Skip to content

feat(agileplus): consolidate docs tree + consume shared traceability-core (git dep)#754

Merged
KooshaPari merged 48 commits into
mainfrom
feat/agileplus-shared-core
Jun 17, 2026
Merged

feat(agileplus): consolidate docs tree + consume shared traceability-core (git dep)#754
KooshaPari merged 48 commits into
mainfrom
feat/agileplus-shared-core

Conversation

@KooshaPari

@KooshaPari KooshaPari commented Jun 16, 2026

Copy link
Copy Markdown
Owner

User description

What's added

  • Docs consolidation: specs/ + kitty-specs/ → one docs/ tree (docs/specs/, docs/adr/, _archive/meta-json/); meta.json folded toward frontmatter. 158 moves, content preserved.
  • Shared spine: agileplus-domain now consumes traceability-core via GIT dep on phenotype-pm-core (no vendored copy) — one model across AgilePlus + Tracera.
  • Test fixes: workspace test profile unblocked for shared-core integration.

Verification

  • Additive: 158 renames + 1 D whose content survives at docs/specs/eco/eco-003-.../spec.md.
  • CI: cargo-deny/cargo-hack/Analyze (spine repo is PUBLIC so the git dep resolves).

Commits (2026-06-16)

  • baff21d consolidate kitty-specs + specs into docs/ tree
  • dd7df2a consume traceability-core from phenotype-pm-core git
  • ac9c394 unblock workspace tests for shared-core integration

🤖 Generated with Claude Code


Note

High Risk
Unresolved merge conflicts across the lockfile, workspace manifests, and CI block compilation; plus dependency-graph and slugify/validation behavior changes in domain that can break consumers once merged.

Overview
This PR pins the shared PM spine by wiring traceability-core from phenotype-pm-core (git rev) and tightens agileplus-domain toward a zero-dependency crate: local validate helpers, a local ErrorCode mirror, and CI allowlists that permit only traceability-core + async-trait (dropping phenotype-error-core, agileplus-validate, regex, uuid from domain). AppError mapping is updated to project domain errors onto the canonical wire ErrorCode.

Supply chain & CI adds .cargo/audit.toml acknowledging RUSTSEC-2023-0071, commits Cargo.lock (with .gitignore documenting why), hardens Codecov (OIDC, fail_ci_if_error: true), switches commitlint to .commitlintrc.json with commitDepth: 1, and adjusts Rust extra jobs (prebuilt cargo-machete / semver / typos-cli, stricter extras without continue-on-error).

Product surface adds a large agileplus-dashboard routes.rs (HTMX + JSON for kanban, health, agents, evidence, settings, SSE, work-packages/epics-stories JSON). Smaller domain/API tweaks include CycleWithFeatures::is_shippable, SyncMapping::increment_conflict, feature labels via migration 026, and event pagination aligning after_sequence with strict sequence > from.

Critical: the diff still contains unresolved <<<<<<< HEAD merge conflicts in Cargo.toml, Cargo.lock, workflows, buf.yaml, agileplus-domain/cli/worklog, and others—the tree will not build until those are resolved and one side of the dependency/workspace graph is chosen.

Reviewed by Cursor Bugbot for commit b598342. Configure here.

Note

Consolidate docs tree into docs/ and consume traceability-core as a git dependency

  • Moves all specs from kitty-specs/ and specs/ into docs/specs/, journey markdown from docs/operations/journeys/ into docs/journeys/, and trace JSON archives into docs/_archive/traces-json/; adds a consolidation script that merges meta.json frontmatter into spec.md files and folds trace JSON into journey frontmatter.
  • Replaces local phenotype-error-core, phenotype-string, regex, uuid, and related dependencies in agileplus-domain with a pinned git dependency on traceability-core (KooshaPari/phenotype-pm-core rev d5ceb308); governance, intent graph, and lifecycle types are re-exported from traceability_core via lib.rs.
  • Adds a labels column to the features table via migration 026, persists and queries labels through create_feature, update_feature, and a new list_features_by_label function, and surfaces both through StoragePort and ContentStoragePort.
  • Adds CycleWithFeatures::is_shippable(), SyncMapping::increment_conflict(), AppConfig::load_with_env_overrides returning DomainError, and a local ErrorCode enum replacing the external dependency.
  • Commits Cargo.lock to the repository and updates CI's dependency allowlist to permit traceability-core and async-trait.
  • Risk: slugify in builder.rs now uses a local ASCII-only kebab-case algorithm that may produce different slugs than the previous phenotype_string::slugify.
📊 Macroscope summarized d214337. 1 file reviewed, 0 issues evaluated, 0 issues filtered, 0 comments posted

🗂️ Filtered Issues

No issues evaluated.


CodeAnt-AI Description

Add dashboard pages and APIs while tightening core data handling

What Changed

  • Added a full dashboard surface for viewing features, work packages, health status, events, evidence, media, settings, and service actions from the web UI and JSON endpoints.
  • Saved dashboard, Plane, agent, and service settings to local config, with clearer status messages and connection checks.
  • Added feature labels support in storage so features can carry and return label lists.
  • Made event paging use a strict “after” cursor so the next page no longer repeats the last event.
  • Fixed event storage to assign the next sequence number when saving events, avoiding duplicate sequence collisions.
  • Kept the domain crate self-contained by using local validation helpers and local error codes, while preserving existing error-to-wire mappings.
  • Updated the in-memory Plane client and related tests so mocked Plane work items behave like shared state across calls.

Impact

✅ Clearer dashboard navigation
✅ Fewer repeated events in activity feeds
✅ Fewer event save conflicts
✅ Easier feature labeling and filtering

💡 Usage Guide

Checking Your Pull Request

Every time you make a pull request, our system automatically looks through it. We check for security issues, mistakes in how you're setting up your infrastructure, and common code problems. We do this to make sure your changes are solid and won't cause any trouble later.

Talking to CodeAnt AI

Got a question or need a hand with something in your pull request? You can easily get in touch with CodeAnt AI right here. Just type the following in a comment on your pull request, and replace "Your question here" with whatever you want to ask:

@codeant-ai ask: Your question here

This lets you have a chat with CodeAnt AI about your pull request, making it easier to understand and improve your code.

Example

@codeant-ai ask: Can you suggest a safer alternative to storing this secret?

Preserve Org Learnings with CodeAnt

You can record team preferences so CodeAnt AI applies them in future reviews. Reply directly to the specific CodeAnt AI suggestion (in the same thread) and replace "Your feedback here" with your input:

@codeant-ai: Your feedback here

This helps CodeAnt AI learn and adapt to your team's coding style and standards.

Example

@codeant-ai: Do not flag unused imports.

Retrigger review

Ask CodeAnt AI to review the PR again, by typing:

@codeant-ai: review

Check Your Repository Health

To analyze the health of your code repository, visit our dashboard at https://app.codeant.ai. This tool helps you identify potential issues and areas for improvement in your codebase, ensuring your repository maintains high standards of code health.

KooshaPari and others added 3 commits June 16, 2026 05:54
Merge parallel spec roots into docs/specs/{eco,crates}, fold 32 meta.json
files into spec.md frontmatter, archive JSON under docs/_archive/, and
record the layout in ADR-0003/0004 with redirect stubs at legacy paths.

Co-authored-by: Cursor <cursoragent@cursor.com>
Wire traceability-core via git dep (not vendored), re-export lifecycle,
governance, and IntentGraph from agileplus-domain, and switch phenoShared
path deps to git for reproducible builds.

Co-authored-by: Cursor <cursoragent@cursor.com>
Add feature labels migration, StoragePort label queries, StdioTransport
Debug, plane mock persistence, contract-test fixes, and small domain/test
repairs so the workspace compiles and the majority of tests pass.

Co-authored-by: Cursor <cursoragent@cursor.com>
@codeant-ai

codeant-ai Bot commented Jun 16, 2026

Copy link
Copy Markdown

Skipping CodeAnt AI review — this PR changes more than 100 files, which usually means a migration, codemod, or vendored drop. Line-level review on diffs this large produces duplicate findings on the same rewrite pattern and drowns out anything that actually matters.

If you still want a review, comment @codeant-ai : review. For better signal, consider splitting the PR into smaller chunks.

@coderabbitai

coderabbitai Bot commented Jun 16, 2026

Copy link
Copy Markdown

Review Change Stack

Warning

Review limit reached

@KooshaPari, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 15 minutes and 26 seconds. Learn how PR review limits work.

Your organization has run out of usage credits. Purchase more credits in the billing tab to continue.

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based credits.

🚦 How do rate limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan refill rate.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, the refill rate gradually slows as usage increases. The highest same-day bursts are limited more strictly.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 83dcef3d-8043-45e5-9ff9-5fa6e01b1a71

📥 Commits

Reviewing files that changed from the base of the PR and between c9b140f and d420eeb.

⛔ Files ignored due to path filters (1)
  • Cargo.lock is excluded by !**/*.lock
📒 Files selected for processing (30)
  • .github/workflows/ai-testing.yml
  • _typos.toml
  • crates/agileplus-api/tests/api_integration.rs
  • crates/agileplus-cli/src/commands/intent.rs
  • crates/agileplus-cli/src/commands/version.rs
  • crates/agileplus-cli/src/main.rs
  • crates/agileplus-cli/src/runtime.rs
  • crates/agileplus-dashboard/web/package.json
  • crates/agileplus-dashboard/web/playwright.config.ts
  • crates/agileplus-dashboard/web/src/components/foundation/Button.test.tsx
  • crates/agileplus-dashboard/web/src/components/foundation/Input.test.tsx
  • crates/agileplus-domain/Cargo.toml
  • crates/agileplus-domain/src/config.rs
  • crates/agileplus-domain/src/credentials.rs
  • crates/agileplus-domain/src/domain/cycle.rs
  • crates/agileplus-domain/src/lib.rs
  • crates/agileplus-domain/src/traceability.rs
  • crates/agileplus-domain/tests/acceptance_traceability_integration_test.rs
  • crates/agileplus-domain/tests/traceability_test.rs
  • crates/agileplus-hook/Cargo.toml
  • crates/agileplus-proto/src/lib.rs
  • crates/agileplus-proto/src/stubs.rs
  • crates/agileplus-sqlite/src/migrations/026_feature_labels.sql
  • crates/phenotype-sandbox/src/network.rs
  • docs/specs/eco/eco-001-worktree-remediation/plan.md
  • docs/specs/eco/eco-003-circular-dep-resolution/spec.md
  • docs/specs/eco/eco-004-hexagonal-migration/spec.md
  • docs/specs/eco/eco-005-xdd-quality/spec.md
  • docs/specs/eco/eco-006-governance-sync/spec.md
  • tests/contracts/sync_plane_contract.rs
📝 Walkthrough

Walkthrough

Introduces the complete agileplus-dashboard Axum routing layer with HTML/HTMX handlers, SSE streaming, evidence serving, service administration, and settings persistence. Simultaneously refactors agileplus-domain to own its validation helpers and ErrorCode enum, makes InMemoryPlaneClient thread-safe and publicly exported, fixes event sequence generation and pagination semantics, adds SQLite migration 026, and hardens CI with OIDC Codecov upload, tokenless audit suppression, and a committed Cargo.lock.

Changes

Dashboard Routes, Domain Refactoring, and Tooling Hardening

Layer / File(s) Summary
Domain validation, ErrorCode, and config refactoring
crates/agileplus-domain/Cargo.toml, crates/agileplus-domain/src/lib.rs, crates/agileplus-domain/src/validate.rs, crates/agileplus-domain/src/error.rs, crates/agileplus-domain/src/domain/module.rs, crates/agileplus-domain/src/domain/project.rs, crates/agileplus-domain/src/domain/sync_mapping.rs, crates/agileplus-domain/src/domain/cycle.rs, crates/agileplus-domain/src/config.rs, crates/agileplus-application/src/error.rs
Adds a new in-domain validate module (name_required, slug_format), defines a local serde-serializable ErrorCode enum, updates module.rs/project.rs imports, adds SyncMapping::increment_conflict, changes AppConfig::load_with_env_overrides return type to Result<Self, DomainError>, and rewrites the application-layer error projection to explicitly remap domain ErrorCode variants to wire variants.
InMemoryPlaneClient thread-safety and public export
crates/agileplus-plane/src/client/mock.rs, crates/agileplus-plane/src/client/mod.rs
Refactors InMemoryPlaneClient to use private Mutex-wrapped collections, rewrites all mutation and read paths to operate under locks, and promotes the mock module and its re-export from #[cfg(test)]-only to unconditional public visibility.
Event sequence generation and pagination boundary fix
crates/agileplus-sqlite/src/repository/events.rs, crates/agileplus-events/src/query.rs
Changes append_event to compute and return the next per-entity sequence as get_latest_sequence + 1 instead of relying on the event's existing sequence value. Fixes EventQuery::filter to treat after_sequence as strictly-exclusive and updates the corresponding test.
SQLite WAL configuration and migration 026
crates/agileplus-sqlite/src/lib.rs, crates/agileplus-sqlite/src/migrations/025_create_intent_graph.sql, crates/agileplus-sqlite/src/migrations/mod.rs
Adds an enable_wal flag to configure_and_migrate skipping WAL for in-memory databases, simplifies trigger error messages in migration 025, and registers new migration 026 for feature labels.
Dashboard types, config persistence, and core helpers
crates/agileplus-dashboard/src/routes.rs (lines 1–753)
Defines all public JSON response structs, persisted config structs (Config with load/save), request form structs, and shared helper logic including HTMX detection, HTML escaping, percent-encoding, template rendering, and project/feature/evidence view builders.
Dashboard HTML page and partial handlers
crates/agileplus-dashboard/src/routes.rs (lines 754–1361)
Adds all navigation/UI handlers: root, home, dashboard, kanban (with HTMX partial), feature detail, work-package list, health panel, timeline, feature events/media, agent activity, health JSON polling, project switcher, and settings/hub/time-footer pages.
Evidence serving, gallery, and async generation
crates/agileplus-dashboard/src/routes.rs (lines 1362–1630)
Implements disk-backed bundle.json loading, serves evidence content and previews with path-traversal defenses, lists and generates evidence bundles via async process spawning, and exposes gallery metadata as JSON.
SSE stream, feature transition, and service administration
crates/agileplus-dashboard/src/routes.rs (lines 1631–2181)
Adds the SSE heartbeat stream, feature state transition handler, service restart with allowlist validation, PATCH config persistence, enable/disable toggle with health state update, agent connection test, and all settings save/test endpoints.
Additional JSON APIs, router wiring, and tests
crates/agileplus-dashboard/src/routes.rs (lines 2182–2819)
Adds flat work-package JSON and SQLite-backed epics/stories JSON endpoints, wires all routes via router(state), and provides router-level integration tests and pure-function unit tests for all dashboard utilities.
Sync-plane contract tests
tests/contracts/sync_plane_contract.rs
Updates imports to use the now-public InMemoryPlaneClient, updates all SyncMapping construction sites to the new field names (content_hash, sync_direction, conflict_count), and corrects the idempotency assertion.
Edge ID generation
crates/agileplus-domain/src/builder.rs
Replaces UUID-based edge ID generation with a process-unique new_edge_id() helper combining a nanosecond timestamp and atomic counter.
CI workflow, security audit, deny policy, and lockfile
.github/workflows/ci.yml, .cargo/audit.toml, rust/deny.toml, .gitignore
Removes continue-on-error from rust-extras, switches typo-check to run typos directly, adds OIDC permission and tokenless Codecov upload, limits commit-lint to the final squash commit, suppresses RUSTSEC-2023-0071 via audit config, tightens license wildcard policy, and commits Cargo.lock.
Miscellaneous small fixes and tooling configs
buf.yaml, crates/agileplus-api/src/routes/features.rs, crates/agileplus-application/src/use_cases/triage.rs, crates/agileplus-cli/src/main.rs, crates/agileplus-pipeline/Cargo.toml, crates/agileplus-pipeline/src/dot_export.rs, crates/agileplus-events/Cargo.toml, crates/agileplus-hook/Cargo.toml, crates/agileplus-triage/src/hybrid_pipeline.rs, crates/phenotype-dep-guard/src/lockfile.rs, crates/phenotype-mcp-sdk-rs/src/..., crates/phenotype-sandbox/src/network.rs, python/pyproject.toml, proto/agileplus/v1/work_items.proto, docs/adr/0005-traceability-core-git-dependency.md, traces/README.md, docs/specs/eco/..., kitty-specs/..., tools/Export-Brand.ps1
Covers import simplifications, CLI format string fixes, tokio process feature, dot_export simplification, dependency additions, doc-comment reflows, dead_code attribute, MCP SDK import removals, NetworkMode Default derive, Python pyproject, proto Java option removal, ADR-0005, trace README, and retired spec/conflict-marker cleanup.

Sequence Diagram(s)

sequenceDiagram
    participant Browser
    participant DashboardRouter as router()
    participant Handler
    participant DashboardStore as SharedState
    participant Disk as Evidence/Config on Disk

    Browser->>DashboardRouter: GET /dashboard (HTMX or full)
    DashboardRouter->>Handler: dashboard_page / kanban_board
    Handler->>DashboardStore: read features, health
    DashboardStore-->>Handler: project views
    Handler-->>Browser: HTML or HTMX partial

    Browser->>DashboardRouter: GET /api/health
    DashboardRouter->>Handler: health_json
    Handler->>Handler: health::run_health_checks()
    Handler->>DashboardStore: update health state
    DashboardStore-->>Handler: updated HealthStatus
    Handler-->>Browser: JSON

    Browser->>DashboardRouter: GET /api/stream (SSE)
    DashboardRouter->>Handler: sse_stream
    Handler-->>Browser: SSE events (heartbeat, feature_updated, health_changed)

    Browser->>DashboardRouter: POST /api/services/restart
    DashboardRouter->>Handler: restart_service
    Handler->>Handler: validate allowlist + template
    Handler->>Disk: spawn generate-evidence.sh or restart command
    Disk-->>Handler: process started
    Handler-->>Browser: JSON status

    Browser->>DashboardRouter: POST /api/settings/plane
    DashboardRouter->>Handler: save_plane_settings
    Handler->>Disk: Config::load() then config.save()
    Disk-->>Handler: persisted
    Handler-->>Browser: success HTML
Loading

Estimated code review effort

🎯 5 (Critical) | ⏱️ ~120 minutes

Possibly related PRs

  • KooshaPari/AgilePlus#295: Directly related — the main PR's InMemoryPlaneClient refactoring to Mutex/private fields and public export builds on the InMemoryPlaneClient struct introduced in this PR.
  • KooshaPari/AgilePlus#701: Both PRs modify crates/agileplus-domain/src/error.rs and crates/agileplus-application/src/error.rs to change how domain errors are projected to wire ErrorCode variants.
  • KooshaPari/AgilePlus#276: The main PR's change to append_event sequence computation directly affects the state_transitioned event appends that PR #276's CLI ship/validate/retrospective commands rely on.

Suggested labels

layered-pr-exception, area:deps

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Title check ✅ Passed The PR title accurately summarizes the two main changes: docs consolidation and consuming traceability-core as a git dependency, matching the primary objectives.
Description check ✅ Passed The PR description is comprehensive and directly related to the changeset, detailing docs consolidation, traceability-core integration, test fixes, and verification steps.
Docstring Coverage ✅ Passed Docstring coverage is 80.38% which is sufficient. The required threshold is 80.00%.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch feat/agileplus-shared-core
✨ Simplify code
  • Create PR with simplified code
  • Commit simplified code in branch feat/agileplus-shared-core

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@gemini-code-assist

Copy link
Copy Markdown

Warning

You have reached your daily quota limit. Please wait up to 24 hours and I will start processing your requests again!

@cursor cursor Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Stale comment

Risk: medium. Not approving: Cursor Bugbot is still in progress after the 8-minute wait (no <!-- BUGBOT_REVIEW --> comment yet), and this PR exceeds the low-risk approval threshold (git-pinned shared spine, domain/storage trait changes, SQLite migration). Human review is required; no non-author reviewers are configured in CODEOWNERS.

Open in Web View Automation 

Sent by Cursor Approval Agent: Pull Request Approver

@cursor

cursor Bot commented Jun 16, 2026

Copy link
Copy Markdown

Bugbot couldn't run - usage limit reached

Bugbot is counted against Cursor usage for this user or team, and this run hit a usage or spend limit.

A user or team admin can review and increase usage limits in the Cursor dashboard.

(requestId: serverGenReqId_507e17aa-992a-4477-83bb-8f26aa9472f6)

Comment thread Cargo.toml
phenotype-string = { path = "../phenoShared/crates/phenotype-string" }
phenotype-test-infra = { path = "../phenoShared/crates/phenotype-test-infra" }
phenotype-event-bus = { path = "../phenoShared/crates/phenotype-event-bus" }
phenotype-error-core = { git = "https://github.com/KooshaPari/phenoShared", branch = "main" }

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CRITICAL: Unpinned git dependencies (only branch = "main"/"master" set, no tag/rev). Builds are non-deterministic — any push to the main/master branch of phenoShared or phenotype-pm-core silently changes agileplus-domain semantics. This is a known cargo footgun: cargo will re-fetch the branch on every build, and CI/local builds can disagree. Pin to a specific tag or rev (and ideally record the Cargo.lock commit), or vendor.


Reply with @kilocode-bot fix it to have Kilo Code address this issue.

Comment thread crates/agileplus-domain/src/builder.rs Outdated
///
/// Delegates to the shared `phenotype-string` crate so every consumer repo
/// (AgilePlus, Tracera, teamcomm, ...) uses identical slug rules.
/// Simple slugify: lowercase, ASCII alphanumeric + hyphens, trimmed.

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

WARNING: The new inlined slugify is not equivalent to the prior phenotype_string::slugify it replaced. It only keeps is_ascii_alphanumeric() plus -; any non-ASCII (e.g. accented chars, CJK, emoji) is collapsed to -. This silently changes slugs for non-ASCII titles vs. other consumers (Tracera, teamcomm) that still use the shared crate — git log shows that ADR-0005 explicitly cites cross-repo consistency as the motivation. Either restore the shared dependency or document the divergence clearly.


Reply with @kilocode-bot fix it to have Kilo Code address this issue.

async fn get_feature_by_slug(&self, slug: &str) -> Result<Option<Feature>, DomainError>;
async fn get_feature_by_id(&self, id: i64) -> Result<Option<Feature>, DomainError>;
async fn update_feature_state(&self, id: i64, state: FeatureState) -> Result<(), DomainError>;
async fn update_feature(&self, feature: &Feature) -> Result<(), DomainError>;

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CRITICAL: Adding required methods (update_feature, list_features_by_label) to the public StoragePort trait is a SemVer-breaking change for any out-of-tree implementer (e.g. downstream repos in the Phenotype org that implement StoragePort). Same applies to the 5 default-implemented MVP hooks added right after — defaults are fine for forward compatibility, but the two non-defaulted methods break every existing impl. Provide default unimplemented!()/error bodies (or version the trait) and document the bump.


Reply with @kilocode-bot fix it to have Kilo Code address this issue.

async fn update_feature(&self, feature: &Feature) -> Result<(), DomainError>;
async fn list_features_by_state(
&self,
state: FeatureState,

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

WARNING: New list_features_by_label(&str) does not specify whether the match is exact, case-sensitive, or normalized. Combined with the SQLite impl below (LIKE '%"label"%'), a label "foo" will also match "foobar" and any label containing a JSON-escaped quote will misbehave. Document the contract (exact, case-sensitive, trimmed) on the trait method, and add a test that fails for the substring-match case.


Reply with @kilocode-bot fix it to have Kilo Code address this issue.

async fn get_wp_dependencies(&self, wp_id: i64) -> Result<Vec<WpDependency>, DomainError>;
async fn get_ready_wps(&self, feature_id: i64) -> Result<Vec<WorkPackage>, DomainError>;

// --- MVP: story-scoped work packages ---

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

SUGGESTION: Five new MVP trait methods all default to Err(DomainError::NotImplemented). Confirm DomainError::NotImplemented is already defined (it is referenced but the diff does not show its declaration) and that it implements the right error kind — Default-style unimplemented hooks are useful, but if a method is genuinely required for the new workflow, leaving it as a default panics-or-errors at runtime rather than failing the build.


Reply with @kilocode-bot fix it to have Kilo Code address this issue.

@@ -0,0 +1,5 @@
-- UP
ALTER TABLE features ADD COLUMN labels TEXT NOT NULL DEFAULT '[]';

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

SUGGESTION: New labels column has no supporting index. list_features_by_label is likely a hot query (label-driven dashboards) and a full scan on features won't scale. Either add a generated column for primary label or use a join table feature_labels(feature_id, label) with a unique index on (label, feature_id).


Reply with @kilocode-bot fix it to have Kilo Code address this issue.

'Intent','Plan','Feature','Story','Task',
'Spec','Commit','Test','PR','Bug','Artifact'
) THEN RAISE(ABORT, 'Invalid node_type: ' || NEW.node_type)
) THEN RAISE(ABORT, 'Invalid node_type')

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

WARNING: Regressed the error message: RAISE(ABORT, 'Invalid status') no longer includes the offending value. Debugging a constraint violation now requires the user to re-run the insert to see what they typed. Restore the previous 'Invalid status: ' || NEW.status form (and similarly for node_type at line 85 and relationship_type at line 109). Note: SQLite triggers have a documented quirk where NEW.column in a RAISE text can be NULL for the offending row under some conditions, but that's a known issue, not a reason to drop the field entirely.


Reply with @kilocode-bot fix it to have Kilo Code address this issue.

features::update_feature_state(&conn, id, state)
}

async fn update_feature(&self, feature: &Feature) -> Result<(), DomainError> {

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CRITICAL: The diff adds update_feature and list_features_by_label to impl StoragePort for SqliteStorageAdapter in lib.rs, AND a separate file crates/agileplus-sqlite/src/lib/storage_port.rs is modified in the same PR to add the same two methods to the same impl for the same type. This produces duplicate impl blocks for SqliteStorageAdapter, which is a hard compile error. Either remove the duplicate impl from lib/storage_port.rs (and ideally rm the dead file or convert it to a re-export) or remove from lib.rs. Cannot merge as-is.


Reply with @kilocode-bot fix it to have Kilo Code address this issue.

}
async fn create_project(&self, _: &Project) -> Result<i64, DomainError> {
unimplemented!()
panic!("MemStore stub: create_project not used in list_tests")

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

SUGGESTION: Replacing unimplemented!() with panic!(... is a regression in test ergonomics — unimplemented!() produces a clear "not yet implemented" panic; the new message is informative but now any call to these methods on the test MemStore will hard-panic the test binary with a process abort (vs. unwind in unimplemented!()). Consider using todo!() (which documents intent) or returning Err(DomainError::NotImplemented) so the test binary can report and continue.


Reply with @kilocode-bot fix it to have Kilo Code address this issue.


#[cfg(test)]
mod mock;
pub mod mock;

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

SUGGESTION: InMemoryPlaneClient is now publicly exported (good for the public test surface) but the fields issues, created, updated were made pub-in-module-only by removing pub and adding Mutex. The original pub fields were used by tests to inspect state. Confirm this isn't a regression for downstream test code that asserted on .issues directly. If needed, add pub fn issues(&self) -> MutexGuard<'_, ...> accessors.


Reply with @kilocode-bot fix it to have Kilo Code address this issue.

@kilo-code-bot

kilo-code-bot Bot commented Jun 16, 2026

Copy link
Copy Markdown

Code Review Summary

Status: 15 Issues Found | Recommendation: Request Changes — a probable non-exhaustive match compile error in error.rs is a new hard blocker on top of the previously flagged issues.

Overview

Severity Count
CRITICAL 7
WARNING 4
SUGGESTION 4
Issue Details (click to expand)

CRITICAL

File Line Issue
Cargo.toml 174 Unpinned git = ... branch = "main" deps — non-deterministic builds and silent cross-repo drift
crates/agileplus-domain/src/error.rs 88 NEW: DomainError::InvalidClaim(_) arm removed from the From<DomainError> for ErrorCode match without being folded into another arm. InvalidClaim is still a variant of DomainError (no enum change in this diff) → non-exhaustive match (E0004), hard compile error
crates/agileplus-domain/src/lib.rs 18 NEW: Status as NodeStatus is a SemVer-breaking rename — the old agileplus_domain::Status path is gone. Downstream consumers importing agileplus_domain::Status will fail to compile
crates/agileplus-domain/src/ports.rs 137 update_feature is a non-defaulted required method on StoragePort — SemVer-breaking for out-of-tree implementers
crates/agileplus-domain/src/domain/state_machine.rs 8 transition adapter assumes upstream LifecycleError has fields from/to/reason — unverifiable in this PR
crates/agileplus-sqlite/src/repository/features.rs 217 LIKE '%"label"%' JSON-text filtering is both fragile (escaping) and semantically wrong (substring matches). Use json_each
crates/agileplus-sqlite/src/lib.rs 132 Duplicate impl StoragePort for SqliteStorageAdapterlib.rs and lib/storage_port.rs both define it in this PR; the mod storage_port; declaration is not visible in the diff hunk, so the file is either dead code or — if still declared — produces a hard compile error

WARNING

File Line Issue
crates/agileplus-domain/src/builder.rs 254 New inlined slugify strips non-ASCII — diverges from the shared phenotype-string::slugify it replaced, breaking the cross-repo-consistency goal in ADR-0005
crates/agileplus-domain/src/ports.rs 140 list_features_by_label contract undefined; downstream impls use LIKE-style substring match
crates/agileplus-domain/src/ports.rs 368 list_features_by_label on ContentStoragePort widens the breaking change surface
crates/agileplus-sqlite/src/migrations/025_create_intent_graph.sql 85 RAISE(ABORT, 'Invalid status') lost the offending value vs. prior `'Invalid status: '

SUGGESTION

File Line Issue
crates/agileplus-domain/src/ports.rs 154 Five new MVP hooks all default to DomainError::NotImplemented — confirm the variant exists and is the right semantics
crates/agileplus-sqlite/src/migrations/026_feature_labels.sql 3 New labels column has no index; list_features_by_label will full-scan
crates/agileplus-cli/src/commands/list_tests.rs 48 unimplemented!()panic!() is a regression in test ergonomics; prefer todo!() or returning an error
crates/agileplus-plane/src/client/mod.rs 13 InMemoryPlaneClient public but fields made private; downstream tests that read .issues will break
Other Observations (not in diff)

Items found while reading context that are outside the diff hunks and cannot receive inline comments:

File Line Issue
crates/agileplus-domain/src/lib.rs 12-19 Bulk re-export of traceability_core::* types creates redundancy: domain/governance.rs already does pub use traceability_core::governance::* and the crate root re-exports the same types again. Not a bug, but worth a follow-up to pick one canonical surface
crates/agileplus-domain/src/ports.rs 134-370 The StoragePort trait gained two required methods (update_feature, list_features_by_label) while ContentStoragePort gained only one (list_features_by_label). This asymmetry means a single implementer now has to touch two traits for partial coverage; consider moving the new method to a separate trait or defaulting it
Cargo.toml (workspace) 174 Even with this PR's change, the Cargo.lock (not in diff) is the only safety net for unpinned git deps — confirm it was regenerated and committed
tests/contracts/sync_plane_contract.rs 6, 64, 104, 140 The test now uses SyncDirection::Bidirectional, content_hash, and conflict_count fields on SyncMapping. These fields/types must exist in the current SyncMapping definition (not shown changed in the diff sync_mapping.rs — only increment_conflict was added). Verify the struct definition in domain/sync_mapping.rs or in the re-exported traceability_core matches, otherwise this test will not compile
crates/agileplus-domain/src/lib.rs 10 The comment says "re-exported here for backward-compatible paths" but Status as NodeStatus is the opposite of backward-compatible — the old name is removed. This contradicts the stated intent
Files Reviewed (29 files with Rust changes, 170 docs/move renames)

Rust source files:

  • Cargo.toml
  • crates/agileplus-api/src/routes/features.rs
  • crates/agileplus-api/tests/api_integration.rs
  • crates/agileplus-api/tests/api_integration/support/storage_port_impl/content_storage_impl.rs
  • crates/agileplus-api/tests/api_integration/support/storage_port_impl/feature.rs
  • crates/agileplus-application/src/lib.rs
  • crates/agileplus-application/src/use_cases/triage.rs
  • crates/agileplus-cli/src/commands/list_tests.rs
  • crates/agileplus-domain/Cargo.toml
  • crates/agileplus-domain/src/builder.rs
  • crates/agileplus-domain/src/domain/cycle.rs
  • crates/agileplus-domain/src/domain/governance.rs
  • crates/agileplus-domain/src/domain/state_machine.rs
  • crates/agileplus-domain/src/domain/sync_mapping.rs
  • crates/agileplus-domain/src/error.rs
  • crates/agileplus-domain/src/intent_graph.rs
  • crates/agileplus-domain/src/lib.rs
  • crates/agileplus-domain/src/ports.rs
  • crates/agileplus-events/Cargo.toml
  • crates/agileplus-hook/Cargo.toml
  • crates/agileplus-plane/src/client/mock.rs
  • crates/agileplus-plane/src/client/mod.rs
  • crates/agileplus-sqlite/src/lib.rs
  • crates/agileplus-sqlite/src/lib/storage_port.rs
  • crates/agileplus-sqlite/src/migrations/025_create_intent_graph.sql
  • crates/agileplus-sqlite/src/migrations/026_feature_labels.sql
  • crates/agileplus-sqlite/src/migrations/mod.rs
  • crates/agileplus-sqlite/src/repository/features.rs
  • crates/agileplus-triage/src/lsh.rs
  • crates/phenotype-mcp-sdk-rs/src/transport.rs
  • tests/contracts/sync_plane_contract.rs
  • .github/workflows/deny.yml
  • scripts/phase3-docs-consolidate.py (new)
  • docs/adr/0003-*.md, 0004-*.md, 0005-*.md (new, content review only — informational)

The remaining ~165 files are pure file-rename paths (content unchanged, no review comments issued) for the docs tree consolidation.

Recommendation: Request changes. Two new blockers since the previous review: (1) error.rs non-exhaustive match after removing the InvalidClaim arm, and (2) lib.rs Status as NodeStatus SemVer-breaking rename. Previously flagged issues (unpinned git deps, StoragePort breaking change, SQLite LIKE filter, lib.rs/storage_port.rs duplicate impl) remain. After fixes, re-run cargo clippy --workspace --all-targets -- -D warnings, cargo fmt --all -- --check, and cargo test --workspace and confirm CI is green before re-review.

Fix these issues in Kilo Cloud

Previous Review Summary (commit ac9c394)

Current summary above is authoritative. Previous snapshots are kept for context only.

Previous review (commit ac9c394)

Status: 13 Issues Found | Recommendation: Request Changes — must-fix items include a probable duplicate-impl compile error and a SemVer-breaking trait change.

Overview

Severity Count
CRITICAL 5
WARNING 4
SUGGESTION 4
Issue Details (click to expand)

CRITICAL

File Line Issue
Cargo.toml 174 Unpinned git = ... branch = "main" deps — non-deterministic builds and silent cross-repo drift
crates/agileplus-domain/src/ports.rs 137 update_feature is a non-defaulted required method on StoragePort — SemVer-breaking for out-of-tree implementers
crates/agileplus-domain/src/domain/state_machine.rs 8 transition adapter assumes upstream LifecycleError has fields from/to/reason — unverifiable in this PR
crates/agileplus-sqlite/src/repository/features.rs 217 LIKE '%"label"%' JSON-text filtering is both fragile (escaping) and semantically wrong (substring matches). Use json_each
crates/agileplus-sqlite/src/lib.rs 132 Duplicate impl StoragePort for SqliteStorageAdapterlib.rs and lib/storage_port.rs both define it in this PR; hard compile error

WARNING

File Line Issue
crates/agileplus-domain/src/builder.rs 254 New inlined slugify strips non-ASCII — diverges from the shared phenotype-string::slugify it replaced, breaking the cross-repo-consistency goal in ADR-0005
crates/agileplus-domain/src/ports.rs 140 list_features_by_label contract undefined; downstream impls use LIKE-style substring match
crates/agileplus-domain/src/ports.rs 368 list_features_by_label on ContentStoragePort widens the breaking change surface
crates/agileplus-sqlite/src/migrations/025_create_intent_graph.sql 85 RAISE(ABORT, 'Invalid status') lost the offending value vs. prior `'Invalid status: '

SUGGESTION

File Line Issue
crates/agileplus-domain/src/ports.rs 154 Five new MVP hooks all default to DomainError::NotImplemented — confirm the variant exists and is the right semantics
crates/agileplus-sqlite/src/migrations/026_feature_labels.sql 3 New labels column has no index; list_features_by_label will full-scan
crates/agileplus-cli/src/commands/list_tests.rs 48 unimplemented!()panic!() is a regression in test ergonomics; prefer todo!() or returning an error
crates/agileplus-plane/src/client/mod.rs 13 InMemoryPlaneClient public but fields made private; downstream tests that read .issues will break
Other Observations (not in diff)

Items found while reading context that are outside the diff hunks and cannot receive inline comments:

File Line Issue
crates/agileplus-domain/src/lib.rs 20 Status as NodeStatus rename — the old agileplus_domain::Status (governance) and the new agileplus_domain::NodeStatus (intent graph) coexist; verify no consumer code references agileplus_domain::Status expecting the intent-graph one. Pre-existing code in the deleted intent_graph.rs re-exported Status directly
crates/agileplus-domain/src/lib.rs 12-19 Bulk re-export of traceability_core::*; any name collision (e.g. Meta, Edge, Node) between upstream and agileplus-domain's own mod domain will produce ambiguous-glob compile errors that this PR does not show resolved
crates/agileplus-sqlite/src/lib/storage_port.rs 327 File ends with a single } and the previous version had no trailing newline (the diff adds one) — confirms the file is the secondary impl path. The mod storage_port; line in lib.rs is not visible in the diff hunk; if it still references this module, the duplicate-impl error above is real
Cargo.toml (workspace) 174 Even with this PR's change, the Cargo.lock (not in diff) is the only safety net for unpinned git deps — confirm it was regenerated and committed
Files Reviewed (29 files)
  • Cargo.toml
  • crates/agileplus-api/src/routes/features.rs
  • crates/agileplus-api/tests/api_integration.rs
  • crates/agileplus-api/tests/api_integration/support/storage_port_impl/content_storage_impl.rs
  • crates/agileplus-api/tests/api_integration/support/storage_port_impl/feature.rs
  • crates/agileplus-application/src/lib.rs
  • crates/agileplus-cli/src/commands/list_tests.rs
  • crates/agileplus-domain/Cargo.toml
  • crates/agileplus-domain/src/builder.rs
  • crates/agileplus-domain/src/domain/cycle.rs
  • crates/agileplus-domain/src/domain/governance.rs
  • crates/agileplus-domain/src/domain/state_machine.rs
  • crates/agileplus-domain/src/domain/sync_mapping.rs
  • crates/agileplus-domain/src/intent_graph.rs
  • crates/agileplus-domain/src/lib.rs
  • crates/agileplus-domain/src/ports.rs
  • crates/agileplus-events/Cargo.toml
  • crates/agileplus-hook/Cargo.toml
  • crates/agileplus-plane/src/client/mock.rs
  • crates/agileplus-plane/src/client/mod.rs
  • crates/agileplus-sqlite/src/lib.rs
  • crates/agileplus-sqlite/src/lib/storage_port.rs
  • crates/agileplus-sqlite/src/migrations/025_create_intent_graph.sql
  • crates/agileplus-sqlite/src/migrations/026_feature_labels.sql
  • crates/agileplus-sqlite/src/migrations/mod.rs
  • crates/agileplus-sqlite/src/repository/features.rs
  • crates/agileplus-triage/src/lsh.rs
  • crates/phenotype-mcp-sdk-rs/src/transport.rs
  • docs/adr/0003-docs-tree-consolidation.md (new, content review only — informational)
  • docs/adr/0004-json-to-frontmatter-decorators.md (new, content review only — informational)
  • docs/adr/0005-traceability-core-git-dependency.md (new, content review only — informational)

Pure file-rename paths (content unchanged, no review comments issued) are not enumerated individually.

Recommendation: Request changes. The duplicate impl StoragePort for SqliteStorageAdapter between lib.rs and lib/storage_port.rs is a hard blocker; unpinned git deps and a SemVer-breaking trait change are close behind. After fixes, re-run cargo clippy --workspace --all-targets -- -D warnings, cargo fmt --all -- --check, and cargo test --workspace and confirm CI is green before re-review.

Fix these issues in Kilo Cloud


Reviewed by minimax-m3 · 1,452,152 tokens

KooshaPari and others added 2 commits June 16, 2026 16:18
…ion@v2

- agileplus-domain/error.rs: InvalidClaim was matched twice (dead arm under
  -D warnings broke Core Build). Folded the claim-bound note into the single
  reachable arm.
- deny.yml: taiki-e/install-action was pinned to a nonexistent SHA; cargo-deny
  never ran. Pin to @v2.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

@cursor cursor Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Stale comment

Risk: medium. Not approving: this PR exceeds the low-risk threshold (git-pinned shared dependency, breaking StoragePort changes, SQLite migration, and broad domain/docs refactor). Cursor Bugbot is not running on this PR; human review is required and no non-author CODEOWNERS are configured for reviewer assignment.

Open in Web View Automation 

Sent by Cursor Approval Agent: Pull Request Approver

@cursor cursor Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Stale comment

Risk: medium. Not approving: this PR exceeds the low-risk threshold (traceability-core git dependency, domain/port refactors, SQLite migration). Cursor Bugbot is absent on the current commit so its signal was skipped; human review is required and no non-author reviewers are configured.

Open in Web View Automation 

Sent by Cursor Approval Agent: Pull Request Approver

// (InvalidClaim is claim-bound: a precondition failure, same shape
// as a bad argument — so it projects to ValidationError too.)
DomainError::Validation(_)
| DomainError::FeatureNotInModuleScope { .. }

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CRITICAL: The DomainError::InvalidClaim(_) => Self::ValidationError arm was removed from the match but InvalidClaim is still a variant of DomainError (no changes to the enum definition appear in this diff). This produces a non-exhaustive match compile error (E0004). Either add the arm back or fold InvalidClaim into the Validation(_) arm explicitly:

Suggested change
| DomainError::FeatureNotInModuleScope { .. }
DomainError::Validation(_)
| DomainError::InvalidClaim(_)
| DomainError::FeatureNotInModuleScope { .. }
| DomainError::InvalidTransition { .. }

Reply with @kilocode-bot fix it to have Kilo Code address this issue.

