feat(web): repo catalog import, versioning, session notes, memory lifecycle#25
Merged
Merged
Conversation
…ecycle - Skill discovery expands README/index/catalog links into additional source candidates; bulk select and install from discover results with explicit conflict behavior; catalog badge and source warnings surfaced in UI - Skills, workflows, and personas track a patch-incremented version field on each save; version exposed in list responses and dashboard - Runtime session notes: per-run messages.json artifact, list/append API endpoints, and Session Notes panel in run detail (Slice D) - Memory delete-key and purge-expired handlers with dashboard controls (Slice F); ScopedMemoryStore::delete with unit test - Fuzzy prefix token matching for skill discovery search scoring - skill_import_handler syncs Claude slash commands after write
There was a problem hiding this comment.
Pull request overview
This PR expands the web dashboard with catalog-based skill discovery/import, artifact version metadata, runtime session notes, and memory lifecycle controls.
Changes:
- Adds runtime session message APIs/UI and memory delete/purge APIs/UI.
- Extends skill discovery/import with catalog expansion, bulk selection, conflict modes, and slash-command sync.
- Adds version fields for saved skills/workflows/personas plus roadmap/security documentation updates.
Reviewed changes
Copilot reviewed 13 out of 14 changed files in this pull request and generated 14 comments.
Show a summary per file
| File | Description |
|---|---|
| docs/security-gaps.md | Adds security hardening roadmap. |
| docs/runtime-and-tui-milestone.md | Updates milestone slices for shipped session notes, memory lifecycle, and catalog import. |
| docs/milestones.md | Updates M4 scope summary. |
| docs/github-project-hygiene.md | Adds project-board hygiene guidance. |
| crates/web/src/server.rs | Registers runtime message and memory lifecycle routes. |
| crates/web/src/api.rs | Implements version helpers, session messages, memory handlers, catalog discovery expansion, and import/save updates. |
| crates/web/frontend/src/views/SkillsView.vue | Adds catalog warnings, selection, and bulk import UI. |
| crates/web/frontend/src/views/MemoryView.vue | Adds memory delete and purge controls. |
| crates/web/frontend/src/views/DashboardView.vue | Adds Session Notes panel for run details. |
| crates/web/frontend/src/composables/useApi.js | Adds API client methods for messages and memory lifecycle actions. |
| crates/web/Cargo.toml | Adds uuid dependency for runtime message ids. |
| crates/sharing/src/lib.rs | Adds bundle export test for skill package directories. |
| crates/memory/src/store.rs | Adds scoped memory delete support and test coverage. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Add 8 new critical/high gaps identified during enterprise security review: path traversal in memory keys, SSRF in skill discovery, skill import path traversal, post-approval execution sandbox, credential logging, LLM provider IP exfiltration risk, missing body size limits, and CI dependency scanning. Add ongoing audit process and toolchain reference. Renumber all gaps sequentially and add severity/category to summary table.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
versionfield on each save, exposed in list API responsesmessages.jsonartifact,GET/POST /api/runtime/sessions/{id}/messagesendpoints, and a Session Notes panel in the run-detail dashboard viewDELETE /api/memory/{scope}/{key}andPOST /api/memory/{scope}/purge-expiredhandlers; delete and purge-expired buttons in the Memory dashboard;ScopedMemoryStore::deletewith unit testskill_import_handlersyncs Claude slash commands after writedocs/github-project-hygiene.md,docs/security-gaps.mdTest plan
versionincrements on subsequent savescargo test -p memoryandcargo test -p webgreen