@fusion/core
Patch Changes
- 1f0bb7e: Stop
MasterKeyManagerfrom probing the real macOS/Linux keychain during tests. A newFUSION_MASTER_KEY_DISABLE_KEYCHAIN=1env var forces the file backend, and the core vitest setup sets it so tests no longer hang for 15s inkeytar.getPassword(...)on machines without a usable keychain.
@fusion/dashboard
Patch Changes
- 67aff5d: Fix dashboard occasionally serving a blank/broken page until the server is restarted. The server cached
index.htmland the Vite view-chunk manifest forever with no invalidation, so any on-disk change (release upgrade, rebuild) left the server handing out stale HTML referencing chunk hashes that no longer existed. Both caches now invalidate automatically when the underlying file's mtime changes. TheserveIndexHtmlcatch path also now logs the failure and clears the templated cache so a subsequent request can recover, instead of silently returning 404 forever. - Updated dependencies [1f0bb7e]
- @fusion/core@0.32.0
- @fusion/engine@0.32.0
- @fusion-plugin-examples/cli-printing-press@0.1.9
- @fusion-plugin-examples/dependency-graph@0.1.23
- @fusion-plugin-examples/roadmap@0.1.11
- @fusion-plugin-examples/cursor-runtime@0.1.11
- @fusion-plugin-examples/droid-runtime@0.1.18
- @fusion-plugin-examples/hermes-runtime@0.2.42
- @fusion-plugin-examples/openclaw-runtime@0.2.42
- @fusion-plugin-examples/paperclip-runtime@0.2.42
@fusion/desktop
Patch Changes
- Updated dependencies [1f0bb7e]
- Updated dependencies [67aff5d]
- @fusion/core@0.32.0
- @fusion/dashboard@0.32.0
@fusion/engine
Patch Changes
- Updated dependencies [1f0bb7e]
- @fusion/core@0.32.0
- @fusion/pi-claude-cli@0.32.0
@fusion/plugin-sdk
Patch Changes
- Updated dependencies [1f0bb7e]
- @fusion/core@0.32.0
@runfusion/fusion
Minor Changes
-
b772881: Add a new project setting,
chatAutoCleanupDays(default off), to automatically remove idle chat sessions and chat rooms during periodic self-healing maintenance. -
ff71746: Add a new project setting,
mailAutoCleanupDays, to auto-prune old inbox/outbox messages during self-healing maintenance. The setting defaults to0(off) and supports retention windows of 7, 14, 30, 60, or 90 days. -
a34e77a: Documented Fusion secrets management across architecture, storage, settings, and agent guidance, including encrypted project/global secret stores and access-policy behavior. Added secrets subsystem reference docs plus planned integration notes for agent secret reads, worktree env materialization, and cross-node sync endpoints.
-
dde2d06: Implement
.envsecrets materialization pipeline: honorsecretsEnvproject settings (enabled/filename/overwritePolicy/keyPrefix/requireGitignored), gate writes behindgit check-ignore, emitsecret:env-write/secret:env-write-skipped/secret:env-cleanup/secret:env-cleanup-skippedrun-audit events, and clean up fingerprint-matching.envfiles on worktree teardown. -
e9ef40f: Add cross-node secrets sync endpoints (
POST /api/nodes/:id/secrets/push,POST /api/nodes/:id/secrets/pull,POST /api/secrets/sync-receive,GET /api/secrets/sync-export) with shared-passphrase envelope (scrypt → AES-256-GCM) and Bearer-apiKey auth on inbound routes. Passphrase is stored locally encrypted under the master key (reserved__sync_passphrase__row,access_policy="deny") and is never transmitted or echoed. -
56a7178: Add
priorityfield tofn_task_updateMCP tool so agents can rebalance task urgency after triage. -
b078a81: Add deterministic automated follow-up dedup for verification failures and related engine-created recovery tasks.
-
75a7127: Add a "Connection → Change Launch Mode…" menu item to the Fusion desktop app so users can switch between Run Locally and Connect to Remote after the initial chooser. It resets the persisted desktop mode, stops the embedded runtime, and reloads the dashboard so the launch gate re-prompts.
-
b143f6c: Add a desktop launch gate so the packaged Fusion app prompts the user to either run Fusion locally (starts the embedded runtime and points the dashboard at it via
?serverBaseUrl=…) or connect to a remote Fusion server, instead of immediately showing a "can't reach backend" error. -
edfd6e4: Add
worktreesDirproject setting to place task worktrees outside the project root. Supports absolute paths, paths relative to the project root,~expansion, and the{repo}token. Defaults to the existing<projectRoot>/.worktreesbehavior when unset. -
9e87de0: Make OpenRouter a first-class provider: send HTTP-Referer/X-Title attribution headers, prefer /api/v1/models/user when an API key is configured, expose openrouterModelFilters and openrouterProviderPreferences in settings, and forward provider routing prefs into chat completion requests.
-
9574ba4: Add
worktrunksettings group (worktrunk.enabled,worktrunk.binaryPath,worktrunk.onFailure) to both global (~/.fusion/settings.json) and project (.fusion/config.json) tiers, with field-level project-overrides-global precedence. CLIfn settings set worktrunk.<field>is supported in both scopes. This is settings plumbing only; the worktree backend that consumes these keys ships in a follow-up. -
9ac503f: Add a settings-driven WorktreeBackend abstraction with native git as default and opt-in worktrunk create fallback behavior.
-
3d9260e: Complete worktrunk backend delegation for create/sync/prune/remove plus worktrunk-aware worktree layout resolution when
worktrunk.enabledis on. -
06810e4: Auto-install flow for the optional worktrunk worktree backend: when
worktrunk.enabledis on and the binary is missing, Fusion downloads a SHA-256-verified pinned release (v0.4.2) into~/.fusion/bin/with acargo installfallback undernetwork_apiapproval policy. Pinned release supportsdarwin-arm64,darwin-x64,linux-x64,linux-arm64; Windows falls back to cargo-only. Install attempts emit run-auditbinary:install-*events. -
8b371ba: Fail-hard by default when a delegated worktrunk operation fails: the task is paused with
pausedReason: "worktrunk_operation_failed"and the underlying stderr is surfaced in the dashboard. Setworktrunk.onFailure: "fallback-native"to instead fall back transparently to Fusion's built-in worktree-pool and receive a one-shot dashboard alert per task. -
196b7e4: Fusion now supports an optional integration with the worktrunk CLI for per-task worktree management. It is off by default and can be enabled with
worktrunk.enabled(global with project overrides).When enabled, Fusion delegates worktree create/sync/prune/remove operations to worktrunk and adopts worktrunk’s directory layout. You can set
worktrunk.binaryPathto use a specific binary, or rely on auto-install on first use (gated by thenetwork_apiaction gate).worktrunk.onFailuredefaults to"fail"(pause the task on a worktrunk error), with opt-in"fallback-native"if you want Fusion to fall back to native worktree handling. Whenworktrunk.enabled = true, worktrunk layout takes precedence andworktreesDiris ignored. -
4ce58f2: Add
sandbox.*project settings schema, validators, and per-task PROMPT override parser (no behavior change; foundation for the SandboxBackend rollout). -
c0f9dde: Add WorktreeBackend abstraction (native default + worktrunk scaffold) selected by
worktrunk.enabled. CLI subcommand mapping arrives in FN-4623. -
43ae0ee: Add WorktreeBackend abstraction (native default + worktrunk scaffold) selected by
worktrunk.enabled. Real worktrunk CLI subcommand mapping arrives in FN-4623. -
3defcbe: Disable the worktrunk auto-install path. The pinned cognitive-engineering-lab/worktrunk v0.4.2 release is no longer reachable (see FN-4704/FN-4705), so
installWorktrunk()now throwsWorktrunkInstallFailedErrorimmediately. Users who opt intoworktrunk.enabledmust setworktrunk.binaryPathor placeworktrunkon$PATH. Auto-install will return once an authoritative upstream release source is re-established.WORKTRUNK_PINNED_RELEASEand the release-download helpers are removed from@fusion/engineexports. -
b94eae4: Add minimal Goals dashboard view (Slice 1 of Goals-as-strategic-layer mission). Lazy-loaded component renders active-goal list with soft-warning at 3 active goals and hard-error when attempting to exceed the 5-active cap. Uses mock data adapter pending the GoalStore backend slice.
-
6afd273: Goals dashboard view is now wired into the Header overflow menu and Mobile More sheet, gated by the
goalsViewexperimental feature flag. -
293441a: Chat rooms now support
/clearand/newin the composer by clearing the active room transcript instead of sending those commands as normal messages. Added a new API route,DELETE /api/chat/rooms/:id/messages, to bulk-clear all messages in a room while preserving room identity and membership. -
7b48387: Add Create-PR entry points across the dashboard (task detail header, task card quick action,
in-review auto-prompt, review tab) and a newfn pr create <task-id>CLI command. The legacy
fn task pr-createremains as an alias. -
0338b37: Add live PR check streaming in the dashboard PR panel, including failing-check surfacing with direct GitHub details links, and introduce
GET /api/tasks/:id/pr/checksfor all check runs with required-check rollup status. -
3e944ed: Fusion now includes a redesigned pull request creation flow with AI-generated title/description suggestions and support for repository PR templates. You can open PR creation from new dashboard entry points (task detail header, task card quick action, in-review prompt, and merge/review modal) or from the CLI with
fn pr create. A new PR status panel shows live checks and review comments, supports merging from the dashboard, and can optionally enable auto-merge when checks are green. When a PR merges, the task auto-transitions to done; if reviewers request changes, the task is routed back to todo with that feedback visible in Fusion. -
937bed9: Add hybrid master-key resolver (
MasterKeyManager) backing the upcoming secrets subsystem. Tries the OS keychain via optionalkeytardependency, falls back to a0600~/.fusion/master.keyfile. -
01276d6: Quick Chat and ChatView now support sending file attachments when a chat room is active. Added room attachment upload and fetch endpoints (
POST /api/chat/rooms/:id/attachments,GET /api/chat/rooms/:id/attachments/:filename) and wired room message sends to upload pending files before persisting room messages. -
5233bc9: Add board-health self-healing levers in the engine: paused-scope decay rebound for blocked paused holders, meta-task chain auto-close for resolved/stalled recursion, and a board-stall sweep with verification-gated ntfy escalation. This adds new project settings (
pausedScopeDecayMs,metaTaskStallAutoCloseMs,boardStallSweepWindowMs,boardStallBlockedGrowthThreshold) plus run-audit events for rebound/archive/stall outcomes. -
040a909: Add dashboard UI panel and
/api/secrets/sync-passphraseroutes to configure the cross-node secrets-sync passphrase. Reserved__sync_passphrase__row is filtered out of the standard secrets list. Plaintext is never returned over HTTP. -
f9c0b93: Add
failureNotificationMode: "terminal-only"to suppress ntfy/webhook
failure notifications while the engine is still auto-retrying a task.
Notifications fire only once the task is paused or escalated to in-review.
Default behavior (sticky-only) is unchanged. -
aad1219: Dashboard PR panel now supports tasks linked to multiple GitHub PRs.
Task.prInfosis the new canonical list;Task.prInfois preserved as the primary-PR mirror for back-compat. PR refresh, unlink, and self-healing conflict reclaim all operate per-PR.
Patch Changes
-
3ea9bbb: Add reliability stats reset support with a new
/api/health/reliability/resetendpoint and enhance the Reliability dashboard view with drill-down details, empty-day filtering, and reset baseline visibility. -
e1bda2a: Chat rooms now show the same Latest jump-to-bottom button as direct chats.
-
73b4717: Fix Mission Manager mission detail refresh behavior so expanded milestones/slices are preserved and selected milestone acceptance criteria remain visible across live updates.
-
fa9648b: Planning mode, mission interview, and milestone/slice interview AI sessions now have read-only access to
fn_task_listandfn_task_getso they can reference existing backlog tasks while interviewing the user. -
3ff683a: Add internal
SandboxBackendabstraction to the engine command-execution path (native passthrough only; no behavior change). Foundation for FN-4637 (bubblewrap), FN-4638 (sandbox-exec), FN-4639 (settings), FN-4640 (audit), FN-4641 (action-gate), FN-4642 (container) follow-ups. -
41ceae0: Add an opt-in Linux
bubblewrapsandbox backend with policy-to-bwrapargument translation, backend availability detection, and native fallback support. -
aeada25: Add opt-in macOS
sandbox-execbackend for the engineSandboxBackendabstraction. Default backend remainsnative; enable viasandbox.backend = "sandbox-exec". HonorsfailureMode: "fail-hard" | "fallback-native". Port 4040 and.fusion/are denied unconditionally. -
7c15be8: Add
sandboxrun-audit domain withsandbox:prepare/sandbox:run/sandbox:failure/sandbox:fallbacklifecycle events emitted from the engine'sSandboxBackendwiring sites, and surface them through the dashboard's run-audit API (filter parser, normalized event domain, timelineauditByDomain.sandboxbucket). -
7805645: Add
sandbox_provisioningaction-gate category,sandboxProvisioningproject setting,
resolveSandboxProvisioningPolicyin @fusion/core, and a
requireSandboxProvisioningApprovalengine helper. Lays the approval seam that future
bubblewrap (FN-4637), sandbox-exec (FN-4638), and container (FN-4642) backends use to
gate first-time host bootstrap. -
5253cc1: Prototype optional rootless container
SandboxBackend(Podman-first, Docker-compatible) behind the FN-4636 seam. Off by default; reachable only via explicitresolveSandboxBackend({ backendId: "podman" | "docker" }). No settings, audit, or action-gate wiring yet (FN-4639/FN-4640/FN-4641). -
cc7b9f3: Extend internal
SandboxBackendabstraction to cover the spawn-based verification runner (runVerificationCommand/execWithProcessGroup) via a newrunStreamingmethod on the backend. Native passthrough only — no behavior change. Foundation for FN-4637/FN-4638 to wrap the verification path the same way they wraprunConfiguredCommand. -
939b68e: Auto-finalize in-review tasks when self-healing or merge fast-path logic can prove task content already landed on the base branch, clearing soft blockers (
paused, stalefailedstatus, and residual error) while still preserving hard-blocker guardrails for incomplete steps, awaiting-user-review states, and pre-merge workflow failures. -
5975931: GitHub tracking issues are now created for every task-creation path (pi extension tools, CLI commands, agent delegation, and mission/feature triage), not only dashboard HTTP routes.
-
7942fb0: Gate sandbox backend settings behind
experimentalFeatures.sandboxuntil the rollout completes. -
c7ba63c: Missions UI: surface per-feature acceptance criteria in the milestone Assertions panel even when the milestone itself has acceptance text. Fixes FN-4652 (refinement of FN-4613).
-
df28dcf: GitHub Copilot login (Settings and Onboarding) now shows the device code and auto-copies it to the clipboard before opening the GitHub verification page — users click "Open GitHub" when ready instead of having the new tab steal focus immediately. The device-code panel now spans the full width of the provider card.
-
a88857a: Persist
mergeDetails.rebaseBaseShawhenever a rebase merge base is captured, and update self-healing landed-commit stats lookup to use rebase range shortstat (base..sha) when available so stale tip-only merge stats are automatically repaired. -
a27614f: Routine-runner now threads a
RunAuditorthroughresolveSandboxBackend()so user-configured routine commands emitsandbox:prepare/sandbox:run/sandbox:failurelifecycle events alongside executor and merger commands, closing the FN-4640 observability gap. -
f7a7038: Ensure duplicate/refine API task creation paths also attempt GitHub tracking issue creation as best-effort behavior.
-
2739259: Suppress false
missing-evidencewarnings on verification-only / no-code follow-up tasks by classifying branch-absent no-owned-commit finalizes as benignno-changes-finalizedand clearing stalemodifiedFilessnapshots. -
401094c: Right-align the linked GitHub issue chip on in-review TaskCards, matching the in-progress placement.
-
9a1c904: Add a new project setting
doneAutoArchiveDays(default0) to control done-task auto-archive retention in days. When set to a value greater than0, it takes precedence overautoArchiveDoneAfterMsfor periodic self-healing auto-archive sweeps. -
e5c9c7a: Annotate wake-on-message heartbeat runs whose inbox snapshot is already empty with consumed-message wake reasons, plus wake-delta inbox snapshot context.
-
7c0624c: Fix settings sync push/receive payload contract: the push endpoint now includes
sourceNodeIdso the inbound/api/settings/sync-receivevalidator no longer rejects round-trips with a 400. -
6721005: Add a new dashboard
PrCreateModalcomponent with AI metadata generation, preflight checks, base-branch selection, draft mode, reviewer/assignee/label pickers, commit/file preview, and retryable PR creation errors. Also add dashboard client API wrappers for PR metadata, preflight, and options endpoints. -
3d7e737: Sync GitHub PR reviews and review comments into Fusion task comments, expose a PR reviews API for dashboard threading, and auto-move in-review tasks back to todo when GitHub review decision changes to CHANGES_REQUESTED while preserving progress/worktree and saving reviewer feedback context.
-
ae740bd: Structured surfacing of GitHub CLI / API errors with retry affordances in the dashboard PR UI and
fn pr createCLI flow. -
db7b196: GitHub tracking-issue creation no longer blocks
POST /api/planning/create-taskandPOST /api/planning/create-tasksresponses; it now runs in the background. -
b594160: Wire
HybridExecutorinto serve/dashboard/daemon startup behindshouldUseHybridExecutorgating. This adds optional multi-project runtime orchestration (project runtimes + node health monitoring) while preserving default single-project local behavior unless the gate enables it. -
11012b4: Add a triage
fn_task_searchtool that searches across task history (including done and archived tasks) and strengthen duplicate-check guidance to require keyword search before filing new tasks. -
023a0cc: GitHub tracking-issue creation now searches the target repo (open and closed
issues) for likely duplicates before opening a new issue, keyed on the task's
File Scope paths and symptom keywords. Matches link the existing issue to the
Fusion task. Opt out with project settinggithubTrackingDedupEnabled: false. -
c6e9782: Dashboard reload no longer briefly hides the UI behind a full-screen loader when project data is already cached.
-
fea0b51: Add
oauth-token-expirednotification event so users are notified when a provider OAuth token (Codex, Claude, etc.) expires and needs re-authentication. -
7ab3f7a: Internal: add AES-256-GCM secret cipher primitive in @fusion/core (foundation for upcoming secrets subsystem; no user-visible behavior yet).
