#862
feat(clickhouse): tracked archive→CH backfill tooling (backfill.sql)
2h ago
#861
feat(clickhouse): idempotent DDL migration path for running prod (#859 deliverable 2)
2h ago
#860
chore(clickhouse): retire S3-backed v1 + s3 objects after #859 cutover
2h ago
#859
Decouple prod ClickHouse from S3 (drop storage_policy=s3_main) + add a DDL migration path
2h ago
#858
Epic #847 · Unit 6: Document the Mongo-vs-ClickHouse storage-architecture split in scoring.md
6h ago
#857
Epic #847 · Unit 5: ClickHouse materialized-view projections + atomic leaderboard read-flip + delete Mongo OLAP
6h ago
#856
Epic #847 · Unit 4: Stream confirmed grants into ClickHouse score_grants (ReplacingMergeTree)
6h ago
#855
Epic #847 · Unit 3: Migrate the 5 recompute contributions to per-event grants; delete the recompute path
6h ago
#854
Epic #847 · Unit 2: score_grants append-only ledger write-model in Mongo (shadow, no read flip)
6h ago
#853
Epic #847 · Unit 1: Land the ClickHouse projection foundation (schema + init SQL + compose service)
k4h ago
#852
Global skills should auto-sync when binary version advances
7h ago
#851
autoGc emits auto_gc_completed event on --json stdout, breaking single-parse consumers
8h ago
#850
Extension publish score is non-monotonic: yanking versions lowers a user's score
k6h ago
#849
Live Swamp Club event console on /feed — scrolling stream of all non-sensitive events
9h ago
#848
Docs: add --ws-idle-timeout to serve flags reference
s9h ago
#845
copy/rsync ignores transport extraOptions (and proxyCommand), unlike exec/script
s8h ago
#844
Remove feed comments — consolidate discussion in Discord
12h ago
#843
Make serve WebSocket idle/keepalive timeout configurable (untunable default aborts runs when serve's loop briefly blocks)
s9h ago
#842
Docs: update extension info reference with content metadata output
s10h ago
#841
serve startup time regression: synchronous catalog init delays WebSocket listener by ~4.5 minutes
s9h ago
#840
Expose run/job/step identifiers as SWAMP_* env vars + CEL values, and template placement selectors (extends #331's run.id)
12h ago
#839
fix: add .namespace.json to isInternalCacheFile() in datastore extensions
s16h ago
#838
docs: document swamp serve daemon enable/disable/status subcommands
s16h ago
#837
docs: document execution cancellation commands and cancelled status
s17h ago
#836
docs: document autoGc config option for automatic garbage collection
s18h ago
#835
Docs: document @env= and @file= webhook secret indirection in swamp-serve reference
s15h ago
#834
fix: datastore sync --push deletes the namespace registration manifest (canonical namespace flow un-registers itself)
s16h ago
#833
docs: bundled swamp agent skill lacks datastore-namespace guidance (giga-swamp)
s18h ago
#830
data query --select crashes on BigInt: "Do not know how to serialize a BigInt" when CEL size() reaches the JSON renderer
s23h ago
#829
Intra-namespace write concurrency: whole-index sync under the lock serializes fan-out workloads (split from shipped #666)
1d ago
#828
Telemetry recoverOrphaned startup race with multiple replicas (created_at-based)
1d ago
#827
Telemetry retry/failed path has the same non-atomic claim as #820
1d ago
#826
Batch / prefix delete for swamp data delete (single lock acquisition)
s18h ago
#825
Surface extension type+method detail in CLI to eliminate expensive discovery loops
s12h ago
#824
Skill guides lack progressive reveal boundaries — agents over-read by 4x
s1d ago
#823
Opt-in automatic garbage collection for datastore data
s1d ago
#822
UAT: swamp workflow evaluate/run with forEach dynamic workflowIdOrName targets
a1d ago
#820
Telemetry watcher has no replica coordination: N replicas double-process the same batch (non-atomic find→updateMany claim)
k1d ago
#819
Telemetry drain still capped ~80-100/s in prod: per-username full-history re-aggregate is O(users) sequential per batch (deferred #817 fix #4)
k1d ago
#817
Telemetry ingest is consumer-bound: counter & stats dedup via O(N) sequential insertOne, throughput stuck ~20 events/s regardless of BATCH_SIZE
k1d ago
#814
Resolve dynamic workflow task targets inside forEach
a1d ago
#813
Leaderboard and profile streak not reporting
s2d ago
#812
Same-namespace writers fully serialize on the per-namespace lock — could maintenance/append writes avoid holding it?
2d ago
#811
Could method-summary report artifacts get a default retention cap? They grow to dominate the datastore manifest
s1d ago
#810
Docs: update vault inspect output in manual reference
s2d ago
#808
Execution cancellation: abort stuck workflow runs and model method runs, bulk cleanup, and daemon-restart reaping
s1d ago
#807
Docs: document .? optional select for null-safe CEL data access
s2d ago
#806
Optional scheduled / automatic datastore GC (retention-policy-driven pruning)
1d ago
#805
Notify issue author/participants on ripples & status changes — with Discord bot DM as a delivery channel
13h ago
#804
Batch step 2 of enrichAuthorPlans (per-collective subscription reads)
2d ago
#803
Datastore should fail fast on unresolvable credentials instead of stalling on the AWS provider chain
s2d ago
#802
Add SWAMP CLUB wordmark logo next to sc-mark.png in TRADEMARKS.md
k1d ago
#801
Add SWAMP CLUB wordmark logo next to sc-mark.png in TRADEMARKS.md
2d ago
#798
pushChanged does not implement absence-on-disk deletion (markDirty contract rule #2)
s2d ago
#797
pushChanged does not implement absence-on-disk deletion (markDirty contract rule #2)
s2d ago
#792
Add `vault delete` support to @swamp/aws-sm extension
s3d ago
#791
Add `vault delete` support to @swamp/azure-kv extension
s3d ago
#790
Add `vault delete` support to @swamp/1password extension
s3d ago
#789
Leaderboard window baseline: 90-day cutoff zeroes returning-dormant users (latent, 0 impact today)
3d ago
#788
swamp data gc prunes the catalog but never deletes objects from S3 datastores (markDirty hook not wired) — sync manifest never shrinks
s2d ago
#779
SKILL.md Common Commands: model type search uses wrong command and syntax
s3d ago
#778
SKILL.md Common Commands: model create uses wrong @<type> prefix
s3d ago
#742
swamp issue bug times out posting to the Lab while swamp-club.com returns HTTP 200
s4d ago
#741
telemetry stats fatally fails to load an installed datastore extension (auto-resolve path); all other commands load it fine
s4d ago
#740
tf plan: FETCH_BUNDLE PAGE_FETCH_ERR / NO_STATES on cleanup-only plan (no resource changes)
5d ago
#739
Add deleteResource to MethodContext and document dataRepository.delete in skills
s5d ago
#738
Homebrew formula
5d ago
#737
Yank semantics inconsistent: all-versions-yanked acts as a free hidden/private extension; extension-level yank hard-blocks re-push
s4d ago
#736
Extension search returns edit-distance noise for short queries ("asdl" → "AWS DEADLINE")
5d ago
#734
workflow resume holds the global lock across the resumed step, deadlocking any datastore op the step performs
s5d ago
#732
Trajectory chart: current-day x-axis label is clipped at the right edge
s5d ago
#731
Telemetry not synced to swamp-club: local queue accumulating ~3 days despite valid auth
s5d ago
#730
extension pull serves a stale version that disagrees with search (honors a legacy per-extension serverUrl)
sBlocked5d ago
#729
serve --webhook usage string makes <header> look optional for generic scheme
s3d ago
#728
serve: webhook scheme not surfaced in startup event, health endpoint, or log line
s5d ago
#726
Slack webhook pre-body gate only checks signature header, not timestamp
s5d ago
#725
Dead code: verifySignature in webhook.ts superseded by verifier abstraction
s5d ago
#724
extension source: install skills from source-path extensions
s5d ago
#723
Data-driven webhook signature verifiers (avoid a code change + release per provider)
6d ago
#722
swamp.club extension view: multi-line code fence in manifest description renders each line as a separate inline code span
s5d ago
#721
remote-execution.md tutorial claims hello-world repo already has a vault configured, but it doesn't
s5d ago
#720
#welcome channel references "System Initiative" instead of "Swamp"
5d ago
#719
Docs: document trigger.inputs for scheduled/webhook workflows in the manual
k3d ago
#718
forEach with concurrency intermittently fails child workflow runs with 'Bad resource ID'
k6d ago
#717
Pass webhook payload to triggered workflow as inputs (CEL or path-based extraction)
k6d ago
#716
Support pluggable webhook signature verification schemes (Linear, Stripe, generic)
k6d ago
#715
Add macOS launchd integration for swamp serve
s1d ago
#714
Add workflow cancel command and stale-run reaping on daemon restart
2d ago
#713
Document model-method data-mutation surface (dataRepository.delete, findAllForModelSince, queryData)
s5d ago
#712
swamp repo upgrade should check git status and commit (or surface) the files it changes
s1d ago
#711
serve-auth: --server support for remaining remote-capable commands (phase 2)
s8h ago
#710
serve-auth: add --server support to data, model, workflow, vault, audit, summary, and report commands
s5d ago
#709
Replace third-party trademark symbol with Swamp Club (SC) mark in TRADEMARKS.md
k7d ago
#708
Eager render stack (Ink/yoga-layout + marked-terminal) adds ~540ms to every command's startup
s3d ago
#707
Docs: update Copilot how-to for audit hooks support
s5d ago
#706
No self-serve way to rename username (sntxrrgithub -> desired sntxrr) after GitHub SSO signup
7d ago
#705
Update Copilot support
s7d ago
#704
serve-auth: alias 'swamp access policy' as alternative to 'swamp access grant'
s7d ago
#703
serve-auth: add --server support to all read/query/operations commands
s7d ago
#702
serve-auth: SWAMP_SERVE_URL env var as default for --server flag
s3d ago
#701
Tutorial 'Publish an extension': examples hardcode @stack72 collective, breaks copy-paste publish step
s7d ago
#700
Support trigger.inputs for scheduled workflows
k6d ago
#699
Tutorial "Validate with a dry run" section shows stale extension push --dry-run output
s7d ago
#698
swamp serve: support auto-restart via macOS LaunchAgent or systemd
2d ago
#697
swamp data: accept named flags (--model/--name) instead of positional model/name args
s1d ago
#696
Tutorial extension search "entropy" zero-result example is now stale
s7d ago
#695
Extension dev workflow doc recommends `deno check` but deno isn't bundled or detected
s7d ago
#694
serve-auth: swamp access token rotate command
s7d ago
#693
Cron scheduler should re-evaluate workflow definition when source file changes
sBlocked2d ago
#692
Extensions should be able to declare required named model instances
7d ago
#691
Official @swamp/linear extension — first-class Linear API model type
7d ago
#690
serve-auth: swamp access can-i — user self-service permission check
s7d ago
#689
serve-auth: hard refusals for off-loopback without TLS or auth
s7d ago
#688
serve-auth: wire AccessDecisionService into serve chokepoints for authorization enforcement
s7d ago
#687
Allow referencing bundled workflows by name without UUID filename
s2d ago
#686
Bundled extension workflows should auto-register on install
s2d ago
#685
serve-auth: mode: token — server token authentication on WebSocket connections
s8d ago
#684
sensitive-arg guard rejects an all-vault.get() record/map as a "literal", blocking definition migration
s8d ago
#683
serve-auth: mandatory admin materialization from config at startup
s7d ago
#682
serve-auth: auth config schema and mode flag for swamp serve
s8d ago
#681
serve-auth: remote grant management via swamp access --server
s8d ago
#680
serve-auth: declarative grants file with startup reconciliation
s7d ago
#679
docs: swamp serve user guide
s3d ago
#678
serve-auth: swamp access CLI commands
s8d ago
#677
docs: TLS setup guide for swamp serve (direct and reverse proxy)
s8d ago
#676
Docs: add server-side TLS reference for swamp serve --cert-file/--key-file
s8d ago
#675
serve-auth: static TLS for swamp serve
s8d ago
#674
serve-auth: client-side server credential storage
s7d ago
#673
serve-auth: server token built-in model
s7d ago
#672
serve-auth: AccessDecisionService with in-memory policy snapshot
s9d ago
#671
Telemetry flush blocks command exit, adding ~1.2s p50 to every invocation
s9d ago
#670
serve-auth: sealed CEL grant-condition environment
s9d ago
#669
Private / org-scoped collectives with member ACLs
8d ago
#668
serve-auth: Group aggregate + built-in model
9d ago
#667
serve-auth: access bounded context — Grant, Group, and shared value objects
s9d ago
#666
Single __global__ datastore lock serializes unrelated writes across all repos/namespaces
s2d ago
#665
data gc --dry-run ignores the flag and performs a destructive GC
s9d ago
#664
Support epoch seconds as the version suffix to avoid push collisions
s8d ago
#663
Implement ephemeral data as in-memory repository
7d ago
#662
Design: serve authentication & authorization (TLS, OAuth, access control)
7d ago
#661
Private collectives
k8d ago
#660
extension push: adversarial-review report hash is platform-dependent (macOS vs Linux), so committed reviews never match a cross-OS runner
s10d ago
#659
Can't click on repository from swamp extension search.
s10d ago
#658
extension pull: detect ghost-row conflicts and suggest swamp doctor extensions
s10d ago
#657
`extension quality` false-positive bare-import detection on string literal "flexible"
s10d ago
#656
Remote Execution tutorial
s10d ago
#655
SQLite run tracker subsystem for in-flight run lifecycle
11d ago
#654
Honour AWS profile default region when 'region' globalArg is omitted
s11d ago
#652
swamp serve does not open the UI
12d ago
#651
Docs: document --compact flag for model type describe
s12d ago
#650
datastore setup migration relocates and deletes repo-root .swamp/secrets, breaking all local_encryption vault.get
s11d ago
#649
Registry content-type search filter can match versions absent from the displayed extension
s12d ago
#648
Docs: document reports.require failure semantics in the manual (unresolvable required report fails the run)
s12d ago
#647
Reports tab on extension page is non-functional
k13d ago
#646
vault read-secret mixes log output into stdout
s13d ago
#645
Resource-leak test failures on main: extension_rubric_scorer_test and worker_gateway_test
s12d ago
#644
Landing page clips the curl install command instead of rendering the full text
14d ago
#643
model delete --json output shape doesn't match the documented {deleted, modelId, modelName, artifactsDeleted}
s11d ago
#642
model search --json returns a bare model object instead of {query, results} when exactly one model matches
s11d ago
#641
Extension author gitignore guidance: add .swamp.yaml and CLAUDE.md to recommended excludes
12d ago
#640
reports.require in workflow YAML does not auto-execute pulled extension reports
k13d ago
#639
Yanked extension version still shown as active on swamp-club.com and in 'extension search'
s13d ago
#638
Add deprecate/yank/unyank actions for own extensions on the web interface
k14d ago
#637
Expose per-run memory/CPU metrics for method & workflow executions
15d ago
#636
model method run OOMs at 4GB V8 heap on long high-fan-out methods; non-configurable heap + crash leaves run stuck in "running"
sBlocked10d ago
#635
Tier-up announcements never fire for direct score contributions (badge awards, feed credits)
k13d ago
#633
Discord role sync never assigns lower leaderboard tiers (Swamp Baby / Muck Runt / Sludge Whelp)
k15d ago
#631
Docs: document globalArgument input reference validation in workflow validate
s15d ago
#630
Remote execution: UAT coverage for tokens, enrollment, and dispatch
15d ago
#629
Remote execution: comprehensive reference documentation
s11d ago
#628
doctor extensions: pulled-extension source files reported as orphans that --repair can't evict (nested @swamp/aws/* sibling mis-attribution)
s15d ago
#627
Channel-based publishing for local extension backports
15d ago
#626
Feature: make extension yank channel-scoped (--channel) so it doesn't nuke every channel
s15d ago
#625
swamp update --setup-auto does not work with bluefin44 (crontab not found, should
s15d ago
#624
Feature: demote / withdraw an extension version from the stable channel
s15d ago
#623
Docs: extension-publish skill guide doesn't cover release channels
s15d ago
#622
workflow validate: resolve model globalArguments expressions against the calling workflow's declared inputs
s7d ago
#621
Add a way to list registered report definitions (report search only lists results)
s15d ago
#620
Inconsistent resource-field accessor: data get returns content, data query and CEL use attributes
s15d ago
#619
Extension API: allow export const extension to add resource specs, or document that it cannot
s15d ago
#618
@swamp/aws/cloudformation: expose StackSet instances, drift, and operations (Cloud Control cannot)
s10d ago
#617
workflow validate: method args with a Zod .default() are treated as required
s15d ago
#616
Profile months overlap in trajectory
k16d ago
#615
model type describe --json: bloated output (40% duplicated specs, no compact mode) and lost method-to-output mapping drive agents to read extension source
s13d ago
#614
UAT: Release channel CLI and adversarial tests
s9d ago
#613
Docs: Add release channel documentation to the manual
s16d ago
#612
Test skill evals with Fable in multi-skill eval tests
s16d ago
#611
Guide users toward filing feature requests when @swamp extensions lack a needed capability
16d ago
#610
Guide users toward filing feature requests when @swamp extensions are missing features
s16d ago
#609
correcting capitlization of Swamp, Swamp Club, and The Swamp on the swamp-club.com website
k16d ago
#608
API: Add release channel support for extension versions (beta, rc, stable)
s16d ago
#607
Add @swamp/hetzner-cloud/server-types model for availability and project limits
s16d ago
#606
Resident/warm worker mode — `model method run` has ~6s fixed per-invocation overhead that rules out latency-sensitive use
s17d ago
#605
Issue submission returns wrong URL path
s17d ago
#604
Dynamic resource attribute refresh for model instances
17d ago
#603
`vault put` inside workflow steps still acquires global `.datastore.lock` after #382
s17d ago
#602
extension quality scorer mis-detects quoted phrases in comments as bare imports
s17d ago
#601
extension push: credentials-sensitive-field false positive when .meta({ sensitive: true }) is on a continuation line
s17d ago
#600
Local source-loading should discover a report co-located with its model in a paths.base:manifest extension
s17d ago
#599
extension push: optionally sync the published bundle to the manifest `repository:` (git mirror)
14d ago
#598
Add 'creek' extension kind for cross-querying external systems alongside swamp data
18d ago
#597
Docs: vault refresh hooks (--refresh-from, --refresh-ttl, --clear-refresh)
s18d ago
#596
Support CI-friendly adversarial review artifacts for extension push
s18d ago
#595
Deprecate "No slow types" (fast-check) rubric factor on server-side scorer
s18d ago
#594
Registry scorer fails on bare specifiers — mirror CLI fix from #505
s18d ago
#593
Official extension for GitHub repository configuration (environments, variables, secrets)
s17d ago
#592
