Scorecard: beta/rc-only extensions show "not scored" despite successful scoring (GET /score resolves only latestVersion)
`swamp extension search --channel beta|rc|stable` ignores the filter — all channels + the no-flag default return an identical result set
Beta-channel extensions are never scored — perpetual 'Scoring is taking longer than expected'
feat: allow models to call other models mid-execution via context.runModel()
swamp-club: enable OAuth provider for swamp serve collective-based admission
extension update/install reports new version while on-disk pulled files stay old
command/shell: step with timeout + a surviving child process reports exit -1 despite command exiting 0
swamp serve startup/shutdown is very slow on large repo and lacks diagnostics
Vault push log overstates what left the machine: Pushed N vault file(s) to datastore counts every dirty file, not just vault files
serve-auth: mode: oauth — device grant client + collective-based admission
serve-auth: enable OIDC Provider + Device Authorization plugins in swamp-club
Orphaned data (migrated-away/deleted model) can't be GC'd or deleted
Docs: document swamp data prune (orphaned-data reclamation)
UAT: CLI coverage for swamp data prune (orphaned-data reclamation)
Session credential revocation scans entire credential map on every dispatch completion
Docs: update worker-commands.md for --all flag and JSON output change
datastore migrate-index aborts on hardcoded 30s S3 requestTimeout for large shards
swamp worker list: hide disconnected workers by default, add --all flag
swamp serve should survive bad extension failures
Worker fleets phase 7: how-to guides and explanation docs
swamp serve: catch unhandled promise rejections from extensions
[@adam/cfgmgmt] SSH helper can crash swamp serve via unhandled finally() rejection
Docs: add --server-token flag to worker connect reference
Add --server-token to worker connect for authenticated orchestrators
Docs: document --trusted-hosts flag for swamp serve
Document SWAMP_SERVE_EXTRA_HEADERS for reverse proxy/tunnel setups
Add --trusted-hosts flag to swamp serve for Docker/Kubernetes worker connections
Allow swamp clients to send custom headers when connecting to swamp serve
Docs: update serve-flags.md default queue timeout from 60s to 10m
Worker fleets phase 6: raise default queue timeout to 10 minutes
Worker fleets phase 4b: capacity slots and concurrent dispatch
MethodContext docs/comments mention context.putSecret but runtime exposes vaultService.put
Docs: add --concurrency flag and SLOTS column to worker-commands reference
install.sh still points users to systeminit/swamp
Support user systemd units for 'swamp serve daemon enable'
swamp serve scheduled execution runs steps in an isolated data scope: readResource sees empty state, writeResource never reaches the model-scope chain — stateful scheduled workflows duplicate instead of deduplicating
Support installing swamp via mise GitHub backend
Worker fleets phase 4a: dispatch runner extraction — child process per dispatch
Docs: add swamp worker daemon enable/disable/status to worker-commands reference
Worker fleets phase 3 PR2: swamp worker daemon enable
Docs: add drain, lifecycle policies, and exit-code contract to references
Worker fleets phase 3 PR1: drain state machine, lifecycle policies, signal handling
Leaderboard search excludes ghosts — a visible ghost can't be found by its alias
issue-lifecycle: plan lifecycle entry silently dropped when summary exceeds 1000 chars
Docs: add worker verify, --verify-on-enroll, and env-var config to references
Labs - Filters do not apply to Blocked status and Billing Tier category
Worker fleets phase 2 PR2: env-var config, swamp worker verify, --verify-on-enroll
Docs: add --type flag to issue edit reference and how-to
Docs: update manual with whole-field expression syntax for workflow task inputs/globalArgs
Allow changing an existing issue to security/confidential after submission
Allow dynamic object expressions for workflow task inputs/globalArgs
Docs: update enrollment token references for fleet tokens (--max-enrollments)
Worker fleets phase 2 PR1: fleet tokens (--max-enrollments, bindings, worker naming)
$identify events are never consumed — anonymous web history never binds to the account
Worker fleets phase 1 PR3: boot reconciliation and integration test
Login success still shows login tip
Support confidential visibility for non-security issues
Fine-grained scopes for swamp.club access tokens
Add associative info to user profiles: collective membership + collaborative contributions
Remove comments from /feed and redesign the page
feed_post_score_events queue grows unboundedly (no TTL, no delete-on-delivery)
Make paid subscribers visually stand out (badge, profile popup summary)
Relax the profanity filter
Giphy integration via /giphy command
@-mention autocomplete for users when writing lab ripples
Worker fleets phase 1 PR2: step_queued events, pending-dispatch model, queue introspection
Docs: add swamp worker queue to worker-commands reference
/lab shipped list is sorted by issue number, not ship date
Docs: update manual for ephemeral data and step-output dependency deferral
Docs: update remote execution references for elastic queueing
Support dynamic host discovery from external sources
Worker fleets phase 1: elastic queueing
catalog backfill should support scoped population for targeted lookups
Docs: document global skill sync behavior for custom tools in manual
swamp update syncs global skills to default agent directories instead of configured custom Pi skillsDir
coerceToSuffix does not sanitize path-unsafe characters, causing forEach items and vary dimensions with / to produce invalid data instance names
Badge for activity on other people's issues
swamp serve: add @keychain=<service>/<account> indirection for secret args on macOS
swamp serve: eliminate wrapper scripts via @vault= secret refs and native startup hooks
Automate mechanical frontmatter fixes in the fixing stage
duplication criterion scores same-content skills as 100% duplicate when skill appears in multiple plugins
spell-grammar false positives on CLI flag/placeholder patterns
Collscan/index-gap pack: unindexed $or id branches (every registry request), computed-field sort kills extension browse indexes, $expr blocks pull counts, apikey.userId, workflow_runs, 1100-doc profile fetch
Implement ephemeral data as in-memory repository
Request-path external fetches with no timeout / no negative cache: profile GitHub/Discord resolution and landing-page total count (30s → 504 mechanism)
Add a 'my collective extensions' filter to extensions page
Auth hot path: 7 serial Atlas round trips per API-key request; session cookie cache dies after 5 min; session/apikey lookups unindexed
Leaderboard: window boards are unindexed full-collection aggregations ×4 per locate miss; locate fetches 4×10k rows to rank one user; search() has O(sum-of-ranks) lookup fan-out
/lab loads every issue with full markdown bodies on every request (incl. detail pages) + ~12 serial DB waves — the 3.4s avg / 30s tail
doctor extensions reports source-mounted bundles as unreferenced after repair
Agent setup suggests repo init in already initialized repos
repo upgrade reports success but extension commands still warn about pending migration
Activity projector runs on both telemetry replicas — same-day chunks can double-grant (grant_id collides but granted_at differs, ReplacingMergeTree never dedups)
Clicking on any region in the Execution Records eventually breaks the pie graph
model evaluate is slow resolving data.latest expressions in large datastores
swamp serve: model resource vault-backed sensitive fields resolve empty during served/workflow execution (readResource)
Add SSH host public key collection for host certificate workflows
datastore migrate-index ignores the repo's configured namespace (migrates bucket-root index instead)
Driving agent can wedge a workflow-stage run irrecoverably (workflow-succeeded vs dispatch limit); skill should prevent it
refactor: decompose connection.ts server handlers into domain-aligned modules
Leaderboard profile popover stuck on skeleton loader on second open
Document the run tracker across all four diataxis verticals
Add swamp datastore sync --migrate-index CLI command to trigger shard-first migration
Add how-to guides for core operations and operational tasks
Shard-first index: eliminate monolithic .datastore-index.json from commitPush critical section
Add core-concept explanation pages to the manual
SQLite run tracker subsystem for in-flight run lifecycle
Add comprehensive CLI command reference documentation to the manual
swamp audit record --from-hook exits non-zero as Claude Code PostToolUse hook despite internal try/catch design
Automated activity channel does not post on issue reopen — only open and close events are surfaced
