[codex] Install Unicorn Hub Flutter profile#1
Merged
Conversation
Add the Unicorn Hub bootstrap layer for this Flutter app, including agent docs, project memory, PR workflows, repo baseline scripts, Dependabot, and review gates while preserving the existing Flutter CI workflow. Constraint: Existing .github/workflows/ci.yml is intentionally preserved by the flutter-app profile Tested: pnpm run check:repo; node scripts/check-feature-memory.mjs --worktree; git diff --cached --check; YAML and JSON parse checks; pnpm run preflight stops at missing local flutter SDK Co-authored-by: OmX <omx@oh-my-codex.dev>
Update the dependency baseline after GitHub Actions on Flutter stable 3.41.9 exposed the existing incompatible-constraints gate. The app source remains unchanged; the PR adds feature memory, refreshed pubspec metadata, and dependency docs so CI can validate the Unicorn Hub install on the current toolchain. Constraint: Product behavior and Flutter source files are unchanged except generated plugin metadata from flutter pub get Tested: PATH=/Users/kristina.kurashova/.cache/flutter-stable/bin:/opt/homebrew/bin:/opt/homebrew/sbin:/usr/local/bin:/System/Cryptexes/App/usr/bin:/usr/bin:/bin:/usr/sbin:/sbin:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/local/bin:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/bin:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/appleinternal/bin:/opt/pkg/env/active/bin:/opt/pmk/env/global/bin:/Users/kristina.kurashova/.codex/tmp/arg0/codex-arg0u5mTAc:/Users/kristina.kurashova/.local/bin:/Applications/Codex.app/Contents/Resources pnpm run preflight; PATH=/Users/kristina.kurashova/.cache/flutter-stable/bin:/opt/homebrew/bin:/opt/homebrew/sbin:/usr/local/bin:/System/Cryptexes/App/usr/bin:/usr/bin:/bin:/usr/sbin:/sbin:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/local/bin:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/bin:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/appleinternal/bin:/opt/pkg/env/active/bin:/opt/pmk/env/global/bin:/Users/kristina.kurashova/.codex/tmp/arg0/codex-arg0u5mTAc:/Users/kristina.kurashova/.local/bin:/Applications/Codex.app/Contents/Resources flutter build web --release; git diff --cached --check Co-authored-by: OmX <omx@oh-my-codex.dev>
Adjust the AI Review workflow so the first Unicorn Hub bootstrap PR succeeds when trusted review scripts are not yet present on the base branch. After this PR is merged, future pull requests will run the trusted scripts from main instead of PR-provided review gate code. Constraint: First-install bootstrap skips only when trusted review scripts are absent on the base branch Tested: ruby YAML parse for .github/workflows/ai-review.yml; pnpm run check:repo; node scripts/check-feature-memory.mjs --worktree Co-authored-by: OmX <omx@oh-my-codex.dev>
cucumberfalse
force-pushed
the
codex/install-unicorn-hub
branch
from
b298c96 to
e9ffb28
Compare
Security fixes:
- pr-guard.yml: drop fallback that ran PR-branch scripts when trusted
scripts were absent on base; fail-skip closed instead. Use heredoc-
delimited writes to GITHUB_ENV so multiline refs cannot inject env vars.
- apply-branch-protection.mjs: default to 1 required approval and
require_last_push_approval=true so the script fails safe.
- resolve-pr-context.mjs: write GITHUB_OUTPUT with random heredoc
delimiter and reject collision values.
- ai-review.yml: drop unneeded issues:write (use pull-requests:write),
surface bootstrap skip as ::warning:: so manual review is mandated,
reduce AI_REVIEW_WAIT_MS to keep headroom under timeout-minutes.
- new-worktree.mjs: reject ".", "..", and slugs with path separators
after sanitization to avoid worktree path traversal.
- publish-branch.mjs: use mkdtempSync for the PR body file instead of
a predictable tmp path.
- ai-command-policy.yml: drop issues:write, keep pull-requests:write
(the only API surface used).
Correctness fixes:
- ai-review-helpers.mjs: gemini native review now ignores
CHANGES_REQUESTED state; Claude SHA marker accepts unique 7+ char
prefix of head SHA; Codex summary comment also accepts standard
7-char short SHA.
- ai-review-gate.mjs: cap listPaginated at 100 pages so a stuck API
cannot loop indefinitely.
Quality / hygiene:
- shared.mjs: parseArgs handles --key=value; walkFiles skips
symlinks via lstatSync; isTextFile recognizes Flutter file types.
- All workflow jobs gain timeout-minutes.
- dependabot.yml adds an npm ecosystem entry for the new package.json.
- .gitignore covers node_modules/, .pnpm-store/, agent worktree dirs,
and .gate-trusted/.
- review-contract.md aligned with actual helper logic: AI_REVIEW_AGENT
is documented as optional.
- specs/001-refresh-flutter-dependencies/{plan,tasks}.md: drop
user-specific local cache paths.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Installs the Unicorn Hub Flutter profile into
takeyourmedsso future AI-assisted work has durable project memory, baseline scripts, PR workflows, review routing, Dependabot, and branch-protection configuration.The existing Flutter app code and
.github/workflows/ci.ymlare preserved. The generated project memory was adapted to the real app: offline-first medication reminders for iOS/Android, local SQLite/mobile notification behavior, web demo limitations, current Make targets, and current CI contexts.This PR also refreshes Flutter dependency metadata because the current GitHub Actions Flutter stable image exposed the repository's existing incompatible-constraints dependency gate. App source remains unchanged;
pubspec.yaml,pubspec.lock, generated desktop plugin metadata, dependency docs, and feature memory were updated so CI can validate the bootstrap on Flutter stable 3.41.9 / Dart 3.11.5.Validation
pnpm run check:reponode scripts/check-feature-memory.mjs --worktreePATH=/Users/kristina.kurashova/.cache/flutter-stable/bin:$PATH pnpm run preflightPATH=/Users/kristina.kurashova/.cache/flutter-stable/bin:$PATH flutter build web --releasegit diff --cached --check.unicorn-hub/config.jsonandpackage.jsonNotes
.github/workflows/ci.ymlhas no diff..unicorn-hub/config.jsonlists the current Flutter CI job contexts:Lint,Unit tests,Widget tests,Build Web, andBuild Android APK, plus Unicorn Hub gates.pr-guard.ymlchecks trusted gate scripts from the PR base SHA, with a first-install fallback because this repo does not yet have the scripts onmain.ai-review.ymlskips enforcement only for this first Unicorn Hub bootstrap case where trusted review scripts are absent from the base branch; after merge, future PRs use trusted review scripts frommain.