v3.5.0
v3.5.0 — M6: Autonomy Hardening
Goal: The system can autonomously execute a large-scale task (e.g., porting a substantial codebase) using hierarchical plan decomposition with 4+ levels of subplans, decision correction with selective subtree recomputation, parallel execution scaling to 10+ concurrent subplans, and validation-gated apply.
Note: Server stubs have been moved to M9 (v3.8.0) following the ACP→A2A protocol adoption and server architecture redesign (ADR-047/ADR-048). TUI features moved to M8 (v3.7.0).
Acceptance Criteria
- System can autonomously execute a large-scale porting task using hierarchical subplan decomposition (4+ levels)
- Parallel execution scales to 10+ concurrent subplans with configurable concurrency limits
- Automation profiles (8 built-in: manual through full-auto) control autonomy thresholds per operation
- Safety profiles enforce hard constraints: sandbox required, checkpoint required, unsafe tool gating, skill allow-lists, cost/retry limits
- Cost and risk estimation actor produces estimates before plan execution
- Autonomy guardrails (max steps, tool budget, required confirmations) enforced with audit trail
- Semantic validation (syntax, import, and reference checks) runs during Strategize and Execute phases
- A2A local facade enables in-process routing (groundwork for server mode in M9)
- LSP server stub with JSON-RPC transport registered and accessible from actor graphs
- Test coverage >= 97%
Technical Criteria
- Automation profiles with 11 automatable task flags and confidence thresholds (0.0–1.0).
- Safety Profile sub-model as composed component of AutomationProfile per ADR-041.
- Large-project decomposition with 4+ level hierarchical subplans and clustering heuristics.
- Estimation actor producing EstimationReport with cost and risk projections.
- A2A local facade implementing in-process routing for local mode.
- LSP runtime stub with initialize/shutdown handshake and JSON-RPC stdio transport.
- Test coverage remains >= 97%.
23% Completed
Label
Project
Assignee
Sort
fix(security): fix file_tools.py validate_path startswith bypass #7478
All checks were successful
CI / push-validation (pull_request) Successful in 34s
CI / helm (pull_request) Successful in 37s
CI / build (pull_request) Successful in 48s
CI / lint (pull_request) Successful in 1m8s
CI / typecheck (pull_request) Successful in 1m14s
CI / quality (pull_request) Successful in 1m7s
CI / security (pull_request) Successful in 1m15s
CI / integration_tests (pull_request) Successful in 3m7s
CI / unit_tests (pull_request) Successful in 4m54s
CI / docker (pull_request) Successful in 1m26s
CI / coverage (pull_request) Successful in 11m59s
CI / status-check (pull_request) Successful in 3s
auto/needs-reevaluation
controller-managed
Priority
Critical
State
Paused
Type
Bug
fix(security): use relpath containment instead of startswith to prevent prefix-collision bypass
Some checks failed
CI / lint (pull_request) Successful in 57s
CI / typecheck (pull_request) Successful in 1m11s
CI / security (pull_request) Successful in 1m11s
CI / quality (pull_request) Successful in 1m12s
CI / build (pull_request) Successful in 36s
CI / helm (pull_request) Successful in 32s
CI / push-validation (pull_request) Successful in 30s
CI / integration_tests (pull_request) Failing after 4m48s
CI / unit_tests (pull_request) Failing after 5m55s
CI / coverage (pull_request) Has been skipped
CI / docker (pull_request) Has been skipped
CI / status-check (pull_request) Failing after 3s
auto/needs-reevaluation
controller-managed
Priority
Critical
State
Paused
Type
Bug
fix(security): fix file_tools.py validate_path startswith bypass #7478
Some checks failed
