fix(tooling): add local sonar review workflow

[yacosta738]

Related Issues

Fixes #433

---

Summary

• add a local make sonar workflow that validates prerequisites, generates Kotlin/Rust/dashboard coverage artifacts, and launches SonarScanner with the repository's SonarCloud configuration
• align dashboard coverage output with the lcov.info artifact Sonar expects and harden the dream-memory session-count test/coverage path for more stable local verification
• document the local monthly Sonar review flow and capture the implementation/design notes in OpenSpec

---

Tested Information

• make sonar (validated end-to-end through prerequisite checks, coverage generation, and SonarScanner analysis startup)
• bash ./scripts/sonar.sh --validate-only
• bash ./scripts/sonar.sh
• pnpm --dir clients/web/apps/dashboard test:coverage
• cargo test session_trigger_fires_after_five_sessions --manifest-path clients/agent-runtime/Cargo.toml -- --nocapture
• cargo llvm-cov --lcov --output-path ../../coverage/agent-runtime-coverage.lcov -- --test-threads=1 from clients/agent-runtime

---

Documentation Impact

• Docs updated in:
  • README.md
  • openspec/changes/2026-04-28-monthly-sonar-review-433/design.md
  • openspec/changes/2026-04-28-monthly-sonar-review-433/tasks.md
• No docs update required because:
• I verified the documentation matches the current behavior.

---

Breaking Changes

• None.

---

Checklist

• I have checked that there isn’t already a PR solving the same problem.
• I have read the Contributing Guidelines.
• My PR title follows Conventional Commits.
• I have performed a self-review of my changes.
• I have tested the changes locally.
• I have updated documentation where needed.
• I confirm this PR does not introduce breaking changes.

[coderabbitai]

Important

Review skipped

Auto reviews are limited based on label configuration.

🚫 Review skipped — only excluded labels are configured. (2)

• wip
• do-not-review

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 1eb68b45-6425-48a4-8a39-8482c42c1eb3

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

📝 Walkthrough

Walkthrough

Adds a local Sonar analysis flow: new make sonar target and scripts/sonar.sh to validate credentials/tooling, regenerate CI-aligned coverage artifacts (Kover, web Vitest LCOV, Rust LCOV), and run sonar-scanner; includes docs, tests, and Makefile/rust-test tweaks.

Changes

Cohort / File(s)	Summary
Build & Orchestration Makefile	Adds sonar target orchestrating validation, coverage generation, and scanner execution; adds rust-coverage-validate; makes rust-coverage depend on it and forces cargo llvm-cov to run tests with -- --test-threads=1; updates sync-version deps.
Scanner Script & Specs scripts/sonar.sh, openspec/changes/.../design.md, openspec/changes/.../tasks.md	New scripts/sonar.sh enforces SONAR_TOKEN and sonar-scanner, derives project metadata, validates presence of Kover/LCOV artifacts, supports --validate-only, and invokes sonar-scanner; adds design and task docs for the monthly Sonar workflow.
Web Dashboard Coverage & Tests clients/web/apps/dashboard/scripts/run-coverage.mjs, clients/web/apps/dashboard/src/utils/runCoverage.spec.ts	Vitest runner now emits lcov, html, and text reporters; adds deterministic tests that mock spawn/readdir, verify arguments, error handling when no specs, and child-exit forwarding behavior.
Rust Test Stability clients/agent-runtime/src/memory/dream.rs	Makes session_trigger_fires_after_five_sessions retry on transient DreamLockState::Busy up to 10 times to reduce flakiness.
CI Runner Cleanup Step .github/workflows/_build-cerebro-binaries.yml	Inserts a Linux-only pre-install cleanup step to free disk space by removing large preinstalled directories and pruning caches (non-fatal).
Docs & README README.md	Documents local make sonar usage, prerequisites (SONAR_TOKEN, sonar-scanner, toolchain checks) and failure semantics for preflight steps.

Sequence Diagram(s)

sequenceDiagram
    participant Dev as Developer
    participant Make as Makefile
    participant Validate as scripts/sonar.sh
    participant Gradle as Gradle/Kover
    participant Vitest as Vitest Runner
    participant Rust as Rust Coverage
    participant Scanner as sonar-scanner

    Dev->>Make: make sonar
    Make->>Validate: ./scripts/sonar.sh --validate-only
    Validate->>Validate: check SONAR_TOKEN & sonar-scanner
    Validate-->>Make: validation OK
    Make->>Gradle: generate Kover XML
    Gradle-->>Make: kover XML produced
    Make->>Vitest: run dashboard coverage (lcov/html/text)
    Vitest-->>Make: lcov produced
    Make->>Rust: make rust-coverage (depends on rust-coverage-validate)
    Rust-->>Make: rust lcov produced
    Make->>Validate: ./scripts/sonar.sh
    Validate->>Validate: verify coverage artifact files exist
    Validate->>Scanner: invoke sonar-scanner with coverage paths and args
    Scanner-->>Validate: analysis complete
    Validate-->>Make: exit 0
    Make-->>Dev: workflow complete

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• feat(web): configure Codecov and Vitest coverage #133 — Modifies web-app coverage pipeline (Vitest/LCOV) that this PR consumes/extends for Sonar inputs.

Suggested labels

area:rust, area:web, area:ci, area:docs

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'fix(tooling): add local sonar review workflow' clearly describes the main change—adding a local sonar workflow via tooling. It follows Conventional Commits style and is well within 72 characters.
Description check	✅ Passed	The PR description covers all critical sections: Related Issues (#433), Summary of changes, Tested Information (with specific commands), Documentation Impact (paths listed), Breaking Changes (none), and a completed Checklist.
Linked Issues check	✅ Passed	The PR fulfills the linked issue #433 objectives: enables local make sonar workflow, validates prerequisites (SONAR_TOKEN, sonar-scanner), generates Kotlin/Rust/dashboard coverage artifacts, and launches SonarScanner with CI-aligned configuration.
Out of Scope Changes check	✅ Passed	All changes align with issue #433 objectives. The Makefile updates enable the sonar workflow, scripts/sonar.sh implements scanning, coverage tools are wired (dashboard lcov, Rust coverage, Kover), and documentation explains the process. The CI disk-space cleanup is operational infrastructure supporting the new workflow.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/monthly-sonar-review-433

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[cloudflare-workers-and-pages]

Deploying corvus with    Cloudflare Pages

Latest commit:	b4bf7f7
Status:	✅  Deploy successful!
Preview URL:	https://3e2384a5.corvus-42x.pages.dev
Branch Preview URL:	https://fix-monthly-sonar-review-433.corvus-42x.pages.dev

View logs

[github-actions]

✅ Contributor Report

User: @yacosta738
Status: Passed (12/13 metrics passed)

Metric	Description	Value	Threshold	Status
PR Merge Rate	PRs merged vs closed	92%	>= 30%	✅
Repo Quality	Repos with ≥100 stars	0	>= 0	✅
Positive Reactions	Positive reactions received	9	>= 1	✅
Negative Reactions	Negative reactions received	0	<= 5	✅
Account Age	GitHub account age	3105 days	>= 30 days	✅
Activity Consistency	Regular activity over time	108%	>= 0%	✅
Issue Engagement	Issues with community engagement	0	>= 0	✅
Code Reviews	Code reviews given to others	604	>= 0	✅
Merger Diversity	Unique maintainers who merged PRs	2	>= 0	✅
Repo History Merge Rate	Merge rate in this repo	93%	>= 0%	✅
Repo History Min PRs	Previous PRs in this repo	296	>= 0	✅
Profile Completeness	Profile richness (bio, followers)	90	>= 0	✅
Suspicious Patterns	Spam-like activity detection	1	N/A	❌

---

_{Contributor Report evaluates based on public GitHub activity. Analysis period: 2025-04-28 to 2026-04-28}

[coderabbitai]

Actionable comments posted: 5

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@clients/agent-runtime/src/memory/dream.rs`:
- Around line 775-781: The immediate retry after run_if_triggered(tmp.path())
when it returns DreamLockState::Busy can still observe the same lock holder and
leave the test flaky; change the logic in the report selection to poll
run_if_triggered(tmp.path()) in a small bounded retry loop (e.g., max attempts
with a short sleep/backoff) until you observe DreamLockState::Acquired or a
non-Busy state, returning the latest report, or else fail/return the last report
after the window—update the code that references run_if_triggered, the report
variable, and checks for DreamLockState::Busy/Acquired to implement this bounded
polling instead of a single immediate retry.

