Skip to content

feat: deep CEO interview to project charter#2045

Merged
Aureliolo merged 8 commits into
mainfrom
feat/1977-deep-ceo-interview-charter
May 22, 2026
Merged

feat: deep CEO interview to project charter#2045
Aureliolo merged 8 commits into
mainfrom
feat/1977-deep-ceo-interview-charter

Conversation

@Aureliolo
Copy link
Copy Markdown
Owner

@Aureliolo Aureliolo commented May 22, 2026

Closes #1977.

Summary

Adds the deep-intake conversational front door: a multi-turn requirements-elicitation interview that elicits goals / constraints / success criteria / scope boundaries / budget+time envelope from a vague one-line product idea, persists a reviewable ProjectCharter, and on approval drives a real project run through the work-pipeline spine.

Builds on EPIC B #1968 (conversation substrate, reused) and #1960 (pipeline spine). Part of EPIC #1973 (autonomous product studio).

What ships

Domain

  • ProjectCharter + BudgetEnvelope + ScopeBoundaries + CharterDraft + InterviewDecision (frozen, extra="forbid", XOR validators on project binding + approval coupling).
  • CharterStatus(StrEnum): DRAFTED (under review) → APPROVED (terminal) / CANCELLED (terminal).
  • Errors: CharterNotFoundError, CharterNotEditableError, CharterAlreadyDecidedError, CharterInterviewUnavailableError, CharterInterviewResponseInvalidError, UnknownCharterStrategyError.

Subsystem (src/synthorg/meta/charter/)

  • CharterInterviewStrategy Protocol + LLMCharterInterviewer default; pluggable via CharterConfig.interview_strategy discriminator ("llm" only; UnknownCharterStrategyError on misconfiguration, no silent default).
  • CharterInterviewService orchestrates per-conversation locks, runs one turn, persists either an assistant question (conversation stays ACTIVE — deviation from the plan's PROPOSED transition) or the drafted charter, edits in place while DRAFTED, cancels with DRAFTED→CANCELLED CAS. Ownership-fenced on get / edit_charter / cancel_charter (creator-only; foreign access shaped as NotFound, CHARTER_OWNERSHIP_DENIED logged structurally).
  • CharterDispatcher.approve resolves the project (existing or deterministic charter-{id} new), persists an already-APPROVED Forecast with ceiling_amount = envelope.amount, builds a WorkItem carrying forecast_id + hard_ceiling, runs work_pipeline.run(item), then CAS-transitions DRAFTED→APPROVED with the full provenance set (approved_at/approved_by/forecast_id/correlation_id/task_id) and closes the interview conversation.

Persistence (dual-backend)

  • CharterRepository Protocol composes StatefulRepository[ProjectCharter, NotBlankStr, CharterStatus] + FilteredQueryRepository[ProjectCharter, CharterFilterSpec] (ADR-0001 compliant, no bespoke methods).
  • SQLite + Postgres repos mirror cost_forecast_repo.py; JSON-encoded tuple columns; flattened envelope; CHECK constraints enforce project-binding XOR + approval coupling at the DB level.
  • New yoyo revisions 20260522000002_project_charters.sql (both backends) + declared schema.sql updates; composite (created_at DESC, id DESC) index covers the list_items/query ORDER BY.
  • Dual-backend conformance suite (tests/conformance/persistence/test_charter_repository.py) covers CRUD round-trip, in-place edit, filtered query, count, status transitions, CAS-fail-on-mismatch, project-binding XOR, approval coupling.

API + MCP

  • REST: CharterController at /meta/chartersPOST /interview, GET /, GET /{id}, PATCH /{id}, POST /{id}/approve, POST /{id}/cancel. Approve is gated by require_approval_roles (CEO / Manager / Board Member) so budget-spend authority matches the MCP admin guardrail; the dispatcher does NOT itself ownership-fence approve so an approval-tier actor can legitimately dispatch a junior's charter (authorship is preserved on created_by).
  • All endpoints return 503 with CHARTER_SUBSTRATE_UNAVAILABLE warning when the subsystem is not wired.
  • MCP domain (5 tools): synthorg_charter_interview / list / get / cancel / approve (admin-gated). MCP cancel passes enforce_ownership=False so admin operators can cancel stalled charters they did not author.

Boot wiring

  • _wire_charter_engine startup hook (after persistence + provider), gated on meta.charter.interview_enabled + provider + persistence; best-effort with structured warning + 503 surface when unwired. Idempotent; rebuilds via post_setup_reinit.
  • Ghost-wiring manifest has explicit ENFORCED entries for CharterInterviewService and CharterDispatcher.

Settings

  • New SettingNamespace.CHARTER. settings/definitions/charter.py registers: interview_enabled, interview_strategy, interview_model, interview_temperature, interview_max_tokens, interview_max_turns, default_currency (with lint-allow: regional-defaults mirroring budget.DEFAULT_CURRENCY). All numerics defined here; no inline literals.

Observability

  • observability/events/charter.py: CHARTER_INTERVIEW_TURN, CHARTER_INTERVIEW_QUESTION, CHARTER_INTERVIEW_DRAFTED, CHARTER_INTERVIEW_CAP_REACHED, CHARTER_INTERVIEW_RESPONSE_INVALID, CHARTER_INTERVIEW_FAILED, CHARTER_EDITED, CHARTER_STATUS_TRANSITIONED, CHARTER_OWNERSHIP_DENIED, CHARTER_APPROVED, CHARTER_CANCELLED, CHARTER_DISPATCHED, CHARTER_DISPATCH_FAILED, CHARTER_SUBSTRATE_UNAVAILABLE.
  • VALID_SETTINGS_NAMESPACES includes "charter" for the Prometheus settings-mutation metric.

Web dashboard

  • New page CharterInterviewPage at /meta/charters with a two-pane layout: InterviewChat (left, with aria-live="polite" aria-atomic="true" transcript + composer) and CharterDraftCard (right, inline-editable brief + budget envelope, plus Approve / Cancel actions). Nav entry in Sidebar.
  • Zustand useCharterStore with the project's mutation-pattern discipline (try/catch in the store, toast on success/failure, sentinel-null on error, optimistic message rollback on runTurn failure). Memory-only storage documented inline.
  • MSW handlers + endpoint client + unit tests for both the page and the store.

Untrusted-content fence

Human interview messages are wrapped in <task-data> envelopes via wrap_untrusted(TAG_TASK_DATA, ...) at both the REST controller and the MCP handler before reaching the strategy; the strategy never sees a raw user string.

Acceptance

tests/e2e/test_charter_to_run_e2e.py::test_vague_idea_becomes_approved_charter_that_runs drives the full flow under the simulation harness with a scripted provider and a real work_pipeline: vague one-liner → interview → drafted charter → approve → new project + APPROVED forecast + spine-created Task (past CREATED). Marked @pytest.mark.e2e — runs in CI, not in the local pre-push gate.

Test coverage added in the review round

  • Concurrent run_turn serialise on a shared conversation (per-conversation asyncio.Lock is exercised).
  • Concurrent dispatcher.approve CAS race (only one approval wins; project + pipeline run once).
  • wrap_untrusted(TAG_TASK_DATA, ...) verified at the MCP boundary.
  • compute_brief_hash determinism (same brief → same hash; idempotent retries upsert).
  • DuplicateRecordError branch on project_service.create (idempotent project-creation retry).
  • transition_if returns False on state mismatch (dual-backend conformance).
  • Turn-cap at default config boundary (not just cap=1).
  • Lock-allocation under many distinct first-uses.
  • Approval idempotent when the conversation is already CLOSED.
  • CHARTER_DISPATCH_FAILED structurally logged before re-raise.
  • Ownership-fence tests on get / edit / cancel paths.
  • Dedicated MCP handler suite (interview/list/get/cancel/approve, including admin-guardrail enforcement).

Test plan

  • uv run python -m pytest tests/ -m unit (full unit suite, including all charter modules + observability inventory + MCP tool-count assertion at 224)
  • uv run python -m pytest tests/conformance/persistence/test_charter_repository.py (SQLite + Postgres, run in CI)
  • uv run python -m pytest tests/e2e/test_charter_to_run_e2e.py -m e2e (acceptance, run in CI; not in the local pre-push gate per project convention)
  • npm --prefix web run lint && npm --prefix web run type-check && npm --prefix web run test (3217/3217 passing locally)

Notable deviations from the original plan

  • The interview conversation stays ACTIVE across re-drafts rather than transitioning to PROPOSED. The PROPOSED status is conversational-proposal terminology; for charters the natural lifecycle is "still elicitable while DRAFTED, closed only on approve/cancel/cap." Edits and re-drafts on a DRAFTED charter therefore keep the conversation open. This is intentional and surfaces in the e2e flow.
  • The approve REST endpoint relies on the require_approval_roles guard for authorisation rather than dispatcher-level ownership; admins legitimately approve juniors' charters. Authorship is preserved on created_by for audit.

Operator follow-up on merge

The two-backend schema-drift baselines update on a new persistence table; CI / a maintainer will run uv run python scripts/check_schema_drift_revisions.py --backend sqlite and --backend postgres and refresh any drift baselines if the gate flags it. The new MCP tool count (224) is pinned in tests/unit/meta/mcp/test_all_handlers_wired.py; any subsequent tool-surface change must bump this number explicitly.

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 22, 2026
edited
Loading

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Scanned Files

None

@gemini-code-assist
Copy link
Copy Markdown
Contributor

gemini-code-assist Bot commented May 22, 2026

Summary of Changes

Hello, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request introduces a 'deep-intake' conversational flow that enables users to transform vague product ideas into structured, actionable project charters. By leveraging an LLM-driven interview process, the system captures project goals, constraints, and budget envelopes, persisting them as reviewable artifacts. Upon approval, the system automatically handles project provisioning, budget forecasting, and pipeline dispatch, streamlining the transition from concept to execution.

Highlights

  • Deep CEO Interview Subsystem: Introduced a multi-turn conversational interface for requirements elicitation, allowing users to define project goals, constraints, and budgets from a simple idea.
  • Project Charter Lifecycle: Implemented the ProjectCharter artifact with a state machine (DRAFTED -> APPROVED | CANCELLED) and associated services for editing, cancelling, and dispatching.
  • Pipeline Integration: Added CharterDispatcher to automate project creation, budget forecasting, and work-pipeline kickoff upon charter approval.
  • Web Dashboard: Added a new CharterInterviewPage with a dual-pane layout for real-time interview chat and inline-editable charter drafting.
  • Persistence & Observability: Implemented dual-backend (SQLite/Postgres) support for charters with strict schema constraints and comprehensive event logging for lifecycle transitions.
Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature Command Description
Code Review /gemini review Performs a code review for the current pull request in its current state.
Pull Request Summary /gemini summary Provides a summary of the current pull request in its current state.
Comment @gemini-code-assist Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help /gemini help Displays a list of available commands.

Customization

To customize the Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counterproductive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

Footnotes

  1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution.

@coderabbitai
Copy link
Copy Markdown
Contributor

coderabbitai Bot commented May 22, 2026
edited
Loading

Review Change Stack

Caution

Review failed

Pull request was closed or merged during review

Walkthrough

Introduces a complete project-charter subsystem: settings and enums, domain models and errors, LLM interview strategy and prompt, CharterInterviewService and CharterDispatcher, persistence protocol plus SQLite/Postgres repos and migrations, factory wiring, API controller (/meta/charters) and MCP tools/handlers, app startup/state facades and rate limits, observability events, web types/endpoints/store/pages/components and MSW mocks, and extensive unit/conformance/e2e tests. Separately, updates the isolation-gate script to classify xdist node-down with non-zero exit as a crash_advisory.

@Aureliolo Aureliolo temporarily deployed to cloudflare-preview May 22, 2026 18:43 — with GitHub Actions Inactive
@codspeed-hq
Copy link
Copy Markdown

codspeed-hq Bot commented May 22, 2026
edited
Loading

Merging this PR will not alter performance

✅ 54 untouched benchmarks

Comparing feat/1977-deep-ceo-interview-charter (6f89dd4) with main (e287621)

Open in CodSpeed

gemini-code-assist[bot]
gemini-code-assist Bot reviewed May 22, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@gemini-code-assist gemini-code-assist Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request implements the project charter subsystem, facilitating a structured requirements-elicitation interview process that generates reviewable and approvable project charters. The implementation includes a multi-turn orchestration service, a dispatcher for work-pipeline integration, and a comprehensive API and MCP tool surface supported by dual-backend persistence. Additionally, the test runner is updated to handle Python 3.14 teardown crashes on Windows as advisories. Feedback identifies a logic risk where the system might return stale charter objects if a database fetch fails immediately following a successful state transition; it is recommended to raise an explicit error in these cases to prevent inconsistent state propagation.

Comment thread src/synthorg/meta/charter/dispatch.py
Comment on lines +221 to +226
return CharterApprovalResult(
charter=approved if approved is not None else charter,
project_id=project_id,
task_id=result.task_id,
is_success=result.is_success,
)
Copy link
Copy Markdown
Contributor

@gemini-code-assist gemini-code-assist Bot May 22, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

high

There's a potential issue here where a stale charter object could be returned in the CharterApprovalResult. If self._charter_repo.get(charter_id) returns None after a successful approval, the fallback charter object holds the state from before the approval (e.g., status=DRAFTED). This would send an inconsistent state to the client.

A successful transition_if in _stamp_approved should guarantee the charter exists. If get still returns None, it's a critical data inconsistency. It would be safer to raise an error in this unlikely event rather than returning a stale object.

        approved = await self._charter_repo.get(charter_id)
        if approved is None:
            # This should be impossible if the state transition succeeded,
            # and indicates a critical data inconsistency.
            raise QueryError(f"Failed to re-fetch charter {charter_id} after approval")
        return CharterApprovalResult(
            charter=approved,
            project_id=project_id,
            task_id=result.task_id,
            is_success=result.is_success,
        )

Comment thread src/synthorg/meta/charter/service.py Outdated
to_state=CharterStatus.CANCELLED.value,
)
refreshed = await self._charter_repo.get(charter_id)
return refreshed if refreshed is not None else charter
Copy link
Copy Markdown
Contributor

@gemini-code-assist gemini-code-assist Bot May 22, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

high

There's a potential issue here with returning a stale object. If self._charter_repo.get(charter_id) returns None after a successful cancellation, the fallback charter object is returned. This object is from before the cancellation and will have an incorrect status (e.g., DRAFTED).

To ensure the caller receives the correct, updated state, it would be safer to raise an error if the re-fetch fails, as this indicates a critical data inconsistency.

        if refreshed is None:
            # This should be impossible if the state transition succeeded.
            raise QueryError(f"Failed to re-fetch charter {charter_id} after cancellation")
        return refreshed

coderabbitai[bot]
coderabbitai Bot requested changes May 22, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 16

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)
tests/unit/api/controllers/test_charter.py (1)

22-57: 🧹 Nitpick | 🔵 Trivial | ⚡ Quick win

Add unwired degradation tests for patch/cancel endpoints as well.

This suite validates interview/list/get/approve paths, but the same 503 contract should be asserted for edit and cancel routes to keep endpoint degradation coverage complete.

🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@tests/unit/api/controllers/test_charter.py` around lines 22 - 57, Add two
unwired-degradation tests to TestCharterControllerUnwired: one asserting PATCH
"/api/v1/meta/charters/charter-1" returns _SERVICE_UNAVAILABLE (name it
test_patch_returns_503_when_unwired) and one asserting POST
"/api/v1/meta/charters/charter-1/cancel" returns _SERVICE_UNAVAILABLE (name it
test_cancel_returns_503_when_unwired); use the existing test_client fixture and
mirror the style of test_approve_returns_503_when_dispatcher_unwired and
test_interview_returns_503_when_unwired so the suite covers edit (PATCH) and
cancel routes as well.
tests/conformance/persistence/test_charter_repository.py (1)

349-375: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

test_constraint_violation_on_corrupt_raw_write does not actually validate a constraint violation.

The test never executes a failing write/update path, so it can’t catch regressions in DB-level approval coupling.

Concrete test fix 
 async def test_constraint_violation_on_corrupt_raw_write(
     self, backend: PersistenceBackend
 ) -> None:
-    """A drafted row carrying approval provenance trips the DB CHECK.
-
-    The model forbids this, so the repo path cannot emit it; this
-    guards the DB-level approval-coupling constraint by asserting a
-    clean drafted save (no provenance) succeeds while an approved
-    save requires full provenance via the model + DB together.
-    """
+    """DB CHECK rejects incomplete provenance for APPROVED transition."""
     repo = _repo(backend)
-    approved = _make_charter(
-        charter_id="ap1",
-        status=CharterStatus.APPROVED,
-        approved_at=_NOW,
-        approved_by="user-1",
-        forecast_id=uuid4(),
-        correlation_id="conv-1",
-        task_id="task-1",
-    )
-    await repo.save(approved)
-    fetched = await repo.get(NotBlankStr("ap1"))
-    assert fetched is not None
-    assert fetched.status is CharterStatus.APPROVED
-    # Sanity: a constraint violation type exists for raw corrupt writes.
-    assert issubclass(ConstraintViolationError, Exception)
+    await repo.save(_make_charter(charter_id="ap1"))
+    with pytest.raises(ConstraintViolationError):
+        await repo.transition_if(
+            NotBlankStr("ap1"),
+            CharterStatus.DRAFTED,
+            CharterStatus.APPROVED,
+            updated_at=_NOW,
+            approved_at=_NOW,
+            approved_by="user-1",
+            # forecast_id / correlation_id / task_id intentionally omitted
+        )
🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@tests/conformance/persistence/test_charter_repository.py` around lines 349 -
375, The test currently never performs a failing DB write; update
test_constraint_violation_on_corrupt_raw_write to perform a raw/bypassing-model
insert that violates the approval-coupling CHECK (e.g. insert a row with
status=DRAFT but with approved_at/approved_by set) using the lower-level backend
execution path (use the provided backend/DB execute/raw SQL helper available in
the test harness) and assert that this operation raises
ConstraintViolationError; keep the existing setup using repo/_repo and
_make_charter, then run the raw INSERT against the charters table (via
backend.execute or the test-suite raw SQL helper) and assert raises
ConstraintViolationError to validate DB-level constraint enforcement.
🤖 Prompt for all review comments with AI agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@scripts/run_affected_tests.py`:
- Around line 638-646: The repeated-crash gate is only counting entries with
test ids from _parse_worker_crashes(), so bare "[gwN] node down" worker deaths
get downgraded to advisory; update _parse_worker_crashes() (and any consumer
like the repeated-crash check function) to also record and key plain "node down"
events (e.g., by worker id or crash signature) so they contribute to the
repeated-crash detection, and then ensure the repeated-crash guard treats
repeated worker-down entries the same as entries tied to test ids (i.e., fail
the run rather than mark advisory).

In `@src/synthorg/api/app.py`:
- Around line 1691-1784: The _wire_charter_engine startup hook is meant to be
best-effort but can raise unexpected exceptions during settings/repo/strategy
construction and abort startup; wrap the body of _wire_charter_engine in a broad
try/except that catches Exception, logs the exception with contextual
information (include CHARTER_SUBSTRATE_UNAVAILABLE or similar and the exception
details), and returns without re-raising so startup continues; ensure you still
preserve idempotency (checks using app_state.has_charter_service remain before
constructing) and that exceptions around build_charter_repository,
build_conversational_repositories, build_charter_interview_strategy,
app_state.set_charter_service, and app_state.set_charter_dispatcher are all
guarded.

In `@src/synthorg/meta/charter/dispatch.py`:
- Around line 268-273: The log emits CHARTER_STATUS_TRANSITIONED even though no
state change was persisted; change this to a non-transition telemetry event
(e.g., CHARTER_DUPLICATE_PROJECT_RETRY or CHARTER_PROJECT_ALREADY_EXISTS) and
update the logger.info call (the one that currently passes charter_id=charter.id
and project_id=project_id) to use that new/appropriate constant so transition
events remain reserved for post-persistence state changes and this branch
accurately records a duplicate-project retry.
- Around line 198-211: The dispatch currently calls
self._work_pipeline.run(work_item) before performing the CAS winner check
transition_if(... DRAFTED -> APPROVED ...), which can cause duplicate side
effects in races; change the flow so you first attempt the atomic
transition_if(...) and only when it returns success do you call await
self._work_pipeline.run(work_item), and then call await
self._stamp_approved(...). Update the surrounding error handling and logging so
that pipeline errors are caught and logged as before but do not trigger if the
transition_if failed (abort/return early when transition lost), and apply the
same change to the analogous block that uses _work_pipeline.run and
_stamp_approved in the other occurrence.
- Around line 361-370: The _close_conversation method can raise from
self._conversation_repo.transition_if and currently bubbles up; wrap the call to
conversation_repo.transition_if in a try/except that catches Exception, logs the
failure (including conversation_id and now) via the module/class logger (e.g.
self._logger.exception or self._logger.error with details) and then swallows the
exception so the method remains best-effort and idempotent; keep the
ConversationStatus.ACTIVE -> CLOSED transition and updated_at usage intact but
do not re-raise on failure.

In `@src/synthorg/meta/charter/service.py`:
- Around line 114-130: The per-process asyncio locks created in _lock_for do not
prevent concurrent run_turn executions across multiple workers; replace the
in-memory lock strategy with a cross-process locking mechanism keyed by
conversation_id (e.g., a Redis-based distributed lock or a database advisory/row
lock) so sequencing and next_sequence generation are serialized cluster-wide;
update _lock_for (and any callers such as run_turn and the code handling
next_sequence) to acquire and release the distributed lock (using the
conversation_id as the key) and fall back to a safe DB transaction (SELECT ...
FOR UPDATE or an advisory lock) when Redis is unavailable to ensure only one
worker computes/inserts sequence values at a time.

In `@src/synthorg/meta/mcp/handlers/charter.py`:
- Around line 206-212: The cancel flow currently calls
svc.cancel_charter(charter_id, cancelled_by=_actor_id(actor),
enforce_ownership=False) without local admin checks; update the handler in
charter.py to invoke require_admin_guardrails() (the local admin guard) before
calling svc.cancel_charter with enforce_ownership=False so that only callers who
pass the admin guard can bypass ownership; locate the call site using
cancel_charter and _actor_id(actor) and ensure the require_admin_guardrails()
call appears immediately prior to the service call (or else change
enforce_ownership to True and let the service-layer guardrails handle admin
bypass).

In `@src/synthorg/persistence/sqlite/schema.sql`:
- Line 1786: project_charters allows dangling references; add proper foreign key
constraints so conversation_id and project_id reference their parent tables to
prevent orphan charters. Edit the CREATE TABLE for project_charters to add
FOREIGN KEY(conversation_id) REFERENCES conversations(id) and FOREIGN
KEY(project_id) REFERENCES projects(id) (choose ON DELETE CASCADE if you want
charters removed when a parent is deleted, or ON DELETE RESTRICT to prevent
parent deletion while charters exist), and ensure the existing CHECK/NOT NULL
definitions for conversation_id/project_id remain; also add matching indexes if
not present.

In `@tests/e2e/test_charter_to_run_e2e.py`:
- Around line 454-456: Ensure the test asserts there is exactly one forecast
before selecting it: add an assertion checking the cardinality of
forecast_repo.items (e.g., assert len(forecast_repo.items) == 1) prior to
retrieving the single forecast with next(iter(...)); then proceed to assert
forecast.decision is ForecastDecision.APPROVED and forecast.ceiling_amount ==
pytest.approx(_AMOUNT) to avoid silently masking duplicate writes when using
forecast_repo, items, and forecast variables.

In `@tests/unit/meta/charter/test_dispatch.py`:
- Around line 329-333: Tighten the assertion to check the structured charter id
as well as the event: modify the any(...) check over log_records to require
record.get("event") == CHARTER_DISPATCH_FAILED and record.get("charter_id") ==
charter.id (or the test's expected charter_id variable) so the test verifies
both the event name and the charter_id are present in the logged record.

In `@web/src/api/endpoints/charter.ts`:
- Around line 11-16: The CharterFilters interface currently exposes offset-based
paging (offset?: number) which violates the opaque cursor-based pagination
contract; replace offset with a cursor?: string (or afterCursor/nextCursor as
your project uses) and ensure callers/store code using CharterFilters and the
list endpoint consume/produce the opaque cursor (PaginationMeta) instead of
arithmetic offsets—update the CharterFilters type, any call-sites that pass
offset to listCharters/list endpoint, and the endpoint/handler that returns
PaginationMeta (nextCursor/hasMore) so the client and store use the cursor
string and limit for paging.

In `@web/src/mocks/handlers/charter.ts`:
- Line 34: The mock fixture currently hardcodes the currency field to 'USD';
replace that literal with the project-wide regional default currency
constant/function instead of embedding a locale-specific value. Import and use
the exported identifier (e.g., DEFAULT_CURRENCY or getDefaultCurrency) from the
shared regional/config fixture and assign it to the currency property in this
charter mock (currency), adding a safe fallback only if the import could be
undefined. Update the import and the currency assignment in
web/src/mocks/handlers/charter.ts so the fixture uses the centralized regional
default rather than the hardcoded 'USD'.
- Line 90: The mock handler always returns a hard-coded project_id
('charter-charter-default'); change it to derive the ID from the request params
so responses match the requested charter ID—use the handler's request param
(req.params.id) when building the approve response's project_id (e.g., replace
the static 'project_id' value in the charter mock response with the value from
req.params.id or a format that incorporates it) so tests and callers see a
consistent ID; update the code in web/src/mocks/handlers/charter.ts where
project_id is set.

In `@web/src/pages/charter/CharterDraftCard.tsx`:
- Around line 44-49: CharterDraftCard currently initializes local state (brief,
amount) only once and can become stale when the parent supplies a new charter;
add a useEffect in CharterDraftCard that watches the incoming charter identity
(e.g., charter.id and charter.version or the whole charter object) and calls
setBrief(charter.brief) and setAmount(String(charter.envelope.amount)) when
those change so the local brief/amount are resynchronised; keep existing
parsedAmount/amountValid/dirty logic but ensure the effect keys target the
charter identity (id/version) to avoid clobbering in-progress edits for the same
charter.

In `@web/src/pages/CharterInterviewPage.tsx`:
- Line 64: The "New interview" Button in CharterInterviewPage.tsx currently
disables only on the local sending flag which allows resetInterview to race with
ongoing charter mutations; update the Button's disabled gating to include the
mutation state (combine sending and mutating) so the button is disabled while a
charter mutation is in flight (reference the Button element, the resetInterview
handler, and the sending and mutating variables).

In `@web/src/stores/charter.ts`:
- Around line 71-114: The runTurn handler allows overlapping calls which lets a
failed earlier turn overwrite a later successful turn when it restores
previousMessages; fix by tagging the optimistic user message with a unique turn
id (create optimisticMessageId before set) and store the currentTurnId in state
(or keep optimisticMessageId in a local closure and also set it in state), then
on error only restore previousMessages if the stored
currentTurnId/lastOptimisticId still matches the id created for this runTurn
invocation; update references in runTurn that set sending/messages and the catch
block restore logic to check that id match before calling set({ sending:false,
messages: previousMessages }) so concurrent turns do not clobber newer
transcript state.

---

Outside diff comments:
In `@tests/conformance/persistence/test_charter_repository.py`:
- Around line 349-375: The test currently never performs a failing DB write;
update test_constraint_violation_on_corrupt_raw_write to perform a
raw/bypassing-model insert that violates the approval-coupling CHECK (e.g.
insert a row with status=DRAFT but with approved_at/approved_by set) using the
lower-level backend execution path (use the provided backend/DB execute/raw SQL
helper available in the test harness) and assert that this operation raises
ConstraintViolationError; keep the existing setup using repo/_repo and
_make_charter, then run the raw INSERT against the charters table (via
backend.execute or the test-suite raw SQL helper) and assert raises
ConstraintViolationError to validate DB-level constraint enforcement.

In `@tests/unit/api/controllers/test_charter.py`:
- Around line 22-57: Add two unwired-degradation tests to
TestCharterControllerUnwired: one asserting PATCH
"/api/v1/meta/charters/charter-1" returns _SERVICE_UNAVAILABLE (name it
test_patch_returns_503_when_unwired) and one asserting POST
"/api/v1/meta/charters/charter-1/cancel" returns _SERVICE_UNAVAILABLE (name it
test_cancel_returns_503_when_unwired); use the existing test_client fixture and
mirror the style of test_approve_returns_503_when_dispatcher_unwired and
test_interview_returns_503_when_unwired so the suite covers edit (PATCH) and
cancel routes as well.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration

Configuration used: Repository UI (base), Organization UI (inherited)

Review profile: ASSERTIVE

Plan: Pro

Run ID: 67514ae6-1b02-4c08-97e4-8df1fa04147c

📥 Commits

Reviewing files that changed from the base of the PR and between f81a5ac and ae4b6f7.

📒 Files selected for processing (75)
  • scripts/_ghost_wiring_manifest.txt
  • scripts/run_affected_tests.py
  • src/synthorg/api/app.py
  • src/synthorg/api/controllers/__init__.py
  • src/synthorg/api/controllers/charter.py
  • src/synthorg/api/rate_limits/policies.py
  • src/synthorg/api/state.py
  • src/synthorg/api/state_services_facades.py
  • src/synthorg/api/state_services_facades_mcp3.py
  • src/synthorg/core/enums.py
  • src/synthorg/core/error_taxonomy.py
  • src/synthorg/meta/charter/__init__.py
  • src/synthorg/meta/charter/config.py
  • src/synthorg/meta/charter/dispatch.py
  • src/synthorg/meta/charter/factory.py
  • src/synthorg/meta/charter/models.py
  • src/synthorg/meta/charter/prompts.py
  • src/synthorg/meta/charter/service.py
  • src/synthorg/meta/charter/strategy.py
  • src/synthorg/meta/config.py
  • src/synthorg/meta/errors.py
  • src/synthorg/meta/mcp/domains/__init__.py
  • src/synthorg/meta/mcp/domains/_charter_args.py
  • src/synthorg/meta/mcp/domains/charter.py
  • src/synthorg/meta/mcp/handlers/__init__.py
  • src/synthorg/meta/mcp/handlers/charter.py
  • src/synthorg/observability/events/charter.py
  • src/synthorg/observability/events/persistence.py
  • src/synthorg/observability/prometheus_labels.py
  • src/synthorg/persistence/charter_factory.py
  • src/synthorg/persistence/charter_protocol.py
  • src/synthorg/persistence/postgres/charter_repo.py
  • src/synthorg/persistence/postgres/revisions/20260522000002_project_charters.sql
  • src/synthorg/persistence/postgres/schema.sql
  • src/synthorg/persistence/sqlite/charter_repo.py
  • src/synthorg/persistence/sqlite/revisions/20260522000002_project_charters.sql
  • src/synthorg/persistence/sqlite/schema.sql
  • src/synthorg/settings/definitions/__init__.py
  • src/synthorg/settings/definitions/charter.py
  • src/synthorg/settings/enums.py
  • tests/conformance/persistence/test_charter_repository.py
  • tests/e2e/test_charter_to_run_e2e.py
  • tests/unit/api/conftest.py
  • tests/unit/api/controllers/test_charter.py
  • tests/unit/conftest.py
  • tests/unit/meta/charter/__init__.py
  • tests/unit/meta/charter/test_dispatch.py
  • tests/unit/meta/charter/test_factory.py
  • tests/unit/meta/charter/test_models.py
  • tests/unit/meta/charter/test_service.py
  • tests/unit/meta/charter/test_strategy.py
  • tests/unit/meta/mcp/handlers/test_charter.py
  • tests/unit/meta/mcp/test_all_handlers_wired.py
  • tests/unit/observability/test_events.py
  • tests/unit/scripts/test_run_affected_tests.py
  • web/src/__tests__/pages/CharterInterviewPage.test.tsx
  • web/src/__tests__/stores/charter.test.ts
  • web/src/api/endpoints/charter.ts
  • web/src/api/endpoints/index.ts
  • web/src/api/types/dtos.gen.ts
  • web/src/api/types/enum-values.gen.ts
  • web/src/api/types/error-codes.gen.ts
  • web/src/api/types/openapi.gen.ts
  • web/src/components/layout/Sidebar.tsx
  • web/src/mocks/handlers/charter.ts
  • web/src/mocks/handlers/index.ts
  • web/src/pages/CharterInterviewPage.tsx
  • web/src/pages/charter/CharterDraftCard.tsx
  • web/src/pages/charter/InterviewChat.tsx
  • web/src/pages/settings/utils.ts
  • web/src/router/index.tsx
  • web/src/router/route-titles.ts
  • web/src/router/routes.ts
  • web/src/stores/charter.ts
  • web/src/utils/constants.ts
📜 Review details
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (13)
  • GitHub Check: Deploy Preview
  • GitHub Check: Build Backend
  • GitHub Check: Dashboard Test
  • GitHub Check: Test Conformance (SQLite)
  • GitHub Check: Test Unit
  • GitHub Check: Test Integration
  • GitHub Check: Test E2E
  • GitHub Check: CodSpeed Web benchmarks
  • GitHub Check: CodSpeed Python benchmarks
  • GitHub Check: Lighthouse Dashboard
  • GitHub Check: Build Web Assets (melange)
  • GitHub Check: Analyze (python)
  • GitHub Check: Analyze (javascript-typescript)
🧰 Additional context used
📓 Path-based instructions (19)
web/src/**/*.{js,jsx,ts,tsx,mts}

📄 CodeRabbit inference engine (web/CLAUDE.md)

web/src/**/*.{js,jsx,ts,tsx,mts}: Always use createLogger from @/lib/logger; never bare console.warn/console.error/console.debug in application code. Variable name must always be log. Only logger.ts itself may use bare console methods. Use log.debug() (DEV-only, stripped in production), log.warn(), log.error().
Pass dynamic/untrusted values as separate args to logger calls (not interpolated into the message string) so they go through sanitizeArg
Attacker-controlled fields inside structured objects must be wrapped in sanitizeForLog() before embedding in log calls
Error-code constants (MANDATORY): import ErrorCode and ErrorCategory from @/api/types/errors (re-exported from the generated web/src/api/types/error-codes.gen.ts). Discriminate on ErrorCode.<NAME>, never on raw integer literals.
Use @eslint-react/web-api-no-leaked-fetch to detect fetch() in effects without AbortController cleanup

Files:

  • web/src/api/endpoints/index.ts
  • web/src/router/routes.ts
  • web/src/components/layout/Sidebar.tsx
  • web/src/router/index.tsx
  • web/src/pages/settings/utils.ts
  • web/src/router/route-titles.ts
  • web/src/__tests__/pages/CharterInterviewPage.test.tsx
  • web/src/utils/constants.ts
  • web/src/pages/charter/InterviewChat.tsx
  • web/src/pages/CharterInterviewPage.tsx
  • web/src/mocks/handlers/charter.ts
  • web/src/api/types/enum-values.gen.ts
  • web/src/stores/charter.ts
  • web/src/pages/charter/CharterDraftCard.tsx
  • web/src/api/types/error-codes.gen.ts
  • web/src/__tests__/stores/charter.test.ts
  • web/src/api/endpoints/charter.ts
  • web/src/api/types/dtos.gen.ts
  • web/src/mocks/handlers/index.ts
  • web/src/api/types/openapi.gen.ts
web/src/{api/endpoints,stores}/**/*.ts

📄 CodeRabbit inference engine (web/CLAUDE.md)

Cursor pagination (MANDATORY): list endpoints must use opaque cursor-based paging via PaginationMeta. Stores must keep nextCursor + hasMore in state (not offset arithmetic) and early-return when !hasMore || !nextCursor. Display counts must come from data.length.

Files:

  • web/src/api/endpoints/index.ts
  • web/src/stores/charter.ts
  • web/src/api/endpoints/charter.ts
web/src/api/endpoints/**/*.ts

📄 CodeRabbit inference engine (web/CLAUDE.md)

Health / readiness endpoints (MANDATORY): getLiveness() is always 200 while the process is alive; getReadiness() is 200 healthy / 503 unavailable (binary 'ok' | 'unavailable' outcome, no tri-state). Any new caller must handle the 503 path explicitly.

Files:

  • web/src/api/endpoints/index.ts
  • web/src/api/endpoints/charter.ts
web/src/**/*.{ts,tsx,mts}

📄 CodeRabbit inference engine (web/CLAUDE.md)

web/src/**/*.{ts,tsx,mts}: Use @typescript-eslint/no-floating-promises to forbid unawaited promises so async work cannot survive the test that scheduled it and trip the active-handle gate
Use @typescript-eslint/no-misused-promises (with checksVoidReturn: { attributes: false }) to forbid passing async functions where the callsite ignores the returned promise. React 19 async event handlers stay allowed via the attributes: false exemption.

Files:

  • web/src/api/endpoints/index.ts
  • web/src/router/routes.ts
  • web/src/components/layout/Sidebar.tsx
  • web/src/router/index.tsx
  • web/src/pages/settings/utils.ts
  • web/src/router/route-titles.ts
  • web/src/__tests__/pages/CharterInterviewPage.test.tsx
  • web/src/utils/constants.ts
  • web/src/pages/charter/InterviewChat.tsx
  • web/src/pages/CharterInterviewPage.tsx
  • web/src/mocks/handlers/charter.ts
  • web/src/api/types/enum-values.gen.ts
  • web/src/stores/charter.ts
  • web/src/pages/charter/CharterDraftCard.tsx
  • web/src/api/types/error-codes.gen.ts
  • web/src/__tests__/stores/charter.test.ts
  • web/src/api/endpoints/charter.ts
  • web/src/api/types/dtos.gen.ts
  • web/src/mocks/handlers/index.ts
  • web/src/api/types/openapi.gen.ts
**/*.{py,ts,tsx,jsx,md}

📄 CodeRabbit inference engine (CLAUDE.md)

No region/currency/locale privileged; use metric units; British English per docs/reference/regional-defaults.md

Files:

  • web/src/api/endpoints/index.ts
  • src/synthorg/meta/charter/factory.py
  • web/src/router/routes.ts
  • src/synthorg/observability/events/charter.py
  • web/src/components/layout/Sidebar.tsx
  • web/src/router/index.tsx
  • web/src/pages/settings/utils.ts
  • src/synthorg/core/enums.py
  • web/src/router/route-titles.ts
  • src/synthorg/settings/definitions/__init__.py
  • web/src/__tests__/pages/CharterInterviewPage.test.tsx
  • src/synthorg/meta/mcp/domains/__init__.py
  • web/src/utils/constants.ts
  • src/synthorg/meta/charter/prompts.py
  • web/src/pages/charter/InterviewChat.tsx
  • tests/unit/meta/charter/test_factory.py
  • src/synthorg/meta/mcp/domains/_charter_args.py
  • src/synthorg/api/rate_limits/policies.py
  • web/src/pages/CharterInterviewPage.tsx
  • tests/unit/conftest.py
  • src/synthorg/meta/charter/__init__.py
  • src/synthorg/api/state.py
  • web/src/mocks/handlers/charter.ts
  • tests/unit/api/conftest.py
  • src/synthorg/persistence/charter_factory.py
  • tests/unit/observability/test_events.py
  • web/src/api/types/enum-values.gen.ts
  • src/synthorg/meta/charter/config.py
  • src/synthorg/api/controllers/__init__.py
  • web/src/stores/charter.ts
  • tests/unit/api/controllers/test_charter.py
  • src/synthorg/api/controllers/charter.py
  • web/src/pages/charter/CharterDraftCard.tsx
  • tests/unit/meta/charter/test_strategy.py
  • tests/unit/meta/mcp/test_all_handlers_wired.py
  • web/src/api/types/error-codes.gen.ts
  • src/synthorg/observability/prometheus_labels.py
  • src/synthorg/api/state_services_facades_mcp3.py
  • web/src/__tests__/stores/charter.test.ts
  • src/synthorg/settings/enums.py
  • web/src/api/endpoints/charter.ts
  • src/synthorg/meta/errors.py
  • src/synthorg/observability/events/persistence.py
  • src/synthorg/meta/mcp/handlers/__init__.py
  • src/synthorg/api/state_services_facades.py
  • src/synthorg/persistence/charter_protocol.py
  • tests/unit/meta/mcp/handlers/test_charter.py
  • src/synthorg/meta/mcp/domains/charter.py
  • src/synthorg/settings/definitions/charter.py
  • src/synthorg/meta/charter/strategy.py
  • tests/e2e/test_charter_to_run_e2e.py
  • web/src/api/types/dtos.gen.ts
  • src/synthorg/persistence/sqlite/charter_repo.py
  • src/synthorg/meta/mcp/handlers/charter.py
  • tests/unit/meta/charter/test_service.py
  • src/synthorg/core/error_taxonomy.py
  • src/synthorg/api/app.py
  • tests/unit/scripts/test_run_affected_tests.py
  • tests/unit/meta/charter/test_models.py
  • src/synthorg/meta/charter/dispatch.py
  • tests/unit/meta/charter/test_dispatch.py
  • web/src/mocks/handlers/index.ts
  • scripts/run_affected_tests.py
  • src/synthorg/meta/charter/service.py
  • src/synthorg/persistence/postgres/charter_repo.py
  • src/synthorg/meta/config.py
  • tests/conformance/persistence/test_charter_repository.py
  • web/src/api/types/openapi.gen.ts
  • src/synthorg/meta/charter/models.py
src/synthorg/**/*.py

📄 CodeRabbit inference engine (CLAUDE.md)

src/synthorg/**/*.py: Only src/synthorg/persistence/ may import sqlite/psycopg or emit raw SQL; new repository protocols inherit from generic categories in persistence/_generics.py; bespoke methods permitted only under ADR-0001 D7
Configuration Precedence: DB > env > code default via SettingsService/ConfigResolver (Cat-1) or env > code default (Cat-2, read_only_post_init); Cat-3 bootstrap secrets pure env; YAML is ingestion format only, not precedence tier; no os.environ.get outside startup
No hardcoded numeric values; numerics live in settings/definitions/; allowlist only 0/1/-1, HTTP codes, hex masks, powers-of-2, and module-level annotated named constants (NAME: int|float|Final); enforced by scripts/check_no_magic_numbers.py
Comments document WHY only; no reviewer citations, issue back-refs, or migration framing; enforced by check_no_review_origin_in_code.py + check_no_migration_framing.py
No from __future__ import annotations (Python 3.14 has PEP 649); use PEP 758 except: except A, B: no parens unless binding
Type hints on public functions; mypy strict; Google-style docstrings; line length 88; functions <50 lines; files <800 lines
Errors follow <Domain><Condition>Error pattern from DomainError; never inherit Exception/RuntimeError directly; enforced by check_domain_error_hierarchy.py
Pydantic v2 frozen + extra="forbid" on every frozen model project-wide; gate check_frozen_model_extra_forbid.py; @computed_field auto-exempt; per-line # lint-allow: frozen-extra-forbid -- <reason> for extra="allow"/"ignore" boundaries; use @computed_field for derived; use NotBlankStr for identifiers
Args models at every system boundary; parse_typed() for every external dict ingestion; enforced by check_boundary_typed.py
Immutability: use model_copy(update=...) or copy.deepcopy(); deepcopy at system boundaries
Async: use asyncio.TaskGroup for fan-out/fan-in; helpers catch Exception (re-raise MemoryError/`RecursionError...

Files:

  • src/synthorg/meta/charter/factory.py
  • src/synthorg/observability/events/charter.py
  • src/synthorg/core/enums.py
  • src/synthorg/settings/definitions/__init__.py
  • src/synthorg/meta/mcp/domains/__init__.py
  • src/synthorg/meta/charter/prompts.py
  • src/synthorg/meta/mcp/domains/_charter_args.py
  • src/synthorg/api/rate_limits/policies.py
  • src/synthorg/meta/charter/__init__.py
  • src/synthorg/api/state.py
  • src/synthorg/persistence/charter_factory.py
  • src/synthorg/meta/charter/config.py
  • src/synthorg/api/controllers/__init__.py
  • src/synthorg/api/controllers/charter.py
  • src/synthorg/observability/prometheus_labels.py
  • src/synthorg/api/state_services_facades_mcp3.py
  • src/synthorg/settings/enums.py
  • src/synthorg/meta/errors.py
  • src/synthorg/observability/events/persistence.py
  • src/synthorg/meta/mcp/handlers/__init__.py
  • src/synthorg/api/state_services_facades.py
  • src/synthorg/persistence/charter_protocol.py
  • src/synthorg/meta/mcp/domains/charter.py
  • src/synthorg/settings/definitions/charter.py
  • src/synthorg/meta/charter/strategy.py
  • src/synthorg/persistence/sqlite/charter_repo.py
  • src/synthorg/meta/mcp/handlers/charter.py
  • src/synthorg/core/error_taxonomy.py
  • src/synthorg/api/app.py
  • src/synthorg/meta/charter/dispatch.py
  • src/synthorg/meta/charter/service.py
  • src/synthorg/persistence/postgres/charter_repo.py
  • src/synthorg/meta/config.py
  • src/synthorg/meta/charter/models.py
src/**/*.py

⚙️ CodeRabbit configuration file

This project uses Python 3.14+ with PEP 758 except syntax: "except A, B:" (comma-separated, no parentheses) is correct and mandatory -- do NOT flag it as a typo or suggest parenthesized form. The "except builtins.MemoryError, RecursionError: raise" pattern is intentional project convention for system-error propagation. When evaluating the 50-line function limit, count only the function body excluding the signature lines, decorators, and docstring. Functions 1-5 lines over due to docstrings or multi-line signatures should not be flagged. Do not suggest extracting single-use helper functions called exactly once -- this reduces readability without improving maintainability.

Files:

  • src/synthorg/meta/charter/factory.py
  • src/synthorg/observability/events/charter.py
  • src/synthorg/core/enums.py
  • src/synthorg/settings/definitions/__init__.py
  • src/synthorg/meta/mcp/domains/__init__.py
  • src/synthorg/meta/charter/prompts.py
  • src/synthorg/meta/mcp/domains/_charter_args.py
  • src/synthorg/api/rate_limits/policies.py
  • src/synthorg/meta/charter/__init__.py
  • src/synthorg/api/state.py
  • src/synthorg/persistence/charter_factory.py
  • src/synthorg/meta/charter/config.py
  • src/synthorg/api/controllers/__init__.py
  • src/synthorg/api/controllers/charter.py
  • src/synthorg/observability/prometheus_labels.py
  • src/synthorg/api/state_services_facades_mcp3.py
  • src/synthorg/settings/enums.py
  • src/synthorg/meta/errors.py
  • src/synthorg/observability/events/persistence.py
  • src/synthorg/meta/mcp/handlers/__init__.py
  • src/synthorg/api/state_services_facades.py
  • src/synthorg/persistence/charter_protocol.py
  • src/synthorg/meta/mcp/domains/charter.py
  • src/synthorg/settings/definitions/charter.py
  • src/synthorg/meta/charter/strategy.py
  • src/synthorg/persistence/sqlite/charter_repo.py
  • src/synthorg/meta/mcp/handlers/charter.py
  • src/synthorg/core/error_taxonomy.py
  • src/synthorg/api/app.py
  • src/synthorg/meta/charter/dispatch.py
  • src/synthorg/meta/charter/service.py
  • src/synthorg/persistence/postgres/charter_repo.py
  • src/synthorg/meta/config.py
  • src/synthorg/meta/charter/models.py
web/src/{components,utils}/**/*.{ts,tsx}

📄 CodeRabbit inference engine (web/CLAUDE.md)

NEVER write getXIcon(value): LucideIcon factories called inside JSX bodies. Export a <XIcon value={...} /> wrapper that does the lookup via createElement inside the wrapper body. Wrapper components live in their own file, not alongside utility exports.

Files:

  • web/src/components/layout/Sidebar.tsx
  • web/src/utils/constants.ts
web/src/{components,hooks}/**/*.{ts,tsx}

📄 CodeRabbit inference engine (web/CLAUDE.md)

NEVER read window.innerWidth / window.innerHeight directly in a render body or useMemo; use useViewportSize() from @/hooks/useViewportSize instead

Files:

  • web/src/components/layout/Sidebar.tsx
web/src/**/*.{jsx,tsx}

📄 CodeRabbit inference engine (web/CLAUDE.md)

web/src/**/*.{jsx,tsx}: Use @eslint-react/no-leaked-conditional-rendering to catch the {count && <Foo />} bug where 0 renders verbatim. For ReactNode | undefined props use {value != null && value !== false && <jsx>}; for compound truthiness use Boolean(...).
Use @eslint-react/globals to restrict window / document / localStorage / etc. inside render. Hoist offenders into a useCallback event handler, a useEffect, or a useSyncExternalStore-backed hook.

Reuse web/src/components/ui/ design tokens in Web Dashboard Design System; detail in web/CLAUDE.md

Files:

  • web/src/components/layout/Sidebar.tsx
  • web/src/router/index.tsx
  • web/src/__tests__/pages/CharterInterviewPage.test.tsx
  • web/src/pages/charter/InterviewChat.tsx
  • web/src/pages/CharterInterviewPage.tsx
  • web/src/pages/charter/CharterDraftCard.tsx
web/src/{stores,**/*.test.{ts,tsx}}

📄 CodeRabbit inference engine (web/CLAUDE.md)

Active-handle gate (MANDATORY): every unit test runs under web/test-infra/active-handle-tracker.ts, which fails any test that leaks an event-loop-holding resource. A new store that schedules timers / attaches listeners MUST expose a teardown hook and register it in the global afterEach; otherwise the gate fails the first test that triggers the schedule.

Files:

  • web/src/__tests__/pages/CharterInterviewPage.test.tsx
  • web/src/__tests__/stores/charter.test.ts
src/synthorg/meta/mcp/**/*.py

📄 CodeRabbit inference engine (CLAUDE.md)

MCP: Define ToolHandler + args_model; call require_admin_guardrails() on admin tools; route through service layers per mcp-handler-contract.md

Files:

  • src/synthorg/meta/mcp/domains/__init__.py
  • src/synthorg/meta/mcp/domains/_charter_args.py
  • src/synthorg/meta/mcp/handlers/__init__.py
  • src/synthorg/meta/mcp/domains/charter.py
  • src/synthorg/meta/mcp/handlers/charter.py
web/src/utils/constants.ts

📄 CodeRabbit inference engine (web/CLAUDE.md)

WS wire protocol (MANDATORY): the client-server contract lives in web/src/utils/constants.ts (WS_PROTOCOL_VERSION, WS_MAX_MESSAGE_SIZE, WS_HEARTBEAT_INTERVAL_MS, WS_PONG_TIMEOUT_MS, LOG_SANITIZE_MAX_LENGTH) and MUST stay in lockstep with src/synthorg/api/ws_models.py / src/synthorg/api/controllers/ws.py. Bump the protocol version on both sides together for breaking payload changes.

Files:

  • web/src/utils/constants.ts
tests/**/*.py

📄 CodeRabbit inference engine (CLAUDE.md)

tests/**/*.py: Timeout/slow failures = source-code regression; never edit tests/baselines/unit_timing.json or any scripts/*_baseline.{txt,json} / scripts/_*_baseline.py; both families PreToolUse-blocked; per-invocation bypass requires explicit approval (ALLOW_BASELINE_GROWTH=1 git commit)
Test markers: @pytest.mark.{unit,integration,e2e,slow}; async auto; timeout 30s global; coverage 80% min
xdist -n 8 --dist=loadfile auto-applied via pyproject addopts; Windows unit tests use WindowsSelectorEventLoopPolicy; subprocess tests override back
Test doubles: FakeClock for Clock seam, mock_of[T](**overrides) for typed-boundary substitutions, SimpleNamespace for attribute-bags; bare MagicMock at typed boundary blocked by scripts/check_mock_spec.py
Hypothesis: 10 deterministic CI examples; failures are real bugs (fix + add @example(...)); never skip/xfail flaky tests; fix fundamentally

Files:

  • tests/unit/meta/charter/test_factory.py
  • tests/unit/conftest.py
  • tests/unit/api/conftest.py
  • tests/unit/observability/test_events.py
  • tests/unit/api/controllers/test_charter.py
  • tests/unit/meta/charter/test_strategy.py
  • tests/unit/meta/mcp/test_all_handlers_wired.py
  • tests/unit/meta/mcp/handlers/test_charter.py
  • tests/e2e/test_charter_to_run_e2e.py
  • tests/unit/meta/charter/test_service.py
  • tests/unit/scripts/test_run_affected_tests.py
  • tests/unit/meta/charter/test_models.py
  • tests/unit/meta/charter/test_dispatch.py
  • tests/conformance/persistence/test_charter_repository.py

⚙️ CodeRabbit configuration file

Test files do not require Google-style docstrings on classes or functions -- ruff D rules are only enforced on src/. A bare @settings() decorator with no arguments on Hypothesis property tests is a no-op and should not be suggested -- the HYPOTHESIS_PROFILE env var controls example counts via registered profiles, which @given() honors automatically.

Files:

  • tests/unit/meta/charter/test_factory.py
  • tests/unit/conftest.py
  • tests/unit/api/conftest.py
  • tests/unit/observability/test_events.py
  • tests/unit/api/controllers/test_charter.py
  • tests/unit/meta/charter/test_strategy.py
  • tests/unit/meta/mcp/test_all_handlers_wired.py
  • tests/unit/meta/mcp/handlers/test_charter.py
  • tests/e2e/test_charter_to_run_e2e.py
  • tests/unit/meta/charter/test_service.py
  • tests/unit/scripts/test_run_affected_tests.py
  • tests/unit/meta/charter/test_models.py
  • tests/unit/meta/charter/test_dispatch.py
  • tests/conformance/persistence/test_charter_repository.py
web/src/mocks/handlers/**/*.ts

📄 CodeRabbit inference engine (web/CLAUDE.md)

web/src/mocks/handlers/**/*.ts: MSW handlers (MANDATORY): web/src/mocks/handlers/ must mirror web/src/api/endpoints/*.ts 1:1 with a default happy-path handler for every exported endpoint. Use onUnhandledRequest: 'error' in test setup; tests override per-case via server.use(...), never vi.mock('@/api/endpoints/*').
Use typed envelope helpers (successFor, paginatedFor, voidSuccess) to keep MSW handlers in lockstep with endpoint return types

Files:

  • web/src/mocks/handlers/charter.ts
  • web/src/mocks/handlers/index.ts
src/synthorg/persistence/**/*.py

📄 CodeRabbit inference engine (CLAUDE.md)

src/synthorg/persistence/**/*.py: Repository CRUD: save(entity), get(id), delete(id) -> bool, list_items(...), query(...) returning tuples
Datetime in persistence: use parse_iso_utc / format_iso_utc from persistence._shared (reject naive); use normalize_utc for already-typed

Files:

  • src/synthorg/persistence/charter_factory.py
  • src/synthorg/persistence/charter_protocol.py
  • src/synthorg/persistence/sqlite/charter_repo.py
  • src/synthorg/persistence/postgres/charter_repo.py
web/src/api/types/**/*.gen.ts

📄 CodeRabbit inference engine (web/CLAUDE.md)

Generated DTO types (MANDATORY): NEVER hand-edit web/src/api/types/*.gen.ts. Regenerate with uv run python scripts/generate_dto_types_ts.py. Import DTOs via the barrel (import type { AgentConfig } from '@/api/types').

Files:

  • web/src/api/types/enum-values.gen.ts
  • web/src/api/types/error-codes.gen.ts
  • web/src/api/types/dtos.gen.ts
  • web/src/api/types/openapi.gen.ts
web/src/stores/**/*.ts

📄 CodeRabbit inference engine (web/CLAUDE.md)

web/src/stores/**/*.ts: List reads (fetch*) must set error: string | null on the store instead of toasting
Test teardown (MANDATORY): any new store that schedules timers or attaches event listeners must expose an equivalent cleanup hook and register it in the global afterEach. The global afterEach in web/src/test-setup.tsx already calls useToastStore.getState().dismissAll(), cancelPendingPersist(), and useThemeStore.getState().teardown().

Files:

  • web/src/stores/charter.ts
tests/conformance/persistence/**/*.py

📄 CodeRabbit inference engine (CLAUDE.md)

Dual-backend conformance: tests/conformance/persistence/ consumes backend fixture (SQLite + Postgres); enforced by check_dual_backend_test_parity.py

Files:

  • tests/conformance/persistence/test_charter_repository.py
🧠 Learnings (5)
📚 Learning: 2026-05-05T09:04:46.195Z 
Learnt from: Aureliolo
Repo: Aureliolo/synthorg PR: 1760
File: scripts/_dual_backend_parity_lib.py:215-216
Timestamp: 2026-05-05T09:04:46.195Z
Learning: This repository targets Python 3.14+ and follows PEP 758. Therefore, reviewer tooling should NOT treat unparenthesized multi-exception `except` clauses written without an `as` clause (e.g., `except MemoryError, RecursionError:`) as syntax errors. Only flag `except`-clause problems when they are genuinely invalid for Python 3.14+.

Applied to files:

  • src/synthorg/meta/charter/factory.py
  • src/synthorg/observability/events/charter.py
  • src/synthorg/core/enums.py
  • src/synthorg/settings/definitions/__init__.py
  • src/synthorg/meta/mcp/domains/__init__.py
  • src/synthorg/meta/charter/prompts.py
  • tests/unit/meta/charter/test_factory.py
  • src/synthorg/meta/mcp/domains/_charter_args.py
  • src/synthorg/api/rate_limits/policies.py
  • tests/unit/conftest.py
  • src/synthorg/meta/charter/__init__.py
  • src/synthorg/api/state.py
  • tests/unit/api/conftest.py
  • src/synthorg/persistence/charter_factory.py
  • tests/unit/observability/test_events.py
  • src/synthorg/meta/charter/config.py
  • src/synthorg/api/controllers/__init__.py
  • tests/unit/api/controllers/test_charter.py
  • src/synthorg/api/controllers/charter.py
  • tests/unit/meta/charter/test_strategy.py
  • tests/unit/meta/mcp/test_all_handlers_wired.py
  • src/synthorg/observability/prometheus_labels.py
  • src/synthorg/api/state_services_facades_mcp3.py
  • src/synthorg/settings/enums.py
  • src/synthorg/meta/errors.py
  • src/synthorg/observability/events/persistence.py
  • src/synthorg/meta/mcp/handlers/__init__.py
  • src/synthorg/api/state_services_facades.py
  • src/synthorg/persistence/charter_protocol.py
  • tests/unit/meta/mcp/handlers/test_charter.py
  • src/synthorg/meta/mcp/domains/charter.py
  • src/synthorg/settings/definitions/charter.py
  • src/synthorg/meta/charter/strategy.py
  • tests/e2e/test_charter_to_run_e2e.py
  • src/synthorg/persistence/sqlite/charter_repo.py
  • src/synthorg/meta/mcp/handlers/charter.py
  • tests/unit/meta/charter/test_service.py
  • src/synthorg/core/error_taxonomy.py
  • src/synthorg/api/app.py
  • tests/unit/scripts/test_run_affected_tests.py
  • tests/unit/meta/charter/test_models.py
  • src/synthorg/meta/charter/dispatch.py
  • tests/unit/meta/charter/test_dispatch.py
  • scripts/run_affected_tests.py
  • src/synthorg/meta/charter/service.py
  • src/synthorg/persistence/postgres/charter_repo.py
  • src/synthorg/meta/config.py
  • tests/conformance/persistence/test_charter_repository.py
  • src/synthorg/meta/charter/models.py
📚 Learning: 2026-05-21T22:55:20.496Z 
Learnt from: Aureliolo
Repo: Aureliolo/synthorg PR: 2035
File: src/synthorg/meta/toolsmith/models.py:114-114
Timestamp: 2026-05-21T22:55:20.496Z
Learning: In this repo’s “magic number” review standard, the existing gate in `scripts/check_no_magic_numbers.py` intentionally does NOT flag numeric literals used as raw call-site arguments. So, do not flag numeric literals passed as keyword arguments to Pydantic `Field()` (e.g., `Field(ge=0, le=100)` / `Field(ge=1, le=50)`)—this is an established idiom. Only treat numeric literals as “magic numbers” when they occur in the locations the gate checks (module-level assignments and function/method parameter defaults).

Applied to files:

  • src/synthorg/meta/charter/factory.py
  • src/synthorg/observability/events/charter.py
  • src/synthorg/core/enums.py
  • src/synthorg/settings/definitions/__init__.py
  • src/synthorg/meta/mcp/domains/__init__.py
  • src/synthorg/meta/charter/prompts.py
  • tests/unit/meta/charter/test_factory.py
  • src/synthorg/meta/mcp/domains/_charter_args.py
  • src/synthorg/api/rate_limits/policies.py
  • tests/unit/conftest.py
  • src/synthorg/meta/charter/__init__.py
  • src/synthorg/api/state.py
  • tests/unit/api/conftest.py
  • src/synthorg/persistence/charter_factory.py
  • tests/unit/observability/test_events.py
  • src/synthorg/meta/charter/config.py
  • src/synthorg/api/controllers/__init__.py
  • tests/unit/api/controllers/test_charter.py
  • src/synthorg/api/controllers/charter.py
  • tests/unit/meta/charter/test_strategy.py
  • tests/unit/meta/mcp/test_all_handlers_wired.py
  • src/synthorg/observability/prometheus_labels.py
  • src/synthorg/api/state_services_facades_mcp3.py
  • src/synthorg/settings/enums.py
  • src/synthorg/meta/errors.py
  • src/synthorg/observability/events/persistence.py
  • src/synthorg/meta/mcp/handlers/__init__.py
  • src/synthorg/api/state_services_facades.py
  • src/synthorg/persistence/charter_protocol.py
  • tests/unit/meta/mcp/handlers/test_charter.py
  • src/synthorg/meta/mcp/domains/charter.py
  • src/synthorg/settings/definitions/charter.py
  • src/synthorg/meta/charter/strategy.py
  • tests/e2e/test_charter_to_run_e2e.py
  • src/synthorg/persistence/sqlite/charter_repo.py
  • src/synthorg/meta/mcp/handlers/charter.py
  • tests/unit/meta/charter/test_service.py
  • src/synthorg/core/error_taxonomy.py
  • src/synthorg/api/app.py
  • tests/unit/scripts/test_run_affected_tests.py
  • tests/unit/meta/charter/test_models.py
  • src/synthorg/meta/charter/dispatch.py
  • tests/unit/meta/charter/test_dispatch.py
  • scripts/run_affected_tests.py
  • src/synthorg/meta/charter/service.py
  • src/synthorg/persistence/postgres/charter_repo.py
  • src/synthorg/meta/config.py
  • tests/conformance/persistence/test_charter_repository.py
  • src/synthorg/meta/charter/models.py
📚 Learning: 2026-05-21T22:55:09.289Z 
Learnt from: Aureliolo
Repo: Aureliolo/synthorg PR: 2035
File: src/synthorg/meta/toolsmith/config.py:29-30
Timestamp: 2026-05-21T22:55:09.289Z
Learning: For this repo’s Pydantic configuration idiom, do not treat numeric literals passed directly as arguments to `pydantic.Field(...)` as “magic numbers” during review. This includes call-site usages like `Field(default=0.2, ge=0.0, le=1.0)` (e.g., in config models such as `ToolAuthoringConfig`, `ToolValidationConfig`, `ToolsmithConfig`). Do not request extracting those `Field(...)` numeric arguments into named constants, since the repo’s `scripts/check_no_magic_numbers.py` intentionally excludes call-site `Field(...)` numerics and relies on `Field(...)` as the canonical way to express these constraints/defaults.

Applied to files:

  • src/synthorg/meta/charter/factory.py
  • src/synthorg/observability/events/charter.py
  • src/synthorg/core/enums.py
  • src/synthorg/settings/definitions/__init__.py
  • src/synthorg/meta/mcp/domains/__init__.py
  • src/synthorg/meta/charter/prompts.py
  • src/synthorg/meta/mcp/domains/_charter_args.py
  • src/synthorg/api/rate_limits/policies.py
  • src/synthorg/meta/charter/__init__.py
  • src/synthorg/api/state.py
  • src/synthorg/persistence/charter_factory.py
  • src/synthorg/meta/charter/config.py
  • src/synthorg/api/controllers/__init__.py
  • src/synthorg/api/controllers/charter.py
  • src/synthorg/observability/prometheus_labels.py
  • src/synthorg/api/state_services_facades_mcp3.py
  • src/synthorg/settings/enums.py
  • src/synthorg/meta/errors.py
  • src/synthorg/observability/events/persistence.py
  • src/synthorg/meta/mcp/handlers/__init__.py
  • src/synthorg/api/state_services_facades.py
  • src/synthorg/persistence/charter_protocol.py
  • src/synthorg/meta/mcp/domains/charter.py
  • src/synthorg/settings/definitions/charter.py
  • src/synthorg/meta/charter/strategy.py
  • src/synthorg/persistence/sqlite/charter_repo.py
  • src/synthorg/meta/mcp/handlers/charter.py
  • src/synthorg/core/error_taxonomy.py
  • src/synthorg/api/app.py
  • src/synthorg/meta/charter/dispatch.py
  • src/synthorg/meta/charter/service.py
  • src/synthorg/persistence/postgres/charter_repo.py
  • src/synthorg/meta/config.py
  • src/synthorg/meta/charter/models.py
📚 Learning: 2026-05-17T11:45:11.839Z 
Learnt from: Aureliolo
Repo: Aureliolo/synthorg PR: 1952
File: src/synthorg/settings/definitions/api.py:594-638
Timestamp: 2026-05-17T11:45:11.839Z
Learning: In SynthOrg (Aureliolo/synthorg) pre-alpha, apply the strict no-backward-compat policy: any setting-key rename must be fully completed in the same change/PR with all repo callers updated, and you should not keep legacy aliases or compatibility fallbacks. When reviewing, do not flag a setting-key rename as a breaking upgrade hazard if the rename is repo-wide and fully implemented within the same PR.

Applied to files:

  • src/synthorg/settings/definitions/__init__.py
  • src/synthorg/settings/enums.py
  • src/synthorg/settings/definitions/charter.py
📚 Learning: 2026-05-17T11:45:11.839Z 
Learnt from: Aureliolo
Repo: Aureliolo/synthorg PR: 1952
File: src/synthorg/settings/definitions/api.py:594-638
Timestamp: 2026-05-17T11:45:11.839Z
Learning: In this repository, SynthOrg is pre-alpha and uses a strict no-backward-compat policy for setting-key renames. When reviewing code under src/synthorg/settings, do NOT flag a setting-key rename as an “upgrade-safety” issue if the rename is complete/atomic in the same PR: all callers/usages of the old key are updated simultaneously, and the PR does not keep any legacy aliases, compatibility fallbacks, or migration/rollback paths for the old key.

Applied to files:

  • src/synthorg/settings/definitions/__init__.py
  • src/synthorg/settings/enums.py
  • src/synthorg/settings/definitions/charter.py
🪛 LanguageTool
scripts/_ghost_wiring_manifest.txt

[style] ~46-~46: Consider a different adjective to strengthen your wording.
Context: ...iew_enabled + provider switch; runs the deep CEO interview producing a ProjectCharte...

(DEEP_PROFOUND)

🔇 Additional comments (62)
src/synthorg/api/state.py (1)

231-232: LGTM!

src/synthorg/api/state_services_facades.py (1)

178-179: LGTM!

src/synthorg/api/state_services_facades_mcp3.py (1)

33-36: LGTM!

Also applies to: 89-90, 263-307

src/synthorg/api/controllers/__init__.py (1)

26-26: LGTM!

Also applies to: 130-130, 228-228

src/synthorg/api/controllers/charter.py (1)

54-277: LGTM!

src/synthorg/api/rate_limits/policies.py (1)

129-132: LGTM!

scripts/_ghost_wiring_manifest.txt (1)

46-47: LGTM!

src/synthorg/meta/mcp/domains/__init__.py (1)

11-11: LGTM!

Also applies to: 38-38

src/synthorg/meta/mcp/domains/_charter_args.py (1)

23-79: LGTM!

src/synthorg/meta/mcp/domains/charter.py (1)

34-110: LGTM!

src/synthorg/meta/mcp/handlers/__init__.py (1)

14-14: LGTM!

Also applies to: 45-45

web/src/api/endpoints/index.ts (1)

8-8: LGTM!

web/src/api/types/dtos.gen.ts (1)

47-47: LGTM!

Also applies to: 68-68, 81-81, 158-158, 168-169, 283-284, 390-390, 438-438

web/src/api/types/enum-values.gen.ts (1)

137-142: LGTM!

Also applies to: 658-658

web/src/api/types/error-codes.gen.ts (1)

51-51: LGTM!

Also applies to: 71-72, 96-96

web/src/api/types/openapi.gen.ts (1)

2222-2307: LGTM!

Also applies to: 4745-4746, 5239-5246, 5467-5474, 5587-5594, 5947-5954, 6671-6683, 6814-6844, 8212-8212, 8982-8997, 10917-10959, 11745-11751, 11910-11910, 18787-18977

web/src/components/layout/Sidebar.tsx (1)

7-7: LGTM!

Also applies to: 233-233

web/src/pages/charter/InterviewChat.tsx (1)

1-87: LGTM!

web/src/pages/settings/utils.ts (1)

35-35: LGTM!

web/src/mocks/handlers/index.ts (1)

71-71: LGTM!

Also applies to: 125-125, 176-176, 240-240

web/src/router/index.tsx (1)

20-20: LGTM!

Also applies to: 143-146

web/src/router/route-titles.ts (1)

37-37: LGTM!

web/src/router/routes.ts (1)

22-22: LGTM!

web/src/stores/charter.ts (1)

1-70: LGTM!

Also applies to: 117-181

web/src/utils/constants.ts (1)

152-152: LGTM!

Also applies to: 180-180

tests/e2e/test_charter_to_run_e2e.py (1)

1-453: LGTM!

Also applies to: 457-473

tests/unit/api/conftest.py (1)

91-97: LGTM!

Also applies to: 716-719

tests/unit/conftest.py (1)

10-35: LGTM!

tests/unit/meta/charter/test_dispatch.py (1)

1-328: LGTM!

Also applies to: 334-410

tests/unit/meta/charter/test_factory.py (1)

1-28: LGTM!

tests/unit/meta/charter/test_models.py (1)

1-238: LGTM!

tests/unit/meta/charter/test_service.py (1)

1-507: LGTM!

tests/unit/meta/charter/test_strategy.py (1)

1-94: LGTM!

tests/unit/meta/mcp/handlers/test_charter.py (1)

1-270: LGTM!

tests/unit/meta/mcp/test_all_handlers_wired.py (1)

214-223: LGTM!

tests/unit/observability/test_events.py (1)

223-223: LGTM!

tests/unit/scripts/test_run_affected_tests.py (1)

560-582: LGTM!

web/src/__tests__/pages/CharterInterviewPage.test.tsx (1)

1-64: LGTM!

web/src/__tests__/stores/charter.test.ts (1)

1-146: LGTM!

src/synthorg/core/enums.py (1)

880-894: LGTM!

src/synthorg/core/error_taxonomy.py (1)

101-101: LGTM!

Also applies to: 123-124, 154-154

src/synthorg/observability/events/charter.py (1)

1-52: LGTM!

src/synthorg/observability/events/persistence.py (1)

790-800: LGTM!

src/synthorg/observability/prometheus_labels.py (1)

282-311: LGTM!

src/synthorg/settings/definitions/__init__.py (1)

12-12: LGTM!

Also applies to: 41-41

src/synthorg/settings/definitions/charter.py (1)

1-117: LGTM!

src/synthorg/settings/enums.py (1)

38-38: LGTM!

src/synthorg/meta/config.py (1)

13-13: LGTM!

Also applies to: 274-275, 311-314

src/synthorg/persistence/charter_protocol.py (1)

1-146: LGTM!

src/synthorg/persistence/charter_factory.py (1)

1-70: LGTM!

src/synthorg/persistence/postgres/charter_repo.py (1)

1-533: LGTM!

src/synthorg/persistence/postgres/revisions/20260522000002_project_charters.sql (1)

1-90: LGTM!

src/synthorg/persistence/postgres/schema.sql (1)

1729-1806: LGTM!

src/synthorg/persistence/sqlite/charter_repo.py (1)

1-568: LGTM!

src/synthorg/persistence/sqlite/revisions/20260522000002_project_charters.sql (1)

1-103: LGTM!

src/synthorg/meta/charter/models.py (1)

33-373: LGTM!

src/synthorg/meta/charter/prompts.py (1)

9-94: LGTM!

src/synthorg/meta/charter/strategy.py (1)

105-165: LGTM!

src/synthorg/meta/charter/config.py (1)

34-76: LGTM!

src/synthorg/meta/charter/factory.py (1)

25-53: LGTM!

src/synthorg/meta/charter/__init__.py (1)

1-45: LGTM!

src/synthorg/meta/errors.py (1)

148-267: LGTM!