Local extension files (export const extension) are indexed but methods not merged into target types
doctor extensions --repair should remove stale bundle entries for deleted source files
repo upgrade shadowing warning should list all shadowed skills by name
Intra-namespace write concurrency: whole-index sync under the lock serializes fan-out workloads (split from shipped #666)
Activity heatmap clips the current UTC day — uses local browser time for "today" but snapshots are UTC-keyed
hello-world tutorial: "use workflow inputs to pass..." misleads — should name CEL data.latest
docs: update swamp-serve manual reference for phase 2 --server commands
Extension skill should explicitly prohibit bare 'zod' imports (scorer sandbox fails)
serve-auth: --server support for remaining remote-capable commands (phase 2)
swamp serve --auth-mode token: redeem reads token-main as null → every valid token rejected 'Authentication failed' (real error hidden at debug)
Pre-sync pull aborts the whole command when an index entry's S3 object is missing — no built-in way to recover
GCS pushChanged bulk-walk deletion gate uses bulkInvalidated instead of dirtyPathsOverflowed, diverging from S3
Global skills should auto-sync when binary version advances
swamp serve: hardcoded WebSocket host allowlist makes it unusable behind a reverse proxy (no --trusted-hosts/--allowed-origins)
Extension detail page shows deno doc module-not-found failure for published extension
swamp serve writes grant model files to ./models/swamp/grant/ instead of .swamp/
Local model source edit may not change the bundle cache key — rebuilt bundle shadowed by an older same-hash copy on a shared S3 datastore
serve: catalog backfill is unbounded and unsafe on large repos
serve: V8 out-of-memory crash during catalog init on large repos (regression from #841)
Council: set the scoring balance — command tiers, farm-decay parameters, cross-category ratio
Scoring coverage gaps: instrument drop-off, score ripples/mentions, reward invite-converts
Score-refresh consumer: harden coalescing against a diverse backlog (bistability)
autoGc emits auto_gc_completed event on --json stdout, breaking single-parse consumers
copy/rsync ignores transport extraOptions (and proxyCommand), unlike exec/script
Model method execution overhead: 10s+ per trivial operation, global lock prevents concurrency
Epic #847 · Unit 2: score_grants append-only ledger write-model in Mongo (shadow, no read flip)
feat(clickhouse): tracked archive→CH backfill tooling (backfill.sql)
feat(clickhouse): idempotent DDL migration path for running prod (#859 deliverable 2)
chore(clickhouse): retire S3-backed v1 + s3 objects after #859 cutover
Decouple prod ClickHouse from S3 (drop storage_policy=s3_main) + add a DDL migration path
Epic #847 · Unit 1: Land the ClickHouse projection foundation (schema + init SQL + compose service)
Extension publish score is non-monotonic: yanking versions lowers a user's score
Docs: add --ws-idle-timeout to serve flags reference
Live Swamp Club event console on /feed — scrolling stream of all non-sensitive events
Make serve WebSocket idle/keepalive timeout configurable (untunable default aborts runs when serve's loop briefly blocks)
serve startup time regression: synchronous catalog init delays WebSocket listener by ~4.5 minutes
Docs: update extension info reference with content metadata output
Surface extension type+method detail in CLI to eliminate expensive discovery loops
Remove feed comments — consolidate discussion in Discord
Expose run/job/step identifiers as SWAMP_* env vars + CEL values, and template placement selectors (extends #331's run.id)
Docs: document @env= and @file= webhook secret indirection in swamp-serve reference
fix: add .namespace.json to isInternalCacheFile() in datastore extensions
fix: datastore sync --push deletes the namespace registration manifest (canonical namespace flow un-registers itself)
docs: document swamp serve daemon enable/disable/status subcommands
docs: document execution cancellation commands and cancelled status
docs: bundled swamp agent skill lacks datastore-namespace guidance (giga-swamp)
Batch / prefix delete for swamp data delete (single lock acquisition)
docs: document autoGc config option for automatic garbage collection
data query --select crashes on BigInt: "Do not know how to serialize a BigInt" when CEL size() reaches the JSON renderer
Opt-in automatic garbage collection for datastore data
Telemetry watcher has no replica coordination: N replicas double-process the same batch (non-atomic find→updateMany claim)
Telemetry recoverOrphaned startup race with multiple replicas (created_at-based)
Telemetry retry/failed path has the same non-atomic claim as #820
Skill guides lack progressive reveal boundaries — agents over-read by 4x
Execution cancellation: abort stuck workflow runs and model method runs, bulk cleanup, and daemon-restart reaping
swamp repo upgrade should check git status and commit (or surface) the files it changes
UAT: swamp workflow evaluate/run with forEach dynamic workflowIdOrName targets
Resolve dynamic workflow task targets inside forEach
swamp data: accept named flags (--model/--name) instead of positional model/name args
Telemetry drain still capped ~80-100/s in prod: per-username full-history re-aggregate is O(users) sequential per batch (deferred #817 fix #4)
Telemetry ingest is consumer-bound: counter & stats dedup via O(N) sequential insertOne, throughput stuck ~20 events/s regardless of BATCH_SIZE
Add macOS launchd integration for swamp serve
Leaderboard and profile streak not reporting
Same-namespace writers fully serialize on the per-namespace lock — could maintenance/append writes avoid holding it?
Could method-summary report artifacts get a default retention cap? They grow to dominate the datastore manifest
Docs: document .? optional select for null-safe CEL data access
Docs: update vault inspect output in manual reference
Datastore should fail fast on unresolvable credentials instead of stalling on the AWS provider chain
Bundled extension workflows should auto-register on install
Optional scheduled / automatic datastore GC (retention-policy-driven pruning)
Notify issue author/participants on ripples & status changes — with Discord bot DM as a delivery channel
Batch step 2 of enrichAuthorPlans (per-collective subscription reads)
Cron scheduler should re-evaluate workflow definition when source file changes
Per-model LockTimeoutError at 60s causes cascading failures under concurrent access
Single __global__ datastore lock serializes unrelated writes across all repos/namespaces
Add SWAMP CLUB wordmark logo next to sc-mark.png in TRADEMARKS.md
Add SWAMP CLUB wordmark logo next to sc-mark.png in TRADEMARKS.md
pushChanged does not implement absence-on-disk deletion (markDirty contract rule #2)
pushChanged does not implement absence-on-disk deletion (markDirty contract rule #2)
swamp data gc prunes the catalog but never deletes objects from S3 datastores (markDirty hook not wired) — sync manifest never shrinks
Add `vault delete` support to @swamp/1password extension
Add `vault delete` support to @swamp/azure-kv extension
Add `vault delete` support to @swamp/aws-sm extension
Docs: document trigger.inputs for scheduled/webhook workflows in the manual
serve --webhook usage string makes <header> look optional for generic scheme
Leaderboard window baseline: 90-day cutoff zeroes returning-dormant users (latent, 0 impact today)
SKILL.md Common Commands: model create uses wrong @<type> prefix
SKILL.md Common Commands: model type search uses wrong command and syntax
docs: swamp serve user guide
Yank semantics inconsistent: all-versions-yanked acts as a free hidden/private extension; extension-level yank hard-blocks re-push
swamp issue bug times out posting to the Lab while swamp-club.com returns HTTP 200
telemetry stats fatally fails to load an installed datastore extension (auto-resolve path); all other commands load it fine
extension source: install skills from source-path extensions
serve: webhook scheme not surfaced in startup event, health endpoint, or log line
Add deleteResource to MethodContext and document dataRepository.delete in skills
Trajectory chart: current-day x-axis label is clipped at the right edge
Docs: update Copilot how-to for audit hooks support
tf plan: FETCH_BUNDLE PAGE_FETCH_ERR / NO_STATES on cleanup-only plan (no resource changes)
Slack webhook pre-body gate only checks signature header, not timestamp
Document model-method data-mutation surface (dataRepository.delete, findAllForModelSince, queryData)
Homebrew formula
Dead code: verifySignature in webhook.ts superseded by verifier abstraction
workflow resume holds the global lock across the resumed step, deadlocking any datastore op the step performs
