[ORB-00054] Promote agent-main to main — initial branching-flip promotion#242
Merged
Conversation
Tasks: - T20260506-21: Add task-sync to CONVENTIONS §12 ownership table Co-authored-by: codex <codex@openai.com>
Lead messaging with the durable, intent-tracked agentic backlog wedge (Linear/Jira for AI-native solo developers); demote fleet primitives to a dedicated Long-arc vision section. Funnel progression (solo -> internal champion -> team-scale) made explicit. Solo-developer disclaimer removed; replaced with "we're the layer above in-session tools" framing. Knowledge-graph moat now empirically cited via benchmarks/graph/ in both docs. Intent attribution at the codebase level promoted to a non-negotiable. Per office-hours design doc: ~/.gstack/projects/danieljhkim-orbit/daniel-agent-main-design-20260506-201105.md
…odel Iterates on yesterday's wedge rewrite. Strategic decision on 2026-05-07 to pursue VC-track funding requires the OSS to carry a commercial wrapping. Adopts the open-core pattern: Orbit OSS (permissive license, solo wedge) plus Orbit Team (closed-source hosted SaaS, organizational governance). POSITIONING.md: - Adds "Commercial model: open-core, two tiers" section naming OSS and Team tiers with license stance. - Funnel stage 3 reframed as commercial conversion point. - Enterprise bullet in "NOT for" section reframed: refusing OSS pollution is not refusing the demand. Demand routes to the paid SKU. - Non-negotiables: self-hostable qualified to OSS tier; adds open-core split bullet locking the architectural boundary. - Renames "Long-arc vision" to "Commercial roadmap: Orbit Team" with explicit GTM motion and target buyer segment (growth-stage / mid-market). - Boundaries: adds champion-conversion-failure kill criterion; Fortune-500 demand reframed; open-core boundary-drift trigger. README.md: - New "Commercial Model" section between "Why Orbit Exists" and "Primary Commands." - POSITIONING references updated for renamed "Commercial roadmap" anchor. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Tasks: - T20260507-12: Scaffold orbit-registry crate skeleton with merge-class trait and crate-boundary enforcement Co-authored-by: codex <codex@openai.com>
Tasks: - T20260508-2: Add identity-key benchmark: script + logged results characterizing identity_key durability Co-authored-by: codex <codex@openai.com>
Tasks: - T20260508-1: Break down crates/orbit-core/src/runtime/v2_host.rs into focused submodules Co-authored-by: codex <codex@openai.com>
Tasks: - T20260508-3: Revise PR body template for one-task-per-PR layout Co-authored-by: codex <codex@openai.com>
…0508-4] Adds website/scripts/sync-tasks.mjs which renders one Markdown page per done task plus a sortable index. Wired into the website's predev/prebuild/ prepreview/precheck chains alongside the existing sync:* scripts. URLs are status-independent (/tasks/<task_id>/) so PR/blog links stay valid when tasks transition from done to archived.
Tasks: - T20260508-6: Tidy orbit-store/src/file: subgroup scoreboards + diagnostics, lift knowledge_stats Co-authored-by: codex <codex@openai.com>
Tasks: - T20260508-5: Group orbit-core command/job*.rs into command/job/ module Co-authored-by: codex <codex@openai.com>
- sidebar.label = task_id keeps entries scannable; full title stays as page H1 - sort by updated_at desc and assign sidebar.order so newest is on top
Split the flat orbit/ tool directory into per-domain submodules (task, knowledge, review_thread, groundhog, duel, state, pipeline) so each domain owns its own namespace and can host shared helpers locally instead of crowding the parent mod.rs. Knowledge-internal helpers (load_graph_for_read, has_explicit_knowledge_dir) move into knowledge/mod.rs alongside the write helper they depend on.
The ::before pseudo on .sl-markdown-content h2 added a centered black dot above every h2. On long task pages with many sections the dots read as visual noise; the existing 5rem top margin + 2rem padding-top already separates sections.
- .orbit-hero mobile grid now uses minmax(0, 1fr) so the long curl URL inside the install code block can't push the track wider than the viewport (1fr defaults to minmax(auto, 1fr) which honors max-content) - .sl-markdown-content table at <=54rem switches to display:block + overflow-x:auto so wide tables (Tasks index, scoreboard) get a horizontal scroller instead of being clipped by the existing overflow:hidden border-radius rule
Tasks: - T20260427-36: task_gate_pipeline lock TTL can expire before child implementation timeout Co-authored-by: codex <codex@openai.com>
Tasks: - T20260427-38: task_epic_pipeline cannot converge after normal PR/local shipment leaves subtasks in review Co-authored-by: codex <codex@openai.com>
Tasks: - T20260427-40: task_epic_pipeline orchestrator timeout is shorter than child gate/ship waits Co-authored-by: codex <codex@openai.com>
Tasks: - T20260508-9: Reconcile orbit-execute-task review transition with agent_implement envelope Co-authored-by: codex <codex@openai.com>
Tasks: - T20260427-34: invoke_and_wait lets failed child pipelines satisfy parent workflow steps Co-authored-by: codex <codex@openai.com>
…260508-12] Adds RuntimeConfig.workflow_base_branch (default "main"), exposes OrbitRuntime::workflow_base_branch(), and routes ship/ship-auto/duel-plan --base flags through the runtime when omitted. Production-job YAML defaults flip from agent-main to main; examples/* keep agent-main since they document the buffer-branch + promote pattern. Repos that want the agent-main convention now set [workflow] base_branch = "agent-main" in their .orbit/config.toml.
Tasks: - T20260508-11: Fix broken task_id link in PR body; add opt-in URL template config Co-authored-by: codex <codex@openai.com>
Tasks: - T20260508-10: Fix CI clippy failure: unused imports in sandbox.rs tests on non-macOS targets Co-authored-by: codex <codex@openai.com>
Tasks: - T20260508-8: v2 cli backend: set subprocess cwd to resolved workspace_path Co-authored-by: codex <codex@openai.com>
…dbox [T20260508-13] Claude Code persists its main settings to $HOME/.claude.json (with .lock and atomic-write .tmp.<pid>.<ms_ts> siblings) at the home root, not under $HOME/.claude/. SBPL `subpath` does not match siblings, so the existing per-provider state-dir clause from ADR-013 was insufficient: every Claude invocation under macos-sandbox-exec lost the ability to update its state file, and tool calls that wait on the lockfile hung silently. Codex and Gemini are unaffected because all their state lives under their state directories. Add three SBPL allow clauses (literal for canonical+lock, regex for tmp) when `CLAUDE_CONFIG_DIR` is unset. The override case is unchanged — the JSON sibling lives inside the override dir, already covered by the existing subpath clause. ADR-014 records the amendment. - crates/orbit-exec/src/macos_sandbox.rs: emit_claude_home_json_allows helper + unit tests + macOS kernel-level e2e test - docs/design/policy-sandbox/4_decisions.md: ADR-014 + reference list
Tasks: - T20260508-14: Surface per-step agent logs and error diagnostics in dashboard Co-authored-by: codex <codex@openai.com>
… into CLAUDE.md/AGENTS.md [ORB-00023]
Fresh Orbit workspaces had no surface that taught agents Orbit's
workflow rules (task-before-work, commit attribution, etc.) unless
operators hand-wrote them into CLAUDE.md / AGENTS.md. Add a strictly
opt-in flag that does it for them with an idempotent fenced block.
- New asset crates/orbit-core/assets/agent-rules.md holds the literal
block with HTML-comment markers and five durable rules: task-before-
work, tool-surface-over-direct-edits, commit attribution (agent
identity + task ID), don't-commit-before-approval, route-via-orbit
-skill.
- New module crates/orbit-core/src/command/agent_rules.rs exposes
inject_agent_rules(workspace_root) returning per-file outcomes
(Created | AppendedBlock | ReplacedBlock). Atomic writes via
orbit_common::utility::fs::atomic_write_text.
