| fix(always-on): remove redundant projectId nesting in worktree/snapshot paths
AlwaysOnPaths.worktreesDir already includes the projectId segment, but
GitWorktreeProvider and SnapshotCopyProvider called createProjectId again,
producing double-nested paths like worktrees/<id>/<id>/<runId>. Remove the
duplicate createProjectId calls so new workspaces use the correct single-
level path. Existing data continues to work via existsSync reuse checks.
Co-authored-by: Cursor <cursoragent@cursor.com>
| 11 天前 |
| fix(security): Windows permission compatibility
- Add Windows dangerous command deny patterns: Remove-Item -Recurse,
del /s, rd /s, Format-Volume, iex+iwr, Start-Process RunAs,
Set-ExecutionPolicy, Stop-Process -Force
- Add Windows safe-read patterns: Get-ChildItem, Get-Content, dir, type, etc.
- Block Windows device paths: CON, NUL, COM, LPT, PhysicalDrive, \\.\, \\?\
- Platform-aware quick-block shortcuts in permissions settings UI
- SnapshotCopyProvider: use PowerShell for directory size on Windows
Co-authored-by: tp <tp@t14-windows>
Co-authored-by: Cursor <cursoragent@cursor.com>
| 9 天前 |
| refactor(always-on): replace superseded with archived status and remove dead code
Precisely define plan status semantics across gateway, web, and frontend
layers. Replace the overloaded "superseded" status with "archived",
remove unused "draft" status, consolidate duplicate archive methods,
delete dead exports (readDiscoveryPlanStore), merge duplicate
runGit/runCommand into runProcess, and clean up stale i18n keys.
Co-authored-by: Cursor <cursoragent@cursor.com>
| 18 天前 |
| feat(always-on): implement Gateway-native Always-On module
- Add src/always-on with protocol, config, contracts, runtime, workspace,
storage, and tool subpackages per docs/always-on/02 design.
- Wire alwaysOn into PolitConfig + loadPolitConfig; politdeck server boots
AlwaysOnRuntime, injects extra tools and per-session cwd/permissionMode
overrides through createLocalGateway.
- Single isolated workspace per project: state.currentWorkspace tracks the
handle; ensureAlwaysOnWorkspace reuses it across fires; runtime never
auto-disposes (user manually rm to reset).
- Discovery and execution turns both run inside the workspace cwd; execution
turn is pinned to bypassPermissions with assertWorkspaceCwdSafe.
- Discovery prompt now embeds workspace cwd, strategy, and the project's
PolitDeck chat transcript directory.
- Lease is reverse-only: no_fresh_lease and workspace_capacity gates
removed; agent_busy / recent_user_msg only fire when a lease exists.
- Workspace config trimmed: maxConcurrentEnvs / retainSuccessfulEnvs /
retainFailedEnvs flagged as ALWAYS_ON_FIELD_REMOVED diagnostics.
- Add tests/always-on covering config, gates, contracts, state store,
ensureAlwaysOnWorkspace, channel leases, and config loader integration.
Co-authored-by: Cursor <cursoragent@cursor.com>
| 24 天前 |
| refactor: rename Polit/PolitDeck to Pilot/PilotDeck across entire codebase
Automated global rename covering all case variants:
- PolitDeck → PilotDeck, politdeck → pilotdeck, POLITDECK → PILOTDECK
- Polit → Pilot, polit → pilot, POLIT → PILOT, politDeck → pilotDeck
Includes:
- 648 content replacements across 200+ source files
- 24 file renames + 3 directory renames (src/polit→pilot, tests/polit→pilot, docs/polit-config→pilot-config)
- package.json name, bin, env vars updated
- package-lock.json regenerated
- "Politely" in server-manager.ts preserved via placeholder mechanism
- All 587 unit tests pass, tsc --noEmit clean
- E2E tests verified against real OpenRouter API (model, tool-use, context, lifecycle hooks)
Co-authored-by: Cursor <cursoragent@cursor.com>
| 24 天前 |