-
f0df7cb: Internal: introduce
SecretAccessPolicyvocabulary (auto/prompt/deny) andresolveSecretAccessPolicy()resolver plus a globalsecretsAccessPolicydefault setting. Foundation for the upcoming secrets subsystem; no user-visible behavior yet. -
4d5e296: Dashboard top progress bar now also reflects task list revalidation, not just project loading.
-
246609a: Dashboard Settings → Project → General → GitHub Tracking now exposes a
toggle forgithubTrackingDedupEnabled, so users can opt out of the
pre-creation duplicate search without editing.fusion/config.json. -
3f8a5e6: fix(FN-4806): silently recover when worktree/branch reclaimed mid-retry
When the executor's no-
fn_task_doneretry loop detects that a task's worktree or branch was reclaimed by an engine-side housekeeping path (FN-4546 stale-active-branch reclaim, FN-4742 self-healing removals, session-start unusable-worktree), it now requeues the task totodosilently with preserved progress. The task is no longer markedfailed,taskDoneRetryCountis no longer burned, andonErroris no longer surfaced — this is engine self-heal, not an agent failure. The genuine "agent finished without calling fn_task_done after N retries" exhaustion path is unchanged. -
4c26aa6: fix(FN-4811): refuse to force-remove worktrees actively bound to live sessions
Adds a hard liveness gate to the executor's conflict-recovery paths so that
cleanupConflictingWorktreeandhandleBranchConflictrefuse to remove a
worktree that is currently bound to an active executor session — either via
the in-memoryactiveWorktreesmap or via a non-done, non-paused
in-progresstask in the store. When the requesting task has
executorAllowSiblingBranchRename, the recovery flow now falls through to
the suffix-rename path instead of force-removing the live owner's worktree.This is the canonical fix for the FN-4781/FN-4804 cascade:
"assigned worktree path disappeared mid-task", two parallel runs for the
same task alive simultaneously, cross-task contamination, and post-merge
"branch tip misbound but content found on main" rescues firing on every
successful merge. The newfindActiveWorktreeOwner()helper centralizes
the liveness check across both gating points. -
8bef306: fix(FN-4811): close concurrent-execute race that produced parallel runs for the same task
TaskExecutor.execute()had an async race: after the synchronousthis.executing.has(task.id)check, the code awaitedshouldDeferForHeartbeat(...)BEFORE adding to theexecutingSet. Two concurrentexecute()calls (scheduler dispatch +task:movedlistener + restart-recovery) could both pass the check, both yield on the await, then both add to the Set and both proceed to create the same worktree.Production signature (FN-4814, FN-4811):
01:30:56 [runA-caoe] Worktree created at /Users/eclipxe/Projects/kb/.worktrees/bright-mesa 01:30:56 [runB-w23q] Worktree created at /Users/eclipxe/Projects/kb/.worktrees/bright-mesa 01:30:58 worktree liveness assertion failed: not_usable_task_worktreeThis is the canonical source of FN-4781/FN-4804/FN-4814/FN-4811 mid-task worktree disappearance and cross-task contamination — every other guard in the stack (FN-4811 active-session gate, self-healing reclaim defer, etc.) was patching the symptoms of the duplicate-run race.
Fix: claim the executing slot synchronously immediately after the
has()check, release it on the heartbeat-defer early return. Closes the race window entirely. -
86237c9: fix(FN-4811): unblock
@fusion/enginetypecheck so verification bootstrap can runRestores
pnpm --filter @fusion/engine buildafter a stack of TypeScript regressions blocked every merge. Symptoms: every task hitting pre-merge verification failed with "Verification bootstrap preamble failed — workspace dist artifact rebuild did not complete" because the bootstrap shellspnpm --filter @fusion/engine buildand that compile was erroring on 17 type issues.Fixes:
- Remove duplicate
RemovalReasonre-export inworktree-pool.ts(export type+exportfor the same identifier produced TS2300 "Duplicate identifier"). - Add
worktree:removal-refused-active-sessionandworktree:removal-forced-over-active-sessionto theGitMutationTypeunion inrun-audit.tsso the new FN-4811 audit events are accepted. - Update
self-healing.test.tsvi.mock("../worktree-pool.js")to mirror the productionRemovalReasonconst exactly (was missing keys, causingreason: undefinedto flow into mock calls and confusing error messages). - Add
reason: RemovalReason.MergerCleanupto existingworktree-backend.test.tsremoveWorktreecalls now thatreasonis a required parameter.
- Remove duplicate
-
f4aa6d7: fix(FN-4811): persist done-task integrity warnings across engine restarts
SelfHealingManager.reconcileDoneTaskIntegrity()previously deduped its
"Integrity warning: done-task finalize evidence is unproven" emissions via an
in-memorySet<string>per manager instance. Every engine restart created a
fresh manager, so the periodic sweep re-emitted the same warning for the same
task on every cycle — producing significant log noise on done tasks legitimately
lacking on-main evidence (often FN-4811 contamination residue).Adds an optional
integrityWarning: { warnedAt, reason }field on
MergeDetailsand persists it on the first warning. Subsequent sweeps (within
the same process or after restart) check the persisted reason and skip
re-emitting an identical warning. A different classification reason still
re-warns and updates the persisted record. -
b6df11a: fix(FN-4811): use process-wide executingTaskLock to block parallel execute() across instances
After commit 82f80e7 added a per-instance
this.executing.add()synchronous claim, production STILL produced twoexecute()invocations for the same task ID that both reached "Executor detected stale merge state" and both generated runIds within 1 second of each other (FN-4809: y2nb + 9gde at 02:48:17–18 UTC; FN-4814 / FN-4811 cascade). The only viable explanation is that there is more than oneTaskExecutorinstance in the process (engine restart race, multi-project hybrid runtime, etc.).Adds a module-level singleton
executingTaskLockinactive-session-registry.tsshared across allTaskExecutorinstances.TaskExecutor.execute()synchronously claims the lock immediately after theexecutorLog.logentry; iftryClaim()returns false (someone else owns the lock), the call bails. Every existingthis.executing.delete()site also releases the lock. Per-instancethis.executingis kept for back-compat with the manythis.executing.has()checks throughoutexecutor.ts.Test setup in
executor-test-helpers.tsclears the process-wide lock inresetExecutorMocks()so it doesn't leak across tests. -
a1b1f9a: fix(FN-4811): defer self-healing reclaim when worktree has an active session
The
reclaimSelfOwnedBranchConflictssweep was force-pausing actively-running tasks. When a task's branch tip was already onmain(thetip-already-mergedinspection), the sweep triedremoveWorktree({ reason: SelfHealingBranchConflict }). The FN-4811 active-session gate correctly refused (the worktree was still bound to a live executor session), but the outer catch escalated the thrown error toAutoRecoveryDispatcherwith classbranch-conflict-unrecoverable. The dispatcher'spausedecision then marked the taskfailed + paused + pausedReason="branch-conflict-unrecoverable"— even though the executor was making real progress (FN-4819 reproduction).Fix: at the top of the per-task reclaim loop, check
activeSessionRegistry.isPathActive(task.worktree)andcontinuefor any task whose worktree is currently bound to a live executor/merger/step session. The reclaim retries on the next sweep when the session has finished and the worktree is genuinely free. -
5c36c0f: fix(FN-4811): scope-leak guard always allows
.changeset/pathsThe
[scope-leak]warning was firing on many in-progress tasks for off-scope.changeset/FN-XXXX-*.mdfiles (the reproducible signature on FN-4789, FN-4801, FN-4818). By convention every task may add its own changeset entry under.changeset/per AGENTS.md's "Finalizing Changes" section, so changeset files are now treated as always-allowed by the scope-leak guard regardless of the task's declared file scope. Cross-task changeset leakage is still caught by stronger downstream guards (file-scope invariant at squash, post-merge audit) at a much higher signal-to-noise ratio. -
dcd6bf6: fix(FN-4811): recover from "validation failed, cannot remove working tree" + collapse broken FN-4806 nested branches
Two follow-ups stacked on the FN-4811 active-worktree liveness gate:
-
Stale conflict-path recovery (was breaking real tasks). When
git worktree remove --forcefails withfatal: validation failed, cannot remove working tree, the worktree directory is missing on disk and the git admin entry is stale.cleanupConflictingWorktreenow catches that specific error, runsgit worktree prune, best-effort deletes the branch, and returns success — so the caller can proceed with worktree creation instead of failing 3× with "automatic cleanup failed" (FN-4813 production failure). -
Collapsed broken FN-4806 nested branches. The previous FN-4806 refactor accidentally nested the genuine "agent finished without calling fn_task_done" failure path inside the silent-recovery branch, so ordinary failures were being silently requeued instead of marked failed. Restored the clean two-branch structure:
else if (retryAbortedDueToReclaim)silent-recovers,elsemarks failed/onError/burns budget. Also clearsbaseCommitShaon silent recovery (matches the parallel session-start-failure path).
