Skip to content

feat(shell): sync agent plans to pull requests#371

Open
skulidropek wants to merge 2 commits into
mainfrom
issue-369
Open

feat(shell): sync agent plans to pull requests#371
skulidropek wants to merge 2 commits into
mainfrom
issue-369

Conversation

@skulidropek
Copy link
Copy Markdown
Member

@skulidropek skulidropek commented Jun 4, 2026
edited
Loading

Summary

  • Install plan-to-git in generated project images via pinned Cargo git revision, matching the existing rust-browser-connection delivery model.
  • Add a managed Codex hook that captures explicit plans with plan-to-git hook --source codex.
  • Run plan-to-git sync from the generated global git post-push wrapper before session backup.
  • Keep .agent-plan.json out of generated git and Docker contexts.

Closes #369.

E2E proof

I ran a live generated docker-git project container from this branch against https://github.com/octocat/Hello-World/issues/1, then executed the generated hook inside the project container with a fake gh that only records the PR comment request. This proves the real compiled plan-to-git binary, generated hook config, local state write, and PR-comment sync path without posting to octocat.

PROOF: binary installed
/usr/local/bin/plan-to-git
Capture agent plans and sync them to GitHub pull requests

PROOF: managed Codex hook config
managed_dir = "/opt/docker-git/hooks"
command = "/opt/docker-git/hooks/plan-to-git-codex-hook"
command = "/opt/docker-git/hooks/plan-to-git-codex-hook"

PROOF: hook captures plan and sync posts comment through gh
plan-to-git: captured 1 plan(s), 0 decision(s), 0 pending question set(s), sync=Commented { number: 369, comment_id: 424242, items: 1 }

PROOF: local state recorded captured plan and posted comment
      "kind": "plan",
      "source": "codex",
      "title": "E2E Plan Upload Proof",
      "pr_number": 369,
      "comment_id": 424242,

PROOF: rendered PR comment body
## Agent Plan Update
# E2E Plan Upload Proof
- Capture a Codex plan through the generated managed hook.

PROOF: post-push action contains plan sync before session backup
/opt/docker-git/hooks/post-push:19:  plan-to-git sync
/opt/docker-git/hooks/post-push:35:  DOCKER_GIT_SKIP_POST_PUSH_ACTION=1 docker-git-session-sync backup --verbose --background --require-comment

Checks

bun run --cwd packages/lib test -- tests/core/templates.test.ts tests/core/git-post-push-wrapper.test.ts
bun run --cwd packages/app test -- tests/docker-git/core-templates.test.ts
bun run typecheck
git diff --check
bun run --cwd packages/lib lint
ESLint direct check for changed app source files
E2E generated docker-git project container proof above

bun run --cwd packages/app lint was attempted, but this environment killed the full app source ESLint auto-fix process with SIGKILL/code 137. The narrower ESLint check on the changed app source files passed, and the app test lint path ran as part of the focused app test command.

@coderabbitai
Copy link
Copy Markdown

coderabbitai Bot commented Jun 4, 2026
edited
Loading

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: 68254b1e-6c2e-4d52-9ed0-54deaccd9db9

📥 Commits

Reviewing files that changed from the base of the PR and between 3341598 and ac2aa6a.

📒 Files selected for processing (3)
  • packages/app/tests/docker-git/core-templates.test.ts
  • packages/lib/tests/core/git-post-push-wrapper.test.ts
  • packages/lib/tests/core/templates.test.ts
📜 Recent review details
⏰ Context from checks skipped due to timeout of 900000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (9)
  • GitHub Check: Test
  • GitHub Check: E2E (Runtime volumes + SSH)
  • GitHub Check: E2E (Login context)
  • GitHub Check: E2E (Clone cache)
  • GitHub Check: E2E (Clone auto-open SSH)
  • GitHub Check: E2E (OpenCode)
  • GitHub Check: E2E (Browser command)
  • GitHub Check: Lint
  • GitHub Check: Final build (windows-latest)
🧰 Additional context used
📓 Path-based instructions (8)
**/*.{ts,tsx}

📄 CodeRabbit inference engine (CLAUDE.md)

