chore(release): 5.0.5 — update pro submodule with 5 new squads

[rafaelscosta]

Summary

Atualiza o submódulo pro para o HEAD atual do aiox-pro e bumpa versão para 5.0.5.

Context

O submódulo pro estava pinado no commit órfão c90d421f165dc037eeccf13d276300def12c1cf2, que não existe mais no repo aiox-pro (provavelmente removido por force-push/rebase). Usuários reportaram que 5 squads não chegavam via npx aiox-core install.

Changes

• Submódulo pro: atualizado para HEAD atual do aiox-pro/main (8f16e8e)
• Squads adicionados (agora no tarball publicado):
  • db-sage
  • spy
  • storytelling
  • claude-code-mastery
  • aiox-sop
• Total de squads no pro/squads/: 12 (antes: 3)
• Versão: 5.0.4 → 5.0.5

Test Plan

• CI passa (8 status checks)
• Após merge e publish: npm view aiox-core version retorna 5.0.5
• npm pack aiox-core@5.0.5 contém os 5 squads em pro/squads/
• Teste de instalação: npx aiox-core@5.0.5 install entrega os 12 squads

Release

Após merge, rodarei npm publish --access public manualmente.

🤖 Generated with Claude Code

Summary by CodeRabbit

• Bug Fixes

  • Resolved installer issue where five Pro squads were missing after install.

• New Features / Updates

  • Pro now reports full squad availability (12 squads).
  • Installer/wizard improvements: clearer AIOX Pro messaging, email/password fallback flow, more robust machine-id handling, and persistent license caching.

• Chores

  • Bumped package version to v5.0.7 and added changelog entry (5.0.5).
  • CI/workflow and publish validation tightened to enforce Pro submodule presence.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
aiox-core	Ready	Preview, Comment	Apr 15, 2026 9:35pm

[coderabbitai]

Walkthrough

Bump package to 5.0.7, advance pro submodule to a new commit, update installer wizard i18n and pro-loading/activation logic (machine-id, cache persistence, fallback auth), add tests for these flows, CI/workflow and publish-validation updates, and record a changelog entry for 5.0.5. (≤50 words)

Changes

Cohort / File(s)	Summary
Release & manifest CHANGELOG.md, package.json, .aiox-core/install-manifest.yaml	Added changelog entry 5.0.5; bumped package aiox-core version 5.0.3 → 5.0.7; updated install manifest version and generated_at.
Pro submodule pro	Advanced pro git submodule from c90d421f... → 8f16e8e4... (pro now lists 12 squads; notes fix for missing squads after npx aiox-core install).
Installer i18n packages/installer/src/wizard/i18n.js	Added proLicenseCacheFailed translations; replaced @aiox-fullstack/pro phrasing with “AIOX Pro” and updated CLI guidance to npx aiox-pro install (EN/PT/ES).
Pro wizard & loaders packages/installer/src/wizard/pro-setup.js	Significant functional changes: refined module resolution (multiple scopes/absolute paths), added tryRequire, generateMachineId, loadLicenseCache, persistLicenseCache, ensureKeyValidationParity, fallbackAuthWithoutBuyerCheck, adjusted InlineLicenseClient.activate path, updated activation/validation flows, persisted license cache after activation, and exported new _testing helpers.
CI / publish validation .github/workflows/npm-publish.yml, .github/workflows/release.yml, bin/utils/validate-publish.js, scripts/validate-package-completeness.js, tests/cli/validate-publish.test.js	Checkout now uses secrets.PRO_SUBMODULE_TOKEN and submodules: recursive; added AIOX_ENFORCE_PUBLISH_SUBMODULES gate; validate-publish/enforcer and tarball completeness now require Pro assets (pro/license/license-api.js, pro/squads/, pro/pro-config.yaml); tests updated accordingly.
Tests — installer & pro wizard tests/installer/pro-setup-auth.test.js, tests/pro-wizard.test.js	Added/expanded tests for fallback auth flow, machine-id compatibility, license-cache persistence, and InlineLicenseClient activation path; assert new _testing helpers exist.
Tests — module isolation tests/core/health-check/check-registry.test.js, tests/synapse/synapse-memory-provider.test.js, tests/integration/pipeline-memory-integration.test.js, tests/synapse/engine.test.js, tests/cli/validate-publish.test.js	Refactored many tests to use per-test module isolation (jest.resetModules() + jest.isolateModules()/jest.doMock()), removing file-level static mocks and improving test isolation.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  participant User
  participant Wizard
  participant ProModule as Pro module / scaffolder
  participant LicenseAPI as License API / client
  participant FS as Filesystem / cache