Feature request: @swamp/tailscale extension
18d ago
#591
Option to change email in your Swamp Club profile or delete account
19d ago
#590
Docs: vault reference in manual promotes inline KEY=VALUE as primary example
s19d ago
#589
extension push error for disallowed file types doesn't mention binaries field
s19d ago
#588
swamp help extension omits yank and unyank (machine-readable CLI schema misses real subcommands)
s19d ago
#587
Extension model method execute lacks typed args/context — every author has to use ': any' to unblock tests
s19d ago
#586
@webframp/hashicorp-vault: empty KV engine causes 'data.data.keys is not iterable' on vault put
19d ago
#585
workflow resume fails to register all extension model types (local and pulled) — "Unknown model type"
s19d ago
#584
model method run: cannot pass arrays, numbers, or booleans via --input
s19d ago
#583
extension push --dry-run --json reports local helper imports as bogus model entries
s19d ago
#582
Extension source: direct-content export scan only reads first 64 KiB, silently drops exports beyond it
s20d ago
#580
Homepage install command: wrong domain and missing https:// protocol
s20d ago
#579
Homepage install command: wrong domain and missing https:// protocol
20d ago
#578
first-class refresh hook for short-lived vault values (gcloud / aws-sso / kubectl-oidc token UX)
s18d ago
#577
swamp issue ripple logged "Posted ripple on issue #514" but the ripple is not visible on the Lab
s20d ago
#576
vault guide promotes inline secret values (KEY=VALUE) as a primary "swamp vault put" example
s19d ago
#575
swamp-getting-started SKILL.md still references removed swamp-model / swamp-workflow / swamp-vault / swamp-extension / swamp-repo skills
s20d ago
#574
extension rm blocked by stale /workspace bundle_types rows from prior container sessions with host repo bind-mounted
s20d ago
#573
extension search returns null repository fields that extension info populates
s20d ago
#572
Quality rubric: scope "No slow types" for model extensions (consumed via model+CEL, not type imports)
s18d ago
#571
data get/list --workflow and workflow history get/logs cannot resolve extension-delivered workflows (Workflow not found)
s20d ago
#570
Docs: add doctor secrets and doctor vaults to the troubleshooting how-to guide
s21d ago
#569
UAT: sensitive resource output without vault produces clear pre-flight error
21d ago
#568
Docs: add doctor vaults subcommand and pre-flight vault validation
s21d ago
#567
gcs-datastore: registerNamespace does not detect conflicts with existing registrations
s21d ago
#566
Validate vault availability when model has sensitive output fields
21d ago
#565
Managed skills ship with dangling reference-doc links
s21d ago
#564
swamp-club: update skill references and CLAUDE.md after superskill consolidation
s21d ago
#563
swamp-uat: init_test.ts asserts old skill directory names after superskill consolidation
21d ago
#561
Codegen: auto-merge resources across GCP API versions instead of manual ADDITIONAL_VERSION_RESOURCE_FILTER
s21d ago
#560
fix: giga-swamp UAT failures — 9 bugs found during comprehensive testing
s21d ago
#559
fix: datastore setup extension with namespace config doesn't scope sync or register manifest
s22d ago
#557
fix: namespace set on default repo writes incomplete filesystem config (missing path)
s22d ago
#556
@swamp/1password put double-escapes JSON values
s21d ago
#555
feat: giga-swamp comprehensive UAT coverage
20d ago
#554
@swamp/kubernetes 2026.06.04.1 missing upgrade path from 2026.05.27.2
s22d ago
#553
@swamp/kubernetes ignores certificate-authority-data from kubeconfig for self-signed CAs
s22d ago
#552
Inconsistent failures in swamp doctor extensions (database is locked, bundle build failed)
s22d ago
#551
docs: giga-swamp user documentation — reference, how-to, and conceptual guide
s22d ago
#550
@swamp/gcp/iam missing serviceAccounts model type
s21d ago
#549
@swamp/ssh@2026.06.04.1 fails to load: bare zod import + missing 2026.06.04.1 upgrade entry
s22d ago
#548
feat: giga-swamp phase 7 — Data migration commands
s22d ago
#547
feat: S3/GCS extension namespace manifest support (registerNamespace/listNamespaces)
s23d ago
#544
Should be able to see all the issues I created by a filter "submitted by me"
s23d ago
#543
Ability to change the email address associated with my Swamp Club Account
s18d ago
#542
feat: giga-swamp phase 5 — CLI output + namespace management commands
s23d ago
#541
CI review jobs use two-dot diff that includes files the PR never touched
s18d ago
#540
paths.base: manifest is not honored for workflows: — bundled workflows only resolve from repo root, blocking self-contained subdir layouts (sibling to #459)
s23d ago
#539
Lab profanity filter rejects legitimate CLI flag tokens via substring match
s23d ago
#537
Add platform type to issue-lifecycle extension model Zod schema
s23d ago
#536
fix: datastoreSetupExtension() ignores namespace config on initial migration push/pull
s24d ago
#535
Remote execution: orchestrator/worker fan-out (replaces execution drivers)
a15d ago
#534
swamp datastore sync --push creates global .datastore-index.json ignoring namespace config
s24d ago
#533
feat: S3/GCS extension namespace-scoped sync support
s23d ago
#532
Copy explicitGlobalArgs before mutation in resolveOrCreateDefinition
s24d ago
#531
vault.get() expressions in extension model globalArguments are not resolved at runtime
s24d ago
#530
swamp-issue skill should scrub secrets and org-specific data before submission
s24d ago
#529
workflow validate: trim stale 'skipped' label from model_not_found warning
s24d ago
#528
Add pi coding agent support
24d ago
#527
hashicorp-vault should read token from env
25d ago
#526
swamp-extension adversarial review skill needs mandatory mechanical verification checklist
s23d ago
#525
feat: giga-swamp phase 6 — Namespace-scoped sync
s24d ago
#524
swamp workflow validate emits misleading "Extension failed to load" warning when type resolves locally
s25d ago
#523
Add issue search/list command to discover existing issues
s25d ago
#522
Support vault-resolved private key content in transport auth (not just file paths)
s25d ago
#521
Workflow engine resolves extension methods against base type, ignoring extension-registered methods
s25d ago
#520
Per-model LockTimeoutError at 60s causes cascading failures under concurrent access
s2d ago
#519
Persistent, queryable workflow runs (status / cancel from any shell)
25d ago
#518
swamp repo upgrade: ERR_SQLITE_ERROR 'attempt to write a readonly database' during extension catalog schema migration
s25d ago
#517
workflow validate: fail on references to unknown model instances (typo'd modelIdOrName)
s24d ago
#516
feat: giga-swamp phase 4 — CEL cross-namespace queries
s25d ago
#515
Docs: document the extension push adversarial-review gate
s25d ago
#514
vault://local_encryption token does not round-trip correctly for GCP OAuth2 access tokens
s18d ago
#513
swamp issue: add ability to edit issue title and body after submission
s25d ago
#512
@swamp/gcp/iam: add WIF pool, provider, service account, and binding support
s21d ago
#511
Support vault-sourced identity keys
s24d ago
#510
copy method reports success when scp exits non-zero (e.g. 255)
s25d ago
#509
Docs: TLS behind inspecting proxies / private CAs (system trust store, DENO_CERT, SSL_CERT_FILE)
25d ago
#508
Extension quality/adversarial-review: add a 'published-surface hygiene' check for real infra identifiers
s22d ago
#507
Feed-post scoring is a direct domain write, not a consumer of feed_post_approved telemetry
k17d ago
#506
workflow validate silently PASSES steps whose model type is a pulled extension (step-inputs skipped = false pass)
s25d ago
#505
extension quality fails to resolve bare specifiers — contradicts fmt no-import-prefix rule
s18d ago
#504
Allow global arguments in direct type execution (workflow fan-out)
s24d ago
#503
Bundled Deno does not honor the OS/system CA trust store
k26d ago
#502
Gator-approved feed post did not trigger Discord activity or profile points
k26d ago
#501
username_metrics projection backfill does not trigger re-scoring (stale UserScore for dormant users)
26d ago
#500
Enforce adversarial review gate before extension push
s25d ago
#499
support git forge / web namespaces for collectives
k27d ago
#498
Report type filtering in report search
k27d ago
#497
extension search: empty results from CLI despite known extensions
k27d ago
#496
workflow approve/resume cannot find suspended runs
s26d ago
#495
vault annotate --url fails with query params on @swamp/aws-sm
s26d ago
#494
datastore compact VACUUM fails with ERR_SQLITE_ERROR
s26d ago
#493
workflow approve/resume cannot find suspended run when using S3 datastore
s26d ago
#492
reindexByUsername re-strands pre-association history and wipes sign_in_dates
k18d ago
#491
Telemetry never retroactively credits a device's pre-association history
k26d ago
#490
Docs: document swamp doctor secrets in manual reference doctor.md
s28d ago
#489
Docs: document 'swamp workflow resume --input' in manual reference
s28d ago
#488
Cloudflare codegen: manifest version bumps on every regeneration (README not deno-fmt-clean)
s28d ago
#487
Support dynamic host discovery from external sources
s22d ago
#486
feat: giga-swamp phase 3 — Path resolver + per-namespace locking
s28d ago
#485
@swamp/ssh exec: string host selector only matches 'all', ignores host names and tags
s28d ago
#484
Add integration test for sensitive-arg guard on lazily-loaded extension types (follow-up to #480)
s28d ago
#483
Remediate existing definitions holding cleartext sensitive global arguments (follow-up to #480)
