feat(shell): sync agent plans to pull requests

[skulidropek]

Summary

• Install plan-to-git in generated project images via pinned Cargo git revision, matching the existing rust-browser-connection delivery model.
• Add a managed Codex hook that captures explicit plans with plan-to-git hook --source codex.
• Run plan-to-git sync from the generated global git post-push wrapper before session backup.
• Keep .agent-plan.json out of generated git and Docker contexts.

Closes #369.

E2E proof

I ran a live generated docker-git project container from this branch against https://github.com/octocat/Hello-World/issues/1, then executed the generated hook inside the project container with a fake gh that only records the PR comment request. This proves the real compiled plan-to-git binary, generated hook config, local state write, and PR-comment sync path without posting to octocat.

PROOF: binary installed
/usr/local/bin/plan-to-git
Capture agent plans and sync them to GitHub pull requests

PROOF: managed Codex hook config
managed_dir = "/opt/docker-git/hooks"
command = "/opt/docker-git/hooks/plan-to-git-codex-hook"
command = "/opt/docker-git/hooks/plan-to-git-codex-hook"

PROOF: hook captures plan and sync posts comment through gh
plan-to-git: captured 1 plan(s), 0 decision(s), 0 pending question set(s), sync=Commented { number: 369, comment_id: 424242, items: 1 }

PROOF: local state recorded captured plan and posted comment
      "kind": "plan",
      "source": "codex",
      "title": "E2E Plan Upload Proof",
      "pr_number": 369,
      "comment_id": 424242,

PROOF: rendered PR comment body
## Agent Plan Update
# E2E Plan Upload Proof
- Capture a Codex plan through the generated managed hook.

PROOF: post-push action contains plan sync before session backup
/opt/docker-git/hooks/post-push:19:  plan-to-git sync
/opt/docker-git/hooks/post-push:35:  DOCKER_GIT_SKIP_POST_PUSH_ACTION=1 docker-git-session-sync backup --verbose --background --require-comment

Checks

bun run --cwd packages/lib test -- tests/core/templates.test.ts tests/core/git-post-push-wrapper.test.ts
bun run --cwd packages/app test -- tests/docker-git/core-templates.test.ts
bun run typecheck
git diff --check
bun run --cwd packages/lib lint
ESLint direct check for changed app source files
E2E generated docker-git project container proof above

bun run --cwd packages/app lint was attempted, but this environment killed the full app source ESLint auto-fix process with SIGKILL/code 137. The narrower ESLint check on the changed app source files passed, and the app test lint path ran as part of the focused app test command.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: 48a5c2e8-6012-4f66-a02e-02d28c2d7114

📥 Commits

Reviewing files that changed from the base of the PR and between ac2aa6a and d0b50a0.

📒 Files selected for processing (1)

• .gitignore

📜 Recent review details

⏰ Context from checks skipped due to timeout of 900000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (9)

• GitHub Check: E2E (Login context)
• GitHub Check: E2E (Clone cache)
• GitHub Check: Lint
• GitHub Check: E2E (Runtime volumes + SSH)
• GitHub Check: E2E (Clone auto-open SSH)
• GitHub Check: E2E (Browser command)
• GitHub Check: E2E (OpenCode)
• GitHub Check: Test
• GitHub Check: Final build (windows-latest)

🔇 Additional comments (1)

.gitignore (1)

13-13: LGTM!

---

📝 Walkthrough

Summary by CodeRabbit

• New Features

  • Интеграция с plan-to-git CLI: автоматическая синхронизация планов после успешного push и создание управляющего hook-скрипта для Codex.
  • Поддержка управляемых git‑хуков для Codex с автоматически генерируемой конфигурацией.

• Chores

  • Исключение .agent-plan.json добавлено в .gitignore и .dockerignore.
  • Установка plan-to-git включена в генерируемые Docker‑образы.

• Tests

  • Обновлены и расширены тесты, добавлены property‑based проверки и новые сценарии post‑push.

Walkthrough

PR интегрирует инструмент plan-to-git для синхронизации планов в PR/ветки: добавляет установку CLI в Docker-образы с pinned ревизией, расширяет пост-push логику для вызова синхронизации, генерирует managed Codex hooks, исключает .agent-plan.json из версионирования, и добавляет комплексное тестирование поведения.

Changes

Интеграция plan-to-git для синхронизации планов

Layer / File(s)	Summary
Установка plan-to-git в Docker-образы packages/app/src/lib/core/templates/dockerfile-prelude.ts, packages/lib/src/core/templates/dockerfile-prelude.ts	Добавлена константа pinned SHA, функция renderDockerfilePlanToGit() для генерации шагов cargo install в /usr/local и проверки доступности plan-to-git --help; renderDockerfilePrelude() теперь объединяет фрагменты включая установку plan-to-git.
Исключение артефактов планов из контекстов packages/app/src/lib/core/templates.ts, packages/lib/src/core/templates.ts, .gitignore	В renderGitignore() и renderDockerignore() добавлена строка .agent-plan.json, и корневой .gitignore получает правило /.agent-plan.json, чтобы состояние планов не попадало в git и Docker build context.
Пост-push синхронизация и managed Codex hooks packages/app/src/lib/core/templates-entrypoint/git-hooks.ts, packages/lib/src/core/templates-entrypoint/git-hooks.ts	В шаблонах entrypoint добавлены переменные путей для plan-to-git-codex-hook и CODEX_REQUIREMENTS_FILE. В $POST_PUSH_ACTION вставлен блок, который при успешном push выполняет plan-to-git sync (если DOCKER_GIT_SKIP_PLAN_TO_GIT != 1 и бинарь доступен). Также генерируется исполняемый plan-to-git-codex-hook и requirements.toml с managed hooks (обработчики UserPromptSubmit и Stop указывают на /opt/docker-git/hooks/plan-to-git-codex-hook).
Инфраструктура тестирования plan-to-git packages/lib/tests/core/git-post-push-wrapper.test.ts	Добавлен fake plan-to-git скрипт, логирующий PWD и аргументы; WrapperHarness расширен planToGitLogPath, окружение тестов получает FAKE_PLAN_TO_GIT_LOG_PATH/FAKE_PLAN_TO_GIT_EXIT_CODE для управления поведением.
Тесты post-push поведения с plan-to-git packages/lib/tests/core/git-post-push-wrapper.test.ts	Тесты обёртки расширены: проверка выполнения plan-to-git sync в обычном push и с git -C, отсутствие вызова в dry-run, поведение при ошибках push, поддержка DOCKER_GIT_SKIP_PLAN_TO_GIT для пропуска sync при сохранении backup, и проверка логирования при ошибках синхронизации.
Тесты валидации сгенерированного контента packages/app/tests/docker-git/core-templates.test.ts, packages/lib/tests/core/templates.test.ts	Тесты обновлены/переписаны на property-based: проверяется cargo install plan-to-git с --rev/--locked, наличие /usr/local/bin/plan-to-git --help, ожидаемые вызовы plan-to-git sync и plan-to-git hook --source codex, наличие CODEX_REQUIREMENTS_FILE и managed hooks-конфигурации, а также проверка, что .agent-plan.json добавлен в оба ignore-файла.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

🚥 Pre-merge checks | ✅ 7

✅ Passed checks (7 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'feat(shell): sync agent plans to pull requests' accurately describes the main change: integrating plan-to-git to synchronize agent plans to pull requests.
Description check	✅ Passed	The description includes a clear summary of changes, links to issue #369, provides E2E proof, verification steps, and lists checks performed, though missing explicit 'Requirements Alignment' and 'Out of scope' sections from template.
Linked Issues check	✅ Passed	The PR implements all requirements from issue #369: installs plan-to-git via pinned revision, adds managed Codex hook, runs plan-to-git sync in post-push wrapper, and excludes .agent-plan.json from git/Docker contexts.
Out of Scope Changes check	✅ Passed	All changes are directly aligned with issue #369 objectives. No unrelated code modifications detected—all changes support plan-to-git integration, hook management, and agent plan synchronization.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Requirements Alignment	✅ Passed	Core promises verified: pinned plan-to-git, Codex hook, skip support, post-push-before-backup, managed hooks without forced-only, .agent-plan.json ignored. All promises have test coverage.
Security Regression	✅ Passed	Code hardening verified: bash security (set -euo), safe here-docs, pinned git revisions, --locked cargo installs, command validation, proper file permissions, path validation, no injectable arguments.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch issue-369

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

packages/app/tests/docker-git/core-templates.test.ts (1)

66-90: 🛠️ Refactor suggestion | 🟠 Major | ⚡ Quick win

Покройте новые инварианты через property-based тесты (fast-check).

Сейчас проверки завязаны на один конфиг и не доказывают инварианты для всего допустимого пространства TemplateConfig.

Пример минимального усиления теста

+import * as fc from "fast-check"
...
-  it("keeps plan-to-git state out of generated git and docker contexts", () => {
-    const files = planFiles(makeTemplateConfig())
-    const gitignore = getGeneratedFile(files, ".gitignore")
-    const dockerignore = getGeneratedFile(files, ".dockerignore")
-
-    expect(gitignore.contents).toContain(".agent-plan.json")
-    expect(dockerignore.contents).toContain(".agent-plan.json")
-  })
+  it("keeps plan-to-git state out of generated git and docker contexts", () => {
+    fc.assert(
+      fc.property(fc.boolean(), fc.constantFrom<TemplateConfig["gpu"]>("none", "all"), (enableMcpPlaywright, gpu) => {
+        const files = planFiles(makeTemplateConfig({ enableMcpPlaywright, gpu }))
+        const gitignore = getGeneratedFile(files, ".gitignore")
+        const dockerignore = getGeneratedFile(files, ".dockerignore")
+        expect(gitignore.contents).toContain(".agent-plan.json")
+        expect(dockerignore.contents).toContain(".agent-plan.json")
+      })
+    )
+  })

As per coding guidelines: **/*.test.{ts,tsx}: Implement property-based testing using fast-check for mathematical properties and invariants.

Also applies to: 92-99

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@packages/app/tests/docker-git/core-templates.test.ts` around lines 66 - 90,
Add a property-based test using fast-check that generates random TemplateConfig
instances and for each run renders the Dockerfile and entrypoint (the existing
variables checked as dockerfile.contents and entrypoint.contents) and asserts
the invariants currently hard-coded in the test (e.g., presence of "cargo
install ... plan-to-git", "/usr/local/bin/plan-to-git --help >/dev/null", "make
build-essential docker.io", "docker_git_stop_playwright_browser()",
"docker-git-browser-connection", "plan-to-git sync", "plan-to-git hook --source
codex", CODEX_REQUIREMENTS_FILE, managed_dir and hooks entries, and the absence
checks like "docker-git-playwright-mcp" and
"docker_git_start_rust_browser_connection" etc.); import fast-check (fc), create
an Arbitrary for TemplateConfig (or reuse existing factory), call the template
rendering function used by this test to produce dockerfile.contents and
entrypoint.contents, and replace or augment the one-off assertions with
fc.assert(fc.property(...)) so these invariants hold across the generated
TemplateConfig space.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@packages/lib/tests/core/git-post-push-wrapper.test.ts`:
- Around line 113-125: The fakePlanToGitScript test helper currently logs any
arguments passed without verifying the command; update the fakePlanToGitScript
to validate that the first positional parameter is "sync" and fail the script
(non-zero exit or explicit error log) if it is not, so tests catch incorrect
invocations. Locate the fakePlanToGitScript string used in
git-post-push-wrapper.test.ts and add a conditional after the existing logging
that checks "$1" (the first arg) equals "sync" and exits with an error code
(and/or appends a clear error message to FAKE_PLAN_TO_GIT_LOG_PATH) when the
check fails.