  User->>Wizard: start Pro activation (email or auth)
  Wizard->>ProModule: try load pro module (probe scopes/paths)
  alt pro module loaded
    Wizard->>LicenseAPI: getLicenseClient() from pro module
  else not found
    Wizard->>LicenseAPI: use inline/bundled license client
  end
  Wizard->>LicenseAPI: activateByAuth / validate(key, machineId)
  LicenseAPI-->>Wizard: activationResult / validationResult
  Wizard->>Wizard: ensureKeyValidationParity(activationResult, machineId)
  Wizard->>FS: persistLicenseCache(targetDir, normalizedActivation)
  FS-->>Wizard: success / failure
  alt cache persisted
    Wizard->>ProModule: locate pro scaffold (squads across scopes)
    Wizard->>FS: install scaffold files
    FS-->>Wizard: install complete
    Wizard-->>User: success
  else cache failed
    Wizard-->>User: abort with proLicenseCacheFailed
  end

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related PRs

• fix: replace deprecated glob with fast-glob and fix pro bootstrap #560: Related changes to how the license/pro client is loaded and installer fallback behavior.
• docs(pro): rebrand AIOS → AIOX in pro READMEs #558: Also advances the pro submodule reference.
• fix: include pro/squads in npm tarball for pro scaffold #562: Addresses packaging/inclusion of pro/squads and related scaffold/install fixes.

Suggested labels

released

Suggested reviewers

• oalanicolas
• Pedrovaleriolopez

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 77.78% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main change: updating the pro submodule with 5 new squads for the 5.0.5 release.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch release/5.0.5

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

📊 Coverage Report

Coverage report not available

📈 Full coverage report available in Codecov

---

Generated by PR Automation (Story 6.1)

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

CHANGELOG.md (1)

12-12: Prefer pinning the exact submodule commit in changelog text.

“latest aiox-pro HEAD” is ambiguous over time. For release auditability, include the exact commit hash directly in this line.

Suggested wording

-- Update `pro` submodule pointer to latest aiox-pro HEAD (previously orphaned on commit c90d421).
+- Update `pro` submodule pointer from `c90d421` to `8f16e8e` (aiox-pro main at release time).

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@CHANGELOG.md` at line 12, Replace the ambiguous phrase "latest aiox-pro HEAD"
in the CHANGELOG entry that currently reads "Update `pro` submodule pointer to
latest aiox-pro HEAD (previously orphaned on commit c90d421)" with the exact
commit SHA that was used (e.g., "Update `pro` submodule pointer to
aiox-pro@<full-commit-sha> (previously orphaned on commit c90d421)"), ensuring
the full 40‑char commit hash is included so the changelog pins the precise
submodule commit for auditability.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@pro`:
- Line 1: The Pro Integration CI job fails when running the Jest command "jest
--roots pro/" if the pro/ submodule contains no tests; update the CI job
configuration for the Pro Integration step (the job running the "jest --roots
pro/" command) to tolerate empty test suites by adding the Jest flag
--passWithNoTests to the command, or alternatively ensure the pro/ submodule
includes at least one test file (e.g., add a minimal placeholder test under
pro/) so that "jest --roots pro/" finds tests.

---

Nitpick comments:
In `@CHANGELOG.md`:
- Line 12: Replace the ambiguous phrase "latest aiox-pro HEAD" in the CHANGELOG
entry that currently reads "Update `pro` submodule pointer to latest aiox-pro
HEAD (previously orphaned on commit c90d421)" with the exact commit SHA that was
used (e.g., "Update `pro` submodule pointer to aiox-pro@<full-commit-sha>
(previously orphaned on commit c90d421)"), ensuring the full 40‑char commit hash
is included so the changelog pins the precise submodule commit for auditability.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 705ca4a0-045a-493e-aa2e-96fb05e41f37

📥 Commits

Reviewing files that changed from the base of the PR and between 0df1e25 and dbcc216.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (3)

• CHANGELOG.md
• package.json
• pro

[rafaelscosta]

@coderabbitai resolve

[coderabbitai]

✅ Actions performed

Comments resolved and changes approved.

