Skip to content

Release: Nightly -> Main #267

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
AshishKumar4 wants to merge 132 commits into
base: main
Choose a base branch
from
Open

Release: Nightly -> Main #267

AshishKumar4 wants to merge 132 commits into from
+28,484 −10,945

Conversation

@AshishKumar4
Copy link
Collaborator

@AshishKumar4 AshishKumar4 commented Dec 14, 2025
edited by github-actions bot
Loading

Summary

Major release merging nightly changes to main, featuring a new encrypted User Secrets Vault system, improved CI/CD workflows, enhanced process monitoring, and React safety gate static analysis.

Changes

Vault/Secrets System (New Feature)

  • Added client-side encrypted User Secrets Vault with Argon2id/WebAuthn PRF key derivation
  • New UserSecretsStore Durable Object for secure server-side encrypted storage
  • vault-crypto.ts - Browser-side cryptography (AES-GCM, HKDF, rejection sampling for unbiased RNG)
  • VaultContext React provider for vault state management
  • New vault UI components: VaultSetupWizard, VaultUnlockModal, SecretsManager, etc.
  • WebSocket-based session management for vault operations

CI/CD & Workflows

  • ai-changelog.yml - AI-powered changelog generation for releases
  • claude-issue-autofix.yml - Automated issue fixing with trusted actor gating
  • Updated claude-reviews.yml with security improvements and critical path detection
  • Simplified claude-issue-triage.yml workflow
  • Enhanced ci.yml with caching and full test/lint/typecheck pipeline

Code Generation Safety

  • preDeploySafetyGate.ts - AST-based static analysis for React antipatterns
  • Detects infinite render loops, useEffect without deps, selector instability
  • Automatic deterministic fixes for common patterns

Container/Process Monitoring

  • Improved health check with HTTP probe instead of lsof
  • Better process group handling (detached mode for clean kills)
  • Port failure threshold tracking
  • Comprehensive test suite (3000+ lines)

Database & API

  • Migration 0004: Drops old user_secrets table, updates user_model_providers
  • New /api/vault/* endpoints for vault lifecycle
  • Removed deprecated SecretsService (replaced by Durable Object)

Motivation

This release consolidates security-focused improvements and new features developed on the nightly branch:

  1. User secrets needed end-to-end encryption with zero-knowledge server storage
  2. CI/CD workflows needed better security gating and automation
  3. React code generation needed safety checks to prevent common runtime errors
  4. Process monitoring needed more reliable health checks

Testing

  • Run bun run test to execute all tests including vault and monitor suites
  • Manual testing of vault setup/unlock flows with password and passkey methods
  • Verify CI workflow triggers on PRs

Breaking Changes

  • user_secrets D1 table is dropped (data migrated to Durable Object)
  • Old secrets API endpoints removed in favor of vault WebSocket protocol

Related Issues

  • Addresses security improvements across the platform

AshishKumar4 and others added 30 commits November 4, 2025 00:17
@AshishKumar4
feat: add user secrets management with durable objects
12d2132 
- Added UserSecretsStore durable object for secure secret storage and management
- Implemented XChaCha20-Poly1305 encryption service for secure secret storage
- Heirarchial key derivation
@AshishKumar4
feat: updated llm.md and claude.md
6ae57ef
@AshishKumar4
feat: added user secrets store tests
b26bbb6
@AshishKumar4
feat: enhance security of secrets management system
078fbee 
- Increased PBKDF2 iterations to 600k/100k for stronger key derivation
- Added memory zeroing for plaintext bytes in encryption/decryption operations
- Implemented promise-based locking for key rotation to prevent concurrent modifications
- Added detailed security documentation for deterministic salt design and SQL injection prevention
- Updated UserSecretsStore to wait for any in-progress key rotation before executing operations
- Added comprehensive
@AshishKumar4
refactor: agent behaviors, objectives generalized, abstracted + agent…
de53b8e 
…ic coding agent implemented

- Abstracted behaviors and objectives
- Behavior and Objectives are bot h AgentComponent
- CodeGeneratorAgent (Agent DO) houses common business logic
- Implemented agentic coding agent and and assistant
@AshishKumar4
feat: finish most refactor and get it to build
5685c7d
@AshishKumar4
feat: add ai-based project type detection and workflow support
2aea3c7 
- Implemented AI-powered project type prediction (app/workflow/presentation) with confidence scoring and auto-detection when projectType is 'auto'
- Enhanced template selection to filter by project type and skip AI selection for single-template scenarios in workflow/presentation types
- Added GitHub token caching in CodeGeneratorAgent for persistent OAuth sessions across exports
- Updated commitlint config to allow longer commit messages (
@AshishKumar4
fix: template initialization
e8d07af 
- Initialize template cache during agent setup to avoid redundant fetches
- Remove redundant project name prompt from template selection
- Clean up default projectType fallback logic
@AshishKumar4
fix: wire up onConnect to coding agent
40ab40e
@AshishKumar4
feat: improve GitHub Actions workflow reliability
740bf1c 
- Added concurrency control to prevent duplicate workflow runs on the same PR
- Replaced Claude-based comment cleanup with direct GitHub API deletion for better reliability
- Enhanced code debugger instructions to handle Vite dev server restarts and config file restrictions
@AshishKumar4
refactor: improve type safety in state migration logic
a25e72f 
- Replaced unsafe type assertions with proper type guards for legacy state detection
- Added explicit type definitions for deprecated state fields and legacy file formats
- Eliminated all 'any' types while maintaining backward compatibility with legacy states
@AshishKumar4
fix: add optional chaining to prevent runtime errors in blueprint ren…
bb09d92 
…dering
@AshishKumar4
feat: general agent
5e4ebb2
@AshishKumar4
refactor: reorganize project builder architecture + sandbox templatel…
1faaca1 
…ess design

- Sandbox layer does not rely on templates now, instead expects raw files list
- Tools to init/list templates, files
- Templates can be chosen by agentic mode after creation
- Restructured system prompt with detailed architecture explanations covering virtual filesystem, sandbox environment, and deployment flow
- Better tool descriptions
- Improved communication guidelines and workflow steps for better agent reasoning and execution
@AshishKumar4
feat: add project mode selector with agentic behavior support
f5a3be6 
- Replaced agent mode toggle with project mode selector (App/Slides/Chat) that determines behavior type
- Implemented agentic behavior detection for static content (docs, markdown) with automatic editor view
- Conditionally render PhaseTimeline and deployment controls based on behavior type (phasic vs agentic)
@AshishKumar4
fix: files format
feca8ca
@AshishKumar4
fix: ensure workspace directory exists before writing files
bb23e88
@AshishKumar4
feat: replace template manager with ai template selector
234860f 
- Replaced manual template_manager tool with init_suitable_template that uses the original template selector ai
- Updated system prompts to emphasize template-first workflow for interactive projects with AI selector as mandatory first step
- Simplified template selection process by removing manual list/select commands in favor of intelligent matching
```
@AshishKumar4
refactor: integrate conversation history and sync for agentic builder
97bc622 
- Added conversation history support to AgenticProjectBuilder with message preparation and context tracking
- Implemented tool call completion callbacks to sync messages and trigger periodic compactification
- Modified AgenticCodingBehavior to queue user inputs during builds and inject them between tool call chains using abort mechanism
@AshishKumar4
fix: template import and state init
060cc9e 
- Fix importTemplate to actually work
- Fixed template filtering logic to respect 'general' project type
- Added behaviorType to logger context for better debugging
- fixed not saving behaviorType to state
@AshishKumar4
fix: template cache clear before import + init meta in behavior const…
5deea6a 
…ructor

- Moved behaviorType and projectType initialization from hardcoded values to constructor-based setup
- Changed initial state values to 'unknown' to ensure proper initialization through behavior constructor
- Cleared template details cache when importing new templates to prevent stale data
@AshishKumar4
fix: ui and convo state management
bbf1979 
- Moved user input idle check from PhasicCodingBehavior to CodeGeneratorAgent for consistent behavior across all modes
- Fixed message order in agenticProjectBuilder to place history after user message instead of before
- Added replaceExisting parameter to addConversationMessage for better control over message updates
- Enhanced initial state restoration to include queued user messages and behaviorType
- Added status and queuePosition fields
@AshishKumar4
fix: convo id uniqueness and improve message deduplication
d45f368 
- Single convo id needs to be broadcasted but messages need to be saved with unique ids.
- Fix message deduplication to use composite key (conversationId + role + tool_call_id)
- Improved tool message filtering to validate against parent assistant tool_calls
- Removed unused CodingAgentInterface stub file
- Simplified addConversationMessage interface by removing replaceExisting parameter
@AshishKumar4
fix: ui auto focus, preview hiding and blueprints
868ba34
@AshishKumar4
feat: add completion detection and dependency-aware tool execution
be72055 
- Added CompletionDetector interface and CompletionConfig for detecting task completion signals
- Implemented dependency-aware parallel tool execution engine with resource conflict detection
- Added LoopDetector to prevent infinite tool call loops with contextual warnings
- Enhanced ToolCallContext with completion signal tracking and warning injection state
- Modified tool execution to respect dependencies and execute in parallel groups
@AshishKumar4
feat: add completion detection and loop prevention to agentic builder…
219d2c7 
… and debugger

- Added CompletionDetector to track completion signals via dedicated tools (mark_generation_complete, mark_debugging_complete)
- Implemented LoopDetector to prevent infinite tool call loops with contextual warnings
- Created wrapToolsWithLoopDetection utility to inject loop detection into tool execution flow
- Enhanced system prompts to emphasize efficient parallel tool usage and completion discipline
@AshishKumar4
Merge pull request #238 from cloudflare/feat/tool-calling-revamp
51f922f 
Feat: Better tooling system
@AshishKumar4
feat: use agentic builder directly for handling user messages
06d9ce9
@AshishKumar4
feat: presentation specific prompts + prompts restructuring
0bfcdbb
@AshishKumar4
Merge branch 'nightly' of github.com:cloudflare/orange-builds into fe…
c479831 
…at/general-agents
AshishKumar4 and others added 13 commits December 13, 2025 23:58
@AshishKumar4
fix: use safeFiles instead of finalFiles for phase implementation log…
849fdce 
…ging and broadcast
@AshishKumar4
Merge pull request #268 from cloudflare/feat/reliability-improvements
6dfdbe4 
Feat: Prompt improvements + model config updates
@AshishKumar4
feat: improve workflow metadata handling and cryptographic security
5869e41 
- Add defensive PR metadata extraction with fallback environment variables in Claude review workflow
- Eliminate modulo bias in recovery code generation using rejection sampling with pooled random values
- Consolidate nested Object.values/keys/entries detection in preDeploySafetyGate selector checks
@AshishKumar4
refactor: fix React Hook dependency warnings and improve callback mem…
a1033c8 
…oization

- Wrap async functions in useCallback with proper dependencies in byok-api-keys-modal, config-modal, VaultSetupWizard
- Reorder function definitions before useEffect hooks to satisfy dependency arrays in auth-context and vault-context
- Add missing dependencies to useEffect and useMemo hooks throughout components
- Move categorizeWebSocketMessage and processTimelineData to useCallback in debug-panel
- Other lint issue fixes
@AshishKumar4
test: exclude Bun-specific monitor-cli test from Vitest suite
6940610 
- Add container/monitor-cli.test.ts to Vitest exclusions (uses bun:test and Bun.* APIs)
- Reformat exclude array for better readability
@AshishKumar4
fix: correct indentation in vault-context unlock error handler
f908d31
@AshishKumar4
Merge pull request #270 from cloudflare/fix/linting
eca420c 
Fix: Linting issues
@AshishKumar4
feat: add dedicated AI changelog workflow and improve release-please …
4e97d5a 
…gating

- Extract AI changelog generation into separate workflow_dispatch workflow (ai-changelog.yml)
- Modify release-with-ai-changelog.yml to dispatch ai-changelog workflow instead of inline execution
- Add release-please bot detection in claude-reviews gating (author and branch name checks)
- Extract HEAD_REF and BASE_REF metadata for improved PR context in claude-reviews
- Add debug logging for gating context in claude-reviews workflow
@AshishKumar4
Merge branch nightly
5318c54
@AshishKumar4
test: ignore local cf-git folder in vitest
a862c94
@AshishKumar4 @github-actions
Update .github/workflows/claude-reviews.yml
a5a90e2 
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
@AshishKumar4 @github-actions
Update .github/workflows/claude-reviews.yml
9153997 
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
@AshishKumar4
Merge pull request #271 from cloudflare/fix/claude-ci
bd1bf02 
Feat: add dedicated AI changelog workflow and improve release-please gating
github-advanced-security[bot]
github-advanced-security bot found potential problems Dec 14, 2025
View reviewed changes
@AshishKumar4
refactor: improve ESLint config and fix linting issues across codebase
6fbf28b 
- Add cf-git to ESLint ignores and reformat ignores array for readability
- Add targeted react-refresh/only-export-components exceptions for contexts, features, and auth components
- Extract HEADER_STYLES to separate view-header-styles module for better organization
- Fix React Hook dependency warnings in presentation hooks (use-iframe-messaging, use-thumbnail-observer)
- Capture behavior type in variables before conditional
@AshishKumar4
Merge branch 'nightly' of github.com:cloudflare/orange-builds into fe…
3e382a1 
…at/refactor-agents-base
@AshishKumar4
fix: improve shell safety and variable handling in claude-reviews gating
31a1820
@AshishKumar4
chore: update dependencies to latest versions
3078bd2 
- Bump @sentry packages from 10.29.0 to 10.30.0
- Update agents from 0.2.31 to 0.2.32
- Add cross-spawn 7.0.6 dependency
- Upgrade React and React DOM from 19.2.1 to 19.2.3
- Update Hono from 4.10.7 to 4.11.0
- Bump framer-motion, rolldown-vite, and other minor version updates
- Update dev dependencies including @cloudflare/workers-types, ESLint, Tailwind CSS, and knip
@AshishKumar4
fix: prevent duplicate agent session creation and improve error handl…
40103ef 
…ing in chat initialization

- Add connection status guard before session creation to prevent race conditions during rerenders
- Add validation for required websocketUrl and agentId fields before WebSocket connection
- Reset connection status to idle on initialization errors to allow retry
- Improve error messages for missing session initialization data
@AshishKumar4
fix: improve shell safety and variable handling in claude-reviews gating
f656cf0
@AshishKumar4
Merge branch 'nightly' of github.com:cloudflare/orange-builds into fi…
80bf691 
…x/duplicate-agent-session-creation
github-actions[bot]
github-actions bot reviewed Dec 14, 2025
View reviewed changes
.github/workflows/claude-reviews.yml
PR_TITLE: ${{ github.event.pull_request && github.event.pull_request.title || '' }}
PR_AUTHOR: ${{ github.event.pull_request && github.event.pull_request.user && github.event.pull_request.user.login || '' }}
PR_HEAD_REPO: ${{ github.event.pull_request && github.event.pull_request.head && github.event.pull_request.head.repo && github.event.pull_request.head.repo.full_name || '' }}
PR_HEAD_REF: ${{ github.event.pull_request && github.event.pull_request.head && github.event.pull_request.head.ref || '' }}
Copy link
Contributor

@github-actions github-actions bot Dec 14, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

MEDIUM - Potential Code Injection (Partial Mitigation)

The ${{ github.event.pull_request.head.ref }} value is interpolated directly into the environment variable. While subsequent bash usage quotes the variable, a malicious branch name could still potentially cause issues if it contains shell metacharacters during environment variable expansion.

The current approach is an improvement over direct interpolation in commands, but for maximum safety, consider using toJSON() to properly escape the value:

Suggested change
PR_HEAD_REF: ${{ github.event.pull_request && github.event.pull_request.head && github.event.pull_request.head.ref || '' }}
PR_HEAD_REF: ${{ toJSON(github.event.pull_request && github.event.pull_request.head && github.event.pull_request.head.ref || '') }}

Then parse it in the bash script. Alternatively, since you're fetching PR metadata via gh pr view for non-pull_request events anyway, consider always fetching it via API to avoid any interpolation risks.

Note: This is a defense-in-depth recommendation. The existing gating (fork detection, collaborator check) provides good protection against untrusted actors.

@AshishKumar4
Merge pull request #272 from cloudflare/fix/duplicate-agent-session-c…
cec8c6a 
…reation

Fix: prevent duplicate agent session creation and improve error handling in chat initialization
@AshishKumar4
Merge branch 'nightly' of github.com:cloudflare/orange-builds into fe…
e414208 
…at/refactor-agents-base
@AshishKumar4