In `@packages/lib/tests/core/templates.test.ts`:
- Around line 513-528: Replace the single-case test with a fast-check property
test that runs for all valid TemplateConfig instances: use the existing
arbitrary for TemplateConfig (e.g., templateConfigArbitrary) and write an
fc.assert(fc.property(templateConfigArbitrary, cfg => { const files =
planFiles(cfg); const gitignore = files.find(f => f._tag === "File" &&
f.relativePath === ".gitignore"); const dockerignore = files.find(f => f._tag
=== "File" && f.relativePath === ".dockerignore"); return
gitignore?.contents.includes(".agent-plan.json") &&
dockerignore?.contents.includes(".agent-plan.json"); })), ensuring you import
fast-check and the TemplateConfig arbitrary and keep references to planFiles and
the file-match logic (._tag and relativePath) intact so the test verifies the
ignore invariant for all generated configs.

---

Outside diff comments:
In `@packages/app/tests/docker-git/core-templates.test.ts`:
- Around line 66-90: Add a property-based test using fast-check that generates
random TemplateConfig instances and for each run renders the Dockerfile and
entrypoint (the existing variables checked as dockerfile.contents and
entrypoint.contents) and asserts the invariants currently hard-coded in the test
(e.g., presence of "cargo install ... plan-to-git", "/usr/local/bin/plan-to-git
--help >/dev/null", "make build-essential docker.io",
"docker_git_stop_playwright_browser()", "docker-git-browser-connection",
"plan-to-git sync", "plan-to-git hook --source codex", CODEX_REQUIREMENTS_FILE,
managed_dir and hooks entries, and the absence checks like
"docker-git-playwright-mcp" and "docker_git_start_rust_browser_connection"
etc.); import fast-check (fc), create an Arbitrary for TemplateConfig (or reuse
existing factory), call the template rendering function used by this test to
produce dockerfile.contents and entrypoint.contents, and replace or augment the
one-off assertions with fc.assert(fc.property(...)) so these invariants hold
across the generated TemplateConfig space.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: 24b19a0d-7c7e-4df3-819b-10cb1b9f5b8e

📥 Commits

Reviewing files that changed from the base of the PR and between fd45823 and 3341598.

📒 Files selected for processing (9)

• packages/app/src/lib/core/templates-entrypoint/git-hooks.ts
• packages/app/src/lib/core/templates.ts
• packages/app/src/lib/core/templates/dockerfile-prelude.ts
• packages/app/tests/docker-git/core-templates.test.ts
• packages/lib/src/core/templates-entrypoint/git-hooks.ts
• packages/lib/src/core/templates.ts
• packages/lib/src/core/templates/dockerfile-prelude.ts
• packages/lib/tests/core/git-post-push-wrapper.test.ts
• packages/lib/tests/core/templates.test.ts

📜 Review details

⏰ Context from checks skipped due to timeout of 900000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (9)

• GitHub Check: E2E (Clone cache)
• GitHub Check: E2E (Login context)
• GitHub Check: Test
• GitHub Check: E2E (Browser command)
• GitHub Check: E2E (OpenCode)
• GitHub Check: E2E (Clone auto-open SSH)
• GitHub Check: E2E (Runtime volumes + SSH)
• GitHub Check: Lint
• GitHub Check: Final build (windows-latest)

🧰 Additional context used

📓 Path-based instructions (8)

**/*.{ts,tsx}

📄 CodeRabbit inference engine (CLAUDE.md)

**/*.{ts,tsx}: Implement Functional Core, Imperative Shell (FCIS) pattern: CORE layer contains only pure functions with immutable data and mathematical operations; SHELL layer isolates all effects (IO, network, database). Strict dependency direction: SHELL → CORE (never reverse).
Never use any, unknown, eslint-disable, ts-ignore, or as type assertions (except in rigorously justified cases with documentation). Always use exhaustive union type analysis through .exhaustive() pattern matching.
All external dependencies must be wrapped through typed interfaces and injected via Effect-TS Layer pattern. Never call external services directly from CORE functions.
Use monadic composition with Effect-TS for all effects: Effect<Success, Error, Requirements>. Compose effects through pipe() and Effect.flatMap(). Implement dependency injection via Layer pattern. Handle errors without try/catch blocks.
All functions must be pure in the CORE layer: no side effects (logging, console output, IO operations, mutations). Separate all side effects into the SHELL layer.
Use exhaustive pattern matching with Effect.Match instead of switch statements. Example: Match.value(item).pipe(Match.when(...), Match.exhaustive).
Document all functions with comprehensive TSDoc including: @pure (true/false), @effect (required services), @invariant (mathematical invariants), @precondition, @postcondition, @complexity (time and space), @throws Never (errors must be typed in Effect).
Use functional comment markers for code clarity: CHANGE (brief description), WHY (mathematical/architectural justification), QUOTE(ТЗ) (requirement citation), REF (RTM or message ID), SOURCE (external source with quote), FORMAT THEOREM (∀x ∈ Domain: P(x) → Q(f(x))), PURITY (CORE|SHELL), EFFECT (Effect type signature), INVARIANT (mathematical invariant), COMPLEXITY (time/space).
Define all external service dependencies as Context.Tag classes with fully typed methods returning Effect types. Example: `class Da...

