chore: prepare packages for npm registry publishing#125
Merged
jithin23-kv merged 9 commits intoJun 29, 2026
Merged
Conversation
|
Warning Review limit reached
Next review available in: 2 minutes Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available. How can I continue?After more reviews become available, a review can be triggered using the To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews. How do review limits work?CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability. For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window. Please refer docs for additional details. WalkthroughPackage names and workspace references were updated across the repo. Core packaging now stages runtime assets, resolves installed-package data paths, and adds a tarball smoke test. ChangesScoped package migration
Estimated code review effort🎯 4 (Complex) | ⏱️ ~45 minutes Suggested reviewers
🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
arunSunnyKVS
changed the title
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
🧹 Nitpick comments (2)
core/package.json (1)
89-94: 📐 Maintainability & Code Quality | 🔵 TrivialClarify cross-platform scope of
prepackhooksThe
prepackscript uses POSIX-only commands (cp -r,mkdir -p,rm -rf) that will fail on Windows (cmd.exe/PowerShell). All CI workflows (.github/workflows/*.yml) execute onubuntu-latest, so automated publishing is safe. However, if maintaining expects to publish locally from Windows, this will block release.
- If local publishing on Windows is not in scope, add a note in
CONTRIBUTING.mdorREADME.mdstating that publishing requires a POSIX environment.- If Windows support is expected, replace the shell commands with a cross-platform Node script or use
shx/cpyas proposed.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@core/package.json` around lines 89 - 94, The prepack/postpack hooks in the package.json scripts rely on POSIX-only shell commands, so clarify the intended publishing environment. If Windows local publishing is not supported, add documentation in CONTRIBUTING.md or README.md stating that the publish flow must run in a POSIX shell; if it is supported, replace the current prepack/postpack command chain with a cross-platform implementation using a Node script or helpers like shx/cpy.core/src/catalog/loadEvaluatorCatalog.ts (1)
119-124: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick winMake the ATLAS warning actionable.
The new fallback is fine, but the emitted warning still doesn't tell the user what to do next. Include the concrete remediation in the log itself (for example: bundle/install the ATLAS data correctly, or set
OPFOR_VALIDATE_ATLAS=0if they intentionally want to skip validation).Suggested change
- log.warn(`Skipping ATLAS technique-id validation: ${msg.split("\n")[0]}`); + log.warn( + `Skipping ATLAS technique-id validation: ${msg.split("\n")[0]}. ` + + `Ensure the ATLAS data is packaged with `@keyvaluesystems/agent-opfor-core`, ` + + `or set OPFOR_VALIDATE_ATLAS=0 to disable this validation.` + );Based on learnings, error messages must be actionable and tell the user what to fix, not just that something failed.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@core/src/catalog/loadEvaluatorCatalog.ts` around lines 119 - 124, The warning in loadEvaluatorCatalog’s ATLAS validation catch block is too vague and should tell users what to do next. Update the log message emitted by the catch path so it includes an explicit remediation, such as bundling/installing the ATLAS data correctly or setting OPFOR_VALIDATE_ATLAS=0 to intentionally skip validation. Keep the existing fallback behavior in loadEvaluatorCatalog, but make the log text actionable by referencing the ATLAS data availability and the OPFOR_VALIDATE_ATLAS flag directly.Source: Learnings
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@core/package.json`:
- Around line 93-94: The package staging in the prepack/postpack scripts is not
idempotent: if a prior pack is interrupted, the existing staged directories will
cause cp -r to nest content instead of replacing it. Update the prepack flow in
package.json to clear the staging targets before copying, so evaluators, suites,
skills, data, and atlas-data are always recreated cleanly and cannot accumulate
nested directories after a failed pack.
---
Nitpick comments:
In `@core/package.json`:
- Around line 89-94: The prepack/postpack hooks in the package.json scripts rely
on POSIX-only shell commands, so clarify the intended publishing environment. If
Windows local publishing is not supported, add documentation in CONTRIBUTING.md
or README.md stating that the publish flow must run in a POSIX shell; if it is
supported, replace the current prepack/postpack command chain with a
cross-platform implementation using a Node script or helpers like shx/cpy.
