Skip to content

[codex] add security audit workflow and runtime setup guidance#10

Open
ruzer wants to merge 3 commits intomainfrom
codex/swarm-runtime-console
Open

[codex] add security audit workflow and runtime setup guidance#10
ruzer wants to merge 3 commits intomainfrom
codex/swarm-runtime-console

Conversation

@ruzer
Copy link
Copy Markdown
Owner

@ruzer ruzer commented Mar 30, 2026
edited
Loading

What changed

  • improved the bounded swarm runtime with request caching, deferred reasoning, lightweight scope learning, optimization stats, and dependency-aware task scheduling
  • added an interactive project-brain console / terminal command for configuring targets, swarm defaults, setup prerequisites, and running the main workflows from one terminal entrypoint
  • added a structured security-audit workflow with verified app context, typed findings, dedicated security audit composition, and specialized auth-agent and infra-agent
  • extended doctor and the terminal console with a runtime setup panel that shows whether Ollama is installed and which open-source language toolchains are available or missing for the current target
  • organized repo documentation under docs/assessments and docs/roadmap, and added a repo-local maintainer skill

Why it changed

  • reduce wasted tokens and unnecessary agent work in the bounded swarm
  • make the project easier to configure and operate from the terminal without memorizing many flags
  • turn security review from a generic workflow into an evidence-based, multi-agent audit with verified context
  • make local setup explicit so contributors know they need Ollama plus free/open-source toolchains to expand beyond static analysis
  • clean up repository structure so reference and roadmap material is easier to navigate

Impact

  • swarm runs should be more efficient and more explicit about dependencies and optimization metrics
  • contributors now have a guided terminal console for project setup, runtime expansion, and execution
  • security reviews now produce a dedicated structured audit instead of falling back to generic critical-gap analysis
  • doctor now reports whether the local Ollama runtime and stack-specific open-source dependencies are ready
  • documentation is easier to browse from the repo root

Validation

  • npm test -- --run tests/integration/swarm-runtime.test.ts tests/integration/ask-intent-routing.test.ts tests/unit/resume.test.ts tests/unit/status.test.ts tests/unit/cli-command-parsing.test.ts tests/unit/terminal-console.test.ts
  • npm test -- --run tests/integration/security-audit.test.ts tests/integration/ask-intent-routing.test.ts tests/unit/doctor.test.ts tests/unit/terminal-console.test.ts tests/unit/cli-command-parsing.test.ts tests/unit/intent-router.test.ts
  • npm run typecheck
  • npm run build
  • push and tag hooks also ran npm run verify:quick

@ruzer ruzer changed the title [codex] improve swarm runtime and add terminal console [codex] add security audit workflow and runtime setup guidance Mar 31, 2026
@ruzer ruzer marked this pull request as ready for review March 31, 2026 19:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ruzer