CI / helm (pull_request) Successful in 55s
CI / build (pull_request) Successful in 2m34s
CI / push-validation (pull_request) Successful in 3m13s
CI / quality (pull_request) Successful in 4m18s
CI / lint (pull_request) Successful in 4m23s
CI / security (pull_request) Successful in 4m27s
CI / typecheck (pull_request) Successful in 4m29s
CI / unit_tests (pull_request) Failing after 4m45s
CI / coverage (pull_request) Has been skipped
CI / docker (pull_request) Has been skipped
CI / integration_tests (pull_request) Successful in 9m25s
CI / status-check (pull_request) Failing after 11s
fix(security): fix file_tools.py validate_path startswith bypass #7478
All checks were successful
CI / push-validation (pull_request) Successful in 1m1s
CI / build (pull_request) Successful in 1m30s
CI / helm (pull_request) Successful in 1m8s
CI / quality (pull_request) Successful in 1m55s
CI / lint (pull_request) Successful in 2m9s
CI / typecheck (pull_request) Successful in 2m38s
CI / security (pull_request) Successful in 2m36s
CI / integration_tests (pull_request) Successful in 4m9s
CI / unit_tests (pull_request) Successful in 6m6s
CI / docker (pull_request) Successful in 1m28s
CI / coverage (pull_request) Successful in 11m36s
CI / status-check (pull_request) Successful in 3s
fix(security): fix validate_path startswith bypass #7478
Some checks failed
CI / benchmark-regression (push) Has been skipped
CI / lint (push) Successful in 1m21s
CI / quality (push) Successful in 1m33s
CI / helm (push) Successful in 51s
CI / build (push) Successful in 1m12s
CI / push-validation (push) Successful in 50s
CI / security (push) Successful in 1m59s
CI / typecheck (push) Successful in 2m18s
CI / integration_tests (push) Successful in 4m51s
CI / e2e_tests (push) Successful in 5m1s
CI / unit_tests (push) Successful in 6m42s
CI / docker (push) Successful in 1m36s
CI / coverage (push) Successful in 13m8s
CI / status-check (push) Successful in 3s
CI / benchmark-publish (push) Successful in 1h25m1s
CI / benchmark-publish (pull_request) Has been skipped
CI / benchmark-regression (pull_request) Failing after 1m12s
CI / typecheck (pull_request) Successful in 1m36s
CI / docker (pull_request) Successful in 1m28s
CI / integration_tests (pull_request) Successful in 4m52s
CI / push-validation (pull_request) Successful in 20s
CI / quality (pull_request) Successful in 1m23s
CI / helm (pull_request) Successful in 36s
CI / build (pull_request) Successful in 58s
CI / lint (pull_request) Successful in 1m6s
CI / security (pull_request) Successful in 1m47s
CI / e2e_tests (pull_request) Successful in 4m21s
CI / unit_tests (pull_request) Successful in 5m51s
CI / coverage (pull_request) Successful in 12m1s
CI / status-check (pull_request) Successful in 4s
MoSCoW
Must have
Priority
Medium
State
In Review
fix(a2a): validate session_id at entry of _handle_session_close before devcontainer cleanup
Some checks failed
CI / benchmark-publish (pull_request) Has been skipped
CI / helm (pull_request) Successful in 51s
CI / lint (pull_request) Failing after 1m9s
CI / benchmark-regression (pull_request) Failing after 1m16s
CI / build (pull_request) Successful in 1m4s
CI / integration_tests (pull_request) Failing after 1m23s
CI / e2e_tests (pull_request) Failing after 1m24s
CI / quality (pull_request) Successful in 1m28s
CI / unit_tests (pull_request) Failing after 1m37s
CI / typecheck (pull_request) Failing after 1m39s
CI / security (pull_request) Failing after 2m4s
CI / coverage (pull_request) Has been skipped
CI / docker (pull_request) Has been skipped
CI / push-validation (pull_request) Successful in 22s
CI / status-check (pull_request) Failing after 3s
State
In Review
Type
Bug
fix(security): fix file_tools.py validate_path startswith bypass #7478
Some checks failed
CI / benchmark-publish (pull_request) Has been skipped
CI / lint (pull_request) Failing after 54s
CI / quality (pull_request) Successful in 1m11s
CI / typecheck (pull_request) Successful in 1m25s
CI / security (pull_request) Successful in 1m26s
CI / benchmark-regression (pull_request) Failing after 58s
CI / build (pull_request) Successful in 43s
CI / helm (pull_request) Successful in 42s
CI / push-validation (pull_request) Successful in 22s
CI / unit_tests (pull_request) Failing after 4m29s
CI / coverage (pull_request) Has been skipped
CI / docker (pull_request) Has been skipped
CI / integration_tests (pull_request) Successful in 5m8s
CI / e2e_tests (pull_request) Successful in 5m25s
CI / status-check (pull_request) Failing after 3s
fix(security): fix file_tools.py validate_path startswith bypass #7478
Some checks failed
CI / coverage (push) Blocked by required conditions
CI / docker (push) Blocked by required conditions
CI / status-check (push) Blocked by required conditions
CI / benchmark-regression (push) Has been skipped
CI / helm (push) Successful in 48s
CI / push-validation (push) Successful in 35s
CI / build (push) Successful in 1m4s
CI / lint (push) Successful in 1m18s
CI / quality (push) Successful in 1m22s
CI / typecheck (push) Successful in 1m46s
CI / e2e_tests (push) Successful in 4m42s
CI / integration_tests (push) Successful in 7m51s
CI / unit_tests (push) Successful in 12m20s
CI / security (push) Failing after 13m26s
CI / benchmark-publish (push) Successful in 1h31m13s
CI / benchmark-publish (pull_request) Has been skipped
CI / benchmark-regression (pull_request) Failing after 1m27s
CI / status-check (pull_request) Successful in 3s
CI / integration_tests (pull_request) Successful in 4m32s
CI / unit_tests (pull_request) Successful in 9m46s
CI / helm (pull_request) Successful in 54s
CI / build (pull_request) Successful in 1m4s
CI / push-validation (pull_request) Successful in 22s
CI / docker (pull_request) Successful in 1m48s
CI / lint (pull_request) Successful in 1m10s
CI / quality (pull_request) Successful in 1m27s
CI / typecheck (pull_request) Successful in 1m42s
CI / e2e_tests (pull_request) Successful in 5m24s
CI / security (pull_request) Successful in 2m10s
CI / coverage (pull_request) Successful in 12m19s
fix(providers): add ProviderType.GEMINI to FALLBACK_ORDER
Some checks failed
CI / benchmark-publish (pull_request) Has been skipped
CI / build (pull_request) Successful in 1m7s
CI / helm (pull_request) Successful in 40s
CI / lint (pull_request) Successful in 1m14s
CI / push-validation (pull_request) Successful in 30s
CI / benchmark-regression (pull_request) Failing after 1m21s
CI / quality (pull_request) Successful in 1m27s
CI / typecheck (pull_request) Successful in 1m33s
CI / security (pull_request) Successful in 1m34s
CI / integration_tests (pull_request) Successful in 4m23s
CI / e2e_tests (pull_request) Successful in 5m23s
CI / unit_tests (pull_request) Failing after 15m49s
CI / status-check (pull_request) Has been cancelled
CI / coverage (pull_request) Has been cancelled
CI / docker (pull_request) Has been cancelled
MoSCoW
Must have
Priority
Medium
State
In Review
Type
Bug
fix(tui): rename ActorSelectionOverlay._render to _refresh_display to avoid shadowing Textual Widget._render
All checks were successful
CI / lint (pull_request) Successful in 1m5s
CI / quality (pull_request) Successful in 1m13s
CI / build (pull_request) Successful in 44s
CI / security (pull_request) Successful in 1m32s
CI / helm (pull_request) Successful in 39s
CI / typecheck (pull_request) Successful in 1m54s
CI / push-validation (pull_request) Successful in 20s
CI / integration_tests (pull_request) Successful in 6m12s
CI / unit_tests (pull_request) Successful in 7m54s
CI / docker (pull_request) Successful in 1m36s
CI / coverage (pull_request) Successful in 11m0s
CI / status-check (pull_request) Successful in 3s
Type
Bug
fix(security): fix file_tools.py validate_path startswith bypass #7478 (#11002)
Some checks failed
CI / benchmark-publish (pull_request) Has been skipped
CI / push-validation (pull_request) Successful in 28s
CI / helm (pull_request) Successful in 46s
CI / lint (pull_request) Failing after 1m10s
CI / build (pull_request) Successful in 55s
CI / quality (pull_request) Successful in 1m9s
CI / unit_tests (pull_request) Failing after 1m19s
CI / typecheck (pull_request) Successful in 1m31s
CI / security (pull_request) Successful in 1m37s
CI / coverage (pull_request) Has been skipped
CI / docker (pull_request) Has been skipped
CI / integration_tests (pull_request) Successful in 4m3s
CI / e2e_tests (pull_request) Failing after 4m29s
CI / status-check (pull_request) Failing after 3s
CI / benchmark-regression (pull_request) Failing after 1m15s
fix(security): fix file_tools.py validate_path startswith bypass #7478
Some checks failed
CI / lint (pull_request) Successful in 1m4s
CI / typecheck (pull_request) Successful in 1m28s
CI / security (pull_request) Successful in 1m29s
CI / push-validation (pull_request) Successful in 54s
CI / helm (pull_request) Successful in 59s
CI / build (pull_request) Successful in 1m43s
CI / quality (pull_request) Successful in 2m28s
CI / integration_tests (pull_request) Successful in 4m58s
CI / unit_tests (pull_request) Failing after 5m47s
CI / coverage (pull_request) Has been skipped
CI / docker (pull_request) Has been skipped
CI / status-check (pull_request) Failing after 3s
MoSCoW
Must have
Priority
Critical
State
In Review
Type
Bug
fix(providers): add ProviderType.GEMINI to ProviderRegistry.FALLBACK_ORDER
Some checks failed
CI / quality (pull_request) Successful in 53s
CI / lint (pull_request) Successful in 1m4s
CI / benchmark-publish (pull_request) Has been skipped
CI / typecheck (pull_request) Successful in 1m20s
CI / security (pull_request) Successful in 1m21s
CI / helm (pull_request) Successful in 25s
CI / build (pull_request) Successful in 44s
CI / push-validation (pull_request) Successful in 23s
CI / benchmark-regression (pull_request) Failing after 59s
CI / e2e_tests (pull_request) Successful in 3m54s
CI / unit_tests (pull_request) Failing after 4m6s
CI / coverage (pull_request) Has been skipped
CI / docker (pull_request) Has been skipped
CI / integration_tests (pull_request) Successful in 4m7s
CI / status-check (pull_request) Failing after 3s
🔒 fix(tui): fix thread-safety race in reference_parser catalog cache
Some checks failed
CI / push-validation (pull_request) Successful in 30s
CI / helm (pull_request) Successful in 37s
CI / build (pull_request) Successful in 51s
CI / lint (pull_request) Failing after 1m5s
CI / quality (pull_request) Successful in 1m29s
CI / typecheck (pull_request) Successful in 1m35s
CI / security (pull_request) Successful in 1m35s
CI / benchmark-publish (pull_request) Has been skipped
CI / benchmark-regression (pull_request) Failing after 1m3s
CI / e2e_tests (pull_request) Successful in 3m44s
CI / integration_tests (pull_request) Successful in 3m49s
CI / unit_tests (pull_request) Failing after 6m32s
CI / coverage (pull_request) Has been skipped
CI / docker (pull_request) Has been skipped
CI / status-check (pull_request) Failing after 16s
Type
Bug
fix(providers): add ProviderType.GEMINI to ProviderRegistry.FALLBACK_ORDER
Some checks failed
CI / status-check (push) Blocked by required conditions
CI / benchmark-regression (push) Has been skipped
CI / helm (push) Successful in 45s
CI / push-validation (push) Successful in 43s
CI / quality (push) Successful in 1m29s
CI / build (push) Successful in 1m7s
CI / lint (push) Successful in 1m39s
CI / typecheck (push) Successful in 1m54s
CI / security (push) Successful in 1m55s
CI / e2e_tests (push) Successful in 4m48s
CI / unit_tests (push) Successful in 5m45s
CI / integration_tests (push) Successful in 6m13s
CI / docker (push) Successful in 1m32s
CI / coverage (push) Failing after 19m57s
CI / benchmark-publish (push) Successful in 1h18m32s
CI / benchmark-publish (pull_request) Has been skipped
CI / lint (pull_request) Successful in 56s
CI / quality (pull_request) Successful in 1m14s
CI / typecheck (pull_request) Successful in 1m24s
CI / security (pull_request) Successful in 1m25s
CI / helm (pull_request) Successful in 38s
CI / push-validation (pull_request) Successful in 38s
CI / build (pull_request) Successful in 1m6s
CI / benchmark-regression (pull_request) Failing after 1m36s
CI / unit_tests (pull_request) Successful in 4m51s
CI / integration_tests (pull_request) Successful in 4m15s
CI / e2e_tests (pull_request) Failing after 4m35s
CI / coverage (pull_request) Has been cancelled
CI / docker (pull_request) Has been cancelled
CI / status-check (pull_request) Has been cancelled
Priority
Medium
State
In Review
Type
Bug
fix(cli): implement missing actor context list, show, and clear commands
Some checks failed
CI / push-validation (pull_request) Successful in 35s
CI / helm (pull_request) Successful in 45s
CI / build (pull_request) Successful in 1m17s
CI / quality (pull_request) Successful in 1m45s
CI / lint (pull_request) Successful in 1m57s
CI / typecheck (pull_request) Successful in 2m12s
CI / security (pull_request) Successful in 2m12s
CI / integration_tests (pull_request) Successful in 4m45s
CI / unit_tests (pull_request) Failing after 6m58s
CI / coverage (pull_request) Has been skipped
CI / docker (pull_request) Has been skipped
CI / status-check (pull_request) Failing after 8s
fix(providers): add ProviderType.GEMINI to ProviderRegistry.FALLBACK_ORDER
Some checks failed
CI / benchmark-publish (pull_request) Has been skipped
CI / lint (pull_request) Successful in 1m12s
CI / build (pull_request) Successful in 1m4s
CI / quality (pull_request) Successful in 1m32s
CI / typecheck (pull_request) Successful in 1m38s
CI / benchmark-regression (pull_request) Failing after 1m7s
CI / security (pull_request) Successful in 1m59s
CI / helm (pull_request) Successful in 41s
CI / push-validation (pull_request) Successful in 41s
CI / integration_tests (pull_request) Successful in 4m32s
CI / unit_tests (pull_request) Failing after 5m18s
CI / docker (pull_request) Has been skipped
CI / coverage (pull_request) Has been skipped
CI / e2e_tests (pull_request) Successful in 5m35s
CI / status-check (pull_request) Failing after 2s
auto/blocked-by-deps
MoSCoW
Must have
fix(cli): render spec-required panels in agents plan execute rich output
Some checks failed
CI / benchmark-publish (pull_request) Has been skipped
CI / push-validation (pull_request) Successful in 33s
CI / helm (pull_request) Successful in 43s
CI / build (pull_request) Successful in 51s
CI / lint (pull_request) Failing after 1m7s
CI / quality (pull_request) Successful in 1m14s
CI / typecheck (pull_request) Successful in 1m21s
CI / security (pull_request) Successful in 1m38s
CI / coverage (pull_request) Has been skipped
CI / e2e_tests (pull_request) Successful in 4m43s
CI / unit_tests (pull_request) Failing after 4m51s
CI / docker (pull_request) Has been skipped
CI / integration_tests (pull_request) Successful in 5m16s
CI / status-check (pull_request) Failing after 3s