Resolves 6 conflicts from the OSS-EE split landing on `ee` while `dev`
advanced independently. All resolutions are unions of both sides:
- agents/backend.py: AgentBackend protocol gains both ee's
attach_specialist_tools and dev's get/set_tool_policy.
- agents/codex_cli.py: keep ee's SDK abort-controller path; add dev's
_policy init (drop dead _process — ee removed subprocess use).
- agents/loop.py: _publish_pocket_event takes both metadata and trace_id;
pocket_created builds the payload dict with cloud identity + trace_id;
budget + titling methods both kept.
- agents/router.py: keep both create_isolated_backend and
scoped_tool_policy.
- config.py: union pydantic imports (AliasChoices + field/model_validator
+ NoDecode).
- security/guardian.py: keep ee's deferred-import rationale comment.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
test_tool_count_is_consistent_across_backends asserted that function-tool
backends carry exactly one more tool than shell-CLI backends — the
pocket_specialist tool. That tool ships with pocketpaw_ee, so on an
OSS-only install the two groups match exactly and the assertion failed.
The test now keys the expected delta off whether pocketpaw_ee is
importable (1 with EE, 0 without) — this was the last OSS-only failure.
Also un-skip the Test (Python x) matrix on ee-targeted PRs: it gives
3.11/3.12/3.13 coverage that tests.yaml's single-version gate lacks, so
it should run on every PR. Dropped -x and added the shared --deselect
list (#1079/#1080 pre-existing flakes) so it surfaces all failures.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
PR #1152 runs ci.yml on an `ee`-targeted PR for the first time (Phase 4
added `ee` to the triggers), surfacing pre-existing issues:
* Lint — 4 ruff errors in files the split never touched: an unused
`SpeechEventType` import and an unused `room` var in ee/cloud/livekit,
plus two E402 late-imports (livekit/service.py, dashboard.py). Dead
code removed; `# noqa: E402` where the placement is intentional.
* Test (OSS-only) — check_oss_boundary.py imports dashboard_state,
which builds Settings; its default localhost URLs trip the SSRF
validator in a bare env. Set POCKETPAW_ALLOW_INTERNAL_URLS=true for
that step. Also install --all-extras so optional-extra-gated tests
(codex-sdk etc.) have their deps, and add the tests.yaml deselects.
* Test matrix — skipped on `ee`-base PRs; tests.yaml is the full-suite
gate there and the matrix would only duplicate it.
These are pre-existing — `ee`'s own CI is already red; the split itself
is clean (build + import-linter + OSS boundary all green).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
EE is staying private for the next few releases — built in-house, no
public PyPI or private index. Correct the publish.yml header (it was
telling a future maintainer to wire in an EE publish step) and flag the
CI `build` job's wheel artifact as the place to grab the EE wheel.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
ci.yml is restructured for the two-package layout:
* build — builds both wheels and asserts neither leaks the other's
top-level package; uploads them as artifacts.
* test-oss (NEW, "Test (OSS-only)") — `uv sync --dev` (OSS core only),
runs the OSS-core test scope plus scripts/check_oss_boundary.py.
* test — now `uv sync --dev --group ee` (full install) so tests/ee
resolves; job name kept so the required status check is unchanged.
* import-linter ("OSS-EE boundary") — installs both packages and runs
lint-imports for the root config and `--config ee/pyproject.toml`.
tests.yaml gains the `ee` group so the PR gate can import pocketpaw_ee.
`uv sync --group ee` is used instead of `uv pip install -e ./ee` because
a later `uv run` re-sync would otherwise drop the pip-installed package.
publish.yml gets a warning header: it builds the core wheel only — the
pocketpaw-ee wheel must be wired in by Phase 5 before the next release.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
New oss-ee-boundary job in ci.yml runs two complementary checks:
- lint-imports — the static "OSS core may not import from EE" contract.
import-linter was not wired into any workflow before; all 16 contracts
now gate every PR.
- scripts/check_oss_boundary.py — blocks pocketpaw_ee at runtime and
asserts every reworked core module still imports and the extension
registry degrades to empty (catches import-time-only breakage the
static linter can't see).
The full standalone OSS-only package build is deferred to Phase 4, which
splits pyproject.toml — doing it before that split needs a fragile
file-copy hack.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
The two TestLoopThinkingIntegration tests in test_stream_event.py
broke after the default-loop's _get_router() picked up a backend-
change rebuild path (loop.py line 434+). Sequence:
1. Test sets ``loop._router = router`` (a MagicMock).
2. ``_process_message_inner`` calls ``self._get_router()``.
3. Default-loop branch reads ``Settings.load()`` and compares
``self._router._active_backend_name`` (None on a MagicMock) to
``fresh_settings.agent_backend`` ("claude_agent_sdk" or whatever
the test environment's loaded settings has).
4. Mismatch → tries to rebuild: ``asyncio.create_task(old.stop())``.
5. ``old.stop()`` returns a MagicMock (not a coroutine).
6. ``asyncio.create_task`` raises TypeError; the message handler's
outer try/except logs "❌ Error processing message" and returns
before either thinking_done or the assistant memory write fires.
Fix: set ``loop.agent_id = "test-agent"`` on each test. That sends
``_get_router()`` down the per-agent fast path (line 430-431) which
returns the cached router immediately without any rebuild check.
The per-agent path is the right shape for a unit test that injects
its own router — the rebuild path is for runtime backend swaps,
not test fixture wiring.
Both tests pass locally:
uv run pytest tests/test_stream_event.py::TestLoopThinkingIntegration -v
...
test_loop_thinking_publishes_system_event PASSED
test_loop_thinking_not_in_memory PASSED
2 passed in 0.24s
Also removes the corresponding --deselect lines from
.github/workflows/tests.yaml so the CI gate exercises these tests
again. Closes#1081.
* ci(tests): install enterprise extras so ee/cloud tests can import beanie
uv sync --dev skipped optional extras, so the new tests workflow choked
at collection on `from beanie import PydanticObjectId` in
ee/cloud/auth/core.py. Switch to --all-extras so every optional extra
(enterprise, soul, vector, etc.) is available; uv's cache keeps the
extra install cost small.
Closes#1068.
* ci(tests): note cold-start install cost in workflow comment
Self-review on #1074 flagged that the previous comment ("the extra
install cost is small") was misleading on cold starts — chromadb
pulls onnxruntime (~150 MB wheel) plus a few smaller wheels, adding
roughly 60 seconds on a cache miss. Subsequent runs hit uv's cache
and stay fast.
Comment-only change; no functional impact.
* test(guardian): patch get_settings at its config-module source
The Guardian tests patched pocketpaw.security.guardian.get_settings,
but guardian.py only imports get_settings lazily inside __init__()
(line 59) — there's no top-level reference to patch. Every Guardian
test errored at fixture setup with:
AttributeError: <module 'pocketpaw.security.guardian'> does not
have the attribute 'get_settings'
Patching pocketpaw.config.get_settings instead targets where the
lookup actually happens at call time. Behavior unchanged.
This rot was hidden until the new pytest workflow (#1066) started
running these tests in CI. Surfaces as 32 errors + 1 failure on
PR #1074's pytest job; this commit clears them.
Out of scope: 6 remaining test failures (3 concurrency flakes, 1 KB
context fixture, 2 stream-event assertions). Those will be filed as
separate follow-up issues.
* ci(tests): deselect six pre-existing test failures pending follow-up
The new pytest gate (#1066) surfaced 38 failures on first run. The
guardian-patch fix in the prior commit cleared 32 of them. The
remaining six are tracked as separate issues; deselecting them here
lets the gate ship green for new changes while the rot is fixed in
follow-ups:
#1079 — tests/test_concurrency.py (3 flaky list-membership checks)
#1080 — tests/test_context_budget.py::TestKbContext::test_successful_kb_fetch
#1081 — tests/test_stream_event.py (2 thinking-event assertions)
Each --deselect comes off as the corresponding issue lands. The
intent is "gate is green when new changes don't break anything and
red when they do" — so a future regression is unambiguously its own
PR's fault, not lingering rot.
* ci: add pytest workflow to PR Quality Gate
The existing PR Quality Gate runs lint and security scans, but does not
execute the test suite. PRs targeting `ee` therefore ship without any
pytest signal — broken tests slip through with all-green CI (see #1059,
which broke 35 tests undetected).
Adds a single workflow `.github/workflows/tests.yaml` that runs
`uv run pytest tests/ --ignore=tests/e2e --ignore=tests/test_frontend_syntax.py`
on every PR and on pushes to `ee`, `main`, and `dev`. Mirrors the uv
setup pattern from the existing `ci.yml` (setup-uv@v5, Python 3.12,
`uv sync --dev`).
Depends on #1064, which fixes the currently-broken tests on `ee`. CI on
this branch will fail until #1064 lands.
Closes#1065
* ci: scope tests workflow to ee/dev/main PRs + document no -x
Per #1066 review feedback. Adds branches filter to pull_request trigger
so the workflow doesn't fire on PRs against feature branches or unrelated
refs (matches ci.yml's scope). Also adds an inline comment explaining
why no -x flag (this is a gate; show all failures, not just first).
Patching pocketpaw.security.guardian.get_settings fails because get_settings is imported lazily inside GuardianAgent.__init__ to avoid a circular import (config → security.url_validators → security/__init__ → guardian). Patch pocketpaw.config.get_settings (the real source) instead.
Also add tests/test_logging_scrub.py to the secrets-scan exclude list alongside test_redact.py and test_pii.py — the xoxb- string is a required scrubber-test fixture, not a real credential.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Two stale reverts on dev had rolled back critical hotfixes landed
directly on main:
* ``client/src-tauri/tauri.conf.json`` was pinned back to ``0.1.3``,
which would silently downgrade the desktop client on merge (main is
at ``0.1.4``).
* ``.github/workflows/publish.yml`` lost its ``client-v*`` tag skip
guard, so the next desktop release would trigger a PyPI publish of
the Python package.
Restoring both so merging this release into main is a no-op for those
files, and bumping the package version from ``0.4.15`` to ``0.4.16`` so
the tagged release has a unique PyPI artifact. The lockfile update is
only the self-version reference.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix(client): reliable first-install pipeline and production CSP
Rewrites the Tauri installer to handle fresh devices with no Python/uv.
Uses a cascading bootstrap: find Python 3.11+ -> install uv -> uv python
install -> fallback to system package manager -> prompt user. Only passes
--uv-available when uv is actually detected. Reads both stdout and stderr
from the installer subprocess so errors are visible in the UI.
Fixes production-only "Failed to load sessions" by adding localhost to CSP
connect-src (production uses tauri.localhost origin, not 127.0.0.1).
Adds Tauri logging plugin (file + stdout + webview) and a TypeScript logger
wrapper with console fallback for non-Tauri environments.
Embeds Claude Code CLI installation in the bootstrap pipeline. Updates
"CLI not found" messages across all agent backends with platform-specific
install commands and alternative backend suggestions.
* fix(lint): reformat test files flagged by ruff
Reformat tests/test_headless_permissions.py and
tests/test_integration_headless.py to satisfy ruff format.
Fix UP038 lint error: use `dict | str` instead of `(dict, str)`.
Closes#584
* fix(client): add missing Command import in context.rs
The macOS active-context detection uses std::process::Command
but the import was missing, causing a build failure on macOS.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Prakash <prakashd88@gmail.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Pin lint job to 3.12 and run tests across all supported Python
versions to catch compatibility issues early.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(client): use numeric version 0.1.1 for MSI bundler compatibility (#561)
MSI bundler requires numeric-only pre-release identifiers.
0.1.0-alpha.2 broke Tauri builds on all platforms.
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* fix(client): compile-time cfg for Windows process flags (#563)
* fix(client): use compile-time cfg for Windows-only process flags
cfg!(windows) is a runtime check — the compiler still tries to resolve
std::os::windows::process::CommandExt on macOS/Linux, causing 6 errors.
Split into #[cfg(windows)] / #[cfg(not(windows))] helper functions,
matching the pattern already used by _spawn_backend.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(client): macOS traffic lights + non-interactive Unix installer
- Use titleBarStyle: Overlay with decorations: true to show native
macOS close/minimize/maximize buttons
- Unix installer now downloads installer.py and runs with
--non-interactive flag, matching the Windows approach. The shell
wrapper (install.sh) needs a TTY which isn't available from Tauri.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* fix(client): bump to 0.1.2, disable launcher on Python releases
- Bump desktop client version to 0.1.2
- Remove automatic release trigger from build-launcher.yml — desktop
builds now ship via publish-client.yml (Tauri). Launcher kept as
manual-dispatch-only legacy fallback.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Add FUNDING.yml for the Sponsor button and funding.json for
the open source funding standard (FLOSS fund compatible).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
libappindicator3-dev conflicts with libayatana-appindicator3-dev on
Ubuntu 22.04. Only the ayatana version is needed (modern replacement).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Fix pre-release boolean coercion with fromJSON() wrapper
- Add missing Ubuntu deps: libssl-dev, libgtk-3-dev, libayatana-appindicator3-dev
- Simplify Rust target to use matrix.target directly
- Add tag input to workflow_dispatch (prevents branch name as tag)
- Scope signing keys to build step only (least-privilege)
- Set releaseDraft: true for initial rollout (review before publish)
- Use github.event.inputs.tag || github.ref_name for tag/release name
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
GitHub Actions workflow that builds macOS (arm64 + x86_64), Windows,
and Linux binaries using tauri-action. Triggers on client-v* tags.