In `@core/src/catalog/loadEvaluatorCatalog.ts`:
- Around line 119-124: The warning in loadEvaluatorCatalog’s ATLAS validation
catch block is too vague and should tell users what to do next. Update the log
message emitted by the catch path so it includes an explicit remediation, such
as bundling/installing the ATLAS data correctly or setting
OPFOR_VALIDATE_ATLAS=0 to intentionally skip validation. Keep the existing
fallback behavior in loadEvaluatorCatalog, but make the log text actionable by
referencing the ATLAS data availability and the OPFOR_VALIDATE_ATLAS flag
directly.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: cd2fbac3-711d-40bc-b80d-a70342e594bf
⛔ Files ignored due to path filters (2)
package-lock.jsonis excluded by!**/package-lock.jsonrunners/cli/ui/package-lock.jsonis excluded by!**/package-lock.json
📒 Files selected for processing (61)
.github/ISSUE_TEMPLATE/bug_report.yml.github/workflows/ci.yml.github/workflows/release.yml.gitignoreAGENTS.mdCONTRIBUTING.mdREADME.mdcore/package.jsoncore/src/autonomous/index.tscore/src/autonomous/knowledge/load.tscore/src/autonomous/lib/types.tscore/src/browser.tscore/src/catalog/loadEvaluatorCatalog.tscore/src/config/evaluatorsLayout.tscore/src/report/types.tscore/src/standards/atlas.tsdocs/browser-extension.mddocs/cli.mddocs/mcp.mddocs/sdk.mdpackage.jsonrunners/cli/package.jsonrunners/cli/src/commands/hunt.tsrunners/cli/src/commands/run.tsrunners/cli/src/commands/setup.tsrunners/cli/src/ui/bridge.tsrunners/cli/src/ui/demoData.tsrunners/cli/src/ui/server.tsrunners/cli/src/ui/snapshot.tsrunners/cli/tests/fork.test.tsrunners/cli/tests/http.test.tsrunners/cli/tests/knowledge.test.tsrunners/cli/tests/leads.test.tsrunners/cli/tests/observe.test.tsrunners/cli/tests/progress.test.tsrunners/cli/tests/recordFinding.test.tsrunners/cli/tests/runlog.test.tsrunners/cli/tests/sendToTarget.test.tsrunners/cli/ui/package.jsonrunners/extension/README.mdrunners/extension/package.jsonrunners/mcp/package.jsonrunners/mcp/src/index.tsrunners/sdk/README.mdrunners/sdk/package.jsonrunners/sdk/src/catalog.tsrunners/sdk/src/hunt.tsrunners/sdk/src/run.tsrunners/sdk/src/types.tsrunners/sdk/tests/catalog.test.tsrunners/sdk/tests/hunt.test.tsrunners/sdk/tests/opfor-class.test.tsrunners/sdk/tests/report.test.tsrunners/sdk/tests/run.test.tsscripts/smoke-pack.tstests/e2e/agents/customer-support/Dockerfiletests/e2e/agents/customer-support/package.jsontests/e2e/agents/vanilla-chat/Dockerfiletests/e2e/agents/vanilla-chat/package.jsontests/e2e/agents/vulnerable-memory/package.jsontests/e2e/mcp/vulnerable-server/package.json
- Remove private:true from @agent-opfor/core so it can be published - Add prepack/postpack to core to bundle data dirs (evaluators, suites, skills) - Update getRepoRoot() to detect published vs monorepo context via existsSync - Pin @agent-opfor/core from "*" to "^0.9.0" in cli, mcp, sdk runners - Wire release-please config-file and manifest-file in release workflow Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
The scope rename updated each test agent's package.json name but left their package-lock.json self-name stale. Sync the lockfile name fields to @keyvaluesystems/agent-opfor-* so each lock matches its package.json. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
…uilds, readmes, and license
There was a problem hiding this comment.
Actionable comments posted: 3
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@core/package.json`:
- Line 6: The core package is still marked private, which prevents publishing
the package. Remove the private flag from the package.json for
`@keyvaluesystems/agent-opfor-core` so the publish flow can proceed, and keep the
rest of the package metadata unchanged.
In `@runners/sdk/package.json`:
- Around line 16-28: The SDK package manifest is staging catalog assets
incompletely, so add the missing skills/ tree to the package contents. Update
the packaging logic in runners/sdk/package.json, specifically the prepack and
matching postpack cleanup, so the published tarball includes skills/ alongside
data/, evaluators/, suites/, and atlas-data/. This should align with
runners/sdk/src/catalog.ts and loadSkillCatalog so installed SDKs can resolve
skill-catalog calls.
In `@runners/sdk/src/types.ts`:
- Around line 351-449: The SDK types refactor removed a previously exported
public type, so restore `UnifiedRunReport` in `runners/sdk/src/types.ts`
alongside the other inlined exports. Make sure the `types.ts` surface still
re-exports or defines `UnifiedRunReport` from the same SDK entrypoint so
existing consumers keep compiling without changing imports.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: 8ccfe33e-74c3-4424-bcfa-e4e4a8641e95
⛔ Files ignored due to path filters (5)
package-lock.jsonis excluded by!**/package-lock.jsontests/e2e/agents/customer-support/package-lock.jsonis excluded by!**/package-lock.jsontests/e2e/agents/vanilla-chat/package-lock.jsonis excluded by!**/package-lock.jsontests/e2e/agents/vulnerable-memory/package-lock.jsonis excluded by!**/package-lock.jsontests/e2e/mcp/vulnerable-server/package-lock.jsonis excluded by!**/package-lock.json
📒 Files selected for processing (15)
core/package.jsoncore/src/config/evaluatorsLayout.tspackage.jsonrunners/cli/README.mdrunners/cli/package.jsonrunners/cli/scripts/bundle.mjsrunners/cli/src/index.tsrunners/mcp/README.mdrunners/mcp/package.jsonrunners/mcp/scripts/bundle.mjsrunners/mcp/src/index.tsrunners/sdk/README.mdrunners/sdk/package.jsonrunners/sdk/src/types.tsrunners/sdk/tsup.config.ts
💤 Files with no reviewable changes (2)
- runners/cli/src/index.ts
- runners/mcp/src/index.ts
✅ Files skipped from review due to trivial changes (4)
- runners/sdk/tsup.config.ts
- runners/cli/README.md
- runners/mcp/README.md
- runners/sdk/README.md
🚧 Files skipped from review as they are similar to previous changes (1)
- core/src/config/evaluatorsLayout.ts
There was a problem hiding this comment.
Caution
Inline review comments failed to post. This is likely due to GitHub's internal server error or limits when posting large numbers of comments. If you are seeing this consistently it is likely a permissions issue. Please check "Moderation" -> "Code review limits" under your organization settings.
Actionable comments posted: 3
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@core/package.json`:
- Line 6: The core package is still marked private, which prevents publishing
the package. Remove the private flag from the package.json for
`@keyvaluesystems/agent-opfor-core` so the publish flow can proceed, and keep the
rest of the package metadata unchanged.
In `@runners/sdk/package.json`:
- Around line 16-28: The SDK package manifest is staging catalog assets
incompletely, so add the missing skills/ tree to the package contents. Update
the packaging logic in runners/sdk/package.json, specifically the prepack and
matching postpack cleanup, so the published tarball includes skills/ alongside
data/, evaluators/, suites/, and atlas-data/. This should align with
runners/sdk/src/catalog.ts and loadSkillCatalog so installed SDKs can resolve
skill-catalog calls.
