Skip to content

refactor: Enhance code specialist session architecture and version bump#181

Merged
yacosta738 merged 7 commits into
mainfrom
cqa
Mar 9, 2026
Merged

refactor: Enhance code specialist session architecture and version bump#181
yacosta738 merged 7 commits into
mainfrom
cqa

Conversation

@yacosta738
Copy link
Copy Markdown
Contributor

@yacosta738 yacosta738 commented Mar 9, 2026

This pull request introduces several improvements and refactors across the codebase, focusing on agent runtime logic, channel handling, configuration management, and package versioning. The most significant changes include a refactor of the agent's tool call execution flow, enhancements to channel message parsing and handling (notably for DingTalk and Signal), and a more modular approach to environment variable overrides in configuration. Additionally, all relevant packages have been bumped to version 0.4.0.

Agent Tool Call Execution Refactor:

  • Refactored the agent's tool call execution logic in agent.rs by extracting and modularizing the handling of text responses, tool call approval, execution, and result formatting. This improves code clarity, maintainability, and error handling for mission policy denials. [1] [2] [3]

Channel Handling Improvements:

  • DingTalk Channel:
    • Introduced an IncomingSocketFrame enum and helper methods to cleanly decode and handle incoming WebSocket frames, improving error handling and code structure. The message processing loop now uses these helpers for more robust and readable logic. [1] [2] [3]
  • Signal Channel:
    • Refactored SSE (Server-Sent Events) parsing by extracting data appending and event flushing into dedicated methods, enhancing code readability and reliability in processing incoming events.

Configuration Management Enhancements:

  • Refactored environment variable overrides in schema.rs to use modular helper methods for regional API keys, memory backend, workspace, gateway, web search, surreal, and updates, making the configuration logic more maintainable and extensible.

Package Version Bumps:

  • Updated all corvus Rust and npm package versions from 0.3.2 to 0.4.0 to reflect new features and changes. [1] [2] [3] [4] [5] [6] [7] [8] [9]

Build and Dependency Management:

  • Updated .github/renovate.json to enable additional package managers, adjust the update schedule, and improve automerge and scheduling behavior for dependency updates. [1] [2]

Let me know if you want a deeper dive into any specific area or further explanation of the refactored logic!

@yacosta738
chore(release): bump version to 0.4.0
7f911b4
@yacosta738
Merge remote-tracking branch 'origin/main'
07d710b
@yacosta738
feat: enhance configuration and dependencies for code specialist sess…
ffa9fb6 
…ions

- Add DOCS_URL to .env.example for landing CTAs.
- Update bzip2 installation in Dockerfile.ubuntu.
- Bump @fontsource-variable/inter to version 5.2.8 in package.json.
- Rename Analytics.astro for better structure.
- Improve error handling in postinstall.js.
- Refactor signal handling in signal.rs for clarity.
- Introduce structured code-session output contract in new spec.md.
- Add proposal for code specialist workflow in proposal.md.
@yacosta738
feat: implement code-specialist session architecture and entry point
2aad004
@coderabbitai
Copy link
Copy Markdown
Contributor

coderabbitai Bot commented Mar 9, 2026
edited
Loading

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

  • @coderabbitai resume to resume automatic reviews.
  • @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

  • ▶️ Resume reviews
  • 🔍 Trigger review
📝 Walkthrough

Walkthrough

Synchronized version bumps to 0.4.0 across clients and web; reworked agent turn flow to gate tool-calls with approval checks and finalization; refactored config, channels (DingTalk/SSE), identity, onboarding, and skills; marketing site redesign and CSS token overhaul; replaced postinstall CommonJS with ESM; added Code Agent Specialist specs and CI/tooling tweaks.

Changes

Cohort / File(s) Summary
Version & Manifests
clients/agent-runtime/Cargo.toml, clients/agent-runtime/npm/corvus*/package.json, clients/web/apps/*/package.json, clients/web/packages/*/package.json, gradle.properties, gradle/build-logic/gradle.properties, clients/web/package.json		 Bumped many packages and manifests from 0.3.2 → 0.4.0; minor package.json script and packageManager updates.
Renovate config
.github/renovate.json		 Removed schedule:monthly, added enabledManagers list, set updateNotScheduled: true.
Agent: tool gating & finalization
clients/agent-runtime/src/agent/agent.rs		 Reworked turn flow: inline provider messages removed, introduced execute_gated_tool_calls, per-call keys, approval-result modeling, gated execution, record_tool_response, finalize_text_response, and mission-policy denial paths.
Agent: config & bootstrap
clients/agent-runtime/src/config/schema.rs, clients/agent-runtime/src/main.rs		 Extracted env-override helpers and MCP validations; moved logging/onboard logic into helpers and bumped CLI version.
Channels: socket & SSE parsing
clients/agent-runtime/src/channels/dingtalk.rs, clients/agent-runtime/src/channels/signal.rs		 DingTalk: decode_socket_frame, IncomingSocketFrame, handle_stream_frame and tests; Signal: append_sse_data and flush_sse_event to centralize SSE emission and tests.
Identity, onboarding, providers, skills
clients/agent-runtime/src/identity.rs, clients/agent-runtime/src/onboard/wizard.rs, clients/agent-runtime/src/providers/compatible.rs, clients/agent-runtime/src/skills/mod.rs		 Identity: modular prompt builders + new is_aieos_configured; Onboard: prompt/input helpers and IRC auth struct; Providers: robust response-text extraction; Skills: modular install/remove with cross-platform symlink/copy and path-safety checks.
CLI postinstall script
clients/agent-runtime/npm/corvus-cli/scripts/postinstall.js, clients/agent-runtime/npm/corvus-cli/scripts/postinstall.mjs, clients/agent-runtime/npm/corvus-cli/package.json		 Removed old CommonJS postinstall.js; added ESM postinstall.mjs (top-level await, createRequire) and updated package.json (private, version, script target).
Marketing site & styling
clients/web/apps/marketing/src/pages/index.astro, clients/web/apps/marketing/src/styles/global.css, clients/web/apps/marketing/astro.config.mjs, clients/web/apps/marketing/src/components/analytics/Analytics.astro, clients/web/apps/marketing/src/layouts/MarketingLayout.astro, clients/web/apps/marketing/.env.example		 Marketing redesign: resolvePublicUrl helper, docs env, install UI (copy button), analytics change (removed Partytown attr), added skip-link, and large CSS token/class API overhaul.
Web workspace & deps
clients/web/pnpm-workspace.yaml, various web package.json files		 Updated workspace globs, catalog dependency versions, added update-deps script, bumped pnpm.
Build & repo tooling
gradle/configs/*, dev/os/Dockerfile.ubuntu, sync-version-with-tag.sh, .github/workflows/sonarqube-analysis.yml		 Checkstyle/PMD comments removed, commit-msg prints to stderr, minor Dockerfile reorder, added return 0 in sync script, updated Sonar exclusions.
Openspec: Code Agent Specialist
openspec/changes/code-agent-specialist/*		 Added design, proposal, specs, tasks and exploratory docs formalizing first-class code-mode and bounded delegated code sessions with structured outputs and governance.
Docs & misc content
README.md, clients/web/apps/docs/**, clients/web/apps/marketing/**		 Updated external links, docs content tweaks, README badge URL change and minor copy edits.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant Agent as Agent Loop
    participant Dispatcher as Tool Dispatcher
    participant Gate as Tool Gate
    participant Executor as Tool Executor
    participant Memory as Memory Manager

    User->>Agent: Send message
    Agent->>Agent: Build tool calls (if any)

    alt tool calls present
        Agent->>Dispatcher: check_tool_risk_for_origin (per call)
        Dispatcher-->>Agent: risk decisions
        Agent->>Gate: execute_gated_tool_calls (calls + risks)
        Gate->>Gate: separate approved vs approval-required

        alt approval-required exists
            Gate-->>Agent: gated_results (includes ApprovalRequired)
            Agent->>Memory: record_tool_response (save pending state)
            Agent-->>User: Return pending approval / mission_policy_denied if mission context
        else all approved
            Gate->>Executor: execute approved calls
            Executor-->>Gate: ToolExecutionResult(s)
            Gate-->>Agent: merged gated_results
            Agent->>Memory: record_tool_response (push results)
            Agent-->>User: Return formatted tool results
        end
    else no tool calls
        Agent->>Agent: finalize_text_response -> final_text
        Agent->>Memory: validate & persist memory, push to history
        Agent-->>User: Return final_text
    end
Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related PRs

Suggested labels

area:rust, risk:high, risk:security, area:docs

Suggested reviewers

  • yuniel-acosta
🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 29.46% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
✅ Passed checks (2 passed)
Check name Status Explanation
Title check ✅ Passed The title follows Conventional Commit format (refactor:) and is under 72 characters (71 chars), clearly summarizing the main changes: refactoring and version bump.
Description check ✅ Passed The description provides a comprehensive summary of changes with specific sections (Agent Tool Call Execution, Channel Handling, Configuration Management, Package Versions, Build/Dependency Management), addressing the core intent. All required template sections are present: Summary is detailed, Tested Information is covered, Breaking Changes section is present (none listed), and Checklist is complete.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch cqa

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Mar 9, 2026
edited
Loading

✅ Contributor Report

User: @yacosta738
Status: Passed (12/13 metrics passed)

Metric Description Value Threshold Status
PR Merge Rate PRs merged vs closed 88% >= 30%
Repo Quality Repos with ≥100 stars 0 >= 0
Positive Reactions Positive reactions received 9 >= 1
Negative Reactions Negative reactions received 0 <= 5
Account Age GitHub account age 3055 days >= 30 days
Activity Consistency Regular activity over time 108% >= 0%
Issue Engagement Issues with community engagement 0 >= 0
Code Reviews Code reviews given to others 398 >= 0
Merger Diversity Unique maintainers who merged PRs 2 >= 0
Repo History Merge Rate Merge rate in this repo 90% >= 0%
Repo History Min PRs Previous PRs in this repo 136 >= 0
Profile Completeness Profile richness (bio, followers) 90 >= 0
Suspicious Patterns Spam-like activity detection 1 N/A

Contributor Report evaluates based on public GitHub activity. Analysis period: 2025-03-09 to 2026-03-09

coderabbitai[bot]
coderabbitai Bot reviewed Mar 9, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 26

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (4)
clients/agent-runtime/src/identity.rs (1)

493-495: ⚠️ Potential issue | 🟡 Minor

Dead code: test_workspace_dir is never called.

This helper is defined but no tests use it. Additionally, load_aieos_identity has no test coverage.

🧹 Remove or use the helper

Either remove the unused function:

-    fn test_workspace_dir() -> PathBuf {
-        std::env::temp_dir().join("corvus-test-identity")
-    }

Or add tests for load_aieos_identity that use it.

Want me to draft test cases for load_aieos_identity covering the file path, inline JSON, and error scenarios?

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@clients/agent-runtime/src/identity.rs` around lines 493 - 495, The helper
function test_workspace_dir is dead code — either delete test_workspace_dir()
from clients/agent-runtime/src/identity.rs, or keep it and add tests that
exercise load_aieos_identity using that workspace path; specifically, add unit
tests that call load_aieos_identity for the three scenarios (file path JSON,
inline JSON string, and error/malformed input) and use test_workspace_dir() to
create/remove temp files so the tests are hermetic; reference
test_workspace_dir() and load_aieos_identity() when adding or removing code.
clients/agent-runtime/src/agent/agent.rs (1)

422-436: ⚠️ Potential issue | 🟡 Minor

parallel_tools config has no effect - both branches execute sequentially.

The if !self.config.parallel_tools branch and the else branch contain identical sequential logic. If parallel execution is intended, the else branch should use futures::future::join_all or similar.

Fix: Either implement parallel execution or remove the dead branch 
     async fn execute_tools(&self, calls: &[ParsedToolCall]) -> Vec<ToolExecutionResult> {
-        if !self.config.parallel_tools {
-            let mut results = Vec::with_capacity(calls.len());
-            for call in calls {
-                results.push(self.execute_tool_call(call).await);
-            }
-            return results;
-        }
-
+        // Sequential execution - parallel_tools config currently unused
         let mut results = Vec::with_capacity(calls.len());
         for call in calls {
             results.push(self.execute_tool_call(call).await);
         }
         results
     }

Or implement actual parallel execution using futures::future::join_all.

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@clients/agent-runtime/src/agent/agent.rs` around lines 422 - 436, The else
branch of async fn execute_tools currently duplicates the sequential loop, so
self.config.parallel_tools has no effect; modify execute_tools to run calls
concurrently when self.config.parallel_tools is true by collecting futures from
self.execute_tool_call(call) for each call and awaiting them with
futures::future::join_all (or futures::stream::FuturesUnordered) to return
Vec<ToolExecutionResult>, while keeping the existing sequential loop in the
!self.config.parallel_tools branch; reference execute_tools, execute_tool_call,
and self.config.parallel_tools when making the change.
clients/agent-runtime/src/providers/compatible.rs (1)

441-464: ⚠️ Potential issue | 🟡 Minor

Add a regression test for multiple output messages.

The helpers currently return the first non-empty text in response.output, but the Responses API doesn't expose phase or final_answer fields—those belong to the Reasoning API. However, the missing test coverage for multi-output scenarios is a gap: add a test that verifies behavior when response.output contains multiple items to prevent accidental regressions if output ordering or filtering logic changes.

