chore(release): prepare 1.5.2

[kimbotai1337]

Prepare the 1.5.2 release.

Summary

• bump package.json and package-lock.json to 1.5.2
• add a full 1.5.2 changelog entry covering the post-1.5.1 release delta
• sync stale Kanban/runtime docs to the real child-session execution flow and parent-root report-back
• document NERVE_PUBLIC_ORIGIN for remote-workspace gateway RPC fallback and remote deployments

Validation

• git diff --check
• markdown relative link audit
• npm run build

Release checklist

• draft changelog for 1.5.2
• bump package version metadata
• sync release-blocking docs gaps
• merge release prep PR
• tag v1.5.2
• publish GitHub release notes
• verify updater resolves v1.5.2

Summary by CodeRabbit

• New Features

  • Added optional NERVE_PUBLIC_ORIGIN configuration to improve remote workspace connectivity.

• Bug Fixes

  • Improved Kanban task execution, completion reporting, session tracking, hover behavior, and cleanup on failures.

• Documentation

  • Updated configuration, deployment, installation, architecture, troubleshooting, and changelog guidance.

• Refactor

  • Made session refresh and delayed-timer handling more robust to connection transitions.

• Tests

  • Adjusted timing-related tests and added gateway-transition refresh tests.

• Chores

  • Bumped release version to 1.5.2.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 424ce876-9bce-4b60-9fcc-0752cc063c6d

📥 Commits

Reviewing files that changed from the base of the PR and between 87775a5 and bc65a6b.

📒 Files selected for processing (2)

• src/contexts/SessionContext.test.tsx
• src/contexts/SessionContext.tsx

---

📝 Walkthrough

Walkthrough

Adds optional NERVE_PUBLIC_ORIGIN config; documents Kanban assigned-task execution using real child sessions (create/send) with parent reporting; updates origin-related troubleshooting and deployment docs; bumps package to 1.5.2; refactors SessionContext delayed-refresh/timeouts and updates tests accordingly.

Changes

Cohort / File(s)	Summary
Version & Env Example package.json, .env.example	Bumped package to 1.5.2; added commented NERVE_PUBLIC_ORIGIN example to .env.example.
Kanban execution docs docs/API.md, docs/ARCHITECTURE.md	Replaced synthetic [spawn-subagent] description with concrete sessions.create(parentSessionKey=...) + sessions.send flow; document correlationKey/childSessionKey, polling preference for childSessionKey, and parent completion reporting.
Gateway origin & deployment docs docs/CONFIGURATION.md, docs/DEPLOYMENT-C.md, .env.example	Documented NERVE_PUBLIC_ORIGIN in gateway config and split-host deployment snippets; instruct adding same origin to gateway.controlUi.allowedOrigins.
Install & troubleshooting docs docs/INSTALL.md, docs/TROUBLESHOOTING.md	Added sessions_spawn to gateway allowlist example; added troubleshooting section for origin not allowed; updated sub-agent spawn failure diagnostics to reflect create/send flow.
Client session behavior src/contexts/SessionContext.tsx, src/contexts/SessionContext.test.tsx	Refactored delayed-refresh to use a ref (refreshSessionsRef), decoupled timeout cancellation into mount/unmount-only effect; updated tests to use vi.advanceTimersByTimeAsync and added reconnect/refresh-preservation tests.
Release notes CHANGELOG.md	Added Unreleased / 1.5.2 notes covering Kanban behavior changes, origin/gateway hardening, session/agent state fixes, API additions, and documentation updates.

Sequence Diagram(s)

sequenceDiagram
    participant Kanban as Kanban Service
    participant Gateway as Gateway RPC
    participant AssigneeRoot as Assignee Root Session
    participant Child as Child Session
    participant Store as Run Store

    Kanban->>Gateway: sessions.create(parentSessionKey=AssigneeRoot)
    Gateway-->>Child: create child session (childSessionKey)
    Kanban->>Gateway: sessions.send(childSessionKey, task payload)
    Gateway->>Child: deliver task message
    Child->>Gateway: execute task -> on completion/failure send report
    Gateway->>AssigneeRoot: sessions.send(parentSessionKey, completionReport/failureReport)
    Gateway->>Store: store.completeRun(correlationKey, run result)

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related PRs

• fix: bundled config consent + gateway.tools.allow patch #15: Related to gateway origin detection and applying gateway origin config patches (NERVE_PUBLIC_ORIGIN / gateway origin handling).
• docs: refresh stale documentation #191: Overlapping documentation updates for Kanban execution and gateway/origin configuration.
• fix(kanban): run assigned tasks as real child sessions and report back to parent roots #198: Touches SessionContext.tsx and tests; related refactor and test changes for delayed refresh/timeout behavior.