Nitpick addressed in commit 0802518 — changelog now pins exact submodule commit hashes as requested.

[coderabbitai]

Actionable comments posted: 3

🧹 Nitpick comments (1)

packages/installer/src/wizard/pro-setup.js (1)

558-569: Consider tightening validation result check.

Line 561 uses validationResult.valid !== false which accepts undefined, null, or any truthy value. If the API contract guarantees valid: true on success, consider validationResult.valid === true for stricter validation. Otherwise, the current permissive check is acceptable if the API may omit the valid field on success.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@packages/installer/src/wizard/pro-setup.js` around lines 558 - 569, The
validation currently treats any non-false `validationResult.valid` as success;
change the conditional in the client.validate result handling to require an
explicit true by replacing the `validationResult && validationResult.valid !==
false` check with `validationResult && validationResult.valid === true` so only
explicit successful responses call `mergeActivation(validationResult)` (refer to
client.validate, validationResult, mergeActivation, activationResult.key,
machineId).

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@tests/core/health-check/check-registry.test.js`:
- Around line 8-13: The BUILT_IN_CHECK_MODULES array contains relative module
paths (starting with ../../../.aiox-core/core/health-check/checks/...) that must
be converted to repository-standard absolute import specifiers; replace each
relative string in BUILT_IN_CHECK_MODULES with the corresponding absolute module
path (for example use core/health-check/checks/project,
core/health-check/checks/local, core/health-check/checks/repository,
core/health-check/checks/deployment, core/health-check/checks/services or your
repo's package-scoped equivalents) and update the other doMock/require usages in
the same test file that currently use ../../../... (the two additional
occurrences noted in the review) so all mocks/requires use the same absolute
import strings.

In `@tests/synapse/synapse-memory-provider.test.js`:
- Around line 23-31: Update the two relative imports used in the test mock and
module require to the project's absolute import scheme: replace the
'../../pro/memory/memory-loader' specifier in the jest.doMock call (which
returns MemoryLoader and uses mockQueryMemories) and the
'../../.aiox-core/core/synapse/memory/synapse-memory-provider' specifier used
inside jest.isolateModules/require (assigned to loadedModule) with their
corresponding absolute module paths used elsewhere in the repo; ensure the
jest.doMock key matches the absolute package path and the require(...) uses the
same absolute import so mocks resolve correctly.
- Around line 45-50: The module export tests fail in isolation because
BRACKET_CONFIG, AGENT_SECTOR_PREFERENCES, DEFAULT_SECTORS and
SynapseMemoryProvider are only initialized in the other suite's beforeEach; add
a beforeEach inside describe('module exports') that calls loadProviderModule()
and destructures/assigns ({ SynapseMemoryProvider, AGENT_SECTOR_PREFERENCES,
BRACKET_CONFIG, DEFAULT_SECTORS } = loadProviderModule()) so the variables are
defined for those tests; also convert the relative imports at the top of the
test file (the imports used to load the provider/helper modules, e.g., the
module referenced by loadProviderModule and any helper imports) to absolute
import paths to comply with coding standards.

---

Nitpick comments:
In `@packages/installer/src/wizard/pro-setup.js`:
- Around line 558-569: The validation currently treats any non-false
`validationResult.valid` as success; change the conditional in the
client.validate result handling to require an explicit true by replacing the
`validationResult && validationResult.valid !== false` check with
`validationResult && validationResult.valid === true` so only explicit
successful responses call `mergeActivation(validationResult)` (refer to
client.validate, validationResult, mergeActivation, activationResult.key,
machineId).

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 459c33ad-cbf0-4b31-ae48-80243df649a3

📥 Commits

Reviewing files that changed from the base of the PR and between 0802518 and e8e9a80.

📒 Files selected for processing (6)

• .aiox-core/install-manifest.yaml
• packages/installer/src/wizard/i18n.js
• packages/installer/src/wizard/pro-setup.js
• tests/core/health-check/check-registry.test.js
• tests/installer/pro-setup-auth.test.js
• tests/synapse/synapse-memory-provider.test.js

✅ Files skipped from review due to trivial changes (1)

• .aiox-core/install-manifest.yaml

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Replace relative module paths with absolute imports.

These new doMock/require paths use ../../../...; please switch them to absolute paths to match repo standards.

