fix(web): preserve project terminal history

[skulidropek]

Summary

• Preserve browser project terminal history by configuring tmux with history-limit 50000 before the first pane is created.
• Enable tmux mouse mode for project terminals so wheel scroll moves through terminal history instead of shell command history.
• Keep auth terminals conservative and continue suppressing focus reporting bytes that can corrupt TUIs.
• Add explicit xterm scrollback: 50000 and regression tests for terminal query suppression and tmux attach command rendering.
• Keep CI green by removing a duplicated app test that violated the app/lib boundary and by aligning shared Grok auth args with the app implementation.

Fixes #317

Screenshots

Web terminal with PR/CI status:

Project terminal at latest output before scrolling:

Same project terminal after mouse-wheel scrolling up to older preserved output:

Validation

• rtk bun run lint:effect
• rtk bun run lint
• rtk bun run check
• rtk bun run test
• rtk proxy git diff --check
• GitHub Actions on a07145e: 19 passed, 0 failed

[coderabbitai]

Note

Currently processing new changes in this PR. This may take a few minutes, please wait...

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: 04557ad8-e5fc-480f-b126-6833975d0948

📥 Commits

Reviewing files that changed from the base of the PR and between 3e2dad8 and 06e8f7c.

📒 Files selected for processing (1)

• packages/lib/src/usecases/auth-grok-oauth.ts

📝 Walkthrough

Walkthrough

PR добавляет конфигурируемое подавление терминальных DEC private режимов с опцией allowMouseTracking, прокидывает этот флаг в runtime/UI, обновляет tmux attach-скрипт для установки history-limit и mouse, и выносит helper для прикрепления Grok-аутентификационной терминальной сессии.

Changes

Terminal Session Mouse Tracking and History

Layer / File(s)	Summary
Tmux Session Configuration with History and Mouse packages/api/src/services/terminal-sessions.ts, packages/api/tests/terminal-sessions.test.ts	Скрипт присоединения tmux переработан для запуска сервера, установки глобального и локального history-limit, включения поддержки мыши перед присоединением. Тесты обновлены для проверки всех компонентов скрипта.
Terminal Query Suppression with Mouse Tracking Control packages/app/src/web/terminal-query-suppression.ts, packages/app/tests/docker-git/terminal-query-suppression.test.ts	Новый тип TerminalQuerySuppressionOptions с флагом allowMouseTracking управляет подавлением DEC private режимов. Режимы mouse-tracking и focus-reporting разделены; подавление условно пропускает mouse-tracking при allowMouseTracking: true, всегда подавляя focus-reporting. Тест проверяет условное подавление.
Terminal Runtime Initialization with Options Parameter packages/app/src/web/terminal-panel-runtime-core.ts	Функция createTerminalRuntime расширена с параметром options: TerminalRuntimeOptions. Терминал теперь инициализируется с переданными параметрами подавления запросов вместо использования значений по умолчанию.
Session Mount with Browser-Based Mouse Tracking Decision packages/app/src/web/terminal-panel-runtime.ts	Предикат shouldAllowTerminalMouseTracking включает отслеживание мыши для сессий браузерных проектов. mountTerminalSession передаёт решение о доступности мыши через querySuppression.allowMouseTracking в createTerminalRuntime. Порядок re-export типов приведён в соответствие.
Grok Auth Terminal Session Handler packages/app/src/docker-git/api-client-auth.ts, packages/app/src/docker-git/api-client.ts, packages/app/src/docker-git/program-auth.ts	Новый хелпер attachGrokTerminalSession инкапсулирует логику подсоединения терминала для потока Grok-аутентификации, проверяя наличие сессии и вызывая attachTerminalSession с Grok-специфичными параметрами. handleGrokLoginCommand упрощена для делегирования логики. Переупорядочены импорты типов и экспорты модулей для согласованной группировки функций GitLab и Grok.
React Component Integration of Auth Terminal Exit Handler packages/app/src/web/app-ready-terminal-screen.tsx, packages/app/src/web/panel-terminal.tsx	Проп onAuthTerminalExitSuccess прокидывается через TerminalScreen в TerminalPane для обработки события выхода из auth-терминала. Тип TerminalExitInfo перемещён из terminal-mobile-controls в terminal-panel-runtime как канонический источник; импорты обновлены соответственно.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• ProverCoderAI/docker-git#309: Оба PR изменяют packages/api/src/services/terminal-sessions.ts при генерации команды tmux attach—изменения по истории и mouse-конфигурации пересекаются.
• ProverCoderAI/docker-git#321: Перекрытие по изменению Grok OAuth запуска в buildDockerGrokAuthArgs (device-auth flow).
• ProverCoderAI/docker-git#305: Связанная работа по поддержке Grok аутентификации и изменению аргументов grok login --device-auth.