**/*.{ts,tsx}: Implement Functional Core, Imperative Shell (FCIS) pattern: CORE layer contains only pure functions with immutable data and mathematical operations; SHELL layer isolates all effects (IO, network, database). Strict dependency direction: SHELL → CORE (never reverse).
Never use any, unknown, eslint-disable, ts-ignore, or as type assertions (except in rigorously justified cases with documentation). Always use exhaustive union type analysis through .exhaustive() pattern matching.
All external dependencies must be wrapped through typed interfaces and injected via Effect-TS Layer pattern. Never call external services directly from CORE functions.
Use monadic composition with Effect-TS for all effects: Effect<Success, Error, Requirements>. Compose effects through pipe() and Effect.flatMap(). Implement dependency injection via Layer pattern. Handle errors without try/catch blocks.
All functions must be pure in the CORE layer: no side effects (logging, console output, IO operations, mutations). Separate all side effects into the SHELL layer.
Use exhaustive pattern matching with Effect.Match instead of switch statements. Example: Match.value(item).pipe(Match.when(...), Match.exhaustive).
Document all functions with comprehensive TSDoc including: @pure (true/false), @effect (required services), @invariant (mathematical invariants), @precondition, @postcondition, @complexity (time and space), @throws Never (errors must be typed in Effect).
Use functional comment markers for code clarity: CHANGE (brief description), WHY (mathematical/architectural justification), QUOTE(ТЗ) (requirement citation), REF (RTM or message ID), SOURCE (external source with quote), FORMAT THEOREM (∀x ∈ Domain: P(x) → Q(f(x))), PURITY (CORE|SHELL), EFFECT (Effect type signature), INVARIANT (mathematical invariant), COMPLEXITY (time/space).
Define all external service dependencies as Context.Tag classes with fully typed methods returning Effect types. Example: `class Da...

Files:

  • packages/lib/tests/core/templates.test.ts
  • packages/app/tests/docker-git/core-templates.test.ts
  • packages/lib/tests/core/git-post-push-wrapper.test.ts
**/*.test.{ts,tsx}

📄 CodeRabbit inference engine (CLAUDE.md)

**/*.test.{ts,tsx}: Implement property-based testing using fast-check for mathematical properties and invariants. Example: fc.property(fc.array(messageArbitrary), (messages) => isChronologicallySorted(sortMessagesByTimestamp(messages))).
Mock external dependencies in unit tests using Effect's testing utilities. Run tests without Effect runtime for speed. Example: Effect.provide(MockService), Effect.runPromise.

Files:

  • packages/lib/tests/core/templates.test.ts
  • packages/app/tests/docker-git/core-templates.test.ts
  • packages/lib/tests/core/git-post-push-wrapper.test.ts
**/*.{ts,tsx,js,jsx}

📄 CodeRabbit inference engine (AGENTS.md)

**/*.{ts,tsx,js,jsx}: Forbidden constructs in CORE code: any, eslint-disable, ts-ignore, async/await, raw Promise chains (then/catch), Promise.all, try/catch for logic control, console.*, switch statements (use Match with .exhaustive() instead)
All functions must use Effect-TS for composing effects: Effect<Success, Error, Requirements>. No direct async/await, Promise chains, or try/catch in product logic.
Functional comments must include: CHANGE, WHY, QUOTE(ТЗ) or n/a, REF, SOURCE or n/a, FORMAT THEOREM, PURITY (CORE|SHELL), EFFECT signature for SHELL functions, INVARIANT, and COMPLEXITY.
All data mutations must use immutable patterns (ReadonlyArray, readonly properties, Object.freeze); mutation in SHELL only when absolutely necessary and documented.

Files:

  • packages/lib/tests/core/templates.test.ts
  • packages/app/tests/docker-git/core-templates.test.ts
  • packages/lib/tests/core/git-post-push-wrapper.test.ts
**/*.{test,spec}.{ts,tsx}

📄 CodeRabbit inference engine (AGENTS.md)

Property-based tests (fast-check) must verify mathematical invariants; unit tests must use Effect test utilities without async/await.

Files:

  • packages/lib/tests/core/templates.test.ts
  • packages/app/tests/docker-git/core-templates.test.ts
  • packages/lib/tests/core/git-post-push-wrapper.test.ts
**/*.{sh,bash,py,js,ts,jsx,tsx,go,java,rb,php}

📄 CodeRabbit inference engine (Custom checks)

Fail if changed files introduce command injection or unsafe shell/process execution with user-controlled input

Files:

  • packages/lib/tests/core/templates.test.ts
  • packages/app/tests/docker-git/core-templates.test.ts
  • packages/lib/tests/core/git-post-push-wrapper.test.ts
**/*.{py,js,ts,jsx,tsx,go,java,rb,php,sh,bash,c,cpp}

📄 CodeRabbit inference engine (Custom checks)

Fail if changed files introduce path traversal or writes outside intended project/container state directories

Files:

  • packages/lib/tests/core/templates.test.ts
  • packages/app/tests/docker-git/core-templates.test.ts
  • packages/lib/tests/core/git-post-push-wrapper.test.ts
**/*.{js,ts,jsx,tsx,py,java,go,rb,php,sh,bash,yml,yaml,json,env*,toml,cfg,config,dockerfile,dockerignore}

📄 CodeRabbit inference engine (Custom checks)

Fail if changed files expose credentials, tokens, private-keys, or PII in source, generated config, logs, or CI output

Files:

  • packages/lib/tests/core/templates.test.ts
  • packages/app/tests/docker-git/core-templates.test.ts
  • packages/lib/tests/core/git-post-push-wrapper.test.ts
**/*

⚙️ CodeRabbit configuration file

**/*: Ты строгий ревьюер SPEC DRIVEN DEVELOPMENT.

Перед выводами изучи README.md, другие *.md файлы, linked issues,
PR description, PR comments/discussion и релевантную кодовую базу.

Сверь изменения с исходным ТЗ/спекой и обсуждением. Флагай любой уход
от спеки, недокументированное изменение поведения, отсутствие тестов
для заявленного поведения и security-риск. Если спека не видна,
попроси автора добавить ее в issue или PR description.

Проверь решение с точки зрения формальной верификации: какие инварианты,
предусловия и постусловия можно доказать математически, а где доказуемость
слабая. Оцени решение с точки зрения теории игр: устойчивы ли стимулы,
нет ли выгодного обхода правил, и какое решение было бы сильнее.

Files:

  • packages/lib/tests/core/templates.test.ts
  • packages/app/tests/docker-git/core-templates.test.ts
  • packages/lib/tests/core/git-post-push-wrapper.test.ts
🧠 Learnings (5)
📚 Learning: 2026-05-13T07:09:47.992Z 
Learnt from: CR
Repo: ProverCoderAI/docker-git PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-05-13T07:09:47.992Z
Learning: Applies to **/*.test.{ts,tsx} : Implement property-based testing using fast-check for mathematical properties and invariants. Example: `fc.property(fc.array(messageArbitrary), (messages) => isChronologicallySorted(sortMessagesByTimestamp(messages)))`.

Applied to files:

  • packages/lib/tests/core/templates.test.ts
  • packages/app/tests/docker-git/core-templates.test.ts
📚 Learning: 2026-05-13T07:10:13.213Z 
Learnt from: CR
Repo: ProverCoderAI/docker-git PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-05-13T07:10:13.213Z
Learning: Applies to **/*.{test,spec}.{ts,tsx} : Property-based tests (fast-check) must verify mathematical invariants; unit tests must use Effect test utilities without async/await.

Applied to files:

  • packages/lib/tests/core/templates.test.ts
  • packages/app/tests/docker-git/core-templates.test.ts
📚 Learning: 2026-05-14T16:02:16.256Z 
Learnt from: CR
Repo: ProverCoderAI/docker-git PR: 0
File: coderabbit-custom-pre-merge-checks-unique-id-file-non-traceable-F7F2B60C-1728-4C9A-8889-4F2235E186CA.txt:0-0
Timestamp: 2026-05-14T16:02:16.256Z
Learning: Applies to **/*.{js,ts,jsx,tsx,py,java,go,rb,php,sh,bash,yml,yaml,json,env*,toml,cfg,config,dockerfile,dockerignore} : Fail if changed files expose credentials, tokens, private-keys, or PII in source, generated config, logs, or CI output

Applied to files:

  • packages/lib/tests/core/templates.test.ts
📚 Learning: 2026-05-13T07:09:47.992Z 
Learnt from: CR
Repo: ProverCoderAI/docker-git PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-05-13T07:09:47.992Z
Learning: Applies to **/*.test.{ts,tsx} : Mock external dependencies in unit tests using Effect's testing utilities. Run tests without Effect runtime for speed. Example: `Effect.provide(MockService), Effect.runPromise`.

Applied to files:

  • packages/app/tests/docker-git/core-templates.test.ts
📚 Learning: 2026-05-13T07:09:47.992Z 
Learnt from: CR
Repo: ProverCoderAI/docker-git PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-05-13T07:09:47.992Z
Learning: Applies to package.json : Dependencies must include Effect-TS (`effect: ^3.x`) for monadic effects and `effect/schema: ^0.x` for validation with strong typing.

Applied to files:

  • packages/app/tests/docker-git/core-templates.test.ts
🔇 Additional comments (3)
packages/lib/tests/core/git-post-push-wrapper.test.ts (1)

120-126: LGTM!

packages/lib/tests/core/templates.test.ts (1)

515-529: LGTM!

packages/app/tests/docker-git/core-templates.test.ts (1)

2-2: LGTM!

Also applies to: 45-70, 82-119, 124-133

📝 Walkthrough

Summary by CodeRabbit

  • New Features

    • Интеграция с plan-to-git CLI: автоматическая синхронизация планов после успешного push и создание управляющего hook-скрипта для Codex.
    • Поддержка управляемых git hooks для Codex с автоматически создаваемой конфигурацией.

  • Chores

    • Исключение .agent-plan.json добавлено в git и Docker контексты.
    • Включена установка plan-to-git в генерируемые Docker-образы.

  • Tests

    • Обновлены и расширены тесты, включая property-based проверки для шаблонов и новых сценариев post-push.