Proposed fix

+const path = require('path');
+const CORE_HEALTH_CHECK_ROOT = path.resolve(process.cwd(), '.aiox-core/core/health-check');
+
 const BUILT_IN_CHECK_MODULES = [
-  '../../../.aiox-core/core/health-check/checks/project',
-  '../../../.aiox-core/core/health-check/checks/local',
-  '../../../.aiox-core/core/health-check/checks/repository',
-  '../../../.aiox-core/core/health-check/checks/deployment',
-  '../../../.aiox-core/core/health-check/checks/services',
+  `${CORE_HEALTH_CHECK_ROOT}/checks/project`,
+  `${CORE_HEALTH_CHECK_ROOT}/checks/local`,
+  `${CORE_HEALTH_CHECK_ROOT}/checks/repository`,
+  `${CORE_HEALTH_CHECK_ROOT}/checks/deployment`,
+  `${CORE_HEALTH_CHECK_ROOT}/checks/services`,
 ];
@@
   let loadedModules;
   jest.isolateModules(() => {
-    const baseCheck = require('../../../.aiox-core/core/health-check/base-check');
-    const CheckRegistry = require('../../../.aiox-core/core/health-check/check-registry');
+    const baseCheck = require(`${CORE_HEALTH_CHECK_ROOT}/base-check`);
+    const CheckRegistry = require(`${CORE_HEALTH_CHECK_ROOT}/check-registry`);
     loadedModules = { ...baseCheck, CheckRegistry };
   });

As per coding guidelines, **/*.{js,jsx,ts,tsx}: Use absolute imports instead of relative imports in all code.

Also applies to: 25-26

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@tests/core/health-check/check-registry.test.js` around lines 8 - 13, The
BUILT_IN_CHECK_MODULES array contains relative module paths (starting with
../../../.aiox-core/core/health-check/checks/...) that must be converted to
repository-standard absolute import specifiers; replace each relative string in
BUILT_IN_CHECK_MODULES with the corresponding absolute module path (for example
use core/health-check/checks/project, core/health-check/checks/local,
core/health-check/checks/repository, core/health-check/checks/deployment,
core/health-check/checks/services or your repo's package-scoped equivalents) and
update the other doMock/require usages in the same test file that currently use
../../../... (the two additional occurrences noted in the review) so all
mocks/requires use the same absolute import strings.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Replace relative module specifiers with absolute imports.

Line 23 and Line 31 use relative paths (../../...), which violates the repository import rule for JS/TS files. Please switch these to the project’s absolute import scheme used elsewhere.

As per coding guidelines, **/*.{js,jsx,ts,tsx}: Use absolute imports instead of relative imports in all code.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@tests/synapse/synapse-memory-provider.test.js` around lines 23 - 31, Update
the two relative imports used in the test mock and module require to the
project's absolute import scheme: replace the '../../pro/memory/memory-loader'
specifier in the jest.doMock call (which returns MemoryLoader and uses
mockQueryMemories) and the
'../../.aiox-core/core/synapse/memory/synapse-memory-provider' specifier used
inside jest.isolateModules/require (assigned to loadedModule) with their
corresponding absolute module paths used elsewhere in the repo; ensure the
jest.doMock key matches the absolute package path and the require(...) uses the
same absolute import so mocks resolve correctly.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail

FILE="$(fd -i 'synapse-memory-provider.test.js' | head -n1)"
echo "Inspecting: $FILE"

# Verify where shared bindings are declared and assigned.
rg -n -C2 "let (SynapseMemoryProvider|AGENT_SECTOR_PREFERENCES|BRACKET_CONFIG|DEFAULT_SECTORS)" "$FILE"
rg -n -C3 "beforeEach\\(|describe\\('SynapseMemoryProvider'|describe\\('module exports'" "$FILE"
rg -n -C2 "\\}= loadProviderModule\\(\\)" "$FILE"

Repository: SynkraAI/aiox-core

Length of output: 930

---

🏁 Script executed:

# Read the full test file to verify the issues
FILE="$(fd -i 'synapse-memory-provider.test.js')"
wc -l "$FILE"
head -n 65 "$FILE"
tail -n +255 "$FILE" | head -n 25

Repository: SynkraAI/aiox-core

Length of output: 2933

---

Initialize module exports tests independently to prevent isolation failures.

The shared constants (BRACKET_CONFIG, AGENT_SECTOR_PREFERENCES, DEFAULT_SECTORS) are loaded only in describe('SynapseMemoryProvider')'s beforeEach() at lines 45–50. When describe('module exports') runs in isolation (e.g., with --testNamePattern), these variables remain undefined, causing test failures.

Add a beforeEach() to the describe('module exports') suite to load the module:

Fix

 describe('module exports', () => {
+  beforeEach(() => {
+    ({
+      AGENT_SECTOR_PREFERENCES,
+      BRACKET_CONFIG,
+      DEFAULT_SECTORS,
+    } = loadProviderModule());
+  });
+
   test('BRACKET_CONFIG has MODERATE, DEPLETED, CRITICAL', () => {

Also convert relative imports to absolute at lines 23 and 31 per coding standards.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@tests/synapse/synapse-memory-provider.test.js` around lines 45 - 50, The
module export tests fail in isolation because BRACKET_CONFIG,
AGENT_SECTOR_PREFERENCES, DEFAULT_SECTORS and SynapseMemoryProvider are only
initialized in the other suite's beforeEach; add a beforeEach inside
describe('module exports') that calls loadProviderModule() and
destructures/assigns ({ SynapseMemoryProvider, AGENT_SECTOR_PREFERENCES,
BRACKET_CONFIG, DEFAULT_SECTORS } = loadProviderModule()) so the variables are
defined for those tests; also convert the relative imports at the top of the
test file (the imports used to load the provider/helper modules, e.g., the
module referenced by loadProviderModule and any helper imports) to absolute
import paths to comply with coding standards.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (4)

packages/installer/src/wizard/pro-setup.js (1)

351-352: Use an absolute path for framework-dev module loading.

Line 351 builds a relative require path (../../../../...). Prefer resolving it to an absolute path (for example with path.resolve(__dirname, ...)) to comply with the JS import rule and avoid path-base ambiguity.

As per coding guidelines "**/*.{js,jsx,ts,tsx}: Use absolute imports instead of relative imports in all code".

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@packages/installer/src/wizard/pro-setup.js` around lines 351 - 352, Replace
the relative require path used to load the pro license module by resolving an
absolute filesystem path: instead of building frameworkPath as
`../../../../pro/license/${moduleName}` and calling `tryRequire(frameworkPath)`,
use Node's path resolution (e.g. `path.resolve(__dirname, '...','pro','license',
moduleName)`) to compute an absolute path and pass that to `tryRequire`; update
any references to `frameworkPath`/`frameworkModule` accordingly and ensure
`path` is imported at the top of pro-setup.js if not already.

tests/integration/pipeline-memory-integration.test.js (1)

21-24: Use absolute imports in the new test module loading paths.

Line 21 and Line 39–40 introduce new relative import paths. Please switch these to the project’s absolute import style for JS files.

As per coding guidelines "**/*.{js,jsx,ts,tsx}: Use absolute imports instead of relative imports in all code".

Also applies to: 39-40

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@tests/integration/pipeline-memory-integration.test.js` around lines 21 - 24,
Replace the relative test import paths with the project’s absolute import style:
change the jest.mock('../../bin/utils/pro-detector', ...) call to use the
repository’s absolute module path (the same absolute import convention used
elsewhere in JS files) and likewise update the two other relative imports
referenced at lines 39–40 to their absolute equivalents; update the string
module specifiers only (keep the jest.mock and jest.fn usage intact) so
require/resolution uses the project’s absolute import paths.

tests/synapse/engine.test.js (1)

122-124: Align loadEngineModules() imports with absolute import convention.

Line 122–124 currently use relative require(...) paths. Please convert these to absolute imports to match the repository JS standard.

As per coding guidelines "**/*.{js,jsx,ts,tsx}: Use absolute imports instead of relative imports in all code".

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@tests/synapse/engine.test.js` around lines 122 - 124, Replace the relative
requires in the test with the project's absolute import module names: change the
require calls that assign SynapseEngine, PipelineMetrics, PIPELINE_TIMEOUT_MS,
contextTracker, and formatter so they import from the absolute packages used by
the repo (e.g., the core synapse engine and context/output modules) rather than
'../../.aiox-core/...'; update the require(...) module specifiers for
SynapseEngine/PipelineMetrics/PIPELINE_TIMEOUT_MS, contextTracker, and formatter
to their corresponding absolute module paths so the test follows the
repository's absolute-import convention.

bin/utils/validate-publish.js (1)

60-72: Consider validating additional Pro assets for consistency.

scripts/validate-package-completeness.js requires pro/squads/ and pro/pro-config.yaml in addition to pro/license/license-api.js. This script only validates the license file. While the tarball check catches missing assets, adding these checks here would provide earlier feedback.

♻️ Optional: Add additional Pro asset checks

 // Check 2: Critical file exists
 if (!fs.existsSync(CRITICAL_FILE)) {
   if (IS_CI && !ENFORCE_SUBMODULES) {
     console.log('SKIP: pro/license/license-api.js not available (CI — private submodule)');
   } else {
     console.error('FAIL: pro/license/license-api.js not found.');
     console.error('  This is a critical file required for Pro license validation.');
     console.error('  Fix: git submodule update --init --recursive pro');
     passed = false;
   }
 } else {
   console.log('PASS: pro/license/license-api.js exists');
 }
+
+// Check 2b: Pro squads directory exists
+const PRO_SQUADS_DIR = path.join(PRO_DIR, 'squads');
+if (fs.existsSync(PRO_DIR) && fs.readdirSync(PRO_DIR).filter(e => e !== '.git').length > 0) {
+  if (!fs.existsSync(PRO_SQUADS_DIR)) {
+    console.error('FAIL: pro/squads/ directory not found.');
+    passed = false;
+  } else {
+    console.log('PASS: pro/squads/ directory exists');
+  }
+}

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@bin/utils/validate-publish.js` around lines 60 - 72, Add existence checks for
the other required Pro assets used by scripts/validate-package-completeness.js:
verify pro/squads/ (directory) and pro/pro-config.yaml (file) alongside the
existing CRITICAL_FILE check; reuse the same CI skip logic (IS_CI &&
!ENFORCE_SUBMODULES) and error handling (console.error messages, guidance to run
git submodule update, and set passed = false) and print a PASS message when each
asset exists so the script fails early and consistently if those assets are
missing.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@packages/installer/src/wizard/pro-setup.js`:
- Around line 515-527: persistLicenseCache() currently treats key === 'existing'
as failure and doesn't handle IO exceptions; update the function so that the
sentinel returned by activateProByAuth() ("existing") is treated as a valid
successful activation (i.e., do not return an error for key === 'existing'), and
wrap the cacheModule.writeLicenseCache(...) call in a try/catch to handle and
return a { success: false, error: ... } result on disk/IO failures instead of
letting exceptions bubble. Adjust logic around the key check and the
writeLicenseCache call in persistLicenseCache() so runProWizard() (which depends
on activateProByAuth() and persistLicenseCache()) correctly continues on
re-install success and receives a safe failure object on write errors.

---

Nitpick comments:
In `@bin/utils/validate-publish.js`:
- Around line 60-72: Add existence checks for the other required Pro assets used
by scripts/validate-package-completeness.js: verify pro/squads/ (directory) and
pro/pro-config.yaml (file) alongside the existing CRITICAL_FILE check; reuse the
same CI skip logic (IS_CI && !ENFORCE_SUBMODULES) and error handling
(console.error messages, guidance to run git submodule update, and set passed =
false) and print a PASS message when each asset exists so the script fails early
and consistently if those assets are missing.

In `@packages/installer/src/wizard/pro-setup.js`:
- Around line 351-352: Replace the relative require path used to load the pro
license module by resolving an absolute filesystem path: instead of building
frameworkPath as `../../../../pro/license/${moduleName}` and calling
`tryRequire(frameworkPath)`, use Node's path resolution (e.g.
`path.resolve(__dirname, '...','pro','license', moduleName)`) to compute an
absolute path and pass that to `tryRequire`; update any references to
`frameworkPath`/`frameworkModule` accordingly and ensure `path` is imported at
the top of pro-setup.js if not already.

In `@tests/integration/pipeline-memory-integration.test.js`:
- Around line 21-24: Replace the relative test import paths with the project’s
absolute import style: change the jest.mock('../../bin/utils/pro-detector', ...)
call to use the repository’s absolute module path (the same absolute import
convention used elsewhere in JS files) and likewise update the two other
relative imports referenced at lines 39–40 to their absolute equivalents; update
the string module specifiers only (keep the jest.mock and jest.fn usage intact)
so require/resolution uses the project’s absolute import paths.

In `@tests/synapse/engine.test.js`:
- Around line 122-124: Replace the relative requires in the test with the
project's absolute import module names: change the require calls that assign
SynapseEngine, PipelineMetrics, PIPELINE_TIMEOUT_MS, contextTracker, and
formatter so they import from the absolute packages used by the repo (e.g., the
core synapse engine and context/output modules) rather than
'../../.aiox-core/...'; update the require(...) module specifiers for
SynapseEngine/PipelineMetrics/PIPELINE_TIMEOUT_MS, contextTracker, and formatter
to their corresponding absolute module paths so the test follows the
repository's absolute-import convention.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 1c25e79d-2d13-4335-8833-5e0bfaf55b88

📥 Commits

Reviewing files that changed from the base of the PR and between e8e9a80 and b9bf103.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (12)

• .aiox-core/install-manifest.yaml
• .github/workflows/npm-publish.yml
• .github/workflows/release.yml
• bin/utils/validate-publish.js
• package.json
• packages/installer/src/wizard/pro-setup.js
• scripts/validate-package-completeness.js
• tests/cli/validate-publish.test.js
• tests/integration/pipeline-memory-integration.test.js
• tests/pro-wizard.test.js
• tests/synapse/engine.test.js
• tests/synapse/synapse-memory-provider.test.js

✅ Files skipped from review due to trivial changes (3)

• package.json
• .aiox-core/install-manifest.yaml
• tests/cli/validate-publish.test.js

🚧 Files skipped from review as they are similar to previous changes (1)

• tests/synapse/synapse-memory-provider.test.js

[coderabbitai]

⚠️ Potential issue | 🟠 Major

persistLicenseCache() currently turns successful reactivation into wizard failure and can throw uncaught.

Line 515–517 rejects key === 'existing', but activateProByAuth() explicitly returns that sentinel for re-install success (Line 1275). This causes runProWizard() to abort at Line 1633–1638 despite successful activation. Also, Line 519–527 doesn’t catch writeLicenseCache exceptions, so disk/IO failures can bubble and crash the flow.

💡 Proposed fix

 function persistLicenseCache(targetDir, licenseResult) {
@@
-  if (!key || key === 'existing') {
-    return { success: false, error: 'Activated license key not available for local cache persistence.' };
+  if (!key || key === 'existing') {
+    // Re-activation/no-op install path: do not hard-fail wizard
+    return { success: true, skipped: true };
   }
 
-  return cacheModule.writeLicenseCache({
-    key,
-    activatedAt: activationResult.activatedAt || new Date().toISOString(),
-    expiresAt: activationResult.expiresAt,
-    features: Array.isArray(activationResult.features) ? activationResult.features : [],
-    seats: activationResult.seats || { used: 1, max: 1 },
-    cacheValidDays: activationResult.cacheValidDays,
-    gracePeriodDays: activationResult.gracePeriodDays,
-  }, targetDir);
+  try {
+    return cacheModule.writeLicenseCache({
+      key,
+      activatedAt: activationResult.activatedAt || new Date().toISOString(),
+      expiresAt: activationResult.expiresAt,
+      features: Array.isArray(activationResult.features) ? activationResult.features : [],
+      seats: activationResult.seats || { used: 1, max: 1 },
+      cacheValidDays: activationResult.cacheValidDays,
+      gracePeriodDays: activationResult.gracePeriodDays,
+    }, targetDir);
+  } catch (error) {
+    return { success: false, error: error?.message || 'Failed to persist license cache.' };
+  }
 }

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@packages/installer/src/wizard/pro-setup.js` around lines 515 - 527,
persistLicenseCache() currently treats key === 'existing' as failure and doesn't
handle IO exceptions; update the function so that the sentinel returned by
activateProByAuth() ("existing") is treated as a valid successful activation
(i.e., do not return an error for key === 'existing'), and wrap the
cacheModule.writeLicenseCache(...) call in a try/catch to handle and return a {
success: false, error: ... } result on disk/IO failures instead of letting
exceptions bubble. Adjust logic around the key check and the writeLicenseCache
call in persistLicenseCache() so runProWizard() (which depends on
activateProByAuth() and persistLicenseCache()) correctly continues on re-install
success and receives a safe failure object on write errors.