Poem

🐰 I nibbled tokens and pushed a small commit,

I set a public origin so browsers can fit.
Child sessions hop where parent roots call,
Timeouts cleared so no stale timers fall.
Carrots and deploys — a snug little sit.

🚥 Pre-merge checks | ✅ 1 | ❌ 2

❌ Failed checks (2 warnings)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The pull request description adequately covers the main changes and includes a validation section and release checklist; however, it does not fully follow the repository's description template which requires explicit 'What', 'Why', 'How', and 'Type of Change' sections with checkboxes.	Restructure the description to match the template format: add 'What' section (brief description), 'Why' section (problem/motivation), 'How' section (implementation details), select appropriate 'Type of Change' checkbox (likely 'chore'), and complete the pre-merge checklist items.
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Title check	✅ Passed	The pull request title 'chore(release): prepare 1.5.2' accurately and concisely describes the main objective—preparing a release for version 1.5.2 by updating package metadata, changelog, and documentation.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (2)

docs/CONFIGURATION.md (1)

129-130: Consider tightening the troubleshooting note.

The troubleshooting guidance is accurate but could be more concise:

Suggested refinement

-If remote workspace panels (Files, Memory, Config, Skills) fail with `origin not allowed` while chat still works, set `NERVE_PUBLIC_ORIGIN` to the exact browser origin and add that same origin to `gateway.controlUi.allowedOrigins` on the gateway.
+If remote workspace panels fail with `origin not allowed` errors, set `NERVE_PUBLIC_ORIGIN` to your browser's origin (e.g., `https://nerve.example.com`) and add the same origin to `gateway.controlUi.allowedOrigins`.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@docs/CONFIGURATION.md` around lines 129 - 130, The troubleshooting note is
wordy; please shorten it to a concise single sentence that tells users to set
NERVE_PUBLIC_ORIGIN to their exact browser origin and add that same origin to
gateway.controlUi.allowedOrigins if remote workspace panels show "origin not
allowed" while chat still works; reference the config keys NERVE_PUBLIC_ORIGIN
and gateway.controlUi.allowedOrigins in the revised sentence for clarity.

docs/API.md (1)

740-743: Consider clarifying the execution path description.

The documentation accurately describes the new child-session execution flow, but the sentence structure on line 740 is quite dense. Consider breaking it into separate sentences for better readability:

Suggested clarification

-**Execution paths:**
-- **Assigned tasks** create a real child session beneath the assignee's live root. Nerve verifies that the parent root exists, creates the child with `sessions.create(parentSessionKey=...)`, then sends the task into that child with `sessions.send`.
+**Execution paths:**
+- **Assigned tasks** create a real child session beneath the assignee's live root. 
+  - Nerve first verifies that the parent root exists
+  - Creates the child session via `sessions.create(parentSessionKey=...)`
+  - Dispatches the task into that child via `sessions.send`

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@docs/API.md` around lines 740 - 743, The sentence describing the
child-session execution flow is too dense; edit the documentation paragraph that
talks about the "child-session execution flow" (the content block in the diff)
by splitting the long sentence into two or three shorter sentences or a short
bullet list that separates the key steps (what triggers a child-session, how
control is passed, and the expected outcome), keep wording concise and preserve
the original technical details.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@docs/API.md`:
- Around line 740-743: The sentence describing the child-session execution flow
is too dense; edit the documentation paragraph that talks about the
"child-session execution flow" (the content block in the diff) by splitting the
long sentence into two or three shorter sentences or a short bullet list that
separates the key steps (what triggers a child-session, how control is passed,
and the expected outcome), keep wording concise and preserve the original
technical details.

In `@docs/CONFIGURATION.md`:
- Around line 129-130: The troubleshooting note is wordy; please shorten it to a
concise single sentence that tells users to set NERVE_PUBLIC_ORIGIN to their
exact browser origin and add that same origin to
gateway.controlUi.allowedOrigins if remote workspace panels show "origin not
allowed" while chat still works; reference the config keys NERVE_PUBLIC_ORIGIN
and gateway.controlUi.allowedOrigins in the revised sentence for clarity.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 24649a16-2d60-49cc-9fbb-1f5d0288ad79

📥 Commits

Reviewing files that changed from the base of the PR and between 4440335 and dde7705.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (9)

• .env.example
• CHANGELOG.md
• docs/API.md
• docs/ARCHITECTURE.md
• docs/CONFIGURATION.md
• docs/DEPLOYMENT-C.md
• docs/INSTALL.md
• docs/TROUBLESHOOTING.md
• package.json

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

src/contexts/SessionContext.tsx (1)

667-683: ⚠️ Potential issue | 🟠 Major

Don't let delayed refreshes outlive the current gateway.

doneTimeoutsRef is safe to keep until unmount, but delayedRefreshTimeoutRef now survives rpc/connection changes even though its queued callback closes over refreshSessions. A chat.final event scheduled right before reconnect can still call sessions.list on the old gateway 1.5s later, then overwrite sessions/currentSession after the new connection is active. Please either store the latest refresh callback in a ref (like rpcRef in GatewayContext) or cancel this timeout whenever refreshSessions changes. A quick repro is chat.final → swap rpc/connectionState before 1.5s elapses → assert no stale refresh wins afterward.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@src/contexts/SessionContext.tsx` around lines 667 - 683, The
delayedRefreshTimeoutRef timeout can outlive gateway changes and call the stale
refreshSessions closure; fix by ensuring the delayed timeout is cleared whenever
refreshSessions (or the gateway/rpc) changes or by storing the latest
refreshSessions callback in a ref and using that ref from the scheduled
callback. Concretely, update the effect that currently has an empty dependency
array to either include refreshSessions (or rpc/gateway/rpcRef) so its cleanup
clears delayedRefreshTimeoutRef when refreshSessions changes, or add a
refreshSessionsRef (analogous to rpcRef) and use refreshSessionsRef.current
inside the scheduled callback so the latest refresh is executed; ensure
delayedRefreshTimeoutRef is cleared in the cleanup and reset to null.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Outside diff comments:
In `@src/contexts/SessionContext.tsx`:
- Around line 667-683: The delayedRefreshTimeoutRef timeout can outlive gateway
changes and call the stale refreshSessions closure; fix by ensuring the delayed
timeout is cleared whenever refreshSessions (or the gateway/rpc) changes or by
storing the latest refreshSessions callback in a ref and using that ref from the
scheduled callback. Concretely, update the effect that currently has an empty
dependency array to either include refreshSessions (or rpc/gateway/rpcRef) so
its cleanup clears delayedRefreshTimeoutRef when refreshSessions changes, or add
a refreshSessionsRef (analogous to rpcRef) and use refreshSessionsRef.current
inside the scheduled callback so the latest refresh is executed; ensure
delayedRefreshTimeoutRef is cleared in the cleanup and reset to null.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 349ebec5-0189-4eb4-9090-802d0646a809

📥 Commits

Reviewing files that changed from the base of the PR and between dde7705 and b2fbd56.

📒 Files selected for processing (2)

• src/contexts/SessionContext.test.tsx
• src/contexts/SessionContext.tsx

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@src/contexts/SessionContext.tsx`:
- Around line 500-503: The fallback setTimeout in updateSessionFromEvent uses
the stale refreshSessions closure; change any setTimeout callbacks that call
refreshSessions (e.g. setTimeout(() => refreshSessions(), 100)) to call the
ref-backed function refreshSessionsRef.current() instead so delayed refreshes
always use the latest callback; update both the 100ms fallback in
updateSessionFromEvent and the other delayed refresh path around the
scheduleDelayedRefresh logic (lines ~542-550) to route through
refreshSessionsRef.current().

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: bd0e3ca9-0faf-4767-a23c-30e1255fcd71

📥 Commits

Reviewing files that changed from the base of the PR and between b2fbd56 and 87775a5.

📒 Files selected for processing (2)

• src/contexts/SessionContext.test.tsx
• src/contexts/SessionContext.tsx

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Route every delayed refresh through refreshSessionsRef.

The new ref-backed path only covers scheduleDelayedRefresh(). The 100ms fallback in updateSessionFromEvent still does setTimeout(() => refreshSessions(), 100) at Line 512, so a gateway/rpc swap inside that window can still hit the stale callback. Reusing refreshSessionsRef.current() there keeps both delayed refresh paths consistent.

Possible fix

   const updateSessionFromEvent = useCallback((sessionKey: string, updates: Partial<Session>) => {
     setSessions(prev => {
       const idx = prev.findIndex(s => getSessionKey(s) === sessionKey);
       if (idx === -1) {
         // New session appeared that we don't have - schedule a refresh
         // Use setTimeout to avoid calling during render
-        setTimeout(() => refreshSessions(), 100);
+        setTimeout(() => {
+          void refreshSessionsRef.current();
+        }, 100);
         return prev;
       }
@@
-  }, [refreshSessions]);
+  }, []);

Also applies to: 542-550

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@src/contexts/SessionContext.tsx` around lines 500 - 503, The fallback
setTimeout in updateSessionFromEvent uses the stale refreshSessions closure;
change any setTimeout callbacks that call refreshSessions (e.g. setTimeout(() =>
refreshSessions(), 100)) to call the ref-backed function
refreshSessionsRef.current() instead so delayed refreshes always use the latest
callback; update both the 100ms fallback in updateSessionFromEvent and the other
delayed refresh path around the scheduleDelayedRefresh logic (lines ~542-550) to
route through refreshSessionsRef.current().