🚥 Pre-merge checks | ✅ 7

✅ Passed checks (7 passed)

Check name	Status	Explanation
Title check	✅ Passed	Заголовок точно описывает основное изменение: сохранение истории в веб-терминале проекта через конфигурацию tmux.
Description check	✅ Passed	Описание содержит необходимые разделы: резюме изменений, привязку к issue #317, скриншоты валидации, и описание проведённых проверок.
Linked Issues check	✅ Passed	Все основные требования issue #317 реализованы: сохранение истории tmux (history-limit 50000), включение поддержки мыши в проектных терминалах, сохранение консервативного поведения для auth-терминалов, добавление регрессионных тестов.
Out of Scope Changes check	✅ Passed	Все изменения соответствуют целям: конфигурация истории tmux, управление подавлением запросов терминала, переупорядочивание импортов для рефакторинга и удаление дублирующегося теста, нарушавшего границы app/lib.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Requirements Alignment	✅ Passed	PR implements all stated objectives: history-limit, mouse mode, xterm scrollback, focus suppression, tests. Behavior aligns with issue 317 requirements and PR description.
Security Regression	✅ Passed	No high-confidence security regressions found. User inputs properly escaped, no PII exposure, Docker options safe, no unsafe code execution, terminal security controls maintained.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch issue-317

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@packages/api/tests/terminal-sessions.test.ts`:
- Around line 250-256: The test currently uses multiple
expect(command).toContain(...) assertions which do not enforce ordering; update
the assertions in packages/api/tests/terminal-sessions.test.ts to assert the
relative order of "history-limit 50000" and "new-session -d -s" (and any other
ordering invariants) by comparing their indices in the command string (e.g.,
using command.indexOf("history-limit 50000") < command.indexOf("new-session -d
-s")) or a single regex that enforces the sequence; modify the assertions that
reference the variable command to use index-based or regex ordering checks
instead of plain toContain so the test fails if the order is reversed.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: 140c18cc-7607-4468-97ac-aa921d5b4575

📥 Commits

Reviewing files that changed from the base of the PR and between e7107a6 and 25fedfe.

⛔ Files ignored due to path filters (2)

• docs/pr-screenshots/issue-317/terminal-latest-output.png is excluded by !**/*.png
• docs/pr-screenshots/issue-317/terminal-scrolled-history.png is excluded by !**/*.png

📒 Files selected for processing (11)

• packages/api/src/services/terminal-sessions.ts
• packages/api/tests/terminal-sessions.test.ts
• packages/app/src/docker-git/api-client-auth.ts
• packages/app/src/docker-git/api-client.ts
• packages/app/src/docker-git/program-auth.ts
• packages/app/src/web/app-ready-terminal-screen.tsx
• packages/app/src/web/panel-terminal.tsx
• packages/app/src/web/terminal-panel-runtime-core.ts
• packages/app/src/web/terminal-panel-runtime.ts
• packages/app/src/web/terminal-query-suppression.ts
• packages/app/tests/docker-git/terminal-query-suppression.test.ts

📜 Review details

⏰ Context from checks skipped due to timeout of 900000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (9)

• GitHub Check: E2E (Clone auto-open SSH)
• GitHub Check: E2E (Clone cache)
• GitHub Check: Lint
• GitHub Check: E2E (Login context)
• GitHub Check: E2E (Browser command)
• GitHub Check: E2E (OpenCode)
• GitHub Check: Test
• GitHub Check: E2E (Runtime volumes + SSH)
• GitHub Check: Final build (windows-latest)

🧰 Additional context used

📓 Path-based instructions (8)

**/*.{ts,tsx}

📄 CodeRabbit inference engine (CLAUDE.md)

**/*.{ts,tsx}: Implement Functional Core, Imperative Shell (FCIS) pattern: CORE layer contains only pure functions with immutable data and mathematical operations; SHELL layer isolates all effects (IO, network, database). Strict dependency direction: SHELL → CORE (never reverse).
Never use any, unknown, eslint-disable, ts-ignore, or as type assertions (except in rigorously justified cases with documentation). Always use exhaustive union type analysis through .exhaustive() pattern matching.
All external dependencies must be wrapped through typed interfaces and injected via Effect-TS Layer pattern. Never call external services directly from CORE functions.
Use monadic composition with Effect-TS for all effects: Effect<Success, Error, Requirements>. Compose effects through pipe() and Effect.flatMap(). Implement dependency injection via Layer pattern. Handle errors without try/catch blocks.
All functions must be pure in the CORE layer: no side effects (logging, console output, IO operations, mutations). Separate all side effects into the SHELL layer.
Use exhaustive pattern matching with Effect.Match instead of switch statements. Example: Match.value(item).pipe(Match.when(...), Match.exhaustive).
Document all functions with comprehensive TSDoc including: @pure (true/false), @effect (required services), @invariant (mathematical invariants), @precondition, @postcondition, @complexity (time and space), @throws Never (errors must be typed in Effect).
Use functional comment markers for code clarity: CHANGE (brief description), WHY (mathematical/architectural justification), QUOTE(ТЗ) (requirement citation), REF (RTM or message ID), SOURCE (external source with quote), FORMAT THEOREM (∀x ∈ Domain: P(x) → Q(f(x))), PURITY (CORE|SHELL), EFFECT (Effect type signature), INVARIANT (mathematical invariant), COMPLEXITY (time/space).
Define all external service dependencies as Context.Tag classes with fully typed methods returning Effect types. Example: `class Da...

Files:

• packages/api/src/services/terminal-sessions.ts
• packages/app/src/docker-git/api-client-auth.ts
• packages/api/tests/terminal-sessions.test.ts
• packages/app/src/web/terminal-panel-runtime-core.ts
• packages/app/src/web/app-ready-terminal-screen.tsx
• packages/app/tests/docker-git/terminal-query-suppression.test.ts
• packages/app/src/web/terminal-panel-runtime.ts
• packages/app/src/docker-git/api-client.ts
• packages/app/src/docker-git/program-auth.ts
• packages/app/src/web/terminal-query-suppression.ts
• packages/app/src/web/panel-terminal.tsx

**/*.{ts,tsx,js,jsx}

📄 CodeRabbit inference engine (AGENTS.md)

**/*.{ts,tsx,js,jsx}: Forbidden constructs in CORE code: any, eslint-disable, ts-ignore, async/await, raw Promise chains (then/catch), Promise.all, try/catch for logic control, console.*, switch statements (use Match with .exhaustive() instead)
All functions must use Effect-TS for composing effects: Effect<Success, Error, Requirements>. No direct async/await, Promise chains, or try/catch in product logic.
Functional comments must include: CHANGE, WHY, QUOTE(ТЗ) or n/a, REF, SOURCE or n/a, FORMAT THEOREM, PURITY (CORE|SHELL), EFFECT signature for SHELL functions, INVARIANT, and COMPLEXITY.
All data mutations must use immutable patterns (ReadonlyArray, readonly properties, Object.freeze); mutation in SHELL only when absolutely necessary and documented.

Files:

• packages/api/src/services/terminal-sessions.ts
• packages/app/src/docker-git/api-client-auth.ts
• packages/api/tests/terminal-sessions.test.ts
• packages/app/src/web/terminal-panel-runtime-core.ts
• packages/app/src/web/app-ready-terminal-screen.tsx
• packages/app/tests/docker-git/terminal-query-suppression.test.ts
• packages/app/src/web/terminal-panel-runtime.ts
• packages/app/src/docker-git/api-client.ts
• packages/app/src/docker-git/program-auth.ts
• packages/app/src/web/terminal-query-suppression.ts
• packages/app/src/web/panel-terminal.tsx

**/*.{sh,bash,py,js,ts,jsx,tsx,go,java,rb,php}

📄 CodeRabbit inference engine (Custom checks)

Fail if changed files introduce command injection or unsafe shell/process execution with user-controlled input

Files:

• packages/api/src/services/terminal-sessions.ts
• packages/app/src/docker-git/api-client-auth.ts
• packages/api/tests/terminal-sessions.test.ts
• packages/app/src/web/terminal-panel-runtime-core.ts
• packages/app/src/web/app-ready-terminal-screen.tsx
• packages/app/tests/docker-git/terminal-query-suppression.test.ts
• packages/app/src/web/terminal-panel-runtime.ts
• packages/app/src/docker-git/api-client.ts
• packages/app/src/docker-git/program-auth.ts
• packages/app/src/web/terminal-query-suppression.ts
• packages/app/src/web/panel-terminal.tsx

**/*.{py,js,ts,jsx,tsx,go,java,rb,php,sh,bash,c,cpp}

📄 CodeRabbit inference engine (Custom checks)

Fail if changed files introduce path traversal or writes outside intended project/container state directories

Files:

• packages/api/src/services/terminal-sessions.ts
• packages/app/src/docker-git/api-client-auth.ts
• packages/api/tests/terminal-sessions.test.ts
• packages/app/src/web/terminal-panel-runtime-core.ts
• packages/app/src/web/app-ready-terminal-screen.tsx
• packages/app/tests/docker-git/terminal-query-suppression.test.ts
• packages/app/src/web/terminal-panel-runtime.ts
• packages/app/src/docker-git/api-client.ts
• packages/app/src/docker-git/program-auth.ts
• packages/app/src/web/terminal-query-suppression.ts
• packages/app/src/web/panel-terminal.tsx

**/*.{js,ts,jsx,tsx,py,java,go,rb,php,sh,bash,yml,yaml,json,env*,toml,cfg,config,dockerfile,dockerignore}

📄 CodeRabbit inference engine (Custom checks)

Fail if changed files expose credentials, tokens, private-keys, or PII in source, generated config, logs, or CI output

Files:

• packages/api/src/services/terminal-sessions.ts
• packages/app/src/docker-git/api-client-auth.ts
• packages/api/tests/terminal-sessions.test.ts
• packages/app/src/web/terminal-panel-runtime-core.ts
• packages/app/src/web/app-ready-terminal-screen.tsx
• packages/app/tests/docker-git/terminal-query-suppression.test.ts
• packages/app/src/web/terminal-panel-runtime.ts
• packages/app/src/docker-git/api-client.ts
• packages/app/src/docker-git/program-auth.ts
• packages/app/src/web/terminal-query-suppression.ts
• packages/app/src/web/panel-terminal.tsx

**/*

⚙️ CodeRabbit configuration file

**/*: Ты строгий ревьюер SPEC DRIVEN DEVELOPMENT.

Перед выводами изучи README.md, другие *.md файлы, linked issues,
PR description, PR comments/discussion и релевантную кодовую базу.

Сверь изменения с исходным ТЗ/спекой и обсуждением. Флагай любой уход
от спеки, недокументированное изменение поведения, отсутствие тестов
для заявленного поведения и security-риск. Если спека не видна,
попроси автора добавить ее в issue или PR description.

Проверь решение с точки зрения формальной верификации: какие инварианты,
предусловия и постусловия можно доказать математически, а где доказуемость
слабая. Оцени решение с точки зрения теории игр: устойчивы ли стимулы,
нет ли выгодного обхода правил, и какое решение было бы сильнее.

Files:

• packages/api/src/services/terminal-sessions.ts
• packages/app/src/docker-git/api-client-auth.ts
• packages/api/tests/terminal-sessions.test.ts
• packages/app/src/web/terminal-panel-runtime-core.ts
• packages/app/src/web/app-ready-terminal-screen.tsx
• packages/app/tests/docker-git/terminal-query-suppression.test.ts
• packages/app/src/web/terminal-panel-runtime.ts
• packages/app/src/docker-git/api-client.ts
• packages/app/src/docker-git/program-auth.ts
• packages/app/src/web/terminal-query-suppression.ts
• packages/app/src/web/panel-terminal.tsx

**/*.test.{ts,tsx}

📄 CodeRabbit inference engine (CLAUDE.md)

**/*.test.{ts,tsx}: Implement property-based testing using fast-check for mathematical properties and invariants. Example: fc.property(fc.array(messageArbitrary), (messages) => isChronologicallySorted(sortMessagesByTimestamp(messages))).
Mock external dependencies in unit tests using Effect's testing utilities. Run tests without Effect runtime for speed. Example: Effect.provide(MockService), Effect.runPromise.

Files:

• packages/api/tests/terminal-sessions.test.ts
• packages/app/tests/docker-git/terminal-query-suppression.test.ts

**/*.{test,spec}.{ts,tsx}

📄 CodeRabbit inference engine (AGENTS.md)

Property-based tests (fast-check) must verify mathematical invariants; unit tests must use Effect test utilities without async/await.

Files:

• packages/api/tests/terminal-sessions.test.ts
• packages/app/tests/docker-git/terminal-query-suppression.test.ts

🧠 Learnings (1)

📚 Learning: 2026-05-18T07:43:38.131Z

Learnt from: skulidropek
Repo: ProverCoderAI/docker-git PR: 313
File: packages/api/src/services/panel-cloudflare-tunnel.ts:123-135
Timestamp: 2026-05-18T07:43:38.131Z
Learning: In this repo’s ProverCoderAI/docker-git architecture, it is intentional for service modules under packages/api/src/services/ to call Node.js APIs directly (e.g., fs, child_process, fetch). Do not treat direct Node API usage in these service modules as a dependency-injection (DI) violation. This codebase provides the NodeContext at the program boundary (entry point) rather than injecting Context.Tag/Layer services into individual service modules; reviewers should only flag DI/context issues if the expected boundary setup is missing.

Applied to files:

• packages/api/src/services/terminal-sessions.ts

🔇 Additional comments (14)

packages/app/src/docker-git/api-client-auth.ts (1)

30-32: LGTM!

packages/app/src/docker-git/api-client.ts (1)

36-38: LGTM!

packages/app/src/docker-git/program-auth.ts (4)

4-4: LGTM!

Also applies to: 16-19, 23-23, 25-25

---

49-51: LGTM!

---

63-72: LGTM!

---

128-128: LGTM!

packages/app/src/web/app-ready-terminal-screen.tsx (2)

12-12: LGTM!

---

524-524: LGTM!

packages/app/src/web/panel-terminal.tsx (1)

14-14: LGTM!

packages/api/src/services/terminal-sessions.ts (1)

979-985: LGTM!

packages/app/src/web/terminal-query-suppression.ts (1)

3-5: LGTM!

Also applies to: 36-59, 78-96, 113-121, 123-159

packages/app/tests/docker-git/terminal-query-suppression.test.ts (1)

126-131: LGTM!

Also applies to: 225-237

packages/app/src/web/terminal-panel-runtime-core.ts (1)

33-33: LGTM!

Also applies to: 41-43, 83-97

packages/app/src/web/terminal-panel-runtime.ts (1)

171-173: LGTM!

Also applies to: 183-187, 251-251

[skulidropek]

AI Session Backup

Commit: a07145e
Status: success
Files: 3 (4.24 MB)
Links: README | Manifest

git status

On branch issue-317
Your branch is up to date with 'origin/issue-317'.

nothing to commit, working tree clean

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@packages/lib/src/usecases/auth-grok-oauth.ts`:
- Line 76: The command return now includes the "--device-auth" flag (see the
returned array containing spec.image, "grok", "login", "--device-auth"), but the
file's top-of-file documentation/comments (previously describing a
browser/interactive flow) and the docblock/example around line 112 still mention
the old flow; update those comments and examples to describe the device-auth
behavior and how to complete device authentication (including any expected CLI
output and next steps), remove references to browser/interactive flow, and align
any examples or parameter descriptions to match the new "--device-auth" flag and
flow.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: 2d5d0b97-e2da-4132-9a3e-92b8684c3553

📥 Commits

Reviewing files that changed from the base of the PR and between 25fedfe and a07145e.

📒 Files selected for processing (2)

• packages/app/tests/docker-git/core-templates.test.ts
• packages/lib/src/usecases/auth-grok-oauth.ts

💤 Files with no reviewable changes (1)

• packages/app/tests/docker-git/core-templates.test.ts

📜 Review details

⏰ Context from checks skipped due to timeout of 900000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (8)

• GitHub Check: E2E (Clone cache)
• GitHub Check: E2E (Clone auto-open SSH)
• GitHub Check: E2E (Runtime volumes + SSH)
• GitHub Check: Lint Effect-TS
• GitHub Check: Test
• GitHub Check: Types
• GitHub Check: Lint
• GitHub Check: Final build (windows-latest)

🧰 Additional context used

📓 Path-based instructions (6)

**/*.{ts,tsx}

📄 CodeRabbit inference engine (CLAUDE.md)

**/*.{ts,tsx}: Implement Functional Core, Imperative Shell (FCIS) pattern: CORE layer contains only pure functions with immutable data and mathematical operations; SHELL layer isolates all effects (IO, network, database). Strict dependency direction: SHELL → CORE (never reverse).
Never use any, unknown, eslint-disable, ts-ignore, or as type assertions (except in rigorously justified cases with documentation). Always use exhaustive union type analysis through .exhaustive() pattern matching.
All external dependencies must be wrapped through typed interfaces and injected via Effect-TS Layer pattern. Never call external services directly from CORE functions.
Use monadic composition with Effect-TS for all effects: Effect<Success, Error, Requirements>. Compose effects through pipe() and Effect.flatMap(). Implement dependency injection via Layer pattern. Handle errors without try/catch blocks.
All functions must be pure in the CORE layer: no side effects (logging, console output, IO operations, mutations). Separate all side effects into the SHELL layer.
Use exhaustive pattern matching with Effect.Match instead of switch statements. Example: Match.value(item).pipe(Match.when(...), Match.exhaustive).
Document all functions with comprehensive TSDoc including: @pure (true/false), @effect (required services), @invariant (mathematical invariants), @precondition, @postcondition, @complexity (time and space), @throws Never (errors must be typed in Effect).
Use functional comment markers for code clarity: CHANGE (brief description), WHY (mathematical/architectural justification), QUOTE(ТЗ) (requirement citation), REF (RTM or message ID), SOURCE (external source with quote), FORMAT THEOREM (∀x ∈ Domain: P(x) → Q(f(x))), PURITY (CORE|SHELL), EFFECT (Effect type signature), INVARIANT (mathematical invariant), COMPLEXITY (time/space).
Define all external service dependencies as Context.Tag classes with fully typed methods returning Effect types. Example: `class Da...

Files:

• packages/lib/src/usecases/auth-grok-oauth.ts

**/*.{ts,tsx,js,jsx}

📄 CodeRabbit inference engine (AGENTS.md)

**/*.{ts,tsx,js,jsx}: Forbidden constructs in CORE code: any, eslint-disable, ts-ignore, async/await, raw Promise chains (then/catch), Promise.all, try/catch for logic control, console.*, switch statements (use Match with .exhaustive() instead)
All functions must use Effect-TS for composing effects: Effect<Success, Error, Requirements>. No direct async/await, Promise chains, or try/catch in product logic.
Functional comments must include: CHANGE, WHY, QUOTE(ТЗ) or n/a, REF, SOURCE or n/a, FORMAT THEOREM, PURITY (CORE|SHELL), EFFECT signature for SHELL functions, INVARIANT, and COMPLEXITY.
All data mutations must use immutable patterns (ReadonlyArray, readonly properties, Object.freeze); mutation in SHELL only when absolutely necessary and documented.

Files:

• packages/lib/src/usecases/auth-grok-oauth.ts

**/*.{sh,bash,py,js,ts,jsx,tsx,go,java,rb,php}

📄 CodeRabbit inference engine (Custom checks)

Fail if changed files introduce command injection or unsafe shell/process execution with user-controlled input

Files:

• packages/lib/src/usecases/auth-grok-oauth.ts

**/*.{py,js,ts,jsx,tsx,go,java,rb,php,sh,bash,c,cpp}

📄 CodeRabbit inference engine (Custom checks)

Fail if changed files introduce path traversal or writes outside intended project/container state directories

Files:

• packages/lib/src/usecases/auth-grok-oauth.ts

**/*.{js,ts,jsx,tsx,py,java,go,rb,php,sh,bash,yml,yaml,json,env*,toml,cfg,config,dockerfile,dockerignore}

📄 CodeRabbit inference engine (Custom checks)

Fail if changed files expose credentials, tokens, private-keys, or PII in source, generated config, logs, or CI output

Files:

• packages/lib/src/usecases/auth-grok-oauth.ts

**/*

⚙️ CodeRabbit configuration file

**/*: Ты строгий ревьюер SPEC DRIVEN DEVELOPMENT.

Перед выводами изучи README.md, другие *.md файлы, linked issues,
PR description, PR comments/discussion и релевантную кодовую базу.

Сверь изменения с исходным ТЗ/спекой и обсуждением. Флагай любой уход
от спеки, недокументированное изменение поведения, отсутствие тестов
для заявленного поведения и security-риск. Если спека не видна,
попроси автора добавить ее в issue или PR description.

Проверь решение с точки зрения формальной верификации: какие инварианты,
предусловия и постусловия можно доказать математически, а где доказуемость
слабая. Оцени решение с точки зрения теории игр: устойчивы ли стимулы,
нет ли выгодного обхода правил, и какое решение было бы сильнее.

Files:

• packages/lib/src/usecases/auth-grok-oauth.ts

🔇 Additional comments (1)

packages/lib/src/usecases/auth-grok-oauth.ts (1)

44-52: LGTM!

[skulidropek]

AI Session Backup

Commit: 58902d1
Status: success
Files: 3 (6.60 MB)
Links: README | Manifest

git status

On branch issue-317
Your branch is up to date with 'origin/issue-317'.

nothing to commit, working tree clean

[skulidropek]

AI Session Backup

Commit: 3e2dad8
Status: success
Files: 4 (8.01 MB)
Links: README | Manifest

git status

On branch issue-317
Your branch is up to date with 'origin/issue-317'.

nothing to commit, working tree clean

[skulidropek]

AI Session Backup

Commit: 06e8f7c
Status: success
Files: 4 (8.30 MB)
Links: README | Manifest

git status

On branch issue-317
Your branch is up to date with 'origin/issue-317'.

nothing to commit, working tree clean