Skip to content

chore(deps): bump golang.org/x/crypto from 0.50.0 to 0.52.0#8

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/golang.org/x/crypto-0.52.0
Open

chore(deps): bump golang.org/x/crypto from 0.50.0 to 0.52.0#8
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/golang.org/x/crypto-0.52.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 23, 2026

Copy link
Copy Markdown
Contributor

Bumps golang.org/x/crypto from 0.50.0 to 0.52.0.

Commits
  • a1c0d99 go.mod: update golang.org/x dependencies
  • 3c7c869 ssh: fix deadlock on unexpected channel responses
  • 533fb3f ssh: fix source-address critical option bypass
  • abbc44d ssh: fix incorrect operator order
  • e052873 ssh: fix infinite loop on large channel writes due to integer overflow
  • b61cf85 ssh: enforce user presence verification for security keys
  • 9c2cd33 ssh: enforce strict limits on DSA key parameters
  • 8907318 ssh: reject RSA keys with excessively large moduli
  • ffd87b4 ssh: fix panic when authority callbacks are nil
  • 4e7a738 ssh: fix deadlock on unexpected global responses
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels May 23, 2026
Jason-Shen2 added a commit that referenced this pull request May 24, 2026
…onRepo

Task #8 of the Option D rearchitecture (agent loop in Electron main).
Wires the crest integration layer on top of the pi source committed
in 2a4945b: pane gets a session via pi's JsonlSessionRepo, the
session is bound to its creation cwd, each send refreshes the system
prompt with the latest pane cwd via a minimal PaneHarness adapter.

Design lock-in
  docs/agent-runtime-architecture.md (397 lines, 10 sections):
    §3 — why pi as foundation and the "pi design wins by default"
          posture (codified after one wrong-shaped runtime.ts iteration)
    §4 — session model + cwd-grouped JSONL storage (warp vs pi compared)
    §5 — pane ↔ session binding via block.meta["agent:session"]
    §6 — pane lifecycle (open / first send / restart / cross-pane)
    §7 — decisions log, 10 entries each with reasoning
    §9 — pi file refs + warp file:line citations

Schema (Go + generated TS)
  pkg/waveobj/wtypemeta.go: AgentChatID dropped, AgentSessionMeta added.
  AgentSessionMeta = {id, createdAt, cwd, path} — structurally a subset
  of pi's JsonlSessionMetadata so round-trip is identity. createdAt is
  camelCase (Y1 exception, doc §7.2); rest of crest stays lowercase
  until task #15 migrates project-wide.
  pkg/waveobj/metaconsts.go regenerated via task generate.

emain/agent integration layer (219 LOC non-test, target was <250)
  sessions.ts (108 lines):
    - getSessionsRepo() — process-wide JsonlSessionRepo singleton
    - createPaneSession(cwd) — mints fresh session, returns metadata
      shape that goes straight into block.meta
    - openPaneSession(metadata) — re-opens by AgentSessionMeta
    - listSessionsForCwd(cwd) — backs the future "resume recent" banner
    - defaultSessionsDir() — mirrors Go's GetWaveConfigDir resolution
  build-system-prompt.ts (40 lines):
    - buildSystemPrompt(SystemPromptInputs) → string
    - Composes base instruction + cwd + git branch + connection +
      last 5 cmds. Called per turn via AgentHarness function-form
      systemPrompt so cwd updates between sends are reflected.
  harness-factory.ts (71 lines):
    - buildPaneHarness({session, model, ...}) → {harness, update(inputs)}
    - The PaneHarness is a 30-line adapter that exposes the env.cwd
      mutation seam pi leaves implicit. NOT a runtime wrapper —
      subscribe/prompt/abort/message storage are direct AgentHarness
      usage. update() refreshes env.cwd + the system-prompt closure
      so warp-style "session stays put, exchange carries latest cwd"
      semantics work.

terminal-view.tsx — chatId persistence reverted to in-memory useMemo
  The earlier persistence path referenced agent:chatid in block.meta,
  which is now removed from the schema. The legacy useChat + Go-backend
  path stays alive until task #12 (usePiChat); in the meantime an
  in-memory UUID is enough.

_spike.ts — rewritten to drive AgentHarness through a real session
  Mints sessions into a tmp dir (does not pollute real config home),
  builds PaneHarness with model + cwd + git, subscribes via
  AgentHarness.subscribe (not .on() — that one is reserved for
  AgentHarness-OWN hooks), runs prompt(), prints event tally + final
  stopReason + persisted JSONL line count.

Tests
  emain/agent/sessions.test.ts — 15 tests:
    - 6 session round-trip cases (mint, header, reopen, list, empty)
    - 1 shape-conformance (AgentSessionMeta ≡ JsonlSessionMetadata)
    - 3 defaultSessionsDir env resolution branches
    - 5 buildSystemPrompt rendering cases (cwd-only, git, connection,
      cmd cap, no-cmds)
  No tests touch LLM providers. Full suite: 126/126 pass (was 111
  pre-#8; +15 here; -16 from the earlier wrong-shaped runtime.test.ts
  that was deleted in the reset).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Jason-Shen2 added a commit that referenced this pull request May 24, 2026
Mark tasks #8#13 complete with their commit hashes and document the
post-#13 surface: all AI state and IO now lives in TS (emain/aiconfig/
+ emain/agent/), with the Go side retaining only general-purpose
secret writes via SetSecretsCommand.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.50.0 to 0.52.0.
- [Commits](golang/crypto@v0.50.0...v0.52.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-version: 0.52.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title chore(deps): Bump golang.org/x/crypto from 0.50.0 to 0.52.0 chore(deps): bump golang.org/x/crypto from 0.50.0 to 0.52.0 Jun 7, 2026
@dependabot dependabot Bot force-pushed the dependabot/go_modules/golang.org/x/crypto-0.52.0 branch from 3d6f7cc to eae8dc4 Compare June 7, 2026 10:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file go Pull requests that update go code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants