feat(brief): squads brief — extract founder intentions from sessions into GitHub issues#767
Open
kokevidaurre wants to merge 5 commits intodevelopfrom
Open
feat(brief): squads brief — extract founder intentions from sessions into GitHub issues#767kokevidaurre wants to merge 5 commits intodevelopfrom
kokevidaurre wants to merge 5 commits intodevelopfrom
Conversation
* refactor(core): run engine decomposition + context helpers [v0.3.0 — 1/7] (#731) * refactor(core): run engine decomposition, context helpers, squad parser improvements Core runtime refactoring from v0.3.0 development cycle: - run-context.ts: expanded context helpers for goal injection, feedback, state - run-modes.ts: simplified run modes, removed per-squad limits - run-types.ts: added conversation_agents field type - execution-engine.ts: phase-ordered execution, role-based context - agent-runner.ts: bot identity injection, guardrail hooks, tool sets - squad-parser.ts: findProjectRoot, skills loading, dynamic discovery - env-config.ts: environment URL resolution additions Original commits: ~25 from develop (refactors, type fixes, context system updates) Backup tag: pre-v0.3.0-backup Co-Authored-By: Claude <noreply@anthropic.com> * fix: address Gemini review — configurable cred path, use parseAgentFrontmatter, fix staleness calc - execution-engine.ts: GCP credential path now configurable via SQUADS_GCP_CREDENTIALS_DIR env var (was hardcoded ~/.squads/secrets/). Use parseAgentFrontmatter() instead of fragile regex for model detection. - run-context.ts: Replace magic number 86400000 with MS_PER_DAY constant, use Math.floor instead of Math.round for staleness calculation. Co-Authored-By: Claude <noreply@anthropic.com> * fix(types): add model field to AgentFrontmatter interface Typecheck failed because parseAgentFrontmatter() returns AgentFrontmatter which didn't include the model property. Co-Authored-By: Claude <noreply@anthropic.com> * fix(lint): remove unused imports in agent-runner — SOFT_DEADLINE_RATIO, preflightExecutorCheck, pushCognitionSignal, findMemoryDir, timeoutMins Co-Authored-By: Claude <noreply@anthropic.com> * fix(lint): remove all 20 unused variable warnings across 9 files Cleaned up unused imports and variables flagged by eslint: - agent-runner.ts: DEFAULT_TIMEOUT_MINUTES, bold, gradient - scorecard-engine.ts: readFileSync - org-cycle.ts: logObservability, ObservabilityRecord - outcomes.ts: prefixed unmergedPRs with _ - repo-enforcement.ts: resolve - run-context.ts: removed unused readDirMd function + readdirSync - run-modes.ts: spawn, getProjectRoot, checkLocalCooldown, DEFAULT_SCHEDULED_COOLDOWN_MS, saveTranscript, reportExecutionStart, reportConversationResult, getBridgeUrl, ora - run-utils.ts: findMemoryDir - squad-loop.ts: Squad type Zero warnings remaining. Zero type errors. Co-Authored-By: Claude <noreply@anthropic.com> --------- Co-authored-by: Jorge Vidaurre <jorge@agents-squads.com> Co-authored-by: Claude <noreply@anthropic.com> * feat(run): workflow rewrite — smart skip, org cycle, wave execution [v0.3.0 — 2/7] (#732) * feat(run): workflow rewrite — smart skip, org cycle, wave execution, focus/resume Run engine and workflow rewrite from v0.3.0 development cycle. Fixes applied from Gemini Code Assist review: - HIGH: task directive now includes planPrompt context (was bypassed) - HIGH: converged reflects actual status (was forced true) - MEDIUM: setTimeout cleared on close/error (resource leak) - MEDIUM: skip logic query limit bumped to 500 - MEDIUM: fallback assigns ALL workers, not just first - Added CLI_RUN_COMPLETE telemetry event - Removed unused imports (dirname, homedir, bold) Co-Authored-By: Claude <noreply@anthropic.com> * fix(test): add findProjectRoot to squad-parser mock in workflow tests Co-Authored-By: Claude <noreply@anthropic.com> * fix(test): findProjectRoot mock should use mockReturnValue (sync, not