#862
feat(clickhouse): tracked archive→CH backfill tooling (backfill.sql)
2h ago
#861
feat(clickhouse): idempotent DDL migration path for running prod (#859 deliverable 2)
2h ago
#860
chore(clickhouse): retire S3-backed v1 + s3 objects after #859 cutover
2h ago
#859
Decouple prod ClickHouse from S3 (drop storage_policy=s3_main) + add a DDL migration path
2h ago
#858
Epic #847 · Unit 6: Document the Mongo-vs-ClickHouse storage-architecture split in scoring.md
6h ago
#857
Epic #847 · Unit 5: ClickHouse materialized-view projections + atomic leaderboard read-flip + delete Mongo OLAP
6h ago
#856
Epic #847 · Unit 4: Stream confirmed grants into ClickHouse score_grants (ReplacingMergeTree)
6h ago
#855
Epic #847 · Unit 3: Migrate the 5 recompute contributions to per-event grants; delete the recompute path
6h ago
#854
Epic #847 · Unit 2: score_grants append-only ledger write-model in Mongo (shadow, no read flip)
6h ago
#853
Epic #847 · Unit 1: Land the ClickHouse projection foundation (schema + init SQL + compose service)
k4h ago
#852
Global skills should auto-sync when binary version advances
7h ago
#851
autoGc emits auto_gc_completed event on --json stdout, breaking single-parse consumers
8h ago
#850
Extension publish score is non-monotonic: yanking versions lowers a user's score
k6h ago
#849
Live Swamp Club event console on /feed — scrolling stream of all non-sensitive events
9h ago
#848
Docs: add --ws-idle-timeout to serve flags reference
s9h ago
#845
copy/rsync ignores transport extraOptions (and proxyCommand), unlike exec/script
s8h ago
#844
Remove feed comments — consolidate discussion in Discord
12h ago
#843
Make serve WebSocket idle/keepalive timeout configurable (untunable default aborts runs when serve's loop briefly blocks)
s9h ago
#842
Docs: update extension info reference with content metadata output
s10h ago
#841
serve startup time regression: synchronous catalog init delays WebSocket listener by ~4.5 minutes
s9h ago
#840
Expose run/job/step identifiers as SWAMP_* env vars + CEL values, and template placement selectors (extends #331's run.id)
12h ago
#839
fix: add .namespace.json to isInternalCacheFile() in datastore extensions
s16h ago
#838
docs: document swamp serve daemon enable/disable/status subcommands
s16h ago
#837
docs: document execution cancellation commands and cancelled status
s17h ago
#836
docs: document autoGc config option for automatic garbage collection
s18h ago
#835
Docs: document @env= and @file= webhook secret indirection in swamp-serve reference
s15h ago
#834
fix: datastore sync --push deletes the namespace registration manifest (canonical namespace flow un-registers itself)
s16h ago
#833
docs: bundled swamp agent skill lacks datastore-namespace guidance (giga-swamp)
s18h ago
#830
data query --select crashes on BigInt: "Do not know how to serialize a BigInt" when CEL size() reaches the JSON renderer
s23h ago
#829
Intra-namespace write concurrency: whole-index sync under the lock serializes fan-out workloads (split from shipped #666)
1d ago
#828
Telemetry recoverOrphaned startup race with multiple replicas (created_at-based)
1d ago
#827
Telemetry retry/failed path has the same non-atomic claim as #820
1d ago
#826
Batch / prefix delete for swamp data delete (single lock acquisition)
s18h ago
#825
Surface extension type+method detail in CLI to eliminate expensive discovery loops
s12h ago
#824
Skill guides lack progressive reveal boundaries — agents over-read by 4x
s1d ago
#823
Opt-in automatic garbage collection for datastore data
s1d ago
#822
UAT: swamp workflow evaluate/run with forEach dynamic workflowIdOrName targets
a1d ago
#820
Telemetry watcher has no replica coordination: N replicas double-process the same batch (non-atomic find→updateMany claim)
k1d ago
#819
Telemetry drain still capped ~80-100/s in prod: per-username full-history re-aggregate is O(users) sequential per batch (deferred #817 fix #4)
k1d ago
#817
Telemetry ingest is consumer-bound: counter & stats dedup via O(N) sequential insertOne, throughput stuck ~20 events/s regardless of BATCH_SIZE
k1d ago
#814
Resolve dynamic workflow task targets inside forEach
a1d ago
#813
Leaderboard and profile streak not reporting
s2d ago
#812
Same-namespace writers fully serialize on the per-namespace lock — could maintenance/append writes avoid holding it?
2d ago
#811
Could method-summary report artifacts get a default retention cap? They grow to dominate the datastore manifest
s1d ago
#810
Docs: update vault inspect output in manual reference
s2d ago
#808
Execution cancellation: abort stuck workflow runs and model method runs, bulk cleanup, and daemon-restart reaping
s1d ago
#807
Docs: document .? optional select for null-safe CEL data access
s2d ago
#806
Optional scheduled / automatic datastore GC (retention-policy-driven pruning)
1d ago
#805
Notify issue author/participants on ripples & status changes — with Discord bot DM as a delivery channel
13h ago
#804
Batch step 2 of enrichAuthorPlans (per-collective subscription reads)
2d ago
#803
Datastore should fail fast on unresolvable credentials instead of stalling on the AWS provider chain
s2d ago
#802
Add SWAMP CLUB wordmark logo next to sc-mark.png in TRADEMARKS.md
k1d ago
#801
Add SWAMP CLUB wordmark logo next to sc-mark.png in TRADEMARKS.md
2d ago
#798
pushChanged does not implement absence-on-disk deletion (markDirty contract rule #2)
s2d ago
#797
pushChanged does not implement absence-on-disk deletion (markDirty contract rule #2)
s2d ago
#792
Add `vault delete` support to @swamp/aws-sm extension
s3d ago
#791
Add `vault delete` support to @swamp/azure-kv extension
s3d ago
#790
Add `vault delete` support to @swamp/1password extension
s3d ago
#789
Leaderboard window baseline: 90-day cutoff zeroes returning-dormant users (latent, 0 impact today)
3d ago
#788
swamp data gc prunes the catalog but never deletes objects from S3 datastores (markDirty hook not wired) — sync manifest never shrinks
s2d ago
#779
SKILL.md Common Commands: model type search uses wrong command and syntax
s3d ago
#778
SKILL.md Common Commands: model create uses wrong @<type> prefix
s3d ago
#742
swamp issue bug times out posting to the Lab while swamp-club.com returns HTTP 200
s4d ago
#741
telemetry stats fatally fails to load an installed datastore extension (auto-resolve path); all other commands load it fine
s4d ago
#740
tf plan: FETCH_BUNDLE PAGE_FETCH_ERR / NO_STATES on cleanup-only plan (no resource changes)
5d ago
#739
Add deleteResource to MethodContext and document dataRepository.delete in skills
s5d ago
#738
Homebrew formula
5d ago
#737
Yank semantics inconsistent: all-versions-yanked acts as a free hidden/private extension; extension-level yank hard-blocks re-push
s4d ago
#736
Extension search returns edit-distance noise for short queries ("asdl" → "AWS DEADLINE")
5d ago
#734
workflow resume holds the global lock across the resumed step, deadlocking any datastore op the step performs
s5d ago
#732
Trajectory chart: current-day x-axis label is clipped at the right edge
s5d ago
#731
Telemetry not synced to swamp-club: local queue accumulating ~3 days despite valid auth
s5d ago
#730
extension pull serves a stale version that disagrees with search (honors a legacy per-extension serverUrl)
sBlocked5d ago
#729
serve --webhook usage string makes <header> look optional for generic scheme
s3d ago
#728
serve: webhook scheme not surfaced in startup event, health endpoint, or log line
s5d ago
#726
Slack webhook pre-body gate only checks signature header, not timestamp
s5d ago
#725
Dead code: verifySignature in webhook.ts superseded by verifier abstraction
s5d ago
#724
extension source: install skills from source-path extensions
s5d ago
#723
Data-driven webhook signature verifiers (avoid a code change + release per provider)
6d ago
#722
swamp.club extension view: multi-line code fence in manifest description renders each line as a separate inline code span
s5d ago
#721
remote-execution.md tutorial claims hello-world repo already has a vault configured, but it doesn't
s5d ago
#720
#welcome channel references "System Initiative" instead of "Swamp"
5d ago
#719
Docs: document trigger.inputs for scheduled/webhook workflows in the manual
k3d ago
#718
forEach with concurrency intermittently fails child workflow runs with 'Bad resource ID'
k6d ago
#717
Pass webhook payload to triggered workflow as inputs (CEL or path-based extraction)
k6d ago
#716
Support pluggable webhook signature verification schemes (Linear, Stripe, generic)
k6d ago
#715
Add macOS launchd integration for swamp serve
s1d ago
#714
Add workflow cancel command and stale-run reaping on daemon restart
2d ago
#713
Document model-method data-mutation surface (dataRepository.delete, findAllForModelSince, queryData)
s5d ago
#712
swamp repo upgrade should check git status and commit (or surface) the files it changes
s1d ago
#711
serve-auth: --server support for remaining remote-capable commands (phase 2)
s8h ago
#710
serve-auth: add --server support to data, model, workflow, vault, audit, summary, and report commands
s5d ago
#709
Replace third-party trademark symbol with Swamp Club (SC) mark in TRADEMARKS.md
k7d ago
#708
Eager render stack (Ink/yoga-layout + marked-terminal) adds ~540ms to every command's startup
s3d ago
#707
Docs: update Copilot how-to for audit hooks support
s5d ago
#706
No self-serve way to rename username (sntxrrgithub -> desired sntxrr) after GitHub SSO signup
7d ago
#705
Update Copilot support
s7d ago
#704
serve-auth: alias 'swamp access policy' as alternative to 'swamp access grant'
s7d ago
#703
serve-auth: add --server support to all read/query/operations commands
s7d ago
#702
serve-auth: SWAMP_SERVE_URL env var as default for --server flag
s3d ago
#701
Tutorial 'Publish an extension': examples hardcode @stack72 collective, breaks copy-paste publish step
s7d ago
#700
Support trigger.inputs for scheduled workflows
k6d ago
#699
Tutorial "Validate with a dry run" section shows stale extension push --dry-run output
s7d ago
#698
swamp serve: support auto-restart via macOS LaunchAgent or systemd
2d ago
#697
swamp data: accept named flags (--model/--name) instead of positional model/name args
s1d ago
#696
Tutorial extension search "entropy" zero-result example is now stale
s7d ago
#695
Extension dev workflow doc recommends `deno check` but deno isn't bundled or detected
s7d ago
#694
serve-auth: swamp access token rotate command
s7d ago
#693
Cron scheduler should re-evaluate workflow definition when source file changes
sBlocked2d ago
#692
Extensions should be able to declare required named model instances
7d ago
#691
Official @swamp/linear extension — first-class Linear API model type
7d ago
#690
serve-auth: swamp access can-i — user self-service permission check
s7d ago
#689
serve-auth: hard refusals for off-loopback without TLS or auth
s7d ago
#688
serve-auth: wire AccessDecisionService into serve chokepoints for authorization enforcement
s7d ago
#687
Allow referencing bundled workflows by name without UUID filename
s2d ago
#686
Bundled extension workflows should auto-register on install
s2d ago
#685
serve-auth: mode: token — server token authentication on WebSocket connections
s8d ago
#684
sensitive-arg guard rejects an all-vault.get() record/map as a "literal", blocking definition migration
s8d ago
#683
serve-auth: mandatory admin materialization from config at startup
s7d ago
#682
serve-auth: auth config schema and mode flag for swamp serve
s8d ago
#681
serve-auth: remote grant management via swamp access --server
s8d ago
#680
serve-auth: declarative grants file with startup reconciliation
s7d ago
#679
docs: swamp serve user guide
s3d ago
#678
serve-auth: swamp access CLI commands
s8d ago
#677
docs: TLS setup guide for swamp serve (direct and reverse proxy)
s8d ago
#676
Docs: add server-side TLS reference for swamp serve --cert-file/--key-file
s8d ago
#675
serve-auth: static TLS for swamp serve
s8d ago
#674
serve-auth: client-side server credential storage
s7d ago
#673
serve-auth: server token built-in model
s7d ago
#672
serve-auth: AccessDecisionService with in-memory policy snapshot
s9d ago
#671
Telemetry flush blocks command exit, adding ~1.2s p50 to every invocation
s9d ago
#670
serve-auth: sealed CEL grant-condition environment
s9d ago
#669
Private / org-scoped collectives with member ACLs
8d ago
#668
serve-auth: Group aggregate + built-in model
9d ago
#667
serve-auth: access bounded context — Grant, Group, and shared value objects
s9d ago
#666
Single __global__ datastore lock serializes unrelated writes across all repos/namespaces
s2d ago
#665
data gc --dry-run ignores the flag and performs a destructive GC
s9d ago
#664
Support epoch seconds as the version suffix to avoid push collisions
s8d ago
#663
Implement ephemeral data as in-memory repository
7d ago
#662
Design: serve authentication & authorization (TLS, OAuth, access control)
7d ago
#661
Private collectives
k8d ago
#660
extension push: adversarial-review report hash is platform-dependent (macOS vs Linux), so committed reviews never match a cross-OS runner
s10d ago
#659
Can't click on repository from swamp extension search.
s10d ago
#658
extension pull: detect ghost-row conflicts and suggest swamp doctor extensions
s10d ago
#657
`extension quality` false-positive bare-import detection on string literal "flexible"
s10d ago
#656
Remote Execution tutorial
s10d ago
#655
SQLite run tracker subsystem for in-flight run lifecycle
11d ago
#654
Honour AWS profile default region when 'region' globalArg is omitted
s11d ago
#652
swamp serve does not open the UI
12d ago
#651
Docs: document --compact flag for model type describe
s12d ago
#650
datastore setup migration relocates and deletes repo-root .swamp/secrets, breaking all local_encryption vault.get
s11d ago
#649
Registry content-type search filter can match versions absent from the displayed extension
s12d ago
#648
Docs: document reports.require failure semantics in the manual (unresolvable required report fails the run)
s12d ago
#647
Reports tab on extension page is non-functional
k13d ago
#646
vault read-secret mixes log output into stdout
s13d ago
#645
Resource-leak test failures on main: extension_rubric_scorer_test and worker_gateway_test
s12d ago
#644
Landing page clips the curl install command instead of rendering the full text
14d ago
#643
model delete --json output shape doesn't match the documented {deleted, modelId, modelName, artifactsDeleted}
s11d ago
#642
model search --json returns a bare model object instead of {query, results} when exactly one model matches
s11d ago
#641
Extension author gitignore guidance: add .swamp.yaml and CLAUDE.md to recommended excludes
12d ago
#640
reports.require in workflow YAML does not auto-execute pulled extension reports
k13d ago
#639
Yanked extension version still shown as active on swamp-club.com and in 'extension search'
s13d ago
#638
Add deprecate/yank/unyank actions for own extensions on the web interface
k14d ago
#637
Expose per-run memory/CPU metrics for method & workflow executions
15d ago
#636
model method run OOMs at 4GB V8 heap on long high-fan-out methods; non-configurable heap + crash leaves run stuck in "running"
sBlocked10d ago
#635
Tier-up announcements never fire for direct score contributions (badge awards, feed credits)
k13d ago
#633
Discord role sync never assigns lower leaderboard tiers (Swamp Baby / Muck Runt / Sludge Whelp)
k15d ago
#631
Docs: document globalArgument input reference validation in workflow validate
s15d ago
#630
Remote execution: UAT coverage for tokens, enrollment, and dispatch
15d ago
#629
Remote execution: comprehensive reference documentation
s11d ago
#628
doctor extensions: pulled-extension source files reported as orphans that --repair can't evict (nested @swamp/aws/* sibling mis-attribution)
s15d ago
#627
Channel-based publishing for local extension backports
15d ago
#626
Feature: make extension yank channel-scoped (--channel) so it doesn't nuke every channel
s15d ago
#625
swamp update --setup-auto does not work with bluefin44 (crontab not found, should
s15d ago
#624
Feature: demote / withdraw an extension version from the stable channel
s15d ago
#623
Docs: extension-publish skill guide doesn't cover release channels
s15d ago
#622
workflow validate: resolve model globalArguments expressions against the calling workflow's declared inputs
s7d ago
#621
Add a way to list registered report definitions (report search only lists results)
s15d ago
#620
Inconsistent resource-field accessor: data get returns content, data query and CEL use attributes
s15d ago
#619
Extension API: allow export const extension to add resource specs, or document that it cannot
s15d ago
#618
@swamp/aws/cloudformation: expose StackSet instances, drift, and operations (Cloud Control cannot)
s10d ago
#617
workflow validate: method args with a Zod .default() are treated as required
s15d ago
#616
Profile months overlap in trajectory
k16d ago
#615
model type describe --json: bloated output (40% duplicated specs, no compact mode) and lost method-to-output mapping drive agents to read extension source
s13d ago
#614
UAT: Release channel CLI and adversarial tests
s9d ago
#613
Docs: Add release channel documentation to the manual
s16d ago
#612
Test skill evals with Fable in multi-skill eval tests
s16d ago
#611
Guide users toward filing feature requests when @swamp extensions lack a needed capability
16d ago
#610
Guide users toward filing feature requests when @swamp extensions are missing features
s16d ago
#609
correcting capitlization of Swamp, Swamp Club, and The Swamp on the swamp-club.com website
k16d ago
#608
API: Add release channel support for extension versions (beta, rc, stable)
s16d ago
#607
Add @swamp/hetzner-cloud/server-types model for availability and project limits
s16d ago
#606
Resident/warm worker mode — `model method run` has ~6s fixed per-invocation overhead that rules out latency-sensitive use
s17d ago
#605
Issue submission returns wrong URL path
s17d ago
#604
Dynamic resource attribute refresh for model instances
17d ago
#603
`vault put` inside workflow steps still acquires global `.datastore.lock` after #382
s17d ago
#602
extension quality scorer mis-detects quoted phrases in comments as bare imports
s17d ago
#601
extension push: credentials-sensitive-field false positive when .meta({ sensitive: true }) is on a continuation line
s17d ago
#600
Local source-loading should discover a report co-located with its model in a paths.base:manifest extension
s17d ago
#599
extension push: optionally sync the published bundle to the manifest `repository:` (git mirror)
14d ago
#598
Add 'creek' extension kind for cross-querying external systems alongside swamp data
18d ago
#597
Docs: vault refresh hooks (--refresh-from, --refresh-ttl, --clear-refresh)
s18d ago
#596
Support CI-friendly adversarial review artifacts for extension push
s18d ago
#595
Deprecate "No slow types" (fast-check) rubric factor on server-side scorer
s18d ago
#594
Registry scorer fails on bare specifiers — mirror CLI fix from #505
s18d ago
#593
Official extension for GitHub repository configuration (environments, variables, secrets)
s17d ago
#592
Feature request: @swamp/tailscale extension
18d ago
#591
Option to change email in your Swamp Club profile or delete account
19d ago
#590
Docs: vault reference in manual promotes inline KEY=VALUE as primary example
s19d ago
#589
extension push error for disallowed file types doesn't mention binaries field
s19d ago
#588
swamp help extension omits yank and unyank (machine-readable CLI schema misses real subcommands)
s19d ago
#587
Extension model method execute lacks typed args/context — every author has to use ': any' to unblock tests
s19d ago
#586
@webframp/hashicorp-vault: empty KV engine causes 'data.data.keys is not iterable' on vault put
19d ago
#585
workflow resume fails to register all extension model types (local and pulled) — "Unknown model type"
s19d ago
#584
model method run: cannot pass arrays, numbers, or booleans via --input
s19d ago
#583
extension push --dry-run --json reports local helper imports as bogus model entries
s19d ago
#582
Extension source: direct-content export scan only reads first 64 KiB, silently drops exports beyond it
s20d ago
#580
Homepage install command: wrong domain and missing https:// protocol
s20d ago
#579
Homepage install command: wrong domain and missing https:// protocol
20d ago
#578
first-class refresh hook for short-lived vault values (gcloud / aws-sso / kubectl-oidc token UX)
s18d ago
#577
swamp issue ripple logged "Posted ripple on issue #514" but the ripple is not visible on the Lab
s20d ago
#576
vault guide promotes inline secret values (KEY=VALUE) as a primary "swamp vault put" example
s19d ago
#575
swamp-getting-started SKILL.md still references removed swamp-model / swamp-workflow / swamp-vault / swamp-extension / swamp-repo skills
s20d ago
#574
extension rm blocked by stale /workspace bundle_types rows from prior container sessions with host repo bind-mounted
s20d ago
#573
extension search returns null repository fields that extension info populates
s20d ago
#572
Quality rubric: scope "No slow types" for model extensions (consumed via model+CEL, not type imports)
s18d ago
#571
data get/list --workflow and workflow history get/logs cannot resolve extension-delivered workflows (Workflow not found)
s20d ago
#570
Docs: add doctor secrets and doctor vaults to the troubleshooting how-to guide
s21d ago
#569
UAT: sensitive resource output without vault produces clear pre-flight error
21d ago
#568
Docs: add doctor vaults subcommand and pre-flight vault validation
s21d ago
#567
gcs-datastore: registerNamespace does not detect conflicts with existing registrations
s21d ago
#566
Validate vault availability when model has sensitive output fields
21d ago
#565
Managed skills ship with dangling reference-doc links
s21d ago
#564
swamp-club: update skill references and CLAUDE.md after superskill consolidation
s21d ago
#563
swamp-uat: init_test.ts asserts old skill directory names after superskill consolidation
21d ago
#561
Codegen: auto-merge resources across GCP API versions instead of manual ADDITIONAL_VERSION_RESOURCE_FILTER
s21d ago
#560
fix: giga-swamp UAT failures — 9 bugs found during comprehensive testing
s21d ago
#559
fix: datastore setup extension with namespace config doesn't scope sync or register manifest
s22d ago
#557
fix: namespace set on default repo writes incomplete filesystem config (missing path)
s22d ago
#556
@swamp/1password put double-escapes JSON values
s21d ago
#555
feat: giga-swamp comprehensive UAT coverage
20d ago
#554
@swamp/kubernetes 2026.06.04.1 missing upgrade path from 2026.05.27.2
s22d ago
#553
@swamp/kubernetes ignores certificate-authority-data from kubeconfig for self-signed CAs
s22d ago
#552
Inconsistent failures in swamp doctor extensions (database is locked, bundle build failed)
s22d ago
#551
docs: giga-swamp user documentation — reference, how-to, and conceptual guide
s22d ago
#550
@swamp/gcp/iam missing serviceAccounts model type
s21d ago
#549
@swamp/ssh@2026.06.04.1 fails to load: bare zod import + missing 2026.06.04.1 upgrade entry
s22d ago
#548
feat: giga-swamp phase 7 — Data migration commands
s22d ago
#547
feat: S3/GCS extension namespace manifest support (registerNamespace/listNamespaces)
s23d ago
#544
Should be able to see all the issues I created by a filter "submitted by me"
s23d ago
#543
Ability to change the email address associated with my Swamp Club Account
s18d ago
#542
feat: giga-swamp phase 5 — CLI output + namespace management commands
s23d ago
#541
CI review jobs use two-dot diff that includes files the PR never touched
s18d ago
#540
paths.base: manifest is not honored for workflows: — bundled workflows only resolve from repo root, blocking self-contained subdir layouts (sibling to #459)
s23d ago
#539
Lab profanity filter rejects legitimate CLI flag tokens via substring match
s23d ago
#537
Add platform type to issue-lifecycle extension model Zod schema
s23d ago
#536
fix: datastoreSetupExtension() ignores namespace config on initial migration push/pull
s24d ago
#535
Remote execution: orchestrator/worker fan-out (replaces execution drivers)
a15d ago
#534
swamp datastore sync --push creates global .datastore-index.json ignoring namespace config
s24d ago
#533
feat: S3/GCS extension namespace-scoped sync support
s23d ago
#532
Copy explicitGlobalArgs before mutation in resolveOrCreateDefinition
s24d ago
#531
vault.get() expressions in extension model globalArguments are not resolved at runtime
s24d ago
#530
swamp-issue skill should scrub secrets and org-specific data before submission
s24d ago
#529
workflow validate: trim stale 'skipped' label from model_not_found warning
s24d ago
#528
Add pi coding agent support
24d ago
#527
hashicorp-vault should read token from env
25d ago
#526
swamp-extension adversarial review skill needs mandatory mechanical verification checklist
s23d ago
#525
feat: giga-swamp phase 6 — Namespace-scoped sync
s24d ago
#524
swamp workflow validate emits misleading "Extension failed to load" warning when type resolves locally
s25d ago
#523
Add issue search/list command to discover existing issues
s25d ago
#522
Support vault-resolved private key content in transport auth (not just file paths)
s25d ago
#521
Workflow engine resolves extension methods against base type, ignoring extension-registered methods
s25d ago
#520
Per-model LockTimeoutError at 60s causes cascading failures under concurrent access
s2d ago
#519
Persistent, queryable workflow runs (status / cancel from any shell)
25d ago
#518
swamp repo upgrade: ERR_SQLITE_ERROR 'attempt to write a readonly database' during extension catalog schema migration
s25d ago
#517
workflow validate: fail on references to unknown model instances (typo'd modelIdOrName)
s24d ago
#516
feat: giga-swamp phase 4 — CEL cross-namespace queries
s25d ago
#515
Docs: document the extension push adversarial-review gate
s25d ago
#514
vault://local_encryption token does not round-trip correctly for GCP OAuth2 access tokens
s18d ago
#513
swamp issue: add ability to edit issue title and body after submission
s25d ago
#512
@swamp/gcp/iam: add WIF pool, provider, service account, and binding support
s21d ago
#511
Support vault-sourced identity keys
s24d ago
#510
copy method reports success when scp exits non-zero (e.g. 255)
s25d ago
#509
Docs: TLS behind inspecting proxies / private CAs (system trust store, DENO_CERT, SSL_CERT_FILE)
25d ago
#508
Extension quality/adversarial-review: add a 'published-surface hygiene' check for real infra identifiers
s22d ago
#507
Feed-post scoring is a direct domain write, not a consumer of feed_post_approved telemetry
k17d ago
#506
workflow validate silently PASSES steps whose model type is a pulled extension (step-inputs skipped = false pass)
s25d ago
#505
extension quality fails to resolve bare specifiers — contradicts fmt no-import-prefix rule
s18d ago
#504
Allow global arguments in direct type execution (workflow fan-out)
s24d ago
#503
Bundled Deno does not honor the OS/system CA trust store
k26d ago
#502
Gator-approved feed post did not trigger Discord activity or profile points
k26d ago
#501
username_metrics projection backfill does not trigger re-scoring (stale UserScore for dormant users)
26d ago
#500
Enforce adversarial review gate before extension push
s25d ago
#499
support git forge / web namespaces for collectives
k27d ago
#498
Report type filtering in report search
k27d ago
#497
extension search: empty results from CLI despite known extensions
k27d ago
#496
workflow approve/resume cannot find suspended runs
s26d ago
#495
vault annotate --url fails with query params on @swamp/aws-sm
s26d ago
#494
datastore compact VACUUM fails with ERR_SQLITE_ERROR
s26d ago
#493
workflow approve/resume cannot find suspended run when using S3 datastore
s26d ago
#492
reindexByUsername re-strands pre-association history and wipes sign_in_dates
k18d ago
#491
Telemetry never retroactively credits a device's pre-association history
k26d ago
#490
Docs: document swamp doctor secrets in manual reference doctor.md
s28d ago
#489
Docs: document 'swamp workflow resume --input' in manual reference
s28d ago
#488
Cloudflare codegen: manifest version bumps on every regeneration (README not deno-fmt-clean)
s28d ago
#487
Support dynamic host discovery from external sources
s22d ago
#486
feat: giga-swamp phase 3 — Path resolver + per-namespace locking
s28d ago
#485
@swamp/ssh exec: string host selector only matches 'all', ignores host names and tags
s28d ago
#484
Add integration test for sensitive-arg guard on lazily-loaded extension types (follow-up to #480)
s28d ago
#483
Remediate existing definitions holding cleartext sensitive global arguments (follow-up to #480)
s28d ago
#482
Docs: document refusal of literal sensitive global arguments (follow-up to #480)
s28d ago
#481
Docs: update extension-trust reference for swamp-only default + lockfile version pinning (swamp-club#465)
s29d ago
#479
feat: giga-swamp phase 2 — Catalog schema v4 + repository interface
s29d ago
#477
Support for Custom CA's
k19d ago
#476
Cloudflare: support vault expressions for API credentials instead of env-var-only auth
s28d ago
#475
GCP: support vault expressions for credentials instead of env-var-only auth
s19d ago
#474
AWS: support vault expressions for credentials instead of env-var/SDK-chain-only auth
s20d ago
#473
DigitalOcean: support vault expressions for the API token instead of DO_API_TOKEN env var
s29d ago
#472
swamp model get does not redact `sensitive: true` fields (logs/reports/storage do)
s29d ago
#471
Support vault expressions for API token instead of env var
s29d ago
#470
UAT tests for manual_approval workflow commands
28d ago
#469
Document manual_approval workflow step type and suspend/approve/resume flow
s29d ago
#468
Stale extension bundles break after swamp upgrade
s29d ago
#467
Support --input flags on workflow resume for elevated permissions and runtime overrides
s28d ago
#466
Add HTTP approval endpoints to swamp serve for manual_approval steps
s24d ago
#464
feat: giga-swamp phase 1 — Namespace value object + config
s29d ago
#463
swamp serve scheduled workflows do not load repo extension registries
s29d ago
#462
ci: aws-check and gcp-check jobs take ~30min — rethink whether full model type-checking is needed per PR
s1mo ago
#461
swamp CLI: send user/device identity on extension-registry HTTP calls
j1mo ago
#460
Orphaned .swamp/ without .swamp.yaml marker is reported as plain 'Not a swamp repository' — partial/corrupt repo not detected
s1mo ago
#459
paths.base: manifest is not honored for skills: — bundled skills only resolve from repo root, blocking multi-extension repos
s29d ago
#458
swamp data gc does not remove physical version directories from disk
s1mo ago
#457
@swamp/aws/iam/role-policy: PolicyDocument schema says string but CloudControl expects JSONObject
s1mo ago
#456
Docs: update autoupdating how-to for Linux privileged schedulers
s1mo ago
#455
How-to: Define custom AI agent tools
s1mo ago
#454
Workflow-scope report execution fails with `rawType.trim is not a function`
s1mo ago
#453
version-drift check reads first `version:` literal, not export const model.version
s1mo ago
#452
Support privileged autoupdate schedulers for root-owned binaries on Linux
s1mo ago
#451
Docs: document LaunchDaemon autoupdate for root-owned macOS binaries
s1mo ago
#450
Support deepAgents CLI/SDK as a target agent
1mo ago
#449
macOS autoupdate LaunchAgent cannot update root-owned swamp binaries
s1mo ago
#448
Telemetry admin reindex endpoint is gated on a defunct @systeminit.com email domain — permanently 403
s1mo ago
#447
CLI telemetry forwards non-personally-resolvable identity for collective auth; distinct_id is per-machine, not per-repo
k1mo ago
#446
Telemetry ingest only resolves personal API keys — collective-token events are unattributed, identity_map under-claims
k13d ago
#445
extension update/pull deadlocks when the repo's datastore is the extension being updated
s1mo ago
#444
Docs: update datastore reference for lazy hydration, SyncContext, and SyncCapabilities
s1mo ago
#443
Default hydrationStrategy to lazy after soak period
18d ago
#442
Make GCP CRUD methods factory-aware so list-discovered resources can be managed in-place
29d ago
#440
Datastore: lazy hydration with metadata-only setup and transparent content download
s1mo ago
#439
Slim down extension search output now that extension info exists
s1mo ago
#438
exec fails on macOS: ControlPath exceeds 104-byte Unix socket limit
s1mo ago
#437
CSS effects on swamp.club (any page) cause high CPU
k1mo ago
#436
Datastore extensions: only write dirty partition files on push
s1mo ago
#435
Datastore extension benchmark suite for S3 and GCS
s1mo ago
#434
GCS datastore: dirty sidecar, partitioned index, content hashing, and scoped sync
s1mo ago
#433
Direct execution @type prefix fails for repo-local extension model types
s1mo ago
#432
Support GitHub username in swamp.club profile to fix PR attribution
k1mo ago
#431
dataRepository.getContent() fails in workflow-scope reports with 'type.toDirectoryPath is not a function'
s1mo ago
#430
--json output is polluted by non-JSON content, breaking machine parsing
s1mo ago
#429
Core repositories missing markDirty hook — scoped push only works on crash recovery
s1mo ago
#428
Add extension info command for registry metadata
s1mo ago
#427
Add extension transfer between collectives
28d ago
#426
Display extension deprecation state on swamp-club pages
s1mo ago
#425
Add extension deprecation support to CLI
s1mo ago
#424
swamp serve: extension bundle failure at startup is silently pinned, breaking scheduled workflows with permanent 'Unknown model type'
k1mo ago
#423
vault put and read-secret use asymmetric path parsing; slash-put creates unreadable items
s1mo ago
#421
Upgrade TUI graphics — better AI-generated ANSI or a Moebius hand-authored pipeline
1mo ago
#420
Add assertVaultAnnotationExportConformance to @systeminit/swamp-testing
1mo ago
#419
Add VaultAnnotationProvider conformance helpers to @systeminit/swamp-testing
s1mo ago
#418
Vault annotations: --note/--notes flag inconsistency and UX improvements
s1mo ago
#417
Docs: document VaultAnnotationProvider interface and extension opt-in pattern
s1mo ago
#416
Add VaultAnnotationProvider support to @swamp/1password
s1mo ago
#415
Add VaultAnnotationProvider support to @swamp/azure-kv
s1mo ago
#414
Add VaultAnnotationProvider support to @swamp/aws-sm
s1mo ago
#413
Harness detection invents env vars for kiro/opencode/codex
k1mo ago
#412
Annotating vault items should be a first-class swamp operation
s1mo ago
#411
workflow direct-execution inputs.* persist as globalArguments on auto-definitions and freeze on first run
s1mo ago
#410
workflow-scope report's dataRepository.getContent returns null for data written in the same workflow run
s1mo ago
#409
swamp-report skill references nonexistent `swamp model report` command
s1mo ago
#408
@swamp/digitalocean — add domain-records model for /v2/domains/{domain_name}/records
s1mo ago
#407
Docs: update extension scoring documentation for dependency-trust rubric factor
s1mo ago
#406
Warn when a ${{ }} secret expression is single-quoted in a command/shell run: script
s1mo ago
#405
Workflow validation should resolve modelType for direct-execution steps
s1mo ago
#404
dbcluster state schema is missing DBClusterMembers (writer/reader, instance class)
s1mo ago
#403
Add a list/discover method to dbcluster for enumerating clusters in a region
s1mo ago
#402
Add dependency-trust rubric factor to server-side scorer (RUBRIC_VERSION 3)
s1mo ago
#401
cloudidentity API calls fail with 'requires a quota project' — bundle doesn't send x-goog-user-project header
s1mo ago
#400
Improve idempotency match field heuristic for auto-generated name resources (tagKeys, tagValues)
s1mo ago
#399
@swamp/gcp/cloudresourcemanager/folders: create method has 5 blocking bugs (missing parent in body, LRO detection, post-LRO state, idempotency, projectId requirement)
s1mo ago
#398
Add IAM policy management (setIamPolicy/getIamPolicy) on cloudresourcemanager resources; add custom-role CRUD to @swamp/gcp/iam
s1mo ago
#397
@swamp/ssh exec method fails with 'ctx.createCelEnvironment is not a function'
1mo ago
#396
Extension decision order should prefer @swamp/community extensions over local types
s1mo ago
#395
Make wheelshop-style dependency trust-gating a core swamp feature
s1mo ago
#394
swamp repo <unknown-subcommand> silently inits a nested repo (e.g. `swamp repo update`)
s1mo ago
#393
Extension METHODS table truncates Method column; short names like apply/check wrap mid-word on /extensions/@swamp/ssh
s1mo ago
#392
swamp extension rm leaves empty <kind>-bundles/<hash>/ dirs behind
s1mo ago
#391
Pre-flight checks cannot access method arguments (check context omits methodArgs/unresolvedMethodArgs)
s1mo ago
#390
swamp audit record --from-hook creates a stray .swamp datastore in the process cwd instead of resolving the repo root
s1mo ago
#389
extension push publishes model files ending in _test.ts that no consumer can load
s1mo ago
#388
Docs: document --extensions-dir / SWAMP_EXTENSIONS_DIR for worktree workflows
s1mo ago
#387
No user feedback when model method run is waiting for lock acquisition
s1mo ago
#386
issue-lifecycle: thank external contributors when issues are resolved
s1mo ago
#385
Add swamp extension prune to clean up stale catalog entries
1mo ago
#384
identity_map row not updated when user renames
s1mo ago
#383
`swamp extension rm` leaves empty scaffold dirs behind
k1mo ago
#382
Many CLI commands acquire global .datastore.lock unnecessarily, causing 60s LockTimeoutError under any concurrent writer
s1mo ago
#381
swamp CLI commands fail silently or hang when invoked from git worktrees via SWAMP_REPO_DIR
s1mo ago
#380
Datastore: lazy hydration for fast cold-start on first clone
1mo ago
#379
S3 datastore: dirty sidecar, partitioned index, content hashing, and scoped sync
s1mo ago
#378
Datastore sync: add SyncContext and SyncCapabilities framework contracts
s1mo ago
#377
Terminal rendering breaks at large font sizes
s1mo ago
#376
Expose cel-js Environment to extensions for custom CEL evaluation
a1mo ago
#375
Add list/search as a factory method that produces many data artifacts (Drive files.list, gmail messages.list, etc.)
s1mo ago
#374
files.get returns only minimal fields (id, name, kind, mimeType) because no 'fields' query parameter is sent
s1mo ago
#373
ADC path uses wrong gcloud token store: 'gcloud auth print-access-token' instead of 'gcloud auth application-default print-access-token'
s1mo ago
#372
Docs: update doctor reference and autoupdate how-to for new doctor install subcommand
s1mo ago
#371
createModelTestContext: storedResources not used by readResource; readResource always returns null
s1mo ago
#370
swamp-vault skill documents 'swamp vault read' but correct subcommand is 'read-secret'
s1mo ago
#369
Add a manual_approval (pause) task type to workflow steps
s29d ago
#368
Autoupdate silently fails when swamp is installed system-wide via the official install.sh
s1mo ago
#367
Missing 'parent' field in GlobalArgsSchema for several @swamp/gcp/* models causes get to fail
s1mo ago
#366
bucket-policy GlobalArgsSchema requires Bucket and PolicyDocument, blocking workflow-YAML direct execution of get
s1mo ago
#365
Report execute throws are advisory: workflow marked succeeded, exit 0, AND report output is discarded
s1mo ago
#364
dataRepository.getContent rejects string type in production but docs and testing helper demonstrate strings
s1mo ago
#363
bucket-policy StateSchema.PolicyDocument declared z.string() but CloudControl returns it as a parsed object
s1mo ago
#362
Unified login input that detects email vs username by presence of '@'
k1mo ago
#361
Introduce `swampd`: long-running local daemon for shared cache, secrets, and extensions
1mo ago
#359
workflow validate: false "Missing required inputs" when method args are set in the model definition
k1mo ago
#358
CEL and vault expressions not evaluated inside nested globalArguments fields
s1mo ago
#357
@swamp/digitalocean: 30 of 33 model types fail with version mismatch error
s1mo ago
#356
Add first-class Kilo Code tool support
1mo ago
#355
Partitioned index for S3/GCS datastores (Phase 3)
1mo ago
#354
Per-path dirty tracking in S3/GCS datastore extensions (Phase 2)
s1mo ago
#353
Docs: update doctor extensions JSON reference to include warnings[] field
s1mo ago
#352
Doctor kind-completed events should carry correct per-registry status
1mo ago
#351
Surface type-extraction failures in doctor JSON output
s1mo ago
#350
Scoped sync and capability-gated concurrency for datastores (Phase 1)
s1mo ago
#349
Direct type execution fails for locally-defined extension types with pulled duplicates
s1mo ago
#348
Scaffold new extensions to publish-ready quality (12/12) by default
s1mo ago
#347
Add table width controls to swamp report get
s1mo ago
#346
Add a markdown output mode to `swamp report get`
s1mo ago
#345
Add a markdown output mode to swamp report get
1mo ago
#344
swamp.club: 'Mark all read' link doesn't clear unread count on /inbox
s1mo ago
#343
Official @swamp/ssh extension supporting multiple SSH transport styles
a1mo ago
#342
W7 — unify extension failure surfaces; collapse registries.failures[] into sourceDetails[]
s1mo ago
#341
Surface Tombstoned transitions in doctor extensions output
s1mo ago
#340
Distinguish validation-throw from bundle-throw in reconcile catch; surface ValidationFailed in sourceDetails
s1mo ago
#339
extension unyank needs -y/--yes flag for non-interactive use
s1mo ago
#338
Step key parsing in execution_service uses naive split(":") and silently truncates colon-containing step names
k1mo ago
#337
Workflow-scope report artifacts unreachable via `swamp data get --workflow`
k1mo ago
#336
Add --stdin support to method run and workflow run for Unix pipe composition
s1mo ago
#335
Docs: add run namespace to CEL expressions reference
s1mo ago
#334
Fix invalidate-then-reconcile sequencing in doctor extensions; failure-mode RowStates unreachable in sourceDetails
s1mo ago
#333
doctor extensions invalidateAll does not trigger fingerprint recheck for existing Indexed rows
1mo ago
#332
Extension failure recording has dual write paths (legacy buildIndex vs W3 reconcile)
1mo ago
#331
Expose workflow run ID in CEL so resource keys can be run-scoped
s1mo ago
#330
Add `swamp doctor workflows` subcommand to surface workflow YAML parse errors during preflight
s1mo ago
#329
Add 'swamp issue comment' command for updating existing issues
s1mo ago
#328
Close #327 — fixed in 20260511.160514.0-sha.9d03b09a
1mo ago
#327
Nested workflow task fails with 'Bad resource ID' when workflowIdOrName uses @collective/ prefix
s1mo ago
#326
Detect stale skill directories and prompt for repo upgrade
s1mo ago
#325
Improve skill trigger routing for cross-model edge cases
28d ago
#324
Add type search for driver, datastore, and report kinds
s1mo ago
#323
Surface ReconcileFromDisk dryRun transitions in swamp doctor extensions
1mo ago
#322
Docs: update doctor extensions reference for W6 aggregate-state rendering + repair flags
s1mo ago
#321
swamp issue: check if reporter is on an outdated binary before opening
s1mo ago
#320
Implement W6: swamp doctor extensions aggregate-state rendering + repair surface (extension catalog rearchitecture)
s1mo ago
#319
extension pull fails referencing removed source after extension source rm
s1mo ago
#318
Investigate whether allExtensionMethodsAttached guard can be removed via registration-path consolidation
s1mo ago
#317
Trace context is lost: CLI ignores inbound TRACEPARENT and raw driver doesn't propagate active context into in-process methods
s1mo ago
#316
swamp model create --global-arg KEY=VALUE doesn't coerce strings to z.number() schemas
s1mo ago
#315
swamp model create --global-arg KEY=VALUE doesn't coerce strings to z.number() schemas
1mo ago
#314
swamp issue get should rate-limit unauthenticated users instead of blocking
s1mo ago
#313
swamp issue get should not require authentication
s1mo ago
#312
telemetry: emit child entries for follow-up action method invocations
s1mo ago
#311
Publish release-candidate / unstable extension versions
s16d ago
#310
extension source rm leaves stale @local/. rows in catalog, blocking later pulls of registry types
s1mo ago
#309
extension push drops binaries: field from re-emitted archive manifest.yaml
s1mo ago
#308
macOS launchd autoupdate (club.swamp.autoupdate) silently fails — binary stays stale
s1mo ago
#307
Clicking @hivemq/honeycomb extension card on /extensions shows 'Something went wrong'
1mo ago
#306
Docs: Update model-definitions.md and workflows.md for direct type execution
s1mo ago
#305
Docs: document binaries manifest field in extension-manifest.md
s1mo ago
#304
Add an official @swamp/ssh extension for general-purpose SSH (brownfield-friendly)
1mo ago
#303
Accept and display binaries field from extension push metadata
s1mo ago
#302
Direct type execution: collapse model create + method run into one command
s1mo ago
#301
Per-method telemetry events for workflow runs
k1mo ago
#300
Workflow run liveness: orphaned 'running' records when originating CLI process dies mid-run
1mo ago
#299
Provide a CLI-shape primer for AI agents to reduce rediscovery overhead
s16d ago
#298
quality rubric: don't penalize extensions whose upstream constrains them to a single platform
s1mo ago
#297
Extension update rejects multiple .ts files extending the same target type within one local extension (regression)
1mo ago
#296
swamp extension push deadlocks when invoked from inside a swamp workflow step
s1mo ago
#295
Collective-scoped auth keys + OIDC federation for CI publishing
1mo ago
#294
forEach self.* in modelIdOrName not resolved in runtime execution path
s1mo ago
#293
Award leaderboard points for referrals and collective invites
1mo ago
#292
Add agent harness detection and AiTool to telemetry
k1mo ago
#291
Workflow-level runtime expressions (env.*, vault.*) not resolved in driverConfig — docker driver receives literal ${{ ... }} strings
j1mo ago
#290
Implement W5: Per-fingerprint import URLs + subprocess test harness (extension catalog rearchitecture)
s1mo ago
#289
swamp config set crashes with YAML serialization error
s1mo ago
#288
datastore compact: VACUUM fails in compiled binary (SQLITE_LIMIT_ATTACHED=0)
s1mo ago
#287
Repo-level version gating: minSwampVersion high-water mark for team consistency
17d ago
#286
Docs: document self.* expressions in modelIdOrName during forEach
s1mo ago
#285
Docs: How-to guide for background autoupdating
s1mo ago
#284
Manifest version bumps silently ignored for existing local extension aggregates
s1mo ago
#283
materialiseExtensions misclassifies pulled rows when manifest name collides with a pulled extension
s1mo ago
#282
Local extension edits don't reliably trigger rebundle
1mo ago
#280
Missing unique indexes on user.email and user.username allow duplicate users
k1mo ago
#279
Resolve self.* expressions in modelIdOrName during forEach expansion
s1mo ago
#278
discord-bot double-sends sign_up notifications
k1mo ago
#277
Discord bot sends duplicate signup notifications
1mo ago
#276
Add 'swamp workflow list' as alias for 'swamp workflow search'
s1mo ago
#275
Add 'swamp auth status' as alias for 'swamp auth whoami'
s1mo ago
#274
Extension bundle cache does not invalidate on source edits
s1mo ago
#273
extension pull fails on @local/.@0.0.0 phantom-claim collision when local repo has its own extension
s1mo ago
#272
Lab search by numeric issue ID returns no results
s1mo ago
#271
W3 sourceToRow writes empty source_mtime — should carry filesystem mtime through Source entity
s1mo ago
#270
Warm-start rebundleAndUpdateCatalog should respect terminal RowStates set by reconcile
1mo ago
#269
Implement W4: KindAdapter + unified loader (extension catalog rearchitecture)
s1mo ago
#268
Docs: add vault read-secret command to reference manual
s1mo ago
#267
Extension layer garbage collection: prune catalog rows + evict orphaned bundles
1mo ago
#266
Docs: document workflow concurrency limits in reference manual
s1mo ago
#265
Locally-sourced extension: source_mtime updates without regenerating stale bundle
s1mo ago
#264
Extension push: allow shipping executable host helpers (bin/mudroom blocker)
s1mo ago
#263
Vault expressions silently deliver __SWAMP_VSEC__ sentinels under the docker driver
s1mo ago
#262
First-class shell-shim support for extensions, with registry-level visibility
1mo ago
#261
Local extension model bundles don't rebuild when source changes (no rebuild CLI; manual cache delete breaks the runner)
s1mo ago
#260
Configurable concurrency limits for workflow fan-out (forEach, parallel jobs/steps)
s1mo ago
#258
feat(security): redact sensitive method arg values from audit log
s1mo ago
#257
docs: document swamp datastore compact and GC WAL behaviour
1mo ago
#256
UAT: swamp datastore compact reclaims WAL and catalog space
1mo ago
#255
Plan v4 step 9 literal test untestable under current catalog PK semantics
1mo ago
#254
Cross-process concurrency stress for W2 lifecycle services
s1mo ago
#253
UAT additions for W2 lifecycle services (Install/Remove/Upgrade)
1mo ago
#252
Implement W3: ReconcileFromDisk + freshness-as-aggregate-query (extension catalog rearchitecture)
s1mo ago
#251
doctor extensions repair: clean catalog-only orphans
1mo ago
#250
Extensions should be able to ship Claude Code skills
s1mo ago
#249
Pre-existing TOCTOU windows in YAML repo walkers (findAll directory level + findById)
s1mo ago
#248
`swamp datastore setup` migration is not resumable / leaves the repo in a partial state on failure
s1mo ago
#247
Built-in models must honor AbortSignal so --timeout works in practice
s1mo ago
#246
Reader-lock or lock-free read path for data list/get/search/query
s1mo ago
#245
data search: surface jobTag alongside workflowTag and stepTag (follow-up to #237)
s1mo ago
#244
global-arg silently strips unknown keys; should reject via strict Zod schema
s1mo ago
#242
redmine extension: adopt state machine patterns from @magistr for agent-driven workflows
1mo ago
#241
performance degrades significantly with large SQLite catalog
s1mo ago
#240
summarise: timeout/hang on repos with many workflow runs
s1mo ago
#239
extension quality/fmt fail on pulled extensions (path mismatch)
s1mo ago
#238
vault: add read-secret CLI command for agent-driven secret retrieval
s1mo ago
#237
data query: stepName and jobName fields always empty in CEL results
s1mo ago
#236
Extension ecosystem: shared utility library, version sync tooling, and HTTP resilience patterns
s1mo ago
#235
Agentic CLI improvements: --json stdout isolation, array inputs, and --repo-dir consistency
s1mo ago
#234
data delete fails with "Directory not empty (os error 39)" when concurrent writes are active
s1mo ago
#233
Extract LockfileRepository (W2 prequel for swamp-club#231)
s1mo ago
#232
Extend DatastoreSyncService.markDirty() with optional relPath argument
k1mo ago
#231
Implement W2: Lifecycle services own the catalog write (extension catalog rearchitecture)
s1mo ago
#230
data·delete logger double-quotes the data name in log output
s1mo ago
#229
DDD: refactor data services to depend on domain-side ports instead of infrastructure types
s1mo ago
#228
Detect AWS CredentialsProviderError in @swamp/aws-sm-vault and prepend SSO-expiration hint
s1mo ago
#227
Opt-in background autoupdate for the swamp binary (configurable cadence + risk tolerance)
s1mo ago
#226
Detect AWS CredentialsProviderError in summarizeSyncError and prepend SSO-expiration hint
s1mo ago
#225
S3 datastore hydrate has no fallback for buckets without .datastore-index.json
s1mo ago
#224
S3 datastore stale-lock retry loop never evicts orphan locks left by swamp processes that panic at shutdown
s1mo ago
#223
Implement W1b: Repository and RowState (extension catalog rearchitecture)
s1mo ago
#222
Redundant push after pullChanged: localMtime clobbered by pullIndex(forceRemote)
s1mo ago
#221
Docs: update datastore-configuration manual after #220 setup-hydration fix lands
s1mo ago
#220
workflow run search returns empty after S3 datastore setup, despite run YAMLs in datastore
s1mo ago
#219
CLI crashes with exit 134 (Rust panic in tls_wrap.rs) after successful command output
s1mo ago
#218
S3 datastore global lock enters infinite stale-lock loop after interrupted workflow
s1mo ago
#217
swamp-extension-model skill: include description field in upgrades quickref
s1mo ago
#216
swamp-extension-model skill: include field in upgrades quickref
1mo ago
#215
Adversarial UAT test: missing cached bundle with intact catalog should self-recover
1mo ago
#214
Port importBundleByPath ENOENT fallback to datastore/driver/vault/report loaders
1mo ago
#213
`swamp datastore setup` (filesystem→S3 migration) panics in deno Node TLS layer mid-migration
1mo ago
#212
swamp model type describe fails with 'No such file' instead of rebundling when bundle is missing
k1mo ago
#211
Implement W1: Repository and RowState (extension catalog rearchitecture)
s1mo ago
#210
feat: swamp extension verify — opaque extension-lifecycle verification primitive
1mo ago
#209
Schema-invalid extensions loop in rebundle path: catalog row never updates after first failed validation
s1mo ago
#208
swamp model type search is slow (~8s) and re-bundles all extensions on every call
s1mo ago
#207
Per-extension layout migration drops Claude skill from @magistr/good-planning
s1mo ago
#206
swamp extension outdated crashes on empty repo (Stream ended...)
s1mo ago
#205
Docs: extension install/pull/update sync-to-manifest behaviour
1mo ago
#204
Add process-level install lock around installExtension
s1mo ago
#203
Docs: extension commands reference
s1mo ago
#202
swamp extension install/pull does not prune source files dropped between versions, causing catalog to re-index orphans
s1mo ago
#201
Catalog retains stale source-file entries when extension version drops a file; no native prune/repair
1mo ago
#200
Document and surface a native cache-refresh path so agents stop doing cache surgery
1mo ago
#199
swamp should warn when installed extensions are outdated
s1mo ago
#198
Catalog retains stale source-file entries when extension version drops a file; no native prune/repair
1mo ago
#197
Document and surface a native cache-refresh path so agents stop doing cache surgery
1mo ago
#196
swamp should warn when installed extensions are outdated
1mo ago
#195
Skill/prompt guidance: prefer the bundled deno when no system deno is on PATH
s1mo ago
#194
Vault backend backed by GitHub Actions Secrets (read via gh token)
s1mo ago
#193
Re-enable Windows tests as deno compile for Windows lands
1mo ago
#192
swamp-club extension card no longer exposes @ns/slug as contiguous text
k1mo ago
#191
Docs: multi-tool repo support
s1mo ago
#190
swamp vault: vendor-specific annotations (e.g. 1Password notesPlain, tags, custom fields)
1mo ago
#189
swamp model method run: --foreach to fan out across instances
1mo ago
#188
swamp workflow validate: actionable error messages and template scaffolds
1mo ago
#187
swamp CLI cold-start latency (~5–7 s per invocation) compounds in workflows that shell out
1mo ago
#186
Workflow tasks should support ephemeral model instances (modelType + globalArgs) so workflows are zero-prereq
1mo ago
#185
CEL expression evaluator throws 'Unhandled node type: string'
s1mo ago
#184
cli: agents need to add ripples (comments) to issues via the CLI
s1mo ago
#183
quality: models and additionalFiles paths resolve relative to different directories
s1mo ago
#182
quality: has-readme/has-license miss additionalFiles in subdirectories
s1mo ago
#181
Add swamp data delete command to remove a data artifact by model and name
s1mo ago
#180
add `swamp doctor extensions` subcommand for on-demand extension load diagnostics
s1mo ago
#179
AI agent skipped adversarial review step before smoke testing extension code
s1mo ago
#178
Better Auth rejects requests on hostnames not in hardcoded trustedOrigins (signup/signin broken on non-canonical hosts)
k2mo ago
#177
Local extension models in extensions/models are not discovered in fresh repo tutorial flow
s1mo ago
#176
ticket 1138 not clear - can we still use github?
2mo ago
#175
Drag Windows into the Swamp
s1mo ago
#174
Add `swamp extension test` command to run built-in extension tests with coverage
1mo ago
#173
swamp repo init --tool kiro does not create .kiro/settings/cli.json
s1mo ago
#172
Support multi-agent repo initialization (multiple --tool targets)
s1mo ago
#171
CLI dumps 300-line Cliffy Command object on unknown flags / subcommands
s2mo ago
#170
Docs: repository-configuration.md missing defaultDriver / defaultDriverConfig
ks1mo ago
#169
Server-side parse query params on /lab/all so refresh preserves multi-filter URLs
k1mo ago
#168
fast-path sidecar TOCTOU: post-op HEAD can record generation from a concurrent writer's push, masking their data on next sync
s2mo ago
#167
Scorer should honour files/deno.json imports so bare specifiers resolve
s2mo ago
#166
@swamp/gcs-datastore: same minutes-slow zero-diff sync cliff as lab/164; mirror fingerprint fast path
s2mo ago
#165
cleanup for repoDriver
kj4d ago
#164
swamp datastore sync is minutes-slow at 4k-file scale even with zero-diff; outer 300s timeout fires
s2mo ago
#163
swamp-extension-publish skill: add quality rubric check before push
s2mo ago
#162
New @swamp extension: extension quality rubric checker for CI
s2mo ago
#161
swamp-extension-quality and swamp-extension-publish skills don't guide zod import map resolution for scorer
s2mo ago
#160
swamp repo upgrade deletes extension model source files
s2mo ago
#159
Add repo-level `defaultDriver` to `.swamp.yaml`
k2mo ago
#158
User report extensions registered lazily are silently skipped during method execution
s2mo ago
#157
swamp extension install: datastore push hangs ~8.5m then crashes with Deno TLS panic (tls_wrap.rs:1918 unwrap on None)
s2mo ago
#156
Add a preflight diagnostic for AI-tool audit integrations (so upstream CLI changes stop breaking us silently)
s2mo ago
#155
audit record --from-hook silently drops input from kiro-cli postToolUse hooks
16d ago
#154
codegen pipelines don't detect _lib/*.ts changes so manifest CalVer never bumps
2mo ago
#153
Link to namespace extensions listing from profile pages
s2mo ago
#152
Trailing slash on /extensions/@<namespace>/ returns 404
s2mo ago
#151
No way to browse all extensions belonging to a collective by URL
s2mo ago
#150
DatastoreProvider.resolveCachePath declared optional but silently required at runtime
s2mo ago
#147
Accept-invite link returns HTML instead of JSON, breaking collective join
s2mo ago
#146
additionalFiles flatten to basenames on push and lack a runtime access API, creating a source-vs-pulled layout mismatch
s2mo ago
#145
Extension search returns inflated results for quoted phrase queries
s2mo ago
#144
Docs: document jsr:/https: imports and non-local pinning convention in user-facing manual
s2mo ago
#143
First-class jsr: specifier support in extension bundler
s2mo ago
#142
Cross-extension code sharing via manifest exports field
2mo ago
#141
Extension models: document/resolve implicit-any in execute parameters when imported by test files
s2mo ago
#140
extension yank: allow unyank and version-specific yanks
s2mo ago
#139
extension source add does not discover brand new types — only overrides already-pulled types
s2mo ago
#138
Add light mode to swamp.club and swamp open UI
1mo ago
#137
Add 'swamp open' command to open the swamp.club web UI
1mo ago
#136
Add light mode to swamp.club website
1mo ago
#135
Datastore sync surfaces opaque errors from extensions verbatim — no status code or body preview
s2mo ago
#134
@swamp/s3-datastore: first-attempt 403 masked as "UnknownError" from AWS SDK deserializer
2mo ago
#133
Extension auto-resolve reports "already_installed" for truncated pulled-extension trees
2mo ago
#131
Email delivery for mention notifications
1mo ago
#130
Auto-update WARN is silent in --json mode (logger suppresses non-fatal)
s2mo ago
#129
open.ts web UI uses force:true pullExtension, same data-loss family as #126
s2mo ago
#128
Port bundle_freshness (content-fingerprint cache invalidation) to reports / drivers / datastores / vaults loaders
s2mo ago
#127
Mentions and notifications system for issues
s2mo ago
#126
Datastore auto-update in resolve_datastore.ts uses force:true, risking silent overwrite of local edits
s2mo ago
#125
Per-repo user-extension bundle cache doesn't invalidate on source changes
s2mo ago
#124
Adding methods to in-body `methods:{}` on `export const model` doesn't re-register
s2mo ago
#123
User extensions silently dropped when base type not yet registered at scan time
s2mo ago
#122
Footer floats when page content is shorter than viewport
s2mo ago
#121
workflow validate can silently overwrite local edits to pulled extensions via force-pull in auto-resolver
s2mo ago
#120
Extension pull should namespace files by extension to prevent filename collisions
s2mo ago
#119
Update CLAUDE.md co-author instructions to use swamp-club issue author lookup
s1mo ago
#118
Add swamp issue get CLI command to fetch issue details
s1mo ago
#117
swamp-club API: include issue author in GET /api/v1/lab/issues/{number} response
s2mo ago
#116
Install command curl-pipe-sh overflows the component on swamp.club homepage
s2mo ago
#115
'Assigned to me' overlaps 'Privacy policy' on short viewports
s2mo ago
#114
Collapsible left rail and repositionable right rail in Lab
k2mo ago
#113
Usernames aren't linked to their profile pages
k2mo ago
#112
Filter lab issues by author (opened by user)
k2mo ago
#111
Add skills extension type for bundling agent/human guidance documents
s2mo ago
#110
Remove traffic lights in column 2 of /lab
ks2mo ago
#109
Multi-select combo filtering on /lab
k2mo ago
#108
data gc skips version-count GC when no lifetime-expired data exists
k2mo ago
#107
Content filter should identify the flagged word or phrase
k2mo ago
#106
Bog flow: text rendering and layout issues
k2mo ago
#101
Flow modal: text rendering issues
k2mo ago
#99
Normalize text sizing across issue list and detail views
k2mo ago
#98
Description 'Show more' button appears even when text fits
k2mo ago
#97
Inline editing: click-to-edit fields instead of pencil icons
ks2mo ago
#96
Persist lab filter selection in localStorage
k2mo ago
#95
Update how-to guide with swamp-extension-publish skill
s2mo ago
#94
Fix incorrect favicon in Google search results
2mo ago
#93
Missing section on user profile page for wendy
s2mo ago
#92
Extension skills missing repository initialization and publishing prerequisites
s2mo ago
#91
Vault CEL expressions replaced with VaultSecretBag sentinels after model type upgrade
k2mo ago
#90
Audit: modelRegistry.get() without ensureTypeLoaded() in YAML repository save() paths
s2mo ago
#89
Cross-model expression validator fails on lazy-loaded types — modelRegistry.get() bypasses ensureTypeLoaded
2mo ago
#88
forEach.in with data.latest() throws misleading 'got: object' error for unresolved Promise
s2mo ago
#86
issue-lifecycle models should support --assignee for swamp.club issues
s2mo ago
#85
Driver capability registry: declare richer execution capabilities at driver design time
s1mo ago
#84
Consolidate MethodReportContext construction — manual and workflow report paths build contexts divergently
s2mo ago
#83
Workflow-level workspace for docker driver: stateful multi-step workflows
s1mo ago
#82
"OG Swamper" badge inconsistent
k2mo ago
#81
Workflow-scope user extension reports don't execute: getAll() excludes lazy-loaded reports
s2mo ago
#80
Improve skill trigger routing accuracy across models
s2mo ago
#66
Add GitHub Copilot IDE support
s2mo ago
#65
Phase 1: /feed — judge-gated content stream
k2mo ago
#64
Add reactions and Giphy integration to comments
2mo ago
#63
Architecture violation: search route imports directly from lib/infrastructure
s2mo ago
#62
Introduce domain events to formalize the telemetry-to-consumer pipeline
2mo ago
#61
Refactor: move telemetry track() calls from route handlers to application services
s2mo ago
#59
Reindex path feeds error events to consumer, bypassing filtering
s2mo ago
#58
Custom swamp-themed avatar generator with daily rerolls
1mo ago
#57
Profile content links with scoring for community contributions
2mo ago
#56
Score extension pull events for extension authors
s2mo ago
#55
Score daily sign-in events with streak multiplier
s2mo ago
#54
Score sign_up events in the telemetry pipeline
2mo ago
#53
Score extension publish events in the telemetry pipeline
s2mo ago
#52
Add 'award' telemetry event type for arbitrary score grants
1mo ago
#51
Bug: authenticated pulls always shows 0 on profile page
2mo ago
#50
Decouple identity_map from main app: username renames via event, not shared DB
2mo ago
#49
Optimise MongoDB Search Queries
2mo ago
#48
Transactional emails on login with google/similar
2mo ago
#47
Add rate limiting to send-verification-email endpoint
2mo ago
#46
Add authentication or rate limiting to check-verified endpoint
2mo ago
#45
swamp data query for morning-message in hello-world tutorial returns nothing.
a2mo ago
#44
Document vault migrate command in reference docs
s2mo ago
#43
Locks on long running actions
2mo ago
#42
issue-lifecycle skill: improve resumption and close-out guidance
s2mo ago
#41
deprovision: firewall deletion fails with resource_in_use immediately after server delete
s2mo ago
#40
swamp workflow validate should check step inputs against method's required arguments
s2mo ago
#39
data.latest() returns null when new data written while _catalog.db is already marked populated
a2mo ago
#38
Bundle cache fallback silently skipped when source and bundle have equal mtimes
s2mo ago
#37
Add vault migrate command to move secrets between vaults
s2mo ago
#35
Consolidate method execution paths — workflow steps and manual runs build MethodContext divergently
k2mo ago
#33
CatalogStore constructor runs createSchema before migrateIfNeeded; v1→v2 upgrade fails on existing repos
a2mo ago
#32
discord-bot poller double-processes events with >1 replica
2mo ago
#31
datastore sync: clean up zombie _catalog.db* entries from remote index and S3 bucket
2mo ago
#30
datastore sync --push runs pushChanged() twice per invocation (coordinator dedup)
2mo ago
#29
datastore sync --push fails on _catalog.db-wal: catalog SQLite DB lives inside the S3 sync cache
2mo ago
#28
.swamp/datastore-bundles/ leaks into deno lint and deno fmt scans
2mo ago
#27
deno run audit task missing --allow-env flag
2mo ago
#26
Error when submitting a new issue manually
2mo ago
#25
Green text on issue details is a lot
2mo ago
#24
evals/promptfoo: bump hono and @hono/node-server to clear 6 dependabot alerts
2mo ago
#21
issue-lifecycle: COMMENTED PR review can overwrite a prior decisive state in fetchPrReviews
2mo ago
#20
Add agent-constraints/ for issue-lifecycle skill
2mo ago
#19
@swamp/aws/ec2: auto-generated models lack list, tag, and factory-compatible update methods
2mo ago
#18
@swamp/digitalocean/space-key stores secret in plaintext - should mark as sensitive
2mo ago
#17
Add Azure provider pipeline to codegen
1mo ago
#16
feat: Namespace.so execution driver for remote workload execution
2mo ago
#15
Add macOS Keychain vault type
2mo ago
#14
Add uniform bucket-level IAM support to @swamp/gcp/storage
s1mo ago
#13
Expand DataRecord with first-class provenance fields; remove all hidden scoping from data access
a2mo ago
#12
feat: Private extensions
29d ago
#11
Workflow execution repeats #1091: cross-model CEL expression validation fails for unresolved types
s2mo ago
#10
context.readModelData returns different results depending on invocation context (manual vs workflow)
s2mo ago
#9
Handle sensitive fields gracefully when no vault is configured
s19d ago
#8
Vault reads for model global arguments are cached at workflow start, making in-workflow token refresh ineffective
2mo ago
#7
feat: approval gates for workflow steps and jobs
2mo ago
#6
Install script: curl fails TLS verification for swamp.club (certificate chain)
2mo ago
#5
Extension Patches: contribution workflow for community extensions
1mo ago
#4
Feature: swamp issue for extensions — bug reports, security disclosures, and author notifications
s2mo ago
#3
Support 'swamp <app> run' as containerized entrypoint for easy onboarding
1mo ago
#2
Persistent runner / server mode to eliminate per-invocation CLI startup overhead
2mo ago
#1
feat: add support for Nix via a flake
s1d ago
← Back to list6/17/2026, 10:21:36 PM
01Issue
FeatureClosedSwamp CLI
Assigneesstack72
Relationships
↑ child of #662#670 serve-auth: sealed CEL grant-condition environment
Opened by stack72 · 6/17/2026
Parent
Sub-issue of #662 (serve authentication & authorization). Layer 1, item 3.
Summary
Add a third CEL surface — the grant-condition environment — for evaluating conditions attached to authorization grants. This environment is permanently sealed: no I/O, no extension registrations, no data/vault/env/file receivers. A condition is a pure function over (resource fields, principal context) that returns a boolean.
This is the foundation the AccessDecisionService (layer 1, item 4) will use to evaluate conditions like `tags.env == "staging"` or `owner.createdBy == principal.sub`.
Context: existing CEL surfaces
swamp has two CEL surfaces today, both in `src/infrastructure/cel/cel_evaluator.ts`:
- Internal surface (`CelEvaluator` class) — used in workflow conditions, data queries, definition evaluation. Has `file.`, `data.`, `model.`, `vault.`, `env.*` namespace receivers. Full I/O.
- Extension-author surface (`createExtensionCelEnvironment()`) — baseline with mixed-type arithmetic overloads only. Extensions register their own functions. No swamp internals.
The grant-condition environment is a third surface — neither of the above. It must NOT be added to the internal `CelEvaluator` class (which has I/O receivers) or the extension baseline (which is for extension authors). It is its own factory function.
What to build
Factory function
A new function (e.g., `createGrantConditionEnvironment()`) in the cel infrastructure that returns a cel-js `Environment` configured with:
Resource fields (flat, no wrapper object) — matching the `data.query()` predicate style where fields are bare:
- Workflow resources: `name`, `tags`, `collective`
- Model resources: `type`, `collective`
- Data resources: `name`, `ns`, `tags`, `owner`
- Access resources: `name`
These are the fields a condition can reference when the grant targets that resource kind. Example: a grant on `workflow:@acme/*` with condition `tags.env == "staging"` — the `tags` field comes from the workflow being checked.
Principal context (namespaced) — matching the `run.*` style:
- `principal.sub` — stable subject identifier
- `principal.email` — email (may be absent)
- `principal.groups` — list of local group names
- `principal.collectives` — list of IdP-asserted collectives
Example: `collective in principal.collectives` or `owner.createdBy == principal.sub`.
Arithmetic baseline — the same mixed-type overloads from `createExtensionCelEnvironment()`. Reuse, don't duplicate.
Nothing else. No `data.`, `file.`, `vault.`, `env.`, `model.*` receivers. No `registerFunction` or `registerType` calls beyond what the factory sets up. This environment is sealed at construction.
Write-time validation
A function that takes a CEL condition string and a resource kind, and validates:
- Parses — is it valid CEL syntax?
- Type-checks — do the referenced fields exist in the declared environment for that resource kind? A typo like `tag.env` (instead of `tags.env`) or a type mismatch (`tags.env > 5` where `tags.env` is a string) should fail at grant creation time, not silently never-match at evaluation time.
- Source length — reject conditions over 1KB (simple sanity cap for phase 1).
This validation will be called by the Grant model's `create` method (from #667, now merged) when a condition is present. Currently the condition field is stored as an unvalidated string — this issue adds the validation.
Evaluation function
A function that takes a compiled/parsed condition, a resource-fields map, and a principal context, and returns `boolean`. This is what the AccessDecisionService (item 4) will call per-rule.
Key invariants
The seal is permanent. No extension registrations, no host functions, no I/O — ever. This is a decided architectural boundary, not a phase-1 simplification. New predicates (CIDR matching, semver comparison) are added to the baseline by the swamp team, never by extensions. Dynamic facts enter as data (principal attributes, resource fields), never as functions.
Conditions are deterministic. Same inputs → same output. No randomness, no time functions, no external state. This is what makes the cost-bounding story in phase 2 possible — if the environment is sealed and deterministic, bounding its cost is straightforward.
Write-time validation catches errors at authoring, not at evaluation. A bad condition must fail when the admin creates the grant, not silently never-match in production.
The environment does NOT use `unlistedVariablesAreDyn: true`. Unlike the extension surface, the grant environment should declare its variables explicitly so that type checking catches references to non-existent fields. This is the key difference from the extension baseline.
Scope
- New factory function in `src/infrastructure/cel/`
- Validation function for write-time checking
- Evaluation function for runtime use
- Tests covering: valid conditions, type errors caught at validation, field availability per resource kind, principal context access, the seal (no I/O receivers available)
- Wire the validation into the Grant model's `create` method (update the existing code from #667)
Out of scope
- Cost-bounding (AST depth, comprehension nesting, cost budgets) — phase 2, only needed for rule packs
- `matches()` regex complexity validation — phase 2
- AccessDecisionService — layer 1, item 4 (depends on this)
- CLI commands — layer 2
References
- CEL evaluator: `src/infrastructure/cel/cel_evaluator.ts`
- CEL tests: `src/infrastructure/cel/cel_evaluator_test.ts`
- Expressions design: `design/expressions.md`
- Grant model (condition stored as string): `src/domain/models/access/grant_model.ts`
- Access value objects: `src/domain/access/`
02Bog Flow
Closed
No activity in this phase yet.
03Sludge Pulse