serve-auth: add --server support to data, model, workflow, vault, audit, summary, and report commands
Extension search returns edit-distance noise for short queries ("asdl" → "AWS DEADLINE")
swamp.club extension view: multi-line code fence in manifest description renders each line as a separate inline code span
Telemetry not synced to swamp-club: local queue accumulating ~3 days despite valid auth
remote-execution.md tutorial claims hello-world repo already has a vault configured, but it doesn't
extension pull serves a stale version that disagrees with search (honors a legacy per-extension serverUrl)
Support pluggable webhook signature verification schemes (Linear, Stripe, generic)
Data-driven webhook signature verifiers (avoid a code change + release per provider)
Pass webhook payload to triggered workflow as inputs (CEL or path-based extraction)
forEach with concurrency intermittently fails child workflow runs with 'Bad resource ID'
#welcome channel references "System Initiative" instead of "Swamp"
Support trigger.inputs for scheduled workflows
Add workflow cancel command and stale-run reaping on daemon restart
Replace third-party trademark symbol with Swamp Club (SC) mark in TRADEMARKS.md
Eager render stack (Ink/yoga-layout + marked-terminal) adds ~540ms to every command's startup
Update Copilot support
serve-auth: swamp access token rotate command
serve-auth: alias 'swamp access policy' as alternative to 'swamp access grant'
No self-serve way to rename username (sntxrrgithub -> desired sntxrr) after GitHub SSO signup
Tutorial 'Publish an extension': examples hardcode @stack72 collective, breaks copy-paste publish step
serve-auth: add --server support to all read/query/operations commands
Tutorial "Validate with a dry run" section shows stale extension push --dry-run output
Extension dev workflow doc recommends `deno check` but deno isn't bundled or detected
serve-auth: SWAMP_SERVE_URL env var as default for --server flag
Tutorial extension search "entropy" zero-result example is now stale
swamp serve: support auto-restart via macOS LaunchAgent or systemd
Extensions should be able to declare required named model instances
serve-auth: swamp access can-i — user self-service permission check
Official @swamp/linear extension — first-class Linear API model type
serve-auth: hard refusals for off-loopback without TLS or auth
serve-auth: wire AccessDecisionService into serve chokepoints for authorization enforcement
serve-auth: mode: token — server token authentication on WebSocket connections
Allow referencing bundled workflows by name without UUID filename
sensitive-arg guard rejects an all-vault.get() record/map as a "literal", blocking definition migration
serve-auth: mandatory admin materialization from config at startup
serve-auth: auth config schema and mode flag for swamp serve
serve-auth: remote grant management via swamp access --server
serve-auth: declarative grants file with startup reconciliation
serve-auth: swamp access CLI commands
Docs: add server-side TLS reference for swamp serve --cert-file/--key-file
Support epoch seconds as the version suffix to avoid push collisions
serve-auth: static TLS for swamp serve
docs: TLS setup guide for swamp serve (direct and reverse proxy)
serve-auth: client-side server credential storage
serve-auth: server token built-in model
Telemetry flush blocks command exit, adding ~1.2s p50 to every invocation
serve-auth: AccessDecisionService with in-memory policy snapshot
serve-auth: sealed CEL grant-condition environment
serve-auth: access bounded context — Grant, Group, and shared value objects
data gc --dry-run ignores the flag and performs a destructive GC
Private / org-scoped collectives with member ACLs
serve-auth: Group aggregate + built-in model
@swamp/aws/cloudformation: expose StackSet instances, drift, and operations (Cloud Control cannot)
extension pull: detect ghost-row conflicts and suggest swamp doctor extensions
Design: serve authentication & authorization (TLS, OAuth, access control)
extension push: adversarial-review report hash is platform-dependent (macOS vs Linux), so committed reviews never match a cross-OS runner
Private collectives
Can't click on repository from swamp extension search.
Remote Execution tutorial
`extension quality` false-positive bare-import detection on string literal "flexible"
Honour AWS profile default region when 'region' globalArg is omitted
Remote execution: comprehensive reference documentation
datastore setup migration relocates and deletes repo-root .swamp/secrets, breaking all local_encryption vault.get
model search --json returns a bare model object instead of {query, results} when exactly one model matches
model delete --json output shape doesn't match the documented {deleted, modelId, modelName, artifactsDeleted}
swamp serve does not open the UI
Registry content-type search filter can match versions absent from the displayed extension
Docs: document --compact flag for model type describe
Docs: document reports.require failure semantics in the manual (unresolvable required report fails the run)
Resource-leak test failures on main: extension_rubric_scorer_test and worker_gateway_test
Tier-up announcements never fire for direct score contributions (badge awards, feed credits)
vault read-secret mixes log output into stdout
model type describe --json: bloated output (40% duplicated specs, no compact mode) and lost method-to-output mapping drive agents to read extension source
Yanked extension version still shown as active on swamp-club.com and in 'extension search'
Reports tab on extension page is non-functional
reports.require in workflow YAML does not auto-execute pulled extension reports
Add deprecate/yank/unyank actions for own extensions on the web interface
Landing page clips the curl install command instead of rendering the full text
Extension author gitignore guidance: add .swamp.yaml and CLAUDE.md to recommended excludes
Docs: document globalArgument input reference validation in workflow validate
Expose per-run memory/CPU metrics for method & workflow executions
model method run OOMs at 4GB V8 heap on long high-fan-out methods; non-configurable heap + crash leaves run stuck in "running"
Discord role sync never assigns lower leaderboard tiers (Swamp Baby / Muck Runt / Sludge Whelp)
workflow validate: resolve model globalArguments expressions against the calling workflow's declared inputs
Extension API: allow export const extension to add resource specs, or document that it cannot
Remote execution: UAT coverage for tokens, enrollment, and dispatch
Remote execution: orchestrator/worker fan-out (replaces execution drivers)
Docs: extension-publish skill guide doesn't cover release channels
doctor extensions: pulled-extension source files reported as orphans that --repair can't evict (nested @swamp/aws/* sibling mis-attribution)
Feature: make extension yank channel-scoped (--channel) so it doesn't nuke every channel
Add a way to list registered report definitions (report search only lists results)
workflow validate: method args with a Zod .default() are treated as required
swamp update --setup-auto does not work with bluefin44 (crontab not found, should
Channel-based publishing for local extension backports
Feature: demote / withdraw an extension version from the stable channel
Inconsistent resource-field accessor: data get returns content, data query and CEL use attributes
Profile months overlap in trajectory
audit record --from-hook silently drops input from kiro-cli postToolUse hooks
correcting capitlization of Swamp, Swamp Club, and The Swamp on the swamp-club.com website
Docs: Add release channel documentation to the manual
Publish release-candidate / unstable extension versions
Guide users toward filing feature requests when @swamp extensions are missing features
UAT: Release channel CLI and adversarial tests
API: Add release channel support for extension versions (beta, rc, stable)
Test skill evals with Fable in multi-skill eval tests
Guide users toward filing feature requests when @swamp extensions lack a needed capability
Add @swamp/hetzner-cloud/server-types model for availability and project limits
Resident/warm worker mode — `model method run` has ~6s fixed per-invocation overhead that rules out latency-sensitive use
Local source-loading should discover a report co-located with its model in a paths.base:manifest extension
`vault put` inside workflow steps still acquires global `.datastore.lock` after #382
Issue submission returns wrong URL path
Dynamic resource attribute refresh for model instances
extension quality scorer mis-detects quoted phrases in comments as bare imports
extension push: credentials-sensitive-field false positive when .meta({ sensitive: true }) is on a continuation line
Feed-post scoring is a direct domain write, not a consumer of feed_post_approved telemetry
reindexByUsername re-strands pre-association history and wipes sign_in_dates
extension push: optionally sync the published bundle to the manifest `repository:` (git mirror)
Docs: vault refresh hooks (--refresh-from, --refresh-ttl, --clear-refresh)
Add 'creek' extension kind for cross-querying external systems alongside swamp data
Deprecate "No slow types" (fast-check) rubric factor on server-side scorer
first-class refresh hook for short-lived vault values (gcloud / aws-sso / kubectl-oidc token UX)
Support CI-friendly adversarial review artifacts for extension push
Quality rubric: scope "No slow types" for model extensions (consumed via model+CEL, not type imports)
extension quality fails to resolve bare specifiers — contradicts fmt no-import-prefix rule
Registry scorer fails on bare specifiers — mirror CLI fix from #505
Ability to change the email address associated with my Swamp Club Account
CI review jobs use two-dot diff that includes files the PR never touched
Official extension for GitHub repository configuration (environments, variables, secrets)
Feature request: @swamp/tailscale extension
Option to change email in your Swamp Club profile or delete account
extension push --dry-run --json reports local helper imports as bogus model entries
vault guide promotes inline secret values (KEY=VALUE) as a primary "swamp vault put" example
Docs: vault reference in manual promotes inline KEY=VALUE as primary example
GCP: support vault expressions for credentials instead of env-var-only auth
Extension model method execute lacks typed args/context — every author has to use ': any' to unblock tests
model method run: cannot pass arrays, numbers, or booleans via --input
extension push error for disallowed file types doesn't mention binaries field
workflow resume fails to register all extension model types (local and pulled) — "Unknown model type"
Support for Custom CA's
swamp help extension omits yank and unyank (machine-readable CLI schema misses real subcommands)
@webframp/hashicorp-vault: empty KV engine causes 'data.data.keys is not iterable' on vault put
swamp issue ripple logged "Posted ripple on issue #514" but the ripple is not visible on the Lab
extension rm blocked by stale /workspace bundle_types rows from prior container sessions with host repo bind-mounted
AWS: support vault expressions for credentials instead of env-var/SDK-chain-only auth
Extension source: direct-content export scan only reads first 64 KiB, silently drops exports beyond it
data get/list --workflow and workflow history get/logs cannot resolve extension-delivered workflows (Workflow not found)
extension search returns null repository fields that extension info populates
swamp-getting-started SKILL.md still references removed swamp-model / swamp-workflow / swamp-vault / swamp-extension / swamp-repo skills
Homepage install command: wrong domain and missing https:// protocol
Homepage install command: wrong domain and missing https:// protocol
@swamp/gcp/iam: add WIF pool, provider, service account, and binding support
fix: giga-swamp UAT failures — 9 bugs found during comprehensive testing
Docs: add doctor secrets and doctor vaults to the troubleshooting how-to guide
Docs: add doctor vaults subcommand and pre-flight vault validation
gcs-datastore: registerNamespace does not detect conflicts with existing registrations
Codegen: auto-merge resources across GCP API versions instead of manual ADDITIONAL_VERSION_RESOURCE_FILTER
UAT: sensitive resource output without vault produces clear pre-flight error
Validate vault availability when model has sensitive output fields
Managed skills ship with dangling reference-doc links
swamp-club: update skill references and CLAUDE.md after superskill consolidation
swamp-uat: init_test.ts asserts old skill directory names after superskill consolidation
@swamp/gcp/iam missing serviceAccounts model type
fix: datastore setup extension with namespace config doesn't scope sync or register manifest
@swamp/1password put double-escapes JSON values
@swamp/kubernetes ignores certificate-authority-data from kubeconfig for self-signed CAs
fix: namespace set on default repo writes incomplete filesystem config (missing path)
docs: giga-swamp user documentation — reference, how-to, and conceptual guide
Inconsistent failures in swamp doctor extensions (database is locked, bundle build failed)
@swamp/kubernetes 2026.06.04.1 missing upgrade path from 2026.05.27.2
feat: giga-swamp comprehensive UAT coverage
feat: giga-swamp phase 7 — Data migration commands
@swamp/ssh@2026.06.04.1 fails to load: bare zod import + missing 2026.06.04.1 upgrade entry
Extension quality/adversarial-review: add a 'published-surface hygiene' check for real infra identifiers
feat: S3/GCS extension namespace manifest support (registerNamespace/listNamespaces)
feat: giga-swamp phase 5 — CLI output + namespace management commands
Should be able to see all the issues I created by a filter "submitted by me"
swamp-extension adversarial review skill needs mandatory mechanical verification checklist
paths.base: manifest is not honored for workflows: — bundled workflows only resolve from repo root, blocking self-contained subdir layouts (sibling to #459)
Lab profanity filter rejects legitimate CLI flag tokens via substring match
feat: S3/GCS extension namespace-scoped sync support
Add platform type to issue-lifecycle extension model Zod schema
fix: datastoreSetupExtension() ignores namespace config on initial migration push/pull
swamp datastore sync --push creates global .datastore-index.json ignoring namespace config
Support vault-sourced identity keys
vault.get() expressions in extension model globalArguments are not resolved at runtime
swamp-issue skill should scrub secrets and org-specific data before submission
Copy explicitGlobalArgs before mutation in resolveOrCreateDefinition
feat: giga-swamp phase 6 — Namespace-scoped sync
Allow global arguments in direct type execution (workflow fan-out)
workflow validate: trim stale 'skipped' label from model_not_found warning
workflow validate: fail on references to unknown model instances (typo'd modelIdOrName)
Add pi coding agent support
swamp repo upgrade: ERR_SQLITE_ERROR 'attempt to write a readonly database' during extension catalog schema migration
Docs: TLS behind inspecting proxies / private CAs (system trust store, DENO_CERT, SSL_CERT_FILE)
Add issue search/list command to discover existing issues
Workflow engine resolves extension methods against base type, ignoring extension-registered methods
Support vault-resolved private key content in transport auth (not just file paths)
hashicorp-vault should read token from env
swamp workflow validate emits misleading "Extension failed to load" warning when type resolves locally
feat: giga-swamp phase 4 — CEL cross-namespace queries
Docs: document the extension push adversarial-review gate
workflow validate silently PASSES steps whose model type is a pulled extension (step-inputs skipped = false pass)
Persistent, queryable workflow runs (status / cancel from any shell)
swamp issue: add ability to edit issue title and body after submission
copy method reports success when scp exits non-zero (e.g. 255)
Enforce adversarial review gate before extension push
vault://local_encryption token does not round-trip correctly for GCP OAuth2 access tokens
Bundled Deno does not honor the OS/system CA trust store
Gator-approved feed post did not trigger Discord activity or profile points
vault annotate --url fails with query params on @swamp/aws-sm
workflow approve/resume cannot find suspended run when using S3 datastore
datastore compact VACUUM fails with ERR_SQLITE_ERROR
Report type filtering in report search
extension search: empty results from CLI despite known extensions
username_metrics projection backfill does not trigger re-scoring (stale UserScore for dormant users)
support git forge / web namespaces for collectives
workflow approve/resume cannot find suspended runs
Telemetry never retroactively credits a device's pre-association history
Docs: document swamp doctor secrets in manual reference doctor.md
Docs: document 'swamp workflow resume --input' in manual reference
Remediate existing definitions holding cleartext sensitive global arguments (follow-up to #480)
Support --input flags on workflow resume for elevated permissions and runtime overrides
Cloudflare codegen: manifest version bumps on every regeneration (README not deno-fmt-clean)
feat: giga-swamp phase 3 — Path resolver + per-namespace locking
Cloudflare: support vault expressions for API credentials instead of env-var-only auth
@swamp/ssh exec: string host selector only matches 'all', ignores host names and tags
Add integration test for sensitive-arg guard on lazily-loaded extension types (follow-up to #480)