In `@clients/web/apps/dashboard/src/utils/runCoverage.spec.ts`:
- Around line 65-80: The test in runCoverage.spec.ts asserts a hardcoded "pnpm"
command and POSIX-style paths which fails on Windows; update the assertions for
the command and paths to be platform-aware by matching both "pnpm" and
"pnpm.cmd" (e.g., expect(command) to match /pnpm(\.cmd)?/) and normalize or
flexibly match path separators in the args checks (e.g., compare
path.basename(command) or use regexes like /alpha\.spec\.ts$/ and
/nested[\/\\]beta\.spec\.ts$/ or normalize args by replacing backslashes) so the
expectations on the command variable and the args array succeed on both Windows
and POSIX.

In `@Makefile`:
- Around line 288-295: The sonar Makefile target runs long tasks before failing
on missing Rust coverage tools; update the sonar preflight to validate Rust
coverage tooling by invoking the same checks used by rust-coverage (e.g., verify
cargo-llvm-cov binary and rustup component llvm-tools-preview) before running
heavy steps: modify the sonar recipe to call ./scripts/sonar.sh --validate-only
plus a new or existing validation step that checks for cargo-llvm-cov and rustup
component llvm-tools-preview (or call the rust-coverage validation helper) so
make sonar fails fast on missing prerequisites rather than after Gradle and
dashboard coverage.

In `@README.md`:
- Around line 59-64: Update the README prerequisites to mention the Rust
coverage tools required by the make sonar workflow: state that make sonar
invokes the rust-coverage target and requires cargo-llvm-cov and the
llvm-tools-preview component to be installed (or provide the exact cargo/rustup
install commands), and indicate that missing these will cause rust-coverage to
exit; reference the make target name rust-coverage and the make invocation make
sonar so readers can locate the related rules in the Makefile.

In `@scripts/sonar.sh`:
- Around line 59-60: Replace the incorrect Sonar property sonar.typescript.node
(which points to a directory) with the proper property sonar.nodejs.executable
and assign it the Node binary path (e.g. sonar.nodejs.executable="$(command -v
node)"); alternatively remove the override and rely on PATH/embedded
runtime—update the invocation in the scripts/sonar.sh where
sonar.typescript.node is set to use sonar.nodejs.executable with the executable
path.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: b5a430cf-634d-4080-8d4f-65ecbc3f7d79

📥 Commits

Reviewing files that changed from the base of the PR and between 56222c0 and 2ad32ca.

📒 Files selected for processing (8)

• Makefile
• README.md
• clients/agent-runtime/src/memory/dream.rs
• clients/web/apps/dashboard/scripts/run-coverage.mjs
• clients/web/apps/dashboard/src/utils/runCoverage.spec.ts
• openspec/changes/2026-04-28-monthly-sonar-review-433/design.md
• openspec/changes/2026-04-28-monthly-sonar-review-433/tasks.md
• scripts/sonar.sh

📜 Review details

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (6)

• GitHub Check: report / Contributor Quality Report
• GitHub Check: pr-checks
• GitHub Check: sonar
• GitHub Check: Analyze (javascript-typescript)
• GitHub Check: submit-gradle
• GitHub Check: Cloudflare Pages

🧰 Additional context used

📓 Path-based instructions (5)

**/*

⚙️ CodeRabbit configuration file

**/*: Security first, performance second.
Validate input boundaries, auth/authz implications, and secret management.
Look for behavioral regressions, missing tests, and contract breaks across modules.

Files:

• clients/web/apps/dashboard/scripts/run-coverage.mjs
• README.md
• clients/agent-runtime/src/memory/dream.rs
• openspec/changes/2026-04-28-monthly-sonar-review-433/tasks.md
• Makefile
• scripts/sonar.sh
• clients/web/apps/dashboard/src/utils/runCoverage.spec.ts
• openspec/changes/2026-04-28-monthly-sonar-review-433/design.md

**/*.{md,mdx}

⚙️ CodeRabbit configuration file

**/*.{md,mdx}: Verify technical accuracy and that docs stay aligned with code changes.
For user-facing docs, check EN/ES parity or explicitly note pending translation gaps.

Files:

• README.md
• openspec/changes/2026-04-28-monthly-sonar-review-433/tasks.md
• openspec/changes/2026-04-28-monthly-sonar-review-433/design.md

clients/agent-runtime/src/**/*.rs

📄 CodeRabbit inference engine (clients/agent-runtime/AGENTS.md)

clients/agent-runtime/src/**/*.rs: Never log secrets, tokens, raw credentials, or sensitive payloads in any logging statements
Avoid unnecessary allocations, clones, and blocking operations to maintain performance and efficiency

Files:

• clients/agent-runtime/src/memory/dream.rs

clients/agent-runtime/**/*.rs

📄 CodeRabbit inference engine (clients/agent-runtime/AGENTS.md)

Run cargo fmt --all -- --check, cargo clippy --all-targets -- -D warnings, and cargo test for code validation, or document which checks were skipped and why

Files:

• clients/agent-runtime/src/memory/dream.rs

**/*.rs

⚙️ CodeRabbit configuration file

**/*.rs: Focus on Rust idioms, memory safety, and ownership/borrowing correctness.
Flag unnecessary clones, unchecked panics in production paths, and weak error context.
Prioritize unsafe blocks, FFI boundaries, concurrency races, and secret handling.

Files:

• clients/agent-runtime/src/memory/dream.rs

🧠 Learnings (3)

📚 Learning: 2026-02-17T12:31:17.076Z

Learnt from: CR
Repo: dallay/corvus PR: 0
File: clients/agent-runtime/AGENTS.md:0-0
Timestamp: 2026-02-17T12:31:17.076Z
Learning: Applies to clients/agent-runtime/**/*.rs : Run `cargo fmt --all -- --check`, `cargo clippy --all-targets -- -D warnings`, and `cargo test` for code validation, or document which checks were skipped and why

Applied to files:

• Makefile

📚 Learning: 2026-02-17T12:31:17.076Z

Learnt from: CR
Repo: dallay/corvus PR: 0
File: clients/agent-runtime/AGENTS.md:0-0
Timestamp: 2026-02-17T12:31:17.076Z
Learning: Applies to clients/agent-runtime/**/Cargo.toml : Do not add heavy dependencies for minor convenience; justify new crate additions

Applied to files:

• Makefile

📚 Learning: 2026-02-17T12:31:17.076Z

Learnt from: CR
Repo: dallay/corvus PR: 0
File: clients/agent-runtime/AGENTS.md:0-0
Timestamp: 2026-02-17T12:31:17.076Z
Learning: Applies to clients/agent-runtime/**/Cargo.toml : Preserve release-size profile assumptions in `Cargo.toml` and avoid adding heavy dependencies unless clearly justified

Applied to files:

• Makefile

🪛 checkmake (0.3.2)

Makefile

[warning] 288-288: Target body for "sonar" exceeds allowed length of 5 lines (7).

(maxbodylength)

🪛 LanguageTool

openspec/changes/2026-04-28-monthly-sonar-review-433/tasks.md

[uncategorized] ~7-~7: The official name of this software platform is spelled with a capital “H”.
Context: ...igned scanner arguments. - [ ] 1.3 Keep .github/workflows/sonarqube-analysis.yml and `...

(GITHUB)

---

[uncategorized] ~11-~11: The official name of this software platform is spelled with a capital “H”.
Context: ..., and Rust coverage artifact paths from .github/workflows/sonarqube-analysis.yml; capt...

(GITHUB)

openspec/changes/2026-04-28-monthly-sonar-review-433/design.md

[uncategorized] ~11-~11: The official name of this software platform is spelled with a capital “H”.
Context: ...age-generation paths already encoded in .github/workflows/sonarqube-analysis.yml for K...

(GITHUB)

---

[uncategorized] ~44-~44: The official name of this software platform is spelled with a capital “H”.
Context: ...duces drift between local execution and .github/workflows/sonarqube-analysis.yml. ###...

(GITHUB)

---

[uncategorized] ~153-~153: The official name of this software platform is spelled with a capital “H”.
Context: ... and CI-aligned scanner invocation. | | .github/workflows/sonarqube-analysis.yml | Pos...

(GITHUB)

---

[style] ~166-~166: Three successive sentences begin with the same word. Consider rewording the sentence or use a thesaurus to find a synonym.
Context: ... or scanner prerequisites are absent. - It must not silently report success when t...

(ENGLISH_WORD_REPEAT_BEGINNING_RULE)

---

[uncategorized] ~181-~181: The official name of this software platform is spelled with a capital “H”.
Context: ...e the scanner with arguments aligned to .github/workflows/sonarqube-analysis.yml; 5. r...

(GITHUB)

[sonarqubecloud]

Quality Gate failed

Failed conditions
40.0% Coverage on New Code (required ≥ 80%)

See analysis details on SonarQube Cloud

[coderabbitai]

Actionable comments posted: 2

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

Makefile (1)

428-439: ⚠️ Potential issue | 🟡 Minor

Mark rust-coverage-validate as .PHONY to avoid accidental preflight bypass.

rust-coverage-validate is a command target but not listed in .PHONY. If a file with that name appears, Make may skip the validation recipe.

Minimal fix

-        format check-format check lint-kotlin lint-rust lint-android lint-all sonar \
+        format check-format check lint-kotlin lint-rust lint-android lint-all sonar rust-coverage-validate \

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@Makefile` around lines 428 - 439, The Makefile's .PHONY list is missing the
rust-coverage-validate target, so add rust-coverage-validate to the existing
.PHONY declaration (the long .PHONY line near the top) so make won't treat it as
a real file; update the .PHONY entry to include the symbol
rust-coverage-validate alongside the other phony targets to ensure the
validation recipe always runs.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@clients/web/apps/dashboard/src/utils/runCoverage.spec.ts`:
- Around line 77-85: The current test uses expect.arrayContaining on
args.slice(9), which permits any ordering; change the assertion to require exact
sequence by replacing expect.arrayContaining([...]) with
expect(args.slice(9)).toEqual([expect.stringMatching(/alpha\.spec\.ts$/),
expect.stringMatching(/nested[\\/]beta\.spec\.ts$/),
expect.stringMatching(/zeta\.spec\.ts$/)]) (you can keep the existing
expect(args.slice(9)).toHaveLength(3) or remove it since toEqual already checks
length) and leave the existing check on String(options.cwd)
toContain("dashboard"); this enforces deterministic order for the args array.

In `@README.md`:
- Around line 51-68: Add a short Spanish-parity note to the "Local monthly
review" section (the heading "Local monthly review" and the paragraph describing
`make sonar`) indicating that a Spanish translation is pending or linking the ES
update issue; keep the note brief, user-facing, and placed immediately after the
first paragraph describing `make sonar` so readers see the parity status up
front.

---

Outside diff comments:
In `@Makefile`:
- Around line 428-439: The Makefile's .PHONY list is missing the
rust-coverage-validate target, so add rust-coverage-validate to the existing
.PHONY declaration (the long .PHONY line near the top) so make won't treat it as
a real file; update the .PHONY entry to include the symbol
rust-coverage-validate alongside the other phony targets to ensure the
validation recipe always runs.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 64e30bca-3220-4c8a-ad8a-85a763a9df75

📥 Commits

Reviewing files that changed from the base of the PR and between 2ad32ca and cb6da04.

📒 Files selected for processing (5)

• Makefile
• README.md
• clients/agent-runtime/src/memory/dream.rs
• clients/web/apps/dashboard/src/utils/runCoverage.spec.ts
• scripts/sonar.sh

📜 Review details

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (5)

• GitHub Check: report / Contributor Quality Report
• GitHub Check: sonar
• GitHub Check: pr-checks
• GitHub Check: submit-gradle
• GitHub Check: Cloudflare Pages

🧰 Additional context used

📓 Path-based instructions (5)

clients/agent-runtime/src/**/*.rs

📄 CodeRabbit inference engine (clients/agent-runtime/AGENTS.md)

clients/agent-runtime/src/**/*.rs: Never log secrets, tokens, raw credentials, or sensitive payloads in any logging statements
Avoid unnecessary allocations, clones, and blocking operations to maintain performance and efficiency

Files:

• clients/agent-runtime/src/memory/dream.rs

clients/agent-runtime/**/*.rs

📄 CodeRabbit inference engine (clients/agent-runtime/AGENTS.md)

Run cargo fmt --all -- --check, cargo clippy --all-targets -- -D warnings, and cargo test for code validation, or document which checks were skipped and why

Files:

• clients/agent-runtime/src/memory/dream.rs

**/*.rs

⚙️ CodeRabbit configuration file

**/*.rs: Focus on Rust idioms, memory safety, and ownership/borrowing correctness.
Flag unnecessary clones, unchecked panics in production paths, and weak error context.
Prioritize unsafe blocks, FFI boundaries, concurrency races, and secret handling.

