feat: merge dev into main with p2p, escrow, tooling, and docs updates#72
Merged
langowarny merged 71 commits intomainfrom Mar 17, 2026
Merged
feat: merge dev into main with p2p, escrow, tooling, and docs updates#72langowarny merged 71 commits intomainfrom
langowarny merged 71 commits intomainfrom
Conversation
- Added support for creating, joining, and managing collaborative P2P workspaces. - Introduced git bundle operations for sharing code within workspaces, including commands for initializing, pushing, and fetching git bundles. - Implemented workspace lifecycle management, including contribution tracking and chronicling of workspace activities. - Enhanced configuration options for P2P workspaces in the application settings. - Added event handling for workspace-related actions such as creation, member joining/leaving, and message posting.
- Fixed data race in Node.PubSub() by using sync.Once for lazy initialization. - Removed dead code related to chronicler wiring and git fetch subprocess in ApplyBundle. - Consolidated workspaceComponents into wsComponents for cleaner code. - Introduced typed Role constants for workspace members to enhance type safety. - Improved protocol handler efficiency by switching to a streaming JSON decoder. - Added sentinel errors for better error handling and reduced string duplication in CLI commands. - Enhanced ContributionTracker with a Remove method for workspace cleanup.
- Added support for collaborative workspaces, enabling agents to share code, messages, and git bundles. - Implemented commands for creating, joining, and managing workspaces, along with lifecycle management features. - Introduced git bundle operations for atomic code sharing within workspaces. - Enhanced configuration options for workspaces, including chronicling and contribution tracking. - Updated documentation to reflect new workspace features and CLI commands.
- Added team coordination tools, enabling the formation of teams with automatic budget allocation and escrow management. - Implemented event-driven bridges for team escrow and budget lifecycle management, enhancing resource allocation and task completion tracking. - Introduced workspace management features for teams, including automatic workspace creation and contribution tracking. - Enhanced protocol handlers to support team-related messages, including invitations, task delegation, and disbanding. - Added comprehensive integration tests to validate team and budget functionalities.
- Add LangoEscrowHubV2/VaultV2 contracts with beacon proxy pattern, BeaconVaultFactory, DirectSettler and MilestoneSettler; include DeployV2/UpgradeV2 scripts and full Foundry test coverage - Add Go V2 hub client, ABI bindings, and dangling escrow detector to support the new on-chain contract architecture - Add P2P team BoltDB persistent store, split coordinator into membership and shutdown modules, and introduce team health monitor - Add app-layer bridges for team budget, reputation, shutdown, and on-chain escrow events, wiring team lifecycle to economy actions - Fix skipped simplify issues in economy escrow, onchain escrow, and p2p team payment
- Deleted obsolete files related to observability monitoring, including configuration, design, proposal, tasks, and specifications documents. - This cleanup is part of the effort to streamline the codebase and remove unused components.
- Introduced a new `ConfirmationDepth` configuration option for the on-chain escrow, allowing users to specify the number of blocks to wait before processing events to protect against L2 reorgs. - Implemented reorg detection in the event monitor, publishing `EscrowReorgDetectedEvent` when a reorganization is detected, with appropriate logging for deep and shallow reorgs. - Updated CLI commands and documentation to reflect the new confirmation depth feature and its implications for event processing.
- Changed the expected output in the test for DefaultBuilder to reflect the correct number of tool categories, ensuring the test accurately verifies the embedded content.
P2P Agent Cowork
- Added a `timeout` parameter to cron job definitions, allowing for per-job execution time limits. - Enhanced the `AddJob` method to return the persisted job from the `Upsert` operation, reducing unnecessary database calls. - Updated the scheduler to handle job timeouts and ensure proper context management during execution. - Refactored the `Stop` method in the scheduler to prevent double-close panics using `sync.Once`. - Improved overall code quality by removing dead code and adhering to Go style guidelines.