Comment thread scripts/run_affected_tests.py
Comment on lines +638 to +646
* Worker(s) went ``node down`` with a non-zero returncode (and no
real failure / repeated crash above) -> crash advisory. The
controller-side loadscope crash guard in ``tests/conftest.py``
suppresses the downstream ``INTERNALERROR>`` the dead-worker
chain used to emit, and a worker killed mid-teardown can die
before pytest prints any summary, so neither signal is required
to recognise the documented Python 3.14 + Windows xdist teardown
crash. The repeated-named-crash check above still blocks a test
that crashes the worker on every run.
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai Bot May 22, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major | 🏗️ Heavy lift

Don't downgrade repeated bare node down crashes to advisory.

This path exits 0 for any non-zero run that only emits [gwN] node down..., but the repeated-crash guard only counts _parse_worker_crashes() entries with test ids. If the same test tears a worker down on both --count 2 iterations and xdist never prints worker ... crashed while running ..., the gate will still pass as advisory. That breaks the stated contract that “every replay” worker crashes must block.

Also applies to: 683-707

🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@scripts/run_affected_tests.py` around lines 638 - 646, The repeated-crash
gate is only counting entries with test ids from _parse_worker_crashes(), so
bare "[gwN] node down" worker deaths get downgraded to advisory; update
_parse_worker_crashes() (and any consumer like the repeated-crash check
function) to also record and key plain "node down" events (e.g., by worker id or
crash signature) so they contribute to the repeated-crash detection, and then
ensure the repeated-crash guard treats repeated worker-down entries the same as
entries tied to test ids (i.e., fail the run rather than mark advisory).

Comment thread src/synthorg/api/app.py
Comment thread src/synthorg/meta/charter/dispatch.py
Comment on lines +198 to +211
try:
result = await self._work_pipeline.run(work_item)
except MemoryError, RecursionError:
raise
except Exception as exc:
logger.error(
CHARTER_DISPATCH_FAILED,
charter_id=charter_id,
error_type=type(exc).__name__,
error=safe_error_description(exc),
)
raise

await self._stamp_approved(charter, forecast, result.task_id, approved_by, now)
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai Bot May 22, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major | 🏗️ Heavy lift

Gate side effects before the decision CAS to prevent duplicate dispatches.

run(work_item) executes before the transition_if(... DRAFTED -> APPROVED ...) winner check. In a multi-worker race, two approvers can both dispatch work and only then one loses CAS, causing duplicate pipeline side effects.

Also applies to: 338-353

🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/synthorg/meta/charter/dispatch.py` around lines 198 - 211, The dispatch
currently calls self._work_pipeline.run(work_item) before performing the CAS
winner check transition_if(... DRAFTED -> APPROVED ...), which can cause
duplicate side effects in races; change the flow so you first attempt the atomic
transition_if(...) and only when it returns success do you call await
self._work_pipeline.run(work_item), and then call await
self._stamp_approved(...). Update the surrounding error handling and logging so
that pipeline errors are caught and logged as before but do not trigger if the
transition_if failed (abort/return early when transition lost), and apply the
same change to the analogous block that uses _work_pipeline.run and
_stamp_approved in the other occurrence.

Comment thread src/synthorg/meta/charter/dispatch.py
Comment thread src/synthorg/meta/charter/dispatch.py Outdated
Comment thread web/src/mocks/handlers/charter.ts Outdated
Comment thread web/src/mocks/handlers/charter.ts Outdated
Comment thread web/src/pages/charter/CharterDraftCard.tsx
Comment thread web/src/pages/CharterInterviewPage.tsx Outdated
Comment thread web/src/stores/charter.ts
@Aureliolo Aureliolo temporarily deployed to cloudflare-preview May 22, 2026 19:51 — with GitHub Actions Inactive
@Aureliolo
Copy link
Copy Markdown
Owner Author

Aureliolo commented May 22, 2026

@coderabbitai review

@coderabbitai
Copy link
Copy Markdown
Contributor

coderabbitai Bot commented May 22, 2026

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

@Aureliolo
Copy link
Copy Markdown
Owner Author

Aureliolo commented May 22, 2026

@coderabbitai review

@coderabbitai
Copy link
Copy Markdown
Contributor

coderabbitai Bot commented May 22, 2026

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

coderabbitai[bot]
coderabbitai Bot requested changes May 22, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@src/synthorg/meta/charter/service.py`:
- Around line 531-535: Before raising CharterStateInconsistentError in the
branch where refreshed is None, emit a structured ERROR/WARNING log using the
CHARTER_STATE_INCONSISTENT event (import it from
synthorg.observability.events.charter) and include contextual fields like
charter_id and the refreshed value (and charter if available) so the
inconsistency is recorded; then raise
CharterStateInconsistentError(charter_id=charter_id) as before.

In `@web/src/stores/charter.ts`:
- Around line 86-101: fetchMoreCharters currently snapshots charters before
awaiting charterApi.listCharters and then writes charters: [...charters,
...page.data], which can clobber newer updates; fix by using a state-update
function or re-reading latest state before appending: after the await, obtain
the current charters (via get() or by passing a functional updater to set) and
then set charters to [...latestCharters, ...page.data], while still updating
nextCursor, hasMore and loading; reference fetchMoreCharters,
charterApi.listCharters, get(), set(), and the
charters/nextCursor/hasMore/loading fields.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration

Configuration used: Repository UI (base), Organization UI (inherited)

Review profile: ASSERTIVE

Plan: Pro

Run ID: c0581e77-a130-48a4-a6c4-3708af2afec7

📥 Commits

Reviewing files that changed from the base of the PR and between ae4b6f7 and 9184fdd.

📒 Files selected for processing (23)
  • src/synthorg/api/app.py
  • src/synthorg/api/controllers/charter.py
  • src/synthorg/meta/charter/dispatch.py
  • src/synthorg/meta/charter/service.py
  • src/synthorg/meta/errors.py
  • src/synthorg/meta/mcp/domains/_charter_args.py
  • src/synthorg/meta/mcp/domains/charter.py
  • src/synthorg/meta/mcp/handlers/charter.py
  • src/synthorg/observability/events/charter.py
  • tests/conformance/persistence/test_charter_repository.py
  • tests/e2e/test_charter_to_run_e2e.py
  • tests/integration/mcp/test_tool_surface.py
  • tests/unit/api/controllers/test_charter.py
  • tests/unit/meta/charter/test_dispatch.py
  • tests/unit/meta/mcp/handlers/test_charter.py
  • web/src/__tests__/stores/charter.test.ts
  • web/src/api/endpoints/charter.ts
  • web/src/api/types/dtos.gen.ts
  • web/src/api/types/openapi.gen.ts
  • web/src/mocks/handlers/charter.ts
  • web/src/pages/CharterInterviewPage.tsx
  • web/src/pages/charter/CharterDraftCard.tsx
  • web/src/stores/charter.ts
📜 Review details
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)
  • GitHub Check: Test Unit
🧰 Additional context used
📓 Path-based instructions (15)
**/*.{py,ts,tsx,jsx,md}

📄 CodeRabbit inference engine (CLAUDE.md)

No region/currency/locale privileged; use metric units; British English per docs/reference/regional-defaults.md

Files:

  • src/synthorg/meta/mcp/domains/_charter_args.py
  • src/synthorg/api/app.py
  • web/src/mocks/handlers/charter.ts
  • web/src/api/endpoints/charter.ts
  • src/synthorg/observability/events/charter.py
  • tests/unit/api/controllers/test_charter.py
  • web/src/api/types/dtos.gen.ts
  • web/src/pages/CharterInterviewPage.tsx
  • web/src/stores/charter.ts
  • tests/integration/mcp/test_tool_surface.py
  • web/src/__tests__/stores/charter.test.ts
  • src/synthorg/meta/mcp/domains/charter.py
  • tests/unit/meta/mcp/handlers/test_charter.py
  • tests/e2e/test_charter_to_run_e2e.py
  • tests/conformance/persistence/test_charter_repository.py
  • src/synthorg/meta/errors.py
  • tests/unit/meta/charter/test_dispatch.py
  • src/synthorg/api/controllers/charter.py
  • src/synthorg/meta/mcp/handlers/charter.py
  • src/synthorg/meta/charter/dispatch.py
  • web/src/api/types/openapi.gen.ts
  • web/src/pages/charter/CharterDraftCard.tsx
  • src/synthorg/meta/charter/service.py
src/synthorg/**/*.py

📄 CodeRabbit inference engine (CLAUDE.md)

src/synthorg/**/*.py: Only src/synthorg/persistence/ may import sqlite/psycopg or emit raw SQL; new repository protocols inherit from generic categories in persistence/_generics.py; bespoke methods permitted only under ADR-0001 D7
Configuration Precedence: DB > env > code default via SettingsService/ConfigResolver (Cat-1) or env > code default (Cat-2, read_only_post_init); Cat-3 bootstrap secrets pure env; YAML is ingestion format only, not precedence tier; no os.environ.get outside startup
No hardcoded numeric values; numerics live in settings/definitions/; allowlist only 0/1/-1, HTTP codes, hex masks, powers-of-2, and module-level annotated named constants (NAME: int|float|Final); enforced by scripts/check_no_magic_numbers.py
Comments document WHY only; no reviewer citations, issue back-refs, or migration framing; enforced by check_no_review_origin_in_code.py + check_no_migration_framing.py
No from __future__ import annotations (Python 3.14 has PEP 649); use PEP 758 except: except A, B: no parens unless binding
Type hints on public functions; mypy strict; Google-style docstrings; line length 88; functions <50 lines; files <800 lines
Errors follow <Domain><Condition>Error pattern from DomainError; never inherit Exception/RuntimeError directly; enforced by check_domain_error_hierarchy.py
Pydantic v2 frozen + extra="forbid" on every frozen model project-wide; gate check_frozen_model_extra_forbid.py; @computed_field auto-exempt; per-line # lint-allow: frozen-extra-forbid -- <reason> for extra="allow"/"ignore" boundaries; use @computed_field for derived; use NotBlankStr for identifiers
Args models at every system boundary; parse_typed() for every external dict ingestion; enforced by check_boundary_typed.py
Immutability: use model_copy(update=...) or copy.deepcopy(); deepcopy at system boundaries
Async: use asyncio.TaskGroup for fan-out/fan-in; helpers catch Exception (re-raise MemoryError/`RecursionError...

Files:

  • src/synthorg/meta/mcp/domains/_charter_args.py
  • src/synthorg/api/app.py
  • src/synthorg/observability/events/charter.py
  • src/synthorg/meta/mcp/domains/charter.py
  • src/synthorg/meta/errors.py
  • src/synthorg/api/controllers/charter.py
  • src/synthorg/meta/mcp/handlers/charter.py
  • src/synthorg/meta/charter/dispatch.py
  • src/synthorg/meta/charter/service.py
src/synthorg/meta/mcp/**/*.py

📄 CodeRabbit inference engine (CLAUDE.md)

MCP: Define ToolHandler + args_model; call require_admin_guardrails() on admin tools; route through service layers per mcp-handler-contract.md

Files:

  • src/synthorg/meta/mcp/domains/_charter_args.py
  • src/synthorg/meta/mcp/domains/charter.py
  • src/synthorg/meta/mcp/handlers/charter.py
src/**/*.py

⚙️ CodeRabbit configuration file

This project uses Python 3.14+ with PEP 758 except syntax: "except A, B:" (comma-separated, no parentheses) is correct and mandatory -- do NOT flag it as a typo or suggest parenthesized form. The "except builtins.MemoryError, RecursionError: raise" pattern is intentional project convention for system-error propagation. When evaluating the 50-line function limit, count only the function body excluding the signature lines, decorators, and docstring. Functions 1-5 lines over due to docstrings or multi-line signatures should not be flagged. Do not suggest extracting single-use helper functions called exactly once -- this reduces readability without improving maintainability.

Files:

  • src/synthorg/meta/mcp/domains/_charter_args.py
  • src/synthorg/api/app.py
  • src/synthorg/observability/events/charter.py
  • src/synthorg/meta/mcp/domains/charter.py
  • src/synthorg/meta/errors.py
  • src/synthorg/api/controllers/charter.py
  • src/synthorg/meta/mcp/handlers/charter.py
  • src/synthorg/meta/charter/dispatch.py
  • src/synthorg/meta/charter/service.py
web/src/**/*.{js,jsx,ts,tsx,mts}

📄 CodeRabbit inference engine (web/CLAUDE.md)

web/src/**/*.{js,jsx,ts,tsx,mts}: Always use createLogger from @/lib/logger; never bare console.warn/console.error/console.debug in application code. Variable name must always be log. Only logger.ts itself may use bare console methods. Use log.debug() (DEV-only, stripped in production), log.warn(), log.error().
Pass dynamic/untrusted values as separate args to logger calls (not interpolated into the message string) so they go through sanitizeArg
Attacker-controlled fields inside structured objects must be wrapped in sanitizeForLog() before embedding in log calls
Error-code constants (MANDATORY): import ErrorCode and ErrorCategory from @/api/types/errors (re-exported from the generated web/src/api/types/error-codes.gen.ts). Discriminate on ErrorCode.<NAME>, never on raw integer literals.
Use @eslint-react/web-api-no-leaked-fetch to detect fetch() in effects without AbortController cleanup

Files:

  • web/src/mocks/handlers/charter.ts
  • web/src/api/endpoints/charter.ts
  • web/src/api/types/dtos.gen.ts
  • web/src/pages/CharterInterviewPage.tsx
  • web/src/stores/charter.ts
  • web/src/__tests__/stores/charter.test.ts
  • web/src/api/types/openapi.gen.ts
  • web/src/pages/charter/CharterDraftCard.tsx
web/src/mocks/handlers/**/*.ts

📄 CodeRabbit inference engine (web/CLAUDE.md)

web/src/mocks/handlers/**/*.ts: MSW handlers (MANDATORY): web/src/mocks/handlers/ must mirror web/src/api/endpoints/*.ts 1:1 with a default happy-path handler for every exported endpoint. Use onUnhandledRequest: 'error' in test setup; tests override per-case via server.use(...), never vi.mock('@/api/endpoints/*').
Use typed envelope helpers (successFor, paginatedFor, voidSuccess) to keep MSW handlers in lockstep with endpoint return types

Files:

  • web/src/mocks/handlers/charter.ts
web/src/**/*.{ts,tsx,mts}

📄 CodeRabbit inference engine (web/CLAUDE.md)

web/src/**/*.{ts,tsx,mts}: Use @typescript-eslint/no-floating-promises to forbid unawaited promises so async work cannot survive the test that scheduled it and trip the active-handle gate
Use @typescript-eslint/no-misused-promises (with checksVoidReturn: { attributes: false }) to forbid passing async functions where the callsite ignores the returned promise. React 19 async event handlers stay allowed via the attributes: false exemption.

