From 624a3b6c8c0c64228a9ad672e858325823370264 Mon Sep 17 00:00:00 2001 From: Lakshman Patel Date: Tue, 14 Jul 2026 06:45:19 +0530 Subject: [PATCH 1/2] chore(ci): pin third-party actions to commit SHAs, pin jscpd version, remove log truncation Removing '| head -50' on deadcode/jscpd output was hiding failures past line 50. Pinning actions/checkout, actions/setup-node, docker/* actions to SHA digests guards against tag-mutation supply-chain attacks. --- .github/workflows/ci.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 2a6c01c..01e7ad0 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -174,7 +174,7 @@ jobs: - name: deadcode run: | go install golang.org/x/tools/cmd/deadcode@v0.45.0 - deadcode ./... 2>&1 | head -50 + deadcode ./... # ------------------------------------------------------------------------- # Duplication detection — jscpd. @@ -183,13 +183,13 @@ jobs: name: duplication runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - uses: actions/setup-node@v4 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: node-version: '20' - name: jscpd run: | - npx jscpd --min-lines 5 --min-tokens 50 --reporters console --blame . 2>&1 | head -50 + npx --yes jscpd@5.0.12 --min-lines 5 --min-tokens 50 --reporters console --blame . # ------------------------------------------------------------------------- # Cross-platform build matrix — only for repos that produce a binary. From 760afee7846b38b7ac6852ef8ae4ae048910635b Mon Sep 17 00:00:00 2001 From: Lakshman Patel Date: Tue, 14 Jul 2026 07:22:39 +0530 Subject: [PATCH 2/2] chore(contracts): sync api/openapi.yaml snapshot to hawk HEAD (12a595a) --- api/openapi.yaml | 36 ++++++++++++++++++++++++++++-------- 1 file changed, 28 insertions(+), 8 deletions(-) diff --git a/api/openapi.yaml b/api/openapi.yaml index 5ef4bf5..4356670 100644 --- a/api/openapi.yaml +++ b/api/openapi.yaml @@ -43,7 +43,9 @@ components: description: The user prompt to send to the agent session_id: type: string - description: Reserved for session continuation (currently ignored; every chat creates a fresh engine session) + maxLength: 128 + pattern: '^[A-Za-z0-9._-]+$' + description: Durable session ID to continue. The session must already exist; successful continuation returns the same ID. model: type: string description: Optional model override @@ -55,10 +57,10 @@ components: description: Autonomy preset controlling non-interactive permission approval cwd: type: string - description: Working directory for the agent session + description: Existing directory associated with session metadata. The daemon executes tools from its startup working directory; it never performs a process-wide chdir per request. agent: type: string - description: Named agent persona to run + description: Named Hawk agent persona to apply. Continuations inherit the persisted persona when omitted. ChatResponse: type: object @@ -79,7 +81,7 @@ components: Session: type: object - description: Lightweight in-memory record of a daemon chat session. + description: Lightweight active record for a durably persisted daemon chat session. properties: id: type: string @@ -93,6 +95,8 @@ components: type: integer cwd: type: string + agent: + type: string SessionDetail: type: object @@ -110,6 +114,8 @@ components: type: string provider: type: string + agent: + type: string cwd: type: string name: @@ -277,8 +283,9 @@ paths: tags: [system] summary: Readiness probe description: | - Returns 200 when the daemon can serve chat (engine configured), - 503 with a reason otherwise. + Returns 200 only when a session factory is configured and Eyrie's local + preflight confirms provider state, catalog, credentials, and model + selection are ready. Returns 503 with the failed dependency otherwise. security: [] responses: "200": @@ -301,8 +308,10 @@ paths: description: | Non-streaming: returns the full response in one JSON object. Streaming: send `Accept: text/event-stream` to receive Server-Sent Events. - Each request creates a new agent session; there is no standalone - session-creation endpoint. + Omit `session_id` to create and durably persist a new session. Supply a + previously returned `session_id` to load its transcript, append a turn, + and update that same durable session. The returned JSON field and the + `X-Hawk-Session-ID` header identify a retrievable `/v1/sessions/{id}`. requestBody: required: true content: @@ -312,6 +321,11 @@ paths: responses: "200": description: Agent response (or SSE stream) + headers: + X-Hawk-Session-ID: + description: Durable session ID created or continued by this request. + schema: + type: string content: application/json: schema: @@ -331,6 +345,12 @@ paths: application/json: schema: $ref: "#/components/schemas/Error" + "404": + description: Requested continuation session does not exist + content: + application/json: + schema: + $ref: "#/components/schemas/Error" "503": description: Engine not configured content: