Prepare v1.0.29 release docs and metadata#154
Merged
Conversation
Constraint: Story G001 requires dependency-free hardening of tmux-compat wait-for/store behavior without changing raw attach behavior. Rejected: Unbounded compatibility-store reads | preserves automation pressure and corrupt-store failure modes during wait polling. Confidence: high Scope-risk: narrow Directive: Keep wait-for channel and compatibility-store limits documented when expanding tmux-compat breadth. Tested: cargo test --bin lterm tmux_compat::tests:: -- --nocapture; cargo fmt -- --check; cargo clippy --all-targets -- -D warnings; focused ultra-review report .codex/artifacts/ultra-review/story1-1782052019/report.md Not-tested: Full serial daemon test suite deferred to aggregate/final gate.
Constraint: Story G002 targets tmux-compat new-session parser behavior with a small, dependency-free diff. Rejected: Reusing generic flag scanning only | it cannot assign -s/-c values for new-session clustered forms without command-position regressions. Confidence: high Scope-risk: narrow Directive: Keep command-specific tmux parser tests near each accepted clustered value form. Tested: cargo test --bin lterm parses_new_session_clustered -- --nocapture; cargo test --bin lterm tmux_compat::tests:: -- --nocapture; cargo fmt -- --check; cargo clippy --all-targets -- -D warnings; focused ultra-review .codex/artifacts/ultra-review/story2-1782052564/report.md Not-tested: Full serial daemon suite deferred to aggregate/final gate.
Constraint: Story G003 targets wait --contains --tail hot-path cost without weakening sanitizer or tail-window semantics. Rejected: Full tail capture and stateless sanitization on every output revision | it keeps output_state work proportional to the entire tail window. Confidence: high Scope-risk: moderate Directive: Reset sanitizer state whenever the capture start changes; do not carry state across tail-window rollover. Tested: cargo test --bin lterm wait_contains_tail_scanner -- --nocapture; cargo test --bin lterm wait_contains -- --nocapture; cargo test --bin lterm server::tests:: -- --nocapture; cargo fmt -- --check; cargo clippy --all-targets -- -D warnings; focused ultra-review .codex/artifacts/ultra-review/story3-1782052923/report.md Not-tested: Full serial daemon suite deferred to aggregate/final gate.
Constraint: Story G004 requires surfacing real raw-attach input thread failures without regressing stdin-EOF detach semantics. Rejected: Ignoring JoinHandle results | it hides stdin/read/write failures and makes attach teardown falsely successful. Confidence: high Scope-risk: moderate Directive: Treat stdin POLLNVAL as input unavailable/EOF, not as a PTY/input failure; keep output-loop errors primary when both sides fail. Tested: cargo test new_attaches_by_default -- --exact --nocapture; cargo test attach_short_aliases_detach_on_stdin_eof --test cli_smoke -- --nocapture; cargo test explicit_attach_detaches_on_stdin_eof --test cli_smoke -- --nocapture; cargo test --bin lterm client::tests:: -- --nocapture; cargo fmt -- --check; cargo clippy --all-targets -- -D warnings; focused ultra-review .codex/artifacts/ultra-review/story4-1782053908/report.md Not-tested: Full serial daemon suite deferred to aggregate/final gate.
Bound CSI parameter accumulation as bytes arrive, make ANSI truncation reject unsanitized invalid CSI, tighten private directory permissions through a no-follow descriptor, and reject short Linux SO_PEERCRED responses before uid comparison. Constraint: status command output, runtime paths, and peer credentials are attacker-controlled local trust boundaries. Rejected: path-based chmod after lstat | still leaves a symlink swap window. Rejected: final-byte-only CSI bounds | permits unbounded parameter accumulation before completion. Confidence: high Scope-risk: moderate Directive: preserve raw attach streams; keep sanitization and permission tightening limited to capture/status/list and local control surfaces. Tested: cargo fmt -- --check; cargo clippy --all-targets -- -D warnings; cargo test; cargo build --release --locked; cargo audit; focused sanitize/paths/server tests; ultra-review story5-1782054775 APPROVE Not-tested: Linux SO_PEERCRED kernel path on Linux host; validated via portable length helper on macOS.
Replace the nested-agent detector's fixed poll sleep with the existing interruptible sleep helper so attach teardown observes running=false within the bounded 100ms chunk while preserving the immediate poll and non-blocking channel semantics. Constraint: nested-agent row suspension must remain host-side only and must not alter raw PTY attach streams. Rejected: reducing NESTED_AGENT_POLL globally | would increase steady-state process-tree polling overhead rather than only fixing teardown latency. Rejected: blocking send for detector results | would let stale receiver pressure delay attach teardown. Confidence: high Scope-risk: narrow Directive: keep monitor/metadata helpers responsive to running=false before joining attach teardown threads. Tested: cargo fmt -- --check; cargo clippy --all-targets -- -D warnings; cargo test; cargo build --release --locked; cargo audit; focused nested_agent_detection_loop_interrupts_poll_sleep_on_shutdown; final code-reviewer APPROVE and architect CLEAR Not-tested: real interactive nested agent teardown latency under every terminal multiplexer; covered by deterministic loop test and full attach/client suites.
Constraint: Release metadata must stay aligned across Cargo, npm, docs, contract manifest, and Homebrew formula helpers. Rejected: Leaving Homebrew formula at v1.0.28 until after tag | release helper tests require formula version parity; SHA will be refreshed post-tag. Confidence: high Scope-risk: moderate Directive: Refresh Homebrew sha256 immediately after pushing the v1.0.29 tag before considering formula deployment complete. Tested: git diff --check; cargo metadata --format-version 1 --locked --no-deps; node scripts/validate_npm_packages.mjs; python3 scripts/validate_contract_manifest.py docs/contract-manifest.json; python3 scripts/test_release_helpers.py; ruby -c packaging/homebrew/lterm.rb; scripts/release-preflight.sh --allow-occupied-skip --require-audit; ./target/release/lterm --version; release-binary JSON schema/example/drift checks. Not-tested: manual 15-minute soak gate.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
lterm agent grokPATH profile, not a built-in shortcutClaude proofreading
.omx/artifacts/claude-readme-html-proofread-20260622004447.mdVerification
git diff --checkcargo metadata --format-version 1 --locked --no-depsnode scripts/validate_npm_packages.mjspython3 scripts/validate_contract_manifest.py docs/contract-manifest.jsonpython3 scripts/test_release_helpers.pyruby -c packaging/homebrew/lterm.rbscripts/release-preflight.sh --allow-occupied-skip --require-audit./target/release/lterm --version->lterm 1.0.29./target/release/ltermDeployment note
After merge, create/push
v1.0.29, create the GitHub Release, run the npm publish workflow, wait for Pages, then compute the GitHub tag tarball sha256 and refreshpackaging/homebrew/lterm.rbin a follow-up PR before considering Homebrew deployment complete.