BuiltinPolicy, Evidence, EvidenceRequirement, EvidenceType, GovernanceContract,
GovernanceRule, PolicyCheck, PolicyDefinition, PolicyDomain, PolicyRule,
};
pub use traceability_core::intent_graph::{

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CRITICAL: Status as NodeStatus is a SemVer-breaking rename. The old agileplus_domain::Status (the intent-graph enum with variants Draft, Active, Completed, Deprecated, Rejected, Open, InProgress, Blocked, Deferred, Cancelled) no longer exists at the crate root. Any downstream consumer that imported agileplus_domain::Status expecting the intent-graph enum will fail to compile. The previous intent_graph.rs re-exported Status directly from this module. This must be accompanied by a major version bump, or — preferably — a dual re-export pub use traceability_core::intent_graph::Status; kept alongside Status as NodeStatus to preserve the old path.


Reply with @kilocode-bot fix it to have Kilo Code address this issue.

@cursor

cursor Bot commented Jun 16, 2026

Copy link
Copy Markdown

Bugbot couldn't run - usage limit reached

Bugbot is counted against Cursor usage for this user or team, and this run hit a usage or spend limit.

A user or team admin can review and increase usage limits in the Cursor dashboard.

(requestId: serverGenReqId_b76db55b-e63c-42ca-ae8c-55907babe8ea)

KooshaPari and others added 3 commits June 16, 2026 17:34
Fix all clippy::uninlined_format_args, unused imports, dead_code
fields, redundant closures, doc-comment lint, identical-if-blocks,
and related warnings across 30+ crates. Also add tokio `process`
feature to agileplus-pipeline Cargo.toml.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Add phenotype-traceability Python package with hatchling build
system, ruff lint config, and empty __init__.py.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Add buf v2 config pointing at proto/ directory with DEFAULT lint
and FILE breaking-change rules.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@socket-security

socket-security Bot commented Jun 17, 2026

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security
Vulnerability Quality Maintenance License
Addedpypi/​hatchling@​1.30.196100100100100

View full report

@cursor cursor Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Stale comment

Risk: medium. Not approving: this PR exceeds the low-risk threshold (traceability-core git dependency, domain/port refactors, SQLite migration). Cursor Bugbot is absent on the current commit so its signal was skipped; human review is required and no non-author reviewers are configured.

Open in Web View Automation 

Sent by Cursor Approval Agent: Pull Request Approver

KooshaPari and others added 4 commits June 16, 2026 17:36
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Removes phenotype-error-core, anyhow, agileplus-validate, uuid, and regex
from the zero-dependency domain crate:

- ErrorCode: local minimal mirror enum in error.rs (5 used variants);
  agileplus-application remaps it onto the canonical wire enum.
- anyhow: config loader returns Result<_, DomainError>.
- agileplus-validate: inlined name_required/slug_format into validate.rs.
- uuid: edge ids via chrono timestamp + atomic counter.
- regex: node-id validation via manual char checks.

traceability-core and async-trait remain (large cross-crate changes).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
The 5 truly-removable deps (phenotype-error-core, anyhow, agileplus-validate,
uuid, regex) were dropped from agileplus-domain. The remaining two are
infeasible to remove per the task guardrail:
- traceability-core is the org single-source-of-truth PM library; inlining
  its ~1.6k LOC would fork the SSOT and re-introduce transitive deps.
- async-trait backs the domain's hexagonal port traits across ~15 downstream
  crates (dyn-compatible async).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
rust/deny.toml contained non-schema keys ([workspace], [abis],
workspace=true, only-warn=[], multi-license) that made
`cargo deny check -c rust/deny.toml` (rust-audit job) fail with
unexpected-keys deserialization errors. Replaced with a valid config
mirroring the root deny.toml; unknown-git=allow permits the phenoShared /
phenotype-pm-core git dependencies.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

@cursor cursor Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Stale comment

Risk: medium. Not approving: this PR exceeds the low-risk threshold (traceability-core git dependency, domain/port refactors, SQLite migration). Cursor Bugbot did not complete on the current commit (still pending after the 8-minute wait); human review is required and no non-author reviewers are configured.

Open in Web View Automation 

Sent by Cursor Approval Agent: Pull Request Approver

@cursor cursor Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Stale comment

Risk: medium. Not approving: this PR exceeds the low-risk threshold (traceability-core git dependency, domain/StoragePort refactors, SQLite migration). Cursor Bugbot is absent on the current commit so its signal was skipped; human review is required and no non-author reviewers are configured.

Open in Web View Automation 

Sent by Cursor Approval Agent: Pull Request Approver

@cursor

cursor Bot commented Jun 17, 2026

Copy link
Copy Markdown

Bugbot couldn't run - usage limit reached

Bugbot is counted against Cursor usage for this user or team, and this run hit a usage or spend limit.

A user or team admin can review and increase usage limits in the Cursor dashboard.

(requestId: serverGenReqId_a7242359-da8d-4f81-b6a7-78b1fea868c4)

KooshaPari and others added 2 commits June 16, 2026 18:07
cargo-deny rejects packages that set both `license` (SPDX) and
`license-file` simultaneously. Drop `license-file = "LICENSE"` and
keep the canonical `license = "MIT OR Apache-2.0"` SPDX expression.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
…es to all agileplus.v1 protos

buf lint DEFAULT ruleset requires JAVA_PACKAGE on every proto file.
agents, common, core, and integrations were missing the three Java
options that work_items.proto already had. Add:
  option java_package = "com.phenotype.agileplus.v1";
  option java_outer_classname = "<File>Proto";
  option java_multiple_files = true;

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

@cursor cursor Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Stale comment

Risk: medium. Not approving: this PR exceeds the low-risk threshold (traceability-core git dependency, domain/StoragePort refactors, SQLite migration). Cursor Bugbot check was absent so its signal was skipped; human review is required and no non-author reviewers are available to assign.

Open in Web View Automation 

Sent by Cursor Approval Agent: Pull Request Approver

KooshaPari and others added 2 commits June 17, 2026 02:13
…E0592)

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
…es/ module + fix retired typo

routes.rs (2819-line monolith) and routes/ (split module dir from main's
consolidation) both survived the superset-merge, causing E0761 ambiguous
module + fmt/clippy/build failures. main's routes/ split is canonical
(declared via 'pub mod routes;' -> routes/mod.rs) and a content superset;
the monolith is removed. No content lost.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

@cursor cursor Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Stale comment

Risk: medium. Not approving: this PR exceeds the low-risk threshold (traceability-core git dependency, domain refactors, and SQLite/event behavior changes). Cursor Bugbot check was absent on this commit so its signal was skipped; human review is required and no non-author reviewers are configured in CODEOWNERS.

Open in Web View Automation 

Sent by Cursor Approval Agent: Pull Request Approver

…s_shippable, deduplicate credential store

- crates/agileplus-domain/src/lib.rs: reorder mod declarations (traceability
  before validate) to match rustfmt alphabetical expectation; fixes Format Check
  failure in Core Workspace Quality and Rust Quality jobs
- crates/agileplus-api/tests/api_integration.rs: add missing trace_ids field
  to WorkPackage initializer; fixes E0063 compile error in Rust Coverage job
- crates/agileplus-domain/src/domain/cycle.rs: restore CycleWithFeatures::
  is_shippable() method (removed in prior dedup commit); add missing FeatureState
  import; improve guard to require non-empty feature list (FR-C07)
- crates/agileplus-domain/src/credentials.rs: move create_credential_store
  above tests module (rustfmt canonical position; was accidentally duplicated
  then truncated); fixes rustfmt diff in Core Workspace Quality
- crates/agileplus-domain/src/config.rs: add AppConfig::load_with_env_overrides
  constructor for API_PORT / DATABASE_PATH / AGILEPLUS_API_KEY env var support

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

@cursor cursor Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Stale comment

Risk: medium. Not approving: this PR exceeds the low-risk threshold (traceability-core git dependency, domain refactors, and SQLite/event behavior changes). Cursor Bugbot check was absent on this commit so its signal was skipped; human review is required and no non-author reviewers are configured in CODEOWNERS.

Open in Web View Automation 

Sent by Cursor Approval Agent: Pull Request Approver

…cle.rs format

- Rename GovernanceSummary → GovernanceStatus in stubs.rs with canonical
  fields (all_gates_passed, total_rules, passed_rules, outstanding)
  matching agileplus-agents/proto/agileplus/v1/common.proto
- Update lib.rs test to use GovernanceStatus with canonical field names
- Fix cycle.rs is_shippable method-chaining format per rustfmt

Traceability: FR-AGP-011

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

@cursor cursor Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Stale comment

Risk: medium. Not approving: this PR exceeds the low-risk threshold (traceability-core git dependency, domain/storage refactors, SQLite migration). Cursor Bugbot is absent on this commit so its signal was skipped; human review is required and no non-author reviewers are configured.

Open in Web View Automation 

Sent by Cursor Approval Agent: Pull Request Approver

…ce tests

- TraceRef gains entity_id: Uuid field and TraceRef::new() constructor
- All struct literal callsites updated with entity_id + linked_at fields
- acceptance_traceability_integration_test imports corrected to hexagonal paths

Traceability: FR-AGP-011

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

@cursor cursor Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Stale comment

Risk: medium. Not approving: this PR exceeds the low-risk threshold (traceability-core git dependency, domain/storage refactors, SQLite migration). Cursor Bugbot is absent on this commit so its signal was skipped; human review is required and no non-author reviewers are configured.

Open in Web View Automation 

Sent by Cursor Approval Agent: Pull Request Approver

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

@cursor cursor Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Stale comment

Risk: medium. Not approving: this PR exceeds the low-risk threshold (traceability-core git dependency, domain refactors, and SQLite migration). Cursor Bugbot is absent on this commit so its signal was skipped; human review is required and no non-author reviewers are configured in CODEOWNERS.

Open in Web View Automation 

Sent by Cursor Approval Agent: Pull Request Approver

Satisfies end-of-file-fixer pre-commit hook.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

@cursor cursor Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Stale comment

Risk: medium. Not approving: this PR exceeds the low-risk threshold (traceability-core git dependency, domain/StoragePort refactors, SQLite migration). Cursor Bugbot is absent on this commit so its signal was skipped; human review is required and no non-author reviewers are configured.

Open in Web View Automation 

Sent by Cursor Approval Agent: Pull Request Approver

- Vitest/Playwright: install from web/package.json (includes react) instead
  of bare npm install vitest; set working-directory to web
- BDD: switch npx cucumber to npx cucumber-js (new @cucumber/cucumber CLI)
  with graceful skip when no .feature files exist

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

@cursor cursor Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Stale comment

Risk: medium. Not approving: this PR exceeds the low-risk threshold (traceability-core git dependency, domain/StoragePort refactors, SQLite migration). Cursor Bugbot is absent on this commit so its signal was skipped; human review is required and no non-author reviewers are configured in CODEOWNERS.

Open in Web View Automation 

Sent by Cursor Approval Agent: Pull Request Approver

….proto

The canonical proto defines `message BacklogItem` without the Proto suffix.
Align stubs.rs struct name and lib.rs test references.

Traceability: FR-AGP-011

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

@cursor cursor Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Stale comment

Risk: medium. Not approving: this PR exceeds the low-risk threshold (traceability-core git dependency, domain/StoragePort refactors, SQLite migration across 61 files). Cursor Bugbot is absent on this commit so its signal was skipped; human review is required and no non-author reviewers are configured.

Open in Web View Automation 

Sent by Cursor Approval Agent: Pull Request Approver

…re-commit trailing newlines; add test deps to package.json

- intent.rs:556: collapse } else { if } -> } else if
- version.rs:16: VersionArgs::default() -> VersionArgs (unit struct)
- sync_plane_contract.rs:15: format!('{}</p>', name) -> format!('{name}</p>')
- eco-003/004/005 spec.md: remove trailing blank lines (pre-commit EOF fix)
- 026_feature_labels.sql: split UP comment to two lines (pre-commit formatter)
- package.json: add vitest, @playwright/test, testing-library devDeps

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

@cursor cursor Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Stale comment

Risk: medium. Not approving: this PR exceeds the low-risk threshold (traceability-core git dependency, domain refactors, and SQLite migration). Cursor Bugbot is absent on this commit so its signal was skipped; human review is required and no non-author reviewers are configured.

Open in Web View Automation 

Sent by Cursor Approval Agent: Pull Request Approver

…ght without config

- Add vitest, @vitest/coverage-v8, @testing-library/react/user-event/jest-dom,
  jsdom, @playwright/test to web/package.json devDependencies
- Playwright job skips gracefully when no playwright.config.ts exists

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

@cursor cursor Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Stale comment

Risk: medium. Not approving: this PR exceeds the low-risk threshold (traceability-core git dependency, multi-crate domain refactors, SQLite migrations). Cursor Bugbot did not run on this PR; human review is required and no non-author reviewers are configured in CODEOWNERS.

Open in Web View Automation 

Sent by Cursor Approval Agent: Pull Request Approver

The tests module precedes main() by convention; suppress the lint
rather than restructure the file.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

@cursor cursor Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Stale comment

Risk: medium. Not approving: this PR exceeds the low-risk threshold (traceability-core git dependency, domain/StoragePort refactors, SQLite migrations). Cursor Bugbot check was not present; human review is required. Requested KooshaPari as reviewer.

Open in Web View Automation 

Sent by Cursor Approval Agent: Pull Request Approver

runtime.rs:97 had the same default_constructed_unit_structs lint as version.rs.
Replace VersionArgs::default() with VersionArgs (direct construction).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@sonarqubecloud

Copy link
Copy Markdown

Quality Gate Failed Quality Gate failed

Failed conditions
C Security Rating on New Code (required ≥ A)

See analysis details on SonarQube Cloud

Catch issues before they fail your Quality Gate with our IDE extension SonarQube for IDE

@cursor cursor Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Risk: medium. Not approving: this PR exceeds the low-risk threshold (traceability-core git dependency, domain/StoragePort refactors, SQLite migrations). Cursor Bugbot was not present on this commit; human review is required. Requested KooshaPari as reviewer.

Open in Web View Automation 

Sent by Cursor Approval Agent: Pull Request Approver

@KooshaPari KooshaPari merged commit 812f719 into main Jun 17, 2026
54 of 64 checks passed
@KooshaPari KooshaPari deleted the feat/agileplus-shared-core branch June 17, 2026 11:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

area:deps Dependencies (managed + direct) layered-pr-exception Exception to allow fix/* branches to target main directly size:XXL This PR changes 1000+ lines, ignoring generated files

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant