release: prepare v1.7.0

[gaelic-ghost]

Release

• prepares v1.7.0 from branch protocol/fs-mutations-internal
• keeps protected main updates behind pull request review and CI
• release tag v1.7.0 was created locally before this PR so the reviewed release candidate is preserved exactly

Review Loop

Before merge, scripts/repo-maintenance/release.sh watches CI and stops on review comments unless the maintainer has already addressed or resolved them and reruns with --review-comments-addressed.

[coderabbitai]

Warning

Review limit reached

@gaelic-ghost, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 47 minutes and 37 seconds. Learn how PR review limits work.

Your organization has run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: e1c157a4-522a-489d-90e2-741e13b60b2c

📥 Commits

Reviewing files that changed from the base of the PR and between a34ea12 and 86fb772.

📒 Files selected for processing (1)

• Tests/SwiftASBTests/Public/CodexAppServerThreadManagementTests.swift

📝 Walkthrough

Walkthrough

SwiftASB v1.7.0 adds guardian denied-action approval requests with auto-review tracking, restructures public APIs to promote CodexExtensions and thread-scoped MCP, hardens JSON-RPC ID validation, and extends the protocol with internal filesystem operations. Version references updated from v1.6.0 throughout codebase and documentation.

Changes

SwiftASB v1.7.0 Release Checkpoint

Layer / File(s)	Summary
Version bump and roadmap updates README.md, ROADMAP.md, docs/maintainers/v1-public-api-audit.md	Documentation version references updated from v1.6.0 to v1.7.0; roadmap refreshed with current feature matrix, maintainer priorities, v1 readiness checklist, and post-v1 deferred items; security audit completion notes added.
Protocol types and methods for guardians and filesystem Sources/SwiftASB/Protocol/CodexAppServerProtocol+Types.swift, Sources/SwiftASB/Protocol/CodexAppServerProtocol.swift	New protocol event cases for guardian auto-approval review lifecycle (started/completed); new JSON-RPC methods thread/approveGuardianDeniedAction and internal filesystem operations (fsWriteFile, fsCreateDirectory, fsRemove, fsCopy); request encoding and response decoding helpers added; MCP server status notification method string updated to mcpServer/startupStatus/updated.
JSON-RPC numeric ID validation hardening Sources/SwiftASB/Protocol/CodexRPCEnvelope.swift, Tests/SwiftASBTests/Transport/CodexRPCEnvelopeTests.swift	Numeric JSON-RPC request ID parsing replaced with strict Decimal-based whole-number verification and Swift Int range validation; throws invalidJSONRPCEnvelope with specific error reasons; tests added for boundary cases (Int.max) and out-of-range rejection.
Public guardian approval request/response models Sources/SwiftASB/Public/CodexInteractiveRequests.swift, Sources/SwiftASB/Public/CodexAppServer+ProtocolPayloads.swift	New interactive request kind guardianDeniedAction; CodexGuardianDeniedActionApprovalRequest with nested review/action/authorization payloads; CodexGuardianApprovalReview and CodexGuardianApprovalReviewAction types with nested enums; CodexNetworkPolicyAmendment.Action refactored to support unknown wire values via wireValue initializers and serialization.
Observable auto-review status and thread-scoped MCP Sources/SwiftASB/Public/CodexThread+Dashboard.swift, Sources/SwiftASB/Public/CodexThread.swift, Sources/SwiftASB/Public/CodexAppServer+WireMapping.swift	Dashboard.AutoReviewStatus enum (idle/inProgress/denied/approved/timedOut/aborted); observable activity state extended with activeAutoReviewIDs and autoReviewStatus fields; CodexThread.MCP wrapper added for thread-scoped status snapshots and resource reads; wire mapping initializer for auto-review status conversion.
CodexExtensions top-level promotion and MCP/Inventory surfaces Sources/SwiftASB/Public/CodexAppServer+CodexExtensions.swift, Sources/SwiftASB/Public/CodexAppServer+Inventory.swift, Sources/SwiftASB/Public/CodexMCP.swift	CodexExtensions moved from nested to top-level; MCP and Inventory surfaces reorganized under CodexExtensions; new unified install(_:) surface for extensions; all wire-mapping initializers and computed properties updated to use fully-qualified SwiftASB.CodexExtensions.* types; CodexMCP deprecated as typealias to CodexExtensions.MCP; compatibility shims added to CodexAppServer (deprecated Inventory typealias and makeInventory method delegate).
Guardian auto-review event handling and approval response logic Sources/SwiftASB/Public/CodexAppServer.swift	Event handler routes guardian auto-review started/completed notifications to dashboard state mutations; approval response logic branches on .guardianDeniedAction kind, sends thread/approveGuardianDeniedAction request with review/action payload, decodes and validates response, updates observable activity, and resolves interactive request; MCP status snapshot helpers (mcpServerStatusSnapshot, refreshMcpServerStatusSnapshot) added for thread-scoped lookups with cached fallback.
Protocol, RPC, and integration test updates Tests/SwiftASBTests/Protocol/CodexAppServerProtocolTests.swift, Tests/SwiftASBTests/Transport/CodexRPCEnvelopeTests.swift, Tests/SwiftASBTests/Public/*	New protocol tests for thread approval encoding, filesystem mutation operations, auto-review lifecycle event decoding, and network policy amendments; RPC boundary and rejection tests; companion surface tests for auto-review status transitions; inventory, approval probe, file system, and MCP tests updated to use extensions.<family>.list() and extensions.install() namespaces; thread management test expanded for cached/refreshed MCP status and resource reads.
User-facing documentation and example code migration Sources/SwiftASB/SwiftASB.docc/*, docs/*	Documentation updated to reflect CodexExtensions as primary entry point for inventory and MCP; example code migrated from appServer.makeInventory()/appServer.mcp to appServer.extensions.makeInventory()/appServer.extensions.mcp; guidance refined for unified install surface, thread-scoped MCP reads via CodexThread.mcp, and family-specific list/read methods; DoCC topics reorganized to list CodexExtensions/MCP and CodexExtensions/Inventory instead of CodexMCP and CodexAppServer variants; feature permission policy updated with correct operation path.

🎯 4 (Complex) | ⏱️ ~60 minutes

Possibly Related PRs

• gaelic-ghost/SwiftASB#77: The marketplace upgrade surface and request/result types updated in this PR's CodexExtensions refactor overlap with that PR's initial additions to the plugin upgrade workflow.

Suggested Labels

enhancement

Poem

🐰 A guardian's denial, now approved with care,
Extensions ascend to top-level, fair,
Auto-reviews tracked through each dashboard state,
Thread-scoped MCP reads at a swifter gate,
v1.7.0 strengthens the app's estate!

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 11.48% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title 'release: prepare v1.7.0' directly and clearly summarizes the main change: preparing the codebase for v1.7.0 release.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch protocol/fs-mutations-internal

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (2)

Sources/SwiftASB/Protocol/CodexAppServerProtocol.swift (1)

1405-1419: ⚡ Quick win

Verify that double-decoding is necessary.

The "item/autoApprovalReview/completed" handler decodes the payload twice—once as CodexWireJSONValue (line 1408-1412) and once as the typed notification (line 1413-1417). This creates a struct containing both the raw event and the typed notification. If the typed notification already contains all necessary data, the raw CodexWireJSONValue may be redundant.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@Sources/SwiftASB/Protocol/CodexAppServerProtocol.swift` around lines 1405 -
1419, The case handling "item/autoApprovalReview/completed" is decoding the
payload twice (once to CodexWireJSONValue and once to
CodexWireItemGuardianApprovalReviewCompletedNotification) when building the
.itemGuardianApprovalReviewCompleted value; if the typed notification already
contains the full event data remove the redundant raw decode and pass only the
typed notification into the initializer (i.e., stop calling decodeNotification
with CodexWireJSONValue), otherwise explicitly document why both are required or
rename the raw field to clarify its purpose; locate the switch case for
"item/autoApprovalReview/completed", the decodeNotification calls, the
CodexWireJSONValue and CodexWireItemGuardianApprovalReviewCompletedNotification
types, and the .itemGuardianApprovalReviewCompleted initializer to make the
change.

Tests/SwiftASBTests/Public/CodexMCPTests.swift (1)

45-49: 💤 Low value

Consider adding explicit error handling to the switch statement.

The switch only handles the .mcp case without a default or additional cases. If InstallResult has other variants, adding a default case with Issue.record() or fatalError() would document the expectation that .install(.mcp(...)) always returns a .mcp result and improve test clarity.

♻️ Optional: Add explicit default case

 let result: CodexExtensions.MCP.InstallResult
 switch installResult {
 case let .mcp(mcpResult):
     result = mcpResult
+default:
+    Issue.record("Expected .mcp result from MCP install")
+    throw CodexAppServerError.invalidState(reason: "Unexpected install result type")
 }

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@Tests/SwiftASBTests/Public/CodexMCPTests.swift` around lines 45 - 49, The
switch on installResult (type CodexExtensions.MCP.InstallResult) only handles
the .mcp case; add an explicit default (or additional enum cases if known) to
handle unexpected variants and document the invariant — e.g., in the switch on
installResult add a default branch that calls Issue.record(...) or
fatalError("Unexpected InstallResult: \(installResult)") so tests fail fast and
the intent that .install(.mcp(...)) yields .mcp is clear.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@Tests/SwiftASBTests/Public/CodexAppServerThreadManagementTests.swift`:
- Around line 37-50: The test currently only inspects the last
mcpServerStatus/list payload but doesn't ensure refreshStatusSnapshot() actually
triggered a new transport request; before calling try await
thread.mcp.refreshStatusSnapshot() capture the current count of
transport.requestPayloads(for: "mcpServerStatus/list"), then call try await
thread.mcp.refreshStatusSnapshot(), then assert the new count is greater than
the previous count (and continue to validate the last payload as before).
Reference the methods refreshStatusSnapshot(), transport.requestPayloads(for:),
and the mcpServerStatus/list payload check to locate where to add the pre-call
count capture and the post-call count assertion.

---

Nitpick comments:
In `@Sources/SwiftASB/Protocol/CodexAppServerProtocol.swift`:
- Around line 1405-1419: The case handling "item/autoApprovalReview/completed"
is decoding the payload twice (once to CodexWireJSONValue and once to
CodexWireItemGuardianApprovalReviewCompletedNotification) when building the
.itemGuardianApprovalReviewCompleted value; if the typed notification already
contains the full event data remove the redundant raw decode and pass only the
typed notification into the initializer (i.e., stop calling decodeNotification
with CodexWireJSONValue), otherwise explicitly document why both are required or
rename the raw field to clarify its purpose; locate the switch case for
"item/autoApprovalReview/completed", the decodeNotification calls, the
CodexWireJSONValue and CodexWireItemGuardianApprovalReviewCompletedNotification
types, and the .itemGuardianApprovalReviewCompleted initializer to make the
change.

In `@Tests/SwiftASBTests/Public/CodexMCPTests.swift`:
- Around line 45-49: The switch on installResult (type
CodexExtensions.MCP.InstallResult) only handles the .mcp case; add an explicit
default (or additional enum cases if known) to handle unexpected variants and
document the invariant — e.g., in the switch on installResult add a default
branch that calls Issue.record(...) or fatalError("Unexpected InstallResult:
\(installResult)") so tests fail fast and the intent that .install(.mcp(...))
yields .mcp is clear.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: 3f05b9e1-09ec-4d0d-a731-0aa1368ab527

📥 Commits

Reviewing files that changed from the base of the PR and between d003d1d and a34ea12.

📒 Files selected for processing (37)

• README.md
• ROADMAP.md
• Sources/SwiftASB/Protocol/CodexAppServerProtocol+Types.swift
• Sources/SwiftASB/Protocol/CodexAppServerProtocol.swift
• Sources/SwiftASB/Protocol/CodexRPCEnvelope.swift
• Sources/SwiftASB/Public/CodexAppServer+CodexExtensions.swift
• Sources/SwiftASB/Public/CodexAppServer+Inventory.swift
• Sources/SwiftASB/Public/CodexAppServer+ProtocolPayloads.swift
• Sources/SwiftASB/Public/CodexAppServer+WireMapping.swift
• Sources/SwiftASB/Public/CodexAppServer.swift
• Sources/SwiftASB/Public/CodexInteractiveRequests.swift
• Sources/SwiftASB/Public/CodexMCP.swift
• Sources/SwiftASB/Public/CodexThread+Dashboard.swift
• Sources/SwiftASB/Public/CodexThread.swift
• Sources/SwiftASB/SwiftASB.docc/AppWideCapabilities.md
• Sources/SwiftASB/SwiftASB.docc/CodexAppServer.md
• Sources/SwiftASB/SwiftASB.docc/CodexExtensions.md
• Sources/SwiftASB/SwiftASB.docc/CodexInventory.md
• Sources/SwiftASB/SwiftASB.docc/CodexMCP.md
• Sources/SwiftASB/SwiftASB.docc/FeaturePermissionPolicy.md
• Sources/SwiftASB/SwiftASB.docc/GeneratedWireBoundary.md
• Sources/SwiftASB/SwiftASB.docc/HandlingTurnProgressAndApprovals.md
• Sources/SwiftASB/SwiftASB.docc/SwiftASB.md
• Sources/SwiftASB/SwiftASB.docc/SwiftUIObservableCompanions.md
• Sources/SwiftASB/SwiftASB.docc/ThreadHistoryAndObservables.md
• Tests/SwiftASBTests/Protocol/CodexAppServerProtocolTests.swift
• Tests/SwiftASBTests/Public/CodexAppServerCompanionSurfaceTests.swift
• Tests/SwiftASBTests/Public/CodexAppServerFileSystemTests.swift
• Tests/SwiftASBTests/Public/CodexAppServerInventoryTests.swift
• Tests/SwiftASBTests/Public/CodexAppServerLiveApprovalProbeTests.swift
• Tests/SwiftASBTests/Public/CodexAppServerLiveIntegrationTestSupport.swift
• Tests/SwiftASBTests/Public/CodexAppServerTestSupport.swift
• Tests/SwiftASBTests/Public/CodexAppServerThreadManagementTests.swift
• Tests/SwiftASBTests/Public/CodexAppServerTurnInteractionTests.swift
• Tests/SwiftASBTests/Public/CodexMCPTests.swift
• Tests/SwiftASBTests/Transport/CodexRPCEnvelopeTests.swift
• docs/maintainers/v1-public-api-audit.md