Walkthrough

PR интегрирует инструмент plan-to-git для синхронизации планов в PR/ветки: добавляет установку CLI в Docker-образы с pinned ревизией, расширяет пост-push логику для вызова синхронизации, генерирует managed Codex hooks, исключает .agent-plan.json из версионирования, и добавляет комплексное тестирование поведения.

Changes

Интеграция plan-to-git для синхронизации планов

Layer / File(s) Summary
Установка plan-to-git в Docker-образы
packages/app/src/lib/core/templates/dockerfile-prelude.ts, packages/lib/src/core/templates/dockerfile-prelude.ts		 Добавлена константа pinned SHA, функция renderDockerfilePlanToGit() для генерации шагов cargo install в /usr/local и проверки доступности plan-to-git --help; renderDockerfilePrelude() теперь объединяет фрагменты включая установку plan-to-git.
Исключение артефактов планов из контекстов
packages/app/src/lib/core/templates.ts, packages/lib/src/core/templates.ts		 В renderGitignore() и renderDockerignore() добавлена строка .agent-plan.json, чтобы состояние планов не попадало в git и Docker build context.
Пост-push синхронизация и managed Codex hooks
packages/app/src/lib/core/templates-entrypoint/git-hooks.ts, packages/lib/src/core/templates-entrypoint/git-hooks.ts		 В шаблонах entrypoint добавлены переменные путей для plan-to-git-codex-hook и CODEX_REQUIREMENTS_FILE. В $POST_PUSH_ACTION вставлен блок, который при успешном push выполняет plan-to-git sync (если DOCKER_GIT_SKIP_PLAN_TO_GIT != 1 и бинарь доступен). Также генерируется исполняемый plan-to-git-codex-hook и requirements.toml с managed hooks (обработчики UserPromptSubmit и Stop указывают на /opt/docker-git/hooks/plan-to-git-codex-hook).
Инфраструктура тестирования plan-to-git
packages/lib/tests/core/git-post-push-wrapper.test.ts		 Добавлен fake plan-to-git скрипт, логирующий PWD и аргументы; WrapperHarness расширен planToGitLogPath, окружение тестов получает FAKE_PLAN_TO_GIT_LOG_PATH/FAKE_PLAN_TO_GIT_EXIT_CODE для управления поведением.
Тесты post-push поведения с plan-to-git
packages/lib/tests/core/git-post-push-wrapper.test.ts		 Тесты обёртки расширены: проверка выполнения plan-to-git sync в обычном push и с git -C, отсутствие вызова в dry-run, поведение при ошибках push, поддержка DOCKER_GIT_SKIP_PLAN_TO_GIT для пропуска sync при сохранении backup, и проверка логирования при ошибках синхронизации.
Тесты валидации сгенерированного контента
packages/app/tests/docker-git/core-templates.test.ts, packages/lib/tests/core/templates.test.ts		 Тесты обновлены/переписаны на property-based: проверяется cargo install plan-to-git с --rev/--locked, наличие /usr/local/bin/plan-to-git --help, ожидаемые вызовы plan-to-git sync и plan-to-git hook --source codex, наличие CODEX_REQUIREMENTS_FILE и managed hooks-конфигурации, а также проверка, что .agent-plan.json добавлен в оба ignore-файла.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

🚥 Pre-merge checks | ✅ 7
✅ Passed checks (7 passed)
Check name Status Explanation
Title check ✅ Passed The title 'feat(shell): sync agent plans to pull requests' clearly summarizes the main change: integrating plan-to-git functionality to synchronize agent plans with pull requests.
Description check ✅ Passed The pull request description is comprehensive and covers all critical aspects: implementation summary, issue reference (Closes #369), E2E proof with detailed evidence, and verification checks performed.
Linked Issues check ✅ Passed The PR fully implements the objective from issue #369: installing plan-to-git CLI in generated images, adding managed Codex hooks, running plan sync before session backup, and excluding plan artifacts from git/Docker contexts.
Out of Scope Changes check ✅ Passed All changes are directly aligned with issue #369 objectives: plan-to-git installation, Codex hook integration, git post-push synchronization, and ignore file updates for plan artifacts.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Requirements Alignment ✅ Passed PR implements all issue #369 requirements: plan-to-git installed, Codex hook configured, post-push sync before backup, .agent-plan.json excluded, skip flag supported, tests verify behavior.
Security Regression ✅ Passed No security regressions found: plan-to-git uses hardcoded args, verified before execution, pinned revision, absolute paths, safe file permissions, .agent-plan.json excluded from contexts.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch issue-369

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

coderabbitai[bot]
coderabbitai Bot reviewed Jun 4, 2026
View reviewed changes
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)
packages/app/tests/docker-git/core-templates.test.ts (1)

66-90: 🛠️ Refactor suggestion | 🟠 Major | ⚡ Quick win

Покройте новые инварианты через property-based тесты (fast-check).