async) findProjectRoot() returns string|null, not a Promise. Co-Authored-By: Claude <noreply@anthropic.com> * fix(test): update workflow tests for spawn-based agent execution workflow.ts now uses spawn instead of execSync. Updated test mocks: - Added createMockChild helper for spawn-based child processes - Added appendFileSync to fs mock - Added observability mock (snapshotGoals, diffGoals, logObservability) - All 16 tests pass Co-Authored-By: Claude <noreply@anthropic.com> * fix: remove hardcoded squad names from org cycle waves Wave definitions had our internal squad names (research, intelligence, cli, marketing, etc.) hardcoded. A user's squads would never match. Now: all planned squads run in a single parallel wave. Custom wave ordering can be added later via SQUAD.md `wave:` field. Co-Authored-By: Claude <noreply@anthropic.com> * fix: remove hardcoded git commit of .agents/memory/ between waves Auto-committing hq memory between waves was our internal pattern, not a product feature. Users won't have .agents/memory/ in their project root. Removed. Co-Authored-By: Claude <noreply@anthropic.com> * refactor: extract plan prompt to templates/prompts/plan.md "No prompts in code" — behavioral instructions live in markdown. Extracted the inline planPrompt template string to a markdown file with {{VARIABLE}} placeholders. TypeScript loads and substitutes. Also: squadContext is now included in the template (was passed as empty string, losing goals/priorities context). Co-Authored-By: Claude <noreply@anthropic.com> * fix(lint): remove unused execSync import from run.ts No longer needed after removing hardcoded git commit between waves. Co-Authored-By: Claude <noreply@anthropic.com> --------- Co-authored-by: Jorge Vidaurre <jorge@agents-squads.com> Co-authored-by: Claude <noreply@anthropic.com> * feat(conversation): agents talk + use tools [v0.3.0 — 3/7] (#733) * feat(conversation): agents talk + use tools, cognition engine, convergence Conversation mode rewrite and cognition engine from v0.3.0 cycle: - conversation.ts: Rewritten so agents talk AND use tools (was text-only). Parallel same-role agents within cycles. Hard-stop on lead completion. Squad cwd resolution for all agent turns. Transcript serialization fixes. Agent classification by name first, then role description. - cognition.ts: Local-first intelligence engine. Quality grading. Escalation pause for daemon. Signal synthesis via Claude CLI. Push memory signals after daemon cycles. Co-Authored-By: Claude <noreply@anthropic.com> * refactor: remove cognition.ts changes from this PR Cognition engine is not actively used (post-pivot, daemon is stopped). Changes parked in future/cognition-t2 branch for Tier 2 reactivation. This PR now only contains conversation.ts changes. Co-Authored-By: Claude <noreply@anthropic.com> --------- Co-authored-by: Jorge Vidaurre <jorge@agents-squads.com> Co-authored-by: Claude <noreply@anthropic.com> * feat(commands): review, credentials, goals, log + minor fixes [v0.3.0 — 4/7] (#734) * feat(commands): add review, credentials, goals, log commands + minor fixes New commands: - credentials.ts: per-squad GCP service account management - goals.ts: goals dashboard with status tracking - log.ts: run history with timestamps, duration, status - review.ts: post-cycle evaluation dashboard Fixes applied: - Added CLI_LOG telemetry event - Removed unused imports (writeFileSync, formatRelativeTime) - Removed unused variables (blockedStr, achievedStr) - Fixed hardcoded org name in review.ts issue URL resolution Co-Authored-By: Claude <noreply@anthropic.com> * fix: address Gemini review on credentials.ts - Use static renameSync import instead of dynamic import('fs') - Remove redundant --all handling (dedicated create-all command exists) Co-Authored-By: Claude <noreply@anthropic.com> * refactor(credentials): remove hardcoded squad names, read config from SQUAD.md credentials.ts had our internal squad names and GCP roles hardcoded. Now fully agnostic: - Permissions read from SQUAD.md `credentials.gcp.roles/apis` fields - Squads discovered dynamically from squads directory - No hardcoded squad names, org names, or internal structure - Helpful error message shows users how to configure their SQUAD.md - create-all discovers squads with GCP config automatically Co-Authored-By: Claude <noreply@anthropic.com> * test(credentials): add 8 tests for SQUAD.md GCP credentials parser Extracted parseGcpCredentials() as pure function for testability. Tests cover: inline YAML, quoted values, multiple APIs, missing config, empty content, roles without apis, mixed SQUAD.md content. All 8 pass. Co-Authored-By: Claude <noreply@anthropic.com> --------- Co-authored-by: Jorge Vidaurre <jorge@agents-squads.com> Co-authored-by: Claude <noreply@anthropic.com> * feat(init): demo agent scaffold, what's next guidance [v0.3.0 — 5/7] (#735) * feat(init): demo agent scaffold, what's next guidance, email capture Init UX improvements from v0.3.0 cycle: - "What's next" guidance after init with actionable next steps - Opt-in email capture for product updates - Demo squad scaffold with hello-world starter agent - IDP catalog seeding for agent frontmatter schemas - Competitor collection during init - Hints for empty business description - cli.run.complete telemetry event Co-Authored-By: Claude <noreply@anthropic.com> * fix(test): update E2E to expect 5 squads (4 core + demo) Init now creates a demo squad with hello-world agent. Co-Authored-By: Claude <noreply@anthropic.com> --------- Co-authored-by: Jorge Vidaurre <jorge@agents-squads.com> Co-authored-by: Claude <noreply@anthropic.com> * feat(security): PreToolUse guardrail hooks for agent sessions [v0.3.0 — 6/7] (#736) * feat(security): PreToolUse guardrail hooks for spawned agent sessions guardrail.json template injected into all spawned Claude sessions. Prevents agents from running destructive commands, force-pushing, publishing packages, or accessing secrets directly. Co-Authored-By: Claude <noreply@anthropic.com> * fix(security): add npm/yarn/pnpm publish to guardrail blocked commands Gemini review caught missing publish checks. Agents should never publish packages — that requires founder approval. Co-Authored-By: Claude <noreply@anthropic.com> --------- Co-authored-by: Jorge Vidaurre <jorge@agents-squads.com> Co-authored-by: Claude <noreply@anthropic.com> * test+docs: coverage + tier 2 docs + version bump 0.3.0 [v0.3.0 — 7/7] (#737) * test+docs: coverage + tier 2 docs + version bump to 0.3.0 Tests added (213 new tests): - catalog.test.ts: catalog command tests - dashboard.test.ts: dashboard engine, renderers, loader tests - services.test.ts: services command tests - first-run.e2e.test.ts: updated for demo squad scaffold - guardrail.test.ts: guardrail hook tests - init.test.ts: expanded init command tests - telemetry.test.ts: telemetry event tests Docs: - docs/tier2.md: Tier 2 architecture documentation Version: - package.json: bump to 0.3.0 Note: cli.test.ts failures are pre-existing on develop (not introduced by this PR). Co-Authored-By: Claude <noreply@anthropic.com> * docs: remove tier2.md — internal architecture, not product docs Hardcoded our repo structure, ports, service names. Belongs in private engineering repo, not the public CLI. Co-Authored-By: Claude <noreply@anthropic.com> * test: replace mock-heavy tests with real integration tests Before: 2,299 lines mocking fs, squad-parser, child_process, etc. Testing mocks, not the product. False confidence. After: 465 lines testing real files on real filesystem. - catalog: real IDP directory with YAML files - dashboard: zero mocks, real data structures into renderers - services: real docker-compose.yml in temp dir - init: real temp directory, verify actual files created 39 tests, all passing. 80% less code, 100% more real coverage. Co-Authored-By: Claude <noreply@anthropic.com> --------- Co-authored-by: Jorge Vidaurre <jorge@agents-squads.com> Co-authored-by: Claude <noreply@anthropic.com> * fix(services): make agnostic — remove hardcoded paths [v0.3.0] (#738) * fix(services): make agnostic — remove hardcoded paths and internal assumptions Before: searched for docker-compose.yml in ~/agents-squads/engineering/docker/ and hardcoded squads-postgres container name, internal DB table names. Now: - Discovers docker-compose.yml from project root, ./docker/, ./infra/, SQUADS_COMPOSE_FILE env var, or --file flag - Uses docker compose ps against user's compose file - Removed hardcoded port output and DB introspection - --file option on all 3 subcommands (up/down/status) - Health check verifies containers are actually running - Updated tests to match new agnostic implementation Co-Authored-By: Claude <noreply@anthropic.com> * test(services): update tests for agnostic services command - Use SQUADS_COMPOSE_FILE env var instead of hardcoded engineering path - Check --file option on all subcommands - Fix health check mock to return 'running' state - Updated status test for Docker not installed case Co-Authored-By: Claude <noreply@anthropic.com> --------- Co-authored-by: Jorge Vidaurre <jorge@agents-squads.com> Co-authored-by: Claude <noreply@anthropic.com> * fix(telemetry): restore write-only API key — broken since March 14 [v0.3.0] (#739) * fix(telemetry): restore write-only API key — telemetry broken since March 14 Commit 6261882 removed the telemetry key and replaced it with an env var that no user has set. Result: zero telemetry events since ~March 14. Write-only analytics keys are standard practice (Segment, PostHog, Mixpanel all ship them in public code). The key can only write events; it cannot read, delete, or access any data. Users can still opt out. Closes #388 (GitHub Traffic API — this restores our primary data signal) Co-Authored-By: Claude <noreply@anthropic.com> * fix: use plain string for telemetry key, drop base64 obfuscation Gemini review: base64 encoding adds no security and reduces transparency. Plain string is honest — it's a write-only key, nothing to hide. Co-Authored-By: Claude <noreply@anthropic.com> * fix: lock telemetry key — no env var override Telemetry goes to our infrastructure only. No reason to let users redirect it. They can opt out, but not redirect. Co-Authored-By: Claude <noreply@anthropic.com> --------- Co-authored-by: Jorge Vidaurre <jorge@agents-squads.com> Co-authored-by: Claude <noreply@anthropic.com> * fix(ux): prerequisites check, no-args squad list, schedule hint [v0.3.0] (#740) * fix(run): UX improvements — prerequisites check, no-args squad list, schedule hint (#675, #694, #695) - Add checkPrerequisites() validating Node >= 18 and Claude CLI before run - Show available squads with missions when `squads run` invoked without args - Display scheduling tip after first successful squad run (persisted in ~/.squads-cli/schedule-hint-shown) Co-Authored-By: Claude <noreply@anthropic.com> * fix: skip prerequisites check in CI/test environments checkPrerequisites() called process.exit(1) when Claude CLI not found, killing the test runner. Now skips when CI or VITEST env vars are set. Co-Authored-By: Claude <noreply@anthropic.com> * fix: address Gemini review — remove redundant CLI check, fix cron hint, cleanup - Removed redundant Claude CLI check (preflightExecutorCheck handles it) - Removed non-existent --cron flag from schedule hint - Removed unused runAutopilot import (replaced by squad listing) - Added VITEST to skip conditions Co-Authored-By: Claude <noreply@anthropic.com> * fix(lint): remove unused execSync import Co-Authored-By: Claude <noreply@anthropic.com> --------- Co-authored-by: Jorge Vidaurre <jorge@agents-squads.com> Co-authored-by: Claude <noreply@anthropic.com> * ci(release): support @next dist-tag for pre-release versions Tags matching v<semver>-<suffix> (e.g., v0.3.0-rc.1) publish to @next and mark the GitHub Release as pre-release. Clean semver tags (v0.3.0) continue publishing to @latest. Enables a burn-in channel for major releases — users opt in with `npm i squads-cli@next` before we promote to @latest. Co-Authored-By: Claude <noreply@anthropic.com> * fix(workflow): role-based timeouts + anti-collision rules [v0.3.0] (#748) * fix(workflow): role-based timeouts + anti-collision rules in plan prompt Two root causes of poor org run quality: 1. Workers timed out at 8 minutes (hardcoded) — can't complete real work like creating PRs, running BQ queries, or writing reports. Now role-based: scanners 10min, verifiers 15min, leads+workers 30min. 2. Multiple squads created duplicate deliverables (e.g., both ops and cli tried to create the v0.3.0 release PR). Plan prompt now includes explicit rules: only work on YOUR goals, check depends_on before acting, verify before creating, no PII on public repos. Closes #742 (partially — timeout portion) Co-Authored-By: Claude <noreply@anthropic.com> * fix: use DEFAULT_TIMEOUT_MINUTES + SQUADS_AGENT_TIMEOUT_MINUTES env var No hardcoded values. Timeout comes from: 1. SQUADS_AGENT_TIMEOUT_MINUTES env var (user override) 2. DEFAULT_TIMEOUT_MINUTES from run-types.ts (30 min) Co-Authored-By: Claude <noreply@anthropic.com> * fix: address Gemini review — timeout declaration order + dependency check instructions - workflow.ts: move timeout declaration before event handlers (no-use-before-define) - plan.md: specify how to check depends_on (read goals.md status field, use gh CLI) Co-Authored-By: Claude <noreply@anthropic.com> --------- Co-authored-by: Jorge Vidaurre <jorge@agents-squads.com> Co-authored-by: Claude <noreply@anthropic.com> * fix(audit): remove hardcoded values, extract prompts, parameterize config [v0.3.0] (#749) * fix(audit): remove hardcoded values, extract prompts, parameterize config 5 audit findings remediated: 1. tier-detect.ts: use getApiUrl/getBridgeUrl from env-config 2. agent-runner/workflow/run-modes: replace company-lead string match with frontmatter role 3. cognition.ts: parameterize company name via SQUADS_COMPANY_NAME 4. run-modes.ts: extract lead prompt to templates/prompts/lead-mode.md 5. lead-orchestrator.ts: extract orchestrator prompt to templates/prompts/orchestrator.md Co-Authored-By: Claude <noreply@anthropic.com> * fix: address Gemini review — use replaceAll for template tags - lead-orchestrator.ts: {{WORKERS}} now uses regex for consistency - run-modes.ts: all template tags use replaceAll() for multi-occurrence safety Co-Authored-By: Claude <noreply@anthropic.com> --------- Co-authored-by: Jorge Vidaurre <jorge@agents-squads.com> Co-authored-by: Claude <noreply@anthropic.com> * feat: project-level config system — .squads/config.yml [v0.3.0] (#750) * feat: add project-level config system (.squads/config.yml) Centralizes runtime settings (agent timeout, token budget, cost ceiling, company name, compose file, telemetry) into a single project config file with env var > config file > constant default resolution order. - New: src/lib/config.ts — loader with minimal YAML parser, no deps - New: templates/config.example.yml — ships with package - Updated: workflow.ts reads token_budget + cost_ceiling from config - Updated: cognition.ts reads company_name from config (was hardcoded) - Updated: services.ts reads compose_file from config - Updated: telemetry.ts checks config for telemetry opt-out - Updated: init.ts generates .squads/config.yml + gitignore entry Co-Authored-By: Claude <noreply@anthropic.com> * fix: address Gemini review — YAML parser, gitignore check, config resolution - config.ts: allow uppercase YAML keys (normalized to lowercase), fix comment stripping for quoted values and comment-only values - init.ts: exact line match for gitignore entry (not substring) - services.ts: remove redundant env var check, use loadProjectConfig() as single config source Co-Authored-By: Claude <noreply@anthropic.com> * test(services): reset config cache in beforeEach Config cache held a stale null compose_file across tests, so the env-var override case failed because earlier tests had already cached the unset state. Co-Authored-By: Claude <noreply@anthropic.com> --------- Co-authored-by: Jorge Vidaurre <jorge@agents-squads.com> Co-authored-by: Claude <noreply@anthropic.com> * feat(templates): evaluation-first goals + add growth squad (#752) * feat(templates): evaluation-first goals + add growth squad Every non-demo starter squad now ships with a first-run "Squad evaluation" goal so `squads run <squad>` produces deliverable output on first invocation: audit the domain against BUSINESS_BRIEF.md and output a baseline report with top priorities. Adds a new `growth` squad (4 agents — growth-lead, funnel-analyst, experiment-runner, growth-critic) distinct from marketing: growth owns AARRR funnel, experiments, and kills vanity metrics. Marketing creates content, growth measures and distributes. Growth exposed via: - Use-case option in `squads init` - `--pack growth` flag - Included in `--pack all` - Included in `full-company` use case Closes #751 * fix: address Gemini review — marketing dep + use-case + state files - growth use case now includes getMarketingSquad() (declared dependency) - --pack processing updates selectedUseCase so getFirstRunCommand suggests the right first agent (e.g. growth-lead instead of always research/lead) - --pack growth now also installs marketing (dependency) - Added initial state.md for funnel-analyst, experiment-runner, growth-critic so their first-run Read() calls do not fail --------- Co-authored-by: Jorge Vidaurre <jorge@agents-squads.com> * chore: bump to 0.3.0-rc.1 for @next burn-in Pre-release candidate for v0.3.0. Will publish to @next dist-tag via release.yml (tag matches v<semver>-<suffix> pattern). Users can test with: npm i -g squads-cli@next Promotes to @latest after burn-in by tagging main with v0.3.0. Co-Authored-By: Claude <noreply@anthropic.com> * fix(ci): migrate publish workflows to OIDC trusted publishing (#755) Both publish.yml (manual) and release.yml (tag-triggered) passed NODE_AUTH_TOKEN: \${{ secrets.NPM_TOKEN }} to npm publish, which npm prefers over OIDC. With a stale NPM_TOKEN, publishes failed 404 and OIDC was never attempted. Changes: - Remove NODE_AUTH_TOKEN from both publish steps — npm falls back to OIDC via the trusted publisher already configured on npmjs.com - Upgrade Node to 22 and install npm@latest so npm >= 11.5.1 is used (required for OIDC trusted publisher authentication) - publish.yml: detect pre-release dist-tag from package.json version (matches release.yml behavior) so rc versions go to @next, not @latest Closes #754 Co-authored-by: Jorge Vidaurre <jorge@agents-squads.com> --------- Co-authored-by: Jorge Vidaurre <jorge@agents-squads.com> Co-authored-by: Claude <noreply@anthropic.com>
Promotes rc.1 to the stable v0.3.0 release. After merge, tag v0.3.0 triggers release.yml → publishes to @latest via OIDC. Closes the v0.3.0 cycle: run engine rewrite, conversation mode, project config system, OIDC trusted publishing. Co-authored-by: Jorge Vidaurre <jorge@agents-squads.com> Co-authored-by: Claude <noreply@anthropic.com>
* chore: bump to 0.3.1 — first usable v0.3.x on @latest Skipping 0.3.0 because that version slot was claimed by a deprecated historical pre-release (Jan 2026, deprecated as part of the "deprecate all pre-release versions 0.3.0-0.6.2" cleanup). npm enforces version immutability — we cannot republish 0.3.0. 0.3.1 is the smallest available version after rc.1 in the 0.3.x line. After merge, tag v0.3.1 → release.yml publishes to @latest via OIDC. Same content as the rc.1 burn-in candidate (0.3.0-rc.1 on @next). Co-Authored-By: Claude <noreply@anthropic.com> * docs: add CHANGELOG.md Hand-curated changelog covering 0.2.1 → 0.3.1. Notes the deprecated historical pre-releases (0.3.0, 0.4.x, 0.5.x, 0.6.x, 0.7.0) so users don't accidentally install them. GitHub Releases remain the canonical record (auto-generated by release.yml on tag push); this file is the human-readable summary and lives in the package itself (npm view shows it). Co-Authored-By: Claude <noreply@anthropic.com> * feat(cli): add Resources footer to --help with changelog link Surfaces the canonical changelog, releases, and issues URLs at the bottom of \`squads --help\` so users discover them without hunting. Co-Authored-By: Claude <noreply@anthropic.com> --------- Co-authored-by: Jorge Vidaurre <jorge@agents-squads.com> Co-authored-by: Claude <noreply@anthropic.com>
Reads last N CLI session transcripts from .agents/conversations/cli/, calls claude --print (Haiku) to extract structured tasks per squad, and creates GitHub issues on the correct repos using SQUAD.md repo: mapping. Flags: --sessions N (default 5), --dry-run, --coo (writes founder-focus.md). Closes #766 Co-Authored-By: Claude <noreply@anthropic.com>
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request bumps the version to 0.3.1, updates the changelog, and introduces a new brief command that extracts actionable tasks from session transcripts using an LLM to create GitHub issues. Feedback includes a critical security recommendation to replace execSync with spawnSync to prevent command injection when calling the GitHub CLI, a suggestion to use a standard model identifier for the claude CLI to ensure compatibility, and a minor UI improvement to only append an ellipsis when task body truncation actually occurs.
…onal ellipsis - Security: replace execSync shell interpolation with spawnSync argv for gh issue create - Model: use 'haiku' alias instead of pinned 'claude-haiku-4-5-20251001' model id - UX: only append '...' ellipsis when body exceeds 120 chars Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
![agents-squads[bot]](https://avatars.githubusercontent.com/in/3032119?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Fixed in commit 25e9fce. Addressing all three review comments:
Security (execSync → spawnSync): Replaced the execSync shell-interpolation call for gh issue create with spawnSync('gh', [...args]) passing title and body as discrete argv entries. No shell escaping needed, no injection surface. Also removed execSync from the import entirely.
Model alias: Changed 'claude-haiku-4-5-20251001' to 'haiku' so the call uses the stable alias instead of a pinned version string.
Conditional ellipsis: Changed the unconditional ... append to task.body.length > 120 ? task.body.slice(0, 120) + '...' : task.body — ellipsis only appears when the body actually exceeds 120 characters.
Build passes (npm run build clean).
Contributor
There was a problem hiding this comment.
Fixed in 25e9fce: replaced execSync with spawnSync (array args, no shell interpolation), fixed ellipsis to only append on actual truncation. Model flag changed from pinned 'claude-haiku-4-5-20251001' to the 'haiku' alias — brief uses the system default claude binary which is operator-configured.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
squads briefcommand that reads last N CLI session transcripts from.agents/conversations/cli/claude --print --model haikuto extract structured tasks (squad, title, body) as JSONgh issue create -R <repo>using SQUAD.mdrepo:field mappingsquads run) — no ANTHROPIC_API_KEY neededUsage
Why
Squad agents idle between sessions because they have no way to discover what the founder discussed. This command closes the loop: founder finishes a session →
squads brief→ issues created → agents have anchored work next run.Closes #766
🤖 Generated with Claude Code