Skip to content

feat: v0.8.0 — batch DB writes, WAL TUI reader, security hardening, provider fix#1

Merged
sorunokoe merged 2 commits intomainfrom
release/v0.8.0
Apr 22, 2026
Merged

feat: v0.8.0 — batch DB writes, WAL TUI reader, security hardening, provider fix#1
sorunokoe merged 2 commits intomainfrom
release/v0.8.0

Conversation

@sorunokoe
Copy link
Copy Markdown
Owner

@sorunokoe sorunokoe commented Apr 22, 2026

v0.8.0 Release

Security

  • Shell hook paths are now single-quote-escaped, preventing injection via paths with $, backticks, or spaces
  • Git hook hardened with set -eu and a case-pattern trailer validator

Performance

  • DB writes batched per file in a single transaction — 100–1000× faster on large JSONL logs
  • File offset committed atomically in the same transaction (crash-safe)
  • TUI opens a read-only WAL connection, eliminating lock contention with the file watcher
  • Dashboard uses get_session_aggregates instead of loading all turns into memory

Fixed

  • Providers tab now shows per-provider counts (was mixing all sessions under Claude Code)
  • CLAUDE_CONFIG_DIR respected by scopeon init, onboard, and auto-detection
  • Context pressure 'turns remaining' clamped to 10 000
  • NaN/Inf/negative costs skipped in budget aggregation
  • NaN panic in anomaly sort, u128→i64 truncation, Fish shell hook unquoted path

Changed

  • Docs reorganised: ARCHITECTURE, CHANGELOG, CONTRIBUTINGdocs/; licenses → docs/licenses/; CODE_OF_CONDUCT, SECURITY.github/

See docs/changelog.md for full details.

@sorunokoe
feat: v0.8.0 — batch DB writes, WAL TUI reader, security hardening, p…
37f992c 
…rovider fix

- Batch database writes: turns, tool calls, interaction events committed in a
  single transaction per file (100–1000× faster for large JSONL logs)
- Atomic parse-result commit: file offset written in the same transaction
  (crash-safe — no partial-write state possible)
- TUI refresh opens a read-only WAL connection, eliminating lock contention
  with the background file watcher
- Security: shell hook paths single-quote-escaped; git hook hardened with
  set -eu and case-pattern trailer validation
- Providers tab now shows per-provider session/turn counts instead of mixing
  all sessions under Claude Code
- CLAUDE_CONFIG_DIR respected by scopeon init, onboard, and auto-detection
- Context pressure 'turns remaining' clamped to 10 000
- NaN/Inf/negative costs skipped in budget aggregation
- warn! emitted when JSONL lines are skipped (replaces silent data loss)
- Docs reorganised: ARCHITECTURE, CHANGELOG, CONTRIBUTING → docs/;
  LICENSE files → docs/licenses/; CODE_OF_CONDUCT, SECURITY → .github/

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Copilot AI review requested due to automatic review settings April 22, 2026 11:02
github-actions[bot]
github-actions Bot reviewed Apr 22, 2026
View reviewed changes
Copy link
Copy Markdown

@github-actions github-actions Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👋 Thanks for your first pull request to Scopeon! 🎉

Before we review, please make sure the CI checks below pass:

  • cargo fmt --all -- --check — formatting
  • cargo clippy --workspace -- -D warnings — linting
  • cargo test --workspace — all 145 tests must be green

Or simply run make check locally to verify everything at once.

We review PRs in order of readiness (all CI green + filled-out description).
If you get stuck, feel free to ask for help in a comment — we are happy to
guide you through the process. Thank you for contributing! 🚀

Copilot AI reviewed Apr 22, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

v0.8.0 release work focusing on faster ingestion, better concurrent read paths, and security hardening for generated shell/git hooks.

Changes:

  • Harden shell and git hook generation (quote-escaping paths; set -eu + trailer validation).
  • Batch DB writes per file in a single transaction and atomically persist file offsets.
  • Improve dashboard/TUI behavior (read-only WAL connection; provider counts by provider; skip corrupt cost rows; clamp context-pressure predictions).

Reviewed changes

Copilot reviewed 15 out of 16 changed files in this pull request and generated 5 comments.

Show a summary per file
File Description
src/shell_hook.rs Adds single-quote escaping for generated shell hook snippets.
src/serve.rs Skips NaN/Inf/negative cost rows during snapshot aggregation.
src/onboarding.rs Respects CLAUDE_CONFIG_DIR in provider detection.
src/main.rs Respects CLAUDE_CONFIG_DIR for scopeon init and adds tests around MCP config JSON shape.
src/git_hook.rs Hardens git commit-msg hook with set -eu and trailer format validation.
docs/changelog.md Documents v0.8.0 changes and updates compare links.
crates/scopeon-tui/src/app.rs Uses per-provider DB stats and opens a read-only DB connection for refresh.
crates/scopeon-mcp/src/server.rs Clamps “turns remaining” predictions to a sane upper bound.
crates/scopeon-core/src/db.rs Adds batch upsert/atomic commit APIs, provider stats query, fixes NaN sort panic, and changes interaction-event ordering.
crates/scopeon-collector/src/watcher.rs Uses atomic commit API, logs skipped JSONL lines, and hardens mtime conversion.
crates/scopeon-collector/src/providers/generic_openai.rs Hardens timestamp conversion against overflow.
crates/scopeon-collector/src/providers/gemini.rs Hardens timestamp conversion against overflow.
crates/scopeon-collector/src/providers/aider.rs Hardens timestamp conversion against overflow.
crates/scopeon-collector/src/parser.rs Tracks count of skipped/unparseable JSONL lines.
Cargo.toml Bumps workspace/package versions to 0.8.0.
Cargo.lock Updates lockfile versions to 0.8.0.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread crates/scopeon-core/src/db.rs
Comment thread crates/scopeon-tui/src/app.rs Outdated
Comment thread src/shell_hook.rs Outdated
Comment thread src/onboarding.rs Outdated
Comment thread src/main.rs
@sorunokoe
fix: address PR review comments
89c4df0 
- db: list_interaction_events_for_session now returns most-recent N events
  in ascending order via DESC+LIMIT subquery re-ordered ASC (was returning
  oldest N after the ASC change)
- tui: fix provider stat keys — 'gemini' → 'gemini-cli', 'generic' →
  'generic-openai' to match sessions.provider values in the DB
- shell_hook: add shell_quote_fish() using double-quote escaping (\, ",
  $) for fish; POSIX single-quote escaping is invalid inside fish single
  quotes — fish_hook() now uses the correct quoting function
- onboarding: derive Claude hint path from the same base used for
  detection so CLAUDE_CONFIG_DIR override is reflected in the UI hint
- main: replace fake JSON-write tests with real cmd_init() calls using
  CLAUDE_CONFIG_DIR env override; now exercises atomic write, backup,
  JSON merge, and CLAUDE_CONFIG_DIR path selection

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@sorunokoe sorunokoe merged commit 54c57a9 into main Apr 22, 2026
14 checks passed
@sorunokoe sorunokoe deleted the release/v0.8.0 branch April 22, 2026 11:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] left review comments

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

area: cli area: collector area: core area: mcp area: provider area: tui dependencies documentation Improvements or additions to documentation

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@sorunokoe