Created
Jul 04, 01:33
Started
Jul 04, 02:20
Completed
Jul 04, 04:58
DevOps handoff
Type
Chore
Shape
library
Worktree Slug
extract-shared-agent-api-client
Repositories
mcritchie-studio
Release Slug
—
Branch
feat/extract-shared-agent-api-client
Local URL
—
QA URL
—
Production URL
—
Acceptance Criteria
Expected Test Plan
Checks Run
Agent Context
REFACTOR noticed during the insights audit (2026-07-03). bin/atomic-event, bin/session-insights, and bin/atomic-capture-hook each RE-IMPLEMENT the same agent-API boilerplate: ~4 token methods (mint via /api/v1/auth, read/write the shared token.json cache, agent_secret via ENV then 1Password op read then repo .env) and 3-5 HTTP methods (http_json, http_request, base_url from ATOMIC_CAPTURE_URL) plus present?/projects_dir. Extract a shared bin/lib/agent_api.rb (an AgentApi client: token + http_json/http_get + base_url) that the three collapse onto. The insights session already established the bin-lib pattern with bin/lib/repo_root.rb, so follow that shape. IMPORTANT SEQUENCING: WAIT for the in-flight insight-pipeline work (which edits session-insights + atomic-capture-hook, currently uncommitted in the primary / on feat/feed-banked-insights-forward) to LAND first — this refactor overlaps those files. Then extract. Tests: the existing atomic_event_cli_test, session_insights_test, atomic_capture_hook_test must stay green (behavior-preserving).
Stage Timeline
Who handled each stage, the time it took (measured), and the model / tokens / cost reported (best-effort) — plus who's on it right now. — means the agent didn't report that metric.
Conversation
QA review feedback, agent handoffs, and follow-up notes for this task.
PR #353 open into release. Three bin scripts collapsed onto shared bin/lib/agent_api.rb (repo_root bin-lib shape). Behavior-preserving: per-script timeouts (2/5, 2/4, 1/2) parameterized + pinned by unit test; 401 policy stays with callers. Drive-by: restored missing exec bit on bin/session-insights (was committed 644 — documented SessionStart wiring would permission-deny). Full suite certified at 770502303cf2, dor-check green. Task URL: https://mcritchie.studio/tasks/extract-shared-agent-api-client
Scout report: merge-ready - No blockers found. Shared AgentApi preserves the token/cache/base-url/HTTP behavior for the three bin clients, focused tests and CI are green, and merge safety is clean. Reporter: alex Outcome: merge-ready Findings: - Acceptance: bin/lib/agent_api.rb owns token mint/cache, secret env->1Password->.env fallback, base_url, and bearer JSON helpers; bin/atomic-event, bin/session-insights, and bin/atomic-capture-hook all delegate to it. - Behavior preserved: per-script timeout differences remain parameterized (2/5, 2/4, 1/2), atomic-event and capture-hook still invalidate cached tokens on 401, and session-insights still avoids invalidation and fails silent. - Merge safety: PR #353 targets release at head 57458640, GitHub mergeStateStatus is CLEAN, no open release PR touches these files, prior feed-banked-insights-forward work is already merged, and the local wire-bank same-file overlap merge-trees cleanly. Questions: - none Checks: - [local] bin/rails test test/lib/agent_api_test.rb test/lib/atomic_event_cli_test.rb test/lib/session_insights_test.rb test/lib/atomic_capture_hook_test.rb - 96 runs, 371 assertions, 0 failures. - [local] bin/rails test test/lib/agent_api_test.rb - 14 runs, 37 assertions, 0 failures. - [local] bin/rubocop bin/atomic-capture-hook bin/atomic-event bin/lib/agent_api.rb bin/session-insights test/lib/agent_api_test.rb - 5 files, no offenses. - [gate] bin/dor-check extract-shared-agent-api-client - DoR-to-Merge met for library shape; unit/integration tiers plus full-suite/rubocop certification present. - [ci] gh pr checks 353 - scan_ruby, scan_js, lint, and test all pass on current head 57458640.
Scout report: merge-ready - Primary review: acceptance met, focused tests/DoR/CI green, no blockers; recommend Avi proceed merge-ready. Reporter: carl Outcome: merge-ready Findings: - Blockers: none. Shared AgentApi preserves token cache, secret order, base URL, timeout divergence, and caller-owned 401 policy across atomic-event/session-insights/atomic-capture-hook. - Non-blocker: AgentApi#http_json(:unsupported) raises KeyError before nil-on-failure handling, but current callers only use :get/:post and caller wrappers rescue; optional hardening later. - Merge safety: no open release PR overlaps PR #353 files; two local unsubmitted branches touch related bin scripts but merge-tree auto-merges and should re-test if submitted later. Questions: - none Checks: - GitHub PR #353 targets release, head 57458640, mergeState CLEAN/MERGEABLE; scan_ruby, scan_js, lint, and test checks pass. - ruby -Itest combined agent_api/atomic_event/session_insights/atomic_capture_hook tests: 96 runs, 372 assertions, 0 failures. - bin/rubocop on the five changed files: 5 files inspected, no offenses. - bin/dor-check extract-shared-agent-api-client: DoR-to-Merge met for library shape; full suite + rubocop certified at 770502303cf2.
Avi Heartbeat moved extract-shared-agent-api-client to reviewed after carl + alex reported merge-ready. Left for Steffon QA. Reports: - carl: merge-ready - Primary review: acceptance met, focused tests/DoR/CI green, no blockers; recommend Avi proceed merge-ready. - alex: merge-ready - No blockers found. Shared AgentApi preserves the token/cache/base-url/HTTP behavior for the three bin clients, focused tests and CI are green, and merge safety is clean.
PRIMARY review (Carl) — ALL-CLEAR, post-merge straggler review vs origin/release. (1) Divergences intact: timeouts 2/5 (atomic-event), 2/4 (session-insights), 1/2 (capture-hook), pinned by agent_api_test; 401 invalidation only in atomic-event + capture-hook, session-insights deliberately never invalidates; :get/:post superset changed no call site. (2) Secret/token handling byte-equivalent: same token.json cache path + 300s margin, same ENV -> op read -> repo .env order, no secret printed; bin/lib REPO_ROOT anchor resolves identically to old bin/ anchor incl worktree branch. (3) Drive-bys scope-clean: session-insights exec-bit restore matches documented 100755 contract (atomic-capture-hook.md:259); dropped requires verified truly unused on release (no Digest/URI/Net::HTTP left). (4) Sequencing confirmed: extraction 57458640 built on top of 12e9d23a/58bbd667/9b98b37e/6481f708; agent_api.rb unchanged since; PR 357 later edits preserved the divergences. (5) All four lib test files green against an origin/release export: 96 runs/372 asserts/0 failures; three existing test files untouched; checks_run covers library dor_tiers [unit,integration] + full-suite/rubocop certs. LIGHT review (Alex, docs seat) — ALL-CLEAR: atomic-capture-hook.md describes behavior not implementation, every claim still holds; wider doc grep clean; optional nice-to-have (non-blocking): one line naming bin/lib/agent_api.rb + test/lib/agent_api_test.rb as the shared auth layer. No conductor action needed.
Sealed-bid sizing
Edit →Alex (PM)
—
Avi (PO)
SMALL
Dev
SMALL
Actual
XL
We emailed a one-tap sign-in link to . It expires shortly and can only be used once.
No email? Check spam, or close this and try again.