feat: implement per-job timeout and idempotent upsert for cron jobs
- Added support for incremental bundles using `base..HEAD` range, with fallback to full bundles if the base commit is missing. - Introduced `CreateTaskBranch`, `MergeTaskBranch`, and `DeleteTaskBranch` functions for managing task-specific branches to avoid conflicts. - Enhanced health monitoring with git state tracking, allowing detection of divergent HEADs among team members. - Added new protocol message types for incremental bundle operations and commit existence checks. - Implemented verification for bundles before application, ensuring safe and atomic operations. - Updated configuration options to enable incremental bundle creation and task branch isolation.
p2p/gitbundle: - Extract runGit() helper to eliminate repeated exec/stdout/stderr boilerplate p2p/handshake: - Add SessionStore.GetByToken() for direct token lookup instead of iterating ActiveSessions() in callers p2p/team/health_monitor: - Guard event subscriptions with sync.Once to prevent duplicate registrations on repeated Start() calls - Use dedicated context variables (pingCtx, gsCtx) for ping and git-state calls so each gets its own independent timeout budget economy/escrow: - Add ListByStatusBefore(status, before) to Store interface, memoryStore, and EntStore to push time-window filtering into the query layer - Update DanglingDetector.scan() to use the new method, removing per-entry time checks in application code cron: - Replace positional New() parameters with SchedulerConfig struct for safer, self-documenting construction; apply nil/zero defaults inside New() app: - Consolidate floatToUSDC / floatToBudgetAmount duplicates into a single floatToMicroUSDC() in convert.go - Use SessionStore.GetByToken() in session validator closure - Add context timeout for identity.DID() call on startup - Pre-allocate member slices with known capacity in team tool handlers
Incremental Git Bundle & Task Branch Management
- Updated command groups in the CLI for better user intent alignment, introducing categories like "Getting Started," "AI & Knowledge," "Automation," and "Network & Economy." - Added a new `lango status` command to provide a unified system status dashboard, displaying health, configuration, and feature status. - Introduced preset profiles for onboarding, allowing users to start with purpose-built configurations (minimal, researcher, collaborator, full). - Enhanced the onboarding command to accept a `--preset` flag, guiding users through setup with relevant feature recommendations. - Implemented tier-based visibility in the settings menu, reducing cognitive load by categorizing options into Basic and Advanced tiers. - Added a startup summary to display activated features immediately after `lango serve` starts.
refactor: reorganize CLI commands and enhance onboarding experience
Update documentation, prompts, Docker, and Makefile to reflect features accumulated on dev: P2P Workspaces, incremental git bundles, task branch management, team health monitoring, graceful shutdown, git state divergence detection, Escrow Hub V2, EventMonitor reorg protection, event-driven bridges, cron per-job timeout, config presets, and lango status command. - Add docs/cli/status.md and docs/features/config-presets.md (new pages) - Expand docs/cli/p2p.md with incremental bundle ops and task branch CLI - Expand docs/features/p2p-network.md with health monitoring, graceful shutdown, git divergence detection, reorg protection, and bridge table - Expand docs/features/economy.md with Hub V2, milestone settler, and dangling escrow detector - Update prompts/AGENTS.md to fifteen tool categories; add Team Tool section (7 tools) and cron --timeout to TOOL_USAGE.md - Update README with 7 new feature bullets, lango status, onboard --preset - Add lango-workspaces volume and LANGO_TEAM/ECONOMY env vars to docker-compose.yml - Add test-team, test-economy, test-bridges targets to Makefile
- Introduced a new `gatekeeper` package for response sanitization, removing internal content and managing output quality. - Added `Sanitizer` struct with methods for sanitizing responses, including stripping thought tags and internal markers. - Implemented middleware for truncating tool outputs exceeding a configurable character limit (default 8000 characters). - Updated application wiring to initialize and apply the sanitizer in response handling. - Enhanced configuration with new `GatekeeperConfig` and `MaxOutputChars` fields for flexible sanitization control. - Added comprehensive tests for sanitizer functionality and middleware behavior. - Updated system prompts to include new output principles guiding model response behavior.
- Replaced manual parameter extraction with `toolparam` utility functions for improved error handling and code clarity. - Updated various tool handlers to utilize `RequireString`, `OptionalString`, `OptionalInt`, and `StringSlice` methods for parameter validation and extraction. - Enhanced consistency in parameter management across multiple tools, including cron, browser, contract, data, economy, escrow, and more. - Improved overall code maintainability and readability by reducing repetitive code patterns.
feat: Output Gatekeeper & Toolparam Extraction
- Add CommandGuard (internal/tools/exec/guard.go) to block commands
accessing protected data paths (~/.lango/) and process management
commands (kill, pkill, killall) via the exec/exec_bg tools
- Add DefaultBlockedPatterns to SecurityFilterHook with catastrophic
command patterns (rm -rf /, mkfs, dd, fork bomb) always active
- Make SecurityFilterHook registration unconditional (not gated by
config flags) so security baseline cannot be disabled
- Add DataRoot config field with path validation enforcing all data
paths (DB, graph, skills, workflows, P2P keys) reside under it
- Add NormalizePaths/ValidateDataPaths to config loader pipeline
- Add AdditionalProtectedPaths to ExecToolConfig for user-specified
extra protected paths beyond DataRoot
- Define BlockedResult struct replacing map[string]interface{} for
typed tool handler responses
- Pre-lowercase security filter patterns at construction time and
pre-build strings.Replacer for command normalization hot path
feat: exec tool security hardening & data root enforcement
- Introduced an OutputStore for managing tool output with token-based compression strategies. - Enhanced tool handlers to support optional parameters for reading files, including offset and limit. - Added new tools for retrieving stored output, allowing for detailed access to compressed results. - Updated configuration to include output management settings, enabling flexible control over output handling. - Implemented comprehensive tests for output management functionality and compression behavior.
feat: implement token-based output management and tool output retrieval
- Implemented receipt status validation in `caller.Write()` to return errors on transaction reverts and timeouts. - Updated bundler client to retrieve nonce using `EntryPoint.getNonce()` via `eth_call` instead of `eth_getTransactionCount`. - Introduced `GetGasFees()` method to fetch EIP-1559 gas fee parameters, ensuring UserOps have correct gas prices. - Improved deployment detection in `IsDeployed()` using `ethclient.CodeAt()` for reliable on-chain verification. - Added post-deploy verification in `GetOrDeploy()` to confirm contract existence after deployment. - Fixed UserOp signing to use `SignTransaction()` to avoid double-hashing issues.
fix: enhance on-chain transaction handling and gas fee management
- Added entryPoint and chainID options for UserOp hash computation in smart account initialization. - Implemented exponential backoff for transaction submission retries in the payment service. - Updated PaymentReceipt struct to include gasUsed and blockNumber fields from on-chain confirmations. - Enhanced session manager to utilize the correct UserOp hash algorithm for signing. - Improved integration tests to validate new UserOp handling and receipt confirmation logic.
feat: enhance UserOp handling and transaction submission process
- Added new commands for configuration management: get, set, and keys. - Implemented advanced settings categories including Logging, Gatekeeper, and Output Manager. - Introduced smart filters for category search: @basic, @advanced, @enabled, @Modified. - Enhanced menu model to support advanced category visibility and filtering. - Updated configuration state management to handle new settings fields and forms. - Added tests for new forms and menu functionalities to ensure proper behavior.
- Introduced a comprehensive dependency registry to manage feature prerequisites, enhancing user experience by making hidden dependencies visible. - Added `DependencyIndex`, `DependencyPanel`, and `SetupFlow` components to facilitate dependency evaluation, navigation, and guided setup. - Implemented a `DependencyChecker` in `MenuModel` to display unmet dependencies with warning badges and a new `@ready` filter for configurable categories. - Refactored `handleMenuSelection` to utilize a shared form creation function, reducing code duplication. - Enhanced tests to cover new functionality, including dependency evaluation and setup flow processes.
feat: refactor settings TUI with hierarchical menu and dependency discovery
- Registered disabled categories (cron, background, workflow) in the tool catalog to improve visibility in `builtin_health`. - Enhanced `builtin_health` to include actionable configuration hints and tool name lists for enabled categories. - Introduced a dynamic `SectionToolCatalog` in the system prompt to display active tool categories and their tools. - Added logging for tool registration summary at application startup for better diagnostics. - Updated orchestrator routing entries to include tool names for improved agent delegation.
- Added an `automationPrefix` constant to enhance prompts sent to the agent runner, indicating that they are automated tasks requiring tool execution. - Updated the `execute` method in the `Manager` and `Executor` to prepend the automation prefix to task prompts. - Modified tests to verify that prompts include the automation prefix and task content. - Enhanced orchestrator instructions to include guidelines for handling automated tasks.
Separate Safe L2 singleton from Safe7579 adapter in Factory to fix "execution reverted" on every deployment attempt. Add EVM revert reason decoding (Error/Panic selectors, eth_call replay), register disabled tool categories for diagnostic visibility, sync Vault agent routing prefixes, and log tool execution failures server-side.
feat: tool discovery refactoring — smart account deploy fix, diagnostics, agent routing
- Added support for including example configuration files in .gitignore. - Updated docker-compose.yml to clarify feature flag management and improve comments on P2P networking. - Modified Dockerfile to use the latest Go version (1.25.4) for builds. - Refactored Makefile to enhance test command organization and added new test categories for security and graph. - Updated README and architecture documentation to reflect recent changes in system structure and component descriptions. - Enhanced background task documentation with detailed state management and notification features.
feat: update Docker configuration and documentation
- Introduced a single `PostLoad()` function to centralize normalization and validation steps for configuration. - Updated `Load()` to delegate all post-load processing to `PostLoad()`, ensuring consistent behavior. - Modified `Store.Save()` to call `PostLoad()` before persisting configurations, guaranteeing canonical form. - Changed `NewSetCmd` to return a cleanup function, eliminating double bootstrap and preventing resource leaks. - Fixed collaborator preset to include the correct RPC URL for Base Sepolia, ensuring validation success.
- Changed the expected output in the test for DefaultBuilder to reflect the correct number of tool categories, ensuring accurate validation of embedded content.
- Introduced a new `SchemaBuilder` to facilitate type-safe construction of JSON Schema objects for agent tool parameters. - Updated existing tools to utilize the new schema builder for defining parameters, enhancing consistency and readability. - Added comprehensive unit tests for the schema builder to ensure correct functionality and validation of various parameter types.
- Refactored `app.New()` to utilize `appinit.Builder.Build()`, replacing the previous monolithic initializer with a modular approach. - Implemented five distinct modules (foundation, intelligence, automation, network, extension) to enhance code organization and maintainability. - Updated `BuildResult` to aggregate `CatalogEntries` from all modules, ensuring comprehensive tool cataloging. - Changed `serveCmd()` to use `cliboot.BootResult()` for bootstrap, aligning with new CLI command requirements. - Removed dead code related to lifecycle registration, improving code clarity and reducing complexity. - Synchronized documentation with actual configuration defaults, enhancing user guidance and reducing discrepancies.
- Introduced a new test file `parity_test.go` to validate the behavior of `app.New()` and related functions. - Implemented Layer 1 unit tests for helper functions like `buildCatalogFromEntries` and `registerPostBuildLifecycle`, ensuring correct category and tool registration. - Added Layer 2 integration tests to verify application state with default and feature-enabled configurations, checking for expected lifecycle components and field population. - Enhanced `lifecycle.Registry` with a new `Names()` method to retrieve registered component names in order, improving test introspection. - Updated documentation to reflect the new testing capabilities and structure.
…on-fixes refactor: modularize app initialization and harden config/bootstrap parity
- Introduced `toolCallAccumulator` to assemble streaming tool call deltas into complete `FunctionCall` parts, addressing issues with empty names in OpenAI API requests. - Enhanced `ModelAdapter.GenerateContent` to utilize the accumulator for both streaming and non-streaming paths, ensuring correct assembly of tool calls. - Added defensive filters in `convertMessages()` and `convertParams()` to skip entries with empty names, improving robustness against upstream bugs. - Implemented comprehensive tests for the new accumulator functionality and its integration with existing systems.
- Added `shutdownCtx` and `shutdownCancel` to the `Server` struct to manage cancellation of ongoing requests during shutdown. - Updated `handleChatMessage()` to derive request contexts from `shutdownCtx`, ensuring they are cancelled when `Shutdown()` is invoked. - Enhanced `Shutdown()` method to call `shutdownCancel()` before closing WebSocket connections, allowing for immediate cancellation of pending approvals and in-flight requests. - Introduced tests to verify that in-flight request contexts are cancelled correctly and that `RequestApproval()` returns `context.Canceled` during shutdown.
- Renamed `TestConvertMessages_OrphanedFunctionCall` to `TestConvertMessages_OrphanedFunctionCall_NoRepair` to reflect changes in behavior. - Updated `convertMessages` to no longer perform orphan repair, delegating this responsibility to provider-specific logic. - Moved `repairOrphanedFunctionCalls` to `openai_test.go` as `repairOrphanedToolCalls`, ensuring it is only used in the OpenAI provider context. - Enhanced tests to verify the new behavior of message conversion without synthetic tool response injection for orphaned calls. - Updated documentation to clarify that orphan repair is now provider-specific.
- Updated `convertTools()` to prioritize `ParametersJsonSchema` over the legacy `Parameters` field, ensuring complete parameter definitions are sent to OpenAI. - Added `additionalProperties: false` to all tool schemas to improve accuracy and compatibility with OpenAI's strict mode. - Implemented `canUseStrictMode()` to conditionally enable strict mode for tools where all properties are required, enhancing validation. - Introduced new tests to verify the correct extraction of parameter schemas and the behavior of strict mode.
- Updated the agent's Run() loop to dynamically expand the turn budget by 50% when multi-agent complexity is detected, based on planner involvement, delegation count, or unique agents. - Introduced new ExampleRequests and Disambiguation fields in AgentSpec to improve routing precision and reduce misrouting due to ambiguous keywords. - Added Output Handling instructions to all non-planner sub-agent prompts to guide handling of compressed tool output. - Implemented universal distribution of tool_output_ prefixed tools to all non-empty agent sets, ensuring better output management across agents. - Enhanced tests to cover new budget expansion logic, routing improvements, and output handling mechanisms.
- Modified `ProviderProxy.Generate()` to reset `params.Model` to an empty string before invoking the fallback provider, ensuring the correct fallback model is applied. - Introduced `ValidateModelProvider()` function to validate model-provider compatibility using a heuristic prefix blocklist, preventing cross-provider model routing errors. - Enhanced `config.Validate()` to check for the existence of `agent.fallbackProvider` in the providers map and validate both primary and fallback model-provider pairs. - Added runtime validation in Gemini and Anthropic providers to ensure model compatibility before making API calls. - Created new tests for the fallback mechanism and model validation to ensure robustness and correctness.
fix: stabilize provider tool replay, OpenAI tooling, and multi-agent orchestration
P0 fixes: - Remove phantom `lango p2p git branch` CLI docs (commands don't exist) - Fix workflow status/cancel/run to use positional args, not --id flag - Fix a2a-protocol config export from YAML to JSON - Replace fake env var feature flags in Docker docs with config profile guidance P1 fixes: - Update AGENTS.md tool categories: twenty-two → twenty-four (Workspace, Output) - Add Workspace/Team/Output tool sections to TOOL_USAGE.md - Add missing CLI commands to README (status, p2p workspace, p2p git) P2 fixes: - Add 9 missing nav entries to mkdocs.yml (features + CLI reference) - Add MCP Integration card and Agent Memory href to features/index.md - Create docs/features/mcp-integration.md from actual code and specs
langowarny
added
bug
- Added a new field `clamped` to the `ExtendableDeadline` struct to indicate when the idle extension is limited by the maximum timeout. - Modified the `New` method to set the reason for completion based on whether the extension was clamped or not. - Updated the `Extend` method to set the `clamped` field when the extension exceeds the remaining time.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR merges
devintomain.Compared with
main,devincludes:Key Changes
1. P2P workspace, team, and collaboration flows
2. On-chain escrow and smart account improvements
3. CLI/TUI and configuration UX improvements
4. Agent runtime, tool execution, and provider compatibility
5. Documentation, examples, and spec synchronization
Testing
Review Focus
Please review with emphasis on: