Exa

Exa AI

Exa AI

Exa AI

Exa AI

Exa AI

Exa AI

Exa AI

Exa AI

Exa AI

Exa AI

OpenClaw has 500,000 instances and no enterprise kill switch

“Your AI? It’s my AI now.” The line came from Etay Maor, VP of Threat Intelligence at Cato Networks, in an exclusive interview with VentureBeat at RSAC 2026 — and it describes exactly what happened to a U.K. CEO whose OpenClaw instance ended up for sale on BreachForums. Maor's argument is that the industry handed AI agents the kind of autonomy it would never extend to a human employee, discarding zero trust, least privilege, and assume-breach in the process. The proof arrived on BreachForums three weeks before Maor’s interview. On February 22, a threat actor using the handle “fluffyduck” posted a listing advertising root shell access to the CEO’s computer for $25,000 in Monero or Litecoin. The shell was not the selling point. The CEO’s OpenClaw AI personal assistant was. The buyer would get every conversation the CEO had with the AI, the company’s full production database, Telegram bot tokens, Trading 212 API keys, and personal details the CEO disclosed to the assistant about family and finances. The threat actor noted the CEO was actively interacting with OpenClaw in real time, making the listing a live intelligence feed rather than a static data dump. Cato CTRL senior security researcher Vitaly Simonovich documented the listing on February 25. The CEO’s OpenClaw instance stored everything in plain-text Markdown files under ~/.openclaw/workspace/ with no encryption at rest. The threat actor didn't need to exfiltrate anything; the CEO had already assembled it. When the security team discovered the breach, there was no native enterprise kill switch, no management console, and no way to inventory how many other instances were running across the organization. OpenClaw runs locally with direct access to the host machine’s file system, network connections, browser sessions, and installed applications. The coverage to date has tracked its velocity, but what it hasn't mapped is the threat surface. The four vendors who used RSAC 2026 to ship responses still haven't produced

OCR for construction documents does not work, we fixed it

So we&#x27;ve built an API and trained models that detects fixtures, extracts schedules, and analyzes construction documents. Check us out!<p>More examples: - <a href="https:&#x2F;&#x2F;www.getanchorgrid.com&#x2F;developer&#x2F;docs&#x2F;endpoints&#x2F;drawings-doors" rel="nofollow">https:&#x2F;&#x2F;www.getanchorgrid.com&#x2F;developer&#x2F;docs&#x2F;endpoints&#x2F;drawi...</a><p>Main website: - <a href="https:&#x2F;&#x2F;www.getanchorgrid.com&#x2F;developer" rel="nofollow">https:&#x2F;&#x2F;www.getanchorgrid.com&#x2F;developer</a><p>Why we did it: <a href="https:&#x2F;&#x2F;www.getanchorgrid.com&#x2F;developer&#x2F;docs&#x2F;changelog&#x2F;construction-drawings-are-data-prisons" rel="nofollow">https:&#x2F;&#x2F;www.getanchorgrid.com&#x2F;developer&#x2F;docs&#x2F;changelog&#x2F;const...</a>

Show HN: ProofShot – Give AI coding agents eyes to verify the UI they build

I use AI agents to build UI features daily. The thing that kept annoying me: the agent writes code but never sees what it actually looks like in the browser. It can’t tell if the layout is broken or if the console is throwing errors.<p>So I built a CLI that lets the agent open a browser, interact with the page, record what happens, and collect any errors. Then it bundles everything — video, screenshots, logs — into a self-contained HTML file I can review in seconds.<p><pre><code> proofshot start --run &quot;npm run dev&quot; --port 3000 # agent navigates, clicks, takes screenshots proofshot stop </code></pre> It works with whatever agent you use (Claude Code, Cursor, Codex, etc.) — it’s just shell commands. It&#x27;s packaged as a skill so your AI coding agent knows exactly how it works. It&#x27;s built on agent-browser from Vercel Labs which is far better and faster than Playwright MCP.<p>It’s not a testing framework. The agent doesn’t decide pass&#x2F;fail. It just gives me the evidence so I don’t have to open the browser myself every time.<p>Open source and completely free.<p>Website: <a href="https:&#x2F;&#x2F;proofshot.argil.io&#x2F;" rel="nofollow">https:&#x2F;&#x2F;proofshot.argil.io&#x2F;</a>

Vandalizing My Own Wikipedia Experience: A 90s Cyberpunk GeoCities Makeover

Wikipedia is a marvel. It is the Library of Alexandria of our time, a meticulously curated repository...

How to Pass the Claude Certified Architect (CCA) Foundations Exam

Anthropic launched its first official technical certification on March 12, 2026 — the Claude...

Fixing AI failure: Three changes enterprises should make now

Recent reports about AI project failure rates have raised uncomfortable questions for organizations investing heavily in AI. Much of the discussion has focused on technical factors like model accuracy and data quality, but after watching dozens of AI initiatives launch, I’ve noticed that the biggest opportunities for improvement are often cultural, not technical. Internal projects that struggle tend to share common issues. For example, engineering teams build models that product managers don’t know how to use. Data scientists build prototypes that operations teams struggle to maintain. And AI applications sit unused because the people they were built for weren't involved in deciding what “useful” really meant. In contrast, organizations that achieve meaningful value with AI have figured out how to create the right kind of collaboration across departments, and established shared accountability for outcomes. The technology matters, but the organizational readiness matters just as much. Here are three practices I’ve observed that address the cultural and organizational barriers that can impede AI success. Expand AI literacy beyond engineering When only engineers understand how an AI system works and what it’s capable of, collaboration breaks down. Product managers can't evaluate trade-offs they don't understand. Designers can't create interfaces for capabilities they can't articulate. Analysts can't validate outputs they can't interpret. The solution isn't making everyone a data scientist. It's helping each role understand how AI applies to their specific work. Product managers need to grasp what kinds of generated content, predictions or recommendations are realistic given available data. Designers need to understand what the AI can actually do so they can design features users will find useful. Analysts need to know which AI outputs require human validation versus which can be trusted. When teams share this working vocabulary, AI stops being something that happens in

Show HN: Oxyde – Pydantic-native async ORM with a Rust core

Hi HN! I built Oxyde because I was tired of duplicating my models.<p>If you use FastAPI, you know the drill. You define Pydantic models for your API, then define separate ORM models for your database, then write converters between them. SQLModel tries to fix this but it&#x27;s still SQLAlchemy underneath. Tortoise gives you a nice Django-style API but its own model system. Django ORM is great but welded to the framework.<p>I wanted something simple: your Pydantic model IS your database model. One class, full validation on input and output, native type hints, zero duplication. The query API is Django-style (.objects.filter(), .exclude(), Q&#x2F;F expressions) because I think it&#x27;s one of the best designs out there.<p><i>Explicit over implicit.</i> I tried to remove all the magic. Queries don&#x27;t touch the database until you call a terminal method like .all(), .get(), or .first(). If you don&#x27;t explicitly call .join() or .prefetch(), related data won&#x27;t be loaded. No lazy loading, no surprise N+1 queries behind your back. You see exactly what hits the database by reading the code.<p><i>Type safety</i> was a big motivation. Python&#x27;s weak spot is runtime surprises, so Oxyde tackles this on three levels: (1) when you run makemigrations, it also generates .pyi stub files with fully typed queries, so your IDE knows that filter(age__gte=...) takes an int, that create() accepts exactly the fields your model has, and that .all() returns list[User] not list[Any]; (2) Pydantic validates data going into the database; (3) Pydantic validates data coming back out via model_validate(). You get autocompletion, red squiggles on typos, and runtime guarantees, all from the same model definition.<p><i>Why Rust?</i> Not for speed as a goal. I don&#x27;t do &quot;language X is better&quot; debates. Each one is good at what it was made for. Python is hard to beat for expressing business logic. But infrastructure stuff like SQL generation, connection pooling, and row serialization is where a systems language makes sense. So I split it: Python handles your models and business logic, Rust handles the database plumbing. Queries are built as an IR in Python, serialized via MessagePack, sent to Rust which generates dialect-specific SQL, executes it, and streams results back. Speed is a side effect of this split, not the goal. But since you&#x27;re not paying a performance tax for the convenience, here are the benchmarks if curious: <a href="https:&#x2F;&#x2F;oxyde.fatalyst.dev&#x2F;latest&#x2F;advanced&#x2F;benchmarks&#x2F;" rel="nofollow">https:&#x2F;&#x2F;oxyde.fatalyst.dev&#x2F;latest&#x2F;advanced&#x2F;benchmarks&#x2F;</a><p>What&#x27;s there today: Django-style migrations (makemigrations &#x2F; migrate), transactions with savepoints, joins and prefetch, PostgreSQL + SQLite + MySQL, FastAPI integration, and an auto-generated admin panel that works with FastAPI, Litestar, Sanic, Quart, and Falcon (<a href="https:&#x2F;&#x2F;github.com&#x2F;mr-fatalyst&#x2F;oxyde-admin" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;mr-fatalyst&#x2F;oxyde-admin</a>).<p>It&#x27;s v0.5, beta, active development, API might still change. This is my attempt to build the ORM I personally wanted to use. Would love feedback, criticism, ideas.<p>Docs: <a href="https:&#x2F;&#x2F;oxyde.fatalyst.dev&#x2F;" rel="nofollow">https:&#x2F;&#x2F;oxyde.fatalyst.dev&#x2F;</a><p>Step-by-step FastAPI tutorial (blog API from scratch): <a href="https:&#x2F;&#x2F;github.com&#x2F;mr-fatalyst&#x2F;fastapi-oxyde-example" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;mr-fatalyst&#x2F;fastapi-oxyde-example</a>