Docs: document refusal of literal sensitive global arguments (follow-up to #480)
swamp serve scheduled workflows do not load repo extension registries
DigitalOcean: support vault expressions for the API token instead of DO_API_TOKEN env var
feat: giga-swamp phase 2 — Catalog schema v4 + repository interface
Docs: update extension-trust reference for swamp-only default + lockfile version pinning (swamp-club#465)
swamp model get does not redact `sensitive: true` fields (logs/reports/storage do)
Support vault expressions for API token instead of env var
Document manual_approval workflow step type and suspend/approve/resume flow
Stale extension bundles break after swamp upgrade
Add a manual_approval (pause) task type to workflow steps
UAT tests for manual_approval workflow commands
Add HTTP approval endpoints to swamp serve for manual_approval steps
feat: giga-swamp phase 1 — Namespace value object + config
paths.base: manifest is not honored for skills: — bundled skills only resolve from repo root, blocking multi-extension repos
Improve idempotency match field heuristic for auto-generated name resources (tagKeys, tagValues)
Orphaned .swamp/ without .swamp.yaml marker is reported as plain 'Not a swamp repository' — partial/corrupt repo not detected
@swamp/aws/iam/role-policy: PolicyDocument schema says string but CloudControl expects JSONObject
swamp CLI: send user/device identity on extension-registry HTTP calls
swamp data gc does not remove physical version directories from disk
ci: aws-check and gcp-check jobs take ~30min — rethink whether full model type-checking is needed per PR
Add extension deprecation support to CLI
Display extension deprecation state on swamp-club pages
Docs: update autoupdating how-to for Linux privileged schedulers
Support privileged autoupdate schedulers for root-owned binaries on Linux
Telemetry admin reindex endpoint is gated on a defunct @systeminit.com email domain — permanently 403
How-to: Define custom AI agent tools
Workflow-scope report execution fails with `rawType.trim is not a function`
Docs: document LaunchDaemon autoupdate for root-owned macOS binaries
version-drift check reads first `version:` literal, not export const model.version
macOS autoupdate LaunchAgent cannot update root-owned swamp binaries
extension update/pull deadlocks when the repo's datastore is the extension being updated
Add a list/discover method to dbcluster for enumerating clusters in a region
Support deepAgents CLI/SDK as a target agent
CLI telemetry forwards non-personally-resolvable identity for collective auth; distinct_id is per-machine, not per-repo
Telemetry ingest only resolves personal API keys — collective-token events are unattributed, identity_map under-claims
Datastore: lazy hydration with metadata-only setup and transparent content download
Docs: update datastore reference for lazy hydration, SyncContext, and SyncCapabilities
Default hydrationStrategy to lazy after soak period
Add list/search as a factory method that produces many data artifacts (Drive files.list, gmail messages.list, etc.)
Make GCP CRUD methods factory-aware so list-discovered resources can be managed in-place
--json output is polluted by non-JSON content, breaking machine parsing
Add extension info command for registry metadata
Slim down extension search output now that extension info exists
Datastore extensions: only write dirty partition files on push
exec fails on macOS: ControlPath exceeds 104-byte Unix socket limit
Datastore extension benchmark suite for S3 and GCS
CSS effects on swamp.club (any page) cause high CPU
GCS datastore: dirty sidecar, partitioned index, content hashing, and scoped sync
Direct execution @type prefix fails for repo-local extension model types
S3 datastore: dirty sidecar, partitioned index, content hashing, and scoped sync
Support GitHub username in swamp.club profile to fix PR attribution
dataRepository.getContent() fails in workflow-scope reports with 'type.toDirectoryPath is not a function'
Core repositories missing markDirty hook — scoped push only works on crash recovery
Add extension transfer between collectives
swamp serve: extension bundle failure at startup is silently pinned, breaking scheduled workflows with permanent 'Unknown model type'
vault put and read-secret use asymmetric path parsing; slash-put creates unreadable items
Docs: document VaultAnnotationProvider interface and extension opt-in pattern
Add VaultAnnotationProvider support to @swamp/azure-kv
Upgrade TUI graphics — better AI-generated ANSI or a Moebius hand-authored pipeline
Vault annotations: --note/--notes flag inconsistency and UX improvements
Add VaultAnnotationProvider conformance helpers to @systeminit/swamp-testing
Add VaultAnnotationProvider support to @swamp/1password
Add VaultAnnotationProvider support to @swamp/aws-sm
Extension ecosystem: shared utility library, version sync tooling, and HTTP resilience patterns
Add assertVaultAnnotationExportConformance to @systeminit/swamp-testing
Annotating vault items should be a first-class swamp operation
Scaffold new extensions to publish-ready quality (12/12) by default
Add uniform bucket-level IAM support to @swamp/gcp/storage
workflow-scope report's dataRepository.getContent returns null for data written in the same workflow run
Extension decision order should prefer @swamp/community extensions over local types
@swamp/digitalocean — add domain-records model for /v2/domains/{domain_name}/records
dbcluster state schema is missing DBClusterMembers (writer/reader, instance class)
workflow direct-execution inputs.* persist as globalArguments on auto-definitions and freeze on first run
Harness detection invents env vars for kiro/opencode/codex
Extension METHODS table truncates Method column; short names like apply/check wrap mid-word on /extensions/@swamp/ssh
swamp-report skill references nonexistent `swamp model report` command
Docs: update extension scoring documentation for dependency-trust rubric factor
cloudidentity API calls fail with 'requires a quota project' — bundle doesn't send x-goog-user-project header
Make wheelshop-style dependency trust-gating a core swamp feature
Warn when a ${{ }} secret expression is single-quoted in a command/shell run: script
Workflow validation should resolve modelType for direct-execution steps
Add dependency-trust rubric factor to server-side scorer (RUBRIC_VERSION 3)
Add IAM policy management (setIamPolicy/getIamPolicy) on cloudresourcemanager resources; add custom-role CRUD to @swamp/gcp/iam
swamp extension rm leaves empty <kind>-bundles/<hash>/ dirs behind
Datastore sync: add SyncContext and SyncCapabilities framework contracts
@swamp/gcp/cloudresourcemanager/folders: create method has 5 blocking bugs (missing parent in body, LRO detection, post-LRO state, idempotency, projectId requirement)
issue-lifecycle: thank external contributors when issues are resolved
swamp repo <unknown-subcommand> silently inits a nested repo (e.g. `swamp repo update`)
Pre-flight checks cannot access method arguments (check context omits methodArgs/unresolvedMethodArgs)
swamp audit record --from-hook creates a stray .swamp datastore in the process cwd instead of resolving the repo root
extension push publishes model files ending in _test.ts that no consumer can load
Docs: document --extensions-dir / SWAMP_EXTENSIONS_DIR for worktree workflows
@swamp/ssh exec method fails with 'ctx.createCelEnvironment is not a function'
`swamp extension rm` leaves empty scaffold dirs behind
swamp CLI commands fail silently or hang when invoked from git worktrees via SWAMP_REPO_DIR
No user feedback when model method run is waiting for lock acquisition
Many CLI commands acquire global .datastore.lock unnecessarily, causing 60s LockTimeoutError under any concurrent writer
Add swamp extension prune to clean up stale catalog entries
identity_map row not updated when user renames
Expose cel-js Environment to extensions for custom CEL evaluation
swamp issue get should rate-limit unauthenticated users instead of blocking
CEL and vault expressions not evaluated inside nested globalArguments fields
Datastore: lazy hydration for fast cold-start on first clone
Add --stdin support to method run and workflow run for Unix pipe composition
files.get returns only minimal fields (id, name, kind, mimeType) because no 'fields' query parameter is sent
Terminal rendering breaks at large font sizes
ADC path uses wrong gcloud token store: 'gcloud auth print-access-token' instead of 'gcloud auth application-default print-access-token'
Docs: update doctor reference and autoupdate how-to for new doctor install subcommand
bucket-policy StateSchema.PolicyDocument declared z.string() but CloudControl returns it as a parsed object
bucket-policy GlobalArgsSchema requires Bucket and PolicyDocument, blocking workflow-YAML direct execution of get
Autoupdate silently fails when swamp is installed system-wide via the official install.sh
Missing 'parent' field in GlobalArgsSchema for several @swamp/gcp/* models causes get to fail
createModelTestContext: storedResources not used by readResource; readResource always returns null
swamp-vault skill documents 'swamp vault read' but correct subcommand is 'read-secret'
Report execute throws are advisory: workflow marked succeeded, exit 0, AND report output is discarded
dataRepository.getContent rejects string type in production but docs and testing helper demonstrate strings
@swamp/digitalocean: 30 of 33 model types fail with version mismatch error
Unified login input that detects email vs username by presence of '@'
Introduce `swampd`: long-running local daemon for shared cache, secrets, and extensions
workflow validate: false "Missing required inputs" when method args are set in the model definition
Add table width controls to swamp report get
Add first-class Kilo Code tool support
Partitioned index for S3/GCS datastores (Phase 3)
Per-path dirty tracking in S3/GCS datastore extensions (Phase 2)
Scoped sync and capability-gated concurrency for datastores (Phase 1)
Docs: update doctor extensions JSON reference to include warnings[] field
Add a markdown output mode to `swamp report get`
Surface type-extraction failures in doctor JSON output
W7 — unify extension failure surfaces; collapse registries.failures[] into sourceDetails[]
Doctor kind-completed events should carry correct per-registry status
Direct type execution fails for locally-defined extension types with pulled duplicates
swamp.club: 'Mark all read' link doesn't clear unread count on /inbox
Distinguish validation-throw from bundle-throw in reconcile catch; surface ValidationFailed in sourceDetails
Surface Tombstoned transitions in doctor extensions output
swamp issue: check if reporter is on an outdated binary before opening
Add a markdown output mode to swamp report get
Official @swamp/ssh extension supporting multiple SSH transport styles
Add `swamp doctor workflows` subcommand to surface workflow YAML parse errors during preflight
Detect stale skill directories and prompt for repo upgrade
extension unyank needs -y/--yes flag for non-interactive use
Step key parsing in execution_service uses naive split(":") and silently truncates colon-containing step names
Workflow-scope report artifacts unreachable via `swamp data get --workflow`
Fix invalidate-then-reconcile sequencing in doctor extensions; failure-mode RowStates unreachable in sourceDetails
Docs: add run namespace to CEL expressions reference
Expose workflow run ID in CEL so resource keys can be run-scoped
Add 'swamp issue comment' command for updating existing issues
doctor extensions invalidateAll does not trigger fingerprint recheck for existing Indexed rows
Extension failure recording has dual write paths (legacy buildIndex vs W3 reconcile)
Add type search for driver, datastore, and report kinds
Workflow-level runtime expressions (env.*, vault.*) not resolved in driverConfig — docker driver receives literal ${{ ... }} strings
Close #327 — fixed in 20260511.160514.0-sha.9d03b09a
Nested workflow task fails with 'Bad resource ID' when workflowIdOrName uses @collective/ prefix
Investigate whether allExtensionMethodsAttached guard can be removed via registration-path consolidation
Improve skill trigger routing for cross-model edge cases
Docs: update doctor extensions reference for W6 aggregate-state rendering + repair flags
Implement W6: swamp doctor extensions aggregate-state rendering + repair surface (extension catalog rearchitecture)
Surface ReconcileFromDisk dryRun transitions in swamp doctor extensions
Implement W5: Per-fingerprint import URLs + subprocess test harness (extension catalog rearchitecture)
extension pull fails referencing removed source after extension source rm
swamp issue get should not require authentication
swamp model create --global-arg KEY=VALUE doesn't coerce strings to z.number() schemas
Trace context is lost: CLI ignores inbound TRACEPARENT and raw driver doesn't propagate active context into in-process methods
swamp model create --global-arg KEY=VALUE doesn't coerce strings to z.number() schemas
macOS launchd autoupdate (club.swamp.autoupdate) silently fails — binary stays stale
extension source rm leaves stale @local/. rows in catalog, blocking later pulls of registry types
extension push drops binaries: field from re-emitted archive manifest.yaml
Docs: Update model-definitions.md and workflows.md for direct type execution
telemetry: emit child entries for follow-up action method invocations
Clicking @hivemq/honeycomb extension card on /extensions shows 'Something went wrong'
Direct type execution: collapse model create + method run into one command
Docs: document binaries manifest field in extension-manifest.md
Extension push: allow shipping executable host helpers (bin/mudroom blocker)
Accept and display binaries field from extension push metadata
Add an official @swamp/ssh extension for general-purpose SSH (brownfield-friendly)
Per-method telemetry events for workflow runs
Workflow run liveness: orphaned 'running' records when originating CLI process dies mid-run
Provide a CLI-shape primer for AI agents to reduce rediscovery overhead
swamp extension push deadlocks when invoked from inside a swamp workflow step
W3 sourceToRow writes empty source_mtime — should carry filesystem mtime through Source entity
Implement W4: KindAdapter + unified loader (extension catalog rearchitecture)
quality rubric: don't penalize extensions whose upstream constrains them to a single platform
forEach self.* in modelIdOrName not resolved in runtime execution path
Extension update rejects multiple .ts files extending the same target type within one local extension (regression)
Collective-scoped auth keys + OIDC federation for CI publishing
Award leaderboard points for referrals and collective invites
Add agent harness detection and AiTool to telemetry
Docs: How-to guide for background autoupdating
datastore compact: VACUUM fails in compiled binary (SQLITE_LIMIT_ATTACHED=0)
swamp config set crashes with YAML serialization error
Missing unique indexes on user.email and user.username allow duplicate users
Manifest version bumps silently ignored for existing local extension aggregates
Repo-level version gating: minSwampVersion high-water mark for team consistency
Opt-in background autoupdate for the swamp binary (configurable cadence + risk tolerance)
materialiseExtensions misclassifies pulled rows when manifest name collides with a pulled extension
Docs: document self.* expressions in modelIdOrName during forEach
Resolve self.* expressions in modelIdOrName during forEach expansion
Extension bundle cache does not invalidate on source edits
extension pull fails on @local/.@0.0.0 phantom-claim collision when local repo has its own extension
Local extension edits don't reliably trigger rebundle
discord-bot double-sends sign_up notifications
Add 'swamp workflow list' as alias for 'swamp workflow search'
Discord bot sends duplicate signup notifications
`swamp datastore setup` migration is not resumable / leaves the repo in a partial state on failure
Add 'swamp auth status' as alias for 'swamp auth whoami'
Lab search by numeric issue ID returns no results
extension quality/fmt fail on pulled extensions (path mismatch)
Detect AWS CredentialsProviderError in @swamp/aws-sm-vault and prepend SSO-expiration hint
Warm-start rebundleAndUpdateCatalog should respect terminal RowStates set by reconcile
Locally-sourced extension: source_mtime updates without regenerating stale bundle
Docs: add vault read-secret command to reference manual
Add swamp issue get CLI command to fetch issue details
Implement W3: ReconcileFromDisk + freshness-as-aggregate-query (extension catalog rearchitecture)
vault: add read-secret CLI command for agent-driven secret retrieval
Docs: document workflow concurrency limits in reference manual
Configurable concurrency limits for workflow fan-out (forEach, parallel jobs/steps)
Extension layer garbage collection: prune catalog rows + evict orphaned bundles
Vault expressions silently deliver __SWAMP_VSEC__ sentinels under the docker driver
Cross-process concurrency stress for W2 lifecycle services
First-class shell-shim support for extensions, with registry-level visibility
Local extension model bundles don't rebuild when source changes (no rebuild CLI; manual cache delete breaks the runner)
Pre-existing TOCTOU windows in YAML repo walkers (findAll directory level + findById)
Implement W2: Lifecycle services own the catalog write (extension catalog rearchitecture)
global-arg silently strips unknown keys; should reject via strict Zod schema
Extensions should be able to ship Claude Code skills