Files:

• clients/agent-runtime/src/memory/dream.rs

**/*

⚙️ CodeRabbit configuration file

**/*: Security first, performance second.
Validate input boundaries, auth/authz implications, and secret management.
Look for behavioral regressions, missing tests, and contract breaks across modules.

Files:

• clients/agent-runtime/src/memory/dream.rs
• clients/web/apps/dashboard/src/utils/runCoverage.spec.ts
• README.md
• scripts/sonar.sh
• Makefile

**/*.{md,mdx}

⚙️ CodeRabbit configuration file

**/*.{md,mdx}: Verify technical accuracy and that docs stay aligned with code changes.
For user-facing docs, check EN/ES parity or explicitly note pending translation gaps.

Files:

• README.md

🧠 Learnings (5)

📚 Learning: 2026-02-17T12:31:17.076Z

Learnt from: CR
Repo: dallay/corvus PR: 0
File: clients/agent-runtime/AGENTS.md:0-0
Timestamp: 2026-02-17T12:31:17.076Z
Learning: Applies to clients/agent-runtime/**/*.rs : Run `cargo fmt --all -- --check`, `cargo clippy --all-targets -- -D warnings`, and `cargo test` for code validation, or document which checks were skipped and why

Applied to files:

• README.md
• scripts/sonar.sh
• Makefile

📚 Learning: 2026-02-17T12:31:17.076Z

Learnt from: CR
Repo: dallay/corvus PR: 0
File: clients/agent-runtime/AGENTS.md:0-0
Timestamp: 2026-02-17T12:31:17.076Z
Learning: Applies to clients/agent-runtime/.github/**/*.{yml,yaml} : For workflow/template-only changes, ensure YAML/template syntax validity

Applied to files:

• Makefile

📚 Learning: 2026-02-17T12:31:17.076Z

Learnt from: CR
Repo: dallay/corvus PR: 0
File: clients/agent-runtime/AGENTS.md:0-0
Timestamp: 2026-02-17T12:31:17.076Z
Learning: Applies to clients/agent-runtime/src/tools/**/*.rs : Implement `Tool` trait in `src/tools/` with strict parameter schema, validate and sanitize all inputs, and return structured `ToolResult` without panics in runtime path

Applied to files:

• Makefile

📚 Learning: 2026-02-17T12:31:17.076Z

Learnt from: CR
Repo: dallay/corvus PR: 0
File: clients/agent-runtime/AGENTS.md:0-0
Timestamp: 2026-02-17T12:31:17.076Z
Learning: Applies to clients/agent-runtime/**/Cargo.toml : Do not add heavy dependencies for minor convenience; justify new crate additions

Applied to files:

• Makefile

📚 Learning: 2026-02-17T12:31:17.076Z

Learnt from: CR
Repo: dallay/corvus PR: 0
File: clients/agent-runtime/AGENTS.md:0-0
Timestamp: 2026-02-17T12:31:17.076Z
Learning: Applies to clients/agent-runtime/**/Cargo.toml : Preserve release-size profile assumptions in `Cargo.toml` and avoid adding heavy dependencies unless clearly justified

Applied to files:

• Makefile

🪛 checkmake (0.3.2)

Makefile

[warning] 288-288: Target body for "sonar" exceeds allowed length of 5 lines (7).

(maxbodylength)

---

[warning] 316-316: Target body for "rust-coverage-validate" exceeds allowed length of 5 lines (8).

(maxbodylength)

🔇 Additional comments (2)

clients/agent-runtime/src/memory/dream.rs (1)

775-782: Good stabilization for transient lock contention in test path.

The bounded retry with short backoff makes this test more resilient while keeping assertions strict on final acquired/completed state.

scripts/sonar.sh (1)

11-39: Good fail-fast guards and scanner wiring.

The prerequisite checks and coverage-artifact validation are clear and reduce partial/invalid scans. The scanner parameterization also aligns with the intended local Sonar workflow.

Also applies to: 42-59