|
|
64564da988
|
fix(git): fix 17 missing async/await bugs + UX overhaul
Backend:
- fix 17 missing 'await' in git route handlers causing silent no-ops
(branches, diff, history, commit, push, pull, merge, promote, sync)
- fix async coroutine passed to run_blocking in git_plugin.py
Frontend:
- add collapsible 'How it works' onboarding (GitHelpPanel)
- add status legend with color-coded repository statuses
- i18n: add 50+ missing keys, replace hardcoded strings
- add Refresh button in modal header
- add PROD deploy confirmation dialog (replaces browser prompt())
- add CommitHistory to workspace tab with timeline nodes
- add post-commit success banner with next-step guidance
- increase success toast duration to 8s
- group local/remote branches in selector (optgroup)
- format last_modified dates timezone-aware
- change PROD badge from red to neutral indigo
- extract shared resolveGitStatusToken to git-utils.ts
- fix 'slug' label regression
- remove dead init_repo_button key
UI/UX audit fixes:
- add descriptions to Create/Init buttons in init panel
- add actionable CTA to server mismatch warning
- improve checkbox text phrasing
|
2026-07-01 20:47:25 +03:00 |
|
|
|
f1810090b6
|
feat(opencode): add security-auditor agent + /security.audit command
Read-only security audit tooling aligned with GRACE-Poly v2.6 and
axiom MCP scan capabilities. Combines code+secrets (S1–S3),
supply-chain (S4), and runtime/config (S5–S7) projections into a
single severity-ranked report with OWASP/CWE references.
Agent: .opencode/agents/security-auditor.md
- mode: all, edit: deny (hard read-only contract)
- 7 orthogonal projections with pattern catalogs for secrets, Python
SAST, Svelte/TS SAST, dependency audit, config/runtime, contract
coverage, and logging hygiene
- Maps findings to CVSS v3.1 severity bands, CWE, and OWASP Top 10
- Mirrors qa-tester P1–P7 anti-loop protocol for [ATTEMPT: N] ladder
- Anti-corruption §VIII: tooling absence is reported as Info finding,
never silently dropped
Command: .opencode/command/security.audit.md
- Dispatches security-auditor subagent via axiom MCP scan
- Supports --floor, --profile, --ci (exit code 0/1/2 for CI gates)
- PCAM worker packet contract; severity floor + suppression footer
Mirrored to .agents/agents/ and .agents/commands/ per repo convention.
|
2026-06-30 18:44:52 +03:00 |
|