In `@runners/sdk/src/types.ts`:
- Around line 351-449: The SDK types refactor removed a previously exported
public type, so restore `UnifiedRunReport` in `runners/sdk/src/types.ts`
alongside the other inlined exports. Make sure the `types.ts` surface still
re-exports or defines `UnifiedRunReport` from the same SDK entrypoint so
existing consumers keep compiling without changing imports.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: 8ccfe33e-74c3-4424-bcfa-e4e4a8641e95
⛔ Files ignored due to path filters (5)
package-lock.jsonis excluded by!**/package-lock.jsontests/e2e/agents/customer-support/package-lock.jsonis excluded by!**/package-lock.jsontests/e2e/agents/vanilla-chat/package-lock.jsonis excluded by!**/package-lock.jsontests/e2e/agents/vulnerable-memory/package-lock.jsonis excluded by!**/package-lock.jsontests/e2e/mcp/vulnerable-server/package-lock.jsonis excluded by!**/package-lock.json
📒 Files selected for processing (15)
core/package.jsoncore/src/config/evaluatorsLayout.tspackage.jsonrunners/cli/README.mdrunners/cli/package.jsonrunners/cli/scripts/bundle.mjsrunners/cli/src/index.tsrunners/mcp/README.mdrunners/mcp/package.jsonrunners/mcp/scripts/bundle.mjsrunners/mcp/src/index.tsrunners/sdk/README.mdrunners/sdk/package.jsonrunners/sdk/src/types.tsrunners/sdk/tsup.config.ts
💤 Files with no reviewable changes (2)
- runners/cli/src/index.ts
- runners/mcp/src/index.ts
✅ Files skipped from review due to trivial changes (4)
- runners/sdk/tsup.config.ts
- runners/cli/README.md
- runners/mcp/README.md
- runners/sdk/README.md
🚧 Files skipped from review as they are similar to previous changes (1)
- core/src/config/evaluatorsLayout.ts
🛑 Comments failed to post (3)
core/package.json (1)
6-6: 🎯 Functional Correctness | 🔴 Critical | ⚡ Quick win
Drop
private: truefrom the publishable core package.Line 6 still marks
@keyvaluesystems/agent-opfor-coreas private, sonpm publishwill refuse to ship it. That blocks the release path this PR is setting up.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@core/package.json` at line 6, The core package is still marked private, which prevents publishing the package. Remove the private flag from the package.json for `@keyvaluesystems/agent-opfor-core` so the publish flow can proceed, and keep the rest of the package metadata unchanged.runners/sdk/package.json (1)
16-28: 🗄️ Data Integrity & Integration | 🟠 Major | ⚡ Quick win
Publish
skills/with the SDK package.
runners/sdk/src/catalog.tsimportsloadSkillCatalog, but this package only stagesdata/,evaluators/,suites/, andatlas-data/. Installed SDK tarballs will miss theskills/tree and fail on skill-catalog calls.Suggested manifest/script fix
"files": [ "dist/", "data/", "evaluators/", "suites/", + "skills/", "atlas-data/" ], @@ - "prepack": "cp -r ../../evaluators ./evaluators && cp -r ../../suites ./suites && cp -r ../cli/data ./data && mkdir -p ./atlas-data && cp ../../third_party/atlas-data/dist/ATLAS.yaml ./atlas-data/ATLAS.yaml && cp ../../LICENSE ./LICENSE", - "postpack": "rm -rf ./evaluators ./suites ./data ./atlas-data ./LICENSE" + "prepack": "cp -r ../../evaluators ./evaluators && cp -r ../../suites ./suites && cp -r ../../skills ./skills && cp -r ../cli/data ./data && mkdir -p ./atlas-data && cp ../../third_party/atlas-data/dist/ATLAS.yaml ./atlas-data/ATLAS.yaml && cp ../../LICENSE ./LICENSE", + "postpack": "rm -rf ./evaluators ./suites ./skills ./data ./atlas-data ./LICENSE"📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements."dist/", "data/", "evaluators/", "suites/", "skills/", "atlas-data/" ], "scripts": { "dev": "tsx src/index.ts", "build": "tsup", "typecheck": "tsc -p tsconfig.json --noEmit", "test": "tsx --test tests/*.test.ts", "prepack": "cp -r ../../evaluators ./evaluators && cp -r ../../suites ./suites && cp -r ../../skills ./skills && cp -r ../cli/data ./data && mkdir -p ./atlas-data && cp ../../third_party/atlas-data/dist/ATLAS.yaml ./atlas-data/ATLAS.yaml && cp ../../LICENSE ./LICENSE", "postpack": "rm -rf ./evaluators ./suites ./skills ./data ./atlas-data ./LICENSE"🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@runners/sdk/package.json` around lines 16 - 28, The SDK package manifest is staging catalog assets incompletely, so add the missing skills/ tree to the package contents. Update the packaging logic in runners/sdk/package.json, specifically the prepack and matching postpack cleanup, so the published tarball includes skills/ alongside data/, evaluators/, suites/, and atlas-data/. This should align with runners/sdk/src/catalog.ts and loadSkillCatalog so installed SDKs can resolve skill-catalog calls.runners/sdk/src/types.ts (1)
351-449: 🗄️ Data Integrity & Integration | 🟠 Major | ⚡ Quick win
Keep exporting
UnifiedRunReportfrom the SDK surface.This refactor inlines several core types but drops
UnifiedRunReportfromrunners/sdk/src/types.ts. That turns a namespace/publishing update into a breaking compile-time API removal for existing SDK consumers.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@runners/sdk/src/types.ts` around lines 351 - 449, The SDK types refactor removed a previously exported public type, so restore `UnifiedRunReport` in `runners/sdk/src/types.ts` alongside the other inlined exports. Make sure the `types.ts` surface still re-exports or defines `UnifiedRunReport` from the same SDK entrypoint so existing consumers keep compiling without changing imports.
jithin23-kv
force-pushed
the
feat/npm-publish-setup
branch
from
66eaea6 to
4dae060
Compare
jithin23-kv
approved these changes
Jun 29, 2026
There was a problem hiding this comment.
Actionable comments posted: 2
🧹 Nitpick comments (1)
scripts/smoke-pack.ts (1)
36-39: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick winPreserve command output and make these failures actionable.
Right now the smoke test collapses failures into generic messages, and the
catchpath dropsexecFileSync's stderr/stdout. Whennpm pack,npm install, or the clean-install probe fails, the operator does not get the failing command, output, or a fix path.Suggested change
-function fail(msg: string): never { - console.error(`\n❌ Smoke test FAILED: ${msg}`); +function fail(msg: string, fix: string): never { + console.error(`\n❌ Smoke test FAILED: ${msg}\n→ ${fix}`); process.exit(1); } @@ - if (!tarball) fail("could not determine packed tarball filename"); + if (!tarball) { + fail( + "npm pack did not print a tarball filename.", + "Run `npm pack` in `core/` and inspect the final stdout line plus any `prepack` output." + ); + } @@ - if (failures.length > 0) fail(`empty results for: ${failures.join(", ")}`); + if (failures.length > 0) { + fail( + `Smoke pack loaded empty results for: ${failures.join(", ")}`, + "Check `core/package.json` `files`/`exports` and confirm the runtime data directories are included in the tarball." + ); + } @@ } catch (e: unknown) { - const msg = e instanceof Error ? e.message : String(e); - fail(msg); + const stderr = + typeof e === "object" && e && "stderr" in e + ? String((e as { stderr?: string | Buffer }).stderr ?? "").trim() + : ""; + const msg = stderr || (e instanceof Error ? e.message : String(e)); + fail( + msg, + "Inspect the failing npm/node command output above and verify `core/package.json` packaging hooks and exported runtime files." + ); }As per coding guidelines, “Write actionable error messages that tell the user how to fix the problem, not just that something failed.”
Also applies to: 53-54, 97-102
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@scripts/smoke-pack.ts` around lines 36 - 39, The smoke test failure handling in fail() and the execFileSync catch paths is too generic and drops useful stdout/stderr, so make these errors actionable by preserving the failing command plus captured output when npm pack, npm install, or the clean-install probe fails. Update the failure reporting in smoke-pack.ts so the catch block passes through execFileSync diagnostics and the fail helper includes a clear fix hint or next step, using the existing fail() and command-execution logic to locate the changes.Source: Coding guidelines
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@AGENTS.md`:
- Line 27: The fenced block in AGENTS.md is missing a language tag, which causes
markdownlint to flag it. Update that repo-tree fence to use a text language
identifier so the block is treated as plain text and passes lint; keep the
change limited to the fenced block in the docs.
In `@runners/sdk/src/types.ts`:
- Around line 351-449: The SDK public type surface in types.ts now omits
UnifiedRunReport, which breaks existing consumers importing it from the package.
Add the UnifiedRunReport type back into this file alongside the other inlined
public types and ensure it is exported from the SDK surface, using the existing
types.ts export section as the location to restore it. If you intentionally do
not want to expose it, then treat this as a breaking change and update the
package versioning/release notes accordingly.
---
Nitpick comments:
In `@scripts/smoke-pack.ts`:
- Around line 36-39: The smoke test failure handling in fail() and the
execFileSync catch paths is too generic and drops useful stdout/stderr, so make
these errors actionable by preserving the failing command plus captured output
when npm pack, npm install, or the clean-install probe fails. Update the failure
reporting in smoke-pack.ts so the catch block passes through execFileSync
diagnostics and the fail helper includes a clear fix hint or next step, using
the existing fail() and command-execution logic to locate the changes.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: ba4e6f24-b3ca-4173-84f1-b9ff8ed503f5
⛔ Files ignored due to path filters (6)
package-lock.jsonis excluded by!**/package-lock.jsonrunners/cli/ui/package-lock.jsonis excluded by!**/package-lock.jsontests/e2e/agents/customer-support/package-lock.jsonis excluded by!**/package-lock.jsontests/e2e/agents/vanilla-chat/package-lock.jsonis excluded by!**/package-lock.jsontests/e2e/agents/vulnerable-memory/package-lock.jsonis excluded by!**/package-lock.jsontests/e2e/mcp/vulnerable-server/package-lock.jsonis excluded by!**/package-lock.json
📒 Files selected for processing (67)
.github/ISSUE_TEMPLATE/bug_report.yml.github/workflows/ci.yml.github/workflows/release.yml.gitignoreAGENTS.mdCONTRIBUTING.mdREADME.mdcore/package.jsoncore/src/autonomous/index.tscore/src/autonomous/knowledge/load.tscore/src/autonomous/lib/types.tscore/src/browser.tscore/src/catalog/loadEvaluatorCatalog.tscore/src/config/evaluatorsLayout.tscore/src/report/types.tscore/src/standards/atlas.tsdocs/browser-extension.mddocs/cli.mddocs/mcp.mddocs/sdk.mdpackage.jsonrunners/cli/README.mdrunners/cli/package.jsonrunners/cli/scripts/bundle.mjsrunners/cli/src/commands/hunt.tsrunners/cli/src/commands/run.tsrunners/cli/src/commands/setup.tsrunners/cli/src/index.tsrunners/cli/src/ui/bridge.tsrunners/cli/src/ui/demoData.tsrunners/cli/src/ui/server.tsrunners/cli/src/ui/snapshot.tsrunners/cli/tests/fork.test.tsrunners/cli/tests/http.test.tsrunners/cli/tests/knowledge.test.tsrunners/cli/tests/leads.test.tsrunners/cli/tests/observe.test.tsrunners/cli/tests/progress.test.tsrunners/cli/tests/recordFinding.test.tsrunners/cli/tests/runlog.test.tsrunners/cli/tests/sendToTarget.test.tsrunners/cli/ui/package.jsonrunners/extension/README.mdrunners/extension/package.jsonrunners/mcp/README.mdrunners/mcp/package.jsonrunners/mcp/scripts/bundle.mjsrunners/mcp/src/index.tsrunners/sdk/README.mdrunners/sdk/package.jsonrunners/sdk/src/catalog.tsrunners/sdk/src/hunt.tsrunners/sdk/src/run.tsrunners/sdk/src/types.tsrunners/sdk/tests/catalog.test.tsrunners/sdk/tests/hunt.test.tsrunners/sdk/tests/opfor-class.test.tsrunners/sdk/tests/report.test.tsrunners/sdk/tests/run.test.tsrunners/sdk/tsup.config.tsscripts/smoke-pack.tstests/e2e/agents/customer-support/Dockerfiletests/e2e/agents/customer-support/package.jsontests/e2e/agents/vanilla-chat/Dockerfiletests/e2e/agents/vanilla-chat/package.jsontests/e2e/agents/vulnerable-memory/package.jsontests/e2e/mcp/vulnerable-server/package.json
💤 Files with no reviewable changes (1)
- runners/cli/src/index.ts
✅ Files skipped from review due to trivial changes (40)
- runners/cli/ui/package.json
- runners/sdk/tests/opfor-class.test.ts
- runners/mcp/README.md
- runners/cli/tests/knowledge.test.ts
- runners/sdk/tests/hunt.test.ts
- core/src/browser.ts
- docs/cli.md
- .gitignore
- .github/ISSUE_TEMPLATE/bug_report.yml
- runners/cli/tests/progress.test.ts
- runners/extension/README.md
- docs/browser-extension.md
- core/package.json
- runners/cli/tests/leads.test.ts
- runners/cli/tests/runlog.test.ts
- runners/cli/tests/recordFinding.test.ts
- runners/cli/tests/http.test.ts
- core/src/report/types.ts
- runners/sdk/src/catalog.ts
- runners/sdk/README.md
- tests/e2e/agents/customer-support/Dockerfile
- runners/mcp/scripts/bundle.mjs
- tests/e2e/agents/vanilla-chat/package.json
- core/src/autonomous/index.ts
- tests/e2e/agents/customer-support/package.json
- runners/extension/package.json
- runners/cli/src/ui/bridge.ts
- runners/sdk/tests/run.test.ts
- CONTRIBUTING.md
- README.md
- runners/sdk/src/hunt.ts
- core/src/autonomous/lib/types.ts
- runners/mcp/src/index.ts
- tests/e2e/agents/vulnerable-memory/package.json
- tests/e2e/mcp/vulnerable-server/package.json
- docs/mcp.md
- runners/cli/README.md
- runners/cli/src/commands/setup.ts
- docs/sdk.md
- runners/sdk/src/run.ts
🚧 Files skipped from review as they are similar to previous changes (23)
- runners/cli/tests/fork.test.ts
- runners/sdk/tests/catalog.test.ts
- .github/workflows/release.yml
- runners/cli/src/ui/demoData.ts
- core/src/autonomous/knowledge/load.ts
- tests/e2e/agents/vanilla-chat/Dockerfile
- runners/cli/src/commands/run.ts
- runners/cli/src/ui/snapshot.ts
- runners/cli/src/ui/server.ts
- runners/cli/scripts/bundle.mjs
- runners/cli/src/commands/hunt.ts
- runners/cli/tests/observe.test.ts
- .github/workflows/ci.yml
- runners/cli/tests/sendToTarget.test.ts
- runners/sdk/tsup.config.ts
- runners/sdk/tests/report.test.ts
- runners/sdk/package.json
- core/src/standards/atlas.ts
- core/src/config/evaluatorsLayout.ts
- core/src/catalog/loadEvaluatorCatalog.ts
- package.json
- runners/cli/package.json
- runners/mcp/package.json
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
The three runner packages (`@keyvaluesystems/agent-opfor-cli`, `@keyvaluesystems/agent-opfor-mcp`, `@keyvaluesystems/agent-opfor-sdk`) could not be published to npm. Three blockers:
Solution
Bundle core inline instead of resolving it at runtime
Ship data files with each runner
Fix `getRepoRoot()` path resolution
Pre-publish hardening
Checklist
Evaluator checklist (skip if no evaluator added)
N/A — no evaluators changed.
Summary by CodeRabbit
New Features
Bug Fixes