Сейчас проверки завязаны на один конфиг и не доказывают инварианты для всего допустимого пространства TemplateConfig.

Пример минимального усиления теста 
+import * as fc from "fast-check"
...
-  it("keeps plan-to-git state out of generated git and docker contexts", () => {
-    const files = planFiles(makeTemplateConfig())
-    const gitignore = getGeneratedFile(files, ".gitignore")
-    const dockerignore = getGeneratedFile(files, ".dockerignore")
-
-    expect(gitignore.contents).toContain(".agent-plan.json")
-    expect(dockerignore.contents).toContain(".agent-plan.json")
-  })
+  it("keeps plan-to-git state out of generated git and docker contexts", () => {
+    fc.assert(
+      fc.property(fc.boolean(), fc.constantFrom<TemplateConfig["gpu"]>("none", "all"), (enableMcpPlaywright, gpu) => {
+        const files = planFiles(makeTemplateConfig({ enableMcpPlaywright, gpu }))
+        const gitignore = getGeneratedFile(files, ".gitignore")
+        const dockerignore = getGeneratedFile(files, ".dockerignore")
+        expect(gitignore.contents).toContain(".agent-plan.json")
+        expect(dockerignore.contents).toContain(".agent-plan.json")
+      })
+    )
+  })

As per coding guidelines: **/*.test.{ts,tsx}: Implement property-based testing using fast-check for mathematical properties and invariants.

Also applies to: 92-99

🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@packages/app/tests/docker-git/core-templates.test.ts` around lines 66 - 90,
Add a property-based test using fast-check that generates random TemplateConfig
instances and for each run renders the Dockerfile and entrypoint (the existing
variables checked as dockerfile.contents and entrypoint.contents) and asserts
the invariants currently hard-coded in the test (e.g., presence of "cargo
install ... plan-to-git", "/usr/local/bin/plan-to-git --help >/dev/null", "make
build-essential docker.io", "docker_git_stop_playwright_browser()",
"docker-git-browser-connection", "plan-to-git sync", "plan-to-git hook --source
codex", CODEX_REQUIREMENTS_FILE, managed_dir and hooks entries, and the absence
checks like "docker-git-playwright-mcp" and
"docker_git_start_rust_browser_connection" etc.); import fast-check (fc), create
an Arbitrary for TemplateConfig (or reuse existing factory), call the template
rendering function used by this test to produce dockerfile.contents and
entrypoint.contents, and replace or augment the one-off assertions with
fc.assert(fc.property(...)) so these invariants hold across the generated
TemplateConfig space.
🤖 Prompt for all review comments with AI agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@packages/lib/tests/core/git-post-push-wrapper.test.ts`:
- Around line 113-125: The fakePlanToGitScript test helper currently logs any
arguments passed without verifying the command; update the fakePlanToGitScript
to validate that the first positional parameter is "sync" and fail the script
(non-zero exit or explicit error log) if it is not, so tests catch incorrect
invocations. Locate the fakePlanToGitScript string used in
git-post-push-wrapper.test.ts and add a conditional after the existing logging
that checks "$1" (the first arg) equals "sync" and exits with an error code
(and/or appends a clear error message to FAKE_PLAN_TO_GIT_LOG_PATH) when the
check fails.

In `@packages/lib/tests/core/templates.test.ts`:
- Around line 513-528: Replace the single-case test with a fast-check property
test that runs for all valid TemplateConfig instances: use the existing
arbitrary for TemplateConfig (e.g., templateConfigArbitrary) and write an
fc.assert(fc.property(templateConfigArbitrary, cfg => { const files =
planFiles(cfg); const gitignore = files.find(f => f._tag === "File" &&
f.relativePath === ".gitignore"); const dockerignore = files.find(f => f._tag
=== "File" && f.relativePath === ".dockerignore"); return
gitignore?.contents.includes(".agent-plan.json") &&
dockerignore?.contents.includes(".agent-plan.json"); })), ensuring you import
fast-check and the TemplateConfig arbitrary and keep references to planFiles and
the file-match logic (._tag and relativePath) intact so the test verifies the
ignore invariant for all generated configs.

---

Outside diff comments:
In `@packages/app/tests/docker-git/core-templates.test.ts`:
- Around line 66-90: Add a property-based test using fast-check that generates
random TemplateConfig instances and for each run renders the Dockerfile and
entrypoint (the existing variables checked as dockerfile.contents and
entrypoint.contents) and asserts the invariants currently hard-coded in the test
(e.g., presence of "cargo install ... plan-to-git", "/usr/local/bin/plan-to-git
--help >/dev/null", "make build-essential docker.io",
"docker_git_stop_playwright_browser()", "docker-git-browser-connection",
"plan-to-git sync", "plan-to-git hook --source codex", CODEX_REQUIREMENTS_FILE,
managed_dir and hooks entries, and the absence checks like
"docker-git-playwright-mcp" and "docker_git_start_rust_browser_connection"
etc.); import fast-check (fc), create an Arbitrary for TemplateConfig (or reuse
existing factory), call the template rendering function used by this test to
produce dockerfile.contents and entrypoint.contents, and replace or augment the
one-off assertions with fc.assert(fc.property(...)) so these invariants hold
across the generated TemplateConfig space.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: 24b19a0d-7c7e-4df3-819b-10cb1b9f5b8e

📥 Commits

Reviewing files that changed from the base of the PR and between fd45823 and 3341598.

