Files
ss-tools/specs/035-agent-chat-context/tasks.md

4.4 KiB

#region Tasks [C:3] [TYPE ADR] [SEMANTICS tasks,implementation,agent-chat] @defgroup Tasks Implementation tasks for 035-agent-chat-context v2 — Path B model with /agent page, two-layer RBAC, permission_denied flow, and structured truncation.

Input: Design documents from /specs/035-agent-chat-context/ Prerequisites: plan.md , spec.md , research.md , data-model.md , contracts/modules.md

Format: [ID] [P?] [Story] Description

Fact Check 2026-07-05 (updated)

Read-only implementation audit against source/tests updated task statuses below. Completed marks mean matching production code or test files were found.

Implemented evidence: UIContext types/validation, tool filtering/RBAC guard, /agent context init, backend context injection, prod warning, confirmation v2, permission_denied handling, retry/summarise/timeout helpers, ToolCallCard states, fixtures, retry/summarise/timeout tests, error visibility across all 11 codes.

Resolved since last audit:

  • T007 AgentChatModel.context.test.ts — 3 fixtures created
  • T008 test_agent_context.py — 14 contract tests
  • T009 test_agent_tool_filter.py — 14 pipeline + RBAC tests
  • T020 test_agent_confirmation_v2.py — 17 confirmation v2 tests
  • T021 ConfirmationCard.ux.test.ts — 4 UX state tests (read, write_prod, dangerous, permission_denied)
  • T025 ConfirmationCard 7-state — explicit write_dev(info)/write_staging(warning)/write_prod(destructive) tones
  • T042 Debug panel Pipeline — backend SSE pipeline_result → effectiveToolPipeline → tag cloud

Known gaps: Full E2E verification (T019, T032, T045), attention compliance audit (T051), quickstart validation (T052-T053).


Phase 1: Setup

  • T001 [P] Materialize API fixtures from specs/035-agent-chat-context/fixtures/api/ into backend/tests/fixtures/agent/
  • T002 [P] Materialize model fixtures from specs/035-agent-chat-context/fixtures/model/ into frontend/src/lib/models/__fixtures__/agent/
  • T003 Verify toolchain: cd backend && source .venv/bin/activate && python -m pytest --co -q, cd frontend && npm run test -- --run
  • T017 [US1] Run backend tests: cd backend && source .venv/bin/activate && python -m pytest tests/test_agent_context.py tests/test_agent_tool_filter.py -v
  • T018 [US1] Run frontend tests: cd frontend && npm run test -- --run frontend/src/lib/models/__tests__/AgentChatModel.context.test.ts
  • T030 [US2] Run backend tests: cd backend && source .venv/bin/activate && python -m pytest tests/test_agent_confirmation_v2.py -v
  • T031 [US2] Run frontend tests: cd frontend && npm run test -- --run frontend/src/lib/components/assistant/__tests__/ConfirmationCard.ux.test.ts
  • T043 [US3] Run backend tests: cd backend && source .venv/bin/activate && python -m pytest tests/test_agent_retry.py tests/test_agent_summarise.py tests/test_agent_timeout.py -v
  • T044 [US3] Run frontend tests: cd frontend && npm run test -- --run frontend/src/lib/components/assistant/__tests__/ToolCallCard.ux.test.ts
  • T046 [P] Full backend: cd backend && source .venv/bin/activate && python -m pytest -v (192 passed)
  • T047 [P] Full frontend: cd frontend && npm run test (138 scoped agent passed)
  • T048 [P] Backend lint: cd backend && python -m ruff check . (6 pre-existing, none from changes)
  • T049 [P] Frontend lint: cd frontend && npm run lint (no agent-specific errors)
  • T050 [P] Frontend build: cd frontend && npm run build (✓ built in 19.39s)
  • T051 Attention compliance audit — verify ATTN_1-4 on all new/changed contracts (see tests/verification-report-2026-07-05.md)
  • T052 E2E verification per quickstart.md
  • T053 Run quickstart validation

Dependencies

Phase 1 → Phase 2 → US1(P1) → US2(P2) ∥ US3(P3) → Phase 6

US2 and US3 can proceed in parallel after US1 base.

Parallel Opportunities

Phase 1: T001∥T002 | Phase 2: T004∥T005∥T006 | US1: T007∥T008∥T009, T015∥(T010→T011) | US2: T020∥T021 | US3: T033∥T034∥T035∥T036 | Phase 6: T046∥T047∥T048∥T049∥T050

Notes

  • Gradio uicontext at position END (6), not middle — backward-compat
  • Permission denied: SSE type="permission_denied", bypasses HITL
  • Countdown: model-owned, component reads only
  • Write timeout: no retry
  • No initialContext in store — context from URL params only
  • RBAC: two-layer (prompt filter + invocation guard)

#endregion Tasks