feat(ops): remove Memory + Releases tabs (info still on Home)#231
Merged
Conversation
Per Patrick's call: trim attune ops nav to the tabs people actually use. The Memory and Releases tabs both have low daily utility, and Releases is strictly redundant with Home's "Family snapshot" panel. What's removed: - /memory route + memory.html template - /releases route + releases.html template - data.list_memory_topics() helper + MemoryEntry dataclass (both unused after the route removal) - Nav entries for Memory and Releases in server.py - "memory, releases" mention in home.html hero subtitle What's kept: - /api/info still surfaces version data via family_versions() - Home "Family snapshot" panel still lists installed family packages — that's where the Releases info lives - The Releases KPI tile on Home now anchors to the in-page #family-snapshot section instead of /releases - attune memory CLI commands are unaffected (this is just dashboard UI) Tests updated: - test_smoke.py parametrized page list trimmed to workflows/telemetry/health - New test_removed_pages_404 asserts /memory and /releases return 404 (regression catch if someone re-adds them carelessly) Pairs naturally with the (gated, approved) spec to add a Specs tab in #230 — net effect of both: 6 tabs → 5 tabs but all 5 are high-utility for the spec-driven workflow.
Codecov Report✅ All modified and coverable lines are covered by tests. 📢 Thoughts on this report? Let us know! |
4 tasks
silversurfer562
added a commit
that referenced
this pull request
May 12, 2026
Patches a DNS-rebinding vulnerability in the local ops dashboard that allowed any visited website to invoke ops endpoints (including workflow execution) on the local machine. Fix landed in #254. Also bundles UI/UX changes shipped between v6.7.0 and now: Tier 1 rich rendering (#247), full-page run view (#251), specs tab (#236/#239/#240), humanized 409s + tab cleanup (#228/#231), run-enabled-by-default ops mode (#227). Bumps version in pyproject.toml, plugin manifests, root marketplace.json, .claude/CLAUDE.md, API_REFERENCE.md, and uv.lock. CHANGELOG entry leads on the security fix.
silversurfer562
added a commit
that referenced
this pull request
May 12, 2026
* release: v6.7.1 — DNS-rebinding fix for ops dashboard Patches a DNS-rebinding vulnerability in the local ops dashboard that allowed any visited website to invoke ops endpoints (including workflow execution) on the local machine. Fix landed in #254. Also bundles UI/UX changes shipped between v6.7.0 and now: Tier 1 rich rendering (#247), full-page run view (#251), specs tab (#236/#239/#240), humanized 409s + tab cleanup (#228/#231), run-enabled-by-default ops mode (#227). Bumps version in pyproject.toml, plugin manifests, root marketplace.json, .claude/CLAUDE.md, API_REFERENCE.md, and uv.lock. CHANGELOG entry leads on the security fix. * chore(audit): CLAUDE.md — remove superseded and stale lessons Audit pass 1 (supersession) + pass 3 (stale references). Removed 4 lessons: - Session hooks may be vestigial — referenced session_end.py which no longer exists. - Read source before writing tests for tricky logic — used is_in_docstring_or_comment() as the concrete example, which has since been removed. - Skill frontmatter has a strict allowlist — contradicted by the March 2026 allowlist lesson; the original listed the wrong fields as valid. - Verify optional dep boundaries with a MetaPathFinder — recommended the deprecated find_module/load_module hooks that stopped firing in Python 3.12+. The replacement (sys.modules[name] = None sentinel) is the surviving lesson, which has been retitled to lead with the recommendation instead of opening on a now-deleted lesson. Also dropped the trailing "the old lesson about a strict 8-field allowlist was outdated" sentence from the March 2026 skill frontmatter lesson, since the old lesson no longer exists in the file. 267 -> 263 lessons. * chore(audit): CLAUDE.md — consolidate duplicate lessons Pass 2 of the audit. Merges 11 clusters of duplicate or near-duplicate lessons into single consolidated entries. Each merge preserves the substantive content of every original; only the duplication is collapsed. Mergers (each is N originals → 1 consolidated lesson): - GPG signing in non-interactive terminals (2 → 1) Combines pinentry-mac setup and "first match wins" gotcha. - Path.glob / PurePosixPath.match (2 → 1) Combines the dir-vs-file gotcha and the 3.10 single-segment gotcha. - Stop hook configuration (4 → 1) Combines stderr-not-stdout, ordering, sentinel-files, cd-prefix. - Path validation completeness (3 → 1) Combines reads-need-it-too, validate-before-import, copy-from-neighbor. - Dataclass field completeness (3 → 1) Combines parser updates, getattr-vs-.get, named-not-positional. - Version bump checklist (3 → 1) Combines 7+ files, dist rebuild, README rebuild. - Dead code detection (3 → 1) Combines silent-pass-blocks, embeddings-look-alive, hot_reload-look-alive. - GitHub branch protection (4 → 1) Combines exact-check-names, in-progress-checks, enforce_admins, auto-merge-vs-restore. - PyPI publishing (4 → 1) Combines trusted-publishing, env-approval-gate, twine-token-env, never-paste-tokens. - Pre-commit stash conflicts (5 → 1) Combines auto-fix-with-unstaged, black-restage-after-failure, any-unstaged-triggers, manual-preempt, stash-unrelated-files. - Patchable lazy imports (5 → 1) Combines availability-guard, module-scope-hoist, patch-source-module, patch.dict-sys.modules, ImportError simulation. 263 -> 236 lessons. Net file size down ~80 lines despite the consolidated entries being individually larger — each merge removed redundant prose more than it added new prose. No information lost: every distinct rule, mechanism, and example from the originals is preserved in the merged entry. * chore(audit): CLAUDE.md — tighten four overlong lessons Pass 4 of the audit. Trims four lessons that ran 27-50 lines apiece down to 17-24, removing redundant narrative and inline transcripts while preserving the rule, the mechanism, and the scope of applicability. - Two CodeQL setups can coexist and deadlock merges (50 -> 19 lines). Dropped the full SARIF error transcript and the duplicated "Resolution in attune-ai" paragraph; kept the diagnostic commands and the pick-ONE structural fix. - `import X` in try block + `except X.SomeError` (43 -> 24). Dropped the duplicated code block illustrating the bug; kept the failing example, the fix pattern, and the scope of where it applies. - Direct pushes to main blocked by required_pull_request_reviews presence, not count (27 -> 17). Dropped the API call transcripts; kept the surprising-derivation rule and the practical recommendation (always open a PR). - GitHub Copilot Autofix pushes commits to PR branches (30 -> 17). Dropped the specific commit SHA and PR number; kept the recognition signal, the recovery recipe, and the rebase-replay warning. Final state: 236 lessons / 2889 lines, from 267 / 3081 at the start of the audit. Net: -31 lessons, -192 lines, no information lost. * chore(audit): CLAUDE.md — tighten three more lessons Continuation of pass 4. Three lessons that ran 23-27 lines trimmed to 14-17 by dropping repeated narrative and specific artifact references (commit SHAs, file paths) while keeping the rule, the diagnostic signal, and the fix. - HAS_API_KEY-gated integration tests poison the matrix (27 -> 14 lines). Dropped the duplicated explanation of the failure mode and the specific PR number. - Research subagents can confabulate SDK signatures (26 -> 17). Dropped the full failed-claim example; kept the introspection pattern and rule. - Past-due deprecations are deletion targets (23 -> 16). Dropped the artifact-specific paragraph; kept the rule and the generalization. Final state: 236 lessons / 2863 lines, from 267 / 3081 at the start of the audit. Net: -31 lessons, -218 lines. Stopping tightening here. The remaining long entries (30 lines) are either intentional merge consolidations or RAG content with specific empirical numbers (P@1 percentages, faithfulness scores) where compression would risk losing precision.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Per Patrick's call: trim attune ops nav to the tabs people actually use. Memory and Releases both have low daily utility, and Releases is strictly redundant with Home's "Family snapshot" panel.
Before: Home, Workflows, Telemetry, Memory, Releases, Health (6 tabs)
After: Home, Workflows, Telemetry, Health (4 tabs)
What's removed
/memoryroute +memory.htmltemplate/releasesroute +releases.htmltemplatedata.list_memory_topics()helper +MemoryEntrydataclass (orphaned after route removal)server.pyhome.htmlhero subtitleWhat's kept
/api/infostill surfaces version data viafamily_versions()#family-snapshotsection instead of/releasesattune memoryCLI commands are unaffected — this is dashboard UI onlyTests
test_removed_pages_404regression catch — if someone re-adds the routes carelessly the test fails12/12 ops smoke tests pass locally.
Related
Pairs with #230 (Specs tab spec — gated, approved). Net effect of both: 6 tabs → 5 high-utility tabs.
🤖 Generated with Claude Code