fix: resolve babel traverse import compatibility and disable phase pa…
c33a972 
…rameter in safety gate
@AshishKumar4
feat: add new model definitions
e73a089 
- Add CLAUDE_4_5_OPUS model definition (200K context, $5.00 cost)
- Add GROK_4_1_FAST_NON_REASONING model definition (2M context, $0.20 cost)
- Add QWEN_3_CODER_480B model definition (256K context
@AshishKumar4
Merge pull request #252 from cloudflare/feat/refactor-agents-base
687427e 
Feat: General agents + presentations
@AshishKumar4
feat: add query length validation with 20k character limit
715d21f 
- Add MAX_AGENT_QUERY_LENGTH constant (20,000 characters) to agent types
- Validate query length in agent controller and return 413 error if exceeded
- Add client-side validation in home route and chat hook with user-friendly error messages
- Truncate oversized queries during state migration to prevent performance issues
- Export MAX_AGENT_QUERY_LENGTH from api-types for frontend usage
- Pass skipRateLimitCheck flag in createAgentSession API
@AshishKumar4
Merge pull request #275 from cloudflare/feat/max-query-length
8927bf0 
feat: add query length validation with 20k character limit
@github-actions
Copy link
Contributor

github-actions bot commented Dec 18, 2025
edited
Loading

Claude finished @AshishKumar4's task in 2m 14s —— View job

Code Quality & Security Review

Recommendation: APPROVE

PR Summary

Major release merging nightly changes to main, introducing a new encrypted User Secrets Vault system with client-side cryptography, improved CI/CD workflows with security gating, React code generation safety gate, and enhanced process monitoring with comprehensive test coverage.

PR Description

  • Updated: No update needed
  • Notes: Description is comprehensive with all required sections (Summary, Changes, Motivation, Testing, Breaking Changes, Related Issues)

Addressed Issues

  • Addresses security improvements across the platform (secrets encryption, CI/CD hardening)

Code Quality

Critical: None identified

High: None identified

Medium:

  • any types in worker/utils/ErrorHandling.ts (lines 33, 51, 98, etc.) - These are used for error context and are acceptable for error handling utilities, but consider using unknown with type guards for stricter type safety in the future.
  • any types in debug-tools/test-ai-gateway-analytics.ts - Debug/test tooling, acceptable

Low:

  • any in src/components/github-export-modal.tsx:103 for React.ComponentType<any> - Common pattern for generic icon components
  • Some duplicate utility functions could potentially be consolidated (e.g., base64 conversion utilities)

Security

Critical: None identified

High: None identified

Medium:

  • Workflow Code Injection (Partially Mitigated) - claude-reviews.yml:50 - The PR_HEAD_REF value is set as an environment variable which provides better protection than direct interpolation. The existing collaborator check and fork detection provide defense-in-depth. The previous security scanner alert has been acknowledged by the author.

Low: None identified

Security Strengths:

  1. Vault Cryptography (src/lib/vault-crypto.ts):

    • Argon2id with strong parameters (3 iterations, 64MB memory, 4 parallelism)
    • AES-256-GCM with proper 12-byte random nonces
    • HKDF-SHA256 for WebAuthn PRF key derivation
    • Rejection sampling for unbiased random number generation (lines 214-246) - addresses the previous CodeQL alert

  2. CI/CD Security Gating:

    • claude-reviews.yml: Fork detection, collaborator permission checks (admin/maintain/write)
    • claude-issue-autofix.yml: Trusted actor gating (admin/maintain only), blocks .github/ modifications
    • Proper permission scoping with read-only defaults and elevated permissions only where needed

  3. Vault Session Management:

    • Session keys stored in sessionStorage (ephemeral, cleared on tab close)
    • VMK encrypted before transmission to server
    • WebSocket-based session with proper cleanup on disconnect

Testing

  • Process monitor has comprehensive test suite (3,000+ lines in container/monitor-cli.test.ts)
  • Run bun run test to execute all tests including vault and monitor suites
  • Manual testing recommended for vault setup/unlock flows with password and passkey methods

Breaking Changes Review

Change Impact Mitigation
user_secrets D1 table dropped Data loss for existing secrets Migration 0004 handles schema changes. Users must re-setup vault.
Old secrets API endpoints removed API incompatibility New vault WebSocket protocol documented

Architecture Notes

  1. Vault System Design: Zero-knowledge architecture where the server never sees unencrypted secrets or VMK. Client-side key derivation ensures even server compromise doesn't expose user data.

  2. Process Monitor: Well-designed state machine with proper cleanup, circular buffer for O(1) log operations, and HTTP-based health probes instead of lsof.

  3. Feature Registry Pattern: New src/features/ structure with registry pattern allows pluggable features (app, presentation, general) - good extensibility.

Final Recommendation

APPROVE - This is a well-implemented release with solid security practices in the new vault system, proper CI/CD hardening, and comprehensive test coverage for the process monitoring changes. The previously flagged security issues have been addressed. The breaking changes are documented and the migration path is clear.

Minor suggestions for future improvements:

  • Consider replacing remaining any types with unknown + type guards in error handling
  • Consider using toJSON() wrapper for workflow env vars as defense-in-depth

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] left review comments

Assignees

No one assigned

Labels

agent ci/cd database dependencies Pull requests that update a dependency file documentation Improvements or additions to documentation frontend size/XL worker

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@AshishKumar4