Files:

  • web/src/mocks/handlers/charter.ts
  • web/src/api/endpoints/charter.ts
  • web/src/api/types/dtos.gen.ts
  • web/src/pages/CharterInterviewPage.tsx
  • web/src/stores/charter.ts
  • web/src/__tests__/stores/charter.test.ts
  • web/src/api/types/openapi.gen.ts
  • web/src/pages/charter/CharterDraftCard.tsx
web/src/{api/endpoints,stores}/**/*.ts

📄 CodeRabbit inference engine (web/CLAUDE.md)

Cursor pagination (MANDATORY): list endpoints must use opaque cursor-based paging via PaginationMeta. Stores must keep nextCursor + hasMore in state (not offset arithmetic) and early-return when !hasMore || !nextCursor. Display counts must come from data.length.

Files:

  • web/src/api/endpoints/charter.ts
  • web/src/stores/charter.ts
web/src/api/endpoints/**/*.ts

📄 CodeRabbit inference engine (web/CLAUDE.md)

Health / readiness endpoints (MANDATORY): getLiveness() is always 200 while the process is alive; getReadiness() is 200 healthy / 503 unavailable (binary 'ok' | 'unavailable' outcome, no tri-state). Any new caller must handle the 503 path explicitly.

Files:

  • web/src/api/endpoints/charter.ts
tests/**/*.py

📄 CodeRabbit inference engine (CLAUDE.md)

tests/**/*.py: Timeout/slow failures = source-code regression; never edit tests/baselines/unit_timing.json or any scripts/*_baseline.{txt,json} / scripts/_*_baseline.py; both families PreToolUse-blocked; per-invocation bypass requires explicit approval (ALLOW_BASELINE_GROWTH=1 git commit)
Test markers: @pytest.mark.{unit,integration,e2e,slow}; async auto; timeout 30s global; coverage 80% min
xdist -n 8 --dist=loadfile auto-applied via pyproject addopts; Windows unit tests use WindowsSelectorEventLoopPolicy; subprocess tests override back
Test doubles: FakeClock for Clock seam, mock_of[T](**overrides) for typed-boundary substitutions, SimpleNamespace for attribute-bags; bare MagicMock at typed boundary blocked by scripts/check_mock_spec.py
Hypothesis: 10 deterministic CI examples; failures are real bugs (fix + add @example(...)); never skip/xfail flaky tests; fix fundamentally

Files:

  • tests/unit/api/controllers/test_charter.py
  • tests/integration/mcp/test_tool_surface.py
  • tests/unit/meta/mcp/handlers/test_charter.py
  • tests/e2e/test_charter_to_run_e2e.py
  • tests/conformance/persistence/test_charter_repository.py
  • tests/unit/meta/charter/test_dispatch.py

⚙️ CodeRabbit configuration file

Test files do not require Google-style docstrings on classes or functions -- ruff D rules are only enforced on src/. A bare @settings() decorator with no arguments on Hypothesis property tests is a no-op and should not be suggested -- the HYPOTHESIS_PROFILE env var controls example counts via registered profiles, which @given() honors automatically.

Files:

  • tests/unit/api/controllers/test_charter.py
  • tests/integration/mcp/test_tool_surface.py
  • tests/unit/meta/mcp/handlers/test_charter.py
  • tests/e2e/test_charter_to_run_e2e.py
  • tests/conformance/persistence/test_charter_repository.py
  • tests/unit/meta/charter/test_dispatch.py
web/src/api/types/**/*.gen.ts

📄 CodeRabbit inference engine (web/CLAUDE.md)

Generated DTO types (MANDATORY): NEVER hand-edit web/src/api/types/*.gen.ts. Regenerate with uv run python scripts/generate_dto_types_ts.py. Import DTOs via the barrel (import type { AgentConfig } from '@/api/types').

Files:

  • web/src/api/types/dtos.gen.ts
  • web/src/api/types/openapi.gen.ts
web/src/**/*.{jsx,tsx}

📄 CodeRabbit inference engine (web/CLAUDE.md)

web/src/**/*.{jsx,tsx}: Use @eslint-react/no-leaked-conditional-rendering to catch the {count && <Foo />} bug where 0 renders verbatim. For ReactNode | undefined props use {value != null && value !== false && <jsx>}; for compound truthiness use Boolean(...).
Use @eslint-react/globals to restrict window / document / localStorage / etc. inside render. Hoist offenders into a useCallback event handler, a useEffect, or a useSyncExternalStore-backed hook.

Reuse web/src/components/ui/ design tokens in Web Dashboard Design System; detail in web/CLAUDE.md

Files:

  • web/src/pages/CharterInterviewPage.tsx
  • web/src/pages/charter/CharterDraftCard.tsx
web/src/stores/**/*.ts

📄 CodeRabbit inference engine (web/CLAUDE.md)

web/src/stores/**/*.ts: List reads (fetch*) must set error: string | null on the store instead of toasting
Test teardown (MANDATORY): any new store that schedules timers or attaches event listeners must expose an equivalent cleanup hook and register it in the global afterEach. The global afterEach in web/src/test-setup.tsx already calls useToastStore.getState().dismissAll(), cancelPendingPersist(), and useThemeStore.getState().teardown().

Files:

  • web/src/stores/charter.ts
web/src/{stores,**/*.test.{ts,tsx}}

📄 CodeRabbit inference engine (web/CLAUDE.md)

Active-handle gate (MANDATORY): every unit test runs under web/test-infra/active-handle-tracker.ts, which fails any test that leaks an event-loop-holding resource. A new store that schedules timers / attaches listeners MUST expose a teardown hook and register it in the global afterEach; otherwise the gate fails the first test that triggers the schedule.

Files:

  • web/src/__tests__/stores/charter.test.ts
tests/conformance/persistence/**/*.py

📄 CodeRabbit inference engine (CLAUDE.md)

Dual-backend conformance: tests/conformance/persistence/ consumes backend fixture (SQLite + Postgres); enforced by check_dual_backend_test_parity.py

Files:

  • tests/conformance/persistence/test_charter_repository.py
🧠 Learnings (3)
📚 Learning: 2026-05-05T09:04:46.195Z 
Learnt from: Aureliolo
Repo: Aureliolo/synthorg PR: 1760
File: scripts/_dual_backend_parity_lib.py:215-216
Timestamp: 2026-05-05T09:04:46.195Z
Learning: This repository targets Python 3.14+ and follows PEP 758. Therefore, reviewer tooling should NOT treat unparenthesized multi-exception `except` clauses written without an `as` clause (e.g., `except MemoryError, RecursionError:`) as syntax errors. Only flag `except`-clause problems when they are genuinely invalid for Python 3.14+.

Applied to files:

  • src/synthorg/meta/mcp/domains/_charter_args.py
  • src/synthorg/api/app.py
  • src/synthorg/observability/events/charter.py
  • tests/unit/api/controllers/test_charter.py
  • tests/integration/mcp/test_tool_surface.py
  • src/synthorg/meta/mcp/domains/charter.py
  • tests/unit/meta/mcp/handlers/test_charter.py
  • tests/e2e/test_charter_to_run_e2e.py
  • tests/conformance/persistence/test_charter_repository.py
  • src/synthorg/meta/errors.py
  • tests/unit/meta/charter/test_dispatch.py
  • src/synthorg/api/controllers/charter.py
  • src/synthorg/meta/mcp/handlers/charter.py
  • src/synthorg/meta/charter/dispatch.py
  • src/synthorg/meta/charter/service.py
📚 Learning: 2026-05-21T22:55:20.496Z 
Learnt from: Aureliolo
Repo: Aureliolo/synthorg PR: 2035
File: src/synthorg/meta/toolsmith/models.py:114-114
Timestamp: 2026-05-21T22:55:20.496Z
Learning: In this repo’s “magic number” review standard, the existing gate in `scripts/check_no_magic_numbers.py` intentionally does NOT flag numeric literals used as raw call-site arguments. So, do not flag numeric literals passed as keyword arguments to Pydantic `Field()` (e.g., `Field(ge=0, le=100)` / `Field(ge=1, le=50)`)—this is an established idiom. Only treat numeric literals as “magic numbers” when they occur in the locations the gate checks (module-level assignments and function/method parameter defaults).

Applied to files:

  • src/synthorg/meta/mcp/domains/_charter_args.py
  • src/synthorg/api/app.py
  • src/synthorg/observability/events/charter.py
  • tests/unit/api/controllers/test_charter.py
  • tests/integration/mcp/test_tool_surface.py
  • src/synthorg/meta/mcp/domains/charter.py
  • tests/unit/meta/mcp/handlers/test_charter.py
  • tests/e2e/test_charter_to_run_e2e.py
  • tests/conformance/persistence/test_charter_repository.py
  • src/synthorg/meta/errors.py
  • tests/unit/meta/charter/test_dispatch.py
  • src/synthorg/api/controllers/charter.py
  • src/synthorg/meta/mcp/handlers/charter.py
  • src/synthorg/meta/charter/dispatch.py
  • src/synthorg/meta/charter/service.py
📚 Learning: 2026-05-21T22:55:09.289Z 
Learnt from: Aureliolo
Repo: Aureliolo/synthorg PR: 2035
File: src/synthorg/meta/toolsmith/config.py:29-30
Timestamp: 2026-05-21T22:55:09.289Z
Learning: For this repo’s Pydantic configuration idiom, do not treat numeric literals passed directly as arguments to `pydantic.Field(...)` as “magic numbers” during review. This includes call-site usages like `Field(default=0.2, ge=0.0, le=1.0)` (e.g., in config models such as `ToolAuthoringConfig`, `ToolValidationConfig`, `ToolsmithConfig`). Do not request extracting those `Field(...)` numeric arguments into named constants, since the repo’s `scripts/check_no_magic_numbers.py` intentionally excludes call-site `Field(...)` numerics and relies on `Field(...)` as the canonical way to express these constraints/defaults.

Applied to files:

  • src/synthorg/meta/mcp/domains/_charter_args.py
  • src/synthorg/api/app.py
  • src/synthorg/observability/events/charter.py
  • src/synthorg/meta/mcp/domains/charter.py
  • src/synthorg/meta/errors.py
  • src/synthorg/api/controllers/charter.py
  • src/synthorg/meta/mcp/handlers/charter.py
  • src/synthorg/meta/charter/dispatch.py
  • src/synthorg/meta/charter/service.py
🔇 Additional comments (25)
src/synthorg/meta/mcp/domains/_charter_args.py (1)

66-67: LGTM!

src/synthorg/api/app.py (1)

1706-1799: LGTM!

web/src/mocks/handlers/charter.ts (1)

15-16: LGTM!

Also applies to: 35-35, 54-65, 100-100

web/src/api/endpoints/charter.ts (1)

1-2: LGTM!

Also applies to: 10-10, 15-15, 23-29

src/synthorg/observability/events/charter.py (1)

32-32: LGTM!

Also applies to: 51-51

tests/unit/api/controllers/test_charter.py (1)

49-64: LGTM!

web/src/api/types/dtos.gen.ts (1)

342-342: LGTM!

web/src/pages/CharterInterviewPage.tsx (1)

64-68: LGTM!

Also applies to: 81-87

web/src/stores/charter.ts (1)

33-38: LGTM!

Also applies to: 49-50, 61-79, 108-156

tests/integration/mcp/test_tool_surface.py (1)

1-1: LGTM!

Also applies to: 398-402

web/src/__tests__/stores/charter.test.ts (1)

5-5: LGTM!

Also applies to: 20-21, 32-42, 49-49

src/synthorg/meta/mcp/domains/charter.py (1)

87-97: LGTM!

tests/unit/meta/mcp/handlers/test_charter.py (1)

197-229: LGTM!

tests/e2e/test_charter_to_run_e2e.py (1)

454-457: LGTM!

tests/conformance/persistence/test_charter_repository.py (1)

352-374: LGTM!

src/synthorg/meta/errors.py (1)

270-292: LGTM!

tests/unit/meta/charter/test_dispatch.py (1)

331-337: LGTM!

src/synthorg/api/controllers/charter.py (1)

20-31: LGTM!

Also applies to: 154-193

src/synthorg/meta/mcp/handlers/charter.py (1)

204-210: LGTM!

src/synthorg/meta/charter/dispatch.py (1)

38-49: LGTM!

Also applies to: 225-233, 278-285, 376-400

web/src/api/types/openapi.gen.ts (3)

10161-10175: LGTM!

18797-18798: LGTM!

18816-18816: LGTM!

web/src/pages/charter/CharterDraftCard.tsx (1)

44-48: LGTM!

src/synthorg/meta/charter/service.py (1)

35-35: LGTM!

Comment thread src/synthorg/meta/charter/service.py
Comment thread web/src/stores/charter.ts Outdated
Comment on lines +86 to +101
const { hasMore, nextCursor, charters, loading } = get()
// Early-return on no-more-pages and on duplicate-in-flight calls per
// the cursor-pagination MANDATORY rule in ``web/CLAUDE.md``.
if (!hasMore || !nextCursor || loading) return
set({ loading: true })
try {
const page = await charterApi.listCharters({
...filters,
cursor: nextCursor,
})
set({
charters: [...charters, ...page.data],
nextCursor: page.nextCursor,
hasMore: page.hasMore,
loading: false,
})
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai Bot May 22, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Use current state when appending paginated rows to avoid stale overwrite.

fetchMoreCharters snapshots charters before the await and then writes charters: [...charters, ...page.data]. If another action updates the list while this request is in flight, this response can clobber newer state.

Suggested fix 
-    const { hasMore, nextCursor, charters, loading } = get()
+    const { hasMore, nextCursor, loading } = get()
@@
-      set({
-        charters: [...charters, ...page.data],
-        nextCursor: page.nextCursor,
-        hasMore: page.hasMore,
-        loading: false,
-      })
+      set((s) => ({
+        charters: [...s.charters, ...page.data],
+        nextCursor: page.nextCursor,
+        hasMore: page.hasMore,
+        loading: false,
+      }))
🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@web/src/stores/charter.ts` around lines 86 - 101, fetchMoreCharters currently
snapshots charters before awaiting charterApi.listCharters and then writes
charters: [...charters, ...page.data], which can clobber newer updates; fix by
using a state-update function or re-reading latest state before appending: after
the await, obtain the current charters (via get() or by passing a functional
updater to set) and then set charters to [...latestCharters, ...page.data],
while still updating nextCursor, hasMore and loading; reference
fetchMoreCharters, charterApi.listCharters, get(), set(), and the
charters/nextCursor/hasMore/loading fields.