performance degrades significantly with large SQLite catalog
feat(security): redact sensitive method arg values from audit log
docs: document swamp datastore compact and GC WAL behaviour
UAT: swamp datastore compact reclaims WAL and catalog space
Plan v4 step 9 literal test untestable under current catalog PK semantics
UAT additions for W2 lifecycle services (Install/Remove/Upgrade)
doctor extensions repair: clean catalog-only orphans
summarise: timeout/hang on repos with many workflow runs
Agentic CLI improvements: --json stdout isolation, array inputs, and --repo-dir consistency
data search: surface jobTag alongside workflowTag and stepTag (follow-up to #237)
Built-in models must honor AbortSignal so --timeout works in practice
Reader-lock or lock-free read path for data list/get/search/query
data delete fails with "Directory not empty (os error 39)" when concurrent writes are active
data query: stepName and jobName fields always empty in CEL results
redmine extension: adopt state machine patterns from @magistr for agent-driven workflows
Detect AWS CredentialsProviderError in summarizeSyncError and prepend SSO-expiration hint
S3 datastore hydrate has no fallback for buckets without .datastore-index.json
Extend DatastoreSyncService.markDirty() with optional relPath argument
Extract LockfileRepository (W2 prequel for swamp-club#231)
DDD: refactor data services to depend on domain-side ports instead of infrastructure types
Implement W1b: Repository and RowState (extension catalog rearchitecture)
data·delete logger double-quotes the data name in log output
Add swamp data delete command to remove a data artifact by model and name
Implement W1: Repository and RowState (extension catalog rearchitecture)
S3 datastore stale-lock retry loop never evicts orphan locks left by swamp processes that panic at shutdown
Redundant push after pullChanged: localMtime clobbered by pullIndex(forceRemote)
S3 datastore global lock enters infinite stale-lock loop after interrupted workflow
Docs: update datastore-configuration manual after #220 setup-hydration fix lands
workflow run search returns empty after S3 datastore setup, despite run YAMLs in datastore
swamp-extension-model skill: include description field in upgrades quickref
Support multi-agent repo initialization (multiple --tool targets)
CLI crashes with exit 134 (Rust panic in tls_wrap.rs) after successful command output
swamp-extension-model skill: include field in upgrades quickref
Adversarial UAT test: missing cached bundle with intact catalog should self-recover
Port importBundleByPath ENOENT fallback to datastore/driver/vault/report loaders
swamp model type describe fails with 'No such file' instead of rebundling when bundle is missing
`swamp datastore setup` (filesystem→S3 migration) panics in deno Node TLS layer mid-migration
Schema-invalid extensions loop in rebundle path: catalog row never updates after first failed validation
feat: swamp extension verify — opaque extension-lifecycle verification primitive
swamp model type search is slow (~8s) and re-bundles all extensions on every call
Per-extension layout migration drops Claude skill from @magistr/good-planning
swamp extension outdated crashes on empty repo (Stream ended...)
Docs: extension commands reference
Docs: extension install/pull/update sync-to-manifest behaviour
Add process-level install lock around installExtension
swamp should warn when installed extensions are outdated
swamp extension install/pull does not prune source files dropped between versions, causing catalog to re-index orphans
Catalog retains stale source-file entries when extension version drops a file; no native prune/repair
Document and surface a native cache-refresh path so agents stop doing cache surgery
Catalog retains stale source-file entries when extension version drops a file; no native prune/repair
Document and surface a native cache-refresh path so agents stop doing cache surgery
swamp should warn when installed extensions are outdated
Skill/prompt guidance: prefer the bundled deno when no system deno is on PATH
Vault backend backed by GitHub Actions Secrets (read via gh token)
Re-enable Windows tests as deno compile for Windows lands
swamp-club extension card no longer exposes @ns/slug as contiguous text
Docs: multi-tool repo support
add `swamp doctor extensions` subcommand for on-demand extension load diagnostics
Docs: repository-configuration.md missing defaultDriver / defaultDriverConfig
swamp vault: vendor-specific annotations (e.g. 1Password notesPlain, tags, custom fields)
cli: agents need to add ripples (comments) to issues via the CLI
quality: has-readme/has-license miss additionalFiles in subdirectories
quality: models and additionalFiles paths resolve relative to different directories
swamp model method run: --foreach to fan out across instances
swamp workflow validate: actionable error messages and template scaffolds
swamp CLI cold-start latency (~5–7 s per invocation) compounds in workflows that shell out
Workflow tasks should support ephemeral model instances (modelType + globalArgs) so workflows are zero-prereq
CEL expression evaluator throws 'Unhandled node type: string'
AI agent skipped adversarial review step before smoke testing extension code
Local extension models in extensions/models are not discovered in fresh repo tutorial flow
Better Auth rejects requests on hostnames not in hardcoded trustedOrigins (signup/signin broken on non-canonical hosts)
ticket 1138 not clear - can we still use github?
Drag Windows into the Swamp
Add `swamp extension test` command to run built-in extension tests with coverage
swamp repo init --tool kiro does not create .kiro/settings/cli.json
CLI dumps 300-line Cliffy Command object on unknown flags / subcommands
Persist lab filter selection in localStorage
Server-side parse query params on /lab/all so refresh preserves multi-filter URLs
fast-path sidecar TOCTOU: post-op HEAD can record generation from a concurrent writer's push, masking their data on next sync
Add a preflight diagnostic for AI-tool audit integrations (so upstream CLI changes stop breaking us silently)
@swamp/gcs-datastore: same minutes-slow zero-diff sync cliff as lab/164; mirror fingerprint fast path
swamp repo upgrade deletes extension model source files
swamp datastore sync is minutes-slow at 4k-file scale even with zero-diff; outer 300s timeout fires
Scorer should honour files/deno.json imports so bare specifiers resolve
cleanup for repoDriver
swamp-extension-quality and swamp-extension-publish skills don't guide zod import map resolution for scorer
Add repo-level `defaultDriver` to `.swamp.yaml`
swamp-extension-publish skill: add quality rubric check before push
New @swamp extension: extension quality rubric checker for CI
User report extensions registered lazily are silently skipped during method execution
swamp extension install: datastore push hangs ~8.5m then crashes with Deno TLS panic (tls_wrap.rs:1918 unwrap on None)
deprovision: firewall deletion fails with resource_in_use immediately after server delete
Trailing slash on /extensions/@<namespace>/ returns 404
codegen pipelines don't detect _lib/*.ts changes so manifest CalVer never bumps
Link to namespace extensions listing from profile pages
DatastoreProvider.resolveCachePath declared optional but silently required at runtime
No way to browse all extensions belonging to a collective by URL
additionalFiles flatten to basenames on push and lack a runtime access API, creating a source-vs-pulled layout mismatch
Feature: swamp issue for extensions — bug reports, security disclosures, and author notifications
Accept-invite link returns HTML instead of JSON, breaking collective join
Extension search returns inflated results for quoted phrase queries
Docs: document jsr:/https: imports and non-local pinning convention in user-facing manual
First-class jsr: specifier support in extension bundler
Inline editing: click-to-edit fields instead of pencil icons
Extension models: document/resolve implicit-any in execute parameters when imported by test files
extension yank: allow unyank and version-specific yanks
extension source add does not discover brand new types — only overrides already-pulled types
Cross-extension code sharing via manifest exports field
Add light mode to swamp.club and swamp open UI
Add 'swamp open' command to open the swamp.club web UI
Add light mode to swamp.club website
Footer floats when page content is shorter than viewport
Datastore sync surfaces opaque errors from extensions verbatim — no status code or body preview
Extension auto-resolve reports "already_installed" for truncated pulled-extension trees
@swamp/s3-datastore: first-attempt 403 masked as "UnknownError" from AWS SDK deserializer
Port bundle_freshness (content-fingerprint cache invalidation) to reports / drivers / datastores / vaults loaders
