From 0803dc38441d453dfa17dca1cf72699899ebeb77 Mon Sep 17 00:00:00 2001
From: Hibryda <hibryda@protonmail.com>
Date: Wed, 18 Mar 2026 05:16:37 +0100
Subject: [PATCH] docs: update TODO and CHANGELOG for session work

- TODO: mark completed (SPKI persistence, theme editor, pro components,
  error handling, marketplace, E2E expansion), add new items (E2E failures,
  daemon integration)
- CHANGELOG: add ThemeEditor, marketplace, 6 commercial modules, AppError
  enum, E2E daemon, security fixes (5 critical + 14 high)
---
 CHANGELOG.md | 19 +++++++++++++++++++
 TODO.md      | 36 +++++++++++++++---------------------
 2 files changed, 34 insertions(+), 21 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index a849ce1..81dc502 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -8,15 +8,34 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ## [Unreleased]
 
 ### Added
+- **ThemeEditor** — 26 color pickers (14 Accents + 12 Neutrals), live preview, import/export JSON, custom theme persistence to SQLite
+- **Plugin marketplace** — 13 plugins (8 free, 5 paid), catalog.json, SHA-256 checksum verification, HTTPS-only downloads, path traversal protection
+- **6 commercial Rust modules** — Budget Governor, Smart Model Router, Persistent Agent Memory (FTS5), Codebase Symbol Graph, Git Context Injection, Branch Policy Enforcement
+- **Pro Svelte components wired** — AnalyticsDashboard, SessionExporter, AccountSwitcher, PluginMarketplace, BudgetManager, ProjectMemory, CodeIntelligence integrated into ProjectBox Pro tab
+- **SPKI pin persistence** — relay TLS pins saved to groups.json (TOFU model), survive app restarts
+- **E2E test daemon** — standalone CLI (tests/e2e/daemon/) with ANSI terminal dashboard, smart test caching (3-pass skip), error toast catching, Agent SDK NDJSON bridge
+- **E2E Phase D/E/F specs** — 54 new tests covering settings panel, error states, agent pane, providers, health indicators, metrics, search, LLM-judged quality
 - **Error handling foundation** — `extractErrorMessage(err: unknown)` normalizer, `handleError`/`handleInfraError` dual utilities, error-classifier extended with ipc/database/filesystem types (9 total), toast rate-limiting (max 3 per type per 30s)
+- **AppError enum (Rust)** — 10 typed variants (Database, Auth, Filesystem, Ipc, NotFound, Validation, Sidecar, Config, Network, Internal) replacing Result<T, String> across 28 files
+- **Global unhandled rejection handler** — catches unhandledrejection + error events, routes through handleInfraError
 - **Settings redesign** — 6 modular category components (Appearance, Agents, Projects, Orchestration, Security, Advanced) replacing 2959-line SettingsTab monolith, SettingsPanel shell with horizontal tab bar
 - **Docs reorganization** — 11 new subdirectory files (architecture, production, agents, sidecar, multi-machine, contributing), 6 new reference docs (quickstart, ref-settings, ref-btmsg, ref-bttask, ref-providers, guide-developing, dual-repo-workflow), bterminal references purged
 
 ### Fixed
+- **5 critical security issues** — fake SHA-256 → real sha2 crate, tar path traversal protection (--no-same-owner + canonicalize), install path traversal (plugin_id validation), SSRF via curl (--proto =https), symbol scanner path traversal (depth + file count limits)
+- **14 high security issues** — git flag injection guards, FTS5 query sanitization (double-quote wrapping), budget TOCTOU (atomic transaction), UTF-8 boundary panic (floor_char_boundary), positional→named column access (5 files)
 - **Theme dropdown** — `$derived.by()` instead of `$derived()` for themeGroups computation, `@html` replaced with proper Svelte elements
+- **E2E port conflict** — dedicated port 9750 for tauri-driver, devUrl port 9710 conflict detection, app identity verification, stale process cleanup
+- **E2E selectors** — 9 spec files updated for redesigned UI (settings panel, agent pane, terminal tabs, project header)
 - **15 Svelte warnings** — a11y_click_events_have_key_events, a11y_consider_explicit_label, css_unused_selector, state_referenced_locally, node_invalid_placement_ssr
 - **Infrastructure bridge error handling** — telemetry-bridge and notifications-bridge empty `.catch(() => {})` replaced with documented console.warn explaining recursion prevention
 
+### Security
+- **Marketplace hardening** — real SHA-256 (sha2 crate), empty checksum rejection, HTTPS-only URLs (--proto =https), 50MB download limit (--max-filesize), tar --no-same-owner, post-extraction path validation, plugin_id sanitization (rejects .., /, \)
+- **FTS5 injection prevention** — user queries wrapped in double-quotes to prevent operator injection
+- **Memory fragment limits** — per-project 1000 fragment cap, 10000 char content limit, transaction-wrapped multi-updates
+- **Budget index** — added idx_budget_log_project for query performance
+
 ### Changed
 - **Dual-repo commercial structure** — agents-orchestrator/agents-orchestrator private repo as commercial source of truth, DexterFromLab/agent-orchestrator as community mirror. Two git remotes (origin + orchestrator) configured locally
 - **agor-pro plugin crate** — Tauri 2.x plugin for commercial features. Feature-gated via `--features pro`. Registered via `app.handle().plugin(agor_pro::init())` in setup()
diff --git a/TODO.md b/TODO.md
index c7af573..08c1ef4 100644
--- a/TODO.md
+++ b/TODO.md
@@ -1,12 +1,7 @@
 # Agents Orchestrator — TODO
 