Aureliolo added 8 commits May 22, 2026 22:20
@Aureliolo
feat: deep CEO interview to project charter
02cc4ad
@Aureliolo
fix: harden Windows xdist node-down handling in the pre-push gate
f6de5e3 
Pin SelectorEventLoop as the process-wide default for unit tests on Windows so sync TestClient portals and asyncio.run sites avoid the Python 3.14 ProactorEventLoop IOCP teardown race, and make the affected-tests classifier treat a bare worker node-down (no real failure, no repeated named crash) as advisory -- the loadscope crash guard suppresses the INTERNALERROR the gate previously required.
@Aureliolo
fix: pre-PR review fixes (ownership fences, dispatcher hardening, web…
4347a56 
…/test gaps)

Security: enforce creator-only access on GET / PATCH edit / cancel via service-layer ownership check, shaped as NotFound so the response cannot probe foreign charter existence (CHARTER_OWNERSHIP_DENIED is logged so operators still see the fence event). Add the require_approval_roles guard on the REST approve endpoint to match the MCP admin guardrail; budget is spent there. Document _FORECAST_NAMESPACE intent. Drop unused now param on _resolve_project. Add an enforce_ownership=False kwarg on cancel_charter so the MCP admin cancel path legitimately operates on a charter it did not author. Add the composite (created_at, id) DESC index in both backends so list_items/query avoid a sort. Tests: concurrent run_turn serialisation, concurrent approve CAS race, MCP handler unit suite (interview wraps untrusted via TAG_TASK_DATA, list / get / cancel / approve), brief_hash determinism, DuplicateRecordError idempotent retry, dispatch-failure structured logging, turn-cap at default config, lock-allocation stress, ownership-denied path. Web: composite key + eslint exception on StringList, replace literal &amp; with &, optimistic-rollback on runTurn failure, aria-atomic on interview live region, defensive doc note on Zustand store memory, local-component rationale on ChatBubble + StringList.
@Aureliolo
fix: babysit round 3, 16 findings (15 reviewer + 1 ci)
3ce3bdc 
CI:
- Bump test_tool_surface 219 to 224 for 5 new charter MCP tools.

Reviewer (Gemini, 2):
- G1 dispatch.py: raise CharterStateInconsistentError on missing
  charter re-fetch after successful CAS (no stale-fallback).
- G2 service.py: same pattern in cancel_charter.

Reviewer (CodeRabbit, 13 in-code; 3 skipped with documented disproof):
- C2 app.py _wire_charter_engine: wrap body in try/except so
  unexpected wiring failures stay best-effort.
- C4 dispatch.py: emit new CHARTER_PROJECT_ALREADY_EXISTS event for
  DuplicateRecordError retry; reserve CHARTER_STATUS_TRANSITIONED for
  actual state changes.
- C5 dispatch.py _close_conversation: wrap in try/except so a
  best-effort close cannot retroactively fail a successful approval.
- C7 mcp/handlers/charter.py + domains/charter.py + _charter_args.py:
  add require_admin_guardrails to cancel handler; promote cancel
  tool to admin_tool with ADMIN_GUARDRAIL_PROPERTIES so the
  enforce_ownership=False bypass is locally guarded.
- C9 e2e: assert forecast cardinality == 1 before selecting.
- C10 test_dispatch: assert structured charter_id on
  CHARTER_DISPATCH_FAILED log record.
- C11 controllers/charter.py + endpoints/charter.ts + stores +
  mocks + store tests: convert /meta/charters list to opaque
  cursor pagination via encode_countless_seek_meta; store now
  carries nextCursor/hasMore + fetchMoreCharters.
- C12 mocks/charter.ts: replace hardcoded 'USD' with
  DEFAULT_CURRENCY from utils/currencies.
- C13 mocks/charter.ts: derive approve response project_id from
  request params.id.
- C14 CharterDraftCard.tsx: useEffect to resync local brief/amount
  state when parent supplies a new charter id/version.
- C15 CharterInterviewPage.tsx: disable 'New interview' button
  while a charter mutation is in flight (sending OR mutating).
- C16 stores/charter.ts: early-return runTurn when already sending
  to prevent overlapping turns from clobbering transcript on rollback.
- C-OOD1 test_charter.py controller: add 503 tests for PATCH and
  POST /cancel routes (matches existing approve/interview coverage).
- C-OOD2 test_charter_repository conformance: replace placeholder
  with a real failing-write test exercising the
  chk_charter_approval_coupling CHECK via transition_if with
  intentionally-omitted provenance fields.

Skipped with disproof (documented in babysit round-history):
- C1 scripts/run_affected_tests.py:638-707: node-down to advisory
  downgrade is intentional per the docstring + project memory
  project_isolation_gate_fullsuite_crash.md; repeated-name guard
  at line 670 is the safety net for genuine repro crashes.
- C3 dispatch.py:198-211 (run-before-CAS): DB CHECK
  chk_charter_approval_coupling mandates task_id NOT NULL when
  status=approved, so a CAS-first refactor requires a schema
  change (intermediate state or nullable task_id). Per-charter
  asyncio.Lock serialises in-process; multi-worker race is C6
  territory and pre-alpha out-of-scope.
- C6 service.py:114-130 (distributed lock): pre-alpha single-worker
  deployment; asyncio.Lock is sufficient. Distributed-lock
  infrastructure (Redis advisory / DB SELECT FOR UPDATE) is a
  multi-file dependency change not warranted now.
- C8 (FK constraints on conversation_id/project_id): reverted
  schema changes because all existing charter conformance tests
  + the e2e fixture build charters with parent ids that don't exist
  in the parent tables; SQLite enables PRAGMA foreign_keys ON, so
  adding FKs would cascade to ~10 test-fixture rewrites.
  Application-layer guards (_resolve_conversation + ProjectService
  in dispatch) already enforce parent presence in production.
@Aureliolo
test: update charter cancel handler tests for admin guardrails
1b7b9cc 
Round 3 fix C7 added require_admin_guardrails to the _charter_cancel
handler; the existing test_cancel_passes_enforce_ownership_false_admin_path
now needs confirm + reason fields in the args, and we add a sibling
test_cancel_requires_admin_guardrail that pins the rejection path.
@Aureliolo
fix: switch CharterDraftCard resync from useEffect to key prop
b6f68af 
ESLint @eslint-react/set-state-in-effect (max-warnings 0) rejected
the useEffect form. The idiomatic React pattern for 'reset local
state when prop identity changes' is a key on the parent; that's
what the babysit round 3 C14 fix should have used.
@Aureliolo
chore: regenerate DTOs after rebase onto cockpit + mission-control
8480b2f 
main merged #2044 (mission-control + flight-recorder) which added the
cockpit MCP domain, cockpit settings namespace, and its own generated
types. Rebasing this charter PR on top required:

- Keeping both charter and cockpit imports in the MCP domain / handler
  aggregators and the SettingNamespace enum.
- Bumping the pinned tool-count assertions to 231 (219 baseline +
  7 cockpit + 5 charter) in test_tool_surface and test_all_handlers_wired.
- Regenerating web/src/api/types/{dtos,enum-values,openapi}.gen.ts so
  both the cockpit and charter DTO additions are reflected (the
  generator is the single source of truth; the rebase conflict markers
  inside the .gen.ts files were resolved by accepting cockpit then
  regenerating to produce the union).
@Aureliolo
fix: log CHARTER_STATE_INCONSISTENT before raise + functional updater…
6f89dd4 
… for fetchMoreCharters

Two new CodeRabbit findings on the round-3 fixes:

- service.py / dispatch.py: emit a structured ERROR log on the
  CHARTER_STATE_INCONSISTENT event before raising
  CharterStateInconsistentError so the row disappearance is recorded
  even though the exception bubbles past. Stage label disambiguates
  the two call sites (cancel_charter vs approve_charter).

- stores/charter.ts fetchMoreCharters: replace pre-await snapshot of
  charters with a functional set updater so any mutation that lands
  during the in-flight cursor fetch is preserved instead of being
  clobbered by the stale snapshot.
@Aureliolo Aureliolo force-pushed the feat/1977-deep-ceo-interview-charter branch from 9184fdd to 6f89dd4 Compare May 22, 2026 20:26
@Aureliolo Aureliolo temporarily deployed to cloudflare-preview May 22, 2026 20:28 — with GitHub Actions Inactive
@Aureliolo Aureliolo merged commit 904f2fb into main May 22, 2026
77 of 78 checks passed
@Aureliolo Aureliolo deleted the feat/1977-deep-ceo-interview-charter branch May 22, 2026 20:35
@Aureliolo Aureliolo temporarily deployed to cloudflare-preview May 22, 2026 20:35 — with GitHub Actions Inactive
@synthorg-repo-bot synthorg-repo-bot Bot mentioned this pull request May 22, 2026
Merged
@codecov
Copy link
Copy Markdown

codecov Bot commented May 22, 2026

Codecov Report

❌ Patch coverage is 84.43898% with 190 lines in your changes missing coverage. Please review.
✅ Project coverage is 85.05%. Comparing base (1c2660b) to head (6f89dd4).
⚠️ Report is 2 commits behind head on main.
✅ All tests successful. No failed tests found.

Files with missing lines Patch % Lines
src/synthorg/persistence/sqlite/charter_repo.py 74.49% 37 Missing and 1 partial ⚠️
src/synthorg/persistence/postgres/charter_repo.py 78.26% 29 Missing and 1 partial ⚠️
src/synthorg/api/controllers/charter.py 72.22% 23 Missing and 2 partials ⚠️
src/synthorg/api/app.py 40.00% 22 Missing and 2 partials ⚠️
src/synthorg/meta/mcp/handlers/charter.py 87.89% 15 Missing and 4 partials ⚠️
src/synthorg/persistence/charter_factory.py 29.62% 19 Missing ⚠️
src/synthorg/meta/charter/dispatch.py 90.90% 8 Missing and 3 partials ⚠️
src/synthorg/meta/charter/service.py 93.19% 5 Missing and 5 partials ⚠️
src/synthorg/meta/charter/models.py 94.73% 4 Missing and 2 partials ⚠️
src/synthorg/api/state_services_facades_mcp3.py 77.77% 4 Missing ⚠️
... and 2 more
Additional details and impacted files 
@@            Coverage Diff            @@
##             main    #2045     +/-   ##
=========================================
  Coverage   85.04%   85.05%             
=========================================
  Files        2208     2251     +43     
  Lines      128126   130269   +2143     
  Branches    10613    10748    +135     
=========================================
+ Hits       108962   110796   +1834     
- Misses      16488    16755    +267     
- Partials     2676     2718     +42

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@Aureliolo Aureliolo mentioned this pull request May 22, 2026
Open
Aureliolo pushed a commit that referenced this pull request May 24, 2026
@synthorg-repo-bot @github-actions
chore(main): release 0.8.8 (#2043)
e2a2370 
<!-- HIGHLIGHTS_START -->
## Highlights

> _AI-generated summary (model: `openai/gpt-4.1-mini` via GitHub
Models). Commit-based changelog below._

### What you'll notice
- New brownfield codebase intake mode supports merger and acquisition
scenarios.
- Added deep CEO interview feature to improve project charter creation.
- Introduced mission control and flight recorder operator cockpit for
better operational oversight.
- Research mode added for enhanced exploratory work.
- Runtime services now log safety-spine state at boot for clearer
diagnostics.

### What's new
- Research mode feature enables deeper data exploration.
- CEO interview integration helps shape project charters.
- Mission control and flight recorder cockpit introduced for operational
tracking.

### Under the hood
- Improved codebase modularity with module-size gates and lint
tightening.
- Added __init__.py to 21 test directories for better test discovery.
- Promoted six transitive dependencies to direct dependencies for
clarity.
- Split codespell ignore list into vocabulary and source renames.
- Decomposed oversized web utilities, hooks, and libraries for
maintainability.
- Enhanced CI with Lychee link checker integration and retry logic for
cosign signing.
- Sharded unit and integration tests and added Postgres service
container in CI.
- Updated infrastructure and web dependencies; maintained lock files.

<!-- HIGHLIGHTS_END -->

:robot: I have created a release *beep* *boop*
---


##
[0.8.8](v0.8.7...v0.8.8)
(2026-05-24)


### Features

* brownfield codebase intake (merger/acquisition entry mode)
([#2042](#2042))
([e287621](e287621)),
closes [#1975](#1975)
* deep CEO interview to project charter
([#2045](#2045))
([904f2fb](904f2fb))
* mission control + flight recorder operator cockpit
([#2044](#2044))
([1c2660b](1c2660b))
* research mode
([#2041](#2041))
([f81a5ac](f81a5ac)),
closes [#1989](#1989)
* surface safety-spine state in runtime-services boot log (closes
[#2096](#2096))
([#2097](#2097))
([f187b31](f187b31))


### Refactoring

* add __init__.py to 21 leaf test directories (INP001)
([#2081](#2081))
([2592118](2592118)),
closes [#2064](#2064)
* codebase modularity (1/4) - module-size gates + lint tightening +
tools ([#2078](#2078))
([556fbd9](556fbd9)),
closes [#2047](#2047)
[#2040](#2040)
* promote 6 transitive deps to direct deps
([#2083](#2083))
([adedc6a](adedc6a))
* split codespell ignore-words-list into vocab + source renames
([#2085](#2085))
([917d98a](917d98a)),
closes [#2074](#2074)
* **web:** PR A foundation, decompose oversized utils/hooks/lib
([#2092](#2092))
([#2098](#2098))
([aedbba5](aedbba5))


### CI/CD

* exclude slsa.dev from lychee (transient timeout on canonical badge)
([#2090](#2090))
([346c51d](346c51d))
* fix paths-filter shallow-clone race and scorecard allowlist
([#2089](#2089))
([7cd7ce8](7cd7ce8))
* refresh .test_durations.{unit,integration}
([#2087](#2087))
([ddf2d86](ddf2d86))
* retry cosign sign on transient GHCR/Rekor failures
([#2100](#2100))
([da9422a](da9422a))
* shard test-unit + test-integration, sysmon coverage, Postgres service
container ([#2080](#2080))
([0768787](0768787))
* wire Lychee link-checker (workflow + installer + pre-push hook)
([#2084](#2084))
([1c0694a](1c0694a))


### Maintenance

* Lock file maintenance
([#2086](#2086))
([a78810a](a78810a))
* Update Infrastructure dependencies
([#2055](#2055))
([041ad8b](041ad8b))
* Update Web dependencies
([#2054](#2054))
([4d57b9a](4d57b9a))

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).

---------

Co-authored-by: synthorg-repo-bot[bot] <279117679+synthorg-repo-bot[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] requested changes

+1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Deep CEO interview to project charter

1 participant

@Aureliolo