-
-
b2ca02f: Add multi-node coordination hardening for task execution: distributed checkout claim mutex (
tryClaimCheckout) with node/epoch preconditions, configurableowningNodeHandoffPolicybehavior for unavailable owners, and a supportedtransitionProjectIsolationpath that can restart project runtimes (with rollback when active-task restart is blocked). Reaffirm scheduler failover and live process migration as explicit non-goals in mesh/multi-project docs. -
199f317: Add central
taskClaimstable (central DB schema v13) and routeAgentStore.checkoutTaskthrough it when aCentralClaimStoreis configured, providing the authoritative cross-node task-claim mutex required by FN-4819 §2. Single-node behavior is unchanged when no claim store is wired. -
8e3a635: Add a new
task:auto-recover-node-unreachablerun-audit mutation type and emit it across unreachable-owner recovery flows, including mesh lease recovery outcomes and scheduler owning-node handoff decisions. -
df998cb: Add create-time duplicate detection to dashboard task creation. The dashboard now exposes
POST /api/tasks/duplicate-check, returns409 duplicate_candidatesfor conflictingPOST /api/tasksrequests unless callers acknowledge matches, and supportsbypassDuplicateCheckfor opt-out callers. -
2adc9fa: GitHub Copilot now appears as logged-in in the dashboard usage dropdown when authenticated via Fusion's Settings → Authentication OAuth flow, in addition to the existing
ghCLI detection. -
aa6d1c9: fix(FN-4847): discard foreign branch and recreate on
branch-conflict-unrecoverableBranch conflicts where the existing
fusion/<task-id>branch has stranded commits NOT attributed to the task (cross-task contamination residue from the FN-4781/FN-4804/FN-4814 worktree-race era) previously paused the task withpausedReason: "branch-conflict-unrecoverable"and the error messageAuto-recovery failed: branch conflict unrecoverable — Branch fusion/fn-XXX is already checked out at /.../ (tip ..., N stranded commits since ...). The task got stuck forever waiting for human adjudication.The user has explicitly opted into discard-and-recreate for this case: those stranded commits aren't this task's work, just delete them and move on.
Changes:
auto-recovery.ts:actionForMode— indeterministic-onlymode,branch-conflict-unrecoverablenow returns"retry"(was"pause"), routing the failure to the handler instead of the pause path.auto-recovery-handlers/branch-worktree.ts—live-foreigninspection no longer emitsirreducible-pause. Instead: force-delete the foreign branch + worktree (safely respecting the FN-4811 active-session gate to avoid yanking live sessions), then requeue the task. The executor's next pickup creates a freshfusion/<task-id>worktree with no conflict.- New audit event
branch-worktree:foreign-branch-discardedrecords the discard with stranded-commit count and live-ownership status.
-
87bd369: Dashboard's Agents, Documents, Todos, and Chat views now hydrate from a local cache on reload, eliminating the brief empty-state flash before data arrives.
-
fe2ebfb: Dashboard's Missions, Insights, Research, Evals, and Mailbox views now hydrate from a local cache on reload, eliminating the empty-state flash before data arrives.
-
a3e8c8f: Reconcile docs/secrets.md and docs/architecture.md with the FN-4867 secrets sync surfaces that now ship (push/pull/receive/sync-export + fn_secret_get + secrets-env materialization), and add a reliability-interaction backstop for cross-node secrets sync route contracts.
-
2242d5b: Add intake-side auto-archive safeguards: ghost-bug preflight on triage finalize and same-agent duplicate detection at task creation. Both paths are fail-open on errors/timeouts and emit structured activity/audit events when auto-archive triggers.
-
10455b7: Normalize task titles to strip foreign embedded
FN-<id>tokens during create/update/duplicate/refine flows while preserving duplicate/refine provenance metadata. Also adds schema version 84 migration coverage to clean existing active/archived title-ID drift rows idempotently. -
bfbdacd: Improve duplicate source traceability by preserving and surfacing canonical duplicate lineage fields (
sourceType,sourceParentTaskId, andsourceMetadata.duplicateOfTaskIds) in task provenance flows used by CLI and dashboard task detail surfaces. -
97d92da: Fix: ntfy notifications for
in-reviewand merged task events now fire even when notification settings were enabled after the engine started. -
307cf0c: Fix
/api/health/reliabilityper-day rows silently truncating older days on busy projects. Per-day in-review entered/bounced counts and duration samples are now aggregated at the SQL layer instead of pulling up to 50,000 activity-log rows in memory, so the Reliability view shows accurate data for every day in the rolling window. -
0046fc9: Add deterministic duplicate guard at task intake: identical-content POSTs within a 60s window are rejected with
409 duplicate_candidatesor auto-archived with asource.sourceMetadata.deterministicDuplicateOflineage marker. Complements the existing FN-4829 similarity warning. -
f183186: Dashboard reload no longer shows multi-day-old cached boards. The local stale-while-revalidate cache now respects a 10-minute freshness window for list payloads (tasks, projects, agents, documents, etc.); older entries are skipped and the normal fetch path runs, surfacing the existing top progress indicator. Failed background refreshes keep the indicator visible so the user knows the data hasn't been confirmed fresh.
-
8845964: Fix "Copy code" button on the GitHub Copilot device-code panel (Settings and Onboarding) when the dashboard is served from a non-secure origin (e.g. LAN/HTTP
fn serve). The button now falls back to adocument.execCommand("copy")path whennavigator.clipboardis unavailable and surfaces success/failure via a toast instead of silently no-opping. The auto-copy-on-first-show effect uses the same fallback silently. -
c87e0fc: Harden merge conflict arbitration so Layer 3 AI resolution respects task File Scope by resolving out-of-scope conflicted files to main before AI handling and emitting scope-partition audit events.
-
40ef729: Add a merger auto-prerebase policy that can rebase task branches onto local main before the existing Stage 1/2 rebase cascade when divergence from
task.baseCommitShacrosses a threshold or touches configured shared-infra hot files. This introduces project settingsprerebaseAutoEnabled,prerebaseHotFiles, andprerebaseDivergenceThreshold, and emits run-audit eventsmerge:auto-prerebase:applied,merge:auto-prerebase:skipped, andmerge:auto-prerebase:failed. -
d5ed2cd: Reconcile stale task worktree/branch metadata after orphan recovery so the dashboard Changes view shows the correct diffs.
-
e0b1e6a:
fn pr create(and thefn task pr-createalias) now support--draft,--no-ai, and repeatable--reviewer <login>flags. Adds a top-levelfn prsubcommand router. When--no-aiis not set, the CLI now reuses the dashboard's AI metadata pipeline to generate the PR title/body — parity with the dashboardPrCreateModal.GitHubClient.createPracceptsdraftandreviewers. -
be6279f: Fix: ntfy 'merged' notifications now fire for every merge-success path (auto-finalize no-op merges, mergeConfirmed fast-path, PR-strategy merges, and self-healing finalize).
-
b9d4bd8: Aligned the no-task heartbeat system prompt and procedures with the ambient tool set injected for no-task runs, and added regression tests to prevent forbidden task-scoped tool references from reappearing.
-
68b5694: Extend the FN-4918 deterministic duplicate guard to the remaining task-creation surfaces: CLI
fn task add(direct-store, with a new--no-dedupflag), enginecreateAgentTask(powersfn_task_createand triage subtask splits — duplicate detections now reportLinked existing ...), and mission feature triage (links to the canonical task on duplicate). DashboardPOST /api/tasksnow consumes the same shared helper so behavior is identical across surfaces.InlineCreateCardgains the duplicate-warning modal already shipped onQuickEntryBox. -
6c1732d: Auto-recover stale pending/running insight runs at dashboard startup and on a periodic sweep so manual runs never hang indefinitely.
-
f46629e: Make the FN-4918 deterministic duplicate pre-check fail open: transient store query errors, mutex bookkeeping failures, and leader-lock rejections no longer 500 the
POST /tasksendpoint. Legitimate 409duplicate_candidatesresponses are unchanged. -
cc6bd1e: Agent-filed tasks now persist
githubTracking.enabledwhen tracking defaults are enabled, so pi/engine-created tasks consistently appear as tracked and trigger GitHub tracking hooks like UI-created tasks. -
7652bbf: Add an optimistic submit lock to QuickEntryBox so Save/Enter cannot trigger duplicate task creation while duplicate checks or create requests are in flight.
-
012fb17: Soft-delete terminology cleanup:
fn_task_deleteand Fusion skill docs now describedeleteTaskas a soft delete (row + artifacts preserved, ID reserved) and point users to archive cleanup for the actual hard-removal path. -
2be6cf2: Add near-duplicate intent guard at task intake: dashboard
POST /api/tasks
now rejects new tasks whose route paths, file paths, or identifier tokens
substantially overlap with an existing active task created in the last 7
days, returning409 duplicate_candidateswithreason: "near-duplicate-intent".
TriagefinalizeApprovedTaskbackstops with a File-Scope-aware re-check
after PROMPT.md is written, auto-archiving the loser with a
sourceMetadata.nearDuplicateOflineage marker. Layered on top of the
FN-4918 deterministic and FN-4829 similarity gates; fails open on any error. -
17eb85e: Fix Fusion pre-commit identity-guard hook leaking install-time task ID across shared git hooks dir; hook is now driven entirely by per-worktree fusion-task-id metadata (lowercased to match canonicalFusionBranchName), so a stale install no longer refuses valid sibling-worktree commits.
-
f40accd: Make CLI test suite ~3× faster: add a
replyTimeoutMsoption torunChatInteractiveso the--oncetimeout test no longer waits a real 30s for "No reply within 30s", and gate the heavyweight esbuild-bundled-plugin integration test behindFUSION_RUN_SLOW_TESTS=1(the same install/upgrade logic is covered by mocked unit tests in the same file). -
d467725: Fix slow
fusionstartup that hung on "Starting engine…" while every registered project's engine initialized serially inPromise.allSettled. Engine startup now runs in the background — the TUI proceeds immediately, and the existing reconciliation loop plus the server's on-access fast path bring each project's engine up before it's actually needed. -
e5af9c9: Fix Fusion desktop (Electron) packaged builds opening a blank window — or no window at all — on macOS.
run()is now invoked in packaged builds (whereprocess.argv[1]is unset by Electron), and the dashboard client is built with a relative--base ./so itsfile://-loadedindex.htmlcan resolve./assets/*from inside the asar. -
19e2ff0: Fix activity-log triple-write caused by multiple TaskStore instances polling the same SQLite DB. When the dashboard, engine runtime, and per-project stores each
watch()the same database, every column move was previously recorded once per instance — inflatingtask:movedrows ~3x (146k+/day) and amplifying failure noise. TaskStore now suppresses activity-log writes for events re-emitted from its polling loop, leaving the originating instance as the sole audit writer. -
c4745ca: Fix the main chat composer (ChatView) so the textarea grows in height as the message gets longer, matching QuickChat's behavior. The autosize now runs before the controlled
setMessageInput(so the height assignment lands in the same frame as the user's keystroke), and the height clamp now has a 40px floor so a 0-scrollHeight measurement never collapses the composer to zero. -
2d42476: Fire GitHub tracking-issue creation for duplicated and refined tasks. Previously the duplicate/refine routes returned without calling
createTrackingIssueForTask, relying on TaskStore's hook — but mocked stores in tests (and certain race conditions) could bypass the hook, leaving the new task with no linked tracking issue. The routes now invoke tracking explicitly as a best-effort step after creation, matching the PATCH-with-githubTracking path's behavior. -
ea9ec50: QuickChat session picker now uses the themed dropdown style and includes chat rooms in the switch list.
-
0c139a4: Inline the in-review TaskCard Move dropdown into the meta row when badges are present, while preserving the existing bottom-row fallback when no meta row is rendered.
-
4d99a72: Fix Planning Mode so the loading view can show streamed thinking output during the initial question turn, including buffered SSE thinking events that arrive before the first question event.
-
018bbe4: Add run-audit events
worktree:worktrunk-{install,create,sync,prune,remove}tied to run/task IDs, completing the worktrunk audit taxonomy alongside the existingfailure/fallback-nativeevents. -
dea319f: Add a Worktrunk integration subsection to Dashboard Settings → Worktrees, including enable/binary path/failure-mode controls and automatic disabling of custom worktrees directory overrides while worktrunk is enabled.
-
7f2412b: Make self-healing maintenance respect worktrunk-managed layouts by deferring native prune/orphan cleanup/worktree-cap sweeps to the active worktrunk backend when enabled, while keeping branch-level reclaim logic unchanged.
-
2fe5166: Add
fn settings setsupport forworktrunk.enabled,worktrunk.binaryPath, andworktrunk.onFailure, including parsing, validation, and settings display/help updates. -
2101740: Fix post-merge metadata consistency by capturing and reconciling landed file lists. Done-task metadata and UI now prefer the final landed diff file set, with executor
modifiedFilesretained as the in-flight fallback. -
22dd33c: Done-task "files changed" surfaces now use the lineage-backed
/api/tasks/:id/diffcount and clearly label execution-time/merge-commit fallbacks. -
ef1ce10: Self-healing now auto-requeues
in-reviewtasks that failed at session start
with an unusable-worktree error even when zero step progress was recorded.
Bounded by a 3-attempt cap; persistent failures stay inin-reviewfor
human inspection. -
6bb2431: Fix Dockerfile workspace manifest copying to match the current monorepo layout by removing the stale
packages/tuireference and including plugin/package manifests required forpnpm install --frozen-lockfileduring image builds. This restores successfuldocker build .behavior without changing runtime features. -
bd3809e: Finalize-to-done now requires ownership evidence: tasks only complete when a task-owned landed commit is proven or when no-op completion is proven against the merge target. Legitimate no-op finalize paths now reconcile stale metadata by clearing inherited
modifiedFilesand stamping emptylandedFilesmarkers. Unproven finalize cases are audit-logged and auto-retried by requeuing totodofor fresh execution instead of silently landing as done. -
73d8cb9: Refinement tasks created via
fn_task_refineare now prioritized in triage dispatch so they are promoted out of Planning reliably when capacity opens. -
e50a4b5: Dashboard: clicking the room title in a chat room conversation now opens a dropdown to switch to another room.
-
94a3c4f: Self-healing now detects refinement tasks stranded in Planning while the rest of the board progresses, and escalates them into the normal triage path without bypassing manual plan approval.
-
047ad6c: Adds API endpoints to surface and expedite refinement tasks stuck in Planning without bypassing plan-spec or approval gates.
-
7ff4279: Fix: chat and chat-rooms composer now grows to always show entered text.
-
caf32fc: Dashboard TUI now yields after startup so the splash paints before blocking init runs, and shows a "Ready in Xs" startup-duration indicator once initialization completes.
-
08bfabd: Fix self-healing stale merge metadata repair so rebase/cherry-pick merges compute shortstat from
rebaseBaseSha..commitShainstead of tip-onlygit show, preventing correct aggregate stats from being overwritten. -
c7a6d68: Make task worktree liveness checks language-agnostic by removing the root
package.jsonrequirement. Worktrees are now considered usable based on git integrity (.gitpresence, registration, andgit rev-parse --is-inside-work-tree), fixing falsenot_usable_task_worktreefailures in Python, polyglot, nested-manifest, and empty repositories. -
e1e21f6: Reconcile worktrunk backend path contract: resolve the actual worktree
path viagit worktree list --porcelainafterwt switch --create
instead of assuming worktrunk uses Fusion's.worktrees/<task-id>
layout. Fixes silenttask.worktreedrift on worktrunk-enabled
projects. -
98c88c7: Dashboard UI for the worktrunk install approval: when worktrunk auto-install (FN-4624) is triggered from the dashboard, Fusion now creates a
network_apiapproval request visible in the Approvals view. Approving the request runs the install with the gate pre-satisfied; denying it leaves the binary uninstalled. -
8137920: Quick Chat now reflects the active room context by showing a room badge in the panel header, using a room icon in the session trigger, and updating the composer placeholder to
Message #{roomName}when chat rooms are enabled with an active room. -
bdda0e2: Codex usage panel now falls back to the Fusion-stored
openai-codexOAuth credential (~/.fusion/agent/auth.json) when the Codex CLIauth.jsonis missing, so Fusion OAuth users no longer see a spurious "run codex to login" error. -
769afd4: Emit
worktree:worktrunk-installrun-audit events on successful worktrunk auto-install (release-binary or cargo paths), completing the worktrunk audit taxonomy started in FN-4626. Cache hits,$PATHresolutions, andworktrunk.binaryPathoverrides remain silent. -
7cb81b0: Auto-grow chat-style entry textareas in mailbox compose, planning mode, and agent onboarding so inputs expand while typing up to a max height, matching existing chat composer behavior.
-
8e8c1a2: Lock in defaults: worktrunk integration is off by default (opt-in), and the per-project worktree directory defaults to
<projectRoot>/.worktreeswhenworktreesDiris unset. Regression tests now guard both invariants. -
414e62d: Reliability view: headline now shows in-review success rate (e.g. 100.0% when no bounces) instead of the raw failure rate. API field
inReviewFailureRate7dis unchanged. -
f40f2ba: Widen
resolveWorktreeBackendto accept an optionalbinaryPathResolver, allowWorktrunkWorktreeBackendto be constructed with a lazy resolver in place of a literal path, and finalize theresolveWorktrunkBinaryreturn contract (addsinstalled-release/installed-cargosource variants and an optionalactionGateContext). Internal surface widening that unblocks FN-4681's binary-resolver wiring; no runtime behavior change for existing callers. -
dc959a7: Gate
worktrunk.enabledbehind verified binary availability. The dashboard settings API, Settings modal, and CLI now reject or prevent enabling worktrunk until the pinned/selected binary resolves and probe-verifies, while still allowing unconditional disable for recovery. -
a92f9aa: Fix duplicate GitHub tracking issues being filed when a new task is created from the dashboard with linked-issues enabled.
-
cc701b2: Fix done-task Files Changed reporting for history-preserving rebase/cherry-pick merges by preferring the
rebaseBaseSha..commitSharange when lineage aggregation is partial. -
e9403df: Add GitHub tracking indicator/toggle to the quick task entry dropdown — shows project default and overrides for the next task.
-
56f38cf: Consolidate duplicate GitHub tracking wrappers and remove redundant post-create invocations; auth-token behavior preserved via shared helper.
-
c6daa5e: Defer the post-create hook (and GitHub tracking issue creation) until the title summarizer settles so linked issues use the AI-summarized title.
-
51c60fe: Settings now provide a tracking-repo picker for both project and global defaults, populated from detected GitHub remotes with a Custom fallback for manual
owner/repoentry. -
c3651da: Fix dashboard project switching so the selected project no longer reverts to a previously saved project after background project-list polling refreshes.
-
f761f77: Make file path mentions clickable in mailbox and quick chat message surfaces so path references open in the dashboard file browser.
-
b1209b1: Persist GitHub tracking
enabled: trueon task records as soon as project/task settings resolve tracking to enabled, even when issue creation is deferred. This keeps API-created tasks aligned with default tracking state in dashboard UI and prevents redundant enabled-state rewrites. -
befbc51: Linked GitHub issues are now reliably closed when the corresponding Fusion task completes, including a startup reconciliation pass that catches up on previously missed completions.
-
1e02028: Settings sync diff (manual pull + sync-status) now includes keys present only locally, surfacing local-only drift in the diff output.
-
dda600c: Replace dashboard
PrSectionwithPrPanel, removing the inline PR title/description creation textbox in task details. The new panel focuses on read-only PR visibility (state, checks rollup, review decision, and comments) and keeps creation delegated to the upcoming modal flow (FN-4756/FN-4758) without changing CLI or API surfaces. -
da6598a: PR status badge on task cards now distinguishes draft PRs and surfaces a CI check rollup
indicator (success / failure / pending) using design-token-only styling that adapts to
all dark and light themes. -
bba945c: Detect PR merge conflicts via gh PR refresh and route affected tasks through the existing self-healing branch-reclaim path. Adds an optional
mergeablefield onPrInfo, a "Retry conflict reclaim" affordance in the PR section, and a newPOST /api/tasks/:id/pr/reclaim-conflictendpoint. -
93c3975: Fix missing spinner when creating tasks from Planning Mode. The "Create Single Task", "Break into Tasks", and "Create Tasks" buttons now show an inline loading spinner while the async create/breakdown call is in flight, instead of leaving the user staring at an unchanged button or AI-question copy.
-
424c61f: Dashboard reload now hydrates projects/current-project/tasks from a local stale-while-revalidate cache for instant first paint.
-
2f2f7de: Dashboard now preloads the last-used view's JS chunk during HTML parse for faster reloads.
-
fc86c4f: Codex usage stats now prefer the Fusion-stored
openai-codexOAuth credential and only fall back to~/.codex/auth.jsonwhen no usable Fusion OAuth credential is available. -
416bd8b: Speed up Agents API startup paths by batching task-column sanitization and agent run-status aggregation. This removes per-agent task hydration and per-agent recent-run scans from initial Agents view loading.
-
4863e3b: Fix Planning Mode first-question loading so the spinner animates immediately and streamed thinking appears during the initial loading turn, even when the stream connects after early thinking events were buffered.
-
2f2198a: Add worktree teardown cleanup for Fusion-managed secrets env files by deleting only files whose fingerprint still matches the recorded write, and emit cleanup/skip audit events.
-
a2710fb: Fix dashboard CLI type compatibility by aligning
hybridExecutorinitialization withcreateServer'sHybridExecutor | undefinedexpectation, and stabilize desktop auto-updater tests that run during workspace verification. -
0b28388: Fix Quick Chat session dropdown not switching to the picked chat.
-
4691cbe: Fix Quick Chat session dropdown so picking a session option actually switches the visible chat (header label, composer placeholder, message list) and mutually excludes active chat-room selection.
-
7310642: Engine: worktree/branch reclaim during the no-fn_task_done retry loop now silently requeues to
todoinstead of surfacing afailedtask. Genuine retry exhaustion still fails and counts against the retry cap. -
42b8eeb: Emit per-attempt run-audit events during merge so the Reliability view's Merge Attempts panel populates.
-
7cd5554: Truncate Plan-Only scope-leak activity-log entries and
fn_task_doneblocking refusal messages to the first 10 off-scope and declared-scope entries with a… (+N more)suffix and explicittotal off-scope=/total scope=counters, so large tasks no longer flood the activity log. -
6fa9aef: Lease recovery is now central-claim-aware:
MeshLeaseManager.recoverAbandonedLease
releases the central claim before clearing local task-row lease fields, and
reconciles split-brain state viareconcileLeaseRowon the next scheduler /
self-healing tick. Owner-offline handoff policy and progress-preserving handoff
semantics are unchanged. Single-node deployments (no central claim store) keep
the existing local-only behavior. (FN-4823, FN-4819 §2.5 / §3.3 / §3.6) -
d4c4d6d: Define and test cross-node assignment-wake propagation contract (push / poll fallback / missed-wake reconciliation).
-
9e5a516: Structured
node:handoff:*andnode:lease:*run-audit events now accompany existing human-readable task logs for owning-node handoff decisions and abandoned-lease recovery paths. Scheduler dispatch and mesh-lease recovery emit machine-readable metadata for parked, reassign-local, reassign-any, and recovered outcomes so multi-node reliability analysis can query durable telemetry directly. -
27dd927: Auto-recover native worktree-create failures caused by stale git
index.lockfiles. Fusion now classifies stale vs active lock contention, retries creation once after safe stale-lock removal, and emits dedicatedworktree:stale-lock-*run-audit events for detection and outcome visibility. -
1e1e6f9: Preserve whitespace between streamed chat chunks so multi-sentence assistant replies render
.correctly between sentences in ChatView and QuickChatFAB (recurrence after FN-3817; fix at a different layer in the streaming pipeline). -
49bc9dd: GET /api/nodes/:id/settings/sync-status now includes an
actionableDenialReasonfield
("missing-remote-api-key" | "auth-failed" | "unreachable" | "unknown" | null) so
dashboards can surface why a remote probe failed instead of silently reporting
remoteReachable: falsewith no diagnosis. -
5ca8761: Fix Quick Chat room switching so selecting a room renders that room's messages and routes sends, /clear, and /new to the room instead of the previous direct session.
-
c1cbb66: Fix active-task diff endpoints to report destination paths for renamed/copied
files. The in-progress/in-review/tasks/:id/diffand/tasks/:id/file-diffs
handlers now pass-Mtogit diff --name-statusso rename detection no
longer depends on the consumer'sdiff.renamesgit config. -
3ca3b5e: Guard
fn_task_doneagainst agent-dissent summaries, bulk auto-marking of unreviewed pending steps, and pending REVISE verdicts. These refusals share the existing requeue budget and escalate tasks to in-review when retries are exhausted. -
248c770: Speed up Agents API boot-path loading by replacing per-request pending approval row scans with an aggregated pending-count query per requester agent. This keeps
/api/agentsresponsive on large approval histories and reduces time spent on the initial "Loading agents..." state. -
e0df753: Disabling GitHub tracking on an individual task now durably turns tracking off, unlinks the local tracking issue reference, and prevents immediate re-creation in the same update request.
-
7a6a3d0: Fix Quick Entry GitHub link button: correctly reflects enabled/disabled state from project settings, reliably toggles on click, and shows an unambiguous active visual state.
-
ee4652a: Heartbeat agents now detect deictic follow-ups ("create it", "yeah do that") in room threads and either echo the resolved referent before acting or post a single structured clarification reply with inferred options. A new
room:ambiguity:branchrun-audit event records which branch was taken for future tuning. -
a08e944: Inbound node settings sync (
/api/settings/sync-receive,/auth-receive,/auth-export) now rejects requests when the local nodeapiKeyis empty/missing or the Bearer token is empty, closing anAuthorization: Bearerbypass against unconfigured nodes. FN-4868 gap G-01. -
96a1930: Fix bootstrap-misbinding recovery when a Fusion worktree is already bound to its task branch at the target base SHA (no more
fatal: '<branch>' is already used by worktreeerrors during re-anchor). -
3d0cce7: Self-healing now auto-disposes in-review tasks whose identical stall (same code + reason) repeats past
inReviewStallDeadlockThreshold(default 3) by pausing the task withpausedReason="in-review-stall-deadlock"and emitting atask:in-review-stall-deadlock-disposedrun-audit event, preventing infinite stall-log churn (e.g., repeatedmerge-blocker: Failed to create worktree after 3 attemptsloops). -
a2caac3: Auto-recover in-review and verification-fix tasks whose branch carries only foreign-attributed commits and zero own work (the FN-4860/FN-4875 signature). The engine now classifies foreign-only contamination, re-anchors the branch via
reanchorBranchToBase, or non-destructively discards the orphan branch/worktree, instead of requiring manualgit worktree remove/git branch -D/sqlite metadata recovery. -
72834eb: Fix
pi.promptWithFallbackrecursion by removing standalone re-dispatch throughsession.promptWithFallback. -
0dc4c9c: Fix
fn_task_show,fn_task_list, and other pi-extension task tools so they resolve the canonical project root when invoked from inside a Fusion task worktree, instead of binding to a stray worktree-local.fusiondatabase. -
f00d732: Expand secret audit taxonomy and harden secret audit payload handling. This adds typed secret mutation coverage (
secret:create,secret:update,secret:delete,secret:read, approval events, sync events, and env lifecycle events), introduces plaintext-forbidden metadata enforcement viaassertNoSecretPlaintext, adds non-blockingSecretsStoreaudit emitter hooks for CRUD/read operations, and ensures secret audit emission paths avoid leaking plaintext/ciphertext/nonce fields. -
5aeb764: Prevent and auto-recover "Refusing to start coding agent in incomplete
worktree" session-start failures. The worktree-acquisition layer now
classifies pool-returned and resume worktrees before handing them to the
executor, and the executor's twocreateResolvedAgentSessioncall sites
catch the threeassertValidWorktreeSessionvariants inin-progress,
emitworktree:incomplete-detected+worktree:auto-recoveredrun-audit
telemetry, and requeue the task totodovia the shared
autoRecoverWorktreeSessionStartFailurehelper instead of surfacing the
error to the user. Bounded byMAX_WORKTREE_SESSION_RETRIES = 3. -
e33159e: Ensure GitHub tracking post-create hooks are registered across engine startup entrypoints so agent-created tasks (including
fn_task_createandfn_delegate_task) consistently evaluate default tracking settings and link issues when configured, with improved diagnostics for skipped tracking outcomes. -
1f8d995: Fixes a runtime crash where
fn_task_listandfn_task_showcould throw in heartbeat/no-task contexts whengetProjectRootFromWorktreedrifted at runtime, by adding a safe fallback project-root resolver path in the CLI extension. -
8d9b893: Fix a daemon startup ordering regression by deferring the peer-exchange global-settings read until after the primary task store is created, resolving
TS2448/TS2454typecheck failures inpackages/cli/src/commands/daemon.ts. -
24f5c23: Make
promptSessionAndChecktranscript diagnostics circular-safe to prevent stack overflows on malformed message metadata. -
3bbc507: Fix the executor's pre-session worktree liveness assertion firing on
freshly-created worktrees (#601). The gate now skips when
acquireTaskWorktreereturnssource: "fresh", and legitimate failures
are classified intomissing/incomplete/unregistered/
outside-work-treewith a canonicalized registered-paths snapshot in the
log plus aworktree:incomplete-detectedrun-audit event. The existing
taskDoneRetryCountrequeue-to-todocontract on this gate is preserved
unchanged. -
a651e8c: Task cards now prefer showing the clickable linked GitHub issue chip over the plain GitHub import provenance badge when both refer to the same issue.