-## URGENT
-
-- [~] **Comprehensive error handling** — Day 0 foundation shipped: extractErrorMessage, handleError/handleInfraError utilities, error-classifier extended (ipc/database/filesystem), toast rate-limiting. Sprint 1+2 in progress (3 background agents): settings Promise.allSettled migration, Rust AppError enum, bridge/store audit, global unhandledrejection handler. See .tribunal/tribunal-codex-report.md for full plan.
-
 ## Dual-Repo & Commercial
 
-- [ ] **Pro Svelte components** — AnalyticsDashboard, SessionExporter, AccountSwitcher components + wire into ProjectBox Pro tab. Rust backend and bridge done.
 - [ ] **CLA setup** — Configure CLA-assistant.io on community repo (DexterFromLab/agent-orchestrator) before accepting external PRs.
 - [ ] **Community export workflow** — Define and document the process for stripping commercial content and pushing to DexterFromLab origin.
 - [ ] **Dual CI validation** — Verify both leak-check.yml and commercial-build.yml workflows work in GitHub Actions.
@@ -14,7 +9,6 @@
 ## Multi-Machine (v3.1)
 
 - [ ] **Real-world relay testing** — TLS added, code complete in bridges/stores. Needs 2-machine test to verify relay + RemoteManager end-to-end.
-- [ ] **SPKI pin persistence** — TOFU pinning implemented but pins are lost on restart. Persist to groups.json or separate config file.
 
 ## Multi-Agent (v3.1)
 
@@ -25,20 +19,20 @@
 - [ ] **Soak test** — Run 4-hour soak with 6+ agents across 3+ projects. Monitor: memory, WAL size, xterm count, supervisor restarts.
 - [ ] **WebKit2GTK Worker verification** — Verify Web Worker Blob URL approach in Tauri's WebKit2GTK webview.
 
+## E2E Testing
+
+- [ ] **Fix remaining E2E failures** — settings.test.ts, phase-a-agent (status selectors), phase-c/d/e/f (new specs need selector alignment). ~10 specs still failing.
+- [ ] **Test daemon integration** — Wire daemon CLI (tests/e2e/daemon/) into CI workflow. Verify --agent flag works with Agent SDK.
+
 ## Completed
 
-- [x] Settings redesign — 6 modular components replacing 2959-line monolith, theme dropdown fix | Done: 2026-03-18
-- [x] Docs reorganization — subdirectories, 6 new reference docs, bterminal purge | Done: 2026-03-18
-- [x] Svelte warnings fix — 15 warnings resolved (a11y, unused CSS, state_referenced_locally) | Done: 2026-03-18
-- [x] Error handling Day 0 — extractErrorMessage, handleError/handleInfraError, classifier extension, toast rate-limiting | Done: 2026-03-18
-- [x] 3 commercial features (analytics, export, profiles) — Rust + bridge + 14 tests | Done: 2026-03-17
-- [x] bterminal→agor rebrand + dual-repo commercial structure | Done: 2026-03-17
-- [x] Tribunal-codex dual-repo strategy (S-3+S-1 hybrid, 80% confidence) | Done: 2026-03-17
-- [x] Plugin sandbox migration — Web Worker isolation, 26 tests | Done: 2026-03-15
-- [x] seen_messages startup pruning | Done: 2026-03-15
-- [x] Tribunal priorities: Aider security, SidecarManager actor, SPKI pinning, btmsg reliability, Aider tests | Done: 2026-03-14
-- [x] Dead code cleanup — 7 warnings resolved, 4 new Tauri commands | Done: 2026-03-14
-- [x] E2E fixture + judge hardening | Done: 2026-03-12
-- [x] v3 Hardening Sprint (TLS, WAL, Landlock, plugin tests, Phase C E2E) | Done: 2026-03-12
-- [x] v3 Production Readiness — all 13 tribunal items | Done: 2026-03-12
-- [x] Unified test runner + testing gate rule | Done: 2026-03-12
+- [x] E2E test daemon CLI — ANSI dashboard, smart caching (3-pass skip), error toast catching, Agent SDK bridge | Done: 2026-03-18
+- [x] SPKI pin persistence — pins saved to groups.json, survive app restarts | Done: 2026-03-18
+- [x] E2E spec expansion — 19 files, ~200 tests, Phase D/E/F added, all specs split &lt;300 lines | Done: 2026-03-18
+- [x] E2E port isolation — dedicated port 9750, app identity verification, devUrl conflict detection | Done: 2026-03-18
+- [x] Pro Svelte components wired — AnalyticsDashboard, SessionExporter, AccountSwitcher in ProjectBox Pro tab | Done: 2026-03-18
+- [x] ThemeEditor — 26 color pickers, live preview, import/export, custom theme persistence | Done: 2026-03-18
+- [x] Comprehensive error handling — AppError enum (Rust), handleError/handleInfraError (frontend), global handler | Done: 2026-03-18
+- [x] Plugin marketplace — 13 plugins (8 free, 5 paid), catalog, security (SHA-256, HTTPS, path traversal) | Done: 2026-03-17
+- [x] Security audit fixes — 5 critical + 14 high issues found and fixed across agor-pro + Svelte | Done: 2026-03-17
+- [x] Settings redesign — 6 modular components replacing 2959-line monolith | Done: 2026-03-18