Understanding Representation Learning in Neural Networks (With PyTorch Example)

Deep learning systems are powerful because they learn representations of data automatically. Instead...

AI and Jobs: What Anthropic's Labor Market Data Actually Shows About Your Career

Anthropic's 2026 study ranks jobs by real AI usage data. Programmers are 75% exposed, but unemployment has not risen. See exactly where your role stands.

feat: Sandbox integration test — real binary lifecycle + stress testing (#37)

## Summary Implements comprehensive GitHub Actions sandbox testing workflow that validates real daemon binary lifecycle, catching deployment bugs that in-process tests cannot detect. ## Changes - **Complete Sandbox Workflow**: Tests actual `pi-daemon` binary in CI environment - **Comprehensive Coverage**: Smoke tests, concurrency, stress testing, crash recovery - **Real-world Validation**: PID files, port binding, signal handling, memory behavior - **Future-Ready**: Enhancement issues created for persistence, supervisor, scheduler testing ## Test Phases Implemented ### 🔍 Phase 1: Smoke Testing - **Binary Startup**: Release build starts as real daemon process - **Endpoint Validation**: Health, status, agent CRUD, webchat, OpenAI API - **PID Management**: daemon.json creation, tracking, cleanup verification - **Basic Functionality**: All core features work in real deployment scenario ### ⚡ Phase 2: Concurrency & Load Testing - **HTTP Load**: 50 concurrent requests to `/api/status` endpoint - **Agent Stress**: 20 concurrent agent registrations with verification - **WebSocket Load**: 5 concurrent WebSocket connections within per-IP limits - **Memory Monitoring**: RSS usage tracking with 200MB warning threshold ### 💪 Phase 3: Stress & Recovery Testing - **Sustained Load**: 30-second continuous request generation with memory growth monitoring - **Crash Recovery**: Kill -9 simulation → restart verification → full functionality restored - **Memory Validation**: Growth monitoring with warnings if >50MB increase during load ### 🛑 Phase 4: Graceful Shutdown Testing - **API Shutdown**: `POST /api/shutdown` endpoint triggers graceful exit - **Process Cleanup**: PID file removal, port release verification - **CLI Validation**: Commands handle daemon state correctly when stopped ## Critical Gaps Addressed | What In-Process Tests Miss | Real Deployment Bug Example | Sandbox Test Coverage | |---------------------------|----------------------------|---------------------| | Binary actually starts | Compiles but panics on launch | ✅ Real daemon startup | | PID file lifecycle | Written but not cleaned up | ✅ File creation/removal | | Port binding issues | Works on random ports, fails on 4200 | ✅ Standard port binding | | Signal handling | Ctrl+C cleanup, SIGTERM shutdown | ✅ Kill signals + cleanup | | Concurrent behavior | Race conditions under load | ✅ 50+ concurrent operations | | Memory leaks | Only visible after sustained use | ✅ Memory growth monitoring | | Config from disk | Tests use in-memory config | ✅ Real TOML file loading | | WebSocket limits | Per-IP connection enforcement | ✅ Connection limit testing | ## Future Enhancements Created ### Issue #77: P2.6 Persistence Testing (Phase 2+) - Data survival across restarts (agents, sessions, usage) - Database integrity after ungraceful shutdown - **Blocked by:** #13 (SQLite memory substrate) ### Issue #78: P3.4 Supervisor Stress Testing (Phase 3+) - Heartbeat timeout detection under load - Auto-restart functionality validation - **Blocked by:** #17 (Supervisor implementation) ### Issue #79: P3.5 Scheduler Validation (Phase 3+) - Cron job execution timing accuracy - Job management under concurrent load - **Blocked by:** #16 (Cron scheduler engine) ## Workflow Configuration ### Trigger Conditions - **Pull Requests** to main branch - **Path Filter**: Only when `crates/**`, `Cargo.toml`, `Cargo.lock` change - **Skip**: Documentation-only changes (no unnecessary CI overhead) ### Environment Setup - **Ubuntu Latest**: Standard CI environment - **Release Build**: Tests production binary (optimized, no debug symbols) - **Dependencies**: jq for JSON parsing, websocat for WebSocket testing - **Timeout**: 10 minutes prevents hung processes from blocking CI ### Error Handling & Reporting - **Actionable Errors**: Clear failure messages with context - **Resource Monitoring**: Memory usage warnings and alerts - **Cleanup**: Guaranteed daemon process cleanup even on test failures - **Debugging**: Process PID tracking and status validation ## Test Execution Flow ```bash # 1. Build release binary cargo build --release # 2. Start daemon in background ./target/release/pi-daemon start --foreground & # 3. Wait for health endpoint (30s timeout) curl -sf http://127.0.0.1:4200/api/health # 4. Run comprehensive test suite # - API endpoint validation # - Agent CRUD lifecycle # - Webchat content verification # - OpenAI compatibility testing # - Concurrent load testing # - Memory usage monitoring # - Crash recovery simulation # - Graceful shutdown validation # 5. Cleanup and summary pkill pi-daemon && rm daemon.json ``` ## Benefits - ✅ **Deployment Confidence**: Catches real-world integration issues - ✅ **Performance Validation**: Memory and concurrency behavior under load - ✅ **Recovery Testing**: Ensures robustness against crashes and restarts - ✅ **Signal Handling**: Validates production process management - ✅ **Resource Management**: Prevents port confli

[Resource]: WRITE THE NAME OF YOUR RESOURCE HERE

### Display Name AI.MD ### Category Agent Skills ### Sub-Category General ### Primary Link https://github.com/sstklen/ai-md ### Author Name sstklen ### Author Link https://github.com/sstklen ### License MIT ### Other License _No response_ ### Description Converts human-written CLAUDE.md files into AI-native structured-label format using a 6-phase methodology (understand, decompose, label,structure, resolve, test). Battle-tested with 4 LLM models — structured format raised Codex (GPT-5.3) compliance from 6/8 to 8/8 on identical rule content, while reducing file size by 53% and line count by 37% (224 → 142 lines, within Claude Code's recommended 200-line limit). ### Validate Claims Install the skill and run it on any CLAUDE.md over 100 lines. The skill measures before/after byte count and line count, converts to structured-label format with automatic backup (.bak), and reports the diff. Real test data is in the README (4-model comparison table). The examples/ directory contains a complete before/after pair for manual inspection. ### Specific Task(s) Have Claude Code convert an existing CLAUDE.md using the AI.MD skill. Then compare compliance by testing both versions (original backup vs converted) with the same set of questions. The skill's SKILL.md documents the exact 8-question test protocol used in validation. ### Specific Prompt(s) Say: "distill my CLAUDE.md" or "AI.MD" — the skill previews current token cost, shows before/after examples, then offers to convert with full backup. After conversion, say "test my CLAUDE.md" to run the built-in multi-model validation. ### Additional Comments The core insight: LLMs re-read CLAUDE.md every conversation turn. Human prose wastes tokens and splits attention across rules sharing a line. Structured-label format (one concept per line, explicit trigger/action/exception labels, XML section boundaries) gives each rule full attention weight. This is not compression — it's restructuring the same rules into a format LLMs parse more reliably. Full methodology: 6 conversion phases + 5 special techniques documented in SKILL.md (525 lines). ### Recommendation Checklist - [x] I have checked that this resource hasn't already been submitted - [x] It has been over one week since the first public commit to the repo I am recommending - [x] All provided links are working and publicly accessible - [x] I do NOT have any other open issues in this repository - [x] I am primarily composed of human-y stuff and not electrical circuits

Add example usage for Costory billing datasources in documentation

- Included Terraform example for Anthropic billing datasource. - Added Terraform example for Cursor billing datasource. - Defined required variables and provider configuration for both datasources.

[AI Agent] Master Tracking: Complete AI Agent Implementation

## 🎯 Goal Track the complete implementation of autonomous Python AI Agent for CoffeeOrderSystem. --- ## 📋 Implementation Steps ### Phase 1: Infrastructure (Week 1) - [ ] **Step 1:** Setup Python AI Agent Service infrastructure #133 - Python service with FastAPI - Docker integration - Basic health checks - Makefile commands ### Phase 2: AI Integration (Week 1-2) - [ ] **Step 2:** Implement Cognee integration with semantic code search #134 - CogneeService with RAG search - Architecture context gathering - Entity file discovery - Integration tests - [ ] **Step 3:** Implement PlannerAgent with LangChain #135 - TaskPlan models - LangChain planning chain - Prompt templates - Plan generation and posting ### Phase 3: Code Generation (Week 2-3) - [ ] **Step 4:** Implement DevAgent for code generation #136 - GitHub file operations - Code generation prompts - Create/modify/delete operations - Branch management - [ ] **Step 5:** Implement PRAgent and workflow orchestration #137 - PR creation with rich descriptions - Workflow orchestrator - Background task processing - Complete end-to-end flow ### Phase 4: Advanced Features (Week 3-4) - [ ] **Step 6:** Add learning/memory system - Store successful patterns in Cognee - Learn from PR reviews - Avoid failed patterns - Improve over time - [ ] **Step 7:** Add GitHub webhook listener - Auto-trigger on issue label - Real-time processing - Queue management - Concurrent task handling --- ## 🎯 Success Criteria ### MVP (Minimum Viable Product) - ✅ Agent creates plans for issues - ✅ Agent generates compilable code - ✅ Agent creates PRs with descriptions - ✅ Works for simple tasks (add field, update config) - ✅ Error handling with GitHub notifications ### Production Ready - ☐ Handles complex multi-layer changes - ☐ Learns from successful PRs - ☐ Automatic triggering via webhooks - ☐ Rate limiting and queue management - ☐ Comprehensive test coverage (>80%) - ☐ Monitoring and metrics --- ## 📊 Architecture Overview ``` ┌────────────────────────────────────┐ │ GitHub Issues (labeled: ai-agent) │ └───────────────┬────────────────────┘ │ ↓ (webhook or manual trigger) ┌───────────────┼────────────────────┐ │ WorkflowOrchestrator │ └───────────────┬────────────────────┘ │ ┌────────┼────────┐ │ │ │ ↓ ↓ ↓ PlannerAgent DevAgent PRAgent │ │ │ │ │ │ ┌───┼───┐ │ ┌───┼───┐ │ │ │ │ │ │ │ ↓ ↓ ↓ ↓ ↓ ↓ ↓ Cognee LLM GitHub GitHub (RAG) (GPT-4) (API) ``` ### Component Responsibilities **PlannerAgent:** - Analyzes GitHub issue - Searches codebase via Cognee - Creates structured TaskPlan - Posts plan as issue comment **DevAgent:** - Generates code via LLM - Creates/modifies/deletes files - Commits to feature branch - Preserves code style **PRAgent:** - Creates pull request - Writes comprehensive PR description - Links to original issue - Adds testing checklist **WorkflowOrchestrator:** - Coordinates all agents - Handles errors - Posts progress updates - Manages background execution --- ## 📦 Tech Stack ### Core - **Python 3.11+** - Agent runtime - **FastAPI** - Web framework - **LangChain** - LLM orchestration - **OpenAI GPT-4** - Code generation - **PyGithub** - GitHub API client ### AI/ML - **Cognee** - RAG and semantic search - **OpenAI Embeddings** - Vector search - **LangChain Chains** - Prompt management ### Infrastructure - **Docker** - Containerization - **PostgreSQL** - Shared with .NET API - **uvicorn** - ASGI server --- ## 📝 Usage Example ### 1. Create Issue ```markdown Title: Add loyalty points to Customer Labels: ai-agent, enhancement Description: Add LoyaltyPoints field (int, default 0) to Customer entity. Requirements: - Update Domain/Entities/Customer.cs - Update Application/DTOs/CustomerDto.cs - Create EF Core migration - Add unit tests ``` ### 2. Trigger Agent ```bash make agent-process # Enter issue number: 138 ``` ### 3. Monitor Progress Issue comments show: ``` 🤖 AI Agent Started Phase 1/3: Analyzing task... 🤖 Execution Plan Summary: Add LoyaltyPoints field to Customer entity Steps: 1. MODIFY Domain/Entities/Customer.cs 2. MODIFY Application/DTOs/CustomerDto.cs 3. CREATE Migration file 4. CREATE Test file 🛠️ Phase 2/3: Generating code (4 files)... ✅ Step 1/4: modify Customer.cs ✅ Step 2/4: modify CustomerDto.cs ... 📦 Phase 3/3: Creating pull request... 🤖 Pull Request Created: #139 Branch: ai-agent/issue-138 Ready for review! ``` ### 4. Review PR PR includes: - Closes #138 - Comprehensive description - File changes summary - Testing checklist - Risk assessment ### 5. Merge Agent learns from successful merge for future tasks. --- ## 🧪 Testing Strategy ### Unit Tests - Agent logic (plan parsing, code generation) - Service mocks (GitHub, Cognee) - P

Weekly Rules Review: 2026-03-09

## Weekly Rules Documentation Review - 2026-03-09 ### Overall Health Assessment The rules documentation is in **good shape overall**. All 11 rule files are relevant, and the vast majority of file paths and code patterns they reference still exist in the codebase. Two files need minor updates, and one has a moderate accuracy issue. --- ### Audit Results #### AGENTS.md **Status**: Keep **Reasoning**: Core agent guide is accurate and well-structured. The rules index table, project setup instructions, pre-commit checks, and general guidance are all current. References to `npm run ts`, `tsgo`, TanStack Router, and Base UI are correct. --- #### rules/electron-ipc.md **Status**: Keep **Reasoning**: High-value, comprehensive guide. All referenced file paths exist (`src/ipc/contracts/core.ts`, `src/ipc/types/*.ts`, `src/ipc/handlers/base.ts`, `src/lib/queryKeys.ts`). The `pendingStreamChatIds` pattern still exists in `useStreamChat.ts`. The `writeSettings` shallow merge warning is still relevant (confirmed by recent fix in commit ef4ec84 preventing stale settings reads). --- #### rules/local-agent-tools.md **Status**: Keep **Reasoning**: Concise and accurate. `modifiesState` flag is actively used across many tool files. `buildAgentToolSet` exists in `tool_definitions.ts`. `handleLocalAgentStream` exists in `local_agent_handler.ts` with `readOnly`/`planModeOnly` guards confirmed. `todo_persistence.ts` exists. `fs.promises` guidance remains relevant for Electron main process. --- #### rules/e2e-testing.md **Status**: Needs Update **Reasoning**: Mostly accurate and high-value, but has two inaccuracies in helper method references. **Issues Found**: - Lines 64-75: References `po.clearChatInput()` and `po.openChatHistoryMenu()` as methods on PageObject directly, but they actually live on the `chatActions` sub-component: `po.chatActions.clearChatInput()` and `po.chatActions.openChatHistoryMenu()`. This contradicts the sub-component pattern documented earlier in the same file (lines 29-43). **Suggested Changes**: - Update the Lexical editor section examples to use `po.chatActions.clearChatInput()` and `po.chatActions.openChatHistoryMenu()` instead of `po.clearChatInput()` and `po.openChatHistoryMenu()` --- #### rules/git-workflow.md **Status**: Keep **Reasoning**: Comprehensive and high-value. Contains many hard-won learnings about fork workflows, `gh pr create` edge cases, GitHub API workarounds, and rebase conflict resolution patterns. The `GITHUB_TOKEN` workflow chaining limitation and the `--input` pattern for special characters are particularly valuable. Recent commits (51fc07e - GitHub App tokens) confirm this area is actively evolving. **Note**: This is the longest rules file (123 lines). Some of the very specific rebase conflict tips (React component wrapper conflicts, refactoring conflicts) may be overly situational, but they're low-cost to keep. --- #### rules/base-ui-components.md **Status**: Keep **Reasoning**: All referenced component files exist (`context-menu.tsx`, `tooltip.tsx`, `accordion.tsx`). `@base-ui/react` is in the project dependencies. The TooltipTrigger `render` prop guidance and Accordion API differences from Radix are high-value patterns that prevent common mistakes. --- #### rules/database-drizzle.md **Status**: Keep **Reasoning**: Short and high-value. `drizzle/meta/_journal.json` exists. Migration conflict resolution guidance is important for rebase workflows. --- #### rules/typescript-strict-mode.md **Status**: Keep **Reasoning**: All references verified. `tsconfig.app.json` confirms ES2020 target with `lib: ["ES2020"]`. The `tsgo` installation note (Go binary, not npm package) and `response.json()` returning `unknown` are valuable gotchas. Node.js >= 24 requirement is noted. --- #### rules/openai-reasoning-models.md **Status**: Needs Update **Reasoning**: The core concept is still valid - orphaned reasoning parts are still filtered in `src/ipc/utils/ai_messages_utils.ts`. However, the specific function name referenced is outdated. **Issues Found**: - References `filterOrphanedReasoningParts()` as a named function, but this logic was refactored into the `cleanMessage()` function (inline filtering within that function). The named export no longer exists. **Suggested Changes**: - Update the reference from `filterOrphanedReasoningParts()` to describe the filtering logic within `cleanMessage()` in `src/ipc/utils/ai_messages_utils.ts` --- #### rules/adding-settings.md **Status**: Keep **Reasoning**: All file paths verified: `UserSettingsSchema` in `src/lib/schemas.ts`, `DEFAULT_SETTINGS` in `src/main/settings.ts`, `SETTING_IDS` in `src/lib/settingsSearchIndex.ts`, `AutoApproveSwitch.tsx` as template. Recent commit d6ab829 (add max tool call steps setting) confirms this pattern is actively used. --- #### rules/chat-message-indicators.md **Status**: Keep **Reasoning**: Short (12 lines), low token cost. `dyad-status` tag implementation confirmed in

Weekly Report Mar 2 -- Mar 9, 2026

# Weekly Report: Mar 2 -- Mar 9, 2026 ## Quick Stats | Metric | Count | |--------|-------| | Merged PRs | 47 | | Open PRs | 24 (11 draft) | | Open issues | 61 | | New issues this week | 33 | | Issues closed this week | 6 | | CI runs on main | 30 | ## Highlights An exceptionally active week with 47 merged PRs. Key themes: - **Realm migration**: Keycloak master-to-kagenti realm migration landed (#764), with follow-up fixes (#851, #863) - **Platform hardening**: Podman support (#861), Docker Hub rate limit fixes (#844), PostgreSQL mount fix (#852) - **CI/CD improvements**: OpenSSF Scorecard 7.1->8+ (#807), stale workflow permissions (#859), HyperShift cluster auto-cleanup (#854) - **New capabilities**: CLI/TUI for Kagenti (#835), Istio trace export to OTel (#795), RHOAI 3.x integration (#809) - **Dependency updates**: 8 Dependabot PRs (Docker actions major bumps, CodeQL, Trivy) - **Authorization epic**: 7 new issues (#787-#794) laying out a comprehensive authorization and policy framework - **Agent sandbox epic**: New epic (#820) for platform-owned sandboxed agent runtime ## Issue Analysis ### Epics (active initiatives) | # | Title | Owner | Status | |---|-------|-------|--------| | #862 | AgentRuntime CR — CR-triggered injection | @cwiklik | New, design phase | | #820 | Platform-Owned Sandboxed Agent Runtime | @Ladas | Active, PR #758 in progress | | #828 | Migrate installer from Ansible/Helm to Operator | @pdettori | New, planning | | #787 | Authorization, Policies, and Access Management | @mrsabath | New, 6 sub-issues filed | | #841 | Org-wide orchestration: CI, tests, security | @Ladas | Active, PRs #866-#868 open | | #767 | Migrate from Keycloak master realm | @mrsabath | Mostly done (#764 merged), close candidate | | #619 | Tracing observability PoC | @evaline-ju | Active (#795 merged) | | #621 | OpenSSF Scorecard to 10/10 | @Ladas | Active (#807 merged, now 8+) | | #523 | Refactor APIs for Compositional Architecture | @pdettori | Active, PR #770 open | | #518 | OpenShift AI deployment issues | @Ladas | Active (#809 merged) | | #309 | Full Coverage E2E Testing | @cooktheryan | Ongoing | | #440 | Multi-Team Deployment on RHOAI | @Ladas | Ongoing | | #439 | Namespace-Based Token Usage Quotas | @Ladas | Ongoing | | #614 | Feedback review community meeting | @Ladas | Stale (>30d no update) | | #623 | Identify Emerging Agentic Deployment Patterns | @kellyaa | Stale | | #612 | Agent Attestation Framework | @mrsabath | Stale, PR #613 still draft | ### Security-Adjacent Issues | # | Title | Status | Recommendation | |---|-------|--------|----------------| | #822 | Keycloak configmap should be secret | Open | High priority — credentials in configmap | | #106 | Replace hardcoded secret with SPIRE identity | Open | Long-standing, PR #769 in draft | | #333 | SPIFFE ID missing checks | Open | Stale, needs triage | | #267 | Replace hard-coded Client Secret File path | Open | Good first issue, needs assignee | ### Bug Reports | # | Title | Still affects main? | PR exists? | Recommendation | |---|-------|---------------------|------------|----------------| | #856 | Warnings during Kagenti install | Likely yes | No | Triage — install warnings | | #855 | Can't checkout source on Windows | Yes (skill naming) | PR #869 | In progress | | #829 | Deleting A2A agent doesn't delete HTTPRoute | Likely yes | No | Needs fix | | #826 | No way to log out of Kagenti | Yes | No | UX bug, needs fix | | #825 | Build failures lead to stuck state | Likely yes | No | Needs investigation | | #738 | UI drops spire label on 2nd deploy | Likely yes | No | Stale (>30d) | | #486 | Installer issues (Postgres/Phoenix) | Partially (#852 fixed PG) | Partial | Re-verify Phoenix | | #781 | kagenti-deps fails on OCP 4.19 | Unknown | No | Stale, needs triage | | #606 | Unsupported Helm version | Unknown | No | Stale, needs triage | | #655 | Duplicated resources between repos | Unknown | No | Stale, needs triage | ### Issues Closed This Week (good velocity) | # | Title | Fix PR | |---|-------|--------| | #833 | UI login fails after realm migration | #834 | | #831 | --preload fails when images cached | #832 | | #819 | Remove deprecated Component CRD refs | #818 | | #813 | Import env vars references bad URL | #821 | | #810 | Import env vars silently fails on dup | #821 | | #804 | OAuth secret job SSL error on OCP | #805 | ### Feature Requests | # | Title | Priority | Recommendation | |---|-------|----------|----------------| | #858 | Use new URL for fetching Agent Cards | Medium | Good first issue | | #836 | AuthBridge sidecar opt-out controls in UI | Medium | Tied to #862 epic | | #824 | Help text for UI fields | Low | Good UX improvement | | #823 | Examples as suggestions in UI | Low | Nice-to-have | | #817 | Auto-add issues/PRs to project board | Medium | PR #870 open | | #814 | Mechanism to update agent via K8s | Medium | Operator feature | | #786 | Register MCP servers from UI | Medium | UI feature | | #783 | Agent card signing/verifica