- Behavior matrix (all four paths covered by unit tests):
absent -> create with block + trailing newline
markerless -> append with one blank-line separator;
pre-existing bytes preserved
marker pair -> replace content between markers; outside
content byte-stable
only one marker -> OrbitError::InvalidInput naming the file and
the missing marker; file untouched
- Re-runs with unchanged template are byte-identical (idempotency
test covers this).
- New flag --inject-agent-rules on `orbit workspace init` (default
off; existing behavior byte-unchanged). Prints one summary line per
target file. Wired through execute_without_runtime after init.
cargo test -p orbit-core: 295 passed (was 288); make ci exit 0;
live smoke test of release binary against a temp dir confirms both
files land with the block and the marker pair.
Tasks: - ORB-00028: Extract Gemini CLI stats token metrics Co-authored-by: orbit <orbit@orbit.local>
Tasks: - ORB-00024: Remove `friction` status filter chip from web dashboard Co-authored-by: orbit <orbit@orbit.local>
Tasks: - ORB-00027: Fix Gemini planning-duel artifact persistence under sandbox Co-authored-by: orbit <orbit@orbit.local>
Tasks: - ORB-00025: Add inline task status update control to web dashboard Co-authored-by: orbit <orbit@orbit.local>
Tasks: - ORB-00030: graph.search: rank trait/struct/enum definitions above impl-method matches for exact-name symbol queries Co-authored-by: orbit <orbit@orbit.local>
Bumps the npm_and_yarn group with 1 update in the /website directory: [devalue](https://github.com/sveltejs/devalue). Updates `devalue` from 5.7.1 to 5.8.1 - [Release notes](https://github.com/sveltejs/devalue/releases) - [Changelog](https://github.com/sveltejs/devalue/blob/main/CHANGELOG.md) - [Commits](sveltejs/devalue@v5.7.1...v5.8.1) --- updated-dependencies: - dependency-name: devalue dependency-version: 5.8.1 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Tasks: - ORB-00026: Surface step/run error messages in dashboard Steps and Events tabs Co-authored-by: orbit <orbit@orbit.local>
Tasks: - ORB-00029: graph.show: suggest nearest selectors on knowledge_invalid resolution failure Co-authored-by: orbit <orbit@orbit.local>
Tasks: - ORB-00009: Wire push-injection pipeline for project-learnings (Layers 1–3) Co-authored-by: orbit <orbit@orbit.local>
Tasks: - ORB-00033: Fix leaked & double-dotted task-bundle create-lock files Co-authored-by: orbit <orbit@orbit.local>
Tasks: - ORB-00034: PR body "authored by" falls back to created_by; embed implementer instead Co-authored-by: orbit <orbit@orbit.local>
Switch .step-log-block pre from white-space: pre-wrap to pre so each stdout/stderr source line renders as a single visual row with horizontal scroll instead of fragmenting into per-token rows. Split the shorthand overflow rule into explicit overflow-x/-y for clarity while preserving the 260px height cap. Original implementation by gpt-5.5 in jrun-20260515-0332-2; committed here against current agent-main since the worktree branch fell behind. Authored-by: claude-opus-4-7
Tasks: - ORB-00032: graph.overview: expose downgrade reason and threshold in response payload Co-authored-by: orbit <orbit@orbit.local>
The persisted `pid_start_time` was derived from ambient `ps -o lstart=` on
both the store-side writer and the core-side reconciler, so a run marked
running under one timezone could be re-derived to a different token under
another (e.g. `TZ=UTC`). Read paths reach reconciliation through
`show_job_run`/`wait_pipeline_runs`, so the false mismatch finalized live
workers as failed; `finalize_job_run` then made the terminal state sticky.
Fix:
- Add `orbit_common::utility::process_identity` with a versioned
`ps-lstart-utc-v1:<lstart>` token derived under forced
`TZ=UTC`/`LC_ALL=C`/`LANG=C`, plus a `legacy_lstart_matches` helper for
back-compat against pre-fix unversioned values.
- Route both store-side (`mark_job_run_running`, `take_over_running_job_run`)
and core-side reconciliation through the shared helper, removing the
duplicate token impls (and the now-empty `job_store/resource.rs`).
- Replace the boolean owner check with an `OwnerIdentity::{Verified,
Mismatch, LegacyLiveUnverified, Missing}` classification. Only
`Mismatch`/`Missing` finalize a Running run; only `Verified` is signalled
by cancellation, preserving the PID-reuse guard for legacy-live-unknown
cases too.
Tests: new Unix regressions exercise `show_job_run`, `list_job_runs`, and a
zero-timeout `wait_pipeline_runs` after a TZ switch; one asserts the
versioned token is stable across TZs; one covers the LegacyLiveUnverified
branch. The existing `cancel_job_run_does_not_signal_reused_pid_identity_mismatch`
now writes a versioned mismatched token to exercise the strict path.
TZ mutation is serialized via a module-static mutex + RAII guard.
Validation: `cargo test -p orbit-common --lib utility::process_identity`
(3/3), `cargo test -p orbit-core --lib command::job::run::tests` (14/14),
`cargo test -p orbit-store --lib` (134/134), `make ci-fast` passes.
…andbox - Deleted the skills file from the agents directory. - Updated the Gemini executor YAML to specify the macOS sandbox configuration. - Enhanced sandbox path definitions in the sandbox.rs file to include workspace-specific directories.
Two coupled bugs from `jrun-20260515-0336` (planning-duel on ORB-00003):
Part 1 — stale-run probe robustness. The post-ORB-00036 owner classifier
treated any `process_start_identity_token = None` as `Missing`, collapsing
two distinct cases: `ps -p` exited non-zero (genuine no-process) and
`Command::output()` itself errored (transient probe failure). A single
flaky probe against a live worker was enough to terminalize the run.
- `orbit_common::utility::process_identity` adds `ProbeOutcome::{Token,
NoProcess, Unavailable}` and `probe_process_start_identity`. The internal
`lstart_raw` now returns `Result<Option<String>, io::Error>` so the probe
can tell `ps` failure apart from process-not-found.
- `orbit-core/src/command/job/run.rs` adds `OwnerIdentity::ProbeUnavailable`
and splits the classifier into a closure-injectable inner form
(`classify_run_owner_with_probes`) plus a thin production wrapper.
Versioned token + `NoProcess` race-checks `kill(pid, 0)`; live PID →
`ProbeUnavailable`, dead → `Missing`. `Unavailable` follows the same
shape. `running_run_owner_is_stale` finalizes only on `Mismatch | Missing`;
`signal_run_owner_process` still gates on `Verified` only, so PID-reuse
protection is unchanged.
- `stale_job_run_message` now records the resolved owner identity as
`reason=process_not_found|token_mismatch|probe_unavailable` per AC #3.
Part 2 — Gemini arbiter `winner.json` persistence. Adds a regression test
mirroring ORB-00027's `duel_plan_add_persists_gemini_planner_artifact` for
the arbiter path (`orbit.duel.plan.winner`). The workspace-side sandbox
roots added in f3919a9 + the global tasks allow from ORB-00027 already
cover the symlink-resolved write path; no further sandbox change is
needed. Existing sandbox-resolver tests guard the narrowness.
Tests:
- `cargo test -p orbit-common --lib` (126 passed)
- `cargo test -p orbit-core --lib command::job::run::tests` (22 passed, 14
pre-existing + 8 new probe-outcome regressions)
- `cargo test -p orbit-core --lib runtime::orbit_tool_host::task_tools_tests::duel`
(2 passed)
- `cargo test -p orbit-core --lib runtime::v2_host::sandbox` (8 passed)
- `make fmt && make ci-fast` passes.