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@clients/agent-runtime/src/providers/compatible.rs` around lines 441 - 464,
The two helper functions first_output_content_text_by_kind and
first_output_content_text currently just return the first non-empty content.text
from response.output but there’s no test ensuring correct behavior when
response.output contains multiple items; add a regression unit test that
constructs a ResponsesResponse with multiple output items (each with multiple
content entries, some with empty text and different kind values) and assert that
first_output_content_text returns the first non-empty text overall and
first_output_content_text_by_kind returns the first non-empty text matching a
given kind (and None when no matching non-empty text exists), covering ordering
and filtering edge cases to prevent future regressions.
clients/agent-runtime/src/config/schema.rs (1)

2630-2634: ⚠️ Potential issue | 🟡 Minor

Validate WEB_SEARCH_PROVIDER before storing it.

This helper accepts any non-empty provider string, so typos or mixed-case values survive startup and only fail when the search tool is used. Normalize to lowercase and reject anything outside duckduckgo / brave, like the other enum-style overrides in this section.

Suggested fix 
-        env_override_string_plain(
-            "CORVUS_WEB_SEARCH_PROVIDER",
-            "WEB_SEARCH_PROVIDER",
-            &mut self.web_search.provider,
-        );
+        if let Ok(raw) = std::env::var("CORVUS_WEB_SEARCH_PROVIDER")
+            .or_else(|_| std::env::var("WEB_SEARCH_PROVIDER"))
+        {
+            let provider = raw.trim().to_ascii_lowercase();
+            if matches!(provider.as_str(), "duckduckgo" | "brave") {
+                self.web_search.provider = provider;
+            } else if !provider.is_empty() {
+                tracing::warn!(
+                    "ignoring unknown web search provider override '{}'; allowed: duckduckgo, brave",
+                    raw.trim()
+                );
+            }
+        }
As per coding guidelines: Security first, performance second. Validate input boundaries, auth/authz implications, and secret management.
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@clients/agent-runtime/src/config/schema.rs` around lines 2630 - 2634, The
env_override_string_plain call that writes WEB_SEARCH_PROVIDER /
CORVUS_WEB_SEARCH_PROVIDER into self.web_search.provider must validate and
normalize input: convert the incoming string to lowercase, check it strictly
against the allowed set {"duckduckgo", "brave"}, and only assign to
self.web_search.provider if it matches; otherwise return an error (or leave
default) and log/reject the invalid value. Update the code that calls
env_override_string_plain for WEB_SEARCH_PROVIDER to perform normalization and
validation before storing, referencing env_override_string_plain,
WEB_SEARCH_PROVIDER, CORVUS_WEB_SEARCH_PROVIDER, and self.web_search.provider so
typos or mixed-case values are rejected at startup.
🤖 Prompt for all review comments with AI agents 
Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@clients/agent-runtime/npm/corvus-cli/package.json`:
- Line 3: Two packages declare the same npm name "@dallay/corvus" which will
cause collisions if the CLI package is ever published; either give the CLI
package a distinct name by changing the "name" field in
clients/agent-runtime/npm/corvus-cli/package.json to something like
"@dallay/corvus-cli" (update any internal references), or explicitly mark the
CLI package as non-publishable (set "private": true) and update the publish
workflow to only target the intended package directory; adjust the package.json
"name" or "private" field and ensure the publish workflow and any references
reflect that decision.

In `@clients/agent-runtime/npm/corvus/package.json`:
- Line 3: Update the platform binary version pins in package.json's
optionalDependencies to match the bumped package version: find the
optionalDependencies block and change all platform packages currently pinned to
"0.3.0" to "0.4.0" so they match the new "version": "0.4.0" (ensure entries
referencing platform binaries and any entries for `@dallay/corvus-related`
optional packages are updated).

In `@clients/agent-runtime/src/agent/agent.rs`:
- Around line 619-625: The current chain using
calls.iter().enumerate().filter_map(|(index, call)| {
results_by_call_id.remove(&Self::tool_call_key(index, call)) }) silently drops
entries when a key is missing; change this to explicitly map over (index, call)
and call results_by_call_id.remove(&Self::tool_call_key(index, call)) with an
expect or debug_assert in debug builds (or log/return an error in release) so
missing keys are surfaced; locate the logic around calls.iter().enumerate(),
results_by_call_id.remove and Self::tool_call_key to implement the explicit
check and failure/logging behavior.

In `@clients/agent-runtime/src/channels/dingtalk.rs`:
- Around line 177-223: Add unit tests that exercise decode_socket_frame and
handle_stream_frame across all branches: for decode_socket_frame test
Ok(Message::Text) -> Text, Ok(Message::Close) -> Break, Err(_) -> Break and _ ->
Continue. For handle_stream_frame write tests for "SYSTEM" delegating to
handle_system_frame, "EVENT"/"CALLBACK" paths where handle_event_callback
returns Some(ChannelMessage) (verify extract_message_id and build_ack_response
cause a Message::Text ack sent on the provided write sink and tx.send succeeds),
where handle_event_callback returns None (returns true), and where tx.send fails
(simulate closed sender and assert it logs/returns false). Use tokio::test with
a mock or test Sink for write (implement SinkExt<Message> + Unpin and capture
sent messages) and a tokio mpsc::Sender to assert send behavior; reference
functions decode_socket_frame, handle_stream_frame, handle_system_frame,
handle_event_callback, extract_message_id, and build_ack_response to locate
implementation.
- Around line 203-205: The SYSTEM frame branch currently routes every SYSTEM
frame to handle_system_frame which always sends a response; change the
dispatcher (the match on frame_type) to branch by frame.topic (e.g., "ping" vs
"disconnect") instead of always calling handle_system_frame, call a new or
updated handler that for "ping" builds and sends a pong that echoes the incoming
opaque (fix build_pong_response to accept and include the opaque value in
"data") and for "disconnect" does not send any reply (allow connection close
only); update handle_system_frame/build_pong_response signatures accordingly and
add unit tests exercising the dispatcher for ping (assert response includes
echoed opaque) and disconnect (assert no response sent).

In `@clients/agent-runtime/src/channels/signal.rs`:
- Around line 336-378: The new split of SSE parsing into append_sse_data and
flush_sse_event lacks a regression test that exercises the path where multiple
"data:" lines are accumulated and then flushed on a blank line so tx.send is
invoked; add a test that feeds lines like "data: {...}" (possibly split across
multiple data: lines), then an empty line, calls flush_sse_event (or the public
reader that triggers it), and asserts that process_envelope/tx.send produced the
expected ChannelMessage (or that the test receiver got the message); target the
functions append_sse_data and flush_sse_event and use a real or mocked
mpsc::Sender/receiver to confirm tx.send was called with the parsed SseEnvelope
payload.
- Around line 366-370: The tx.send error when delivering a processed envelope is
currently mapped into the generic Err(()) used for reconnectable SSE failures,
causing listen() to be treated as transient and re-enter the reconnect loop;
change the handling in process_envelope / where tx.send is called so that a
failed tx.send is treated as a downstream shutdown (return a distinct error
variant or propagate a dedicated Shutdown error) instead of the reconnectable
Err(()), update listen() to propagate that shutdown result up to the Signal task
so it stops cleanly, and ensure the Channel trait semantics
(send/listen/health_check) are preserved by adding the new error variant to the
listener path and adjusting any reconnect logic to only retry on SSE
chunk/connect failures, not on tx.send failures.

In `@clients/agent-runtime/src/config/schema.rs`:
- Around line 2598-2605: apply_workspace_override currently updates only
self.workspace_dir when CORVUS_WORKSPACE is set, leaving self.config_path
pointing to the old location; call
resolve_config_dir_for_workspace(&PathBuf::from(workspace)) and assign both
returned values to self.config_path and self.workspace_dir (or otherwise update
the stored config path field) so callers that save will write to the new
config_path; update references to the tuple result from
resolve_config_dir_for_workspace in apply_workspace_override to set both symbols
consistently.

In `@clients/agent-runtime/src/identity.rs`:
- Around line 445-475: The append_weighted_map and append_map_list functions
iterate HashMap which yields non-deterministic order; make output stable by
collecting and sorting the keys (or entries) before iterating (e.g., get keys,
sort them, then lookup weights/values) so the neural_matrix and favorites
sections render deterministically; update both functions to iterate over a
sorted sequence of keys rather than directly over the HashMap, or alternatively
change the source types to ordered maps like BTreeMap where appropriate.

In `@clients/agent-runtime/src/main.rs`:
- Around line 609-614: Add regression tests covering the CLI parsing for the
onboard command to ensure the runtime checks in main.rs (the branches that check
`if interactive && channels_only` and `if channels_only && (api_key.is_some() ||
provider.is_some() || memory.is_some())`) continue to reject invalid flag
combos; specifically add tests that assert `onboard --interactive
--channels-only` fails with the same error and that `onboard --channels-only`
combined with `--api-key`, `--provider`, or `--memory` also fails. Place these
tests alongside the existing `update` parsing tests, exercise the same
parser/CLI entrypoint used by main.rs, and assert the error messages/exit codes
match the runtime bails so future refactors won't silently change the CLI
contract.

In `@clients/agent-runtime/src/onboard/wizard.rs`:
- Around line 3650-3673: Add focused unit tests for parse_csv_values,
parse_irc_allowed_users, and trimmed_optional using table-driven cases: include
"*" for parse_irc_allowed_users (expect vec!["*"]), inputs with trailing commas
and extra whitespace (e.g., "a, b, " → ["a","b"]), empty and whitespace-only
strings (expect parse_csv_values→empty vec, trimmed_optional→None), and
single-value inputs; assert exact Vec<String> or Option<String> results to catch
regressions in wildcard handling and blank-to-None normalization. Reference the
functions parse_csv_values, parse_irc_allowed_users, and trimmed_optional when
adding these tests.
- Around line 3682-3701: The prompt_irc_auth_inputs helper currently uses
prompt_text (which echoes input) for server_password, nickserv_password, and
sasl_password and thus leaks secrets; replace those three prompt_text calls with
Password::new().allow_empty_password(true) prompts (preserving any existing
trim/validation logic afterwards) so inputs are not echoed, and ensure the
values are still stored into the IrcAuthInputs fields (server_password,
nickserv_password, sasl_password) and verify_tls remains unchanged in the
function.

In `@clients/agent-runtime/src/providers/compatible.rs`:
- Around line 467-474: ResponsesResponse doesn't deserialize the model refusal
reason so extract_responses_text() misses refusal-only replies; add a refusal:
Option<String> field to the ResponsesResponse struct (with serde/social
appropriate rename if needed) and update extract_responses_text(response:
ResponsesResponse) to check response.refusal (returning its string when Some)
before falling back to
first_output_content_text_by_kind()/first_output_content_text(), ensuring
chat_via_responses() surfaces the denial reason rather than the generic "No
response" error.

In `@clients/agent-runtime/src/skills/mod.rs`:
- Around line 529-531: The function is_remote_skill_source currently treats both
"https://" and "http://" as remote sources, which allows insecure HTTP clones;
update is_remote_skill_source to accept only "https://" (reject "http://") and
adjust call sites that rely on it to either log a clear warning when
encountering an "http://" source or return an explicit Result/Error so callers
can decide to abort; specifically modify is_remote_skill_source to check only
for "https://", and update any code paths that previously silently allowed HTTP
(references: is_remote_skill_source) to emit a warning or fail fast when an
"http://" source is detected.
- Around line 552-562: install_local_skill can produce dest == skills_path when
src.file_name() is None or empty (e.g., source = "/" or "."), risking overwrite;
modify install_local_skill to validate the extracted file name before joining:
call src.file_name(), ensure it exists and is not empty (and reject names like
"."/".."), return an error (anyhow::bail!) if invalid, then compute dest =
skills_path.join(valid_name) and call link_or_copy_local_skill(&src, &dest) as
before.

In `@clients/web/apps/docs/package.json`:
- Around line 18-25: The package.json's check script needs to run Astro's
verifier so the Astro 5.18.0 bump is validated; update the package.json
"scripts"."check" to invoke "astro check" (e.g., run "astro check" before or
alongside the existing Biome check) so Astro-specific config and type issues are
caught during CI before shipping 0.4.0; locate the "scripts" object and the
"check" script in package.json and add the "astro check" command in the check
flow.

In `@clients/web/apps/marketing/src/pages/index.astro`:
- Around line 14-27: The resolvePublicUrl function in pages/index.astro is
duplicated with a slightly different behavior; extract it into the shared
package (exported from `@corvus/shared` as resolvePublicUrl) and update both uses
to import that single implementation so URL normalization (including stripping
trailing slashes) is consistent across the marketing app; change the
implementations in index.astro and astro.config.mjs to import resolvePublicUrl
from `@corvus/shared`, ensure the shared function trims input, falls back on the
provided fallback, strips a trailing slash, and preserves error handling, and
add/adjust any tests or types in `@corvus/shared` to match the exported signature
(value: string | undefined, fallback: string) => string.
- Around line 496-507: The clipboard write block using
navigator.clipboard.writeText(copyText) should detect unavailable or insecure
contexts and surface a clearer fallback; update the try/catch so before calling
writeText you check navigator.clipboard and window.isSecureContext (or
location.protocol) and, if unavailable, set element.textContent to a descriptive
message like "Copy unavailable (insecure context)" and call pushMetric with a
failure reason; in the catch block log the caught error (e.g., console.error or
process logger) and set element.textContent to include the error or a friendlier
"Copy failed: <reason>" message while preserving the existing class toggles
(is-copied) so users on HTTP previews understand why copy failed.

In `@clients/web/apps/marketing/src/styles/global.css`:
- Line 339: The CSS uses the deprecated declaration "word-break: break-word" in
global.css; remove that line or change it to "word-break: normal" since
"overflow-wrap: anywhere" on the preceding rule already provides the desired
behavior—update the rule that contains "overflow-wrap: anywhere" and
"word-break: break-word" (the global stylesheet rule) to drop the deprecated
value or set word-break to normal.

In `@clients/web/pnpm-workspace.yaml`:
- Around line 18-26: The workspace lists astro: 5.18.0 while pinning vite:
7.3.1, causing an Astro/Vite version mismatch (Astro 5 expects Vite 6.x); fix by
making the versions compatible: either change vite to a 6.x release (e.g., 6.x)
to match astro 5.18.0 or upgrade astro to 6.x so it supports Vite 7, and update
the corresponding entries (astro and vite) in the workspace manifest to the
chosen compatible pair.

In `@gradle/configs/git/hooks/commit-msg.sh`:
- Around line 18-22: The hook currently hardcodes
MSG_PATH=".git/COMMIT_EDITMSG", which fails in linked worktrees and custom
GIT_DIR setups; change the script to use the first hook argument ($1) as the
commit message path (e.g., set MSG_PATH="$1" or use "$1" directly) and preserve
the existing existence check and error/exit behavior so the commit-msg hook
reads and validates the real message file passed by Git; update any references
to MSG_PATH in commit-msg.sh accordingly.

In `@openspec/changes/code-agent-specialist/exploration.md`:
- Around line 6-15: The doc uses hard-coded source line numbers (e.g.,
references to clients/agent-runtime/src/agent/agent.rs:341,
clients/agent-runtime/src/bootstrap/mod.rs:14,
clients/agent-runtime/src/config/schema.rs:1131, etc.), which will quickly go
stale; replace those inline line-number citations with stable references to
files and symbols (function/class/constant names) or move the detailed code
evidence into a generated appendix, e.g., reference Agent::code_from_config,
Agent::from_config, DelegateTool::execute, DelegateAgentConfig, the bootstrap
module, and specific schema types instead of line numbers, and update
exploration.md to link to the repo path or appendix entries for each bullet so
the spec remains accurate after refactors.

In `@openspec/changes/code-agent-specialist/specs/code-specialist/spec.md`:
- Line 21: Add a blank line immediately after each "#### Scenario: ..." heading
(e.g., "#### Scenario: User starts an explicit code session" and the other
occurrences listed) so the heading is followed by an empty line before the
subsequent list/content; update each of those scenario headings (lines 21, 29,
41, 49, 64, 71, 85, 94, 108, 115 occurrences of "#### Scenario:") to include one
trailing blank line to satisfy markdownlint MD022.

In `@openspec/changes/code-agent-specialist/tasks.md`:
- Around line 26-29: Update Phase 4 test instructions to require the Rust
validation gates for all clients/agent-runtime Rust files: ensure the checklist
or script (references: the Phase 4 steps in
openspec/changes/code-agent-specialist/tasks.md and the Phase 4 items 4.4)
explicitly runs or documents running "cargo fmt --all -- --check", "cargo clippy
--all-targets -- -D warnings", and "cargo test" for
clients/agent-runtime/**/*.rs; if any of these checks are skipped, add a concise
note explaining which check was skipped and why so the validation state is
explicit before handoff.
- Around line 19-23: Add a new Phase 3 checklist item (e.g., "3.5") in the tasks
list that documents a rollback/threat-model task: include threat/risk notes and
a rollback strategy covering security, runtime, and gateway changes, specify
tests for boundary checks and failure modes, and reference where to update
docs/tests (the existing Phase 3 entries 3.1–3.4 in the tasks list) so reviewers
can see this explicit escape-hatch and verification steps for
approval/workspace/MCP changes.

---

Outside diff comments:
In `@clients/agent-runtime/src/agent/agent.rs`:
- Around line 422-436: The else branch of async fn execute_tools currently
duplicates the sequential loop, so self.config.parallel_tools has no effect;
modify execute_tools to run calls concurrently when self.config.parallel_tools
is true by collecting futures from self.execute_tool_call(call) for each call
and awaiting them with futures::future::join_all (or
futures::stream::FuturesUnordered) to return Vec<ToolExecutionResult>, while
keeping the existing sequential loop in the !self.config.parallel_tools branch;
reference execute_tools, execute_tool_call, and self.config.parallel_tools when
making the change.

In `@clients/agent-runtime/src/config/schema.rs`:
- Around line 2630-2634: The env_override_string_plain call that writes
WEB_SEARCH_PROVIDER / CORVUS_WEB_SEARCH_PROVIDER into self.web_search.provider
must validate and normalize input: convert the incoming string to lowercase,
check it strictly against the allowed set {"duckduckgo", "brave"}, and only
assign to self.web_search.provider if it matches; otherwise return an error (or
leave default) and log/reject the invalid value. Update the code that calls
env_override_string_plain for WEB_SEARCH_PROVIDER to perform normalization and
validation before storing, referencing env_override_string_plain,
WEB_SEARCH_PROVIDER, CORVUS_WEB_SEARCH_PROVIDER, and self.web_search.provider so
typos or mixed-case values are rejected at startup.

In `@clients/agent-runtime/src/identity.rs`:
- Around line 493-495: The helper function test_workspace_dir is dead code —
either delete test_workspace_dir() from clients/agent-runtime/src/identity.rs,
or keep it and add tests that exercise load_aieos_identity using that workspace
path; specifically, add unit tests that call load_aieos_identity for the three
scenarios (file path JSON, inline JSON string, and error/malformed input) and
use test_workspace_dir() to create/remove temp files so the tests are hermetic;
reference test_workspace_dir() and load_aieos_identity() when adding or removing
code.

In `@clients/agent-runtime/src/providers/compatible.rs`:
- Around line 441-464: The two helper functions
first_output_content_text_by_kind and first_output_content_text currently just
return the first non-empty content.text from response.output but there’s no test
ensuring correct behavior when response.output contains multiple items; add a
regression unit test that constructs a ResponsesResponse with multiple output
items (each with multiple content entries, some with empty text and different
kind values) and assert that first_output_content_text returns the first
non-empty text overall and first_output_content_text_by_kind returns the first
non-empty text matching a given kind (and None when no matching non-empty text
exists), covering ordering and filtering edge cases to prevent future
regressions.
ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 1e2fc391-ea8f-4c00-b14c-284792759e4e

📥 Commits

Reviewing files that changed from the base of the PR and between 46b1fe6 and 2aad004.

⛔ Files ignored due to path filters (2)
  • clients/agent-runtime/Cargo.lock is excluded by !**/*.lock
  • clients/web/pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml
📒 Files selected for processing (49)
  • .github/renovate.json
  • clients/agent-runtime/Cargo.toml
  • clients/agent-runtime/npm/corvus-cli/package.json
  • clients/agent-runtime/npm/corvus-cli/scripts/postinstall.js
  • clients/agent-runtime/npm/corvus-darwin-arm64/package.json
  • clients/agent-runtime/npm/corvus-darwin-x64/package.json
  • clients/agent-runtime/npm/corvus-linux-arm64/package.json
  • clients/agent-runtime/npm/corvus-linux-x64/package.json
  • clients/agent-runtime/npm/corvus-windows-arm64/package.json
  • clients/agent-runtime/npm/corvus-windows-x64/package.json
  • clients/agent-runtime/npm/corvus/package.json
  • clients/agent-runtime/src/agent/agent.rs
  • clients/agent-runtime/src/channels/dingtalk.rs
  • clients/agent-runtime/src/channels/signal.rs
  • clients/agent-runtime/src/config/schema.rs
  • clients/agent-runtime/src/identity.rs
  • clients/agent-runtime/src/main.rs
  • clients/agent-runtime/src/onboard/wizard.rs
  • clients/agent-runtime/src/providers/compatible.rs
  • clients/agent-runtime/src/skills/mod.rs
  • clients/web/apps/chat/package.json
  • clients/web/apps/dashboard/package.json
  • clients/web/apps/docs/package.json
  • clients/web/apps/marketing/.env.example
  • clients/web/apps/marketing/astro.config.mjs
  • clients/web/apps/marketing/package.json
  • clients/web/apps/marketing/src/components/analytics/Analytics.astro
  • clients/web/apps/marketing/src/layouts/MarketingLayout.astro
  • clients/web/apps/marketing/src/pages/index.astro
  • clients/web/apps/marketing/src/styles/global.css
  • clients/web/package.json
  • clients/web/packages/locales/package.json
  • clients/web/packages/shared/package.json
  • clients/web/packages/ui/package.json
  • clients/web/pnpm-workspace.yaml
  • dev/os/Dockerfile.ubuntu
  • gradle.properties
  • gradle/build-logic/gradle.properties
  • gradle/configs/checkstyle/checkstyle-import-control.xml
  • gradle/configs/checkstyle/checkstyle.xml
  • gradle/configs/git/hooks/commit-msg.sh
  • gradle/configs/pmd/pmd.xml
  • openspec/changes/code-agent-specialist/design.md
  • openspec/changes/code-agent-specialist/exploration.md
  • openspec/changes/code-agent-specialist/proposal.md
  • openspec/changes/code-agent-specialist/specs/agent-loop/spec.md
  • openspec/changes/code-agent-specialist/specs/code-specialist/spec.md
  • openspec/changes/code-agent-specialist/tasks.md
  • sync-version-with-tag.sh
💤 Files with no reviewable changes (3)
  • gradle/configs/checkstyle/checkstyle-import-control.xml
  • gradle/configs/checkstyle/checkstyle.xml
  • gradle/configs/pmd/pmd.xml
📜 Review details
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (5)
  • GitHub Check: sonar
  • GitHub Check: pr-checks-build-logic
  • GitHub Check: pr-checks
  • GitHub Check: pr-checks-build-logic
  • GitHub Check: Cloudflare Pages
🧰 Additional context used
📓 Path-based instructions (10)
**/*

⚙️ CodeRabbit configuration file

**/*: Security first, performance second.
Validate input boundaries, auth/authz implications, and secret management.
Look for behavioral regressions, missing tests, and contract breaks across modules.

Files:

  • clients/web/packages/shared/package.json
  • gradle/build-logic/gradle.properties
  • clients/agent-runtime/Cargo.toml
  • clients/agent-runtime/src/channels/signal.rs
  • sync-version-with-tag.sh
  • clients/web/package.json
  • clients/agent-runtime/npm/corvus-cli/scripts/postinstall.js
  • clients/web/packages/locales/package.json
  • clients/agent-runtime/npm/corvus-linux-x64/package.json
  • clients/web/apps/marketing/package.json
  • clients/agent-runtime/npm/corvus-cli/package.json
  • clients/agent-runtime/npm/corvus/package.json
  • clients/agent-runtime/src/onboard/wizard.rs
  • gradle.properties
  • clients/web/apps/chat/package.json
  • clients/web/apps/docs/package.json
  • clients/agent-runtime/npm/corvus-darwin-arm64/package.json
  • clients/web/apps/marketing/astro.config.mjs
  • openspec/changes/code-agent-specialist/tasks.md
  • clients/web/packages/ui/package.json
  • clients/web/apps/dashboard/package.json
  • openspec/changes/code-agent-specialist/specs/agent-loop/spec.md
  • clients/agent-runtime/src/identity.rs
  • openspec/changes/code-agent-specialist/exploration.md
  • clients/agent-runtime/npm/corvus-windows-arm64/package.json
  • clients/web/apps/marketing/src/layouts/MarketingLayout.astro
  • clients/agent-runtime/src/agent/agent.rs
  • clients/web/apps/marketing/src/components/analytics/Analytics.astro
  • clients/agent-runtime/src/main.rs
  • clients/agent-runtime/npm/corvus-windows-x64/package.json
  • gradle/configs/git/hooks/commit-msg.sh
  • clients/agent-runtime/src/skills/mod.rs
  • clients/agent-runtime/src/channels/dingtalk.rs
  • clients/web/apps/marketing/src/pages/index.astro
  • openspec/changes/code-agent-specialist/specs/code-specialist/spec.md
  • openspec/changes/code-agent-specialist/proposal.md
  • openspec/changes/code-agent-specialist/design.md
  • clients/agent-runtime/npm/corvus-darwin-x64/package.json
  • clients/agent-runtime/npm/corvus-linux-arm64/package.json
  • dev/os/Dockerfile.ubuntu
  • clients/agent-runtime/src/config/schema.rs
  • clients/agent-runtime/src/providers/compatible.rs
  • clients/web/pnpm-workspace.yaml
  • clients/web/apps/marketing/src/styles/global.css
clients/agent-runtime/**/Cargo.toml

📄 CodeRabbit inference engine (clients/agent-runtime/AGENTS.md)

clients/agent-runtime/**/Cargo.toml: Preserve release-size profile assumptions in Cargo.toml and avoid adding heavy dependencies unless clearly justified
Do not add heavy dependencies for minor convenience; justify new crate additions

Files:

  • clients/agent-runtime/Cargo.toml
clients/agent-runtime/src/channels/**/*.rs

📄 CodeRabbit inference engine (clients/agent-runtime/AGENTS.md)

Implement Channel trait in src/channels/ with consistent send, listen, and health_check semantics and cover auth/allowlist/health behavior with tests

Files:

  • clients/agent-runtime/src/channels/signal.rs
  • clients/agent-runtime/src/channels/dingtalk.rs
clients/agent-runtime/src/**/*.rs

📄 CodeRabbit inference engine (clients/agent-runtime/AGENTS.md)

clients/agent-runtime/src/**/*.rs: Never log secrets, tokens, raw credentials, or sensitive payloads in any logging statements
Avoid unnecessary allocations, clones, and blocking operations to maintain performance and efficiency

Files:

  • clients/agent-runtime/src/channels/signal.rs
  • clients/agent-runtime/src/onboard/wizard.rs
  • clients/agent-runtime/src/identity.rs
  • clients/agent-runtime/src/agent/agent.rs
  • clients/agent-runtime/src/main.rs
  • clients/agent-runtime/src/skills/mod.rs
  • clients/agent-runtime/src/channels/dingtalk.rs
  • clients/agent-runtime/src/config/schema.rs
  • clients/agent-runtime/src/providers/compatible.rs
clients/agent-runtime/**/*.rs

📄 CodeRabbit inference engine (clients/agent-runtime/AGENTS.md)

Run cargo fmt --all -- --check, cargo clippy --all-targets -- -D warnings, and cargo test for code validation, or document which checks were skipped and why

Files:

  • clients/agent-runtime/src/channels/signal.rs
  • clients/agent-runtime/src/onboard/wizard.rs
  • clients/agent-runtime/src/identity.rs
  • clients/agent-runtime/src/agent/agent.rs
  • clients/agent-runtime/src/main.rs
  • clients/agent-runtime/src/skills/mod.rs
  • clients/agent-runtime/src/channels/dingtalk.rs
  • clients/agent-runtime/src/config/schema.rs
  • clients/agent-runtime/src/providers/compatible.rs
**/*.rs

⚙️ CodeRabbit configuration file

**/*.rs: Focus on Rust idioms, memory safety, and ownership/borrowing correctness.
Flag unnecessary clones, unchecked panics in production paths, and weak error context.
Prioritize unsafe blocks, FFI boundaries, concurrency races, and secret handling.

Files:

  • clients/agent-runtime/src/channels/signal.rs
  • clients/agent-runtime/src/onboard/wizard.rs
  • clients/agent-runtime/src/identity.rs
  • clients/agent-runtime/src/agent/agent.rs
  • clients/agent-runtime/src/main.rs
  • clients/agent-runtime/src/skills/mod.rs
  • clients/agent-runtime/src/channels/dingtalk.rs
  • clients/agent-runtime/src/config/schema.rs
  • clients/agent-runtime/src/providers/compatible.rs
**/*.{md,mdx}

⚙️ CodeRabbit configuration file

**/*.{md,mdx}: Verify technical accuracy and that docs stay aligned with code changes.
For user-facing docs, check EN/ES parity or explicitly note pending translation gaps.

Files:

  • openspec/changes/code-agent-specialist/tasks.md
  • openspec/changes/code-agent-specialist/specs/agent-loop/spec.md
  • openspec/changes/code-agent-specialist/exploration.md
  • openspec/changes/code-agent-specialist/specs/code-specialist/spec.md
  • openspec/changes/code-agent-specialist/proposal.md
  • openspec/changes/code-agent-specialist/design.md
clients/agent-runtime/src/main.rs

📄 CodeRabbit inference engine (clients/agent-runtime/AGENTS.md)

clients/agent-runtime/src/main.rs: Preserve CLI contract unless change is intentional and documented; prefer explicit errors over silent fallback for unsupported critical paths
Keep startup path lean and avoid heavy initialization in command parsing flow

Files:

  • clients/agent-runtime/src/main.rs
clients/agent-runtime/src/{security,gateway,tools,config}/**/*.rs

📄 CodeRabbit inference engine (clients/agent-runtime/AGENTS.md)

Do not silently weaken security policy or access constraints; keep default behavior secure-by-default with deny-by-default where applicable

Files:

  • clients/agent-runtime/src/config/schema.rs
clients/agent-runtime/src/providers/**/*.rs

📄 CodeRabbit inference engine (clients/agent-runtime/AGENTS.md)

Implement Provider trait in src/providers/ and register in src/providers/mod.rs factory when adding a new provider

Files:

  • clients/agent-runtime/src/providers/compatible.rs
🧠 Learnings (14)
📓 Common learnings 
Learnt from: CR
Repo: dallay/corvus PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-02-17T07:28:38.934Z
Learning: Applies to .agents/AGENTS.md : Include version information and compatibility details for agents

Learnt from: CR
Repo: dallay/corvus PR: 0
File: clients/agent-runtime/AGENTS.md:0-0
Timestamp: 2026-02-17T12:31:17.076Z
Learning: Applies to clients/agent-runtime/**/*.rs : Run `cargo fmt --all -- --check`, `cargo clippy --all-targets -- -D warnings`, and `cargo test` for code validation, or document which checks were skipped and why

Learnt from: CR
Repo: dallay/corvus PR: 0
File: clients/agent-runtime/AGENTS.md:0-0
Timestamp: 2026-02-17T12:31:17.076Z
Learning: Applies to clients/agent-runtime/src/{security,gateway,tools,config}/**/*.rs : Do not silently weaken security policy or access constraints; keep default behavior secure-by-default with deny-by-default where applicable
📚 Learning: 2026-02-17T12:31:17.076Z 
Learnt from: CR
Repo: dallay/corvus PR: 0
File: clients/agent-runtime/AGENTS.md:0-0
Timestamp: 2026-02-17T12:31:17.076Z
Learning: Applies to clients/agent-runtime/**/Cargo.toml : Do not add heavy dependencies for minor convenience; justify new crate additions

Applied to files:

  • clients/agent-runtime/Cargo.toml
📚 Learning: 2026-02-17T12:31:17.076Z 
Learnt from: CR
Repo: dallay/corvus PR: 0
File: clients/agent-runtime/AGENTS.md:0-0
Timestamp: 2026-02-17T12:31:17.076Z
Learning: Applies to clients/agent-runtime/**/Cargo.toml : Preserve release-size profile assumptions in `Cargo.toml` and avoid adding heavy dependencies unless clearly justified

Applied to files:

  • clients/agent-runtime/Cargo.toml
📚 Learning: 2026-02-17T12:31:17.076Z 
Learnt from: CR
Repo: dallay/corvus PR: 0
File: clients/agent-runtime/AGENTS.md:0-0
Timestamp: 2026-02-17T12:31:17.076Z
Learning: Applies to clients/agent-runtime/**/*.rs : Run `cargo fmt --all -- --check`, `cargo clippy --all-targets -- -D warnings`, and `cargo test` for code validation, or document which checks were skipped and why

Applied to files:

  • clients/agent-runtime/Cargo.toml
  • clients/agent-runtime/src/onboard/wizard.rs
  • openspec/changes/code-agent-specialist/tasks.md
  • clients/agent-runtime/src/main.rs
  • clients/agent-runtime/src/skills/mod.rs
  • clients/agent-runtime/src/config/schema.rs
📚 Learning: 2026-02-17T12:31:17.076Z 
Learnt from: CR
Repo: dallay/corvus PR: 0
File: clients/agent-runtime/AGENTS.md:0-0
Timestamp: 2026-02-17T12:31:17.076Z
Learning: Applies to clients/agent-runtime/src/main.rs : Preserve CLI contract unless change is intentional and documented; prefer explicit errors over silent fallback for unsupported critical paths

Applied to files:

  • clients/agent-runtime/Cargo.toml
  • clients/agent-runtime/src/channels/signal.rs
  • clients/agent-runtime/src/onboard/wizard.rs
  • openspec/changes/code-agent-specialist/tasks.md
  • clients/agent-runtime/src/identity.rs
  • clients/agent-runtime/src/agent/agent.rs
  • clients/agent-runtime/src/main.rs
  • clients/agent-runtime/src/skills/mod.rs
  • openspec/changes/code-agent-specialist/design.md
  • clients/agent-runtime/src/config/schema.rs
  • clients/agent-runtime/src/providers/compatible.rs
📚 Learning: 2026-02-17T12:31:17.076Z 
Learnt from: CR
Repo: dallay/corvus PR: 0
File: clients/agent-runtime/AGENTS.md:0-0
Timestamp: 2026-02-17T12:31:17.076Z
Learning: Applies to clients/agent-runtime/src/channels/**/*.rs : Implement `Channel` trait in `src/channels/` with consistent `send`, `listen`, and `health_check` semantics and cover auth/allowlist/health behavior with tests

Applied to files:

  • clients/agent-runtime/src/channels/signal.rs
  • openspec/changes/code-agent-specialist/tasks.md
  • clients/agent-runtime/src/channels/dingtalk.rs
📚 Learning: 2026-02-17T12:31:17.076Z 
Learnt from: CR
Repo: dallay/corvus PR: 0
File: clients/agent-runtime/AGENTS.md:0-0
Timestamp: 2026-02-17T12:31:17.076Z
Learning: Applies to clients/agent-runtime/src/**/*.rs : Avoid unnecessary allocations, clones, and blocking operations to maintain performance and efficiency

Applied to files:

  • clients/agent-runtime/src/channels/signal.rs
  • clients/agent-runtime/src/agent/agent.rs
  • clients/agent-runtime/src/config/schema.rs
📚 Learning: 2026-02-17T12:31:17.076Z 
Learnt from: CR
Repo: dallay/corvus PR: 0
File: clients/agent-runtime/AGENTS.md:0-0
Timestamp: 2026-02-17T12:31:17.076Z
Learning: Applies to clients/agent-runtime/src/main.rs : Keep startup path lean and avoid heavy initialization in command parsing flow

Applied to files:

  • clients/agent-runtime/src/channels/signal.rs
  • clients/agent-runtime/src/onboard/wizard.rs
  • clients/agent-runtime/src/identity.rs
  • clients/agent-runtime/src/agent/agent.rs
  • clients/agent-runtime/src/main.rs
  • clients/agent-runtime/src/skills/mod.rs
📚 Learning: 2026-02-17T12:31:17.076Z 
Learnt from: CR
Repo: dallay/corvus PR: 0
File: clients/agent-runtime/AGENTS.md:0-0
Timestamp: 2026-02-17T12:31:17.076Z
Learning: Applies to clients/agent-runtime/src/{security,gateway,tools,config}/**/*.rs : Do not silently weaken security policy or access constraints; keep default behavior secure-by-default with deny-by-default where applicable

Applied to files:

  • clients/agent-runtime/src/onboard/wizard.rs
  • clients/agent-runtime/src/agent/agent.rs
  • openspec/changes/code-agent-specialist/proposal.md
  • openspec/changes/code-agent-specialist/design.md
  • clients/agent-runtime/src/config/schema.rs
📚 Learning: 2026-02-17T12:31:17.076Z 
Learnt from: CR
Repo: dallay/corvus PR: 0
File: clients/agent-runtime/AGENTS.md:0-0
Timestamp: 2026-02-17T12:31:17.076Z
Learning: Applies to clients/agent-runtime/src/tools/**/*.rs : Implement `Tool` trait in `src/tools/` with strict parameter schema, validate and sanitize all inputs, and return structured `ToolResult` without panics in runtime path

Applied to files:

  • clients/agent-runtime/src/onboard/wizard.rs
  • openspec/changes/code-agent-specialist/tasks.md
  • clients/agent-runtime/src/agent/agent.rs
  • clients/agent-runtime/src/skills/mod.rs
📚 Learning: 2026-02-17T07:28:38.934Z 
Learnt from: CR
Repo: dallay/corvus PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-02-17T07:28:38.934Z
Learning: Applies to .agents/AGENTS.md : Document agent configurations and capabilities in AGENTS.md

Applied to files:

  • openspec/changes/code-agent-specialist/tasks.md
  • openspec/changes/code-agent-specialist/exploration.md
📚 Learning: 2026-02-17T12:31:17.076Z 
Learnt from: CR
Repo: dallay/corvus PR: 0
File: clients/agent-runtime/AGENTS.md:0-0
Timestamp: 2026-02-17T12:31:17.076Z
Learning: Include threat/risk notes and rollback strategy for security, runtime, and gateway changes; add or update tests for boundary checks and failure modes

Applied to files:

  • openspec/changes/code-agent-specialist/tasks.md
📚 Learning: 2026-02-17T07:28:38.934Z 
Learnt from: CR
Repo: dallay/corvus PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-02-17T07:28:38.934Z
Learning: Applies to .agents/AGENTS.md : Maintain comprehensive agent metadata including name, description, purpose, and capabilities

Applied to files:

  • openspec/changes/code-agent-specialist/exploration.md
📚 Learning: 2026-02-17T12:31:17.076Z 
Learnt from: CR
Repo: dallay/corvus PR: 0
File: clients/agent-runtime/AGENTS.md:0-0
Timestamp: 2026-02-17T12:31:17.076Z
Learning: Applies to clients/agent-runtime/src/{security,gateway,tools}/**/*.rs : Treat `src/security/`, `src/gateway/`, `src/tools/` as high-risk surfaces and never broaden filesystem/network execution scope without explicit policy checks

Applied to files:

  • openspec/changes/code-agent-specialist/proposal.md
  • clients/agent-runtime/src/config/schema.rs
🪛 LanguageTool
openspec/changes/code-agent-specialist/exploration.md

[style] ~29-~29: Three successive sentences begin with the same word. Consider rewording the sentence or use a thesaurus to find a synonym.
Context: .... - openspec/specs/agent-loop/spec.md and openspec/specs/mcp-runtime/spec.md — ...