-
d41dc24: Worktree setup now removes
packages/desktop/distandpackages/desktop/dist-electronfrom acquired task worktrees to avoid carrying stale ~900MB Electron build artifacts across recycled worktrees. -
14c5a17: Fix contamination auto-recovery nulling
task.worktreewhile leaving a live worktree mapped on disk, which triggered transientno-worktree-no-merge-confirmedstall signals in the dashboard. The in-line recovery inexecutor.tsnow:- Runs
autoRecoverCrossContaminationinside the task's worktree (when one exists) so the finalgit checkout <branch>doesn't collide with the branch already being checked out elsewhere — the previousrepoDir: this.rootDircall would silently fail for any task that had a real worktree. - Passes
preserveWorktree: truewhen requeueing totodo, matching the sibling recovery paths inauto-recovery-handlers/contamination.ts,tryBootstrapMisbindingRecovery, and self-healing reclaim.
- Runs
-
93e49b0: Fix desktop app launches on macOS where the process starts but no visible window appears. Window position restore now validates saved coordinates against connected display work areas and drops off-screen positions, and startup explicitly show/focuses the window with a ready-to-show path plus fallback timer.
-
9dfefc5: Closing/deleting the linked GitHub issue when deleting a tracked Fusion task now completes reliably even after the task is removed from the store, including observable success/failure signals and safe post-delete logging behavior.
-
17fafa1: GitHub tracking issues now wait for AI title summarization to settle before filing, ensuring summarized task titles are used consistently.
-
28595f5: Extend FN-4851 fn_task_done refusal guards (pending-code-review-revise, bulk-step-completion-without-review) to the implicit-completion path so agents cannot bypass them by drip-marking every step done via fn_task_update and exiting without calling fn_task_done. Implicit refusals share the existing requeue budget and escalate to in-review on exhaustion.
-
c161e62: Prevent cross-branch commit contamination at the source: every task worktree now installs a pre-commit hook that refuses commits when HEAD does not match the worktree's owning task branch (with an allowlist for parallel-step branches). As defense-in-depth, contamination auto-recovery now drops
obviously-misroutedforeign commits whose task-id attribution and changed-path namespace unambiguously belong to another task (initial heuristic:.changeset/fn-<that-id>-*), instead of escalating them to human adjudication. -
287673c: Engine:
reclaim-stale-active-branchesnow defers reclaim when the task has a registered active session, a recentexecutionStartedAt, or a worktree with uncommitted changes. Emits a newbranch:stale-active-reclaim-deferredrun-audit event per deferral. Fixes FN-4924-class loops where executor work was wiped because per-step commits were absent. -
f9f8ca0: Lock in default:
recycleWorktreesis off by default (opt-in). Regression tests now guard the invariant, and dashboard/docs copy explicitly states the default. -
d856788: Hardened worktree pool leasing with explicit lease ownership tracking, double-lease invariant detection, and
worktree:pool-double-lease-detectedaudit emission, plus merger cleanup ordering that detaches and clears task worktree metadata before pooled release. -
02ba659: Scheduler now prefers runnable todo tasks that unblock the most downstream dependents within the same priority class, so root blockers like FN-4766/FN-4867 stop sitting behind unrelated same-priority work. Urgent tasks still outrank everything.
-
3a3f4ed: Normalize task titles by stripping empty placeholder bracket groups (
(),[],{}) left by FN-token removal and AI-generated blank template slots. -
cfe3532: Fix executor step-order corruption:
fn_review_stepoff-by-one when auto-updating step status,resetStepsIfWorkLostnow recomputescurrentStepso execution does not resume past wiped work, andTaskStore.updateSteprefuses out-of-orderdonewrites. -
5a1794f: Wire the redesigned Create-PR modal into the task detail modal and the merge/review tab so
PrPanel's Create button and a new review-tab Create-PR action open the same flow. Fixes the
FN-4758 follow-up where PrPanel was mounted withonRequestCreatePr={undefined}. -
e5af1f1: Suppress in-review stall surfacing and deadlock auto-disposition when autoMerge is disabled. Tasks on the PR-based review flow no longer get flagged as stalled.
-
6fc0f5c: Engine: self-heal
git worktree addfailures classified as "missing but already registered worktree" by pruning the stale registration and retrying once. Recovery is observable via new run-audit eventsworktree:stale-registration-detected,worktree:stale-registration-recovered,worktree:stale-registration-recovery-failed. -
46d0928: Pair raw worktree directory deletions in the engine with best-effort
git worktree pruneto prevent stale admin-entry leaks. -
bed14fd: SelfHealingManager.reapUnregisteredOrphans now defers reaping paths that are bound to a live active session, restoring the FN-4811 guard lost during the auto-archive incident.
-
896ae7a: Fix malformed task titles when foreign FN-XXX tokens are stripped: dangling trailing connective words (e.g. "of", "to", "for") that would otherwise produce fragments like "Close as duplicate of" are now rejected, so token-stripped residuals never persist as task titles.
-
f116953: TaskCard in-review Move dropdown is now rendered inline with the file-overlap and queued badges in the meta row, falling back to the bottom action row only when the meta row is not rendered.
-
dd78e42: Add
in-review-stalledbacklog-health detector for unpaused in-review tasks quiet past the configurableinReviewStalledThresholdMs(default 24h). -
c51d0d9: Restrict rebase-strategy landed-files capture to task-attributable commits and annotate short-circuit/fallback metadata for downstream reconciliation and reporting.
-
6608f21: Fix chat UI losing streamed assistant text when the user leaves and returns to a session mid-generation.
-
a6747c1: Tasks moved to done no longer retain stale paused metadata, and
fn task list
output suppresses the(paused)suffix for terminal (done/archived) tasks. A
one-shot startup backfill repairs already-drifted rows. -
ba16048: Dashboard: implement missing /api/tasks/:id/pr/generate-metadata, /pr/preflight, and /pr/options routes so the Create PR dialog populates AI title/body, preflight checks, and base-branch/reviewer/label dropdowns.
-
041eb4b: Chat and QuickChat composers now grow up to 640px so pasted multi-paragraph
text stays visible without forcing the user to scroll inside the textarea. -
bb34033: Treat in-review as terminal-until-merged when autoMerge is disabled. All lifecycle-mutating self-healing sweeps now short-circuit on autoMerge=false so PR-based review tasks are no longer kicked back to todo, marked failed, or re-finalized by recovery loops.
-
6d68c2d: Align MessageComposer, PlanningModeModal, and AgentOnboardingModal autosize
caps to 640px (and SummaryView expanded mode to 800px) so pasted multi-paragraph
content stays visible without internal scroll, matching the FN-5146 chat
composer convention. -
7dafde4: Refuse bootstrapping a nested Fusion project from a linked git worktree when the parent repository already has
.fusion/fusion.db, and allow an explicit override withFUSION_ALLOW_NESTED_PROJECT=1. -
6b24b56: Add durable mergeQueue table (schema v89) and TaskStore lease API (enqueue / acquireLease / releaseLease / recoverExpiredLeases) as the foundation for FN-5240 in-review handoff durability. No engine behavior change yet; merger/executor wiring lands in FN-5241/FN-5243.
