fix(cli): ESM runtime patch + secret guardrails sprint (#265, #267)#268
Merged
bradygaster merged 8 commits intomainfrom Mar 8, 2026
Merged
fix(cli): ESM runtime patch + secret guardrails sprint (#265, #267)#268bradygaster merged 8 commits intomainfrom
bradygaster merged 8 commits intomainfrom
Conversation
Session: 2026-03-08T12-49-00Z-secret-guardrails-and-release Requested by: bradygaster Changes: - Merged 13 decision inbox files → decisions.md (consolidated into 442 KB) - Added 8 agent orchestration logs (Keaton, Verbal, Fenster, Baer, Hockney, Trejo, Drucker, McManus) - Added session summary log covering 3 workstreams (#267 secret guardrails, #265 ESM fix, release readiness) - Updated 5 agent history.md files with cross-agent context - Created .squad/skills/secret-handling/SKILL.md as team reference - Decisions cover: 5-layer secret architecture, pre-commit hooks, backward-compat testing, release readiness assessment, CI/CD pipeline audit, PRD synthesis, documentation patterns Status: 8/9 agents complete, Fortier still triaging #265 status
Added context to 6 agent history files: - Baer: Audit clean result, CI/CD findings - Drucker: CI/CD gaps, release blockers - Hockney: Security tests (59), backward compat - Keaton: Sprint coordination, decisions merged - Trejo: #265 blocker status, Drucker findings - Fenster: Hook implementation, ESM fix, RC review - Verbal: Secret skill created, spawn hardening - Fortier: #265 triage status, release impact All agents now aware of: - .squad/skills/secret-handling/SKILL.md - 5-layer defense architecture - Test coverage (Hockney) - Release readiness blockers (Trejo/Drucker)
…otiable
Merged: copilot-directive-2026-03-08T13-06Z.md
Decision: All team members (agents + humans) must create feature branches before work.
Branching model: squad/{issue-number}-{slug}
Why: Proper git hygiene, PR-based review flow, team consistency
- Trejo: branch-first rules, triage gates, release pre-flight checklist - Drucker: CI branch protection, triage gates, pre-commit proposals - Keaton: release retro with root cause analysis and action items - Hockney: 59 TDD tests for secret leak mitigation (hooks-security) Refs #267, #265 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
When npx caches @bradygaster/squad-cli, it skips postinstall scripts, so the install-time ESM patch never runs. This adds a runtime Module._resolveFilename intercept that rewrites 'vscode-jsonrpc/node' to 'vscode-jsonrpc/node.js' before Node's module system tries to resolve it. Works on both Node 22 and 24+. Closes #265 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…sions Session: 2026-03-08-charter-hardening Requested by: Copilot (Scribe) Changes: - Merged 4 decisions from inbox into decisions.md - Trejo charter hardened: git branching discipline, issue triage gates - Drucker charter hardened: CI branch protection, pre-commit checks - Keaton release retrospective: root cause analysis, action items - Deduplication: No exact duplicates found in existing decisions Decisions merged: - 2026-03-08T13:07Z: User directive (Git & Release discipline) - 2026-03-08: Drucker charter hardening (CI branch protection) - 2026-03-08: Keaton release retro (post-mortem + action items) - 2026-03-08: Trejo charter hardening (branch-first discipline) Inbox files deleted after merge: - copilot-directive-2026-03-08T13-07Z.md - drucker-charter-hardening.md - keaton-release-retro-2026-03-08.md - trejo-charter-hardening.md Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Session: 2026-03-08T13-32-00Z-secret-guardrails-sprint Scribe work: final decision merge Changes: - Merged copilot-directive-secret-guarantee.md into .squad/decisions.md - Deleted inbox file after merge
jongio
pushed a commit
to jongio/squad
that referenced
this pull request
Mar 9, 2026
…er#265, bradygaster#268) - Add 'squad aspire' CLI command that launches the .NET Aspire dashboard for viewing Squad OTel telemetry. Supports Docker and dotnet launch strategies with --docker and --port flags. Auto-configures OTEL_EXPORTER_OTLP_ENDPOINT environment variable. - Add SquadObserver class in SDK runtime that watches .squad/ directory for file changes and emits OTel spans (squad.observer.file_change) plus EventBus events. Includes file classification (agent, casting, config, decision, skill), debounce logic, and full start/stop lifecycle with OTel instrumentation. - Add 16 new tests (14 observer, 2 aspire) — all passing. - Wire aspire command into CLI entry point with help text. - Add subpath exports for both new modules. Closes bradygaster#265, closes bradygaster#268 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
jongio
pushed a commit
to jongio/squad
that referenced
this pull request
Mar 9, 2026
…, bradygaster#268 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
jongio
pushed a commit
to jongio/squad
that referenced
this pull request
Mar 9, 2026
…ire-and-watcher feat: OTel Phase 4 — Aspire command, file watcher, event payloads, CI/CD (bradygaster#265, bradygaster#268, bradygaster#304, bradygaster#305)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Sprint addressing issues #267 (agent credential leak) and #265 (ESM/npx crash on Node 24+).
Issue #267 — Secret Guardrails
Issue #265 — ESM/npx Fix
Release Team Hardening
Process Improvements
elease:next)
Closes #265
Refs #267