📒 Files selected for processing (9)
  • packages/app/src/lib/core/templates-entrypoint/git-hooks.ts
  • packages/app/src/lib/core/templates.ts
  • packages/app/src/lib/core/templates/dockerfile-prelude.ts
  • packages/app/tests/docker-git/core-templates.test.ts
  • packages/lib/src/core/templates-entrypoint/git-hooks.ts
  • packages/lib/src/core/templates.ts
  • packages/lib/src/core/templates/dockerfile-prelude.ts
  • packages/lib/tests/core/git-post-push-wrapper.test.ts
  • packages/lib/tests/core/templates.test.ts
📜 Review details
⏰ Context from checks skipped due to timeout of 900000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (9)
  • GitHub Check: E2E (Clone cache)
  • GitHub Check: E2E (Login context)
  • GitHub Check: Test
  • GitHub Check: E2E (Browser command)
  • GitHub Check: E2E (OpenCode)
  • GitHub Check: E2E (Clone auto-open SSH)
  • GitHub Check: E2E (Runtime volumes + SSH)
  • GitHub Check: Lint
  • GitHub Check: Final build (windows-latest)
🧰 Additional context used
📓 Path-based instructions (8)
**/*.{ts,tsx}

📄 CodeRabbit inference engine (CLAUDE.md)

**/*.{ts,tsx}: Implement Functional Core, Imperative Shell (FCIS) pattern: CORE layer contains only pure functions with immutable data and mathematical operations; SHELL layer isolates all effects (IO, network, database). Strict dependency direction: SHELL → CORE (never reverse).
Never use any, unknown, eslint-disable, ts-ignore, or as type assertions (except in rigorously justified cases with documentation). Always use exhaustive union type analysis through .exhaustive() pattern matching.
All external dependencies must be wrapped through typed interfaces and injected via Effect-TS Layer pattern. Never call external services directly from CORE functions.
Use monadic composition with Effect-TS for all effects: Effect<Success, Error, Requirements>. Compose effects through pipe() and Effect.flatMap(). Implement dependency injection via Layer pattern. Handle errors without try/catch blocks.
All functions must be pure in the CORE layer: no side effects (logging, console output, IO operations, mutations). Separate all side effects into the SHELL layer.
Use exhaustive pattern matching with Effect.Match instead of switch statements. Example: Match.value(item).pipe(Match.when(...), Match.exhaustive).
Document all functions with comprehensive TSDoc including: @pure (true/false), @effect (required services), @invariant (mathematical invariants), @precondition, @postcondition, @complexity (time and space), @throws Never (errors must be typed in Effect).
Use functional comment markers for code clarity: CHANGE (brief description), WHY (mathematical/architectural justification), QUOTE(ТЗ) (requirement citation), REF (RTM or message ID), SOURCE (external source with quote), FORMAT THEOREM (∀x ∈ Domain: P(x) → Q(f(x))), PURITY (CORE|SHELL), EFFECT (Effect type signature), INVARIANT (mathematical invariant), COMPLEXITY (time/space).
Define all external service dependencies as Context.Tag classes with fully typed methods returning Effect types. Example: `class Da...

Files:

  • packages/app/src/lib/core/templates.ts
  • packages/lib/src/core/templates.ts
  • packages/lib/src/core/templates/dockerfile-prelude.ts
  • packages/app/tests/docker-git/core-templates.test.ts
  • packages/app/src/lib/core/templates/dockerfile-prelude.ts
  • packages/lib/tests/core/templates.test.ts
  • packages/lib/src/core/templates-entrypoint/git-hooks.ts
  • packages/app/src/lib/core/templates-entrypoint/git-hooks.ts
  • packages/lib/tests/core/git-post-push-wrapper.test.ts
**/*.{ts,tsx,js,jsx}

📄 CodeRabbit inference engine (AGENTS.md)

**/*.{ts,tsx,js,jsx}: Forbidden constructs in CORE code: any, eslint-disable, ts-ignore, async/await, raw Promise chains (then/catch), Promise.all, try/catch for logic control, console.*, switch statements (use Match with .exhaustive() instead)
All functions must use Effect-TS for composing effects: Effect<Success, Error, Requirements>. No direct async/await, Promise chains, or try/catch in product logic.
Functional comments must include: CHANGE, WHY, QUOTE(ТЗ) or n/a, REF, SOURCE or n/a, FORMAT THEOREM, PURITY (CORE|SHELL), EFFECT signature for SHELL functions, INVARIANT, and COMPLEXITY.
All data mutations must use immutable patterns (ReadonlyArray, readonly properties, Object.freeze); mutation in SHELL only when absolutely necessary and documented.

Files:

  • packages/app/src/lib/core/templates.ts
  • packages/lib/src/core/templates.ts
  • packages/lib/src/core/templates/dockerfile-prelude.ts
  • packages/app/tests/docker-git/core-templates.test.ts
  • packages/app/src/lib/core/templates/dockerfile-prelude.ts
  • packages/lib/tests/core/templates.test.ts
  • packages/lib/src/core/templates-entrypoint/git-hooks.ts
  • packages/app/src/lib/core/templates-entrypoint/git-hooks.ts
  • packages/lib/tests/core/git-post-push-wrapper.test.ts
**/*.{sh,bash,py,js,ts,jsx,tsx,go,java,rb,php}

📄 CodeRabbit inference engine (Custom checks)

Fail if changed files introduce command injection or unsafe shell/process execution with user-controlled input

Files:

  • packages/app/src/lib/core/templates.ts
  • packages/lib/src/core/templates.ts
  • packages/lib/src/core/templates/dockerfile-prelude.ts
  • packages/app/tests/docker-git/core-templates.test.ts
  • packages/app/src/lib/core/templates/dockerfile-prelude.ts
  • packages/lib/tests/core/templates.test.ts
  • packages/lib/src/core/templates-entrypoint/git-hooks.ts
  • packages/app/src/lib/core/templates-entrypoint/git-hooks.ts
  • packages/lib/tests/core/git-post-push-wrapper.test.ts
**/*.{py,js,ts,jsx,tsx,go,java,rb,php,sh,bash,c,cpp}

📄 CodeRabbit inference engine (Custom checks)

Fail if changed files introduce path traversal or writes outside intended project/container state directories

Files:

  • packages/app/src/lib/core/templates.ts
  • packages/lib/src/core/templates.ts
  • packages/lib/src/core/templates/dockerfile-prelude.ts
  • packages/app/tests/docker-git/core-templates.test.ts
  • packages/app/src/lib/core/templates/dockerfile-prelude.ts
  • packages/lib/tests/core/templates.test.ts
  • packages/lib/src/core/templates-entrypoint/git-hooks.ts
  • packages/app/src/lib/core/templates-entrypoint/git-hooks.ts
  • packages/lib/tests/core/git-post-push-wrapper.test.ts
**/*.{js,ts,jsx,tsx,py,java,go,rb,php,sh,bash,yml,yaml,json,env*,toml,cfg,config,dockerfile,dockerignore}

📄 CodeRabbit inference engine (Custom checks)

Fail if changed files expose credentials, tokens, private-keys, or PII in source, generated config, logs, or CI output

Files:

  • packages/app/src/lib/core/templates.ts
  • packages/lib/src/core/templates.ts
  • packages/lib/src/core/templates/dockerfile-prelude.ts
  • packages/app/tests/docker-git/core-templates.test.ts
  • packages/app/src/lib/core/templates/dockerfile-prelude.ts
  • packages/lib/tests/core/templates.test.ts
  • packages/lib/src/core/templates-entrypoint/git-hooks.ts
  • packages/app/src/lib/core/templates-entrypoint/git-hooks.ts
  • packages/lib/tests/core/git-post-push-wrapper.test.ts
**/*

⚙️ CodeRabbit configuration file

**/*: Ты строгий ревьюер SPEC DRIVEN DEVELOPMENT.

Перед выводами изучи README.md, другие *.md файлы, linked issues,
PR description, PR comments/discussion и релевантную кодовую базу.

Сверь изменения с исходным ТЗ/спекой и обсуждением. Флагай любой уход
от спеки, недокументированное изменение поведения, отсутствие тестов
для заявленного поведения и security-риск. Если спека не видна,
попроси автора добавить ее в issue или PR description.

Проверь решение с точки зрения формальной верификации: какие инварианты,
предусловия и постусловия можно доказать математически, а где доказуемость
слабая. Оцени решение с точки зрения теории игр: устойчивы ли стимулы,
нет ли выгодного обхода правил, и какое решение было бы сильнее.

Files:

  • packages/app/src/lib/core/templates.ts
  • packages/lib/src/core/templates.ts
  • packages/lib/src/core/templates/dockerfile-prelude.ts
  • packages/app/tests/docker-git/core-templates.test.ts
  • packages/app/src/lib/core/templates/dockerfile-prelude.ts
  • packages/lib/tests/core/templates.test.ts
  • packages/lib/src/core/templates-entrypoint/git-hooks.ts
  • packages/app/src/lib/core/templates-entrypoint/git-hooks.ts
  • packages/lib/tests/core/git-post-push-wrapper.test.ts
**/*.test.{ts,tsx}

📄 CodeRabbit inference engine (CLAUDE.md)

**/*.test.{ts,tsx}: Implement property-based testing using fast-check for mathematical properties and invariants. Example: fc.property(fc.array(messageArbitrary), (messages) => isChronologicallySorted(sortMessagesByTimestamp(messages))).
Mock external dependencies in unit tests using Effect's testing utilities. Run tests without Effect runtime for speed. Example: Effect.provide(MockService), Effect.runPromise.

Files:

  • packages/app/tests/docker-git/core-templates.test.ts
  • packages/lib/tests/core/templates.test.ts
  • packages/lib/tests/core/git-post-push-wrapper.test.ts
**/*.{test,spec}.{ts,tsx}

📄 CodeRabbit inference engine (AGENTS.md)

Property-based tests (fast-check) must verify mathematical invariants; unit tests must use Effect test utilities without async/await.

Files:

  • packages/app/tests/docker-git/core-templates.test.ts
  • packages/lib/tests/core/templates.test.ts
  • packages/lib/tests/core/git-post-push-wrapper.test.ts
🧠 Learnings (3)
📚 Learning: 2026-05-14T16:02:16.256Z 
Learnt from: CR
Repo: ProverCoderAI/docker-git PR: 0
File: coderabbit-custom-pre-merge-checks-unique-id-file-non-traceable-F7F2B60C-1728-4C9A-8889-4F2235E186CA.txt:0-0
Timestamp: 2026-05-14T16:02:16.256Z
Learning: Applies to **/{Dockerfile*,docker-compose*.{yml,yaml},.dockerignore} : Fail if changed files introduce unsafe Docker configuration such as privileged containers, broad host mounts, unbounded Docker socket access, or unnecessary write permissions

Applied to files:

  • packages/app/src/lib/core/templates.ts
  • packages/lib/src/core/templates.ts
📚 Learning: 2026-05-13T07:10:13.213Z 
Learnt from: CR
Repo: ProverCoderAI/docker-git PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-05-13T07:10:13.213Z
Learning: Applies to **/*.{test,spec}.{ts,tsx} : Property-based tests (fast-check) must verify mathematical invariants; unit tests must use Effect test utilities without async/await.

Applied to files:

  • packages/lib/tests/core/git-post-push-wrapper.test.ts
📚 Learning: 2026-05-13T07:09:47.992Z 
Learnt from: CR
Repo: ProverCoderAI/docker-git PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-05-13T07:09:47.992Z
Learning: Applies to **/*.test.{ts,tsx} : Mock external dependencies in unit tests using Effect's testing utilities. Run tests without Effect runtime for speed. Example: `Effect.provide(MockService), Effect.runPromise`.

Applied to files:

  • packages/lib/tests/core/git-post-push-wrapper.test.ts
🔇 Additional comments (13)
packages/lib/tests/core/git-post-push-wrapper.test.ts (6)

28-28: LGTM!

221-221: LGTM!

263-263: LGTM!

Also applies to: 274-274, 300-300

315-320: LGTM!

Also applies to: 333-338, 352-357, 379-386, 434-437

388-403: LGTM!

405-421: LGTM!

packages/lib/src/core/templates/dockerfile-prelude.ts (1)

86-102: LGTM!

Also applies to: 104-115

packages/app/src/lib/core/templates/dockerfile-prelude.ts (1)

86-102: LGTM!

Also applies to: 104-115

packages/app/src/lib/core/templates.ts (1)

42-42: LGTM!

Also applies to: 54-54

packages/lib/src/core/templates.ts (1)

41-41: LGTM!

Also applies to: 53-53

packages/app/src/lib/core/templates-entrypoint/git-hooks.ts (1)

8-9: LGTM!

Also applies to: 141-157, 177-217

packages/lib/src/core/templates-entrypoint/git-hooks.ts (1)

8-9: LGTM!

Also applies to: 141-157, 177-217

packages/lib/tests/core/templates.test.ts (1)

210-213: LGTM!

Also applies to: 467-492

Comment thread packages/lib/tests/core/git-post-push-wrapper.test.ts
Comment thread packages/lib/tests/core/templates.test.ts
@skulidropek
Copy link
Copy Markdown
Member Author

skulidropek commented Jun 4, 2026
edited
Loading

AI Session Backup

Commit: ac2aa6a
Status: success
Files: 7 (6.92 MB)
Links: README | Manifest

git status

On branch issue-369
Your branch is up to date with 'origin/issue-369'.

nothing to commit, working tree clean

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Добавить поддержку https://github.com/ProverCoderAI/plan-to-git

1 participant

@skulidropek