-
a164e84: Harden
fusion.dbagainst process crashes: switchPRAGMA synchronousfromNORMALtoFULLand restore the defaultwal_autocheckpoint = 1000(was 100). Repeated node:sqlite SIGSEGVs insidepager_writehad been corrupting the db; the previous settings left a wide window for torn pages whenever a writer crashed mid-checkpoint. The small fsync cost is worth the durability win. -
d9214b6: PR conflict diagnostics: capture the conflicting file list and a project-strategy-aware suggested command sequence on
PrInfo.conflictDiagnosticsat PR refresh time, and surface them in the dashboard PR panel with a copy-to-clipboard affordance and re-check button.
runfusion.ai
Patch Changes
- Updated dependencies [3ea9bbb]
- Updated dependencies [e1bda2a]
- Updated dependencies [73b4717]
- Updated dependencies [fa9648b]
- Updated dependencies [3ff683a]
- Updated dependencies [41ceae0]
- Updated dependencies [aeada25]
- Updated dependencies [7c15be8]
- Updated dependencies [7805645]
- Updated dependencies [5253cc1]
- Updated dependencies [cc7b9f3]
- Updated dependencies [939b68e]
- Updated dependencies [5975931]
- Updated dependencies [7942fb0]
- Updated dependencies [c7ba63c]
- Updated dependencies [df28dcf]
- Updated dependencies [a88857a]
- Updated dependencies [a27614f]
- Updated dependencies [f7a7038]
- Updated dependencies [2739259]
- Updated dependencies [401094c]
- Updated dependencies [9a1c904]
- Updated dependencies [b772881]
- Updated dependencies [ff71746]
- Updated dependencies [e5c9c7a]
- Updated dependencies [7c0624c]
- Updated dependencies [6721005]
- Updated dependencies [3d7e737]
- Updated dependencies [ae740bd]
- Updated dependencies [db7b196]
- Updated dependencies [b594160]
- Updated dependencies [11012b4]
- Updated dependencies [023a0cc]
- Updated dependencies [c6e9782]
- Updated dependencies [fea0b51]
- Updated dependencies [7ab3f7a]
- Updated dependencies [f0df7cb]
- Updated dependencies [a34e77a]
- Updated dependencies [4d5e296]
- Updated dependencies [246609a]
- Updated dependencies [3f8a5e6]
- Updated dependencies [4c26aa6]
- Updated dependencies [8bef306]
- Updated dependencies [86237c9]
- Updated dependencies [f4aa6d7]
- Updated dependencies [b6df11a]
- Updated dependencies [a1b1f9a]
- Updated dependencies [5c36c0f]
- Updated dependencies [dcd6bf6]
- Updated dependencies [b2ca02f]
- Updated dependencies [199f317]
- Updated dependencies [8e3a635]
- Updated dependencies [df998cb]
- Updated dependencies [2adc9fa]
- Updated dependencies [aa6d1c9]
- Updated dependencies [87bd369]
- Updated dependencies [fe2ebfb]
- Updated dependencies [a3e8c8f]
- Updated dependencies [2242d5b]
- Updated dependencies [10455b7]
- Updated dependencies [bfbdacd]
- Updated dependencies [97d92da]
- Updated dependencies [307cf0c]
- Updated dependencies [dde2d06]
- Updated dependencies [e9ef40f]
- Updated dependencies [0046fc9]
- Updated dependencies [f183186]
- Updated dependencies [8845964]
- Updated dependencies [c87e0fc]
- Updated dependencies [40ef729]
- Updated dependencies [56a7178]
- Updated dependencies [d5ed2cd]
- Updated dependencies [e0b1e6a]
- Updated dependencies [be6279f]
- Updated dependencies [b9d4bd8]
- Updated dependencies [68b5694]
- Updated dependencies [6c1732d]
- Updated dependencies [f46629e]
- Updated dependencies [cc6bd1e]
- Updated dependencies [7652bbf]
- Updated dependencies [012fb17]
- Updated dependencies [2be6cf2]
- Updated dependencies [b078a81]
- Updated dependencies [17eb85e]
- Updated dependencies [f40accd]
- Updated dependencies [d467725]
- Updated dependencies [75a7127]
- Updated dependencies [b143f6c]
- Updated dependencies [e5af9c9]
- Updated dependencies [19e2ff0]
- Updated dependencies [c4745ca]
- Updated dependencies [2d42476]
- Updated dependencies [edfd6e4]
- Updated dependencies [ea9ec50]
- Updated dependencies [9e87de0]
- Updated dependencies [0c139a4]
- Updated dependencies [4d99a72]
- Updated dependencies [9574ba4]
- Updated dependencies [9ac503f]
- Updated dependencies [3d9260e]
- Updated dependencies [06810e4]
- Updated dependencies [8b371ba]
- Updated dependencies [018bbe4]
- Updated dependencies [dea319f]
- Updated dependencies [7f2412b]
- Updated dependencies [2fe5166]
- Updated dependencies [196b7e4]
- Updated dependencies [4ce58f2]
- Updated dependencies [2101740]
- Updated dependencies [22dd33c]
- Updated dependencies [ef1ce10]
- Updated dependencies [6bb2431]
- Updated dependencies [bd3809e]
- Updated dependencies [73d8cb9]
- Updated dependencies [e50a4b5]
- Updated dependencies [94a3c4f]
- Updated dependencies [047ad6c]
- Updated dependencies [7ff4279]
- Updated dependencies [caf32fc]
- Updated dependencies [08bfabd]
- Updated dependencies [c7a6d68]
- Updated dependencies [c0f9dde]
- Updated dependencies [43ae0ee]
- Updated dependencies [e1e21f6]
- Updated dependencies [98c88c7]
- Updated dependencies [3defcbe]
- Updated dependencies [8137920]
- Updated dependencies [bdda0e2]
- Updated dependencies [769afd4]
- Updated dependencies [7cb81b0]
- Updated dependencies [8e8c1a2]
- Updated dependencies [414e62d]
- Updated dependencies [f40f2ba]
- Updated dependencies [b94eae4]
- Updated dependencies [6afd273]
- Updated dependencies [dc959a7]
- Updated dependencies [a92f9aa]
- Updated dependencies [cc701b2]
- Updated dependencies [e9403df]
- Updated dependencies [56f38cf]
- Updated dependencies [c6daa5e]
- Updated dependencies [51c60fe]
- Updated dependencies [c3651da]
- Updated dependencies [f761f77]
- Updated dependencies [293441a]
- Updated dependencies [b1209b1]
- Updated dependencies [befbc51]
- Updated dependencies [1e02028]
- Updated dependencies [dda600c]
- Updated dependencies [7b48387]
- Updated dependencies [da6598a]
- Updated dependencies [0338b37]
- Updated dependencies [bba945c]
- Updated dependencies [3e944ed]
- Updated dependencies [93c3975]
- Updated dependencies [424c61f]
- Updated dependencies [2f2f7de]
- Updated dependencies [fc86c4f]
- Updated dependencies [416bd8b]
- Updated dependencies [4863e3b]
- Updated dependencies [937bed9]
- Updated dependencies [2f2198a]
- Updated dependencies [a2710fb]
- Updated dependencies [0b28388]
- Updated dependencies [4691cbe]
- Updated dependencies [7310642]
- Updated dependencies [42b8eeb]
- Updated dependencies [7cd5554]
- Updated dependencies [6fa9aef]
- Updated dependencies [d4c4d6d]
- Updated dependencies [9e5a516]
- Updated dependencies [27dd927]
- Updated dependencies [1e1e6f9]
- Updated dependencies [49bc9dd]
- Updated dependencies [5ca8761]
- Updated dependencies [c1cbb66]
- Updated dependencies [3ca3b5e]
- Updated dependencies [248c770]
- Updated dependencies [e0df753]
- Updated dependencies [7a6a3d0]
- Updated dependencies [01276d6]
- Updated dependencies [ee4652a]
- Updated dependencies [a08e944]
- Updated dependencies [96a1930]
- Updated dependencies [3d0cce7]
- Updated dependencies [a2caac3]
- Updated dependencies [5233bc9]
- Updated dependencies [72834eb]
- Updated dependencies [0dc4c9c]
- Updated dependencies [f00d732]
- Updated dependencies [5aeb764]
- Updated dependencies [e33159e]
- Updated dependencies [1f8d995]
- Updated dependencies [8d9b893]
- Updated dependencies [24f5c23]
- Updated dependencies [3bbc507]
- Updated dependencies [a651e8c]
- Updated dependencies [d41dc24]
- Updated dependencies [14c5a17]
- Updated dependencies [93e49b0]
- Updated dependencies [9dfefc5]
- Updated dependencies [17fafa1]
- Updated dependencies [28595f5]
- Updated dependencies [c161e62]
- Updated dependencies [287673c]
- Updated dependencies [f9f8ca0]
- Updated dependencies [d856788]
- Updated dependencies [02ba659]
- Updated dependencies [3a3f4ed]
- Updated dependencies [040a909]
- Updated dependencies [cfe3532]
- Updated dependencies [5a1794f]
- Updated dependencies [f9c0b93]
- Updated dependencies [e5af1f1]
- Updated dependencies [6fc0f5c]
- Updated dependencies [46d0928]
- Updated dependencies [bed14fd]
- Updated dependencies [896ae7a]
- Updated dependencies [f116953]
- Updated dependencies [dd78e42]
- Updated dependencies [c51d0d9]
- Updated dependencies [6608f21]
- Updated dependencies [a6747c1]
- Updated dependencies [ba16048]
- Updated dependencies [041eb4b]
- Updated dependencies [bb34033]
- Updated dependencies [6d68c2d]
- Updated dependencies [7dafde4]
- Updated dependencies [6b24b56]
- Updated dependencies [a164e84]
- Updated dependencies [aad1219]
- Updated dependencies [d9214b6]
- @runfusion/fusion@0.32.0