Mentions and notifications system for issues
open.ts web UI uses force:true pullExtension, same data-loss family as #126
Email delivery for mention notifications
Datastore auto-update in resolve_datastore.ts uses force:true, risking silent overwrite of local edits
Auto-update WARN is silent in --json mode (logger suppresses non-fatal)
User extensions silently dropped when base type not yet registered at scan time
Per-repo user-extension bundle cache doesn't invalidate on source changes
workflow validate can silently overwrite local edits to pulled extensions via force-pull in auto-resolver
Adding methods to in-body `methods:{}` on `export const model` doesn't re-register
Extension pull should namespace files by extension to prevent filename collisions
Remove traffic lights in column 2 of /lab
Flow modal: text rendering issues
Bog flow: text rendering and layout issues
Multi-select combo filtering on /lab
Filter lab issues by author (opened by user)
Usernames aren't linked to their profile pages
Collapsible left rail and repositionable right rail in Lab
swamp-club API: include issue author in GET /api/v1/lab/issues/{number} response
Install command curl-pipe-sh overflows the component on swamp.club homepage
'Assigned to me' overlaps 'Privacy policy' on short viewports
Add GitHub Copilot IDE support
Update CLAUDE.md co-author instructions to use swamp-club issue author lookup
Add skills extension type for bundling agent/human guidance documents
Improve skill trigger routing accuracy across models
Consolidate MethodReportContext construction — manual and workflow report paths build contexts divergently
data gc skips version-count GC when no lifetime-expired data exists
Description 'Show more' button appears even when text fits
Normalize text sizing across issue list and detail views
Update how-to guide with swamp-extension-publish skill
Content filter should identify the flagged word or phrase
Extension skills missing repository initialization and publishing prerequisites
Fix incorrect favicon in Google search results
forEach.in with data.latest() throws misleading 'got: object' error for unresolved Promise
Audit: modelRegistry.get() without ensureTypeLoaded() in YAML repository save() paths
Vault CEL expressions replaced with VaultSecretBag sentinels after model type upgrade
Missing section on user profile page for wendy
issue-lifecycle models should support --assignee for swamp.club issues
Cross-model expression validator fails on lazy-loaded types — modelRegistry.get() bypasses ensureTypeLoaded
Score daily sign-in events with streak multiplier
Consolidate method execution paths — workflow steps and manual runs build MethodContext divergently
Driver capability registry: declare richer execution capabilities at driver design time
Reindex path feeds error events to consumer, bypassing filtering
Workflow-level workspace for docker driver: stateful multi-step workflows
Workflow-scope user extension reports don't execute: getAll() excludes lazy-loaded reports
"OG Swamper" badge inconsistent
Architecture violation: search route imports directly from lib/infrastructure
Score extension pull events for extension authors
Phase 1: /feed — judge-gated content stream
Add reactions and Giphy integration to comments
Introduce domain events to formalize the telemetry-to-consumer pipeline
Refactor: move telemetry track() calls from route handlers to application services
Custom swamp-themed avatar generator with daily rerolls
Profile content links with scoring for community contributions
Score sign_up events in the telemetry pipeline
Score extension publish events in the telemetry pipeline
Add 'award' telemetry event type for arbitrary score grants
Bug: authenticated pulls always shows 0 on profile page
Decouple identity_map from main app: username renames via event, not shared DB
Optimise MongoDB Search Queries
Transactional emails on login with google/similar
Add rate limiting to send-verification-email endpoint
Add authentication or rate limiting to check-verified endpoint
data.latest() returns null when new data written while _catalog.db is already marked populated
Bundle cache fallback silently skipped when source and bundle have equal mtimes
Document vault migrate command in reference docs
Locks on long running actions
swamp data query for morning-message in hello-world tutorial returns nothing.
Expand DataRecord with first-class provenance fields; remove all hidden scoping from data access
CatalogStore constructor runs createSchema before migrateIfNeeded; v1→v2 upgrade fails on existing repos
Add vault migrate command to move secrets between vaults
issue-lifecycle skill: improve resumption and close-out guidance
swamp workflow validate should check step inputs against method's required arguments
discord-bot poller double-processes events with >1 replica
datastore sync --push fails on _catalog.db-wal: catalog SQLite DB lives inside the S3 sync cache
datastore sync: clean up zombie _catalog.db* entries from remote index and S3 bucket
datastore sync --push runs pushChanged() twice per invocation (coordinator dedup)
Error when submitting a new issue manually
Green text on issue details is a lot
.swamp/datastore-bundles/ leaks into deno lint and deno fmt scans
deno run audit task missing --allow-env flag
evals/promptfoo: bump hono and @hono/node-server to clear 6 dependabot alerts
issue-lifecycle: COMMENTED PR review can overwrite a prior decisive state in fetchPrReviews
Add agent-constraints/ for issue-lifecycle skill
@swamp/aws/ec2: auto-generated models lack list, tag, and factory-compatible update methods
@swamp/digitalocean/space-key stores secret in plaintext - should mark as sensitive
Add Azure provider pipeline to codegen
feat: Namespace.so execution driver for remote workload execution
Add macOS Keychain vault type
feat: Private extensions
Workflow execution repeats #1091: cross-model CEL expression validation fails for unresolved types
context.readModelData returns different results depending on invocation context (manual vs workflow)
Handle sensitive fields gracefully when no vault is configured
Vault reads for model global arguments are cached at workflow start, making in-workflow token refresh ineffective
feat: approval gates for workflow steps and jobs
Install script: curl fails TLS verification for swamp.club (certificate chain)
Extension Patches: contribution workflow for community extensions
Support 'swamp <app> run' as containerized entrypoint for easy onboarding
Persistent runner / server mode to eliminate per-invocation CLI startup overhead
feat: add support for Nix via a flake
Relationships
#872 Activity heatmap clips the current UTC day — uses local browser time for "today" but snapshots are UTC-keyed
Opened by keeb · 6/28/2026· Shipped 6/30/2026
Summary
The profile activity heatmap does not render the current UTC day's cell when the viewer's local date is behind UTC (e.g. evening in the Americas, after 00:00 UTC). The data exists — it's a timezone mismatch in the grid's today calculation, not missing data.
Evidence
On 2026-06-28 ~02:00 UTC (still 2026-06-27 local in US timezones), webframp's profile heatmap showed no 06-28 cell, even though a daily snapshot for that date exists:
metric_snapshots_dailyrowwebframp:2026-06-28→ totalScore 5,391,746 (present).- Heatmap's last rendered cell = local "today" (06-27), so 06-28 is clipped.
Root cause
islands/ActivityHeatmap.tsx:
- L203-205:
const today = new Date(); today.setHours(0, 0, 0, 0);— this is local browser time. - L213-214: the grid's bottom-right
endis pinned to localtoday. - L234-235: cells past local
todayare intentionally not rendered.
But the snapshot data is keyed by UTC date (the snapshot writers use toISOString().slice(0, 10)). When UTC has rolled to the next day but the viewer's local clock has not, the current UTC day's snapshot falls past local today and is clipped. (Symmetrically, a viewer east of UTC can get a trailing empty "today" cell with no data yet.)
Steps to reproduce
- Be in a timezone behind UTC (e.g. US Pacific/Eastern).
- After 00:00 UTC (but before local midnight), open any profile with activity, e.g. /u/webframp.
- The heatmap's most recent cell is the local date; the current UTC day's cell is missing despite a
metric_snapshots_dailyrow existing for it.
Suggested direction
Compute today and the grid end in UTC so they match the UTC-keyed snapshot rows — e.g. derive the day boundary from getUTCFullYear/getUTCMonth/getUTCDate (or a UTC YYYY-MM-DD string) rather than local new Date() + setHours. Keep the "don't render past today" guard, but evaluate "today" in UTC.
Environment
swamp.club profile heatmap (islands/ActivityHeatmap.tsx). Surfaced 2026-06-28 UTC. Separate from the score/rollup work in epic #847.
Shipped
Click a lifecycle step above to view its details.