnt work as intended.

  
Type
Discussion
 Anytime a ticket represents a discussion about a subject and doesnt fall into one of the other categories.

  
Type
Documentation
 An error or improvement needed in the documentation.

  
Type
Epic
 Any first tier epic. That is, an epic which contains only issues as children and will not have sub-epics.

  
Type
Feature
 Some new functionality not present.

  
Type
Legendary
 A type of Epic which will contain other Epics.

  
Type
Refactor
 A code change that restructures existing code without changing its external behavior.

  
Type
Support
 Someone needs help using the project.

  
Type
Task
 A generic task that doesnt fit into the other type categories.

  
Type
Testing
 Work exclusively focusing on fixing or expanding testing.

No labels
auto/needs-reevaluation
controller-managed
auto/blocked-by-deps
auto/ci-timeout
auto/claimed-implementer
auto/claimed-merge
auto/claimed-reviewer
auto/driver-down
auto/invariant-violation
auto/last-attempt-tier-0
auto/last-attempt-tier-1
auto/last-attempt-tier-2
auto/last-attempt-tier-min
Automation Tracking
auto/needs-conflict-resolution
auto/needs-implementer
auto/postmortem
auto/ready-to-merge
auto/restart-throttled
auto/revert
auto/sentinel
auto/stale-inactivity
auto/unstable
Blocked
Bounty
$100
Bounty
$1000
Bounty
$10000
Bounty
$20
Bounty
$2000
Bounty
$250
Bounty
$50
Bounty
$500
Bounty
$5000
Bounty
$750
MoSCoW
Could have
MoSCoW
Must have
MoSCoW
Should have
Needs Feedback
Points
1
Points
13
Points
2
Points
21
Points
3
Points
34
Points
5
Points
55
Points
8
Points
88
Priority
Backlog
Priority
CI Blocker
Priority
Critical
Priority
High
Priority
Low
Priority
Medium
Signed-off: Owner
Signed-off: Scrum Master
Signed-off: Tech Lead
Spike
State
Completed
State
Duplicate
State
In Progress
State
In Review
State
Paused
State
Unverified
State
Verified
State
Wont Do
Type
Automation
Type
Bug
Type
Discussion
Type
Documentation
Type
Epic
Type
Feature
Type
Legendary
Type
Refactor
Type
Support
Type
Task
Type
Testing
Milestone
Clear milestone
No items
No milestone
v3.5.0
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
HAL9000
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
cleveragents/cleveragents-core#7408
No description provided.