Files:

• packages/app/src/lib/core/templates.ts
• packages/lib/src/core/templates.ts
• packages/lib/src/core/templates/dockerfile-prelude.ts
• packages/app/tests/docker-git/core-templates.test.ts
• packages/app/src/lib/core/templates/dockerfile-prelude.ts
• packages/lib/tests/core/templates.test.ts
• packages/lib/src/core/templates-entrypoint/git-hooks.ts
• packages/app/src/lib/core/templates-entrypoint/git-hooks.ts
• packages/lib/tests/core/git-post-push-wrapper.test.ts

**/*.{ts,tsx,js,jsx}

📄 CodeRabbit inference engine (AGENTS.md)

**/*.{ts,tsx,js,jsx}: Forbidden constructs in CORE code: any, eslint-disable, ts-ignore, async/await, raw Promise chains (then/catch), Promise.all, try/catch for logic control, console.*, switch statements (use Match with .exhaustive() instead)
All functions must use Effect-TS for composing effects: Effect<Success, Error, Requirements>. No direct async/await, Promise chains, or try/catch in product logic.
Functional comments must include: CHANGE, WHY, QUOTE(ТЗ) or n/a, REF, SOURCE or n/a, FORMAT THEOREM, PURITY (CORE|SHELL), EFFECT signature for SHELL functions, INVARIANT, and COMPLEXITY.
All data mutations must use immutable patterns (ReadonlyArray, readonly properties, Object.freeze); mutation in SHELL only when absolutely necessary and documented.

Files:

• packages/app/src/lib/core/templates.ts
• packages/lib/src/core/templates.ts
• packages/lib/src/core/templates/dockerfile-prelude.ts
• packages/app/tests/docker-git/core-templates.test.ts
• packages/app/src/lib/core/templates/dockerfile-prelude.ts
• packages/lib/tests/core/templates.test.ts
• packages/lib/src/core/templates-entrypoint/git-hooks.ts
• packages/app/src/lib/core/templates-entrypoint/git-hooks.ts
• packages/lib/tests/core/git-post-push-wrapper.test.ts

**/*.{sh,bash,py,js,ts,jsx,tsx,go,java,rb,php}

📄 CodeRabbit inference engine (Custom checks)

Fail if changed files introduce command injection or unsafe shell/process execution with user-controlled input

Files:

• packages/app/src/lib/core/templates.ts
• packages/lib/src/core/templates.ts
• packages/lib/src/core/templates/dockerfile-prelude.ts
• packages/app/tests/docker-git/core-templates.test.ts
• packages/app/src/lib/core/templates/dockerfile-prelude.ts
• packages/lib/tests/core/templates.test.ts
• packages/lib/src/core/templates-entrypoint/git-hooks.ts
• packages/app/src/lib/core/templates-entrypoint/git-hooks.ts
• packages/lib/tests/core/git-post-push-wrapper.test.ts

**/*.{py,js,ts,jsx,tsx,go,java,rb,php,sh,bash,c,cpp}

📄 CodeRabbit inference engine (Custom checks)

Fail if changed files introduce path traversal or writes outside intended project/container state directories

Files:

• packages/app/src/lib/core/templates.ts
• packages/lib/src/core/templates.ts
• packages/lib/src/core/templates/dockerfile-prelude.ts
• packages/app/tests/docker-git/core-templates.test.ts
• packages/app/src/lib/core/templates/dockerfile-prelude.ts
• packages/lib/tests/core/templates.test.ts
• packages/lib/src/core/templates-entrypoint/git-hooks.ts
• packages/app/src/lib/core/templates-entrypoint/git-hooks.ts
• packages/lib/tests/core/git-post-push-wrapper.test.ts

**/*.{js,ts,jsx,tsx,py,java,go,rb,php,sh,bash,yml,yaml,json,env*,toml,cfg,config,dockerfile,dockerignore}

📄 CodeRabbit inference engine (Custom checks)

Fail if changed files expose credentials, tokens, private-keys, or PII in source, generated config, logs, or CI output

Files:

• packages/app/src/lib/core/templates.ts
• packages/lib/src/core/templates.ts
• packages/lib/src/core/templates/dockerfile-prelude.ts
• packages/app/tests/docker-git/core-templates.test.ts
• packages/app/src/lib/core/templates/dockerfile-prelude.ts
• packages/lib/tests/core/templates.test.ts
• packages/lib/src/core/templates-entrypoint/git-hooks.ts
• packages/app/src/lib/core/templates-entrypoint/git-hooks.ts
• packages/lib/tests/core/git-post-push-wrapper.test.ts

**/*

⚙️ CodeRabbit configuration file

**/*: Ты строгий ревьюер SPEC DRIVEN DEVELOPMENT.

Перед выводами изучи README.md, другие *.md файлы, linked issues,
PR description, PR comments/discussion и релевантную кодовую базу.

Сверь изменения с исходным ТЗ/спекой и обсуждением. Флагай любой уход
от спеки, недокументированное изменение поведения, отсутствие тестов
для заявленного поведения и security-риск. Если спека не видна,
попроси автора добавить ее в issue или PR description.

Проверь решение с точки зрения формальной верификации: какие инварианты,
предусловия и постусловия можно доказать математически, а где доказуемость
слабая. Оцени решение с точки зрения теории игр: устойчивы ли стимулы,
нет ли выгодного обхода правил, и какое решение было бы сильнее.

Files:

• packages/app/src/lib/core/templates.ts
• packages/lib/src/core/templates.ts
• packages/lib/src/core/templates/dockerfile-prelude.ts
• packages/app/tests/docker-git/core-templates.test.ts
• packages/app/src/lib/core/templates/dockerfile-prelude.ts
• packages/lib/tests/core/templates.test.ts
• packages/lib/src/core/templates-entrypoint/git-hooks.ts
• packages/app/src/lib/core/templates-entrypoint/git-hooks.ts
• packages/lib/tests/core/git-post-push-wrapper.test.ts

**/*.test.{ts,tsx}

📄 CodeRabbit inference engine (CLAUDE.md)

**/*.test.{ts,tsx}: Implement property-based testing using fast-check for mathematical properties and invariants. Example: fc.property(fc.array(messageArbitrary), (messages) => isChronologicallySorted(sortMessagesByTimestamp(messages))).
Mock external dependencies in unit tests using Effect's testing utilities. Run tests without Effect runtime for speed. Example: Effect.provide(MockService), Effect.runPromise.

Files:

• packages/app/tests/docker-git/core-templates.test.ts
• packages/lib/tests/core/templates.test.ts
• packages/lib/tests/core/git-post-push-wrapper.test.ts

**/*.{test,spec}.{ts,tsx}

📄 CodeRabbit inference engine (AGENTS.md)

Property-based tests (fast-check) must verify mathematical invariants; unit tests must use Effect test utilities without async/await.

Files:

• packages/app/tests/docker-git/core-templates.test.ts
• packages/lib/tests/core/templates.test.ts
• packages/lib/tests/core/git-post-push-wrapper.test.ts

🧠 Learnings (3)

📚 Learning: 2026-05-14T16:02:16.256Z

Learnt from: CR
Repo: ProverCoderAI/docker-git PR: 0
File: coderabbit-custom-pre-merge-checks-unique-id-file-non-traceable-F7F2B60C-1728-4C9A-8889-4F2235E186CA.txt:0-0
Timestamp: 2026-05-14T16:02:16.256Z
Learning: Applies to **/{Dockerfile*,docker-compose*.{yml,yaml},.dockerignore} : Fail if changed files introduce unsafe Docker configuration such as privileged containers, broad host mounts, unbounded Docker socket access, or unnecessary write permissions

Applied to files:

• packages/app/src/lib/core/templates.ts
• packages/lib/src/core/templates.ts

📚 Learning: 2026-05-13T07:10:13.213Z

Learnt from: CR
Repo: ProverCoderAI/docker-git PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-05-13T07:10:13.213Z
Learning: Applies to **/*.{test,spec}.{ts,tsx} : Property-based tests (fast-check) must verify mathematical invariants; unit tests must use Effect test utilities without async/await.

Applied to files:

• packages/lib/tests/core/git-post-push-wrapper.test.ts

📚 Learning: 2026-05-13T07:09:47.992Z

Learnt from: CR
Repo: ProverCoderAI/docker-git PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-05-13T07:09:47.992Z
Learning: Applies to **/*.test.{ts,tsx} : Mock external dependencies in unit tests using Effect's testing utilities. Run tests without Effect runtime for speed. Example: `Effect.provide(MockService), Effect.runPromise`.

Applied to files:

• packages/lib/tests/core/git-post-push-wrapper.test.ts

🔇 Additional comments (13)

packages/lib/tests/core/git-post-push-wrapper.test.ts (6)

28-28: LGTM!

---

221-221: LGTM!

---

263-263: LGTM!

Also applies to: 274-274, 300-300

---

315-320: LGTM!

Also applies to: 333-338, 352-357, 379-386, 434-437

---

388-403: LGTM!

---

405-421: LGTM!

packages/lib/src/core/templates/dockerfile-prelude.ts (1)

86-102: LGTM!

Also applies to: 104-115

packages/app/src/lib/core/templates/dockerfile-prelude.ts (1)

86-102: LGTM!

Also applies to: 104-115

packages/app/src/lib/core/templates.ts (1)

42-42: LGTM!

Also applies to: 54-54

packages/lib/src/core/templates.ts (1)

41-41: LGTM!

Also applies to: 53-53

packages/app/src/lib/core/templates-entrypoint/git-hooks.ts (1)

8-9: LGTM!

Also applies to: 141-157, 177-217

packages/lib/src/core/templates-entrypoint/git-hooks.ts (1)

8-9: LGTM!

Also applies to: 141-157, 177-217

packages/lib/tests/core/templates.test.ts (1)

210-213: LGTM!

Also applies to: 467-492

[skulidropek]

AI Session Backup

Commit: ac2aa6a
Status: success
Files: 7 (6.92 MB)
Links: README | Manifest

git status

On branch issue-369
Your branch is up to date with 'origin/issue-369'.

nothing to commit, working tree clean

[skulidropek]

Agent Plan Update

Branch: issue-369 at ac2aa6a.

1. Plan

Source: codex - Captured: 2026-06-04T14:34:40Z

Current container plan-to-git smoke test

1. Build or obtain the pinned plan-to-git binary for the current container without changing repository source.
2. Verify the current workspace plan stack before capture.
3. Capture this explicit plan through the Codex hook payload.
4. Sync the captured plan to the open pull request for branch issue-369.
5. Verify the pull request comment and local .agent-plan.json state.

[skulidropek]

Agent Plan Update

Branch: issue-369 at ac2aa6a.

1. Plan

Source: codex - Captured: 2026-06-04T09:21:11.600Z

Plan: Upload Agent Plans To PRs With plan-to-git

Summary

• Implement issue Добавить поддержку https://github.com/ProverCoderAI/plan-to-git #369 by installing plan-to-git in generated project containers and wiring it into Codex managed hooks plus the existing post-push flow.
• Source facts: issue asks for plans to be uploaded to PRs via plan-to-git; plan-to-git is a Rust CLI (v0.19.0, commit 06fe8bdf1d2e48a1f5a0218a3bb7af19e63deb5e) whose README says it captures <proposed_plan> / accepted plans and posts PR comments.

Key Changes

• In mirrored Dockerfile template code under packages/lib/src/core and packages/app/src/lib/core, install:
  cargo install --git https://github.com/ProverCoderAI/plan-to-git --rev 06fe8bdf1d2e48a1f5a0218a3bb7af19e63deb5e --locked --bins --root /usr/local
  and verify /usr/local/bin/plan-to-git --help.
• Add a generated managed Codex hook wrapper at /opt/docker-git/hooks/plan-to-git-codex-hook that respects DOCKER_GIT_SKIP_PLAN_TO_GIT=1 and runs plan-to-git hook --source codex.
• Generate /etc/codex/requirements.toml with [features].hooks = true, [hooks].managed_dir = "/opt/docker-git/hooks", and managed UserPromptSubmit + Stop hook entries pointing to that wrapper. Do not set allow_managed_hooks_only, so user/project hooks still work.
• Extend the existing post-push action to run plan-to-git sync after a successful non-dry-run git push, before session backup.
• Add .agent-plan.json to generated .gitignore and .dockerignore.

Public Interface

• New generated binary available in project containers: plan-to-git.
• New opt-out env var: DOCKER_GIT_SKIP_PLAN_TO_GIT=1.
• New generated local state file behavior: .agent-plan.json remains local-only and is ignored by git/docker build context.
• PR upload uses PR comments headed by ## Agent Plan Update; PR body is not edited.

Test Plan

• Update packages/lib template tests to assert Dockerfile install, managed Codex hook requirements, post-push plan-to-git sync, and .agent-plan.json ignore entries.
• Update packages/lib/tests/core/git-post-push-wrapper.test.ts harness with a fake plan-to-git binary and verify normal push runs sync, dry-run/failed push do not, and skip env disables it.
• Update packages/app/tests/docker-git/core-templates.test.ts to assert generated Dockerfile/entrypoint/ignore files include the new behavior.
• Run:
  rtk bun run --cwd packages/lib test -- tests/core/templates.test.ts tests/core/git-post-push-wrapper.test.ts
rtk bun run --cwd packages/app test -- tests/docker-git/core-templates.test.ts
rtk bun run typecheck

Assumptions

• plan-to-git PR comments are the intended meaning of “план загружался в PR”; no PR description editing is required.
• GitHub auth is already handled by docker-git’s existing gh setup.
• The current generated project image already has Rust/cargo during build, so a pinned git install is the minimal deterministic integration.

2. Plan

Source: codex - Captured: 2026-06-04T10:03:57.021Z

Keep plan-to-git Installed via Cargo

Summary

• Не добавлять GitHub binary release pipeline для plan-to-git сейчас.
• Использовать такой же delivery model, как у rust-browser-connection: сборка из pinned git revision во время generated Docker build.
• Автопубликацию бинарников отложить до отдельной оптимизации build time / image size.

Key Changes

• Оставить generated Dockerfile с:
  • cargo install --git https://github.com/ProverCoderAI/plan-to-git --rev <pinned-rev> --locked --bins --root /usr/local
  • проверкой /usr/local/bin/plan-to-git --help.
• Не менять release workflow в ProverCoderAI/plan-to-git.
• Не переводить docker-git на curl release asset, пока rust-browser-connection тоже собирается через Cargo.

Test Plan

• Проверить шаблон Dockerfile содержит cargo install для plan-to-git.
• Проверить generated entrypoint вызывает plan-to-git hook --source codex и plan-to-git sync.
• Прогнать existing targeted tests, typecheck, lint, CLI build.

Assumptions

• Приоритет сейчас: быстро и консистентно подключить загрузку плана в PR.
• Ускорение Docker build через prebuilt binaries будет отдельной задачей, лучше сразу для обоих Rust-инструментов: plan-to-git и rust-browser-connection.

[skulidropek]

AI Session Backup

Commit: d0b50a0
Status: success
Files: 7 (7.73 MB)
Links: README | Manifest

git status

On branch issue-369
Your branch is up to date with 'origin/issue-369'.

nothing to commit, working tree clean