(ENGLISH_WORD_REPEAT_BEGINNING_RULE)

openspec/changes/code-agent-specialist/design.md

[style] ~59-~59: To elevate your writing, try using a synonym here.
Context: ...**: Prompt-only behavior is brittle and hard to audit. Additive schema fields fit th...

(HARD_TO)

[style] ~328-~328: Consider removing “of” to be more concise
Context: ...VP is considered technically sound when all of the following are true: - direct code mode...

(ALL_OF_THE)

🪛 markdownlint-cli2 (0.21.0)
openspec/changes/code-agent-specialist/specs/code-specialist/spec.md

[warning] 21-21: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

[warning] 29-29: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

[warning] 41-41: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

[warning] 49-49: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

[warning] 64-64: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

[warning] 71-71: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

[warning] 85-85: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

[warning] 94-94: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

[warning] 108-108: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

[warning] 115-115: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

🪛 Stylelint (17.4.0)
clients/web/apps/marketing/src/styles/global.css

[error] 339-339: Unexpected deprecated keyword "break-word" for property "word-break" (declaration-property-value-keyword-no-deprecated)

(declaration-property-value-keyword-no-deprecated)

🔇 Additional comments (29)
clients/web/packages/locales/package.json (1)

3-3: Version bump looks consistent with the release cut.

No concerns here; this is a straightforward metadata update and does not introduce a behavioral or dependency change in this package.

clients/web/packages/shared/package.json (1)

3-3: Version bump looks consistent.

This is a metadata-only change and does not alter the package surface, exports, or dependency behavior. No concerns here.

clients/web/packages/ui/package.json (1)

3-3: LGTM!

Version bump to 0.4.0 is consistent with the coordinated release across the monorepo. No changes to exports, entry points, or dependencies—no risk of behavioral regression or contract break.

sync-version-with-tag.sh (1)

104-104: Explicit success return is fine here.

These return 0 statements do not mask real failures because the helpers already fail fast under set -euo pipefail before control reaches them. This makes the function exits a bit more explicit and consistent.

Also applies to: 174-174

dev/os/Dockerfile.ubuntu (1)

23-23: LGTM - Alphabetical ordering maintained.

The bzip2 package has been correctly positioned after build-essential to maintain alphabetical sorting. This is a cosmetic change with no functional impact on the container build or runtime behavior.

clients/web/apps/marketing/package.json (1)

3-3: LGTM!

Version bump to 0.4.0 aligns with the coordinated release across the monorepo.

clients/web/apps/marketing/src/components/analytics/Analytics.astro (1)

10-10: LGTM!

Removing type="text/partytown" moves the analytics script from the Partytown web worker to the main thread. With async and small script size, performance impact should be negligible. This aligns with the broader Partytown removal from the marketing site config.

clients/web/apps/marketing/src/layouts/MarketingLayout.astro (2)

4-4: LGTM!

Import path updated to reflect the new component directory structure.

76-76: Good accessibility improvement.

The skip-link targeting #main-content satisfies WCAG 2.4.1 (Bypass Blocks). Verified that id="main-content" exists on the <main> element in index.astro.

clients/web/apps/marketing/.env.example (1)

5-8: LGTM!

Clear documentation for the new DOCS_URL environment variable with appropriate dev/prod guidance.

clients/web/apps/marketing/astro.config.mjs (2)

11-23: LGTM!

The resolvePublicUrl helper provides safe URL validation with graceful fallback. The new URL() constructor properly rejects malformed inputs.

25-28: LGTM!

Mode-aware fallback ensures predictable behavior: production uses the canonical domain, development uses localhost. Safe default with "production" when NODE_ENV is unset.

clients/web/apps/marketing/src/pages/index.astro (1)

68-98: LGTM on install methods data.

The curl | bash pattern is standard for CLI installers. URLs are derived from validated environment variables. External links use rel="noopener noreferrer" appropriately.

clients/web/apps/marketing/src/styles/global.css (2)

65-81: Good skip-link implementation.

Using transform: translateY(-140%) to hide and revealing on :focus is the recommended accessible pattern. Avoids display: none which would remove it from the accessibility tree.

841-852: Solid reduced-motion handling.

The prefers-reduced-motion: reduce query properly disables all animations and transitions for users who need it. Using !important is appropriate here to ensure it overrides component-level styles.

clients/agent-runtime/src/identity.rs (2)

215-251: Clean modularization of prompt generation.

The refactor from inline string building to section-based helpers improves maintainability and testability. The delegation pattern is consistent across all sections.

253-315: Well-structured section builders.

The helper functions follow consistent patterns with proper Option handling via as_deref(). The OCEAN traits iteration using a fixed array ensures deterministic ordering (unlike the HashMap cases).

clients/agent-runtime/src/agent/agent.rs (6)

491-491: LGTM!

Inline computation is acceptable here; the allocation cost is negligible compared to the network round-trip.

504-525: LGTM - Secure gated execution flow.

The mission policy check correctly fails-closed when any tool requires approval, maintaining deny-by-default behavior. The control flow properly separates text finalization from tool execution paths.

528-558: LGTM!

Clean separation of text finalization logic. The clone is necessary since the value is both stored in history and returned. Memory storage uses truncation appropriately.

560-578: LGTM!

Efficient ownership transfer - values are moved rather than cloned. Early return pattern is clean.

628-632: LGTM!

Key generation correctly handles both cases. Clone is necessary since we borrow the call.

634-642: LGTM!

Clean helper that preserves the approval reason for upstream handling. The structured_denial_text call provides consistent user-facing messaging.

clients/agent-runtime/src/skills/mod.rs (3)

456-462: Clean modularization of command handlers.

The delegation to dedicated handler functions improves readability and testability. LGTM.

464-514: List command refactor looks good.

Read-only operation with clean separation of concerns. Output formatting is appropriate for CLI use.

571-597: Windows fallback chain is well-designed.

The graceful degradation from symlink → junction → copy handles varying Windows permission scenarios correctly. Command arguments are properly separated to avoid injection.

gradle/configs/git/hooks/commit-msg.sh (1)

46-55: Good stderr routing for validation failures.

Redirecting the full guidance block to stderr keeps stdout clean for callers without changing the hook’s exit behavior.

clients/agent-runtime/Cargo.toml (1)

7-7: Confirm the 0.4.0 runtime release passed the required cargo gates.

Line 7 cuts a new crate release alongside substantial runtime refactors, but I do not see confirmation that cargo fmt --all -- --check, cargo clippy --all-targets -- -D warnings, and cargo test were run, or which of them were intentionally skipped. Please attach that before publishing. Based on learnings: Run cargo fmt --all -- --check, cargo clippy --all-targets -- -D warnings, and cargo test for code validation, or document which checks were skipped and why.

clients/agent-runtime/npm/corvus-cli/scripts/postinstall.js (1)

5-13: No review comment was provided for verification. Please provide the review comment within <review_comment> tags so I can verify the concerns and generate the rewritten comment.

Comment thread clients/agent-runtime/npm/corvus-cli/package.json
Comment thread clients/agent-runtime/npm/corvus/package.json
Comment thread clients/agent-runtime/src/agent/agent.rs
Comment thread clients/agent-runtime/src/channels/dingtalk.rs
Comment thread clients/agent-runtime/src/channels/dingtalk.rs
Comment thread gradle/configs/git/hooks/commit-msg.sh Outdated
Comment thread openspec/changes/code-agent-specialist/exploration.md Outdated
Comment thread openspec/changes/code-agent-specialist/specs/code-specialist/spec.md
Comment thread openspec/changes/code-agent-specialist/tasks.md
Comment thread openspec/changes/code-agent-specialist/tasks.md Outdated
@sentry
Copy link
Copy Markdown

sentry Bot commented Mar 9, 2026

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

@cloudflare-workers-and-pages
Copy link
Copy Markdown

cloudflare-workers-and-pages Bot commented Mar 9, 2026
edited
Loading

Deploying corvus with  Cloudflare Pages  Cloudflare Pages

Latest commit: 41430b9
Status: ✅  Deploy successful!
Preview URL: https://a5ead2aa.corvus-42x.pages.dev
Branch Preview URL: https://cqa.corvus-42x.pages.dev

View logs

@coderabbitai coderabbitai Bot added area:ci and removed area:rust labels Mar 9, 2026
coderabbitai[bot]
coderabbitai Bot reviewed Mar 9, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 7

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)
clients/web/apps/marketing/astro.config.mjs (1)

1-52: 🧹 Nitpick | 🔵 Trivial

Unused @astrojs/partytown dependency remains in package.json.

Partytown integration was removed from this config, but clients/web/apps/marketing/package.json (lines 17-22 per context snippet 3) still lists @astrojs/partytown as a dependency. Remove it to avoid shipping unused code.

# In clients/web/apps/marketing/package.json
 "dependencies": {
-    "@astrojs/partytown": "catalog:",
     "@corvus/shared": "workspace:*",
     "astro": "catalog:",
     "sharp": "catalog:"
   },
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@clients/web/apps/marketing/astro.config.mjs` around lines 1 - 52, Remove the
unused dependency "@astrojs/partytown" from the project's package.json
dependencies list and update the lockfile by running your package manager's
install (e.g., npm/yarn/pnpm install) so the dependency is actually removed from
node_modules; verify no import references remain to "@astrojs/partytown" (search
for that identifier) and commit the modified package.json and updated lockfile.
♻️ Duplicate comments (2)
clients/agent-runtime/src/channels/signal.rs (1)

365-370: ⚠️ Potential issue | 🟠 Major

Treat downstream channel closure as shutdown, not a reconnectable SSE error.

Line 369 maps tx.send failure to Err(()), but listen() uses that same error to re-enter the reconnect loop. If the receiver is closed, this task will reconnect forever even though delivery can never succeed, and the event is already dropped because current_data was cleared on Line 363. Return a distinct shutdown error here and let listen() exit cleanly on that path.

As per coding guidelines, clients/agent-runtime/src/channels/**/*.rs: Implement Channel trait in src/channels/ with consistent send, listen, and health_check semantics and cover auth/allowlist/health behavior with tests.

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@clients/agent-runtime/src/channels/signal.rs` around lines 365 - 370, The
tx.send failure in process_envelope is currently mapped to Err(()) which
listen() treats as a reconnectable SSE error; instead detect downstream channel
closure from tx.send and return a distinct shutdown error (e.g.,
ChannelError::DownstreamClosed or SseError::Shutdown) from process_envelope (or
the enclosing match) so listen() can treat that variant as terminal and exit
rather than retry; update listen() to match that new error variant and
break/return cleanly, and keep the existing clearing of current_data (line ~363)
as-is since the event has already been dropped.
clients/agent-runtime/src/onboard/wizard.rs (1)

3675-3702: ⚠️ Potential issue | 🟠 Major

Don’t echo or trim IRC passwords.

These values are still collected through Input, so they are echoed into terminal scrollback, and trimmed_optional() later strips leading/trailing whitespace from the secret. That leaks credentials and can break auth for valid passwords containing spaces. Use Password::new().allow_empty_password(true) here and carry these fields as Option<String> so only the empty string maps to None.

🔐 Proposed fix 
 struct IrcAuthInputs {
-    server_password: String,
-    nickserv_password: String,
-    sasl_password: String,
+    server_password: Option<String>,
+    nickserv_password: Option<String>,
+    sasl_password: Option<String>,
     verify_tls: bool,
 }
 
+fn prompt_optional_secret(prompt: &str) -> Option<Option<String>> {
+    Password::new()
+        .with_prompt(prompt)
+        .allow_empty_password(true)
+        .interact()
+        .ok()
+        .map(|value| if value.is_empty() { None } else { Some(value) })
+}
+
 fn prompt_irc_auth_inputs() -> Option<IrcAuthInputs> {
-    let server_password = prompt_text(
+    let server_password = prompt_optional_secret(
         "  Server password (for bouncers like ZNC, leave empty if none)",
-        None,
-        true,
     )?;
-    let nickserv_password = prompt_text("  NickServ password (leave empty if none)", None, true)?;
-    let sasl_password = prompt_text("  SASL PLAIN password (leave empty if none)", None, true)?;
+    let nickserv_password =
+        prompt_optional_secret("  NickServ password (leave empty if none)")?;
+    let sasl_password =
+        prompt_optional_secret("  SASL PLAIN password (leave empty if none)")?;
     let verify_tls = Confirm::new()
         .with_prompt("  Verify TLS certificate?")
         .default(true)
         .interact()
@@
-        server_password: trimmed_optional(&auth.server_password),
-        nickserv_password: trimmed_optional(&auth.nickserv_password),
-        sasl_password: trimmed_optional(&auth.sasl_password),
+        server_password: auth.server_password,
+        nickserv_password: auth.nickserv_password,
+        sasl_password: auth.sasl_password,
         verify_tls: Some(auth.verify_tls),

As per coding guidelines, "Security first, performance second. Validate input boundaries, auth/authz implications, and secret management."

Also applies to: 3915-3917

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@clients/agent-runtime/src/onboard/wizard.rs` around lines 3675 - 3702, The
IRC auth prompts currently use echoing Input and store secrets as String; update
IrcAuthInputs and prompt_irc_auth_inputs to treat server_password,
nickserv_password, and sasl_password as Option<String> and collect them with
Password::new().allow_empty_password(true) (so they are not echoed into terminal
scrollback), do NOT trim or alter the entered value, and map empty passwords to
None when constructing IrcAuthInputs; keep verify_tls as-is. Also locate and fix
the other similar prompt calls (the duplicate prompts referenced in the comment)
to use Password::new().allow_empty_password(true) and Option<String> the same
way.
🤖 Prompt for all review comments with AI agents 
Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@clients/agent-runtime/npm/corvus-cli/scripts/postinstall.mjs`:
- Around line 11-14: The postinstall catch currently swallows permanent failures
from ensureBinary(); update the catch in postinstall.mjs to detect
unsupported-platform failures (either by checking error instanceof
UnsupportedPlatformError if that class is exported by lib/install.js or by
checking error.message startsWith/contains "Unsupported platform") and, for
those cases, log the error and exit non-zero (process.exit(1)) so install fails
fast; for other errors preserve the existing fallback log ("Postinstall
skipped... Binary will be downloaded on first run."). Ensure you reference the
ensureBinary() call and the catch block around it when making the change.

In `@clients/agent-runtime/src/agent/agent.rs`:
- Around line 510-519: The code records tool responses and then calls
execute_gated_tool_calls, which already executed DispatchAction::Execute
variants; instead perform the gated-check first and bail on any
DispatchAction::ApprovalRequired to prevent partial execution and history
mutations. Move or add a preflight call to
execute_gated_tool_calls(&calls).await (or otherwise compute gated_results)
before calling record_tool_response and before any execution, then if
self.mission_execution_context && gated_results.iter().any(|r|
matches!(r.action, DispatchAction::ApprovalRequired(_))) return
Err(anyhow::anyhow!("mission_policy_denied: delegated tool action denied")) so
the whole batch is denied atomically (update locations referencing
record_tool_response, execute_gated_tool_calls, self.mission_execution_context,
and DispatchAction::ApprovalRequired).
- Around line 503-510: The code currently calls
self.tool_dispatcher.parse_response(&response) to get (text, calls) but still
passes response.tool_calls into record_tool_response, so when using
XmlToolDispatcher the parsed calls are dropped and AssistantToolCalls aren't
recorded (only ToolResults), breaking the pairing; change usages of
record_tool_response (both the branch after parse_response and the later similar
block) to pass the parsed calls variable (calls) instead of response.tool_calls
so record_tool_response records AssistantToolCalls whenever parsed calls is
non-empty; specifically update the calls passed to record_tool_response in the
code paths that use parse_response() (and ensure record_tool_response signature
accepts the parsed calls if needed).

In `@clients/agent-runtime/src/channels/dingtalk.rs`:
- Around line 210-217: The ACK is being sent before the inbound message is
forwarded, risking message loss if tx.send(channel_msg) fails; modify the logic
in the handler that calls Self::extract_message_id and Self::build_ack_response
so that you first attempt tx.send(channel_msg).await and only if it succeeds
send the ACK via write.send(Message::Text(ack)).await; if tx.send returns an
error, log/warn and do not send the ACK (or handle retry), keeping references to
extract_message_id, build_ack_response, tx.send(channel_msg), write.send, and
channel_msg to locate and update the code path.

In `@clients/web/apps/docs/src/content/docs/en/guides/surrealdb.md`:
- Around line 121-123: Replace the generic SurrealDB landing link in the
Markdown snippet that reads "📖 **More Info**: See [Graph Database in
SurrealDB](https://surrealdb.com/docs/surrealdb)" with a graph-specific docs URL
(e.g., the Graph Relations or RELATE pages) so the anchor and label match the
destination; update the link target to something like the graph-relations page
(or RELATE reference) and ensure the link text remains "Graph Database in
SurrealDB" or is adjusted to "Graph relations in SurrealDB" to accurately
reflect the new target.

In `@clients/web/apps/docs/src/content/docs/es/guides/surrealdb.md`:
- Around line 121-123: Replace the generic SurrealDB docs link used in the "📖
**Más información**: Ver [Graph Database en
SurrealDB](https://surrealdb.com/docs/surrealdb)" snippet with a more specific
graph-related page; locate the string "Graph Database en SurrealDB" or the
existing URL "https://surrealdb.com/docs/surrealdb" in the
docs/guides/surrealdb.md content and update it to point to SurrealDB's graph
relations/RELATE reference pages (for example the
"reference-guide/graph-relations" and/or the "reference-guide/relate" pages) so
the link accurately matches "para ejemplos avanzados".

In `@clients/web/apps/marketing/src/styles/global.css`:
- Around line 714-715: The hover lift on .terminal-card is being overridden by
the terminal-float animation because both animate transform; update the
animation keyframes (terminal-float) to use the CSS translate property (e.g.,
translate/Y values) instead of setting transform, so the .terminal-card:hover
(and grouped hover selectors that set transform: translateY(-2px)) can coexist;
locate the `@keyframes` terminal-float and replace transform declarations with
translate(...) values while leaving the .terminal-card animation declaration and
the hover selectors (e.g., .terminal-card:hover and any .group:hover
.terminal-card rules) unchanged.

---

Outside diff comments:
In `@clients/web/apps/marketing/astro.config.mjs`:
- Around line 1-52: Remove the unused dependency "@astrojs/partytown" from the
project's package.json dependencies list and update the lockfile by running your
package manager's install (e.g., npm/yarn/pnpm install) so the dependency is
actually removed from node_modules; verify no import references remain to
"@astrojs/partytown" (search for that identifier) and commit the modified
package.json and updated lockfile.

---

Duplicate comments:
In `@clients/agent-runtime/src/channels/signal.rs`:
- Around line 365-370: The tx.send failure in process_envelope is currently
mapped to Err(()) which listen() treats as a reconnectable SSE error; instead
detect downstream channel closure from tx.send and return a distinct shutdown
error (e.g., ChannelError::DownstreamClosed or SseError::Shutdown) from
process_envelope (or the enclosing match) so listen() can treat that variant as
terminal and exit rather than retry; update listen() to match that new error
variant and break/return cleanly, and keep the existing clearing of current_data
(line ~363) as-is since the event has already been dropped.

In `@clients/agent-runtime/src/onboard/wizard.rs`:
- Around line 3675-3702: The IRC auth prompts currently use echoing Input and
store secrets as String; update IrcAuthInputs and prompt_irc_auth_inputs to
treat server_password, nickserv_password, and sasl_password as Option<String>
and collect them with Password::new().allow_empty_password(true) (so they are
not echoed into terminal scrollback), do NOT trim or alter the entered value,
and map empty passwords to None when constructing IrcAuthInputs; keep verify_tls
as-is. Also locate and fix the other similar prompt calls (the duplicate prompts
referenced in the comment) to use Password::new().allow_empty_password(true) and
Option<String> the same way.
ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: eddc5ecb-24b1-4099-b735-db1c98959265

📥 Commits

Reviewing files that changed from the base of the PR and between 2aad004 and 6adf1d6.

📒 Files selected for processing (19)
  • .github/workflows/sonarqube-analysis.yml
  • README.md
  • clients/agent-runtime/npm/corvus-cli/package.json
  • clients/agent-runtime/npm/corvus-cli/scripts/postinstall.js
  • clients/agent-runtime/npm/corvus-cli/scripts/postinstall.mjs
  • clients/agent-runtime/npm/corvus/package.json
  • clients/agent-runtime/src/agent/agent.rs
  • clients/agent-runtime/src/channels/dingtalk.rs
  • clients/agent-runtime/src/channels/signal.rs
  • clients/agent-runtime/src/onboard/wizard.rs
  • clients/web/apps/docs/README.md
  • clients/web/apps/docs/src/content/docs/en/guides/surrealdb.md
  • clients/web/apps/docs/src/content/docs/en/intro/introduction.mdx
  • clients/web/apps/docs/src/content/docs/es/guides/surrealdb.md
  • clients/web/apps/docs/src/content/docs/es/intro/introduction.mdx
  • clients/web/apps/marketing/astro.config.mjs
  • clients/web/apps/marketing/src/pages/index.astro
  • clients/web/apps/marketing/src/styles/global.css
  • dev/os/README.md
💤 Files with no reviewable changes (1)
  • clients/agent-runtime/npm/corvus-cli/scripts/postinstall.js
📜 Review details
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (5)
  • GitHub Check: sonar
  • GitHub Check: pr-checks
  • GitHub Check: pr-checks-build-logic
  • GitHub Check: pr-checks
  • GitHub Check: Cloudflare Pages
🧰 Additional context used
📓 Path-based instructions (6)
**/*.{md,mdx}

⚙️ CodeRabbit configuration file

**/*.{md,mdx}: Verify technical accuracy and that docs stay aligned with code changes.
For user-facing docs, check EN/ES parity or explicitly note pending translation gaps.

Files:

  • dev/os/README.md
  • clients/web/apps/docs/src/content/docs/en/guides/surrealdb.md
  • clients/web/apps/docs/src/content/docs/en/intro/introduction.mdx
  • README.md
  • clients/web/apps/docs/README.md
  • clients/web/apps/docs/src/content/docs/es/guides/surrealdb.md
  • clients/web/apps/docs/src/content/docs/es/intro/introduction.mdx
**/*

⚙️ CodeRabbit configuration file

**/*: Security first, performance second.
Validate input boundaries, auth/authz implications, and secret management.
Look for behavioral regressions, missing tests, and contract breaks across modules.

Files:

  • dev/os/README.md
  • clients/agent-runtime/src/channels/dingtalk.rs
  • clients/agent-runtime/npm/corvus/package.json
  • clients/web/apps/docs/src/content/docs/en/guides/surrealdb.md
  • clients/web/apps/docs/src/content/docs/en/intro/introduction.mdx
  • README.md
  • clients/web/apps/marketing/astro.config.mjs
  • clients/web/apps/marketing/src/pages/index.astro
  • clients/web/apps/docs/README.md
  • clients/web/apps/docs/src/content/docs/es/guides/surrealdb.md
  • clients/web/apps/docs/src/content/docs/es/intro/introduction.mdx
  • clients/agent-runtime/npm/corvus-cli/scripts/postinstall.mjs
  • clients/agent-runtime/src/agent/agent.rs
  • clients/agent-runtime/src/channels/signal.rs
  • clients/agent-runtime/src/onboard/wizard.rs
  • clients/agent-runtime/npm/corvus-cli/package.json
  • clients/web/apps/marketing/src/styles/global.css
clients/agent-runtime/src/channels/**/*.rs

📄 CodeRabbit inference engine (clients/agent-runtime/AGENTS.md)

Implement Channel trait in src/channels/ with consistent send, listen, and health_check semantics and cover auth/allowlist/health behavior with tests

Files:

  • clients/agent-runtime/src/channels/dingtalk.rs
  • clients/agent-runtime/src/channels/signal.rs
clients/agent-runtime/src/**/*.rs

📄 CodeRabbit inference engine (clients/agent-runtime/AGENTS.md)

clients/agent-runtime/src/**/*.rs: Never log secrets, tokens, raw credentials, or sensitive payloads in any logging statements
Avoid unnecessary allocations, clones, and blocking operations to maintain performance and efficiency

Files:

  • clients/agent-runtime/src/channels/dingtalk.rs
  • clients/agent-runtime/src/agent/agent.rs
  • clients/agent-runtime/src/channels/signal.rs
  • clients/agent-runtime/src/onboard/wizard.rs
clients/agent-runtime/**/*.rs

📄 CodeRabbit inference engine (clients/agent-runtime/AGENTS.md)

Run cargo fmt --all -- --check, cargo clippy --all-targets -- -D warnings, and cargo test for code validation, or document which checks were skipped and why

Files:

  • clients/agent-runtime/src/channels/dingtalk.rs
  • clients/agent-runtime/src/agent/agent.rs
  • clients/agent-runtime/src/channels/signal.rs
  • clients/agent-runtime/src/onboard/wizard.rs
**/*.rs

⚙️ CodeRabbit configuration file

**/*.rs: Focus on Rust idioms, memory safety, and ownership/borrowing correctness.
Flag unnecessary clones, unchecked panics in production paths, and weak error context.
Prioritize unsafe blocks, FFI boundaries, concurrency races, and secret handling.

Files:

  • clients/agent-runtime/src/channels/dingtalk.rs
  • clients/agent-runtime/src/agent/agent.rs
  • clients/agent-runtime/src/channels/signal.rs
  • clients/agent-runtime/src/onboard/wizard.rs
🧠 Learnings (14)
📓 Common learnings 
Learnt from: CR
Repo: dallay/corvus PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-02-17T07:28:38.934Z
Learning: Applies to .agents/AGENTS.md : Include version information and compatibility details for agents

Learnt from: CR
Repo: dallay/corvus PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-02-17T07:28:38.934Z
Learning: Applies to .agents/AGENTS.md : Document agent configurations and capabilities in AGENTS.md
📚 Learning: 2026-02-17T12:31:17.076Z 
Learnt from: CR
Repo: dallay/corvus PR: 0
File: clients/agent-runtime/AGENTS.md:0-0
Timestamp: 2026-02-17T12:31:17.076Z
Learning: Applies to clients/agent-runtime/src/channels/**/*.rs : Implement `Channel` trait in `src/channels/` with consistent `send`, `listen`, and `health_check` semantics and cover auth/allowlist/health behavior with tests

Applied to files:

  • clients/agent-runtime/src/channels/dingtalk.rs
  • clients/agent-runtime/src/channels/signal.rs
  • clients/agent-runtime/src/onboard/wizard.rs
📚 Learning: 2026-02-17T07:28:38.934Z 
Learnt from: CR
Repo: dallay/corvus PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-02-17T07:28:38.934Z
Learning: Applies to .agents/AGENTS.md : Document agent configurations and capabilities in AGENTS.md

Applied to files:

  • clients/web/apps/docs/src/content/docs/en/intro/introduction.mdx
  • clients/web/apps/docs/src/content/docs/es/intro/introduction.mdx
📚 Learning: 2026-02-17T07:28:38.934Z 
Learnt from: CR
Repo: dallay/corvus PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-02-17T07:28:38.934Z
Learning: Applies to .agents/AGENTS.md : Include version information and compatibility details for agents

Applied to files:

  • clients/web/apps/docs/src/content/docs/en/intro/introduction.mdx
📚 Learning: 2026-02-17T07:28:38.934Z 
Learnt from: CR
Repo: dallay/corvus PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-02-17T07:28:38.934Z
Learning: Applies to .agents/AGENTS.md : Maintain comprehensive agent metadata including name, description, purpose, and capabilities

Applied to files:

  • clients/web/apps/docs/src/content/docs/en/intro/introduction.mdx
📚 Learning: 2026-02-17T12:31:17.076Z 
Learnt from: CR
Repo: dallay/corvus PR: 0
File: clients/agent-runtime/AGENTS.md:0-0
Timestamp: 2026-02-17T12:31:17.076Z
Learning: Applies to clients/agent-runtime/src/main.rs : Preserve CLI contract unless change is intentional and documented; prefer explicit errors over silent fallback for unsupported critical paths

Applied to files:

  • clients/agent-runtime/src/agent/agent.rs
  • clients/agent-runtime/src/channels/signal.rs
  • clients/agent-runtime/src/onboard/wizard.rs
📚 Learning: 2026-02-17T12:31:17.076Z 
Learnt from: CR
Repo: dallay/corvus PR: 0
File: clients/agent-runtime/AGENTS.md:0-0
Timestamp: 2026-02-17T12:31:17.076Z
Learning: Applies to clients/agent-runtime/src/main.rs : Keep startup path lean and avoid heavy initialization in command parsing flow

Applied to files:

  • clients/agent-runtime/src/agent/agent.rs
  • clients/agent-runtime/src/channels/signal.rs
  • clients/agent-runtime/src/onboard/wizard.rs
📚 Learning: 2026-02-17T12:31:17.076Z 
Learnt from: CR
Repo: dallay/corvus PR: 0
File: clients/agent-runtime/AGENTS.md:0-0
Timestamp: 2026-02-17T12:31:17.076Z
Learning: Applies to clients/agent-runtime/src/tools/**/*.rs : Implement `Tool` trait in `src/tools/` with strict parameter schema, validate and sanitize all inputs, and return structured `ToolResult` without panics in runtime path

Applied to files:

  • clients/agent-runtime/src/agent/agent.rs
  • clients/agent-runtime/src/onboard/wizard.rs
📚 Learning: 2026-02-17T12:31:17.076Z 
Learnt from: CR
Repo: dallay/corvus PR: 0
File: clients/agent-runtime/AGENTS.md:0-0
Timestamp: 2026-02-17T12:31:17.076Z
Learning: Applies to clients/agent-runtime/src/{security,gateway,tools,config}/**/*.rs : Do not silently weaken security policy or access constraints; keep default behavior secure-by-default with deny-by-default where applicable

Applied to files:

  • clients/agent-runtime/src/agent/agent.rs
  • clients/agent-runtime/src/channels/signal.rs
  • clients/agent-runtime/src/onboard/wizard.rs
📚 Learning: 2026-02-17T12:31:17.076Z 
Learnt from: CR
Repo: dallay/corvus PR: 0
File: clients/agent-runtime/AGENTS.md:0-0
Timestamp: 2026-02-17T12:31:17.076Z
Learning: Applies to clients/agent-runtime/src/**/*.rs : Avoid unnecessary allocations, clones, and blocking operations to maintain performance and efficiency

Applied to files:

  • clients/agent-runtime/src/agent/agent.rs
  • clients/agent-runtime/src/channels/signal.rs
📚 Learning: 2026-02-17T12:31:17.076Z 
Learnt from: CR
Repo: dallay/corvus PR: 0
File: clients/agent-runtime/AGENTS.md:0-0
Timestamp: 2026-02-17T12:31:17.076Z
Learning: Applies to clients/agent-runtime/**/*.rs : Run `cargo fmt --all -- --check`, `cargo clippy --all-targets -- -D warnings`, and `cargo test` for code validation, or document which checks were skipped and why

Applied to files:

  • clients/agent-runtime/src/agent/agent.rs
  • clients/agent-runtime/src/channels/signal.rs
  • clients/agent-runtime/src/onboard/wizard.rs
📚 Learning: 2026-02-17T12:31:17.076Z 
Learnt from: CR
Repo: dallay/corvus PR: 0
File: clients/agent-runtime/AGENTS.md:0-0
Timestamp: 2026-02-17T12:31:17.076Z
Learning: Applies to clients/agent-runtime/src/{security,gateway,tools}/**/*.rs : Treat `src/security/`, `src/gateway/`, `src/tools/` as high-risk surfaces and never broaden filesystem/network execution scope without explicit policy checks

Applied to files:

  • clients/agent-runtime/src/agent/agent.rs
  • clients/agent-runtime/src/channels/signal.rs
  • clients/agent-runtime/src/onboard/wizard.rs
📚 Learning: 2026-02-17T12:31:17.076Z 
Learnt from: CR
Repo: dallay/corvus PR: 0
File: clients/agent-runtime/AGENTS.md:0-0
Timestamp: 2026-02-17T12:31:17.076Z
Learning: Include threat/risk notes and rollback strategy for security, runtime, and gateway changes; add or update tests for boundary checks and failure modes

Applied to files:

  • clients/agent-runtime/src/onboard/wizard.rs
📚 Learning: 2026-02-17T12:31:17.076Z 
Learnt from: CR
Repo: dallay/corvus PR: 0
File: clients/agent-runtime/AGENTS.md:0-0
Timestamp: 2026-02-17T12:31:17.076Z
Learning: Applies to clients/agent-runtime/src/**/*.rs : Never log secrets, tokens, raw credentials, or sensitive payloads in any logging statements

Applied to files:

  • clients/agent-runtime/src/onboard/wizard.rs
🪛 LanguageTool
clients/web/apps/docs/src/content/docs/es/intro/introduction.mdx

[grammar] ~55-~55: Oración con errores
Context: ... la interfaz de línea de comandos. - Arquitectura: Comprende ...

(QB_NEW_ES_OTHER_ERROR_IDS_REPLACEMENT_MULTITOKEN)

🪛 markdownlint-cli2 (0.21.0)
clients/web/apps/docs/README.md

[warning] 1-1: First line in a file should be a top-level heading

(MD041, first-line-heading, first-line-h1)

🪛 Stylelint (17.4.0)
clients/web/apps/marketing/src/styles/global.css

[error] 338-338: Unexpected deprecated keyword "break-word" for property "word-break" (declaration-property-value-keyword-no-deprecated)

(declaration-property-value-keyword-no-deprecated)

🔇 Additional comments (22)
clients/agent-runtime/npm/corvus/package.json (1)

3-3: LGTM! Version alignment is now correct.

The package version and all platform binary pins in optionalDependencies are now consistently at 0.4.0. This resolves the previously flagged version mismatch that would have caused npm install to pull stale 0.3.0 binaries.

Also applies to: 18-25

clients/web/apps/docs/src/content/docs/es/intro/introduction.mdx (1)

24-26: LGTM — EN/ES parity maintained.

Tech stack link updates mirror the English version correctly. Same URL verification applies (see comment on EN file). The grammar warning on line 55 is a false positive—"Comprende" is valid imperative Spanish.

clients/web/apps/docs/src/content/docs/en/intro/introduction.mdx (1)

24-26: > Likely an incorrect or invalid review comment.

clients/web/apps/marketing/astro.config.mjs (1)

11-23: Clean URL resolution helper.

Implementation correctly validates input type, trims whitespace, and catches malformed URLs. The try/catch ensures invalid URLs fall back gracefully rather than crashing at build time.

Note: This function is duplicated in index.astro with a slight behavioral difference (trailing slash removal). Consider extracting to @corvus/shared for consistency—though that's flagged in a prior review.

clients/web/apps/marketing/src/pages/index.astro (7)

14-27: Duplication already flagged—skipping.

The resolvePublicUrl duplication with astro.config.mjs was noted in a prior review. This version strips trailing slashes (line 23), the config version doesn't. Extract to shared when addressing that feedback.

497-508: Clipboard secure context issue already flagged—skipping.

The lack of a descriptive message when clipboard fails on HTTP was covered in a prior review.

426-459: Defensive analytics implementation.

Good practices here:

  • localStorage access wrapped in try/catch
  • Capped at 100 entries to prevent unbounded growth
  • No PII logged (only path, device, interaction labels)
  • Graceful degradation on storage failures

29-39: URL construction is safe.

Base URLs are validated through resolvePublicUrl before concatenation. External links correctly include rel="noopener noreferrer" throughout the template. No user-controlled input flows into URL construction.

68-99: Static install commands are safely rendered.

Commands are hardcoded strings displayed in <code> blocks. Astro's default escaping prevents XSS. No user input involved.

484-515: Copy-to-clipboard implementation works correctly.

The handler properly:

  • Guards against non-button elements
  • Captures original label before mutation
  • Restores state after timeout
  • Emits analytics on success

Minor: Rapid clicks could cause label flickering, but it's cosmetic and self-recovers.

203-231: External links properly secured.

All external links (docsBaseUrl, githubUrl) include rel="noopener noreferrer". Internal anchor links (#install, #why, etc.) are correctly handled without the attribute.

README.md (2)

21-21: Codecov badge URL verified as functional.

The updated Codecov badge pointing to app.codecov.io is accessible and renders correctly. Both the badge URL and image source return HTTP 200.

90-92: All tech stack documentation URLs are accessible and correct.

Verified all five URLs in README.md lines 90-92:

All links are operational and point to the correct authoritative resources.

dev/os/README.md (1)

208-208: URL is valid and accessible.

The updated Docker documentation link is confirmed functional and points to the correct resource.

clients/web/apps/docs/README.md (1)

1-1: The Astro URL change is valid—both astro.build and the docs subdomain are accessible. No technical accuracy or behavioral concerns.

clients/agent-runtime/src/channels/dingtalk.rs (6)

31-35: LGTM!

Clean enum abstraction for WebSocket frame classification. The variants map directly to the control flow needs in the listen loop.

177-189: LGTM!

Frame decoding logic correctly maps WebSocket messages to control flow variants. Error logging is safe (no secrets exposed).

203-204: SYSTEM frame routing still needs topic-based branching.

This was flagged in a previous review. The code routes all SYSTEM frames to handle_system_frame which always sends a response. Per DingTalk Stream Mode protocol:

  • ping topic: must echo the opaque value in the response data field
  • disconnect topic: must not send any response

Current build_pong_response hardcodes "data": "" and cannot echo the opaque.

304-318: LGTM!

Clean integration of the new frame decoding and handling abstractions. The control flow is clear and correctly propagates break/continue signals.

336-391: Good test infrastructure.

TestSink provides a clean mock for verifying WebSocket send behavior, and event_frame() reduces boilerplate. The fail_on_send flag enables failure testing without complexity.

475-560: Solid test coverage for the new frame handling.

Tests cover the key branches:

  • decode_socket_frame: text, close, error, and non-text frames
  • handle_stream_frame: system ping response, event forwarding with ACK, empty payload filtering, and channel-closed behavior

This addresses the previously flagged gap in test coverage.

clients/agent-runtime/src/onboard/wizard.rs (1)

3650-3673: Nice extraction of the IRC parsing helpers.

This isolates the CSV / wildcard / blank-to-None behavior into small units, and the new tests pin that contract down.

Also applies to: 6180-6207

Comment thread clients/agent-runtime/npm/corvus-cli/scripts/postinstall.mjs
Comment thread clients/agent-runtime/src/agent/agent.rs Outdated
Comment thread clients/agent-runtime/src/agent/agent.rs Outdated
Comment thread clients/agent-runtime/src/channels/dingtalk.rs Outdated
Comment thread clients/web/apps/docs/src/content/docs/en/guides/surrealdb.md Outdated
Comment thread clients/web/apps/docs/src/content/docs/es/guides/surrealdb.md Outdated
Comment thread clients/web/apps/marketing/src/styles/global.css
@coderabbitai coderabbitai Bot added area:rust and removed area:ci labels Mar 9, 2026
coderabbitai[bot]
coderabbitai Bot reviewed Mar 9, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

♻️ Duplicate comments (3)
clients/agent-runtime/src/channels/dingtalk.rs (2)

210-217: ⚠️ Potential issue | 🟠 Major

Don’t ACK before local handoff, and don’t swallow ACK write failures.

Line 212 ACKs the event before tx.send(channel_msg). If the receiver is already closed, this drops the message after the upstream has been told it was handled; and because let _ = ignores socket write errors, the loop keeps running after an unacknowledged event and can trigger duplicate delivery on retry. Send to tx first, then ACK, and return false if the ACK write fails so listen can reconnect cleanly. (opensource.dingtalk.com)

Suggested fix 
                 let Some(channel_msg) = self.handle_event_callback(frame).await else {
                     return true;
                 };

-                let message_id = Self::extract_message_id(frame);
-                let ack = Self::build_ack_response(message_id);
-                let _ = write.send(Message::Text(ack)).await;
-
                 if tx.send(channel_msg).await.is_err() {
                     tracing::warn!("DingTalk: message channel closed");
                     return false;
                 }

+                let message_id = Self::extract_message_id(frame);
+                let ack = Self::build_ack_response(message_id);
+                if let Err(e) = write.send(Message::Text(ack)).await {
+                    tracing::warn!("DingTalk: failed to send ACK: {:?}", e);
+                    return false;
+                }
+
                 true
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@clients/agent-runtime/src/channels/dingtalk.rs` around lines 210 - 217, The
code currently ACKs the DingTalk event before handing off to the local channel
and swallows socket write errors; change the order in the message handling
inside listen so you call tx.send(channel_msg).await first (check for Err and
return false with tracing::warn!("DingTalk: message channel closed") as
currently used), then compute message_id via Self::extract_message_id(frame) and
build the ACK with Self::build_ack_response(message_id), send the ACK via
write.send(Message::Text(ack)).await and do not ignore its Result—if the ACK
write fails return false so listen can reconnect cleanly; ensure you reference
tx.send, Self::extract_message_id, Self::build_ack_response, write.send and
Message::Text when making the change.

203-205: ⚠️ Potential issue | 🟠 Major

Route SYSTEM frames by headers.topic, not just type.

Line 204 sends every SYSTEM frame through handle_system_frame, which always replies with data: "". DingTalk Stream Mode requires topic: "ping" responses to echo the incoming opaque in data, while topic: "disconnect" must not be answered at all. Branch on headers.topic before replying, and update the tests to cover ping-with-opaque and disconnect-no-reply behavior. (opensource.dingtalk.com)

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@clients/agent-runtime/src/channels/dingtalk.rs` around lines 203 - 205, The
current match arm always routes "SYSTEM" frames to Self::handle_system_frame
which always replies with data:"", but per DingTalk stream protocol you must
inspect frame.headers.topic first: if headers.topic == "ping" send a reply
echoing the incoming opaque in data (preserve existing reply format but set data
= frame.opaque), if headers.topic == "disconnect" do not send any reply at all,
otherwise fall back to calling Self::handle_system_frame(write, frame). Update
the match on frame_type to branch on frame.headers.topic for "SYSTEM", modify
the logic around handle_system_frame to only be used for other system topics,
and add/adjust tests to assert ping responses include the opaque and that
disconnect frames produce no reply.
clients/agent-runtime/src/channels/signal.rs (1)

353-370: ⚠️ Potential issue | 🟠 Major

Stop reconnecting after downstream shutdown.

Line 369 still folds tx.send failure into the reconnectable Err(()) path. If the receiver side is closed, listen() breaks the inner loop and immediately starts reconnecting forever instead of stopping the Signal task cleanly. Return a distinct shutdown outcome from flush_sse_event/process_sse_chunk, propagate it through listen(), and add a closed-receiver regression test so the trailing-dispatch path follows the same rule.

As per coding guidelines, clients/agent-runtime/src/channels/**/*.rs: Implement Channel trait in src/channels/ with consistent send, listen, and health_check semantics and cover auth/allowlist/health behavior with tests.

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@clients/agent-runtime/src/channels/signal.rs` around lines 353 - 370, The
failure to send on tx in flush_sse_event is treated as a generic Err(()) which
triggers reconnect behavior; change flush_sse_event (and its caller
process_sse_chunk) to return a distinct shutdown variant (e.g., an enum like
FlushOutcome {Ok, ReconnectError, Shutdown}) so that tx.send failure (channel
closed) maps to Shutdown, not reconnect; update listen() to propagate and handle
Shutdown by breaking out and terminating the Signal task instead of retrying,
and add a regression test that closes the receiver to assert the Signal stops
rather than reconnecting. Ensure you update all call sites (process_envelope ->
process_sse_chunk -> flush_sse_event -> listen) to pattern-match the new outcome
and preserve existing reconnect semantics for parse/errors while treating
tx.send errors as shutdown.
🤖 Prompt for all review comments with AI agents 
Verify each finding against the current code and only fix it if needed.

Duplicate comments:
In `@clients/agent-runtime/src/channels/dingtalk.rs`:
- Around line 210-217: The code currently ACKs the DingTalk event before handing
off to the local channel and swallows socket write errors; change the order in
the message handling inside listen so you call tx.send(channel_msg).await first
(check for Err and return false with tracing::warn!("DingTalk: message channel
closed") as currently used), then compute message_id via
Self::extract_message_id(frame) and build the ACK with
Self::build_ack_response(message_id), send the ACK via
write.send(Message::Text(ack)).await and do not ignore its Result—if the ACK
write fails return false so listen can reconnect cleanly; ensure you reference
tx.send, Self::extract_message_id, Self::build_ack_response, write.send and
Message::Text when making the change.
- Around line 203-205: The current match arm always routes "SYSTEM" frames to
Self::handle_system_frame which always replies with data:"", but per DingTalk
stream protocol you must inspect frame.headers.topic first: if headers.topic ==
"ping" send a reply echoing the incoming opaque in data (preserve existing reply
format but set data = frame.opaque), if headers.topic == "disconnect" do not
send any reply at all, otherwise fall back to calling
Self::handle_system_frame(write, frame). Update the match on frame_type to
branch on frame.headers.topic for "SYSTEM", modify the logic around
handle_system_frame to only be used for other system topics, and add/adjust
tests to assert ping responses include the opaque and that disconnect frames
produce no reply.

In `@clients/agent-runtime/src/channels/signal.rs`:
- Around line 353-370: The failure to send on tx in flush_sse_event is treated
as a generic Err(()) which triggers reconnect behavior; change flush_sse_event
(and its caller process_sse_chunk) to return a distinct shutdown variant (e.g.,
an enum like FlushOutcome {Ok, ReconnectError, Shutdown}) so that tx.send
failure (channel closed) maps to Shutdown, not reconnect; update listen() to
propagate and handle Shutdown by breaking out and terminating the Signal task
instead of retrying, and add a regression test that closes the receiver to
assert the Signal stops rather than reconnecting. Ensure you update all call
sites (process_envelope -> process_sse_chunk -> flush_sse_event -> listen) to
pattern-match the new outcome and preserve existing reconnect semantics for
parse/errors while treating tx.send errors as shutdown.
ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 91cfa35b-ee27-439a-b752-09b5f0f0ad86

📥 Commits

Reviewing files that changed from the base of the PR and between 6adf1d6 and bec0c01.

📒 Files selected for processing (2)
  • clients/agent-runtime/src/channels/dingtalk.rs
  • clients/agent-runtime/src/channels/signal.rs
📜 Review details
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (5)
  • GitHub Check: pr-checks-build-logic
  • GitHub Check: pr-checks
  • GitHub Check: sonar
  • GitHub Check: pr-checks
  • GitHub Check: Cloudflare Pages
🧰 Additional context used
📓 Path-based instructions (5)
clients/agent-runtime/src/channels/**/*.rs

📄 CodeRabbit inference engine (clients/agent-runtime/AGENTS.md)

Implement Channel trait in src/channels/ with consistent send, listen, and health_check semantics and cover auth/allowlist/health behavior with tests

Files:

  • clients/agent-runtime/src/channels/signal.rs
  • clients/agent-runtime/src/channels/dingtalk.rs
clients/agent-runtime/src/**/*.rs

📄 CodeRabbit inference engine (clients/agent-runtime/AGENTS.md)

clients/agent-runtime/src/**/*.rs: Never log secrets, tokens, raw credentials, or sensitive payloads in any logging statements
Avoid unnecessary allocations, clones, and blocking operations to maintain performance and efficiency

Files:

  • clients/agent-runtime/src/channels/signal.rs
  • clients/agent-runtime/src/channels/dingtalk.rs
clients/agent-runtime/**/*.rs

📄 CodeRabbit inference engine (clients/agent-runtime/AGENTS.md)

Run cargo fmt --all -- --check, cargo clippy --all-targets -- -D warnings, and cargo test for code validation, or document which checks were skipped and why

Files:

  • clients/agent-runtime/src/channels/signal.rs
  • clients/agent-runtime/src/channels/dingtalk.rs
**/*.rs

⚙️ CodeRabbit configuration file

**/*.rs: Focus on Rust idioms, memory safety, and ownership/borrowing correctness.
Flag unnecessary clones, unchecked panics in production paths, and weak error context.
Prioritize unsafe blocks, FFI boundaries, concurrency races, and secret handling.

Files:

  • clients/agent-runtime/src/channels/signal.rs
  • clients/agent-runtime/src/channels/dingtalk.rs
**/*

⚙️ CodeRabbit configuration file

**/*: Security first, performance second.
Validate input boundaries, auth/authz implications, and secret management.
Look for behavioral regressions, missing tests, and contract breaks across modules.

Files:

  • clients/agent-runtime/src/channels/signal.rs
  • clients/agent-runtime/src/channels/dingtalk.rs
🧠 Learnings (7)
📓 Common learnings 
Learnt from: CR
Repo: dallay/corvus PR: 0
File: clients/agent-runtime/AGENTS.md:0-0
Timestamp: 2026-02-17T12:31:17.076Z
Learning: Applies to clients/agent-runtime/src/channels/**/*.rs : Implement `Channel` trait in `src/channels/` with consistent `send`, `listen`, and `health_check` semantics and cover auth/allowlist/health behavior with tests
📚 Learning: 2026-02-17T12:31:17.076Z 
Learnt from: CR
Repo: dallay/corvus PR: 0
File: clients/agent-runtime/AGENTS.md:0-0
Timestamp: 2026-02-17T12:31:17.076Z
Learning: Applies to clients/agent-runtime/src/channels/**/*.rs : Implement `Channel` trait in `src/channels/` with consistent `send`, `listen`, and `health_check` semantics and cover auth/allowlist/health behavior with tests

Applied to files:

  • clients/agent-runtime/src/channels/signal.rs
  • clients/agent-runtime/src/channels/dingtalk.rs
📚 Learning: 2026-02-17T12:31:17.076Z 
Learnt from: CR
Repo: dallay/corvus PR: 0
File: clients/agent-runtime/AGENTS.md:0-0
Timestamp: 2026-02-17T12:31:17.076Z
Learning: Applies to clients/agent-runtime/src/main.rs : Preserve CLI contract unless change is intentional and documented; prefer explicit errors over silent fallback for unsupported critical paths

Applied to files:

  • clients/agent-runtime/src/channels/signal.rs
📚 Learning: 2026-02-17T12:31:17.076Z 
Learnt from: CR
Repo: dallay/corvus PR: 0
File: clients/agent-runtime/AGENTS.md:0-0
Timestamp: 2026-02-17T12:31:17.076Z
Learning: Applies to clients/agent-runtime/**/*.rs : Run `cargo fmt --all -- --check`, `cargo clippy --all-targets -- -D warnings`, and `cargo test` for code validation, or document which checks were skipped and why

Applied to files:

  • clients/agent-runtime/src/channels/signal.rs
📚 Learning: 2026-02-17T12:31:17.076Z 
Learnt from: CR
Repo: dallay/corvus PR: 0
File: clients/agent-runtime/AGENTS.md:0-0
Timestamp: 2026-02-17T12:31:17.076Z
Learning: Applies to clients/agent-runtime/src/**/*.rs : Avoid unnecessary allocations, clones, and blocking operations to maintain performance and efficiency

Applied to files:

  • clients/agent-runtime/src/channels/signal.rs
📚 Learning: 2026-02-17T12:31:17.076Z 
Learnt from: CR
Repo: dallay/corvus PR: 0
File: clients/agent-runtime/AGENTS.md:0-0
Timestamp: 2026-02-17T12:31:17.076Z
Learning: Applies to clients/agent-runtime/src/{security,gateway,tools,config}/**/*.rs : Do not silently weaken security policy or access constraints; keep default behavior secure-by-default with deny-by-default where applicable

Applied to files:

  • clients/agent-runtime/src/channels/signal.rs
📚 Learning: 2026-02-17T12:31:17.076Z 
Learnt from: CR
Repo: dallay/corvus PR: 0
File: clients/agent-runtime/AGENTS.md:0-0
Timestamp: 2026-02-17T12:31:17.076Z
Learning: Applies to clients/agent-runtime/src/main.rs : Keep startup path lean and avoid heavy initialization in command parsing flow

Applied to files:

  • clients/agent-runtime/src/channels/signal.rs
🔇 Additional comments (1)
clients/agent-runtime/src/channels/signal.rs (1)

764-848: Good parser regression coverage.

These cases lock in comment handling, blank-line flush, invalid payload clearing, and empty-buffer no-op behavior.

@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented Mar 9, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
84.7% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@yacosta738 yacosta738 merged commit 54b12a1 into main Mar 9, 2026
22 checks passed
@yacosta738 yacosta738 deleted the cqa branch March 9, 2026 19:12
This was referenced Mar 22, 2026
Merged
Merged
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@yacosta738