- Wrap bare error returns in verifyELFMagic, collectOnce, sendReport,
disableSelf, and removeFileIfExists with fmt.Errorf context
- Explicitly discard Close() errors in cleanup paths (self_update.go,
container_update.go)
rotateLocked() silently swallowed rename errors during log rotation.
Now reports failures to stderr (can't use log package from within the
logging package itself).
waitForPatrolIdle() silently discarded json.Decode errors, causing
it to treat decode failures as "patrol is idle" (zero-value false).
Now returns an error on decode failure.
- Wrap bare return err in verifyBinaryMagic with context (file path)
- Log previously ignored sendMessage errors in agent WebSocket server
- Log invalid regex patterns in command policy compilation instead of silent skip
Rename vmid local variables, parameters, and struct fields to vmID to
follow Go acronym conventions. String literals and log field names are
unchanged.
Rename LinkedHostAgentId → LinkedHostAgentID and LinkedNodeId → LinkedNodeID
in NodeFrontend and HostFrontend structs to follow Go acronym conventions.
JSON tags remain unchanged for wire compatibility.
In hosted mode, authentication is handled by the cloud handoff flow,
so the bootstrap token is unnecessary. Without this fix, tenants show
the "paste your bootstrap token" screen after login.
disableSystemdService and stopSystemdService had nearly identical logic
for running systemctl, handling exit codes, and formatting errors.
Extracted shared runSystemctlCommand() parameterized by action name.
formatTargetHostRequired and formatAvailableAgentHosts had identical
hostname-extraction loops. Extracted shared collectAgentHostnames()
helper to eliminate the duplication.
Resend is already used by the license server and finance workflows, so
using it here avoids a second provider. The admin magic-link endpoint
now accepts send_email to deliver the link directly via Resend.
Env var: POSTMARK_SERVER_TOKEN -> RESEND_API_KEY
POST /admin/magic-link (admin-key authenticated) accepts {email, tenant_id}
and returns a ready-to-send magic link URL, replacing the need for manual
scripts on the droplet.
- Add explore telemetry (outcomes, latency, tokens) to AI metrics\n- Isolate explore loop state from main loop FSM/knowledge accumulator\n- Emit user-visible explore trace via thinking stream events\n- Switch to structured <explore_context> injection block\n- Expand tests for trace visibility and explicit-model fallback behavior
- Resolve explore models only from explicit user-configured fields\n- Selection order: request override, DiscoveryModel, ChatModel, Model\n- Skip explore when no explicit model is configured\n- Add regression test coverage for no-explicit-model behavior
The ServeHTTP method only routed /api/, /ws, /socket.io/, and /download/
prefixes to the mux — /auth/cloud-handoff fell through to the frontend
SPA handler, breaking the cloud login flow.
- Add read-only explore scout pre-pass before main ExecuteStream loop\n- Inject concise explore findings into main user-context message\n- Use discovery model when configured, fallback safely to chat provider\n- Exclude explore in autonomous mode and support backend kill switch via PULSE_EXPLORE_ENABLED\n- Add coverage for read-only tool filtering and enabled/disabled explore behavior
Remove 2 dead exported methods and 3 cascading dead helpers:
- GetRecentWindows() - no production callers
- FormatForContext() - no production callers
- floatToString(), signedFloatToString(), padLeft() - only used by FormatForContext