Alpha/beta/rc tags are automatically marked as pre-release.
Supports manual dispatch with pre-release toggle. Uses Bun for
frontend deps and Rust caching for faster builds.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Closes#484
- Add .github/copilot-instructions.md covering all 12 sections from the
issue: message bus rules, async conventions, protocol interfaces,
AgentEvent stream, lazy imports, where new code goes, security
non-negotiables, configuration, frontend constraints, testing
expectations, code style, and a common-mistakes table.
- Update CONTRIBUTING.md to reference the new file so contributors
using GitHub Copilot are directed to it.
The quality gate was only checking for admin/maintain roles, which
closed PRs from collaborators with write permission (the default
for org members). Add write to the maintainer check.
Non-maintainers targeting main are auto-closed with instructions to
retarget to dev. Maintainers (admin/maintain permission) are allowed
through. Uses GitHub's collaborator permission API. Also adds a reopen
guard to prevent reopening bot-closed or maintainer-closed PRs.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* chore: add PR quality gates and CI pipeline
- Upgrade pr-quality-gate.yml: auto-close PRs targeting main, detect
cosmetic/doc-only PRs, add size labels (XS/S/M/L/XL), flag unrelated
bundled changes
- Add ci.yml: run tests + ruff lint on every PR (was completely missing)
- Add stale.yml: auto-close abandoned PRs after 21 days, issues after 44
- Add CODEOWNERS: auto-assign @prakashUXtech as reviewer
- Update CONTRIBUTING.md: add "What we don't accept" section
- Update PR template: add branch/issue warnings, tighten checklist
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* chore: remove CODEOWNERS — unnecessary with single maintainer
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* chore: add reopen guard to PR quality gate
PRs that were previously closed by the bot or a maintainer are
automatically re-closed if the author reopens them. Forces contributors
to open a new PR with addressed feedback instead of reopening.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
- Re-check on edited/synchronize so updates are re-evaluated
- Remove needs-work label when all checks pass
- Add conventional commit title enforcement
- Skip bot PRs (Dependabot, Renovate, github-actions)
- Idempotent comments (update existing instead of duplicating)
- Remove overly aggressive "very small changes" check
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Remove docs/public/install.sh duplicate. The deploy-docs workflow now
copies installer/install.sh and install.ps1 into the build output at
deploy time, so pocketpaw.xyz/install.sh keeps working.
Also updates installer/install.sh with local installer.py detection
(prefer bundled installer.py, fall back to GitHub download).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Consolidate documentation from the separate pocketpaw-web repo into the
main pocketpaw repo. This keeps docs and code in sync so PRs can update
both atomically.
- Remove docs/ from .gitignore
- Remove docs' own .git (was pocketpaw/pocketpaw-web)
- Add .github/workflows/deploy-docs.yml (builds from docs/ subdirectory)
- Track all 120+ MDX pages, config, landing page, and public assets
The separate pocketpaw-web repo can now be archived.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Fix CI build path (build/ -> build-launcher/) and add icon generation (make_icons.py)
- Add macOS code signing (ad-hoc + production), DMG with Applications symlink
- Add Inno Setup script (pocketpaw.iss) with desktop/startup shortcuts and config cleanup
- Inject version from POCKETPAW_VERSION env var into binaries and Info.plist
- Add Windows PowerShell installer (install.ps1) with Python/uv detection and winget fallback
- Add auto-start module (launchd/registry/.desktop) with CLI flags and tray toggle
- Add uninstaller module with selective component removal and interactive console mode
- Enhance tray menu: version display, dynamic tooltip, View Logs, organized layout
- Add dynamic uv version resolution (GitHub API + 24h cache) and ARM64 Windows support
- Harden CI: checksum generation, artifact verification, signing certificate import
- Add TESTING.md with detailed manual test steps for macOS and Windows
- 26 new tests (15 autostart + 11 uninstall), all passing
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
