v3.5.0
v3.5.0 — M6: Autonomy Hardening
Goal: The system can autonomously execute a large-scale task (e.g., porting a substantial codebase) using hierarchical plan decomposition with 4+ levels of subplans, decision correction with selective subtree recomputation, parallel execution scaling to 10+ concurrent subplans, and validation-gated apply.
Note: Server stubs have been moved to M9 (v3.8.0) following the ACP→A2A protocol adoption and server architecture redesign (ADR-047/ADR-048). TUI features moved to M8 (v3.7.0).
Acceptance Criteria
- System can autonomously execute a large-scale porting task using hierarchical subplan decomposition (4+ levels)
- Parallel execution scales to 10+ concurrent subplans with configurable concurrency limits
- Automation profiles (8 built-in: manual through full-auto) control autonomy thresholds per operation
- Safety profiles enforce hard constraints: sandbox required, checkpoint required, unsafe tool gating, skill allow-lists, cost/retry limits
- Cost and risk estimation actor produces estimates before plan execution
- Autonomy guardrails (max steps, tool budget, required confirmations) enforced with audit trail
- Semantic validation (syntax, import, and reference checks) runs during Strategize and Execute phases
- A2A local facade enables in-process routing (groundwork for server mode in M9)
- LSP server stub with JSON-RPC transport registered and accessible from actor graphs
- Test coverage >= 97%
Technical Criteria
- Automation profiles with 11 automatable task flags and confidence thresholds (0.0–1.0).
- Safety Profile sub-model as composed component of AutomationProfile per ADR-041.
- Large-project decomposition with 4+ level hierarchical subplans and clustering heuristics.
- Estimation actor producing EstimationReport with cost and risk projections.
- A2A local facade implementing in-process routing for local mode.
- LSP runtime stub with initialize/shutdown handshake and JSON-RPC stdio transport.
- Test coverage remains >= 97%.
27% Completed
Label
Project
Assignee
Sort
fix(security): fix file_tools.py validate_path startswith bypass #7478
Some checks failed
CI / push-validation (pull_request) Successful in 22s
CI / lint (pull_request) Failing after 42s
CI / helm (pull_request) Successful in 33s
CI / build (pull_request) Successful in 47s
CI / typecheck (pull_request) Successful in 57s
CI / quality (pull_request) Successful in 57s
CI / security (pull_request) Successful in 1m2s
CI / unit_tests (pull_request) Failing after 3m3s
CI / coverage (pull_request) Has been skipped
CI / docker (pull_request) Has been skipped
CI / integration_tests (pull_request) Failing after 3m4s
CI / e2e_tests (pull_request) Successful in 4m17s
CI / status-check (pull_request) Failing after 3s
auto/needs-reevaluation
Priority
Critical
State
Paused
Type
Bug
fix(security): fix file_tools.py validate_path startswith bypass #7478 (#11002)
Some checks failed
CI / lint (pull_request) Failing after 34s
CI / typecheck (pull_request) Successful in 58s
CI / quality (pull_request) Successful in 48s
CI / helm (pull_request) Successful in 37s
CI / build (pull_request) Successful in 40s
CI / security (pull_request) Successful in 1m6s
CI / unit_tests (pull_request) Failing after 59s
CI / docker (pull_request) Has been skipped
CI / coverage (pull_request) Has been skipped
CI / push-validation (pull_request) Successful in 33s
CI / integration_tests (pull_request) Failing after 2m44s
CI / e2e_tests (pull_request) Successful in 3m50s
CI / status-check (pull_request) Failing after 3s
auto/needs-reevaluation
State
Paused
fix(providers): add ProviderType.GEMINI to ProviderRegistry.FALLBACK_ORDER
All checks were successful
CI / lint (pull_request) Successful in 48s
CI / quality (pull_request) Successful in 57s
CI / typecheck (pull_request) Successful in 1m0s
CI / security (pull_request) Successful in 1m22s
CI / build (pull_request) Successful in 33s
CI / helm (pull_request) Successful in 39s
CI / push-validation (pull_request) Successful in 24s
CI / unit_tests (pull_request) Successful in 5m25s
CI / docker (pull_request) Successful in 1m53s
CI / integration_tests (pull_request) Successful in 9m4s
CI / coverage (pull_request) Successful in 12m23s
CI / status-check (pull_request) Successful in 3s
auto/needs-reevaluation
controller-managed
MoSCoW
Must have
Priority
Medium
Type
Bug
🔒 fix(tui): fix thread-safety race in reference_parser catalog cache
Some checks failed
CI / lint (pull_request) Failing after 37s
CI / push-validation (pull_request) Successful in 24s
CI / helm (pull_request) Successful in 28s
CI / build (pull_request) Successful in 39s
CI / typecheck (pull_request) Successful in 1m19s
CI / quality (pull_request) Successful in 1m12s
CI / security (pull_request) Successful in 1m24s
CI / e2e_tests (pull_request) Successful in 3m44s
CI / integration_tests (pull_request) Failing after 4m20s
CI / unit_tests (pull_request) Failing after 5m33s
CI / coverage (pull_request) Has been skipped
CI / docker (pull_request) Has been skipped
CI / status-check (pull_request) Failing after 9s
auto/needs-reevaluation
MoSCoW
Could have
Priority
Backlog
State
Paused
Type
Bug
fix(cleanup): invalidate sandbox_dirs_cache after purge (#7527)
Some checks failed
CI / push-validation (pull_request) Successful in 20s
CI / build (pull_request) Successful in 40s
CI / lint (pull_request) Failing after 42s
CI / helm (pull_request) Successful in 44s
CI / typecheck (pull_request) Successful in 57s
CI / quality (pull_request) Successful in 1m10s
CI / security (pull_request) Successful in 1m24s
CI / unit_tests (pull_request) Failing after 1m35s
CI / coverage (pull_request) Has been skipped
CI / docker (pull_request) Has been skipped
CI / integration_tests (pull_request) Failing after 2m54s
CI / e2e_tests (pull_request) Successful in 3m29s
CI / status-check (pull_request) Failing after 3s
auto/needs-reevaluation
MoSCoW
Could have
Priority
Backlog
State
Paused
Type
Bug
fix(cli): implement missing actor context list, show, and clear commands
Some checks failed
CI / push-validation (pull_request) Successful in 37s
CI / helm (pull_request) Successful in 47s
CI / lint (pull_request) Successful in 56s
CI / build (pull_request) Successful in 54s
CI / quality (pull_request) Successful in 1m34s
CI / typecheck (pull_request) Successful in 1m40s
CI / security (pull_request) Successful in 1m39s
CI / integration_tests (pull_request) Failing after 15m40s
CI / unit_tests (pull_request) Failing after 15m41s
CI / coverage (pull_request) Has been cancelled
CI / docker (pull_request) Has been cancelled
CI / status-check (pull_request) Has been cancelled
controller-managed
MoSCoW
Must have
Priority
Medium
Type
Bug
fix(cli/session): emit JSON envelope in session delete for non-rich formats
Some checks failed
CI / lint (pull_request) Has been cancelled
CI / typecheck (pull_request) Has been cancelled
CI / security (pull_request) Has been cancelled
CI / quality (pull_request) Has been cancelled
CI / unit_tests (pull_request) Has been cancelled
CI / integration_tests (pull_request) Has been cancelled
CI / e2e_tests (pull_request) Has been cancelled
CI / coverage (pull_request) Has been cancelled
CI / build (pull_request) Has been cancelled
CI / docker (pull_request) Has been cancelled
CI / helm (pull_request) Has been cancelled
CI / push-validation (pull_request) Has been cancelled
CI / status-check (pull_request) Has been cancelled
controller-managed
MoSCoW
Must have
Priority
Critical
Type
Bug
docs: add module guides for Sandbox, Correction Attempts, and Invariant Reconciliation
All checks were successful
CI / lint (pull_request) Successful in 52s
CI / push-validation (pull_request) Successful in 37s
CI / build (pull_request) Successful in 52s
CI / helm (pull_request) Successful in 53s
CI / quality (pull_request) Successful in 1m35s
CI / typecheck (pull_request) Successful in 1m41s
CI / security (pull_request) Successful in 1m42s
CI / unit_tests (pull_request) Successful in 6m55s
CI / docker (pull_request) Successful in 1m58s
CI / integration_tests (pull_request) Successful in 11m20s
CI / coverage (pull_request) Successful in 9m37s
CI / status-check (pull_request) Successful in 3s
auto/needs-reevaluation
controller-managed
Priority
Medium
Type
Documentation