Latest Results
docs: slim CLAUDE.md files and move detail into reference docs (#2476)
## Summary
- Slimmed the instruction files while keeping every MANDATORY rule as a
one-liner (rule + gate + reference link):
- root `CLAUDE.md`: 35.6 KB to ~15.5 KB
- `cli/CLAUDE.md`: 159 to 88 lines (prose folded into the existing
`cli-*` reference docs)
- `web/CLAUDE.md`: 134 to ~70 lines
- Moved the large API-startup-lifecycle wiring detail into new
`docs/reference/api-startup-lifecycle.md` (added to the mkdocs nav).
- Moved the verbose ESLint / TypeScript-strictness detail into new
`docs/reference/web-eslint.md` (allowlisted in the docs-nav-coverage
gate, matching the other `web-*` dev notes).
- Removed the post-merge-cleanup auto-workflow rule (run manually on
main).
- Synced the `AGENTS.md` telemetry teaser to the slimmed structure.
No content was lost: the convention-gate parity gate confirms 38
MANDATORY rules still map 1:1 to their enforcing gates, and the
compressed detail lives in the linked reference docs.
## Test plan
- Pre-push gates green: vale, lychee (internal links), markdownlint,
docs-nav-coverage, convention-gate inventory (38 MANDATORY to 38
registered), codespell.
- All reference-doc links verified to resolve on disk.
## Review coverage
Pre-reviewed by 3 agents (docs-consistency, comment-quality-rot,
tool-parity-checker). 5 findings addressed: corrected the OTel-redaction
gate attribution (`check_otlp_span_redaction.py`), restored the
mandatory `-- <reason>` suffix on the shown `# lint-allow:` markers,
reworded two forensic-framing passages in the new reference docs, and
trimmed the `AGENTS.md` telemetry teaser. Omission-only findings were
deliberately left compressed (detail reachable via the linked refs);
tool-parity confirmed no Claude-Code/OpenCode parity break.
No linked issue (self-directed docs cleanup). feat: feature-enablement overhaul (on-by-default posture, per-feature models, wizard surfaces) (#2474)
## Summary
Implements the holistic feature-enablement overhaul: SynthOrg now ships
**on by default** and the features that earn an "off" are the genuinely
risky ones, surfaced where operators can find them.
- **On-by-default posture.** Only four categories stay off:
self-modification (`self_improvement.*`), autonomous background spend
(CoS `learning`/`alerts`/`narrative`), network/data egress
(`external_api.enabled`, A2A), and acts-on-your-behalf (CoS
`direct_mcp_enabled`/`invite_enabled`). Everything else (charter,
research, knowledge, CoS explain/propose/routing/group-chat, cockpit
steering, coordination middleware, backups, budget auto-downgrade +
risk) defaults **on** and is toggleable in Settings.
- **Settings API exposure (the load-bearing seam).** The CoS +
self-improvement feature flags and per-feature models are dissolved out
of the opaque `meta.self_improvement` JSON blob into individual Cat-1
settings under three new namespaces (`self_improvement`,
`chief_of_staff`, `knowledge`). `overlay_feature_settings` applies them
over the structural blob on every load, so each flag round-trips over
`GET`/`PUT /settings/{ns}/{key}` and is the single source of truth. The
blob now carries structural tuning only.
- **Always-wire + live-gate.** On-by-default conversational endpoints
(explain-chat / propose / group-chat) build at boot and read their flag
live per request via `ensure_feature_enabled` (`api/_feature_gate.py`):
a Settings toggle takes effect on the next request with no restart.
Boot-baked features (research, knowledge, coordination middleware,
routing) stay `restart_required` and are clearly marked.
- **Per-feature models (no shared decomposition fallback).**
Decomposition stays decomposition-only; embedding powers memory +
knowledge; research and Chief-of-Staff each get their own model with
setup-time auto-select; knowledge has an enable toggle and no model.
- **Wizard surfaces.** A Models section on the Agents step
(decomposition / embedding / research + disable / CoS pickers +
knowledge toggle) and a new Capabilities step (grouped toggles, advanced
groups collapsed, pre-set to the posture so Next yields a sane org).
By design, telemetry + A2A stay CLI/env-driven (not wizard toggles) — a
documented scope carve-out, not a gap.
## Security
The four off-categories are conservative by intent. No Category-3
(egress) or Category-4 (acts-on-your-behalf) flag defaults on;
`external_api.enabled`, `direct_mcp_enabled`, `invite_enabled`, and the
`self_improvement.*` master + sub-gates all stay `"false"` +
`restart_required`. The live gate reads fresh from the resolver every
request and fails closed; the overlay cannot be tricked into enabling a
privileged flag (strict `_TRUE_TOKENS` allowlist; individual settings
always win over the blob). The frontend is a pure API consumer — every
toggle writes through the settings API and hydrates from a backend GET
(no client persistence).
## Pre-PR review
Reviewed by 12 agents (code / python / security / frontend /
api-contract-drift / async-concurrency / silent-failure / test-quality /
docs-consistency / comment-quality / design-token / issue-resolution).
All five acceptance criteria verified RESOLVED; code-reviewer found no
logic bugs; contract-drift clean. Findings addressed in the follow-up
review-fix commit:
- **Frontend:** optimistic-write rollback on API failure for every
toggle/picker; aligned the two `boolOf` helpers to an explicit per-row
default (no fresh-install on/off divergence); `WizardModelSelection`
moved to `SectionCard` (aria-labelled); research toggle rendered above
the picker it gates; British spelling + design tokens.
- **Backend correctness/observability:** corrupt-blob fallback
re-applies the overlay so a bad blob never drops the posture;
per-namespace overlay reads name the failing namespace and apply
best-partial; empty-provider research skip now logs; per-feature model
auto-fill is logged + fanned out under a `TaskGroup`; posture seeding
batches via `set_many` (no partial-write window); coordinator middleware
+ work-pipeline reads folded into their `TaskGroup`s; research config
uses one `get_namespace` read.
- **Tests/docs:** capture-and-restore settings teardown; `test-*` vendor
model ids; spec'd mocks; module-level markers; readable parametrize ids;
`ValidationError` over bare `Exception`; CLAUDE.md +
configuration-precedence.md updated.
## Test plan
- `pytest` (affected) + new suites: settings conformance, overlay
semantics, posture seeder, per-feature model auto-fill, live-gate
disabled path, knowledge wiring gate — all green.
- `mypy` (affected), `ruff`, ESLint `--max-warnings 0`, `tsc`, web
Vitest (82 setup/wizard tests) — all green.
- Full pre-push gate suite passed on push (architecture-drift,
ghost-wiring, settings→startup trace, frozen-model, import-linter,
no-client-state-persistence, dto-types-in-sync, vale, knip).
Closes #2471 Latest Branches
0%
0%
feat/feature-enablement-overhaul 0%
release-please--branches--main--components--synthorg © 2026 CodSpeed Technology