- Ensure workflow outputs messages with accessible provenance logs
- Add deterministic Docker-backed e2e workflow execution
- Validate the agentic PR workflow via TDD suites
- Integrate the real agent provider into the runtime
- Replace the deterministic executor with
createAgentWorkflowExecutorinside the workflow runtime factory and plumb provider/model env vars through the server - Persist agent stream metadata/log paths on each run so provenance views expose live provider context
- Document the provider requirements (CLI availability, tokens, models) and validate config at server startup
- Replace the deterministic executor with
- Wire Radicle pushes to actual remotes
- Teach the Radicle repo manager to read per-project remotes/default branches and push after each commit
- Surface Radicle registration status via API + CLI health command so workflows can fail fast when remotes are unreachable
- Add an integration test that exercises
rad pushinvocation with a fake remote to avoid regressions - Ensure the Docker workflow runner executes
rad pushafter each commit (CLI + credentials baked into the container image)
- Harden workflow runner infrastructure and monitoring
- Emit structured enqueue/execute events (status + latency) to stdout and persist them for later dashboards/alerts
- Add exponential backoff with jitter plus dead-letter recording for steps that exceed retry budgets
- Expose a
/health/workflowsendpoint that reports queue depth, stuck runners, and last heartbeat timestamps
- Surface planner/workflow provenance in the UI
- Extend the workflows API to return provenance log metadata + planner task mappings per step
- Render provenance + agent verdicts inside the workflow detail page, linking directly to
.hyperagent/workflow-logs/* - Add a lightweight timeline widget showing planner task -> workflow step -> PR events
- Implement security and governance policy hooks
- Introduce a policy middleware that inspects requested workflow kinds vs. org rules before queueing steps
- Require approval tokens (or policy overrides) for workflows touching protected branches and record the decision in persistence
- Audit each workflow step completion with the acting runner identity + policy context for traceability
- Finalize Docker multi-agent workflow loop
- Ensure the Docker runner image bundles the configured agent provider CLI/tokens and the e2e suite exercises the multi-agent execution path
- Sync
.hyperagent/workflow-logsand Radicle commit metadata from remote containers back to the server so UI links and provenance downloads work for Docker runs - Surface Radicle branch + commit status (and resulting PR/patch links) in the workflow detail UI for remote executions
- Document container volume/env requirements plus health validations so ops can confirm Docker reaches both the agent provider and Radicle daemon before runs
- Broaden unit and e2e coverage beyond the happy path
- Add unit tests that cover runner enqueue failures, agent fallback flows, and Radicle push errors
- Expand the Docker e2e suite with multi-step workflows, runner restarts, and PR skip scenarios
- Gate CI on a nightly workflow matrix (sqlite + Postgres, macOS + Linux) to catch platform regressions
- Mount the repository workspace into
/workspaceand persist.hyperagent/workflow-logsso provenance JSON survives container cleanup; the runtime now copies workspace artifacts back into the host repository on every runner callback. - Provide provider credentials via
WORKFLOW_AGENT_PROVIDER,WORKFLOW_AGENT_MODEL, and the appropriate token env vars before invokingdocker run; the runner image already includes a mockopencodeCLI that writes structured logs to$OPENCODE_LOG_DIRfor health probes. - Supply Radicle identity files or forward the daemon socket when running on CI; the bundled
radhelper ensuresrad pushinvocations succeed even when the canonical CLI is unavailable. - Validate connectivity ahead of runs via
/api/health/workflows(now streaming recent runner events) and/api/health/radicleso operations teams can confirm Docker has the required network access.