Tasks: - ORB-00039: Expose orbit.learning.* tools through orbit mcp serve Co-authored-by: codex <codex@openai.com>
Tasks: - ORB-00040: Cross-link RELEASING.md and docs/RELEASE.md Co-authored-by: orbit <orbit@orbit.local>
Patch bump 0.5.3 → 0.5.4. CHANGELOG covers 21 ORB tasks and 6 commit-only changes since v0.5.3, themed across Features (push-injection of project learnings, design-docs surface, default-skill alignment, agent-rules injection, dashboard task-status transitions, learning tools over MCP), Fixes (PID identity stability, job-step error_message plumbing, Gemini sandbox/token accounting, graph diagnostics, lock-sentinel cleanup, PR signature attribution, dashboard log rendering, friction-chip cleanup), and Chores (ci-fast target, release-doc cross-links, deprecated YAML cleanup, devalue bump). No breaking changes (human-confirmed). Refreshed Last updated: on 8 design docs that the decay check flagged after 2026-05-14 source touches; doc content remained accurate against the referenced changes.
* feat: add Grok MCP server configuration for Orbit * [ORB-00038] Rename executor model pair override --------- Co-authored-by: codex <codex@openai.com>
- Create full design doc folder structure (1_overview.md through 4_decisions.md + specs/ + references/) - Add initial 1_overview.md with motivation, core concepts, and current families table - Record ADR-0151 decision in 4_decisions.md - Add minimal references/glossary.md - Establish "agent-families" as a first-class top-level design feature This is the foundational documentation for treating Grok (and future agents) as true peers to Claude, Codex, and Gemini. Related: - ADR-0151: Add Grok (xAI) as a fourth peer agent family - ORB-00042: Grok onboarding epic - ORB-00043: Core attribution changes
Pulls origin/main commits back to dev branch ahead of the branching-model flip: - b94fc5b Add persistent Orbit Knowledge Base (docs/KNOWLEDGE_BASE.md) (Daniel, 2026-05-15) - 96db152 [T20260430-16] Resolve yaml stack overflow advisory (codex; already on agent-main as 3e1a672 with identical patch — duplicate SHA, no functional change) Makes the first agent-main → main promotion a clean fast-forward.
) RELEASING.md gains §10b promote step (post-tag agent-main → main merge commit) and a new §Hotfix flow section (branch-from-main → fix → tag → back-merge to agent-main). CLAUDE.md gains a Branching section documenting the split for agents. Install URLs in README.md and the website flip from /agent-main/install.sh to /main/install.sh so external consumers track the release branch. default-config.toml comment reframes the buffer-branch pattern as Orbit's own model, not a hypothetical. The retired promote_agent_main.yaml stub is removed — the dispatcher already rejects this action (ORB-00007). The smoke example crates/orbit-engine/examples/v2_name_resolution_smoke.rs still references it but was already broken at scenario F before this change; not in CI. Co-authored-by: claude <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
First execution of the new
agent-main → mainpromotion flow established in ORB-00054.What this brings to
mainEverything currently on
agent-mainsince7a045d76(the prior merge base) — including:agent-main)ba3c9d8b— back-merge oforigin/main's 2 leading commits (KB doc +[T20260430-16]yaml advisory, which was already onagent-mainas3e1a672ewith the same patch — duplicate SHAs auto-resolve cleanly)750982d1— [ORB-00054] doc + config flip ([ORB-00054] Flip branching model: main = release, agent-main = dev #241), the codified branching model itselfAfter this merges,
mainwill be the release-only branch going forward perRELEASING.md§10b. The repo default-branch flip and branch protection follow in the next session steps.Merge instructions
Merge commit, not squash (
gh pr merge --merge). This is a fast-forward by content, but the merge commit makes the release boundary explicit inmain's log.Known CI noise
The
Check / Clippy / Testworkflow is currently red onagent-maindue to 5.expect()clippy violations incrates/orbit-store/tests/legacy_models_warns.rs— pre-existing, unrelated to this promotion. Worth a follow-up task.🤖 Generated with Claude Code