s28d ago
#482
Docs: document refusal of literal sensitive global arguments (follow-up to #480)
s28d ago
#481
Docs: update extension-trust reference for swamp-only default + lockfile version pinning (swamp-club#465)
s29d ago
#479
feat: giga-swamp phase 2 — Catalog schema v4 + repository interface
s29d ago
#477
Support for Custom CA's
k19d ago
#476
Cloudflare: support vault expressions for API credentials instead of env-var-only auth
s28d ago
#475
GCP: support vault expressions for credentials instead of env-var-only auth
s19d ago
#474
AWS: support vault expressions for credentials instead of env-var/SDK-chain-only auth
s20d ago
#473
DigitalOcean: support vault expressions for the API token instead of DO_API_TOKEN env var
s29d ago
#472
swamp model get does not redact `sensitive: true` fields (logs/reports/storage do)
s29d ago
#471
Support vault expressions for API token instead of env var
s29d ago
#470
UAT tests for manual_approval workflow commands
28d ago
#469
Document manual_approval workflow step type and suspend/approve/resume flow
s29d ago
#468
Stale extension bundles break after swamp upgrade
s29d ago
#467
Support --input flags on workflow resume for elevated permissions and runtime overrides
s28d ago
#466
Add HTTP approval endpoints to swamp serve for manual_approval steps
s24d ago
#464
feat: giga-swamp phase 1 — Namespace value object + config
s29d ago
#463
swamp serve scheduled workflows do not load repo extension registries
s29d ago
#462
ci: aws-check and gcp-check jobs take ~30min — rethink whether full model type-checking is needed per PR
s1mo ago
#461
swamp CLI: send user/device identity on extension-registry HTTP calls
j1mo ago
#460
Orphaned .swamp/ without .swamp.yaml marker is reported as plain 'Not a swamp repository' — partial/corrupt repo not detected
s1mo ago
#459
paths.base: manifest is not honored for skills: — bundled skills only resolve from repo root, blocking multi-extension repos
s29d ago
#458
swamp data gc does not remove physical version directories from disk
s1mo ago
#457
@swamp/aws/iam/role-policy: PolicyDocument schema says string but CloudControl expects JSONObject
s1mo ago
#456
Docs: update autoupdating how-to for Linux privileged schedulers
s1mo ago
#455
How-to: Define custom AI agent tools
s1mo ago
#454
Workflow-scope report execution fails with `rawType.trim is not a function`
s1mo ago
#453
version-drift check reads first `version:` literal, not export const model.version
s1mo ago
#452
Support privileged autoupdate schedulers for root-owned binaries on Linux
s1mo ago
#451
Docs: document LaunchDaemon autoupdate for root-owned macOS binaries
s1mo ago
#450
Support deepAgents CLI/SDK as a target agent
1mo ago
#449
macOS autoupdate LaunchAgent cannot update root-owned swamp binaries
s1mo ago
#448
Telemetry admin reindex endpoint is gated on a defunct @systeminit.com email domain — permanently 403
s1mo ago
#447
CLI telemetry forwards non-personally-resolvable identity for collective auth; distinct_id is per-machine, not per-repo
k1mo ago
#446
Telemetry ingest only resolves personal API keys — collective-token events are unattributed, identity_map under-claims
k13d ago
#445
extension update/pull deadlocks when the repo's datastore is the extension being updated
s1mo ago
#444
Docs: update datastore reference for lazy hydration, SyncContext, and SyncCapabilities
s1mo ago
#443
Default hydrationStrategy to lazy after soak period
18d ago
#442
Make GCP CRUD methods factory-aware so list-discovered resources can be managed in-place
29d ago
#440
Datastore: lazy hydration with metadata-only setup and transparent content download
s1mo ago
#439
Slim down extension search output now that extension info exists
s1mo ago
#438
exec fails on macOS: ControlPath exceeds 104-byte Unix socket limit
s1mo ago
#437
CSS effects on swamp.club (any page) cause high CPU
k1mo ago
#436
Datastore extensions: only write dirty partition files on push
s1mo ago
#435
Datastore extension benchmark suite for S3 and GCS
s1mo ago
#434
GCS datastore: dirty sidecar, partitioned index, content hashing, and scoped sync
s1mo ago
#433
Direct execution @type prefix fails for repo-local extension model types
s1mo ago
#432
Support GitHub username in swamp.club profile to fix PR attribution
k1mo ago
#431
dataRepository.getContent() fails in workflow-scope reports with 'type.toDirectoryPath is not a function'
s1mo ago
#430
--json output is polluted by non-JSON content, breaking machine parsing
s1mo ago
#429
Core repositories missing markDirty hook — scoped push only works on crash recovery
s1mo ago
#428
Add extension info command for registry metadata
s1mo ago
#427
Add extension transfer between collectives
28d ago
#426
Display extension deprecation state on swamp-club pages
s1mo ago
#425
Add extension deprecation support to CLI
s1mo ago
#424
swamp serve: extension bundle failure at startup is silently pinned, breaking scheduled workflows with permanent 'Unknown model type'
k1mo ago
#423
vault put and read-secret use asymmetric path parsing; slash-put creates unreadable items
s1mo ago
#421
Upgrade TUI graphics — better AI-generated ANSI or a Moebius hand-authored pipeline
1mo ago
#420
Add assertVaultAnnotationExportConformance to @systeminit/swamp-testing
1mo ago
#419
Add VaultAnnotationProvider conformance helpers to @systeminit/swamp-testing
s1mo ago
#418
Vault annotations: --note/--notes flag inconsistency and UX improvements
s1mo ago
#417
Docs: document VaultAnnotationProvider interface and extension opt-in pattern
s1mo ago
#416
Add VaultAnnotationProvider support to @swamp/1password
s1mo ago
#415
Add VaultAnnotationProvider support to @swamp/azure-kv
s1mo ago
#414
Add VaultAnnotationProvider support to @swamp/aws-sm
s1mo ago
#413
Harness detection invents env vars for kiro/opencode/codex
k1mo ago
#412
Annotating vault items should be a first-class swamp operation
s1mo ago
#411
workflow direct-execution inputs.* persist as globalArguments on auto-definitions and freeze on first run
s1mo ago
#410
workflow-scope report's dataRepository.getContent returns null for data written in the same workflow run
s1mo ago
#409
swamp-report skill references nonexistent `swamp model report` command
s1mo ago
#408
@swamp/digitalocean — add domain-records model for /v2/domains/{domain_name}/records
s1mo ago
#407
Docs: update extension scoring documentation for dependency-trust rubric factor
s1mo ago
#406
Warn when a ${{ }} secret expression is single-quoted in a command/shell run: script
s1mo ago
#405
Workflow validation should resolve modelType for direct-execution steps
s1mo ago
#404
dbcluster state schema is missing DBClusterMembers (writer/reader, instance class)
s1mo ago
#403
Add a list/discover method to dbcluster for enumerating clusters in a region
s1mo ago
#402
Add dependency-trust rubric factor to server-side scorer (RUBRIC_VERSION 3)
s1mo ago
#401
cloudidentity API calls fail with 'requires a quota project' — bundle doesn't send x-goog-user-project header
s1mo ago
#400
Improve idempotency match field heuristic for auto-generated name resources (tagKeys, tagValues)
s1mo ago
#399
@swamp/gcp/cloudresourcemanager/folders: create method has 5 blocking bugs (missing parent in body, LRO detection, post-LRO state, idempotency, projectId requirement)
s1mo ago
#398
Add IAM policy management (setIamPolicy/getIamPolicy) on cloudresourcemanager resources; add custom-role CRUD to @swamp/gcp/iam
s1mo ago
#397
@swamp/ssh exec method fails with 'ctx.createCelEnvironment is not a function'
1mo ago
#396
Extension decision order should prefer @swamp/community extensions over local types
s1mo ago
#395
Make wheelshop-style dependency trust-gating a core swamp feature
s1mo ago
#394
swamp repo <unknown-subcommand> silently inits a nested repo (e.g. `swamp repo update`)
s1mo ago
#393
Extension METHODS table truncates Method column; short names like apply/check wrap mid-word on /extensions/@swamp/ssh
s1mo ago
#392
swamp extension rm leaves empty <kind>-bundles/<hash>/ dirs behind
s1mo ago
#391
Pre-flight checks cannot access method arguments (check context omits methodArgs/unresolvedMethodArgs)
s1mo ago
#390
swamp audit record --from-hook creates a stray .swamp datastore in the process cwd instead of resolving the repo root
s1mo ago
#389
extension push publishes model files ending in _test.ts that no consumer can load
s1mo ago
#388
Docs: document --extensions-dir / SWAMP_EXTENSIONS_DIR for worktree workflows
s1mo ago
#387
No user feedback when model method run is waiting for lock acquisition
s1mo ago
#386
issue-lifecycle: thank external contributors when issues are resolved
s1mo ago
#385
Add swamp extension prune to clean up stale catalog entries
1mo ago
#384
identity_map row not updated when user renames
s1mo ago
#383
`swamp extension rm` leaves empty scaffold dirs behind
k1mo ago
#382
Many CLI commands acquire global .datastore.lock unnecessarily, causing 60s LockTimeoutError under any concurrent writer
s1mo ago
#381
swamp CLI commands fail silently or hang when invoked from git worktrees via SWAMP_REPO_DIR
s1mo ago
#380
Datastore: lazy hydration for fast cold-start on first clone
1mo ago
#379
S3 datastore: dirty sidecar, partitioned index, content hashing, and scoped sync
s1mo ago
#378
Datastore sync: add SyncContext and SyncCapabilities framework contracts
s1mo ago
#377
Terminal rendering breaks at large font sizes
s1mo ago
#376
Expose cel-js Environment to extensions for custom CEL evaluation
a1mo ago
#375
Add list/search as a factory method that produces many data artifacts (Drive files.list, gmail messages.list, etc.)
s1mo ago
#374
files.get returns only minimal fields (id, name, kind, mimeType) because no 'fields' query parameter is sent
s1mo ago
#373
ADC path uses wrong gcloud token store: 'gcloud auth print-access-token' instead of 'gcloud auth application-default print-access-token'
s1mo ago
#372
Docs: update doctor reference and autoupdate how-to for new doctor install subcommand
s1mo ago
#371
createModelTestContext: storedResources not used by readResource; readResource always returns null
s1mo ago
#370
swamp-vault skill documents 'swamp vault read' but correct subcommand is 'read-secret'
s1mo ago
#369
Add a manual_approval (pause) task type to workflow steps
s29d ago
#368
Autoupdate silently fails when swamp is installed system-wide via the official install.sh
s1mo ago
#367
Missing 'parent' field in GlobalArgsSchema for several @swamp/gcp/* models causes get to fail
s1mo ago
#366
bucket-policy GlobalArgsSchema requires Bucket and PolicyDocument, blocking workflow-YAML direct execution of get
s1mo ago
#365
Report execute throws are advisory: workflow marked succeeded, exit 0, AND report output is discarded
s1mo ago
#364
dataRepository.getContent rejects string type in production but docs and testing helper demonstrate strings
s1mo ago
#363
bucket-policy StateSchema.PolicyDocument declared z.string() but CloudControl returns it as a parsed object
s1mo ago
#362
Unified login input that detects email vs username by presence of '@'
k1mo ago
#361
Introduce `swampd`: long-running local daemon for shared cache, secrets, and extensions
1mo ago
#359
workflow validate: false "Missing required inputs" when method args are set in the model definition
k1mo ago
#358
CEL and vault expressions not evaluated inside nested globalArguments fields
s1mo ago
#357
@swamp/digitalocean: 30 of 33 model types fail with version mismatch error
s1mo ago
#356
Add first-class Kilo Code tool support
1mo ago
#355
Partitioned index for S3/GCS datastores (Phase 3)
1mo ago
#354
Per-path dirty tracking in S3/GCS datastore extensions (Phase 2)
s1mo ago
#353
Docs: update doctor extensions JSON reference to include warnings[] field
s1mo ago
#352
Doctor kind-completed events should carry correct per-registry status
1mo ago
#351
Surface type-extraction failures in doctor JSON output
s1mo ago
#350
Scoped sync and capability-gated concurrency for datastores (Phase 1)
s1mo ago
#349
Direct type execution fails for locally-defined extension types with pulled duplicates
s1mo ago
#348
Scaffold new extensions to publish-ready quality (12/12) by default
s1mo ago
#347
Add table width controls to swamp report get
s1mo ago
#346
Add a markdown output mode to `swamp report get`
s1mo ago
#345
Add a markdown output mode to swamp report get
1mo ago
#344
swamp.club: 'Mark all read' link doesn't clear unread count on /inbox
s1mo ago
#343
Official @swamp/ssh extension supporting multiple SSH transport styles
a1mo ago
#342
W7 — unify extension failure surfaces; collapse registries.failures[] into sourceDetails[]
s1mo ago
#341
Surface Tombstoned transitions in doctor extensions output
s1mo ago
#340
Distinguish validation-throw from bundle-throw in reconcile catch; surface ValidationFailed in sourceDetails
s1mo ago
#339
extension unyank needs -y/--yes flag for non-interactive use
s1mo ago
#338
Step key parsing in execution_service uses naive split(":") and silently truncates colon-containing step names
k1mo ago
#337
Workflow-scope report artifacts unreachable via `swamp data get --workflow`
k1mo ago
#336
Add --stdin support to method run and workflow run for Unix pipe composition
s1mo ago
#335
Docs: add run namespace to CEL expressions reference
s1mo ago
#334
Fix invalidate-then-reconcile sequencing in doctor extensions; failure-mode RowStates unreachable in sourceDetails
s1mo ago
#333
doctor extensions invalidateAll does not trigger fingerprint recheck for existing Indexed rows
1mo ago
#332
Extension failure recording has dual write paths (legacy buildIndex vs W3 reconcile)
1mo ago
#331
Expose workflow run ID in CEL so resource keys can be run-scoped
s1mo ago
#330
Add `swamp doctor workflows` subcommand to surface workflow YAML parse errors during preflight
s1mo ago
#329
Add 'swamp issue comment' command for updating existing issues
s1mo ago
#328
Close #327 — fixed in 20260511.160514.0-sha.9d03b09a
1mo ago
#327
Nested workflow task fails with 'Bad resource ID' when workflowIdOrName uses @collective/ prefix
s1mo ago
#326
Detect stale skill directories and prompt for repo upgrade
s1mo ago
#325
Improve skill trigger routing for cross-model edge cases
28d ago
#324
Add type search for driver, datastore, and report kinds
s1mo ago
#323
Surface ReconcileFromDisk dryRun transitions in swamp doctor extensions
1mo ago
#322
Docs: update doctor extensions reference for W6 aggregate-state rendering + repair flags
s1mo ago
#321
swamp issue: check if reporter is on an outdated binary before opening
s1mo ago
#320
Implement W6: swamp doctor extensions aggregate-state rendering + repair surface (extension catalog rearchitecture)
s1mo ago
#319
extension pull fails referencing removed source after extension source rm
s1mo ago
#318
Investigate whether allExtensionMethodsAttached guard can be removed via registration-path consolidation
s1mo ago
#317
Trace context is lost: CLI ignores inbound TRACEPARENT and raw driver doesn't propagate active context into in-process methods
s1mo ago
#316
swamp model create --global-arg KEY=VALUE doesn't coerce strings to z.number() schemas
s1mo ago
#315
swamp model create --global-arg KEY=VALUE doesn't coerce strings to z.number() schemas
1mo ago
#314
swamp issue get should rate-limit unauthenticated users instead of blocking
s1mo ago
#313
swamp issue get should not require authentication
s1mo ago
#312
telemetry: emit child entries for follow-up action method invocations
s1mo ago
#311
Publish release-candidate / unstable extension versions
s16d ago
#310
extension source rm leaves stale @local/. rows in catalog, blocking later pulls of registry types
s1mo ago
#309
extension push drops binaries: field from re-emitted archive manifest.yaml
s1mo ago
#308
macOS launchd autoupdate (club.swamp.autoupdate) silently fails — binary stays stale
s1mo ago
#307
Clicking @hivemq/honeycomb extension card on /extensions shows 'Something went wrong'
1mo ago
#306
Docs: Update model-definitions.md and workflows.md for direct type execution
s1mo ago
#305
Docs: document binaries manifest field in extension-manifest.md
s1mo ago
#304
Add an official @swamp/ssh extension for general-purpose SSH (brownfield-friendly)
1mo ago
#303
Accept and display binaries field from extension push metadata
s1mo ago
#302
Direct type execution: collapse model create + method run into one command
s1mo ago
#301
Per-method telemetry events for workflow runs
k1mo ago
#300
Workflow run liveness: orphaned 'running' records when originating CLI process dies mid-run
1mo ago
#299
Provide a CLI-shape primer for AI agents to reduce rediscovery overhead
s16d ago
#298
quality rubric: don't penalize extensions whose upstream constrains them to a single platform
s1mo ago
#297
Extension update rejects multiple .ts files extending the same target type within one local extension (regression)
1mo ago
#296
swamp extension push deadlocks when invoked from inside a swamp workflow step
s1mo ago
#295
Collective-scoped auth keys + OIDC federation for CI publishing
1mo ago
#294
forEach self.* in modelIdOrName not resolved in runtime execution path
s1mo ago
#293
Award leaderboard points for referrals and collective invites
1mo ago
#292
Add agent harness detection and AiTool to telemetry
k1mo ago
#291
Workflow-level runtime expressions (env.*, vault.*) not resolved in driverConfig — docker driver receives literal ${{ ... }} strings
j1mo ago
#290
Implement W5: Per-fingerprint import URLs + subprocess test harness (extension catalog rearchitecture)
s1mo ago
#289
swamp config set crashes with YAML serialization error
s1mo ago
#288
datastore compact: VACUUM fails in compiled binary (SQLITE_LIMIT_ATTACHED=0)
s1mo ago
#287
Repo-level version gating: minSwampVersion high-water mark for team consistency
17d ago
#286
Docs: document self.* expressions in modelIdOrName during forEach
s1mo ago
#285
Docs: How-to guide for background autoupdating
s1mo ago
#284
Manifest version bumps silently ignored for existing local extension aggregates
s1mo ago
#283
materialiseExtensions misclassifies pulled rows when manifest name collides with a pulled extension
s1mo ago
#282
Local extension edits don't reliably trigger rebundle
1mo ago
#280
Missing unique indexes on user.email and user.username allow duplicate users
k1mo ago
#279
Resolve self.* expressions in modelIdOrName during forEach expansion
s1mo ago
#278
discord-bot double-sends sign_up notifications
k1mo ago
#277
Discord bot sends duplicate signup notifications
1mo ago
#276
Add 'swamp workflow list' as alias for 'swamp workflow search'
s1mo ago
#275
Add 'swamp auth status' as alias for 'swamp auth whoami'
s1mo ago
#274
Extension bundle cache does not invalidate on source edits
s1mo ago
#273
extension pull fails on @local/.@0.0.0 phantom-claim collision when local repo has its own extension
s1mo ago
#272
Lab search by numeric issue ID returns no results
s1mo ago
#271
W3 sourceToRow writes empty source_mtime — should carry filesystem mtime through Source entity
s1mo ago
#270
Warm-start rebundleAndUpdateCatalog should respect terminal RowStates set by reconcile
1mo ago
#269
Implement W4: KindAdapter + unified loader (extension catalog rearchitecture)
s1mo ago
#268
Docs: add vault read-secret command to reference manual
s1mo ago
#267
Extension layer garbage collection: prune catalog rows + evict orphaned bundles
1mo ago
#266
Docs: document workflow concurrency limits in reference manual
s1mo ago
#265
Locally-sourced extension: source_mtime updates without regenerating stale bundle
s1mo ago
#264
Extension push: allow shipping executable host helpers (bin/mudroom blocker)
s1mo ago
#263
Vault expressions silently deliver __SWAMP_VSEC__ sentinels under the docker driver
s1mo ago
#262
First-class shell-shim support for extensions, with registry-level visibility
1mo ago
#261
Local extension model bundles don't rebuild when source changes (no rebuild CLI; manual cache delete breaks the runner)
s1mo ago
#260
Configurable concurrency limits for workflow fan-out (forEach, parallel jobs/steps)
s1mo ago
#258
feat(security): redact sensitive method arg values from audit log
s1mo ago
#257
docs: document swamp datastore compact and GC WAL behaviour
1mo ago
#256
UAT: swamp datastore compact reclaims WAL and catalog space
1mo ago
#255
Plan v4 step 9 literal test untestable under current catalog PK semantics
1mo ago
#254
Cross-process concurrency stress for W2 lifecycle services
s1mo ago
#253
UAT additions for W2 lifecycle services (Install/Remove/Upgrade)
1mo ago
#252
Implement W3: ReconcileFromDisk + freshness-as-aggregate-query (extension catalog rearchitecture)
s1mo ago
#251
doctor extensions repair: clean catalog-only orphans
1mo ago
#250
Extensions should be able to ship Claude Code skills
s1mo ago
#249
Pre-existing TOCTOU windows in YAML repo walkers (findAll directory level + findById)
s1mo ago
#248
`swamp datastore setup` migration is not resumable / leaves the repo in a partial state on failure
s1mo ago
#247
Built-in models must honor AbortSignal so --timeout works in practice
s1mo ago
#246
Reader-lock or lock-free read path for data list/get/search/query
s1mo ago
#245
data search: surface jobTag alongside workflowTag and stepTag (follow-up to #237)
s1mo ago
#244
global-arg silently strips unknown keys; should reject via strict Zod schema
s1mo ago
#242
redmine extension: adopt state machine patterns from @magistr for agent-driven workflows
1mo ago
#241
performance degrades significantly with large SQLite catalog
s1mo ago
#240
summarise: timeout/hang on repos with many workflow runs
s1mo ago
#239
extension quality/fmt fail on pulled extensions (path mismatch)
s1mo ago
#238
vault: add read-secret CLI command for agent-driven secret retrieval
s1mo ago
#237
data query: stepName and jobName fields always empty in CEL results
s1mo ago
#236
Extension ecosystem: shared utility library, version sync tooling, and HTTP resilience patterns
s1mo ago
#235
Agentic CLI improvements: --json stdout isolation, array inputs, and --repo-dir consistency
s1mo ago
#234
data delete fails with "Directory not empty (os error 39)" when concurrent writes are active
s1mo ago
#233
Extract LockfileRepository (W2 prequel for swamp-club#231)
s1mo ago
#232
Extend DatastoreSyncService.markDirty() with optional relPath argument
k1mo ago
#231
Implement W2: Lifecycle services own the catalog write (extension catalog rearchitecture)
s1mo ago
#230
data·delete logger double-quotes the data name in log output
s1mo ago
#229
DDD: refactor data services to depend on domain-side ports instead of infrastructure types
s1mo ago
#228
Detect AWS CredentialsProviderError in @swamp/aws-sm-vault and prepend SSO-expiration hint
s1mo ago
#227
Opt-in background autoupdate for the swamp binary (configurable cadence + risk tolerance)
s1mo ago
#226
Detect AWS CredentialsProviderError in summarizeSyncError and prepend SSO-expiration hint
s1mo ago
#225
S3 datastore hydrate has no fallback for buckets without .datastore-index.json
s1mo ago
#224
S3 datastore stale-lock retry loop never evicts orphan locks left by swamp processes that panic at shutdown
s1mo ago
#223
Implement W1b: Repository and RowState (extension catalog rearchitecture)
s1mo ago
#222
Redundant push after pullChanged: localMtime clobbered by pullIndex(forceRemote)
s1mo ago
#221
Docs: update datastore-configuration manual after #220 setup-hydration fix lands
s1mo ago
#220
workflow run search returns empty after S3 datastore setup, despite run YAMLs in datastore
s1mo ago
#219
CLI crashes with exit 134 (Rust panic in tls_wrap.rs) after successful command output
s1mo ago
#218
S3 datastore global lock enters infinite stale-lock loop after interrupted workflow
s1mo ago
#217
swamp-extension-model skill: include description field in upgrades quickref
s1mo ago
#216
swamp-extension-model skill: include field in upgrades quickref
1mo ago
#215
Adversarial UAT test: missing cached bundle with intact catalog should self-recover
1mo ago
#214
Port importBundleByPath ENOENT fallback to datastore/driver/vault/report loaders
1mo ago
#213
`swamp datastore setup` (filesystem→S3 migration) panics in deno Node TLS layer mid-migration
1mo ago
#212
swamp model type describe fails with 'No such file' instead of rebundling when bundle is missing
k1mo ago
#211
Implement W1: Repository and RowState (extension catalog rearchitecture)
s1mo ago
#210
feat: swamp extension verify — opaque extension-lifecycle verification primitive
1mo ago
#209
Schema-invalid extensions loop in rebundle path: catalog row never updates after first failed validation
s1mo ago
#208
swamp model type search is slow (~8s) and re-bundles all extensions on every call
s1mo ago
#207
Per-extension layout migration drops Claude skill from @magistr/good-planning
s1mo ago
#206
swamp extension outdated crashes on empty repo (Stream ended...)
s1mo ago
#205
Docs: extension install/pull/update sync-to-manifest behaviour
1mo ago
#204
Add process-level install lock around installExtension
s1mo ago
#203
Docs: extension commands reference
s1mo ago
#202
swamp extension install/pull does not prune source files dropped between versions, causing catalog to re-index orphans
s1mo ago
#201
Catalog retains stale source-file entries when extension version drops a file; no native prune/repair
1mo ago
#200
Document and surface a native cache-refresh path so agents stop doing cache surgery
1mo ago
#199
swamp should warn when installed extensions are outdated
s1mo ago
#198
Catalog retains stale source-file entries when extension version drops a file; no native prune/repair
1mo ago
#197
Document and surface a native cache-refresh path so agents stop doing cache surgery
1mo ago
#196
swamp should warn when installed extensions are outdated
1mo ago
#195
Skill/prompt guidance: prefer the bundled deno when no system deno is on PATH
s1mo ago
#194
Vault backend backed by GitHub Actions Secrets (read via gh token)
s1mo ago
#193
Re-enable Windows tests as deno compile for Windows lands
1mo ago
#192
swamp-club extension card no longer exposes @ns/slug as contiguous text
k1mo ago
#191
Docs: multi-tool repo support
s1mo ago
#190
swamp vault: vendor-specific annotations (e.g. 1Password notesPlain, tags, custom fields)
1mo ago
#189
swamp model method run: --foreach to fan out across instances
1mo ago
#188
swamp workflow validate: actionable error messages and template scaffolds
1mo ago
#187
swamp CLI cold-start latency (~5–7 s per invocation) compounds in workflows that shell out
1mo ago
#186
Workflow tasks should support ephemeral model instances (modelType + globalArgs) so workflows are zero-prereq
1mo ago
#185
CEL expression evaluator throws 'Unhandled node type: string'
s1mo ago
#184
cli: agents need to add ripples (comments) to issues via the CLI
s1mo ago
#183
quality: models and additionalFiles paths resolve relative to different directories
s1mo ago
#182
quality: has-readme/has-license miss additionalFiles in subdirectories
s1mo ago
#181
Add swamp data delete command to remove a data artifact by model and name
s1mo ago
#180
add `swamp doctor extensions` subcommand for on-demand extension load diagnostics
s1mo ago
#179
AI agent skipped adversarial review step before smoke testing extension code
s1mo ago
#178
Better Auth rejects requests on hostnames not in hardcoded trustedOrigins (signup/signin broken on non-canonical hosts)
k2mo ago
#177
Local extension models in extensions/models are not discovered in fresh repo tutorial flow
s1mo ago
#176
ticket 1138 not clear - can we still use github?
2mo ago
#175
Drag Windows into the Swamp
s1mo ago
#174
Add `swamp extension test` command to run built-in extension tests with coverage
1mo ago
#173
swamp repo init --tool kiro does not create .kiro/settings/cli.json
s1mo ago
#172
Support multi-agent repo initialization (multiple --tool targets)
s1mo ago
#171
CLI dumps 300-line Cliffy Command object on unknown flags / subcommands
s2mo ago
#170
Docs: repository-configuration.md missing defaultDriver / defaultDriverConfig
ks1mo ago
#169
Server-side parse query params on /lab/all so refresh preserves multi-filter URLs
k1mo ago
#168
fast-path sidecar TOCTOU: post-op HEAD can record generation from a concurrent writer's push, masking their data on next sync
s2mo ago
#167
Scorer should honour files/deno.json imports so bare specifiers resolve
s2mo ago
#166
@swamp/gcs-datastore: same minutes-slow zero-diff sync cliff as lab/164; mirror fingerprint fast path
s2mo ago
#165
cleanup for repoDriver
kj4d ago
#164
swamp datastore sync is minutes-slow at 4k-file scale even with zero-diff; outer 300s timeout fires
s2mo ago
#163
swamp-extension-publish skill: add quality rubric check before push
s2mo ago
#162
New @swamp extension: extension quality rubric checker for CI
s2mo ago
#161
swamp-extension-quality and swamp-extension-publish skills don't guide zod import map resolution for scorer
s2mo ago
#160
swamp repo upgrade deletes extension model source files
s2mo ago
#159
Add repo-level `defaultDriver` to `.swamp.yaml`
k2mo ago
#158
User report extensions registered lazily are silently skipped during method execution
s2mo ago
#157
swamp extension install: datastore push hangs ~8.5m then crashes with Deno TLS panic (tls_wrap.rs:1918 unwrap on None)
s2mo ago
#156
Add a preflight diagnostic for AI-tool audit integrations (so upstream CLI changes stop breaking us silently)
s2mo ago
#155
audit record --from-hook silently drops input from kiro-cli postToolUse hooks
16d ago
#154
codegen pipelines don't detect _lib/*.ts changes so manifest CalVer never bumps
2mo ago
#153
Link to namespace extensions listing from profile pages
s2mo ago
#152
Trailing slash on /extensions/@<namespace>/ returns 404
s2mo ago
#151
No way to browse all extensions belonging to a collective by URL
s2mo ago
#150
DatastoreProvider.resolveCachePath declared optional but silently required at runtime
s2mo ago
#147
Accept-invite link returns HTML instead of JSON, breaking collective join
s2mo ago
#146
additionalFiles flatten to basenames on push and lack a runtime access API, creating a source-vs-pulled layout mismatch
s2mo ago
#145
Extension search returns inflated results for quoted phrase queries
s2mo ago
#144
Docs: document jsr:/https: imports and non-local pinning convention in user-facing manual
s2mo ago
#143
First-class jsr: specifier support in extension bundler
s2mo ago
#142
Cross-extension code sharing via manifest exports field
2mo ago
#141
Extension models: document/resolve implicit-any in execute parameters when imported by test files
s2mo ago
#140
extension yank: allow unyank and version-specific yanks
s2mo ago
#139
extension source add does not discover brand new types — only overrides already-pulled types
s2mo ago
#138
Add light mode to swamp.club and swamp open UI
1mo ago
#137
Add 'swamp open' command to open the swamp.club web UI
1mo ago
#136
Add light mode to swamp.club website
1mo ago
#135
Datastore sync surfaces opaque errors from extensions verbatim — no status code or body preview
s2mo ago
#134
@swamp/s3-datastore: first-attempt 403 masked as "UnknownError" from AWS SDK deserializer
2mo ago
#133
Extension auto-resolve reports "already_installed" for truncated pulled-extension trees
2mo ago
#131
Email delivery for mention notifications
1mo ago
#130
Auto-update WARN is silent in --json mode (logger suppresses non-fatal)
s2mo ago
#129
open.ts web UI uses force:true pullExtension, same data-loss family as #126
s2mo ago
#128
Port bundle_freshness (content-fingerprint cache invalidation) to reports / drivers / datastores / vaults loaders
s2mo ago
#127
Mentions and notifications system for issues
s2mo ago
#126
Datastore auto-update in resolve_datastore.ts uses force:true, risking silent overwrite of local edits
s2mo ago
#125
Per-repo user-extension bundle cache doesn't invalidate on source changes
s2mo ago
#124
Adding methods to in-body `methods:{}` on `export const model` doesn't re-register
s2mo ago
#123
User extensions silently dropped when base type not yet registered at scan time
s2mo ago
#122
Footer floats when page content is shorter than viewport
s2mo ago
#121
workflow validate can silently overwrite local edits to pulled extensions via force-pull in auto-resolver
s2mo ago
#120
Extension pull should namespace files by extension to prevent filename collisions
s2mo ago
#119
Update CLAUDE.md co-author instructions to use swamp-club issue author lookup
s1mo ago
#118
Add swamp issue get CLI command to fetch issue details
s1mo ago
#117
swamp-club API: include issue author in GET /api/v1/lab/issues/{number} response
s2mo ago
#116
Install command curl-pipe-sh overflows the component on swamp.club homepage
s2mo ago
#115
'Assigned to me' overlaps 'Privacy policy' on short viewports
s2mo ago
#114
Collapsible left rail and repositionable right rail in Lab
k2mo ago
#113
Usernames aren't linked to their profile pages
k2mo ago
#112
Filter lab issues by author (opened by user)
k2mo ago
#111
Add skills extension type for bundling agent/human guidance documents
s2mo ago
#110
Remove traffic lights in column 2 of /lab
ks2mo ago
#109
Multi-select combo filtering on /lab
k2mo ago
#108
data gc skips version-count GC when no lifetime-expired data exists
k2mo ago
#107
Content filter should identify the flagged word or phrase
k2mo ago
#106
Bog flow: text rendering and layout issues
k2mo ago
#101
Flow modal: text rendering issues
k2mo ago
#99
Normalize text sizing across issue list and detail views
k2mo ago
#98
Description 'Show more' button appears even when text fits
k2mo ago
#97
Inline editing: click-to-edit fields instead of pencil icons
ks2mo ago
#96
Persist lab filter selection in localStorage
k2mo ago
#95
Update how-to guide with swamp-extension-publish skill
s2mo ago
#94
Fix incorrect favicon in Google search results
2mo ago
#93
Missing section on user profile page for wendy
s2mo ago
#92
Extension skills missing repository initialization and publishing prerequisites
s2mo ago
#91
Vault CEL expressions replaced with VaultSecretBag sentinels after model type upgrade
k2mo ago
#90
Audit: modelRegistry.get() without ensureTypeLoaded() in YAML repository save() paths
s2mo ago
#89
Cross-model expression validator fails on lazy-loaded types — modelRegistry.get() bypasses ensureTypeLoaded
2mo ago
#88
forEach.in with data.latest() throws misleading 'got: object' error for unresolved Promise
s2mo ago
#86
issue-lifecycle models should support --assignee for swamp.club issues
s2mo ago
#85
Driver capability registry: declare richer execution capabilities at driver design time
s1mo ago
#84
Consolidate MethodReportContext construction — manual and workflow report paths build contexts divergently
s2mo ago
#83
Workflow-level workspace for docker driver: stateful multi-step workflows
s1mo ago
#82
"OG Swamper" badge inconsistent
k2mo ago
#81
Workflow-scope user extension reports don't execute: getAll() excludes lazy-loaded reports
s2mo ago
#80
Improve skill trigger routing accuracy across models
s2mo ago
#66
Add GitHub Copilot IDE support
s2mo ago
#65
Phase 1: /feed — judge-gated content stream
k2mo ago
#64
Add reactions and Giphy integration to comments
2mo ago
#63
Architecture violation: search route imports directly from lib/infrastructure
s2mo ago
#62
Introduce domain events to formalize the telemetry-to-consumer pipeline
2mo ago
#61
Refactor: move telemetry track() calls from route handlers to application services
s2mo ago
#59
Reindex path feeds error events to consumer, bypassing filtering
s2mo ago
#58
Custom swamp-themed avatar generator with daily rerolls
1mo ago
#57
Profile content links with scoring for community contributions
2mo ago
#56
Score extension pull events for extension authors
s2mo ago
#55
Score daily sign-in events with streak multiplier
s2mo ago
#54
Score sign_up events in the telemetry pipeline
2mo ago
#53
Score extension publish events in the telemetry pipeline
s2mo ago
#52
Add 'award' telemetry event type for arbitrary score grants
1mo ago
#51
Bug: authenticated pulls always shows 0 on profile page
2mo ago
#50
Decouple identity_map from main app: username renames via event, not shared DB
2mo ago
#49
Optimise MongoDB Search Queries
2mo ago
#48
Transactional emails on login with google/similar
2mo ago
#47
Add rate limiting to send-verification-email endpoint
2mo ago
#46
Add authentication or rate limiting to check-verified endpoint
2mo ago
#45
swamp data query for morning-message in hello-world tutorial returns nothing.
a2mo ago
#44
Document vault migrate command in reference docs
s2mo ago
#43
Locks on long running actions
2mo ago
#42
issue-lifecycle skill: improve resumption and close-out guidance
s2mo ago
#41
deprovision: firewall deletion fails with resource_in_use immediately after server delete
s2mo ago
#40
swamp workflow validate should check step inputs against method's required arguments
s2mo ago
#39
data.latest() returns null when new data written while _catalog.db is already marked populated
a2mo ago
#38
Bundle cache fallback silently skipped when source and bundle have equal mtimes
s2mo ago
#37
Add vault migrate command to move secrets between vaults
s2mo ago
#35
Consolidate method execution paths — workflow steps and manual runs build MethodContext divergently
k2mo ago
#33
CatalogStore constructor runs createSchema before migrateIfNeeded; v1→v2 upgrade fails on existing repos
a2mo ago
#32
discord-bot poller double-processes events with >1 replica
2mo ago
#31
datastore sync: clean up zombie _catalog.db* entries from remote index and S3 bucket
2mo ago
#30
datastore sync --push runs pushChanged() twice per invocation (coordinator dedup)
2mo ago
#29
datastore sync --push fails on _catalog.db-wal: catalog SQLite DB lives inside the S3 sync cache
2mo ago
#28
.swamp/datastore-bundles/ leaks into deno lint and deno fmt scans
2mo ago
#27
deno run audit task missing --allow-env flag
2mo ago
#26
Error when submitting a new issue manually
2mo ago
#25
Green text on issue details is a lot
2mo ago
#24
evals/promptfoo: bump hono and @hono/node-server to clear 6 dependabot alerts
2mo ago
#21
issue-lifecycle: COMMENTED PR review can overwrite a prior decisive state in fetchPrReviews
2mo ago
#20
Add agent-constraints/ for issue-lifecycle skill
2mo ago
#19
@swamp/aws/ec2: auto-generated models lack list, tag, and factory-compatible update methods
2mo ago
#18
@swamp/digitalocean/space-key stores secret in plaintext - should mark as sensitive
2mo ago
#17
Add Azure provider pipeline to codegen
1mo ago
#16
feat: Namespace.so execution driver for remote workload execution
2mo ago
#15
Add macOS Keychain vault type
2mo ago
#14
Add uniform bucket-level IAM support to @swamp/gcp/storage
s1mo ago
#13
Expand DataRecord with first-class provenance fields; remove all hidden scoping from data access
a2mo ago
#12
feat: Private extensions
29d ago
#11
Workflow execution repeats #1091: cross-model CEL expression validation fails for unresolved types
s2mo ago
#10
context.readModelData returns different results depending on invocation context (manual vs workflow)
s2mo ago
#9
Handle sensitive fields gracefully when no vault is configured
s19d ago
#8
Vault reads for model global arguments are cached at workflow start, making in-workflow token refresh ineffective
2mo ago
#7
feat: approval gates for workflow steps and jobs
2mo ago
#6
Install script: curl fails TLS verification for swamp.club (certificate chain)
2mo ago
#5
Extension Patches: contribution workflow for community extensions
1mo ago
#4
Feature: swamp issue for extensions — bug reports, security disclosures, and author notifications
s2mo ago
#3
Support 'swamp <app> run' as containerized entrypoint for easy onboarding
1mo ago
#2
Persistent runner / server mode to eliminate per-invocation CLI startup overhead
2mo ago
#1
feat: add support for Nix via a flake
s1d ago
← Back to list
6/19/2026, 2:50:08 PM
01Issue
FeatureShippedSwamp CLI
Assigneesstack72
Relationships
↑ child of #662#688 serve-auth: wire AccessDecisionService into serve chokepoints for authorization enforcement
Opened by stack72 · 6/19/2026· Shipped 6/19/2026
Parent
Sub-issue of #662 (serve authentication & authorization). Layer 5.
Dependencies
- ✅ #672 — AccessDecisionService
- ✅ #681 — Remote grant management + reload
- ✅ #682 — Auth config schema
- ✅ #683 — Admin materialization
- ✅ #685 — `mode: token` authentication (principal on connection)
Summary
With #685, the server knows WHO is connecting (a `Principal` on every authenticated connection). This issue wires in the check for what that principal is ALLOWED to do — every control plane request is checked against the AccessDecisionService before execution.
Currently the `_principal` parameter on `handleConnection()` is unused (prefixed with underscore). This issue makes it load-bearing: the principal is threaded through to every handler, and each handler checks the principal's grants before proceeding.
Enforcement points
Four chokepoints in `src/serve/connection.ts`, each requiring an authorization check:
| Handler | Request type | Resource | Action |
|---|---|---|---|
| `handleWorkflowRun()` | `workflow.run` | `workflow:` | `run` |
| `handleModelMethodRun()` | `model.method.run` | `model:` | `run` |
| `handleAccessGrantList()` | `access.grant.list` | `access:grant` | `read` |
| `handleAccessGroupList()` | `access.group.list` | `access:group` | `read` |
Additionally, grant/group mutations (create, revoke, add-member, etc.) flow through `model.method.run` with `typeArg` of `swamp/grant` or `swamp/group`. These need `admin` on `access:*`.
`access.check` and `access.reload` also need `admin` on `access:*`.
What to build
1. Thread principal through all handlers
Remove the underscore from `_principal` in `handleConnection()`. Pass it to every handler function. Each handler receives the principal alongside the existing parameters.
2. Build an authorization check helper
A function that takes the principal, action, resource, and the policy snapshot, and either returns (allowed) or throws/sends an error frame (denied):
```typescript function authorizeOrReject( socket: WebSocket, requestId: string, principal: Principal | null, action: Action, resource: AccessResource, ctx: ConnectionContext, ): boolean ```
When `authConfig.mode` is `none`, always returns true (no enforcement). When enforcing (`token` or `oauth`):
- If principal is null, send error frame and return false
- Build an `AccessPrincipal` from the principal (collectives come from the principal's claims — for `mode: token` phase 1, collectives are empty)
- Call `AccessDecisionService.decide()`
- If denied or no matching grant (null), send an `rpc.error` frame with a clear message and return false
- If allowed, return true
3. Insert checks at each chokepoint
`handleWorkflowRun()` — check before `executeWorkflowWithLocks()`: ``` authorize(principal, "run", { kind: "workflow", name: payload.workflowIdOrName }) ```
`handleModelMethodRun()` — check after definition lookup (we need the resolved model type):
- For `swamp/grant` and `swamp/group` model types: require `admin` on `access:*`
- For all other models: require `run` on `model:`
`handleAccessGrantList()` and `handleAccessGroupList()` — check at the top: ``` authorize(principal, "read", { kind: "access", name: "grant" }) authorize(principal, "read", { kind: "access", name: "group" }) ```
`handleAccessCheck()` and `handleAccessReload()` — check at the top: ``` authorize(principal, "admin", { kind: "access", name: "*" }) ```
4. Resource fields for CEL conditions
Where possible, populate the resource `fields` map so CEL conditions can evaluate:
- Workflow: `{ name, tags, collective }` from the workflow definition (if resolved)
- Model: `{ modelType, collective }` from the definition
- For access operations, fields can be empty (conditions on access grants are rare)
5. Error response format
When authorization fails, send an `rpc.error` frame: ```json { "type": "error", "id": "", "error": { "code": "unauthorized", "message": "Access denied: user:adam does not have 'run' on workflow:@acme/deploy" } } ```
The error message should include the principal, action, and resource so the user knows what to request access for.
Scope
- Thread principal through all handler functions in connection.ts
- Authorization check helper using AccessDecisionService
- Checks at all four chokepoints + access.check + access.reload
- Access model mutations require admin on access:*
- `mode: none` bypasses all checks (existing behavior preserved)
- Tests: authorized requests succeed, unauthorized requests get error frames, mode: none passes through, admin operations require admin grant
Out of scope
- `can-i` command — separate layer 5 issue
- Hard refusals — layer 6
- OAuth — layer 4 item 3
- Data plane authorization (already handled by dispatch-scoped writes)
References
- Connection handler: `src/serve/connection.ts`
- AccessDecisionService: `src/domain/access/grant_based_access_decision_service.ts`
- PolicySnapshotLoader: `src/domain/access/policy_snapshot_loader.ts`
- Auth config: `src/domain/access/serve_auth_config.ts`
- Access types: `src/domain/access/access_decision_service.ts`
02Bog Flow
Shipped
Click a lifecycle step above to view its details.
03Sludge Pulse