- Unit tests covering config, agents, LLM memory, runtime, workspaces,
tools (notes, executor, token tracker), MCP tool wrapping, and knowledge indexer
- Security tests for command injection, scope bypass, API key leakage,
pickle RCE documentation, prompt injection, and MCP schema injection
- Integration tests for agent/workspace/tool-executor flows
- Fix: mask API keys in Settings.__repr__/__str__ to prevent leakage in
logs and tracebacks (detected by the new security tests)
- Add GitHub Actions workflow (tests.yml) with Python 3.10/3.11/3.12
matrix, separate unit/integration/lint jobs and coverage reporting
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Introduce command for CLI and TUI with create/activate, list, info, note, clear, export, import, and help actions
- Persist workspace state via marker and enriched (targets, operator notes, last_active_at, last_target)
- Restore on workspace activation and sync it to UI banner, agent state, and CLI output
- Enforce target normalization and ensure always exists in workspace targets
- Route loot output to when a workspace is active
- Prefer workspace-local knowledge paths for indexing and RAG resolution
- Persist RAG indexes per workspace and load existing indexes before re-indexing
- Add deterministic workspace export/import utilities (excluding caches)
- Integrate workspace handling into TUI slash commands with modal help screen
