feat(pro): aiox pro buyer CLI migration Wave 1 [Story 123.8]#640
feat(pro): aiox pro buyer CLI migration Wave 1 [Story 123.8]#640rafaelscosta wants to merge 1 commit intomainfrom
Conversation
Migrate buyer validation from MCP (cohort_validate_buyer) to native CLI
(aiox pro buyer). Wave 1 covers validation only — register flow deferred
to Wave 2 pending cross-repo admin endpoint in aiox-license-server.
Constitution Article I (CLI First) — buyer validation must work 100% via
CLI, not depending on Docker MCP.
Implementation:
- New: .aiox-core/cli/commands/pro/buyer.js (349 LOC)
- aiox pro buyer validate --email X [--json]
- aiox pro buyer validate-batch --file emails.txt [--concurrency N]
- aiox pro buyer register (Wave 2 stub, exit 2 with deferral message)
- .aiox-core/cli/commands/pro/index.js: register buyer subcommand
- .claude/commands/cohort-squad/agents/cohort-manager.md: replace MCP tools
with bash invocation of aiox pro buyer (AC9, partial — validate only)
Tests (26 + 5 = 31 tests, all passing):
- tests/cli/pro-buyer.test.js (26 tests):
- 16 internal helpers (isValidEmail, classifyError, parseEmailsFile,
mapWithConcurrency)
- 4 e2e subprocess (validate happy/sad, invalid email, register stub)
- 5 http contract (validateBuyer via mock HTTP server)
- 1 register stub
- tests/license/license-api-buyer.test.js (5 tests, runs via override):
- validateBuyer narrow contract, error paths, defensive narrowing
Submodule:
- pro: 8f16e8e4 → 8932e808 (adds validateBuyer to LicenseApiClient,
cross-repo dependency on aios-pro PR #8)
Operational:
- New: docs/guides/supabase-ops-handoff.md (AIOX-Pro Access Ops Handoff
v3.0.0) — operator playbook for Pro access grants
ACs Wave 1 (verified by QA gate 2026-04-22, verdict PASS):
- AC1, AC2, AC3, AC7, AC10, AC11 — green
- AC9 — partial (validate flow only, register pending Wave 2)
Wave 2 deferred:
- AC4, AC5, AC6, AC8 — depend on POST /api/v1/admin/buyers/register
endpoint in aiox-license-server (separate cross-repo work)
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
rafaelscosta
requested review from
Pedrovaleriolopez and
oalanicolas
as code owners
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
WalkthroughThis PR introduces a new Changes
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~25 minutes Possibly related PRs
Suggested labels
Suggested reviewers
🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
github-actions
Bot
added
area: agents
📊 Coverage ReportCoverage report not available
Generated by PR Automation (Story 6.1) |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 6
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
tests/license/license-api-buyer.test.js (1)
1-148:⚠️ Potential issue | 🔴 CriticalMove this test suite to an executed path or update Jest config before merging.
The file is currently under
tests/license/which is explicitly ignored by Jest (line 59 of jest.config.js: "License tests require network/crypto resources unavailable in CI"). This leaves thevalidateBuyer()contract unprotected in the default CI pipeline. Either relocate the suite to a path Jest executes or remove it fromtestPathIgnorePatterns.Additionally, replace relative imports with absolute imports:
require('../../pro/license/license-api')→require('pro/license/license-api')require('../../pro/license/errors')→require('pro/license/errors')🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@tests/license/license-api-buyer.test.js` around lines 1 - 148, The test suite for validateBuyer (tests referencing LicenseApiClient and AuthError) is currently in a path ignored by CI; either move this file so Jest will run it (e.g., into a non-ignored tests directory) or update jest.config.js testPathIgnorePatterns to allow tests/license/** to run; also update the two relative requires in the file (currently require('../../pro/license/license-api') and require('../../pro/license/errors')) to use the absolute module paths (require('pro/license/license-api') and require('pro/license/errors')) so imports resolve correctly in the test runtime.
🧹 Nitpick comments (3)
tests/license/license-api-buyer.test.js (1)
12-14: Align the new test imports with the repo’s absolute-import rule.These new
../../pro/license/...imports add more relative-path resolution in changed code. Please switch them to the project’s absolute import form for consistency with the repository standard.As per coding guidelines, "
**/*.{js,jsx,ts,tsx}: Use absolute imports instead of relative imports in all code".🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@tests/license/license-api-buyer.test.js` around lines 12 - 14, Replace the relative imports for LicenseApiClient and AuthError with the repo's absolute-import style: change the '../../pro/license/license-api' import to 'pro/license/license-api' (referencing LicenseApiClient) and '../../pro/license/errors' to 'pro/license/errors' (referencing AuthError), keeping the existing http import unchanged so the test follows the project's absolute-import rule.tests/cli/pro-buyer.test.js (1)
52-60: Keep the new test module on absolute imports.
require('../../.aiox-core/cli/commands/pro/buyer')and the sibling path resolution forbin/aiox.jsadd new relative imports in changed code. Please switch them to the repo’s absolute form so the test follows the same import convention as the rest of the project.As per coding guidelines, "
**/*.{js,jsx,ts,tsx}: Use absolute imports instead of relative imports in all code".🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@tests/cli/pro-buyer.test.js` around lines 52 - 60, The test uses relative requires for the pro buyer module and bin path; change them to the repo's absolute import form so the test follows project conventions: replace require('../../.aiox-core/cli/commands/pro/buyer') with the package/absolute path that exports BUYER_MODULE (so BUYER_MODULE and its internals isValidEmail, classifyError, parseEmailsFile, mapWithConcurrency are imported via absolute module specifier) and replace the AIOX_BIN path.resolve('../../bin/aiox.js') usage with the absolute import/path equivalent for the repository's bin (assign to AIOX_BIN using the repo absolute path), ensuring imports mirror other tests' absolute import style..aiox-core/cli/commands/pro/index.js (1)
25-25: Use the repo’s absolute-import convention here.
require('./buyer')introduces a new relative import in changed code. Please switch this to the project’s absolute import form before expanding theprocommand tree further.As per coding guidelines, "
**/*.{js,jsx,ts,tsx}: Use absolute imports instead of relative imports in all code".🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.aiox-core/cli/commands/pro/index.js at line 25, Replace the relative import require('./buyer') with the project’s absolute-import form used across the repo so the module that exports createBuyerCommand is imported via the repo's absolute module path (instead of './buyer'); update the const { createBuyerCommand } = require(...) line to use that absolute import string following the repo convention and keep the exported identifier createBuyerCommand unchanged.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In @.aiox-core/cli/commands/pro/buyer.js:
- Around line 327-335: The CLI declares a --json flag for the "register" command
but registerAction currently ignores it and always writes human-readable text to
stderr; update registerAction to check options.json and, when true, emit a
machine-readable JSON response to stdout (e.g., success status, created buyer
id/data or error message) instead of stderr text, and preserve human-friendly
stderr output when options.json is false; alternatively, if you prefer not to
implement JSON now, remove the .option('--json', ...) from the
cmd.command('register') declaration so the flag is not advertised. Ensure you
reference and modify registerAction and the cmd.command('register') option
declaration consistently and use appropriate exit codes.
- Around line 266-282: The code currently forces termination with
process.exit(anyFailure ? 1 : 0) after writing batch output, which can drop
buffered stdout when piped; change this to set process.exitCode = anyFailure ? 1
: 0 and return from the command handler instead of calling process.exit(),
keeping all existing output logic (the asJson branch, the per-result writes, the
successes count) intact so streams can flush normally; locate the use of results
and the anyFailure calculation and replace the process.exit call accordingly.
In @.claude/commands/cohort-squad/agents/cohort-manager.md:
- Around line 123-138: Update the three fenced code blocks under the "Validar
Buyer — Wave 1 (ativo)", "Batch Validate — Wave 1 (ativo)" and "Registrar Buyer
— Wave 2 (pendente)" sections by adding a fence language (e.g., bash or text)
after the opening triple backticks so the blocks are lint-clean; specifically
edit the blocks that currently start with ``` and contain the commands such as
the validate Bash example ("aiox pro buyer validate --email <E> --json"), the
validate-batch example ("aiox pro buyer validate-batch --file <F> --json"), and
the register example ("AIOX_BUYER_ADMIN_KEY=*** aiox pro buyer register --email
<E> --name <N> --yes") to use ```bash (or ```text) instead of bare ``` .
- Around line 79-80: The agent contract contains conflicting instructions: some
sections still tell the agent to use the deprecated MCP commands
cohort_validate_buyer and cohort_register_buyer while new lines require the CLI
command aiox pro buyer; update the contract so all buyer-related steps
consistently reference the new CLI (aiox pro buyer) and remove or replace any
remaining references to cohort_validate_buyer and cohort_register_buyer
(including any example command invocations or procedural steps), and ensure the
AIOX_BUYER_ADMIN_KEY guidance remains as an environment-only secret (never
printed in transcripts or outputs).
In `@docs/guides/supabase-ops-handoff.md`:
- Around line 566-576: The "Better Triage Order In Practice" section lists a
triage sequence that contradicts the mandatory order earlier; update this
section so it matches the authoritative mandatory sequence (check-email -> auth
admin -> buyers -> login) or explicitly document the exception and rationale.
Locate the "Better Triage Order In Practice" header and replace the list that
currently shows `check-email`, `login`, `auth admin`, `buyers`,
`buyer_validations`, `licenses`, `activations` with the canonical order using
the exact task names (`check-email`, `auth admin`, `buyers`, `login`, ...), or
add a clear note explaining why `login` is intentionally reordered and when that
exception applies.
In `@pro`:
- Line 1: The pro submodule points to an inaccessible remote
(https://github.com/SynkraAI/aiox-pro.git) and will break clones/CI; open the
submodule entry (the pro file/.gitmodules and .git/config) and either correct
the URL to the valid repository, change it to a public/accessible remote, or
remove the submodule if it’s no longer required, then run git submodule sync &&
git submodule update --init --recursive to re-pin; also verify the pinned commit
SHA exists on the corrected remote (or update the submodule to a valid commit)
before merging.
---
Outside diff comments:
In `@tests/license/license-api-buyer.test.js`:
- Around line 1-148: The test suite for validateBuyer (tests referencing
LicenseApiClient and AuthError) is currently in a path ignored by CI; either
move this file so Jest will run it (e.g., into a non-ignored tests directory) or
update jest.config.js testPathIgnorePatterns to allow tests/license/** to run;
also update the two relative requires in the file (currently
require('../../pro/license/license-api') and
require('../../pro/license/errors')) to use the absolute module paths
(require('pro/license/license-api') and require('pro/license/errors')) so
imports resolve correctly in the test runtime.
---
Nitpick comments:
In @.aiox-core/cli/commands/pro/index.js:
- Line 25: Replace the relative import require('./buyer') with the project’s
absolute-import form used across the repo so the module that exports
createBuyerCommand is imported via the repo's absolute module path (instead of
'./buyer'); update the const { createBuyerCommand } = require(...) line to use
that absolute import string following the repo convention and keep the exported
identifier createBuyerCommand unchanged.
In `@tests/cli/pro-buyer.test.js`:
- Around line 52-60: The test uses relative requires for the pro buyer module
and bin path; change them to the repo's absolute import form so the test follows
project conventions: replace require('../../.aiox-core/cli/commands/pro/buyer')
with the package/absolute path that exports BUYER_MODULE (so BUYER_MODULE and
its internals isValidEmail, classifyError, parseEmailsFile, mapWithConcurrency
are imported via absolute module specifier) and replace the AIOX_BIN
path.resolve('../../bin/aiox.js') usage with the absolute import/path equivalent
for the repository's bin (assign to AIOX_BIN using the repo absolute path),
ensuring imports mirror other tests' absolute import style.
In `@tests/license/license-api-buyer.test.js`:
- Around line 12-14: Replace the relative imports for LicenseApiClient and
AuthError with the repo's absolute-import style: change the
'../../pro/license/license-api' import to 'pro/license/license-api' (referencing
LicenseApiClient) and '../../pro/license/errors' to 'pro/license/errors'
(referencing AuthError), keeping the existing http import unchanged so the test
follows the project's absolute-import rule.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
Run ID: 9092ada9-272e-4733-9213-db58c3ec7628
📒 Files selected for processing (8)
.aiox-core/cli/commands/pro/buyer.js.aiox-core/cli/commands/pro/index.js.aiox-core/install-manifest.yaml.claude/commands/cohort-squad/agents/cohort-manager.mddocs/guides/supabase-ops-handoff.mdprotests/cli/pro-buyer.test.jstests/license/license-api-buyer.test.js
| if (asJson) { | ||
| process.stdout.write(`${JSON.stringify(results)}\n`); | ||
| } else { | ||
| for (const r of results) { | ||
| if (r.error) { | ||
| process.stdout.write(`⚠️ ${r.email} [${r.error}]\n`); | ||
| } else { | ||
| const icon = r.isBuyer ? '✅' : '❌'; | ||
| process.stdout.write(`${icon} ${r.email} buyer=${r.isBuyer} account=${r.hasAccount}\n`); | ||
| } | ||
| } | ||
| const successes = results.filter((r) => !r.error && r.isBuyer).length; | ||
| process.stdout.write(`\n${successes}/${results.length} buyers.\n`); | ||
| } | ||
|
|
||
| const anyFailure = results.some((r) => r.error || !r.isBuyer); | ||
| process.exit(anyFailure ? 1 : 0); |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
find . -name "buyer.js" -path "*cli/commands/pro*" | head -5Repository: SynkraAI/aiox-core
Length of output: 101
🏁 Script executed:
# Also search more broadly
find . -name "buyer.js" 2>/dev/null | head -10Repository: SynkraAI/aiox-core
Length of output: 101
🏁 Script executed:
# Search in common locations
find . -type f -name "*.js" | grep -i "buyer" | head -10Repository: SynkraAI/aiox-core
Length of output: 173
🏁 Script executed:
wc -l ./.aiox-core/cli/commands/pro/buyer.jsRepository: SynkraAI/aiox-core
Length of output: 105
🏁 Script executed:
cat -n ./.aiox-core/cli/commands/pro/buyer.js | sed -n '260,290p'Repository: SynkraAI/aiox-core
Length of output: 1301
🏁 Script executed:
cat -n ./.aiox-core/cli/commands/pro/buyer.js | sed -n '145,175p'Repository: SynkraAI/aiox-core
Length of output: 1146
🏁 Script executed:
cat -n ./.aiox-core/cli/commands/pro/buyer.js | sed -n '320,340p'Repository: SynkraAI/aiox-core
Length of output: 1041
🏁 Script executed:
cat -n ./.aiox-core/cli/commands/pro/buyer.js | sed -n '289,320p'Repository: SynkraAI/aiox-core
Length of output: 1438
🏁 Script executed:
# Find and read emitValidateResult function
cat -n ./.aiox-core/cli/commands/pro/buyer.js | head -100 | tail -50Repository: SynkraAI/aiox-core
Length of output: 2032
🏁 Script executed:
cat -n ./.aiox-core/cli/commands/pro/buyer.js | sed -n '1,100p'Repository: SynkraAI/aiox-core
Length of output: 3966
Don't force-exit immediately after emitting batch output.
The code writes to stdout (lines 267, 271, 274, 278) and then calls process.exit() immediately at line 282. When stdout is piped, Node can drop buffered output on forced exit, making validate-batch --json unreliable for automation. Use process.exitCode = ... and return instead, allowing the stream to flush before exit.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In @.aiox-core/cli/commands/pro/buyer.js around lines 266 - 282, The code
currently forces termination with process.exit(anyFailure ? 1 : 0) after writing
batch output, which can drop buffered stdout when piped; change this to set
process.exitCode = anyFailure ? 1 : 0 and return from the command handler
instead of calling process.exit(), keeping all existing output logic (the asJson
branch, the per-result writes, the successes count) intact so streams can flush
normally; locate the use of results and the anyFailure calculation and replace
the process.exit call accordingly.
| cmd | ||
| .command('register') | ||
| .description('Cadastrar novo buyer (pendente Wave 2 — endpoint cross-repo)') | ||
| .option('-e, --email <email>', 'Email do buyer') | ||
| .option('-n, --name <name>', 'Nome do buyer') | ||
| .option('--cpf <cpf>', 'CPF (opcional)') | ||
| .option('-y, --yes', 'Pular confirmação') | ||
| .option('--json', 'Emitir saída JSON') | ||
| .action(registerAction); |
There was a problem hiding this comment.
register --json is advertised but not implemented.
The command surface exposes --json, but registerAction() always emits human text to stderr and ignores the flag entirely. Either honor options.json in the stub or remove the option until Wave 2 actually supports a machine-readable response.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In @.aiox-core/cli/commands/pro/buyer.js around lines 327 - 335, The CLI
declares a --json flag for the "register" command but registerAction currently
ignores it and always writes human-readable text to stderr; update
registerAction to check options.json and, when true, emit a machine-readable
JSON response to stdout (e.g., success status, created buyer id/data or error
message) instead of stderr text, and preserve human-friendly stderr output when
options.json is false; alternatively, if you prefer not to implement JSON now,
remove the .option('--json', ...) from the cmd.command('register') declaration
so the flag is not advertised. Ensure you reference and modify registerAction
and the cmd.command('register') option declaration consistently and use
appropriate exit codes.
| - AIOX_BUYER_ADMIN_KEY e lida do environment; nunca exibida em transcript nem output (Story 123.8) | ||
| - CLI nativa `aiox pro buyer` substitui MCP tools (Wave 1 entregue em Story 123.8) |
There was a problem hiding this comment.
This migration leaves conflicting MCP instructions in the same agent contract.
These new lines say the agent must use aiox pro buyer, but Lines 24-26 and Lines 70-73 still instruct it to use cohort_validate_buyer / cohort_register_buyer. Because this file is the agent’s full operating definition, that contradiction can still send executions down the deprecated MCP path.
Also applies to: 104-105
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In @.claude/commands/cohort-squad/agents/cohort-manager.md around lines 79 - 80,
The agent contract contains conflicting instructions: some sections still tell
the agent to use the deprecated MCP commands cohort_validate_buyer and
cohort_register_buyer while new lines require the CLI command aiox pro buyer;
update the contract so all buyer-related steps consistently reference the new
CLI (aiox pro buyer) and remove or replace any remaining references to
cohort_validate_buyer and cohort_register_buyer (including any example command
invocations or procedural steps), and ensure the AIOX_BUYER_ADMIN_KEY guidance
remains as an environment-only secret (never printed in transcripts or outputs).
| ### Validar Buyer — Wave 1 (ativo) | ||
| ``` | ||
| *validate → informar email → cohort_validate_buyer → resultado | ||
| *validate → informar email → Bash("aiox pro buyer validate --email <E> --json") → parse JSON → resultado | ||
| ``` | ||
|
|
||
| ### Registrar Buyer | ||
| ### Batch Validate — Wave 1 (ativo) | ||
| ``` | ||
| *register → informar nome + email + cpf? → confirmar dados → cohort_register_buyer → resultado | ||
| *validate-batch → lista de emails em arquivo → Bash("aiox pro buyer validate-batch --file <F> --json") → tabela de resultados | ||
| ``` | ||
|
|
||
| ### Batch Validate | ||
| ### Registrar Buyer — Wave 2 (pendente) | ||
| ``` | ||
| *validate-batch → lista de emails → cohort_validate_buyer (loop) → tabela de resultados | ||
| *register → pendente: endpoint POST /api/v1/admin/buyers/register em aiox-license-server ainda não existe. | ||
| → Quando implementado: Bash("AIOX_BUYER_ADMIN_KEY=*** aiox pro buyer register --email <E> --name <N> --yes") | ||
| → Ver Story 123.8 para roadmap. | ||
| ``` |
There was a problem hiding this comment.
Add languages to the fenced command blocks.
Lines 124, 129, and 134 use bare fences, which is already tripping markdownlint. Mark them as text or bash so this doc stays lint-clean.
🧰 Tools
🪛 LanguageTool
[grammar] ~133-~133: Ensure spelling is correct
Context: ...ados ### Registrar Buyer — Wave 2 (pendente) register → pendente: endpoint POST /api/v1/admin/buyers/register em aiox-license-server ainda não existe. → Quando implementado: Bash("AIOX_BUYER_ADMIN_KEY=** aiox pro buyer register --email --name --yes") → Ver Story 123.8 para roadmap. ``` --- ## Seguranca - PRIVATE SQUAD — Nunca c...
(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)
🪛 markdownlint-cli2 (0.22.1)
[warning] 124-124: Fenced code blocks should have a language specified
(MD040, fenced-code-language)
[warning] 129-129: Fenced code blocks should have a language specified
(MD040, fenced-code-language)
[warning] 134-134: Fenced code blocks should have a language specified
(MD040, fenced-code-language)
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In @.claude/commands/cohort-squad/agents/cohort-manager.md around lines 123 -
138, Update the three fenced code blocks under the "Validar Buyer — Wave 1
(ativo)", "Batch Validate — Wave 1 (ativo)" and "Registrar Buyer — Wave 2
(pendente)" sections by adding a fence language (e.g., bash or text) after the
opening triple backticks so the blocks are lint-clean; specifically edit the
blocks that currently start with ``` and contain the commands such as the
validate Bash example ("aiox pro buyer validate --email <E> --json"), the
validate-batch example ("aiox pro buyer validate-batch --file <F> --json"), and
the register example ("AIOX_BUYER_ADMIN_KEY=*** aiox pro buyer register --email
<E> --name <N> --yes") to use ```bash (or ```text) instead of bare ``` .
| ### Better Triage Order In Practice | ||
|
|
||
| Use esta priorização: | ||
|
|
||
| 1. `check-email` | ||
| 2. `login` | ||
| 3. `auth admin` | ||
| 4. `buyers` | ||
| 5. `buyer_validations` | ||
| 6. `licenses` | ||
| 7. `activations` |
There was a problem hiding this comment.
This triage order contradicts the mandatory order above.
Lines 241-246 say every task must follow check-email -> auth admin -> buyers -> login, but this section switches to check-email -> login -> auth admin -> buyers. For a handoff doc that is meant to remove ambiguity, two authoritative orders will generate inconsistent tasks.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@docs/guides/supabase-ops-handoff.md` around lines 566 - 576, The "Better
Triage Order In Practice" section lists a triage sequence that contradicts the
mandatory order earlier; update this section so it matches the authoritative
mandatory sequence (check-email -> auth admin -> buyers -> login) or explicitly
document the exception and rationale. Locate the "Better Triage Order In
Practice" header and replace the list that currently shows `check-email`,
`login`, `auth admin`, `buyers`, `buyer_validations`, `licenses`, `activations`
with the canonical order using the exact task names (`check-email`, `auth
admin`, `buyers`, `login`, ...), or add a clear note explaining why `login` is
intentionally reordered and when that exception applies.
| @@ -1 +1 @@ | |||
| Subproject commit 8f16e8e4c9624b91882f05ca66bc9ea9beedbde2 | |||
| Subproject commit 8932e8080f4a57ee9aa44e45bf7cdf0c4f467ce2 | |||
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
set -euo pipefail
TARGET_SHA="8932e8080f4a57ee9aa44e45bf7cdf0c4f467ce2"
# 1) Resolve submodule URL for "pro" from .gitmodules
PRO_URL="$(git config -f .gitmodules --get submodule.pro.url)"
echo "pro submodule URL: ${PRO_URL}"
# 2) Verify the exact SHA is reachable on the remote
echo "Checking remote reachability for ${TARGET_SHA}..."
git ls-remote "${PRO_URL}" "${TARGET_SHA}"
# 3) Optional: list remote heads/tags for quick visibility during review
echo "Remote heads:"
git ls-remote --heads "${PRO_URL}" | sed -n '1,20p'
echo "Remote tags:"
git ls-remote --tags "${PRO_URL}" | sed -n '1,20p'Repository: SynkraAI/aiox-core
Length of output: 321
The submodule remote repository is not accessible and will block clone/CI operations.
The pro submodule points to https://github.com/SynkraAI/aiox-pro.git, which returned "repository not found" when verified. Confirm the repository URL is correct, publicly accessible or properly authenticated, and that the pinned commit exists in that remote before merging.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@pro` at line 1, The pro submodule points to an inaccessible remote
(https://github.com/SynkraAI/aiox-pro.git) and will break clones/CI; open the
submodule entry (the pro file/.gitmodules and .git/config) and either correct
the URL to the valid repository, change it to a public/accessible remote, or
remove the submodule if it’s no longer required, then run git submodule sync &&
git submodule update --init --recursive to re-pin; also verify the pinned commit
SHA exists on the corrected remote (or update the submodule to a valid commit)
before merging.
1 participant
Summary
Story 123.8 Wave 1 — Migrate buyer validation from MCP (
cohort_validate_buyer) to native CLI (aiox pro buyer).Constitution Article I (CLI First): buyer validation must work 100% via CLI, not depending on Docker MCP. Triggered by 2026-04-22 incident where MCP disconnected mid-operation.
Implementation
New CLI surface (
aiox pro buyer):aiox pro buyer validate --email X [--json]— single buyer checkaiox pro buyer validate-batch --file emails.txt [--concurrency N]— bounded batchaiox pro buyer register— Wave 2 stub (exit 2 with deferral message)Files:
.aiox-core/cli/commands/pro/buyer.js(349 LOC).aiox-core/cli/commands/pro/index.js: register buyer subcommand.claude/commands/cohort-squad/agents/cohort-manager.md: replace MCP tools with bash invocation (AC9, validate-only)docs/guides/supabase-ops-handoff.md(Pro Access Ops Handoff v3.0.0)Tests (31 passing):
tests/cli/pro-buyer.test.js— 26 tests (helpers, e2e subprocess, http contract, register stub)tests/license/license-api-buyer.test.js— 5 tests (validateBuyer narrow contract, error paths, defensive narrowing) — note: file lives undertests/license/which is in JesttestPathIgnorePatterns; verified manually with--testPathIgnorePatternsoverride.Cross-repo dependency
Submodule bump:
pro→8932e808(addsvalidateBuyer()toLicenseApiClient).This commit is on aios-pro
feat/story-123.8-validate-buyer(open PR #8 in aios-pro). PR #8 must merge before this PR can merge cleanly.Acceptance criteria
Wave 1 (verified by QA gate 2026-04-22, verdict PASS):
aiox pro buyer validateexit codes--jsonstable shapevalidate-batchbounded concurrencyWave 2 deferred (depends on
POST /api/v1/admin/buyers/registerin aiox-license-server):🤖 Generated with Claude Code
Summary by CodeRabbit
New Features
aiox pro buyerCLI command group withvalidateandvalidate-batchsubcommands for email validation in JSON or text formats.Documentation
Tests